diff options
Diffstat (limited to 'docs/htmldocs')
-rw-r--r-- | docs/htmldocs/ads.html | 411 | ||||
-rw-r--r-- | docs/htmldocs/appendixes.html | 390 | ||||
-rw-r--r-- | docs/htmldocs/browsing-quick.html | 439 | ||||
-rw-r--r-- | docs/htmldocs/cvs-access.html | 298 | ||||
-rw-r--r-- | docs/htmldocs/domain-security.html | 482 | ||||
-rw-r--r-- | docs/htmldocs/improved-browsing.html | 830 | ||||
-rw-r--r-- | docs/htmldocs/oplocks.html | 208 | ||||
-rw-r--r-- | docs/htmldocs/other-clients.html | 566 | ||||
-rw-r--r-- | docs/htmldocs/p1346.html | 917 | ||||
-rw-r--r-- | docs/htmldocs/p18.html | 438 | ||||
-rw-r--r-- | docs/htmldocs/p3106.html | 391 | ||||
-rw-r--r-- | docs/htmldocs/p544.html | 388 | ||||
-rw-r--r-- | docs/htmldocs/pdb-mysql.html | 288 | ||||
-rw-r--r-- | docs/htmldocs/pdb-xml.html | 184 | ||||
-rw-r--r-- | docs/htmldocs/portability.html | 316 | ||||
-rw-r--r-- | docs/htmldocs/pwencrypt.html | 434 | ||||
-rw-r--r-- | docs/htmldocs/samba-howto-collection.html | 1076 | ||||
-rw-r--r-- | docs/htmldocs/samba-ldap-howto.html | 986 | ||||
-rw-r--r-- | docs/htmldocs/securitylevels.html | 234 | ||||
-rw-r--r-- | docs/htmldocs/unix-permissions.html | 907 | ||||
-rw-r--r-- | docs/htmldocs/vfs.html | 389 |
21 files changed, 0 insertions, 10572 deletions
diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html deleted file mode 100644 index 26ec1d04a79..00000000000 --- a/docs/htmldocs/ads.html +++ /dev/null @@ -1,411 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Samba as a ADS domain member</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Type of installation" -HREF="type.html"><LINK -REL="PREVIOUS" -TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain" -HREF="samba-bdc.html"><LINK -REL="NEXT" -TITLE="Samba as a NT4 domain member" -HREF="domain-security.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="samba-bdc.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="domain-security.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="ADS">Chapter 8. Samba as a ADS domain member</H1 -><P ->This is a rough guide to setting up Samba 3.0 with kerberos authentication against a -Windows2000 KDC. </P -><P ->Pieces you need before you begin: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->a Windows 2000 server.</TD -></TR -><TR -><TD ->samba 3.0 or higher.</TD -></TR -><TR -><TD ->the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</TD -></TR -><TR -><TD ->the OpenLDAP development libraries.</TD -></TR -></TBODY -></TABLE -><P -></P -></P -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1187">8.1. Installing the required packages for Debian</H1 -><P ->On Debian you need to install the following packages: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->libkrb5-dev</TD -></TR -><TR -><TD ->krb5-user</TD -></TR -></TBODY -></TABLE -><P -></P -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1193">8.2. Installing the required packages for RedHat</H1 -><P ->On RedHat this means you should have at least: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->krb5-workstation (for kinit)</TD -></TR -><TR -><TD ->krb5-libs (for linking with)</TD -></TR -><TR -><TD ->krb5-devel (because you are compiling from source)</TD -></TR -></TBODY -></TABLE -><P -></P -></P -><P ->in addition to the standard development environment.</P -><P ->Note that these are not standard on a RedHat install, and you may need -to get them off CD2.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1202">8.3. Compile Samba</H1 -><P ->If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR.</P -><P ->After you run configure make sure that include/config.h contains - lines like this:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->#define HAVE_KRB5 1 -#define HAVE_LDAP 1</PRE -></P -><P ->If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it.</P -><P ->Then compile and install Samba as usual. You must use at least the - following 3 options in smb.conf:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> realm = YOUR.KERBEROS.REALM - security = ADS - encrypt passwords = yes</PRE -></P -><P ->In case samba can't figure out your ads server using your realm name, use the -<B -CLASS="COMMAND" ->ads server</B -> option in <TT -CLASS="FILENAME" ->smb.conf</TT ->: -<PRE -CLASS="PROGRAMLISTING" -> ads server = your.kerberos.server</PRE -></P -><P ->You do *not* need a smbpasswd file, although it won't do any harm - and if you have one then Samba will be able to fall back to normal - password security for older clients. I expect that the above - required options will change soon when we get better active - directory integration.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1217">8.4. Setup your /etc/krb5.conf</H1 -><P ->The minimal configuration for krb5.conf is:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> [realms] - YOUR.KERBEROS.REALM = { - kdc = your.kerberos.server - }</PRE -></P -><P ->Test your config by doing a "kinit USERNAME@REALM" and making sure that - your password is accepted by the Win2000 KDC. </P -><P ->NOTE: The realm must be uppercase. </P -><P ->You also must ensure that you can do a reverse DNS lookup on the IP -address of your KDC. Also, the name that this reverse lookup maps to -must either be the netbios name of the KDC (ie. the hostname with no -domain attached) or it can alternatively be the netbios name -followed by the realm. </P -><P ->The easiest way to ensure you get this right is to add a /etc/hosts -entry mapping the IP address of your KDC to its netbios name. If you -don't get this right then you will get a "local error" when you try -to join the realm.</P -><P ->If all you want is kerberos support in smbclient then you can skip -straight to step 5 now. Step 3 is only needed if you want kerberos -support in smbd.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1227">8.5. Create the computer account</H1 -><P ->Do a "kinit" as a user that has authority to change arbitrary -passwords on the KDC ("Administrator" is a good choice). Then as a -user that has write permission on the Samba private directory -(usually root) run: -<B -CLASS="COMMAND" ->net ads join</B -></P -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN1231">8.5.1. Possible errors</H2 -><P -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->"bash: kinit: command not found"</DT -><DD -><P ->kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</P -></DD -><DT ->"ADS support not compiled in"</DT -><DD -><P ->Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.</P -></DD -></DL -></DIV -></P -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1243">8.6. Test your server setup</H1 -><P ->On a Windows 2000 client try <B -CLASS="COMMAND" ->net use * \\server\share</B ->. You should -be logged in with kerberos without needing to know a password. If -this fails then run <B -CLASS="COMMAND" ->klist tickets</B ->. Did you get a ticket for the -server? Does it have an encoding type of DES-CBC-MD5 ? </P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1248">8.7. Testing with smbclient</H1 -><P ->On your Samba server try to login to a Win2000 server or your Samba -server using smbclient and kerberos. Use smbclient as usual, but -specify the -k option to choose kerberos authentication.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1251">8.8. Notes</H1 -><P ->You must change administrator password at least once after DC install, - to create the right encoding types</P -><P ->w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in - their defaults DNS setup. Maybe fixed in service packs?</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="samba-bdc.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="domain-security.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="type.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Samba as a NT4 domain member</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/appendixes.html b/docs/htmldocs/appendixes.html deleted file mode 100644 index e7eefcb441c..00000000000 --- a/docs/htmldocs/appendixes.html +++ /dev/null @@ -1,390 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Appendixes</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="PREVIOUS" -TITLE="Samba performance issues" -HREF="speed.html"><LINK -REL="NEXT" -TITLE="Portability" -HREF="portability.html"></HEAD -><BODY -CLASS="PART" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="speed.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="portability.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="PART" -><A -NAME="APPENDIXES"><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" ->IV. Appendixes</H1 -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->23. <A -HREF="portability.html" ->Portability</A -></DT -><DD -><DL -><DT ->23.1. <A -HREF="portability.html#AEN3139" ->HPUX</A -></DT -><DT ->23.2. <A -HREF="portability.html#AEN3145" ->SCO Unix</A -></DT -><DT ->23.3. <A -HREF="portability.html#AEN3149" ->DNIX</A -></DT -><DT ->23.4. <A -HREF="portability.html#AEN3178" ->RedHat Linux Rembrandt-II</A -></DT -></DL -></DD -><DT ->24. <A -HREF="other-clients.html" ->Samba and other CIFS clients</A -></DT -><DD -><DL -><DT ->24.1. <A -HREF="other-clients.html#AEN3199" ->Macintosh clients?</A -></DT -><DT ->24.2. <A -HREF="other-clients.html#AEN3208" ->OS2 Client</A -></DT -><DD -><DL -><DT ->24.2.1. <A -HREF="other-clients.html#AEN3210" ->How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba?</A -></DT -><DT ->24.2.2. <A -HREF="other-clients.html#AEN3225" ->How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba?</A -></DT -><DT ->24.2.3. <A -HREF="other-clients.html#AEN3234" ->Are there any other issues when OS/2 (any version) - is used as a client?</A -></DT -><DT ->24.2.4. <A -HREF="other-clients.html#AEN3238" ->How do I get printer driver download working - for OS/2 clients?</A -></DT -></DL -></DD -><DT ->24.3. <A -HREF="other-clients.html#AEN3248" ->Windows for Workgroups</A -></DT -><DD -><DL -><DT ->24.3.1. <A -HREF="other-clients.html#AEN3250" ->Use latest TCP/IP stack from Microsoft</A -></DT -><DT ->24.3.2. <A -HREF="other-clients.html#AEN3255" ->Delete .pwl files after password change</A -></DT -><DT ->24.3.3. <A -HREF="other-clients.html#AEN3260" ->Configure WfW password handling</A -></DT -><DT ->24.3.4. <A -HREF="other-clients.html#AEN3264" ->Case handling of passwords</A -></DT -></DL -></DD -><DT ->24.4. <A -HREF="other-clients.html#AEN3269" ->Windows '95/'98</A -></DT -><DT ->24.5. <A -HREF="other-clients.html#AEN3285" ->Windows 2000 Service Pack 2</A -></DT -></DL -></DD -><DT ->25. <A -HREF="bugreport.html" ->Reporting Bugs</A -></DT -><DD -><DL -><DT ->25.1. <A -HREF="bugreport.html#AEN3309" ->Introduction</A -></DT -><DT ->25.2. <A -HREF="bugreport.html#AEN3319" ->General info</A -></DT -><DT ->25.3. <A -HREF="bugreport.html#AEN3325" ->Debug levels</A -></DT -><DT ->25.4. <A -HREF="bugreport.html#AEN3342" ->Internal errors</A -></DT -><DT ->25.5. <A -HREF="bugreport.html#AEN3352" ->Attaching to a running process</A -></DT -><DT ->25.6. <A -HREF="bugreport.html#AEN3355" ->Patches</A -></DT -></DL -></DD -><DT ->26. <A -HREF="diagnosis.html" ->Diagnosing your samba server</A -></DT -><DD -><DL -><DT ->26.1. <A -HREF="diagnosis.html#AEN3378" ->Introduction</A -></DT -><DT ->26.2. <A -HREF="diagnosis.html#AEN3383" ->Assumptions</A -></DT -><DT ->26.3. <A -HREF="diagnosis.html#AEN3393" ->Tests</A -></DT -><DD -><DL -><DT ->26.3.1. <A -HREF="diagnosis.html#AEN3395" ->Test 1</A -></DT -><DT ->26.3.2. <A -HREF="diagnosis.html#AEN3401" ->Test 2</A -></DT -><DT ->26.3.3. <A -HREF="diagnosis.html#AEN3407" ->Test 3</A -></DT -><DT ->26.3.4. <A -HREF="diagnosis.html#AEN3422" ->Test 4</A -></DT -><DT ->26.3.5. <A -HREF="diagnosis.html#AEN3427" ->Test 5</A -></DT -><DT ->26.3.6. <A -HREF="diagnosis.html#AEN3433" ->Test 6</A -></DT -><DT ->26.3.7. <A -HREF="diagnosis.html#AEN3441" ->Test 7</A -></DT -><DT ->26.3.8. <A -HREF="diagnosis.html#AEN3467" ->Test 8</A -></DT -><DT ->26.3.9. <A -HREF="diagnosis.html#AEN3484" ->Test 9</A -></DT -><DT ->26.3.10. <A -HREF="diagnosis.html#AEN3492" ->Test 10</A -></DT -><DT ->26.3.11. <A -HREF="diagnosis.html#AEN3498" ->Test 11</A -></DT -></DL -></DD -><DT ->26.4. <A -HREF="diagnosis.html#AEN3503" ->Still having troubles?</A -></DT -></DL -></DD -></DL -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="speed.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="portability.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Samba performance issues</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Portability</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/browsing-quick.html b/docs/htmldocs/browsing-quick.html deleted file mode 100644 index 8c597e001ff..00000000000 --- a/docs/htmldocs/browsing-quick.html +++ /dev/null @@ -1,439 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="General installation" -HREF="introduction.html"><LINK -REL="PREVIOUS" -TITLE="Improved browsing in samba" -HREF="improved-browsing.html"><LINK -REL="NEXT" -TITLE="LanMan and NT Password Encryption in Samba" -HREF="pwencrypt.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="improved-browsing.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="pwencrypt.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="BROWSING-QUICK">Chapter 3. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</H1 -><P ->This document should be read in conjunction with Browsing and may -be taken as the fast track guide to implementing browsing across subnets -and / or across workgroups (or domains). WINS is the best tool for resolution -of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling -except by way of name to address mapping.</P -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN377">3.1. Discussion</H1 -><P ->Firstly, all MS Windows networking is based on SMB (Server Message -Block) based messaging. SMB messaging is implemented using NetBIOS. Samba -implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can -do likewise. NetBIOS based networking uses broadcast messaging to affect -browse list management. When running NetBIOS over TCP/IP this uses UDP -based messaging. UDP messages can be broadcast or unicast.</P -><P ->Normally, only unicast UDP messaging can be forwarded by routers. The -"remote announce" parameter to smb.conf helps to project browse announcements -to remote network segments via unicast UDP. Similarly, the "remote browse sync" -parameter of smb.conf implements browse list collation using unicast UDP.</P -><P ->Secondly, in those networks where Samba is the only SMB server technology -wherever possible nmbd should be configured on one (1) machine as the WINS -server. This makes it easy to manage the browsing environment. If each network -segment is configured with it's own Samba WINS server, then the only way to -get cross segment browsing to work is by using the "remote announce" and -the "remote browse sync" parameters to your smb.conf file.</P -><P ->If only one WINS server is used then the use of the "remote announce" and the -"remote browse sync" parameters should NOT be necessary.</P -><P ->Samba WINS does not support MS-WINS replication. This means that when setting up -Samba as a WINS server there must only be one nmbd configured as a WINS server -on the network. Some sites have used multiple Samba WINS servers for redundancy -(one server per subnet) and then used "remote browse sync" and "remote announce" -to affect browse list collation across all segments. Note that this means -clients will only resolve local names, and must be configured to use DNS to -resolve names on other subnets in order to resolve the IP addresses of the -servers they can see on other subnets. This setup is not recommended, but is -mentioned as a practical consideration (ie: an 'if all else fails' scenario).</P -><P ->Lastly, take note that browse lists are a collection of unreliable broadcast -messages that are repeated at intervals of not more than 15 minutes. This means -that it will take time to establish a browse list and it can take up to 45 -minutes to stabilise, particularly across network segments.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN385">3.2. Use of the "Remote Announce" parameter</H1 -><P ->The "remote announce" parameter of smb.conf can be used to forcibly ensure -that all the NetBIOS names on a network get announced to a remote network. -The syntax of the "remote announce" parameter is: -<PRE -CLASS="PROGRAMLISTING" -> remote announce = a.b.c.d [e.f.g.h] ...</PRE -> -_or_ -<PRE -CLASS="PROGRAMLISTING" -> remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...</PRE -> - -where: -<P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->a.b.c.d and e.f.g.h</DT -><DD -><P ->is either the LMB (Local Master Browser) IP address -or the broadcst address of the remote network. -ie: the LMB is at 192.168.1.10, or the address -could be given as 192.168.1.255 where the netmask -is assumed to be 24 bits (255.255.255.0). -When the remote announcement is made to the broadcast -address of the remote network every host will receive -our announcements. This is noisy and therefore -undesirable but may be necessary if we do NOT know -the IP address of the remote LMB.</P -></DD -><DT ->WORKGROUP</DT -><DD -><P ->is optional and can be either our own workgroup -or that of the remote network. If you use the -workgroup name of the remote network then our -NetBIOS machine names will end up looking like -they belong to that workgroup, this may cause -name resolution problems and should be avoided.</P -></DD -></DL -></DIV -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN399">3.3. Use of the "Remote Browse Sync" parameter</H1 -><P ->The "remote browse sync" parameter of smb.conf is used to announce to -another LMB that it must synchronise it's NetBIOS name list with our -Samba LMB. It works ONLY if the Samba server that has this option is -simultaneously the LMB on it's network segment.</P -><P ->The syntax of the "remote browse sync" parameter is: -<PRE -CLASS="PROGRAMLISTING" -> remote browse sync = a.b.c.d</PRE -> - -where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN404">3.4. Use of WINS</H1 -><P ->Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly -recommended. Every NetBIOS machine registers it's name together with a -name_type value for each of of several types of service it has available. -eg: It registers it's name directly as a unique (the type 0x03) name. -It also registers it's name if it is running the lanmanager compatible -server service (used to make shares and printers available to other users) -by registering the server (the type 0x20) name.</P -><P ->All NetBIOS names are up to 15 characters in length. The name_type variable -is added to the end of the name - thus creating a 16 character name. Any -name that is shorter than 15 characters is padded with spaces to the 15th -character. ie: All NetBIOS names are 16 characters long (including the -name_type information).</P -><P ->WINS can store these 16 character names as they get registered. A client -that wants to log onto the network can ask the WINS server for a list -of all names that have registered the NetLogon service name_type. This saves -broadcast traffic and greatly expedites logon processing. Since broadcast -name resolution can not be used across network segments this type of -information can only be provided via WINS _or_ via statically configured -"lmhosts" files that must reside on all clients in the absence of WINS.</P -><P ->WINS also serves the purpose of forcing browse list synchronisation by all -LMB's. LMB's must synchronise their browse list with the DMB (domain master -browser) and WINS helps the LMB to identify it's DMB. By definition this -will work only within a single workgroup. Note that the domain master browser -has NOTHING to do with what is referred to as an MS Windows NT Domain. The -later is a reference to a security environment while the DMB refers to the -master controller for browse list information only.</P -><P ->Use of WINS will work correctly only if EVERY client TCP/IP protocol stack -has been configured to use the WINS server/s. Any client that has not been -configured to use the WINS server will continue to use only broadcast based -name registration so that WINS may NEVER get to know about it. In any case, -machines that have not registered with a WINS server will fail name to address -lookup attempts by other clients and will therefore cause workstation access -errors.</P -><P ->To configure Samba as a WINS server just add "wins support = yes" to the -smb.conf file [globals] section.</P -><P ->To configure Samba to register with a WINS server just add -"wins server = a.b.c.d" to your smb.conf file [globals] section.</P -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->DO NOT EVER</I -></SPAN -> use both "wins support = yes" together with "wins server = a.b.c.d" -particularly not using it's own IP address.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN415">3.5. Do NOT use more than one (1) protocol on MS Windows machines</H1 -><P ->A very common cause of browsing problems results from installing more than -one protocol on an MS Windows machine.</P -><P ->Every NetBIOS machine take part in a process of electing the LMB (and DMB) -every 15 minutes. A set of election criteria is used to determine the order -of precidence for winning this election process. A machine running Samba or -Windows NT will be biased so that the most suitable machine will predictably -win and thus retain it's role.</P -><P ->The election process is "fought out" so to speak over every NetBIOS network -interface. In the case of a Windows 9x machine that has both TCP/IP and IPX -installed and has NetBIOS enabled over both protocols the election will be -decided over both protocols. As often happens, if the Windows 9x machine is -the only one with both protocols then the LMB may be won on the NetBIOS -interface over the IPX protocol. Samba will then lose the LMB role as Windows -9x will insist it knows who the LMB is. Samba will then cease to function -as an LMB and thus browse list operation on all TCP/IP only machines will -fail.</P -><P ->The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN421">3.6. Name Resolution Order</H1 -><P ->Resolution of NetBIOS names to IP addresses can take place using a number -of methods. The only ones that can provide NetBIOS name_type information -are: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->WINS: the best tool!</TD -></TR -><TR -><TD ->LMHOSTS: is static and hard to maintain.</TD -></TR -><TR -><TD ->Broadcast: uses UDP and can not resolve names across remote segments.</TD -></TR -></TBODY -></TABLE -><P -></P -></P -><P ->Alternative means of name resolution includes: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->/etc/hosts: is static, hard to maintain, and lacks name_type info</TD -></TR -><TR -><TD ->DNS: is a good choice but lacks essential name_type info.</TD -></TR -></TBODY -></TABLE -><P -></P -></P -><P ->Many sites want to restrict DNS lookups and want to avoid broadcast name -resolution traffic. The "name resolve order" parameter is of great help here. -The syntax of the "name resolve order" parameter is: -<PRE -CLASS="PROGRAMLISTING" -> name resolve order = wins lmhosts bcast host</PRE -> -_or_ -<PRE -CLASS="PROGRAMLISTING" -> name resolve order = wins lmhosts (eliminates bcast and host)</PRE -> -The default is: -<PRE -CLASS="PROGRAMLISTING" -> name resolve order = host lmhost wins bcast</PRE ->. -where "host" refers the the native methods used by the Unix system -to implement the gethostbyname() function call. This is normally -controlled by <TT -CLASS="FILENAME" ->/etc/host.conf</TT ->, <TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -> and <TT -CLASS="FILENAME" ->/etc/resolv.conf</TT ->.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="improved-browsing.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="pwencrypt.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Improved browsing in samba</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="introduction.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->LanMan and NT Password Encryption in Samba</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/cvs-access.html b/docs/htmldocs/cvs-access.html deleted file mode 100644 index 73cd3338054..00000000000 --- a/docs/htmldocs/cvs-access.html +++ /dev/null @@ -1,298 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->HOWTO Access Samba source code via CVS</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Storing Samba's User/Machine Account information in an LDAP Directory" -HREF="samba-ldap-howto.html"><LINK -REL="NEXT" -TITLE="Group mapping HOWTO" -HREF="groupmapping.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="samba-ldap-howto.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="groupmapping.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="CVS-ACCESS">Chapter 20. HOWTO Access Samba source code via CVS</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2964">20.1. Introduction</H1 -><P ->Samba is developed in an open environment. Developers use CVS -(Concurrent Versioning System) to "checkin" (also known as -"commit") new source code. Samba's various CVS branches can -be accessed via anonymous CVS using the instructions -detailed in this chapter.</P -><P ->This document is a modified version of the instructions found at -<A -HREF="http://samba.org/samba/cvs.html" -TARGET="_top" ->http://samba.org/samba/cvs.html</A -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2969">20.2. CVS Access to samba.org</H1 -><P ->The machine samba.org runs a publicly accessible CVS -repository for access to the source code of several packages, -including samba, rsync and jitterbug. There are two main ways of -accessing the CVS server on this host.</P -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2972">20.2.1. Access via CVSweb</H2 -><P ->You can access the source code via your -favourite WWW browser. This allows you to access the contents of -individual files in the repository and also to look at the revision -history and commit logs of individual files. You can also ask for a diff -listing between any two versions on the repository.</P -><P ->Use the URL : <A -HREF="http://samba.org/cgi-bin/cvsweb" -TARGET="_top" ->http://samba.org/cgi-bin/cvsweb</A -></P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2977">20.2.2. Access via cvs</H2 -><P ->You can also access the source code via a -normal cvs client. This gives you much more control over you can -do with the repository and allows you to checkout whole source trees -and keep them up to date via normal cvs commands. This is the -preferred method of access if you are a developer and not -just a casual browser.</P -><P ->To download the latest cvs source code, point your -browser at the URL : <A -HREF="http://www.cyclic.com/" -TARGET="_top" ->http://www.cyclic.com/</A ->. -and click on the 'How to get cvs' link. CVS is free software under -the GNU GPL (as is Samba). Note that there are several graphical CVS clients -which provide a graphical interface to the sometimes mundane CVS commands. -Links to theses clients are also available from http://www.cyclic.com.</P -><P ->To gain access via anonymous cvs use the following steps. -For this example it is assumed that you want a copy of the -samba source code. For the other source code repositories -on this system just substitute the correct package name</P -><P -></P -><OL -TYPE="1" -><LI -><P -> Install a recent copy of cvs. All you really need is a - copy of the cvs client binary. - </P -></LI -><LI -><P -> Run the command - </P -><P -> <B -CLASS="COMMAND" ->cvs -d :pserver:cvs@samba.org:/cvsroot login</B -> - </P -><P -> When it asks you for a password type <TT -CLASS="USERINPUT" -><B ->cvs</B -></TT ->. - </P -></LI -><LI -><P -> Run the command - </P -><P -> <B -CLASS="COMMAND" ->cvs -d :pserver:cvs@samba.org:/cvsroot co samba</B -> - </P -><P -> This will create a directory called samba containing the - latest samba source code (i.e. the HEAD tagged cvs branch). This - currently corresponds to the 3.0 development tree. - </P -><P -> CVS branches other HEAD can be obtained by using the <TT -CLASS="PARAMETER" -><I ->-r</I -></TT -> - and defining a tag name. A list of branch tag names can be found on the - "Development" page of the samba web site. A common request is to obtain the - latest 2.2 release code. This could be done by using the following command. - </P -><P -> <B -CLASS="COMMAND" ->cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</B -> - </P -></LI -><LI -><P -> Whenever you want to merge in the latest code changes use - the following command from within the samba directory: - </P -><P -> <B -CLASS="COMMAND" ->cvs update -d -P</B -> - </P -></LI -></OL -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="samba-ldap-howto.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="groupmapping.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Storing Samba's User/Machine Account information in an LDAP Directory</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Group mapping HOWTO</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/domain-security.html b/docs/htmldocs/domain-security.html deleted file mode 100644 index 670d96ba5f5..00000000000 --- a/docs/htmldocs/domain-security.html +++ /dev/null @@ -1,482 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Samba as a NT4 domain member</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Type of installation" -HREF="type.html"><LINK -REL="PREVIOUS" -TITLE="Samba as a ADS domain member" -HREF="ads.html"><LINK -REL="NEXT" -TITLE="Optional configuration" -HREF="optional.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="ads.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="optional.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="DOMAIN-SECURITY">Chapter 9. Samba as a NT4 domain member</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1273">9.1. Joining an NT Domain with Samba 2.2</H1 -><P ->Assume you have a Samba 2.x server with a NetBIOS name of - <TT -CLASS="CONSTANT" ->SERV1</TT -> and are joining an NT domain called - <TT -CLASS="CONSTANT" ->DOM</TT ->, which has a PDC with a NetBIOS name - of <TT -CLASS="CONSTANT" ->DOMPDC</TT -> and two backup domain controllers - with NetBIOS names <TT -CLASS="CONSTANT" ->DOMBDC1</TT -> and <TT -CLASS="CONSTANT" ->DOMBDC2 - </TT ->.</P -><P ->In order to join the domain, first stop all Samba daemons - and run the command:</P -><P -><TT -CLASS="PROMPT" ->root# </TT -><TT -CLASS="USERINPUT" -><B ->smbpasswd -j DOM -r DOMPDC - -U<TT -CLASS="REPLACEABLE" -><I ->Administrator%password</I -></TT -></B -></TT -></P -><P ->as we are joining the domain DOM and the PDC for that domain - (the only machine that has write access to the domain SAM database) - is DOMPDC. The <TT -CLASS="REPLACEABLE" -><I ->Administrator%password</I -></TT -> is - the login name and password for an account which has the necessary - privilege to add machines to the domain. If this is successful - you will see the message:</P -><P -><TT -CLASS="COMPUTEROUTPUT" ->smbpasswd: Joined domain DOM.</TT -> - </P -><P ->in your terminal window. See the <A -HREF="smbpasswd.8.html" -TARGET="_top" -> smbpasswd(8)</A -> man page for more details.</P -><P ->There is existing development code to join a domain - without having to create the machine trust account on the PDC - beforehand. This code will hopefully be available soon - in release branches as well.</P -><P ->This command goes through the machine account password - change protocol, then writes the new (random) machine account - password for this Samba server into a file in the same directory - in which an smbpasswd file would be stored - normally :</P -><P -><TT -CLASS="FILENAME" ->/usr/local/samba/private</TT -></P -><P ->In Samba 2.0.x, the filename looks like this:</P -><P -><TT -CLASS="FILENAME" -><TT -CLASS="REPLACEABLE" -><I -><NT DOMAIN NAME></I -></TT ->.<TT -CLASS="REPLACEABLE" -><I -><Samba - Server Name></I -></TT ->.mac</TT -></P -><P ->The <TT -CLASS="FILENAME" ->.mac</TT -> suffix stands for machine account - password file. So in our example above, the file would be called:</P -><P -><TT -CLASS="FILENAME" ->DOM.SERV1.mac</TT -></P -><P ->In Samba 2.2, this file has been replaced with a TDB - (Trivial Database) file named <TT -CLASS="FILENAME" ->secrets.tdb</TT ->. - </P -><P ->This file is created and owned by root and is not - readable by any other user. It is the key to the domain-level - security for your system, and should be treated as carefully - as a shadow password file.</P -><P ->Now, before restarting the Samba daemons you must - edit your <A -HREF="smb.conf.5.html" -TARGET="_top" -><TT -CLASS="FILENAME" ->smb.conf(5)</TT -> - </A -> file to tell Samba it should now use domain security.</P -><P ->Change (or add) your <A -HREF="smb.conf.5.html#SECURITY" -TARGET="_top" -> <TT -CLASS="PARAMETER" -><I ->security =</I -></TT -></A -> line in the [global] section - of your smb.conf to read:</P -><P -><B -CLASS="COMMAND" ->security = domain</B -></P -><P ->Next change the <A -HREF="smb.conf.5.html#WORKGROUP" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I -> workgroup =</I -></TT -></A -> line in the [global] section to read: </P -><P -><B -CLASS="COMMAND" ->workgroup = DOM</B -></P -><P ->as this is the name of the domain we are joining. </P -><P ->You must also have the parameter <A -HREF="smb.conf.5.html#ENCRYPTPASSWORDS" -TARGET="_top" -> <TT -CLASS="PARAMETER" -><I ->encrypt passwords</I -></TT -></A -> set to <TT -CLASS="CONSTANT" ->yes - </TT -> in order for your users to authenticate to the NT PDC.</P -><P ->Finally, add (or modify) a <A -HREF="smb.conf.5.html#PASSWORDSERVER" -TARGET="_top" -> <TT -CLASS="PARAMETER" -><I ->password server =</I -></TT -></A -> line in the [global] - section to read: </P -><P -><B -CLASS="COMMAND" ->password server = DOMPDC DOMBDC1 DOMBDC2</B -></P -><P ->These are the primary and backup domain controllers Samba - will attempt to contact in order to authenticate users. Samba will - try to contact each of these servers in order, so you may want to - rearrange this list in order to spread out the authentication load - among domain controllers.</P -><P ->Alternatively, if you want smbd to automatically determine - the list of Domain controllers to use for authentication, you may - set this line to be :</P -><P -><B -CLASS="COMMAND" ->password server = *</B -></P -><P ->This method, which was introduced in Samba 2.0.6, - allows Samba to use exactly the same mechanism that NT does. This - method either broadcasts or uses a WINS database in order to - find domain controllers to authenticate against.</P -><P ->Finally, restart your Samba daemons and get ready for - clients to begin using domain security!</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1337">9.2. Samba and Windows 2000 Domains</H1 -><P ->Many people have asked regarding the state of Samba's ability to participate in -a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode.</P -><P ->There is much confusion between the circumstances that require a "mixed" mode -Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode -Win2k domain controller is only needed if Windows NT BDCs must exist in the same -domain. By default, a Win2k DC in "native" mode will still support -NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and -NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.</P -><P ->The steps for adding a Samba 2.2 host to a Win2k domain are the same as those -for adding a Samba server to a Windows NT 4.0 domain. The only exception is that -the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and -Computers" MMC (Microsoft Management Console) plugin.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1342">9.3. Why is this better than security = server?</H1 -><P ->Currently, domain security in Samba doesn't free you from - having to create local Unix users to represent the users attaching - to your server. This means that if domain user <TT -CLASS="CONSTANT" ->DOM\fred - </TT -> attaches to your domain security Samba server, there needs - to be a local Unix user fred to represent that user in the Unix - filesystem. This is very similar to the older Samba security mode - <A -HREF="smb.conf.5.html#SECURITYEQUALSSERVER" -TARGET="_top" ->security = server</A ->, - where Samba would pass through the authentication request to a Windows - NT server in the same way as a Windows 95 or Windows 98 server would. - </P -><P ->Please refer to the <A -HREF="winbind.html" -TARGET="_top" ->Winbind - paper</A -> for information on a system to automatically - assign UNIX uids and gids to Windows NT Domain users and groups. - This code is available in development branches only at the moment, - but will be moved to release branches soon.</P -><P ->The advantage to domain-level security is that the - authentication in domain-level security is passed down the authenticated - RPC channel in exactly the same way that an NT server would do it. This - means Samba servers now participate in domain trust relationships in - exactly the same way NT servers do (i.e., you can add Samba servers into - a resource domain and have the authentication passed on from a resource - domain PDC to an account domain PDC.</P -><P ->In addition, with <B -CLASS="COMMAND" ->security = server</B -> every Samba - daemon on a server has to keep a connection open to the - authenticating server for as long as that daemon lasts. This can drain - the connection resources on a Microsoft NT server and cause it to run - out of available connections. With <B -CLASS="COMMAND" ->security = domain</B ->, - however, the Samba daemons connect to the PDC/BDC only for as long - as is necessary to authenticate the user, and then drop the connection, - thus conserving PDC connection resources.</P -><P ->And finally, acting in the same manner as an NT server - authenticating to a PDC means that as part of the authentication - reply, the Samba server gets the user identification information such - as the user SID, the list of NT groups the user belongs to, etc. All - this information will allow Samba to be extended in the future into - a mode the developers currently call appliance mode. In this mode, - no local Unix users will be necessary, and Samba will generate Unix - uids and gids from the information passed back from the PDC when a - user is authenticated, making a Samba server truly plug and play - in an NT domain environment. Watch for this code soon.</P -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->NOTE:</I -></SPAN -> Much of the text of this document - was first published in the Web magazine <A -HREF="http://www.linuxworld.com" -TARGET="_top" -> - LinuxWorld</A -> as the article <A -HREF="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html" -TARGET="_top" ->Doing - the NIS/NT Samba</A ->.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="ads.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Samba as a ADS domain member</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="type.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Optional configuration</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/improved-browsing.html b/docs/htmldocs/improved-browsing.html deleted file mode 100644 index 4e9d7f639ef..00000000000 --- a/docs/htmldocs/improved-browsing.html +++ /dev/null @@ -1,830 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Improved browsing in samba</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="General installation" -HREF="introduction.html"><LINK -REL="PREVIOUS" -TITLE="How to Install and Test SAMBA" -HREF="install.html"><LINK -REL="NEXT" -TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide" -HREF="browsing-quick.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="install.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="browsing-quick.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="IMPROVED-BROWSING">Chapter 2. Improved browsing in samba</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN229">2.1. Overview of browsing</H1 -><P ->SMB networking provides a mechanism by which clients can access a list -of machines in a network, a so-called "browse list". This list -contains machines that are ready to offer file and/or print services -to other machines within the network. Thus it does not include -machines which aren't currently able to do server tasks. The browse -list is heavily used by all SMB clients. Configuration of SMB -browsing has been problematic for some Samba users, hence this -document.</P -><P ->Browsing will NOT work if name resolution from NetBIOS names to IP -addresses does not function correctly. Use of a WINS server is highly -recommended to aid the resolution of NetBIOS (SMB) names to IP addresses. -WINS allows remote segment clients to obtain NetBIOS name_type information -that can NOT be provided by any other means of name resolution.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN233">2.2. Browsing support in samba</H1 -><P ->Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)).</P -><P ->Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. See -DOMAIN.txt for more information on domain logons.</P -><P ->Samba can also act as a domain master browser for a workgroup. This -means that it will collate lists from local browse masters into a -wide area network server list. In order for browse clients to -resolve the names they may find in this list, it is recommended that -both samba and your clients use a WINS server.</P -><P ->Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain: on each wide area -network, you must only ever have one domain master browser per workgroup, -regardless of whether it is NT, Samba or any other type of domain master -that is providing this service.</P -><P ->[Note that nmbd can be configured as a WINS server, but it is not -necessary to specifically use samba as your WINS server. NTAS can -be configured as your WINS server. In a mixed NT server and -samba environment on a Wide Area Network, it is recommended that -you use the NT server's WINS server capabilities. In a samba-only -environment, it is recommended that you use one and only one nmbd -as your WINS server].</P -><P ->To get browsing to work you need to run nmbd as usual, but will need -to use the "workgroup" option in smb.conf to control what workgroup -Samba becomes a part of.</P -><P ->Samba also has a useful option for a Samba server to offer itself for -browsing on another subnet. It is recommended that this option is only -used for 'unusual' purposes: announcements over the internet, for -example. See "remote announce" in the smb.conf man page. </P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN242">2.3. Problem resolution</H1 -><P ->If something doesn't work then hopefully the log.nmb file will help -you track down the problem. Try a debug level of 2 or 3 for finding -problems. Also note that the current browse list usually gets stored -in text form in a file called browse.dat.</P -><P ->Note that if it doesn't work for you, then you should still be able to -type the server name as \\SERVER in filemanager then hit enter and -filemanager should display the list of available shares.</P -><P ->Some people find browsing fails because they don't have the global -"guest account" set to a valid account. Remember that the IPC$ -connection that lists the shares is done as guest, and thus you must -have a valid guest account.</P -><P ->Also, a lot of people are getting bitten by the problem of too many -parameters on the command line of nmbd in inetd.conf. This trick is to -not use spaces between the option and the parameter (eg: -d2 instead -of -d 2), and to not use the -B and -N options. New versions of nmbd -are now far more likely to correctly find your broadcast and network -address, so in most cases these aren't needed.</P -><P ->The other big problem people have is that their broadcast address, -netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf)</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN249">2.4. Browsing across subnets</H1 -><P ->With the release of Samba 1.9.17(alpha1 and above) Samba has been -updated to enable it to support the replication of browse lists -across subnet boundaries. New code and options have been added to -achieve this. This section describes how to set this feature up -in different settings.</P -><P ->To see browse lists that span TCP/IP subnets (ie. networks separated -by routers that don't pass broadcast traffic) you must set up at least -one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing -NetBIOS name to IP address translation to be done by doing a direct -query of the WINS server. This is done via a directed UDP packet on -port 137 to the WINS server machine. The reason for a WINS server is -that by default, all NetBIOS name to IP address translation is done -by broadcasts from the querying machine. This means that machines -on one subnet will not be able to resolve the names of machines on -another subnet without using a WINS server.</P -><P ->Remember, for browsing across subnets to work correctly, all machines, -be they Windows 95, Windows NT, or Samba servers must have the IP address -of a WINS server given to them by a DHCP server, or by manual configuration -(for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file.</P -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN254">2.4.1. How does cross subnet browsing work ?</H2 -><P ->Cross subnet browsing is a complicated dance, containing multiple -moving parts. It has taken Microsoft several years to get the code -that achieves this correct, and Samba lags behind in some areas. -However, with the 1.9.17 release, Samba is capable of cross subnet -browsing when configured correctly.</P -><P ->Consider a network set up as follows :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> (DMB) - N1_A N1_B N1_C N1_D N1_E - | | | | | - ------------------------------------------------------- - | subnet 1 | - +---+ +---+ - |R1 | Router 1 Router 2 |R2 | - +---+ +---+ - | | - | subnet 2 subnet 3 | - -------------------------- ------------------------------------ - | | | | | | | | - N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D - (WINS)</PRE -></P -><P ->Consisting of 3 subnets (1, 2, 3) connected by two routers -(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines -on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume -for the moment that all these machines are configured to be in the -same workgroup (for simplicities sake). Machine N1_C on subnet 1 -is configured as Domain Master Browser (ie. it will collate the -browse lists for the workgroup). Machine N2_D is configured as -WINS server and all the other machines are configured to register -their NetBIOS names with it.</P -><P ->As all these machines are booted up, elections for master browsers -will take place on each of the three subnets. Assume that machine -N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on -subnet 3 - these machines are known as local master browsers for -their particular subnet. N1_C has an advantage in winning as the -local master browser on subnet 1 as it is set up as Domain Master -Browser.</P -><P ->On each of the three networks, machines that are configured to -offer sharing services will broadcast that they are offering -these services. The local master browser on each subnet will -receive these broadcasts and keep a record of the fact that -the machine is offering a service. This list of records is -the basis of the browse list. For this case, assume that -all the machines are configured to offer services so all machines -will be on the browse list.</P -><P ->For each network, the local master browser on that network is -considered 'authoritative' for all the names it receives via -local broadcast. This is because a machine seen by the local -master browser via a local broadcast must be on the same -network as the local master browser and thus is a 'trusted' -and 'verifiable' resource. Machines on other networks that -the local master browsers learn about when collating their -browse lists have not been directly seen - these records are -called 'non-authoritative'.</P -><P ->At this point the browse lists look as follows (these are -the machines you would see in your network neighborhood if -you looked in it on a particular network right now).</P -><P -><PRE -CLASS="PROGRAMLISTING" ->Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D</PRE -></P -><P ->Note that at this point all the subnets are separate, no -machine is seen across any of the subnets.</P -><P ->Now examine subnet 2. As soon as N2_B has become the local -master browser it looks for a Domain master browser to synchronize -its browse list with. It does this by querying the WINS server -(N2_D) for the IP address associated with the NetBIOS name -WORKGROUP>1B<. This name was registerd by the Domain master -browser (N1_C) with the WINS server as soon as it was booted.</P -><P ->Once N2_B knows the address of the Domain master browser it -tells it that is the local master browser for subnet 2 by -sending a MasterAnnouncement packet as a UDP port 138 packet. -It then synchronizes with it by doing a NetServerEnum2 call. This -tells the Domain Master Browser to send it all the server -names it knows about. Once the domain master browser receives -the MasterAnnouncement packet it schedules a synchronization -request to the sender of that packet. After both synchronizations -are done the browse lists look like :</P -><P -><PRE -CLASS="PROGRAMLISTING" ->Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Servers with a (*) after them are non-authoritative names.</PRE -></P -><P ->At this point users looking in their network neighborhood on -subnets 1 or 2 will see all the servers on both, users on -subnet 3 will still only see the servers on their own subnet.</P -><P ->The same sequence of events that occured for N2_B now occurs -for the local master browser on subnet 3 (N3_D). When it -synchronizes browse lists with the domain master browser (N1_A) -it gets both the server entries on subnet 1, and those on -subnet 2. After N3_D has synchronized with N1_C and vica-versa -the browse lists look like.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names.</PRE -></P -><P ->At this point users looking in their network neighborhood on -subnets 1 or 3 will see all the servers on all sunbets, users on -subnet 2 will still only see the servers on subnets 1 and 2, but not 3.</P -><P ->Finally, the local master browser for subnet 2 (N2_B) will sync again -with the domain master browser (N1_C) and will recieve the missing -server entries. Finally - and as a steady state (if no machines -are removed or shut off) the browse lists will look like :</P -><P -><PRE -CLASS="PROGRAMLISTING" ->Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names.</PRE -></P -><P ->Synchronizations between the domain master browser and local -master browsers will continue to occur, but this should be a -steady state situation.</P -><P ->If either router R1 or R2 fails the following will occur:</P -><P -></P -><OL -TYPE="1" -><LI -><P -> Names of computers on each side of the inaccessible network fragments - will be maintained for as long as 36 minutes, in the network neighbourhood - lists. - </P -></LI -><LI -><P -> Attempts to connect to these inaccessible computers will fail, but the - names will not be removed from the network neighbourhood lists. - </P -></LI -><LI -><P -> If one of the fragments is cut off from the WINS server, it will only - be able to access servers on its local subnet, by using subnet-isolated - broadcast NetBIOS name resolution. The effects are similar to that of - losing access to a DNS server. - </P -></LI -></OL -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN289">2.5. Setting up a WINS server</H1 -><P ->Either a Samba machine or a Windows NT Server machine may be set up -as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : -in the [globals] section add the line </P -><P -><B -CLASS="COMMAND" -> wins support = yes</B -></P -><P ->Versions of Samba previous to 1.9.17 had this parameter default to -yes. If you have any older versions of Samba on your network it is -strongly suggested you upgrade to 1.9.17 or above, or at the very -least set the parameter to 'no' on all these machines.</P -><P ->Machines with "<B -CLASS="COMMAND" ->wins support = yes</B ->" will keep a list of -all NetBIOS names registered with them, acting as a DNS for NetBIOS names.</P -><P ->You should set up only ONE wins server. Do NOT set the -"<B -CLASS="COMMAND" ->wins support = yes</B ->" option on more than one Samba -server.</P -><P ->To set up a Windows NT Server as a WINS server you need to set up -the WINS service - see your NT documentation for details. Note that -Windows NT WINS Servers can replicate to each other, allowing more -than one to be set up in a complex subnet environment. As Microsoft -refuse to document these replication protocols Samba cannot currently -participate in these replications. It is possible in the future that -a Samba->Samba WINS replication protocol may be defined, in which -case more than one Samba machine could be set up as a WINS server -but currently only one Samba server should have the "wins support = yes" -parameter set.</P -><P ->After the WINS server has been configured you must ensure that all -machines participating on the network are configured with the address -of this WINS server. If your WINS server is a Samba machine, fill in -the Samba machine IP address in the "Primary WINS Server" field of -the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs -in Windows 95 or Windows NT. To tell a Samba server the IP address -of the WINS server add the following line to the [global] section of -all smb.conf files :</P -><P -><B -CLASS="COMMAND" ->wins server = >name or IP address<</B -></P -><P ->where >name or IP address< is either the DNS name of the WINS server -machine or its IP address.</P -><P ->Note that this line MUST NOT BE SET in the smb.conf file of the Samba -server acting as the WINS server itself. If you set both the -"<B -CLASS="COMMAND" ->wins support = yes</B ->" option and the -"<B -CLASS="COMMAND" ->wins server = >name<</B ->" option then -nmbd will fail to start.</P -><P ->There are two possible scenarios for setting up cross subnet browsing. -The first details setting up cross subnet browsing on a network containing -Windows 95, Samba and Windows NT machines that are not configured as -part of a Windows NT Domain. The second details setting up cross subnet -browsing on networks that contain NT Domains.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN308">2.6. Setting up Browsing in a WORKGROUP</H1 -><P ->To set up cross subnet browsing on a network containing machines -in up to be in a WORKGROUP, not an NT Domain you need to set up one -Samba server to be the Domain Master Browser (note that this is *NOT* -the same as a Primary Domain Controller, although in an NT Domain the -same machine plays both roles). The role of a Domain master browser is -to collate the browse lists from local master browsers on all the -subnets that have a machine participating in the workgroup. Without -one machine configured as a domain master browser each subnet would -be an isolated workgroup, unable to see any machines on any other -subnet. It is the presense of a domain master browser that makes -cross subnet browsing possible for a workgroup.</P -><P ->In an WORKGROUP environment the domain master browser must be a -Samba server, and there must only be one domain master browser per -workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file :</P -><P -><B -CLASS="COMMAND" ->domain master = yes</B -></P -><P ->The domain master browser should also preferrably be the local master -browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> domain master = yes - local master = yes - preferred master = yes - os level = 65</PRE -></P -><P ->The domain master browser may be the same machine as the WINS -server, if you require.</P -><P ->Next, you should ensure that each of the subnets contains a -machine that can act as a local master browser for the -workgroup. Any NT machine should be able to do this, as will -Windows 95 machines (although these tend to get rebooted more -often, so it's not such a good idea to use these). To make a -Samba server a local master browser set the following -options in the [global] section of the smb.conf file :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> domain master = no - local master = yes - preferred master = yes - os level = 65</PRE -></P -><P ->Do not do this for more than one Samba server on each subnet, -or they will war with each other over which is to be the local -master browser.</P -><P ->The "local master" parameter allows Samba to act as a local master -browser. The "preferred master" causes nmbd to force a browser -election on startup and the "os level" parameter sets Samba high -enough so that it should win any browser elections.</P -><P ->If you have an NT machine on the subnet that you wish to -be the local master browser then you can disable Samba from -becoming a local master browser by setting the following -options in the [global] section of the smb.conf file :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> domain master = no - local master = no - preferred master = no - os level = 0</PRE -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN326">2.7. Setting up Browsing in a DOMAIN</H1 -><P ->If you are adding Samba servers to a Windows NT Domain then -you must not set up a Samba server as a domain master browser. -By default, a Windows NT Primary Domain Controller for a Domain -name is also the Domain master browser for that name, and many -things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN>1B<) with WINS instead of the PDC.</P -><P ->For subnets other than the one containing the Windows NT PDC -you may set up Samba servers as local master browsers as -described. To make a Samba server a local master browser set -the following options in the [global] section of the smb.conf -file :</P -><P -><PRE -CLASS="PROGRAMLISTING" -> domain master = no - local master = yes - preferred master = yes - os level = 65</PRE -></P -><P ->If you wish to have a Samba server fight the election with machines -on the same subnet you may set the "os level" parameter to lower -levels. By doing this you can tune the order of machines that -will become local master browsers if they are running. For -more details on this see the section "FORCING SAMBA TO BE THE MASTER" -below.</P -><P ->If you have Windows NT machines that are members of the domain -on all subnets, and you are sure they will always be running then -you can disable Samba from taking part in browser elections and -ever becoming a local master browser by setting following options -in the [global] section of the smb.conf file :</P -><P -><B -CLASS="COMMAND" -> domain master = no - local master = no - preferred master = no - os level = 0</B -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN336">2.8. Forcing samba to be the master</H1 -><P ->Who becomes the "master browser" is determined by an election process -using broadcasts. Each election packet contains a number of parameters -which determine what precedence (bias) a host should have in the -election. By default Samba uses a very low precedence and thus loses -elections to just about anyone else.</P -><P ->If you want Samba to win elections then just set the "os level" global -option in smb.conf to a higher number. It defaults to 0. Using 34 -would make it win all elections over every other system (except other -samba systems!)</P -><P ->A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A -NTAS domain controller uses level 32.</P -><P ->The maximum os level is 255</P -><P ->If you want samba to force an election on startup, then set the -"preferred master" global option in smb.conf to "yes". Samba will -then have a slight advantage over other potential master browsers -that are not preferred master browsers. Use this parameter with -care, as if you have two hosts (whether they are windows 95 or NT or -samba) on the same local subnet both set with "preferred master" to -"yes", then periodically and continually they will force an election -in order to become the local master browser.</P -><P ->If you want samba to be a "domain master browser", then it is -recommended that you also set "preferred master" to "yes", because -samba will not become a domain master browser for the whole of your -LAN or WAN if it is not also a local master browser on its own -broadcast isolated subnet.</P -><P ->It is possible to configure two samba servers to attempt to become -the domain master browser for a domain. The first server that comes -up will be the domain master browser. All other samba servers will -attempt to become the domain master browser every 5 minutes. They -will find that another samba server is already the domain master -browser and will fail. This provides automatic redundancy, should -the current domain master browser fail.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN345">2.9. Making samba the domain master</H1 -><P ->The domain master is responsible for collating the browse lists of -multiple subnets so that browsing can occur between subnets. You can -make samba act as the domain master by setting "domain master = yes" -in smb.conf. By default it will not be a domain master.</P -><P ->Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain.</P -><P ->When samba is the domain master and the master browser it will listen -for master announcements (made roughly every twelve minutes) from local -master browsers on other subnets and then contact them to synchronise -browse lists.</P -><P ->If you want samba to be the domain master then I suggest you also set -the "os level" high enough to make sure it wins elections, and set -"preferred master" to "yes", to get samba to force an election on -startup.</P -><P ->Note that all your servers (including samba) and clients should be -using a WINS server to resolve NetBIOS names. If your clients are only -using broadcasting to resolve NetBIOS names, then two things will occur:</P -><P -></P -><OL -TYPE="1" -><LI -><P -> your local master browsers will be unable to find a domain master - browser, as it will only be looking on the local subnet. - </P -></LI -><LI -><P -> if a client happens to get hold of a domain-wide browse list, and - a user attempts to access a host in that list, it will be unable to - resolve the NetBIOS name of that host. - </P -></LI -></OL -><P ->If, however, both samba and your clients are using a WINS server, then:</P -><P -></P -><OL -TYPE="1" -><LI -><P -> your local master browsers will contact the WINS server and, as long as - samba has registered that it is a domain master browser with the WINS - server, your local master browser will receive samba's ip address - as its domain master browser. - </P -></LI -><LI -><P -> when a client receives a domain-wide browse list, and a user attempts - to access a host in that list, it will contact the WINS server to - resolve the NetBIOS name of that host. as long as that host has - registered its NetBIOS name with the same WINS server, the user will - be able to see that host. - </P -></LI -></OL -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN363">2.10. Note about broadcast addresses</H1 -><P ->If your network uses a "0" based broadcast address (for example if it -ends in a 0) then you will strike problems. Windows for Workgroups -does not seem to support a 0's broadcast and you will probably find -that browsing and name lookups won't work.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN366">2.11. Multiple interfaces</H1 -><P ->Samba now supports machines with multiple network interfaces. If you -have multiple interfaces then you will need to use the "interfaces" -option in smb.conf to configure them. See smb.conf(5) for details.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="install.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="browsing-quick.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->How to Install and Test SAMBA</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="introduction.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/oplocks.html b/docs/htmldocs/oplocks.html deleted file mode 100644 index 6aa91fb17fc..00000000000 --- a/docs/htmldocs/oplocks.html +++ /dev/null @@ -1,208 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Oplocks</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="General installation" -HREF="introduction.html"><LINK -REL="PREVIOUS" -TITLE="Improved browsing in samba" -HREF="improved-browsing.html"><LINK -REL="NEXT" -TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide" -HREF="browsing-quick.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="improved-browsing.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="browsing-quick.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="OPLOCKS" -></A ->Chapter 3. Oplocks</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN378" -></A ->3.1. What are oplocks?</H1 -><P ->When a client opens a file it can request an "oplock" or file -lease. This is (to simplify a bit) a guarentee that no one else -has the file open simultaneously. It allows the client to not -send any updates on the file to the server, thus reducing a -network file access to local access (once the file is in -client cache). An "oplock break" is when the server sends -a request to the client to flush all its changes back to -the server, so the file is in a consistent state for other -opens to succeed. If a client fails to respond to this -asynchronous request then the file can be corrupted. Hence -the "turn off oplocks" answer if people are having multi-user -file access problems.</P -><P ->Unless the kernel is "oplock aware" (SGI IRIX and Linux are -the only two UNIXes that are at the moment) then if a local -UNIX process accesses the file simultaneously then Samba -has no way of telling this is occuring, so the guarentee -to the client is broken. This can corrupt the file. Short -answer - it you have UNIX clients accessing the same file -as smbd locally or via NFS and you're not running Linux or -IRIX then turn off oplocks for that file or share.</P -><P ->"Share modes". These are modes of opening a file, that -guarentee an invarient - such as DENY_WRITE - which means -that if any other opens are requested with write access after -this current open has succeeded then they should be denied -with a "sharing violation" error message. Samba handles these -internally inside smbd. UNIX clients accessing the same file -ignore these invarients. Just proving that if you need simultaneous -file access from a Windows and UNIX client you *must* have an -application that is written to lock records correctly on both -sides. Few applications are written like this, and even fewer -are cross platform (UNIX and Windows) so in practice this isn't -much of a problem.</P -><P ->"Locking". This really means "byte range locking" - such as -lock 10 bytes at file offset 24 for write access. This is the -area in which well written UNIX and Windows apps will cooperate. -Windows locks (at least from NT or above) are 64-bit unsigned -offsets. UNIX locks are either 31 bit or 63 bit and are signed -(the top bit is used for the sign). Samba handles these by -first ensuring that all the Windows locks don't conflict (ie. -if other Windows clients have competing locks then just reject -immediately) - this allows us to support 64-bit Windows locks -on 32-bit filesystems. Secondly any locks that are valid are -then mapped onto UNIX fcntl byte range locks. These are the -locks that will be seen by UNIX processes. If there is a conflict -here the lock is rejected.</P -><P ->Note that if a client has an oplock then it "knows" that no -other client can have the file open so usually doesn't bother -to send to lock request to the server - this means once again -if you need to share files between UNIX and Windows processes -either use IRIX or Linux, or turn off oplocks for these -files/shares.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="improved-browsing.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="browsing-quick.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Improved browsing in samba</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="introduction.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/other-clients.html b/docs/htmldocs/other-clients.html deleted file mode 100644 index 130c9691e7b..00000000000 --- a/docs/htmldocs/other-clients.html +++ /dev/null @@ -1,566 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Samba and other CIFS clients</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Appendixes" -HREF="appendixes.html"><LINK -REL="PREVIOUS" -TITLE="Portability" -HREF="portability.html"><LINK -REL="NEXT" -TITLE="Reporting Bugs" -HREF="bugreport.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="portability.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="bugreport.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="OTHER-CLIENTS">Chapter 24. Samba and other CIFS clients</H1 -><P ->This chapter contains client-specific information.</P -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3199">24.1. Macintosh clients?</H1 -><P ->Yes. <A -HREF="http://www.thursby.com/" -TARGET="_top" ->Thursby</A -> now have a CIFS Client / Server called DAVE - see</P -><P ->They test it against Windows 95, Windows NT and samba for -compatibility issues. At the time of writing, DAVE was at version -1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from -the Thursby web site (the speed of finder copies has been greatly -enhanced, and there are bug-fixes included).</P -><P -> -Alternatives - There are two free implementations of AppleTalk for -several kinds of UNIX machnes, and several more commercial ones. -These products allow you to run file services and print services -natively to Macintosh users, with no additional support required on -the Macintosh. The two free omplementations are -<A -HREF="http://www.umich.edu/~rsug/netatalk/" -TARGET="_top" ->Netatalk</A ->, and -<A -HREF="http://www.cs.mu.oz.au/appletalk/atalk.html" -TARGET="_top" ->CAP</A ->. -What Samba offers MS -Windows users, these packages offer to Macs. For more info on these -packages, Samba, and Linux (and other UNIX-based systems) see -<A -HREF="http://www.eats.com/linux_mac_win.html" -TARGET="_top" ->http://www.eats.com/linux_mac_win.html</A -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3208">24.2. OS2 Client</H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3210">24.2.1. How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba?</H2 -><P ->A more complete answer to this question can be - found on <A -HREF="http://carol.wins.uva.nl/~leeuw/samba/warp.html" -TARGET="_top" -> http://carol.wins.uva.nl/~leeuw/samba/warp.html</A ->.</P -><P ->Basically, you need three components:</P -><P -></P -><UL -><LI -><P ->The File and Print Client ('IBM Peer') - </P -></LI -><LI -><P ->TCP/IP ('Internet support') - </P -></LI -><LI -><P ->The "NetBIOS over TCP/IP" driver ('TCPBEUI') - </P -></LI -></UL -><P ->Installing the first two together with the base operating - system on a blank system is explained in the Warp manual. If Warp - has already been installed, but you now want to install the - networking support, use the "Selective Install for Networking" - object in the "System Setup" folder.</P -><P ->Adding the "NetBIOS over TCP/IP" driver is not described - in the manual and just barely in the online documentation. Start - MPTS.EXE, click on OK, click on "Configure LAPS" and click - on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line - is then moved to 'Current Configuration'. Select that line, - click on "Change number" and increase it from 0 to 1. Save this - configuration.</P -><P ->If the Samba server(s) is not on your local subnet, you - can optionally add IP names and addresses of these servers - to the "Names List", or specify a WINS server ('NetBIOS - Nameserver' in IBM and RFC terminology). For Warp Connect you - may need to download an update for 'IBM Peer' to bring it on - the same level as Warp 4. See the webpage mentioned above.</P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3225">24.2.2. How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba?</H2 -><P ->You can use the free Microsoft LAN Manager 2.2c Client - for OS/2 from - <A -HREF="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/" -TARGET="_top" -> ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</A ->. - See <A -HREF="http://carol.wins.uva.nl/~leeuw/lanman.html" -TARGET="_top" -> http://carol.wins.uva.nl/~leeuw/lanman.html</A -> for - more information on how to install and use this client. In - a nutshell, edit the file \OS2VER in the root directory of - the OS/2 boot partition and add the lines:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> 20=setup.exe - 20=netwksta.sys - 20=netvdd.sys - </PRE -></P -><P ->before you install the client. Also, don't use the - included NE2000 driver because it is buggy. Try the NE2000 - or NS2000 driver from - <A -HREF="ftp://ftp.cdrom.com/pub/os2/network/ndis/" -TARGET="_top" -> ftp://ftp.cdrom.com/pub/os2/network/ndis/</A -> instead. - </P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3234">24.2.3. Are there any other issues when OS/2 (any version) - is used as a client?</H2 -><P ->When you do a NET VIEW or use the "File and Print - Client Resource Browser", no Samba servers show up. This can - be fixed by a patch from <A -HREF="http://carol.wins.uva.nl/~leeuw/samba/fix.html" -TARGET="_top" -> http://carol.wins.uva.nl/~leeuw/samba/fix.html</A ->. - The patch will be included in a later version of Samba. It also - fixes a couple of other problems, such as preserving long - filenames when objects are dragged from the Workplace Shell - to the Samba server. </P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3238">24.2.4. How do I get printer driver download working - for OS/2 clients?</H2 -><P ->First, create a share called [PRINTDRV] that is - world-readable. Copy your OS/2 driver files there. Note - that the .EA_ files must still be separate, so you will need - to use the original install files, and not copy an installed - driver from an OS/2 system.</P -><P ->Install the NT driver first for that printer. Then, - add to your smb.conf a parameter, os2 driver map = - <TT -CLASS="REPLACEABLE" -><I ->filename</I -></TT ->". Then, in the file - specified by <TT -CLASS="REPLACEABLE" -><I ->filename</I -></TT ->, map the - name of the NT driver name to the OS/2 driver name as - follows:</P -><P -><B -CLASS="COMMAND" ->nt driver name = os2 "driver - name"."device name"</B ->, e.g.: - HP LaserJet 5L = LASERJET.HP LaserJet 5L</P -><P ->You can have multiple drivers mapped in this file.</P -><P ->If you only specify the OS/2 driver name, and not the - device name, the first attempt to download the driver will - actually download the files, but the OS/2 client will tell - you the driver is not available. On the second attempt, it - will work. This is fixed simply by adding the device name - to the mapping, after which it will work on the first attempt. - </P -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3248">24.3. Windows for Workgroups</H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3250">24.3.1. Use latest TCP/IP stack from Microsoft</H2 -><P ->Use the latest TCP/IP stack from microsoft if you use Windows -for workgroups.</P -><P ->The early TCP/IP stacks had lots of bugs.</P -><P -> -Microsoft has released an incremental upgrade to their TCP/IP 32-Bit -VxD drivers. The latest release can be found on their ftp site at -ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe. -There is an update.txt file there that describes the problems that were -fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386, -WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE.</P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3255">24.3.2. Delete .pwl files after password change</H2 -><P ->WfWg does a lousy job with passwords. I find that if I change my -password on either the unix box or the PC the safest thing to do is to -delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.</P -><P -> -If you don't do this you may find that WfWg remembers and uses the old -password, even if you told it a new one.</P -><P -> -Often WfWg will totally ignore a password you give it in a dialog box.</P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3260">24.3.3. Configure WfW password handling</H2 -><P ->There is a program call admincfg.exe -on the last disk (disk 8) of the WFW 3.11 disk set. To install it -type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon -for it via the "Progam Manager" "New" Menu. This program allows you -to control how WFW handles passwords. ie disable Password Caching etc -for use with <B -CLASS="COMMAND" ->security = user</B -></P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN3264">24.3.4. Case handling of passwords</H2 -><P ->Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A -HREF="smb.conf.5.html" -TARGET="_top" ->smb.conf(5)</A -> information on <B -CLASS="COMMAND" ->password level</B -> to specify what characters samba should try to uppercase when checking.</P -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3269">24.4. Windows '95/'98</H1 -><P ->When using Windows 95 OEM SR2 the following updates are recommended where Samba -is being used. Please NOTE that the above change will affect you once these -updates have been installed.</P -><P -> -There are more updates than the ones mentioned here. You are referred to the -Microsoft Web site for all currently available updates to your specific version -of Windows 95.</P -><P -></P -><OL -TYPE="1" -><LI -><P ->Kernel Update: KRNLUPD.EXE</P -></LI -><LI -><P ->Ping Fix: PINGUPD.EXE</P -></LI -><LI -><P ->RPC Update: RPCRTUPD.EXE</P -></LI -><LI -><P ->TCP/IP Update: VIPUPD.EXE</P -></LI -><LI -><P ->Redirector Update: VRDRUPD.EXE</P -></LI -></OL -><P ->Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This -fix may stop your machine from hanging for an extended period when exiting -OutLook and you may also notice a significant speedup when accessing network -neighborhood services.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3285">24.5. Windows 2000 Service Pack 2</H1 -><P -> -There are several annoyances with Windows 2000 SP2. One of which -only appears when using a Samba server to host user profiles -to Windows 2000 SP2 clients in a Windows domain. This assumes -that Samba is a member of the domain, but the problem will -likely occur if it is not.</P -><P -> -In order to server profiles successfully to Windows 2000 SP2 -clients (when not operating as a PDC), Samba must have -<B -CLASS="COMMAND" ->nt acl support = no</B -> -added to the file share which houses the roaming profiles. -If this is not done, then the Windows 2000 SP2 client will -complain about not being able to access the profile (Access -Denied) and create multiple copies of it on disk (DOMAIN.user.001, -DOMAIN.user.002, etc...). See the -<A -HREF="smb.conf.5.html" -TARGET="_top" ->smb.conf(5)</A -> man page -for more details on this option. Also note that the -<B -CLASS="COMMAND" ->nt acl support</B -> parameter was formally a global parameter in -releases prior to Samba 2.2.2.</P -><P -> -The following is a minimal profile share:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> [profile] - path = /export/profile - create mask = 0600 - directory mask = 0700 - nt acl support = no - read only = no</PRE -></P -><P ->The reason for this bug is that the Win2k SP2 client copies -the security descriptor for the profile which contains -the Samba server's SID, and not the domain SID. The client -compares the SID for SAMBA\user and realizes it is -different that the one assigned to DOMAIN\user. Hence the reason -for the "access denied" message.</P -><P ->By disabling the <B -CLASS="COMMAND" ->nt acl support</B -> parameter, Samba will send -the Win2k client a response to the QuerySecurityDescriptor -trans2 call which causes the client to set a default ACL -for the profile. This default ACL includes </P -><P -><B -CLASS="COMMAND" ->DOMAIN\user "Full Control"</B -></P -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->NOTE : This bug does not occur when using winbind to -create accounts on the Samba host for Domain users.</I -></SPAN -></P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="portability.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="bugreport.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Portability</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="appendixes.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Reporting Bugs</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/p1346.html b/docs/htmldocs/p1346.html deleted file mode 100644 index e5585618005..00000000000 --- a/docs/htmldocs/p1346.html +++ /dev/null @@ -1,917 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Optional configuration</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="PREVIOUS" -TITLE="Samba as a NT4 domain member" -HREF="domain-security.html"><LINK -REL="NEXT" -TITLE="Integrating MS Windows networks with Samba" -HREF="integrate-ms-networks.html"></HEAD -><BODY -CLASS="PART" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="domain-security.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="integrate-ms-networks.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="PART" -><A -NAME="AEN1346" -></A -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" ->III. Optional configuration</H1 -><DIV -CLASS="PARTINTRO" -><A -NAME="AEN1348" -></A -><H1 ->Introduction</H1 -><P ->Samba has several features that you might want or might not want to use. The chapters in this -part each cover one specific feature.</P -></DIV -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->10. <A -HREF="integrate-ms-networks.html" ->Integrating MS Windows networks with Samba</A -></DT -><DD -><DL -><DT ->10.1. <A -HREF="integrate-ms-networks.html#AEN1362" ->Agenda</A -></DT -><DT ->10.2. <A -HREF="integrate-ms-networks.html#AEN1384" ->Name Resolution in a pure Unix/Linux world</A -></DT -><DD -><DL -><DT ->10.2.1. <A -HREF="integrate-ms-networks.html#AEN1400" -><TT -CLASS="FILENAME" ->/etc/hosts</TT -></A -></DT -><DT ->10.2.2. <A -HREF="integrate-ms-networks.html#AEN1416" -><TT -CLASS="FILENAME" ->/etc/resolv.conf</TT -></A -></DT -><DT ->10.2.3. <A -HREF="integrate-ms-networks.html#AEN1427" -><TT -CLASS="FILENAME" ->/etc/host.conf</TT -></A -></DT -><DT ->10.2.4. <A -HREF="integrate-ms-networks.html#AEN1435" -><TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -></A -></DT -></DL -></DD -><DT ->10.3. <A -HREF="integrate-ms-networks.html#AEN1447" ->Name resolution as used within MS Windows networking</A -></DT -><DD -><DL -><DT ->10.3.1. <A -HREF="integrate-ms-networks.html#AEN1459" ->The NetBIOS Name Cache</A -></DT -><DT ->10.3.2. <A -HREF="integrate-ms-networks.html#AEN1464" ->The LMHOSTS file</A -></DT -><DT ->10.3.3. <A -HREF="integrate-ms-networks.html#AEN1472" ->HOSTS file</A -></DT -><DT ->10.3.4. <A -HREF="integrate-ms-networks.html#AEN1477" ->DNS Lookup</A -></DT -><DT ->10.3.5. <A -HREF="integrate-ms-networks.html#AEN1480" ->WINS Lookup</A -></DT -></DL -></DD -><DT ->10.4. <A -HREF="integrate-ms-networks.html#AEN1492" ->How browsing functions and how to deploy stable and -dependable browsing using Samba</A -></DT -><DT ->10.5. <A -HREF="integrate-ms-networks.html#AEN1502" ->MS Windows security options and how to configure -Samba for seemless integration</A -></DT -><DD -><DL -><DT ->10.5.1. <A -HREF="integrate-ms-networks.html#AEN1530" ->Use MS Windows NT as an authentication server</A -></DT -><DT ->10.5.2. <A -HREF="integrate-ms-networks.html#AEN1538" ->Make Samba a member of an MS Windows NT security domain</A -></DT -><DT ->10.5.3. <A -HREF="integrate-ms-networks.html#AEN1555" ->Configure Samba as an authentication server</A -></DT -></DL -></DD -><DT ->10.6. <A -HREF="integrate-ms-networks.html#AEN1572" ->Conclusions</A -></DT -></DL -></DD -><DT ->11. <A -HREF="unix-permissions.html" ->UNIX Permission Bits and Windows NT Access Control Lists</A -></DT -><DD -><DL -><DT ->11.1. <A -HREF="unix-permissions.html#AEN1593" ->Viewing and changing UNIX permissions using the NT - security dialogs</A -></DT -><DT ->11.2. <A -HREF="unix-permissions.html#AEN1602" ->How to view file security on a Samba share</A -></DT -><DT ->11.3. <A -HREF="unix-permissions.html#AEN1613" ->Viewing file ownership</A -></DT -><DT ->11.4. <A -HREF="unix-permissions.html#AEN1633" ->Viewing file or directory permissions</A -></DT -><DD -><DL -><DT ->11.4.1. <A -HREF="unix-permissions.html#AEN1648" ->File Permissions</A -></DT -><DT ->11.4.2. <A -HREF="unix-permissions.html#AEN1662" ->Directory Permissions</A -></DT -></DL -></DD -><DT ->11.5. <A -HREF="unix-permissions.html#AEN1669" ->Modifying file or directory permissions</A -></DT -><DT ->11.6. <A -HREF="unix-permissions.html#AEN1691" ->Interaction with the standard Samba create mask - parameters</A -></DT -><DT ->11.7. <A -HREF="unix-permissions.html#AEN1755" ->Interaction with the standard Samba file attribute - mapping</A -></DT -></DL -></DD -><DT ->12. <A -HREF="pam.html" ->Configuring PAM for distributed but centrally -managed authentication</A -></DT -><DD -><DL -><DT ->12.1. <A -HREF="pam.html#AEN1776" ->Samba and PAM</A -></DT -><DT ->12.2. <A -HREF="pam.html#AEN1820" ->Distributed Authentication</A -></DT -><DT ->12.3. <A -HREF="pam.html#AEN1827" ->PAM Configuration in smb.conf</A -></DT -></DL -></DD -><DT ->13. <A -HREF="msdfs.html" ->Hosting a Microsoft Distributed File System tree on Samba</A -></DT -><DD -><DL -><DT ->13.1. <A -HREF="msdfs.html#AEN1847" ->Instructions</A -></DT -><DD -><DL -><DT ->13.1.1. <A -HREF="msdfs.html#AEN1882" ->Notes</A -></DT -></DL -></DD -></DL -></DD -><DT ->14. <A -HREF="printing.html" ->Printing Support</A -></DT -><DD -><DL -><DT ->14.1. <A -HREF="printing.html#AEN1908" ->Introduction</A -></DT -><DT ->14.2. <A -HREF="printing.html#AEN1930" ->Configuration</A -></DT -><DD -><DL -><DT ->14.2.1. <A -HREF="printing.html#AEN1938" ->Creating [print$]</A -></DT -><DT ->14.2.2. <A -HREF="printing.html#AEN1973" ->Setting Drivers for Existing Printers</A -></DT -><DT ->14.2.3. <A -HREF="printing.html#AEN1989" ->Support a large number of printers</A -></DT -><DT ->14.2.4. <A -HREF="printing.html#AEN2000" ->Adding New Printers via the Windows NT APW</A -></DT -><DT ->14.2.5. <A -HREF="printing.html#AEN2030" ->Samba and Printer Ports</A -></DT -></DL -></DD -><DT ->14.3. <A -HREF="printing.html#AEN2038" ->The Imprints Toolset</A -></DT -><DD -><DL -><DT ->14.3.1. <A -HREF="printing.html#AEN2042" ->What is Imprints?</A -></DT -><DT ->14.3.2. <A -HREF="printing.html#AEN2052" ->Creating Printer Driver Packages</A -></DT -><DT ->14.3.3. <A -HREF="printing.html#AEN2055" ->The Imprints server</A -></DT -><DT ->14.3.4. <A -HREF="printing.html#AEN2059" ->The Installation Client</A -></DT -></DL -></DD -><DT ->14.4. <A -HREF="printing.html#AEN2081" ->Diagnosis</A -></DT -><DD -><DL -><DT ->14.4.1. <A -HREF="printing.html#AEN2083" ->Introduction</A -></DT -><DT ->14.4.2. <A -HREF="printing.html#AEN2099" ->Debugging printer problems</A -></DT -><DT ->14.4.3. <A -HREF="printing.html#AEN2108" ->What printers do I have?</A -></DT -><DT ->14.4.4. <A -HREF="printing.html#AEN2116" ->Setting up printcap and print servers</A -></DT -><DT ->14.4.5. <A -HREF="printing.html#AEN2144" ->Job sent, no output</A -></DT -><DT ->14.4.6. <A -HREF="printing.html#AEN2155" ->Job sent, strange output</A -></DT -><DT ->14.4.7. <A -HREF="printing.html#AEN2167" ->Raw PostScript printed</A -></DT -><DT ->14.4.8. <A -HREF="printing.html#AEN2170" ->Advanced Printing</A -></DT -><DT ->14.4.9. <A -HREF="printing.html#AEN2173" ->Real debugging</A -></DT -></DL -></DD -></DL -></DD -><DT ->15. <A -HREF="securitylevels.html" ->Security levels</A -></DT -><DD -><DL -><DT ->15.1. <A -HREF="securitylevels.html#AEN2186" ->Introduction</A -></DT -><DT ->15.2. <A -HREF="securitylevels.html#AEN2197" ->More complete description of security levels</A -></DT -></DL -></DD -><DT ->16. <A -HREF="winbind.html" ->Unified Logons between Windows NT and UNIX using Winbind</A -></DT -><DD -><DL -><DT ->16.1. <A -HREF="winbind.html#AEN2249" ->Abstract</A -></DT -><DT ->16.2. <A -HREF="winbind.html#AEN2253" ->Introduction</A -></DT -><DT ->16.3. <A -HREF="winbind.html#AEN2266" ->What Winbind Provides</A -></DT -><DD -><DL -><DT ->16.3.1. <A -HREF="winbind.html#AEN2273" ->Target Uses</A -></DT -></DL -></DD -><DT ->16.4. <A -HREF="winbind.html#AEN2277" ->How Winbind Works</A -></DT -><DD -><DL -><DT ->16.4.1. <A -HREF="winbind.html#AEN2282" ->Microsoft Remote Procedure Calls</A -></DT -><DT ->16.4.2. <A -HREF="winbind.html#AEN2286" ->Name Service Switch</A -></DT -><DT ->16.4.3. <A -HREF="winbind.html#AEN2302" ->Pluggable Authentication Modules</A -></DT -><DT ->16.4.4. <A -HREF="winbind.html#AEN2310" ->User and Group ID Allocation</A -></DT -><DT ->16.4.5. <A -HREF="winbind.html#AEN2314" ->Result Caching</A -></DT -></DL -></DD -><DT ->16.5. <A -HREF="winbind.html#AEN2317" ->Installation and Configuration</A -></DT -><DD -><DL -><DT ->16.5.1. <A -HREF="winbind.html#AEN2324" ->Introduction</A -></DT -><DT ->16.5.2. <A -HREF="winbind.html#AEN2337" ->Requirements</A -></DT -><DT ->16.5.3. <A -HREF="winbind.html#AEN2351" ->Testing Things Out</A -></DT -></DL -></DD -><DT ->16.6. <A -HREF="winbind.html#AEN2566" ->Limitations</A -></DT -><DT ->16.7. <A -HREF="winbind.html#AEN2576" ->Conclusion</A -></DT -></DL -></DD -><DT ->17. <A -HREF="pdb-mysql.html" ->Passdb MySQL plugin</A -></DT -><DD -><DL -><DT ->17.1. <A -HREF="pdb-mysql.html#AEN2590" ->Building</A -></DT -><DT ->17.2. <A -HREF="pdb-mysql.html#AEN2596" ->Configuring</A -></DT -><DT ->17.3. <A -HREF="pdb-mysql.html#AEN2611" ->Using plaintext passwords or encrypted password</A -></DT -><DT ->17.4. <A -HREF="pdb-mysql.html#AEN2616" ->Getting non-column data from the table</A -></DT -></DL -></DD -><DT ->18. <A -HREF="pdb-xml.html" ->Passdb XML plugin</A -></DT -><DD -><DL -><DT ->18.1. <A -HREF="pdb-xml.html#AEN2635" ->Building</A -></DT -><DT ->18.2. <A -HREF="pdb-xml.html#AEN2641" ->Usage</A -></DT -></DL -></DD -><DT ->19. <A -HREF="samba-ldap-howto.html" ->Storing Samba's User/Machine Account information in an LDAP Directory</A -></DT -><DD -><DL -><DT ->19.1. <A -HREF="samba-ldap-howto.html#AEN2664" ->Purpose</A -></DT -><DT ->19.2. <A -HREF="samba-ldap-howto.html#AEN2684" ->Introduction</A -></DT -><DT ->19.3. <A -HREF="samba-ldap-howto.html#AEN2713" ->Supported LDAP Servers</A -></DT -><DT ->19.4. <A -HREF="samba-ldap-howto.html#AEN2718" ->Schema and Relationship to the RFC 2307 posixAccount</A -></DT -><DT ->19.5. <A -HREF="samba-ldap-howto.html#AEN2730" ->Configuring Samba with LDAP</A -></DT -><DD -><DL -><DT ->19.5.1. <A -HREF="samba-ldap-howto.html#AEN2732" ->OpenLDAP configuration</A -></DT -><DT ->19.5.2. <A -HREF="samba-ldap-howto.html#AEN2749" ->Configuring Samba</A -></DT -></DL -></DD -><DT ->19.6. <A -HREF="samba-ldap-howto.html#AEN2777" ->Accounts and Groups management</A -></DT -><DT ->19.7. <A -HREF="samba-ldap-howto.html#AEN2782" ->Security and sambaAccount</A -></DT -><DT ->19.8. <A -HREF="samba-ldap-howto.html#AEN2802" ->LDAP specials attributes for sambaAccounts</A -></DT -><DT ->19.9. <A -HREF="samba-ldap-howto.html#AEN2872" ->Example LDIF Entries for a sambaAccount</A -></DT -><DT ->19.10. <A -HREF="samba-ldap-howto.html#AEN2880" ->Comments</A -></DT -></DL -></DD -><DT ->20. <A -HREF="cvs-access.html" ->HOWTO Access Samba source code via CVS</A -></DT -><DD -><DL -><DT ->20.1. <A -HREF="cvs-access.html#AEN2891" ->Introduction</A -></DT -><DT ->20.2. <A -HREF="cvs-access.html#AEN2896" ->CVS Access to samba.org</A -></DT -><DD -><DL -><DT ->20.2.1. <A -HREF="cvs-access.html#AEN2899" ->Access via CVSweb</A -></DT -><DT ->20.2.2. <A -HREF="cvs-access.html#AEN2904" ->Access via cvs</A -></DT -></DL -></DD -></DL -></DD -><DT ->21. <A -HREF="groupmapping.html" ->Group mapping HOWTO</A -></DT -><DT ->22. <A -HREF="speed.html" ->Samba performance issues</A -></DT -><DD -><DL -><DT ->22.1. <A -HREF="speed.html#AEN2982" ->Comparisons</A -></DT -><DT ->22.2. <A -HREF="speed.html#AEN2988" ->Oplocks</A -></DT -><DD -><DL -><DT ->22.2.1. <A -HREF="speed.html#AEN2990" ->Overview</A -></DT -><DT ->22.2.2. <A -HREF="speed.html#AEN2998" ->Level2 Oplocks</A -></DT -><DT ->22.2.3. <A -HREF="speed.html#AEN3004" ->Old 'fake oplocks' option - deprecated</A -></DT -></DL -></DD -><DT ->22.3. <A -HREF="speed.html#AEN3008" ->Socket options</A -></DT -><DT ->22.4. <A -HREF="speed.html#AEN3015" ->Read size</A -></DT -><DT ->22.5. <A -HREF="speed.html#AEN3020" ->Max xmit</A -></DT -><DT ->22.6. <A -HREF="speed.html#AEN3025" ->Locking</A -></DT -><DT ->22.7. <A -HREF="speed.html#AEN3029" ->Share modes</A -></DT -><DT ->22.8. <A -HREF="speed.html#AEN3034" ->Log level</A -></DT -><DT ->22.9. <A -HREF="speed.html#AEN3037" ->Wide lines</A -></DT -><DT ->22.10. <A -HREF="speed.html#AEN3040" ->Read raw</A -></DT -><DT ->22.11. <A -HREF="speed.html#AEN3045" ->Write raw</A -></DT -><DT ->22.12. <A -HREF="speed.html#AEN3049" ->Read prediction</A -></DT -><DT ->22.13. <A -HREF="speed.html#AEN3056" ->Memory mapping</A -></DT -><DT ->22.14. <A -HREF="speed.html#AEN3061" ->Slow Clients</A -></DT -><DT ->22.15. <A -HREF="speed.html#AEN3065" ->Slow Logins</A -></DT -><DT ->22.16. <A -HREF="speed.html#AEN3068" ->Client tuning</A -></DT -><DT ->22.17. <A -HREF="speed.html#AEN3100" ->My Results</A -></DT -></DL -></DD -></DL -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="domain-security.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="integrate-ms-networks.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Samba as a NT4 domain member</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Integrating MS Windows networks with Samba</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/p18.html b/docs/htmldocs/p18.html deleted file mode 100644 index a8f2a3c53c8..00000000000 --- a/docs/htmldocs/p18.html +++ /dev/null @@ -1,438 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->General installation</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="PREVIOUS" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="NEXT" -TITLE="How to Install and Test SAMBA" -HREF="install.html"></HEAD -><BODY -CLASS="PART" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="install.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="PART" -><A -NAME="AEN18" -></A -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" ->I. General installation</H1 -><DIV -CLASS="PARTINTRO" -><A -NAME="AEN20" -></A -><H1 ->Introduction</H1 -><P ->This part contains general info on how to install samba -and how to configure the parts of samba you will most likely need. -PLEASE read this.</P -></DIV -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->1. <A -HREF="install.html" ->How to Install and Test SAMBA</A -></DT -><DD -><DL -><DT ->1.1. <A -HREF="install.html#AEN25" ->Read the man pages</A -></DT -><DT ->1.2. <A -HREF="install.html#AEN35" ->Building the Binaries</A -></DT -><DT ->1.3. <A -HREF="install.html#AEN63" ->The all important step</A -></DT -><DT ->1.4. <A -HREF="install.html#AEN67" ->Create the smb configuration file.</A -></DT -><DT ->1.5. <A -HREF="install.html#AEN81" ->Test your config file with - <B -CLASS="COMMAND" ->testparm</B -></A -></DT -><DT ->1.6. <A -HREF="install.html#AEN89" ->Starting the smbd and nmbd</A -></DT -><DD -><DL -><DT ->1.6.1. <A -HREF="install.html#AEN99" ->Starting from inetd.conf</A -></DT -><DT ->1.6.2. <A -HREF="install.html#AEN128" ->Alternative: starting it as a daemon</A -></DT -></DL -></DD -><DT ->1.7. <A -HREF="install.html#AEN144" ->Try listing the shares available on your - server</A -></DT -><DT ->1.8. <A -HREF="install.html#AEN153" ->Try connecting with the unix client</A -></DT -><DT ->1.9. <A -HREF="install.html#AEN169" ->Try connecting from a DOS, WfWg, Win9x, WinNT, - Win2k, OS/2, etc... client</A -></DT -><DT ->1.10. <A -HREF="install.html#AEN183" ->What If Things Don't Work?</A -></DT -><DD -><DL -><DT ->1.10.1. <A -HREF="install.html#AEN188" ->Diagnosing Problems</A -></DT -><DT ->1.10.2. <A -HREF="install.html#AEN192" ->Scope IDs</A -></DT -><DT ->1.10.3. <A -HREF="install.html#AEN195" ->Choosing the Protocol Level</A -></DT -><DT ->1.10.4. <A -HREF="install.html#AEN204" ->Printing from UNIX to a Client PC</A -></DT -><DT ->1.10.5. <A -HREF="install.html#AEN209" ->Locking</A -></DT -><DT ->1.10.6. <A -HREF="install.html#AEN218" ->Mapping Usernames</A -></DT -></DL -></DD -></DL -></DD -><DT ->2. <A -HREF="improved-browsing.html" ->Improved browsing in samba</A -></DT -><DD -><DL -><DT ->2.1. <A -HREF="improved-browsing.html#AEN228" ->Overview of browsing</A -></DT -><DT ->2.2. <A -HREF="improved-browsing.html#AEN232" ->Browsing support in samba</A -></DT -><DT ->2.3. <A -HREF="improved-browsing.html#AEN241" ->Problem resolution</A -></DT -><DT ->2.4. <A -HREF="improved-browsing.html#AEN248" ->Browsing across subnets</A -></DT -><DD -><DL -><DT ->2.4.1. <A -HREF="improved-browsing.html#AEN253" ->How does cross subnet browsing work ?</A -></DT -></DL -></DD -><DT ->2.5. <A -HREF="improved-browsing.html#AEN288" ->Setting up a WINS server</A -></DT -><DT ->2.6. <A -HREF="improved-browsing.html#AEN307" ->Setting up Browsing in a WORKGROUP</A -></DT -><DT ->2.7. <A -HREF="improved-browsing.html#AEN325" ->Setting up Browsing in a DOMAIN</A -></DT -><DT ->2.8. <A -HREF="improved-browsing.html#AEN335" ->Forcing samba to be the master</A -></DT -><DT ->2.9. <A -HREF="improved-browsing.html#AEN344" ->Making samba the domain master</A -></DT -><DT ->2.10. <A -HREF="improved-browsing.html#AEN362" ->Note about broadcast addresses</A -></DT -><DT ->2.11. <A -HREF="improved-browsing.html#AEN365" ->Multiple interfaces</A -></DT -></DL -></DD -><DT ->3. <A -HREF="oplocks.html" ->Oplocks</A -></DT -><DD -><DL -><DT ->3.1. <A -HREF="oplocks.html#AEN377" ->What are oplocks?</A -></DT -></DL -></DD -><DT ->4. <A -HREF="browsing-quick.html" ->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A -></DT -><DD -><DL -><DT ->4.1. <A -HREF="browsing-quick.html#AEN392" ->Discussion</A -></DT -><DT ->4.2. <A -HREF="browsing-quick.html#AEN400" ->Use of the "Remote Announce" parameter</A -></DT -><DT ->4.3. <A -HREF="browsing-quick.html#AEN414" ->Use of the "Remote Browse Sync" parameter</A -></DT -><DT ->4.4. <A -HREF="browsing-quick.html#AEN419" ->Use of WINS</A -></DT -><DT ->4.5. <A -HREF="browsing-quick.html#AEN430" ->Do NOT use more than one (1) protocol on MS Windows machines</A -></DT -><DT ->4.6. <A -HREF="browsing-quick.html#AEN436" ->Name Resolution Order</A -></DT -></DL -></DD -><DT ->5. <A -HREF="pwencrypt.html" ->LanMan and NT Password Encryption in Samba</A -></DT -><DD -><DL -><DT ->5.1. <A -HREF="pwencrypt.html#AEN472" ->Introduction</A -></DT -><DT ->5.2. <A -HREF="pwencrypt.html#AEN477" ->Important Notes About Security</A -></DT -><DD -><DL -><DT ->5.2.1. <A -HREF="pwencrypt.html#AEN496" ->Advantages of SMB Encryption</A -></DT -><DT ->5.2.2. <A -HREF="pwencrypt.html#AEN503" ->Advantages of non-encrypted passwords</A -></DT -></DL -></DD -><DT ->5.3. <A -HREF="pwencrypt.html#AEN512" ->The smbpasswd Command</A -></DT -></DL -></DD -></DL -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="install.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->SAMBA Project Documentation</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->How to Install and Test SAMBA</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/p3106.html b/docs/htmldocs/p3106.html deleted file mode 100644 index 9967d8fb594..00000000000 --- a/docs/htmldocs/p3106.html +++ /dev/null @@ -1,391 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Appendixes</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="PREVIOUS" -TITLE="Samba performance issues" -HREF="speed.html"><LINK -REL="NEXT" -TITLE="Portability" -HREF="portability.html"></HEAD -><BODY -CLASS="PART" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="speed.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="portability.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="PART" -><A -NAME="AEN3106" -></A -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" ->IV. Appendixes</H1 -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->23. <A -HREF="portability.html" ->Portability</A -></DT -><DD -><DL -><DT ->23.1. <A -HREF="portability.html#AEN3115" ->HPUX</A -></DT -><DT ->23.2. <A -HREF="portability.html#AEN3121" ->SCO Unix</A -></DT -><DT ->23.3. <A -HREF="portability.html#AEN3125" ->DNIX</A -></DT -><DT ->23.4. <A -HREF="portability.html#AEN3154" ->RedHat Linux Rembrandt-II</A -></DT -></DL -></DD -><DT ->24. <A -HREF="other-clients.html" ->Samba and other CIFS clients</A -></DT -><DD -><DL -><DT ->24.1. <A -HREF="other-clients.html#AEN3175" ->Macintosh clients?</A -></DT -><DT ->24.2. <A -HREF="other-clients.html#AEN3184" ->OS2 Client</A -></DT -><DD -><DL -><DT ->24.2.1. <A -HREF="other-clients.html#AEN3186" ->How can I configure OS/2 Warp Connect or - OS/2 Warp 4 as a client for Samba?</A -></DT -><DT ->24.2.2. <A -HREF="other-clients.html#AEN3201" ->How can I configure OS/2 Warp 3 (not Connect), - OS/2 1.2, 1.3 or 2.x for Samba?</A -></DT -><DT ->24.2.3. <A -HREF="other-clients.html#AEN3210" ->Are there any other issues when OS/2 (any version) - is used as a client?</A -></DT -><DT ->24.2.4. <A -HREF="other-clients.html#AEN3214" ->How do I get printer driver download working - for OS/2 clients?</A -></DT -></DL -></DD -><DT ->24.3. <A -HREF="other-clients.html#AEN3224" ->Windows for Workgroups</A -></DT -><DD -><DL -><DT ->24.3.1. <A -HREF="other-clients.html#AEN3226" ->Use latest TCP/IP stack from Microsoft</A -></DT -><DT ->24.3.2. <A -HREF="other-clients.html#AEN3231" ->Delete .pwl files after password change</A -></DT -><DT ->24.3.3. <A -HREF="other-clients.html#AEN3236" ->Configure WfW password handling</A -></DT -><DT ->24.3.4. <A -HREF="other-clients.html#AEN3240" ->Case handling of passwords</A -></DT -></DL -></DD -><DT ->24.4. <A -HREF="other-clients.html#AEN3245" ->Windows '95/'98</A -></DT -><DT ->24.5. <A -HREF="other-clients.html#AEN3261" ->Windows 2000 Service Pack 2</A -></DT -></DL -></DD -><DT ->25. <A -HREF="bugreport.html" ->Reporting Bugs</A -></DT -><DD -><DL -><DT ->25.1. <A -HREF="bugreport.html#AEN3285" ->Introduction</A -></DT -><DT ->25.2. <A -HREF="bugreport.html#AEN3295" ->General info</A -></DT -><DT ->25.3. <A -HREF="bugreport.html#AEN3301" ->Debug levels</A -></DT -><DT ->25.4. <A -HREF="bugreport.html#AEN3318" ->Internal errors</A -></DT -><DT ->25.5. <A -HREF="bugreport.html#AEN3328" ->Attaching to a running process</A -></DT -><DT ->25.6. <A -HREF="bugreport.html#AEN3331" ->Patches</A -></DT -></DL -></DD -><DT ->26. <A -HREF="diagnosis.html" ->Diagnosing your samba server</A -></DT -><DD -><DL -><DT ->26.1. <A -HREF="diagnosis.html#AEN3354" ->Introduction</A -></DT -><DT ->26.2. <A -HREF="diagnosis.html#AEN3359" ->Assumptions</A -></DT -><DT ->26.3. <A -HREF="diagnosis.html#AEN3369" ->Tests</A -></DT -><DD -><DL -><DT ->26.3.1. <A -HREF="diagnosis.html#AEN3371" ->Test 1</A -></DT -><DT ->26.3.2. <A -HREF="diagnosis.html#AEN3377" ->Test 2</A -></DT -><DT ->26.3.3. <A -HREF="diagnosis.html#AEN3383" ->Test 3</A -></DT -><DT ->26.3.4. <A -HREF="diagnosis.html#AEN3398" ->Test 4</A -></DT -><DT ->26.3.5. <A -HREF="diagnosis.html#AEN3403" ->Test 5</A -></DT -><DT ->26.3.6. <A -HREF="diagnosis.html#AEN3409" ->Test 6</A -></DT -><DT ->26.3.7. <A -HREF="diagnosis.html#AEN3417" ->Test 7</A -></DT -><DT ->26.3.8. <A -HREF="diagnosis.html#AEN3443" ->Test 8</A -></DT -><DT ->26.3.9. <A -HREF="diagnosis.html#AEN3460" ->Test 9</A -></DT -><DT ->26.3.10. <A -HREF="diagnosis.html#AEN3468" ->Test 10</A -></DT -><DT ->26.3.11. <A -HREF="diagnosis.html#AEN3474" ->Test 11</A -></DT -></DL -></DD -><DT ->26.4. <A -HREF="diagnosis.html#AEN3479" ->Still having troubles?</A -></DT -></DL -></DD -></DL -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="speed.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="portability.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Samba performance issues</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Portability</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/p544.html b/docs/htmldocs/p544.html deleted file mode 100644 index 502d978b5f8..00000000000 --- a/docs/htmldocs/p544.html +++ /dev/null @@ -1,388 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Type of installation</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="PREVIOUS" -TITLE="LanMan and NT Password Encryption in Samba" -HREF="pwencrypt.html"><LINK -REL="NEXT" -TITLE="How to Configure Samba as a NT4 Primary Domain Controller" -HREF="samba-pdc.html"></HEAD -><BODY -CLASS="PART" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="pwencrypt.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="samba-pdc.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="PART" -><A -NAME="AEN544" -></A -><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" ->II. Type of installation</H1 -><DIV -CLASS="PARTINTRO" -><A -NAME="AEN546" -></A -><H1 ->Introduction</H1 -><P ->This part contains information on using samba in a (NT 4 or ADS) domain. -If you wish to run samba as a domain member or DC, read the appropriate chapter in -this part.</P -></DIV -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->6. <A -HREF="samba-pdc.html" ->How to Configure Samba as a NT4 Primary Domain Controller</A -></DT -><DD -><DL -><DT ->6.1. <A -HREF="samba-pdc.html#AEN566" ->Prerequisite Reading</A -></DT -><DT ->6.2. <A -HREF="samba-pdc.html#AEN572" ->Background</A -></DT -><DT ->6.3. <A -HREF="samba-pdc.html#AEN611" ->Configuring the Samba Domain Controller</A -></DT -><DT ->6.4. <A -HREF="samba-pdc.html#AEN654" ->Creating Machine Trust Accounts and Joining Clients to the -Domain</A -></DT -><DD -><DL -><DT ->6.4.1. <A -HREF="samba-pdc.html#AEN673" ->Manual Creation of Machine Trust Accounts</A -></DT -><DT ->6.4.2. <A -HREF="samba-pdc.html#AEN714" ->"On-the-Fly" Creation of Machine Trust Accounts</A -></DT -><DT ->6.4.3. <A -HREF="samba-pdc.html#AEN723" ->Joining the Client to the Domain</A -></DT -></DL -></DD -><DT ->6.5. <A -HREF="samba-pdc.html#AEN738" ->Common Problems and Errors</A -></DT -><DT ->6.6. <A -HREF="samba-pdc.html#AEN786" ->System Policies and Profiles</A -></DT -><DT ->6.7. <A -HREF="samba-pdc.html#AEN830" ->What other help can I get?</A -></DT -><DT ->6.8. <A -HREF="samba-pdc.html#AEN944" ->Domain Control for Windows 9x/ME</A -></DT -><DD -><DL -><DT ->6.8.1. <A -HREF="samba-pdc.html#AEN970" ->Configuration Instructions: Network Logons</A -></DT -><DT ->6.8.2. <A -HREF="samba-pdc.html#AEN989" ->Configuration Instructions: Setting up Roaming User Profiles</A -></DT -></DL -></DD -><DT ->6.9. <A -HREF="samba-pdc.html#AEN1082" ->DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A -></DT -></DL -></DD -><DT ->7. <A -HREF="samba-bdc.html" ->How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A -></DT -><DD -><DL -><DT ->7.1. <A -HREF="samba-bdc.html#AEN1118" ->Prerequisite Reading</A -></DT -><DT ->7.2. <A -HREF="samba-bdc.html#AEN1122" ->Background</A -></DT -><DT ->7.3. <A -HREF="samba-bdc.html#AEN1130" ->What qualifies a Domain Controller on the network?</A -></DT -><DD -><DL -><DT ->7.3.1. <A -HREF="samba-bdc.html#AEN1133" ->How does a Workstation find its domain controller?</A -></DT -><DT ->7.3.2. <A -HREF="samba-bdc.html#AEN1136" ->When is the PDC needed?</A -></DT -></DL -></DD -><DT ->7.4. <A -HREF="samba-bdc.html#AEN1139" ->Can Samba be a Backup Domain Controller?</A -></DT -><DT ->7.5. <A -HREF="samba-bdc.html#AEN1143" ->How do I set up a Samba BDC?</A -></DT -><DD -><DL -><DT ->7.5.1. <A -HREF="samba-bdc.html#AEN1160" ->How do I replicate the smbpasswd file?</A -></DT -></DL -></DD -></DL -></DD -><DT ->8. <A -HREF="ads.html" ->Samba as a ADS domain member</A -></DT -><DD -><DL -><DT ->8.1. <A -HREF="ads.html#AEN1178" ->Installing the required packages for Debian</A -></DT -><DT ->8.2. <A -HREF="ads.html#AEN1184" ->Installing the required packages for RedHat</A -></DT -><DT ->8.3. <A -HREF="ads.html#AEN1193" ->Compile Samba</A -></DT -><DT ->8.4. <A -HREF="ads.html#AEN1205" ->Setup your /etc/krb5.conf</A -></DT -><DT ->8.5. <A -HREF="ads.html#AEN1215" ->Create the computer account</A -></DT -><DD -><DL -><DT ->8.5.1. <A -HREF="ads.html#AEN1219" ->Possible errors</A -></DT -></DL -></DD -><DT ->8.6. <A -HREF="ads.html#AEN1231" ->Test your server setup</A -></DT -><DT ->8.7. <A -HREF="ads.html#AEN1236" ->Testing with smbclient</A -></DT -><DT ->8.8. <A -HREF="ads.html#AEN1239" ->Notes</A -></DT -></DL -></DD -><DT ->9. <A -HREF="domain-security.html" ->Samba as a NT4 domain member</A -></DT -><DD -><DL -><DT ->9.1. <A -HREF="domain-security.html#AEN1261" ->Joining an NT Domain with Samba 2.2</A -></DT -><DT ->9.2. <A -HREF="domain-security.html#AEN1325" ->Samba and Windows 2000 Domains</A -></DT -><DT ->9.3. <A -HREF="domain-security.html#AEN1330" ->Why is this better than security = server?</A -></DT -></DL -></DD -></DL -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="pwencrypt.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="samba-pdc.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->LanMan and NT Password Encryption in Samba</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->How to Configure Samba as a NT4 Primary Domain Controller</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/pdb-mysql.html b/docs/htmldocs/pdb-mysql.html deleted file mode 100644 index abca946f6f1..00000000000 --- a/docs/htmldocs/pdb-mysql.html +++ /dev/null @@ -1,288 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Passdb MySQL plugin</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Unified Logons between Windows NT and UNIX using Winbind" -HREF="winbind.html"><LINK -REL="NEXT" -TITLE="Passdb XML plugin" -HREF="pdb-xml.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="winbind.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="pdb-xml.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="PDB-MYSQL">Chapter 16. Passdb MySQL plugin</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2566">16.1. Building</H1 -><P ->To build the plugin, run <B -CLASS="COMMAND" ->make bin/pdb_mysql.so</B -> -in the <TT -CLASS="FILENAME" ->source/</TT -> directory of samba distribution. </P -><P ->Next, copy pdb_mysql.so to any location you want. I -strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2572">16.2. Configuring</H1 -><P ->This plugin lacks some good documentation, but here is some short info:</P -><P ->Add a the following to the <B -CLASS="COMMAND" ->passdb backend</B -> variable in your <TT -CLASS="FILENAME" ->smb.conf</TT ->: -<PRE -CLASS="PROGRAMLISTING" ->passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins]</PRE -></P -><P ->The identifier can be any string you like, as long as it doesn't collide with -the identifiers of other plugins or other instances of pdb_mysql. If you -specify multiple pdb_mysql.so entries in 'passdb backend', you also need to -use different identifiers!</P -><P ->Additional options can be given thru the smb.conf file in the [global] section.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->identifier:mysql host - host name, defaults to 'localhost' -identifier:mysql password -identifier:mysql user - defaults to 'samba' -identifier:mysql database - defaults to 'samba' -identifier:mysql port - defaults to 3306 -identifier:table - Name of the table containing users</PRE -></P -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->WARNING: since the password for the mysql user is stored in the -smb.conf file, you should make the the smb.conf file -readable only to the user that runs samba. This is considered a security -bug and will be fixed soon.</I -></SPAN -></P -><P ->Names of the columns in this table(I've added column types those columns should have first):</P -><P -><PRE -CLASS="PROGRAMLISTING" ->identifier:logon time column - int(9) -identifier:logoff time column - int(9) -identifier:kickoff time column - int(9) -identifier:pass last set time column - int(9) -identifier:pass can change time column - int(9) -identifier:pass must change time column - int(9) -identifier:username column - varchar(255) - unix username -identifier:domain column - varchar(255) - NT domain user is part of -identifier:nt username column - varchar(255) - NT username -identifier:fullname column - varchar(255) - Full name of user -identifier:home dir column - varchar(255) - Unix homedir path -identifier:dir drive column - varchar(2) - Directory drive path (eg: 'H:') -identifier:logon script column - varchar(255) - Batch file to run on client side when logging on -identifier:profile path column - varchar(255) - Path of profile -identifier:acct desc column - varchar(255) - Some ASCII NT user data -identifier:workstations column - varchar(255) - Workstations user can logon to (or NULL for all) -identifier:unknown string column - varchar(255) - unknown string -identifier:munged dial column - varchar(255) - ? -identifier:uid column - int(9) - Unix user ID (uid) -identifier:gid column - int(9) - Unix user group (gid) -identifier:user sid column - varchar(255) - NT user SID -identifier:group sid column - varchar(255) - NT group ID -identifier:lanman pass column - varchar(255) - encrypted lanman password -identifier:nt pass column - varchar(255) - encrypted nt passwd -identifier:plain pass column - varchar(255) - plaintext password -identifier:acct control column - int(9) - nt user data -identifier:unknown 3 column - int(9) - unknown -identifier:logon divs column - int(9) - ? -identifier:hours len column - int(9) - ? -identifier:unknown 5 column - int(9) - unknown -identifier:unknown 6 column - int(9) - unknown</PRE -></P -><P ->Eventually, you can put a colon (:) after the name of each column, which -should specify the column to update when updating the table. You can also -specify nothing behind the colon - then the data from the field will not be -updated. </P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2589">16.3. Using plaintext passwords or encrypted password</H1 -><P ->I strongly discourage the use of plaintext passwords, however, you can use them:</P -><P ->If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. </P -><P ->If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2594">16.4. Getting non-column data from the table</H1 -><P ->It is possible to have not all data in the database and making some 'constant'.</P -><P ->For example, you can set 'identifier:fullname column' to : -<B -CLASS="COMMAND" ->CONCAT(First_name,' ',Sur_name)</B -></P -><P ->Or, set 'identifier:workstations column' to : -<B -CLASS="COMMAND" ->NULL</B -></P -><P ->See the MySQL documentation for more language constructs.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="winbind.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="pdb-xml.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Unified Logons between Windows NT and UNIX using Winbind</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Passdb XML plugin</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/pdb-xml.html b/docs/htmldocs/pdb-xml.html deleted file mode 100644 index 4d300d7be01..00000000000 --- a/docs/htmldocs/pdb-xml.html +++ /dev/null @@ -1,184 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Passdb XML plugin</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Passdb MySQL plugin" -HREF="pdb-mysql.html"><LINK -REL="NEXT" -TITLE="Stackable VFS modules" -HREF="vfs.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="pdb-mysql.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="vfs.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="PDB-XML">Chapter 17. Passdb XML plugin</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2613">17.1. Building</H1 -><P ->This module requires libxml2 to be installed.</P -><P ->To build pdb_xml, run: <B -CLASS="COMMAND" ->make bin/pdb_xml.so</B -> in -the directory <TT -CLASS="FILENAME" ->source/</TT ->. </P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2619">17.2. Usage</H1 -><P ->The usage of pdb_xml is pretty straightforward. To export data, use: - -<B -CLASS="COMMAND" ->pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</B -> - -(where filename is the name of the file to put the data in)</P -><P ->To import data, use: -<B -CLASS="COMMAND" ->pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</B -> - -Where filename is the name to read the data from and current-pdb to put it in.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="pdb-mysql.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="vfs.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Passdb MySQL plugin</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Stackable VFS modules</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/portability.html b/docs/htmldocs/portability.html deleted file mode 100644 index 424fbe5c6ca..00000000000 --- a/docs/htmldocs/portability.html +++ /dev/null @@ -1,316 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Portability</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Appendixes" -HREF="appendixes.html"><LINK -REL="PREVIOUS" -TITLE="Appendixes" -HREF="appendixes.html"><LINK -REL="NEXT" -TITLE="Samba and other CIFS clients" -HREF="other-clients.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="appendixes.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="other-clients.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="PORTABILITY">Chapter 23. Portability</H1 -><P ->Samba works on a wide range of platforms but the interface all the -platforms provide is not always compatible. This chapter contains -platform-specific information about compiling and using samba.</P -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3139">23.1. HPUX</H1 -><P ->HP's implementation of supplementary groups is, er, non-standard (for -hysterical reasons). There are two group files, /etc/group and -/etc/logingroup; the system maps UIDs to numbers using the former, but -initgroups() reads the latter. Most system admins who know the ropes -symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons -too stupid to go into here). initgroups() will complain if one of the -groups you're in in /etc/logingroup has what it considers to be an invalid -ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think) -60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody' -GIDs.</P -><P ->If you encounter this problem, make sure that the programs that are failing -to initgroups() be run as users not in any groups with GIDs outside the -allowed range.</P -><P ->This is documented in the HP manual pages under setgroups(2) and passwd(4).</P -><P ->On HPUX you must use gcc or the HP Ansi compiler. The free compiler -that comes with HP-UX is not Ansi compliant and cannot compile -Samba.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3145">23.2. SCO Unix</H1 -><P -> -If you run an old version of SCO Unix then you may need to get important -TCP/IP patches for Samba to work correctly. Without the patch, you may -encounter corrupt data transfers using samba.</P -><P ->The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3149">23.3. DNIX</H1 -><P ->DNIX has a problem with seteuid() and setegid(). These routines are -needed for Samba to work correctly, but they were left out of the DNIX -C library for some reason.</P -><P ->For this reason Samba by default defines the macro NO_EID in the DNIX -section of includes.h. This works around the problem in a limited way, -but it is far from ideal, some things still won't work right.</P -><P -> -To fix the problem properly you need to assemble the following two -functions and then either add them to your C library or link them into -Samba.</P -><P -> -put this in the file <TT -CLASS="FILENAME" ->setegid.s</TT ->:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> .globl _setegid -_setegid: - moveq #47,d0 - movl #100,a0 - moveq #1,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts</PRE -></P -><P ->put this in the file <TT -CLASS="FILENAME" ->seteuid.s</TT ->:</P -><P -><PRE -CLASS="PROGRAMLISTING" -> .globl _seteuid -_seteuid: - moveq #47,d0 - movl #100,a0 - moveq #0,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts</PRE -></P -><P ->after creating the above files you then assemble them using</P -><P -><B -CLASS="COMMAND" ->as seteuid.s</B -></P -><P -><B -CLASS="COMMAND" ->as setegid.s</B -></P -><P ->that should produce the files <TT -CLASS="FILENAME" ->seteuid.o</TT -> and -<TT -CLASS="FILENAME" ->setegid.o</TT -></P -><P ->then you need to add these to the LIBSM line in the DNIX section of -the Samba Makefile. Your LIBSM line will then look something like this:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->LIBSM = setegid.o seteuid.o -ln</PRE -></P -><P -> -You should then remove the line:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->#define NO_EID</PRE -></P -><P ->from the DNIX section of <TT -CLASS="FILENAME" ->includes.h</TT -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN3178">23.4. RedHat Linux Rembrandt-II</H1 -><P ->By default RedHat Rembrandt-II during installation adds an -entry to /etc/hosts as follows: -<PRE -CLASS="PROGRAMLISTING" -> 127.0.0.1 loopback "hostname"."domainname"</PRE -></P -><P ->This causes Samba to loop back onto the loopback interface. -The result is that Samba fails to communicate correctly with -the world and therefor may fail to correctly negotiate who -is the master browse list holder and who is the master browser.</P -><P ->Corrective Action: Delete the entry after the word loopback - in the line starting 127.0.0.1</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="appendixes.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="other-clients.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Appendixes</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="appendixes.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Samba and other CIFS clients</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/pwencrypt.html b/docs/htmldocs/pwencrypt.html deleted file mode 100644 index 9414399bf4d..00000000000 --- a/docs/htmldocs/pwencrypt.html +++ /dev/null @@ -1,434 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->LanMan and NT Password Encryption in Samba</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="General installation" -HREF="introduction.html"><LINK -REL="PREVIOUS" -TITLE="Quick Cross Subnet Browsing / Cross Workgroup Browsing guide" -HREF="browsing-quick.html"><LINK -REL="NEXT" -TITLE="Type of installation" -HREF="type.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="browsing-quick.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="type.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="PWENCRYPT">Chapter 4. LanMan and NT Password Encryption in Samba</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN457">4.1. Introduction</H1 -><P ->Newer windows clients send encrypted passwords over - the wire, instead of plain text passwords. The newest clients - will only send encrypted passwords and refuse to send plain text - passwords, unless their registry is tweaked.</P -><P ->These passwords can't be converted to unix style encrypted - passwords. Because of that you can't use the standard unix - user database, and you have to store the Lanman and NT hashes - somewhere else. For more information, see the documentation - about the <B -CLASS="COMMAND" ->passdb backend = </B -> parameter. - </P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN462">4.2. Important Notes About Security</H1 -><P ->The unix and SMB password encryption techniques seem similar - on the surface. This similarity is, however, only skin deep. The unix - scheme typically sends clear text passwords over the network when - logging in. This is bad. The SMB encryption scheme never sends the - cleartext password over the network but it does store the 16 byte - hashed values on disk. This is also bad. Why? Because the 16 byte hashed - values are a "password equivalent". You cannot derive the user's - password from them, but they could potentially be used in a modified - client to gain access to a server. This would require considerable - technical knowledge on behalf of the attacker but is perfectly possible. - You should thus treat the smbpasswd file as though it contained the - cleartext passwords of all your users. Its contents must be kept - secret, and the file should be protected accordingly.</P -><P ->Ideally we would like a password scheme which neither requires - plain text passwords on the net or on disk. Unfortunately this - is not available as Samba is stuck with being compatible with - other SMB systems (WinNT, WfWg, Win95 etc). </P -><DIV -CLASS="WARNING" -><P -></P -><TABLE -CLASS="WARNING" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="../images/warning.gif" -HSPACE="5" -ALT="Warning"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->Note that Windows NT 4.0 Service pack 3 changed the - default for permissible authentication so that plaintext - passwords are <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->never</I -></SPAN -> sent over the wire. - The solution to this is either to switch to encrypted passwords - with Samba or edit the Windows NT registry to re-enable plaintext - passwords. See the document WinNT.txt for details on how to do - this.</P -><P ->Other Microsoft operating systems which also exhibit - this behavior includes</P -><P -></P -><UL -><LI -><P ->MS DOS Network client 3.0 with - the basic network redirector installed</P -></LI -><LI -><P ->Windows 95 with the network redirector - update installed</P -></LI -><LI -><P ->Windows 98 [se]</P -></LI -><LI -><P ->Windows 2000</P -></LI -></UL -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Note :</I -></SPAN ->All current release of - Microsoft SMB/CIFS clients support authentication via the - SMB Challenge/Response mechanism described here. Enabling - clear text authentication does not disable the ability - of the client to participate in encrypted authentication.</P -></TD -></TR -></TABLE -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN481">4.2.1. Advantages of SMB Encryption</H2 -><P -></P -><UL -><LI -><P ->plain text passwords are not passed across - the network. Someone using a network sniffer cannot just - record passwords going to the SMB server.</P -></LI -><LI -><P ->WinNT doesn't like talking to a server - that isn't using SMB encrypted passwords. It will refuse - to browse the server if the server is also in user level - security mode. It will insist on prompting the user for the - password on each connection, which is very annoying. The - only things you can do to stop this is to use SMB encryption. - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN488">4.2.2. Advantages of non-encrypted passwords</H2 -><P -></P -><UL -><LI -><P ->plain text passwords are not kept - on disk. </P -></LI -><LI -><P ->uses same password file as other unix - services such as login and ftp</P -></LI -><LI -><P ->you are probably already using other - services (such as telnet and ftp) which send plain text - passwords over the net, so sending them for SMB isn't - such a big deal.</P -></LI -></UL -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN497">4.3. The smbpasswd Command</H1 -><P ->The smbpasswd command maintains the two 32 byte password fields - in the smbpasswd file. If you wish to make it similar to the unix - <B -CLASS="COMMAND" ->passwd</B -> or <B -CLASS="COMMAND" ->yppasswd</B -> programs, - install it in <TT -CLASS="FILENAME" ->/usr/local/samba/bin/</TT -> (or your - main Samba binary directory).</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> now works in a client-server mode - where it contacts the local smbd to change the user's password on its - behalf. This has enormous benefits - as follows.</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> now has the capability - to change passwords on Windows NT servers (this only works when - the request is sent to the NT Primary Domain Controller if you - are changing an NT Domain user's password).</P -><P ->To run smbpasswd as a normal user just type :</P -><P -><TT -CLASS="PROMPT" ->$ </TT -><TT -CLASS="USERINPUT" -><B ->smbpasswd</B -></TT -></P -><P -><TT -CLASS="PROMPT" ->Old SMB password: </TT -><TT -CLASS="USERINPUT" -><B -><type old value here - - or hit return if there was no old password></B -></TT -></P -><P -><TT -CLASS="PROMPT" ->New SMB Password: </TT -><TT -CLASS="USERINPUT" -><B -><type new value> - </B -></TT -></P -><P -><TT -CLASS="PROMPT" ->Repeat New SMB Password: </TT -><TT -CLASS="USERINPUT" -><B -><re-type new value - </B -></TT -></P -><P ->If the old value does not match the current value stored for - that user, or the two new values do not match each other, then the - password will not be changed.</P -><P ->If invoked by an ordinary user it will only allow the user - to change his or her own Samba password.</P -><P ->If run by the root user smbpasswd may take an optional - argument, specifying the user name whose SMB password you wish to - change. Note that when run as root smbpasswd does not prompt for - or check the old password value, thus allowing root to set passwords - for users who have forgotten their passwords.</P -><P -><B -CLASS="COMMAND" ->smbpasswd</B -> is designed to work in the same way - and be familiar to UNIX users who use the <B -CLASS="COMMAND" ->passwd</B -> or - <B -CLASS="COMMAND" ->yppasswd</B -> commands.</P -><P ->For more details on using <B -CLASS="COMMAND" ->smbpasswd</B -> refer - to the man page which will always be the definitive reference.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="browsing-quick.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="type.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="introduction.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Type of installation</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/samba-howto-collection.html b/docs/htmldocs/samba-howto-collection.html deleted file mode 100644 index 0062e257dcc..00000000000 --- a/docs/htmldocs/samba-howto-collection.html +++ /dev/null @@ -1,1076 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->SAMBA Project Documentation</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="NEXT" -TITLE="General installation" -HREF="introduction.html"></HEAD -><BODY -CLASS="BOOK" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="BOOK" -><A -NAME="SAMBA-HOWTO-COLLECTION"><DIV -CLASS="TITLEPAGE" -><H1 -CLASS="TITLE" -><A -NAME="SAMBA-HOWTO-COLLECTION">SAMBA Project Documentation</H1 -><H3 -CLASS="AUTHOR" -><A -NAME="AEN4">SAMBA Team</H3 -><HR></DIV -><H1 -><A -NAME="AEN8">Abstract</H1 -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Last Update</I -></SPAN -> : Wed Jan 15</P -><P ->This book is a collection of HOWTOs added to Samba documentation over the years. -I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. The most recent version of this document -can be found at <A -HREF="http://www.samba.org/" -TARGET="_top" ->http://www.samba.org/</A -> -on the "Documentation" page. Please send updates to <A -HREF="mailto:jerry@samba.org" -TARGET="_top" ->jerry@samba.org</A -> or -<A -HREF="mailto:jelmer@samba.org" -TARGET="_top" ->jelmer@samba.org</A ->.</P -><P ->This documentation is distributed under the GNU General Public License (GPL) -version 2. A copy of the license is included with the Samba source -distribution. A copy can be found on-line at <A -HREF="http://www.fsf.org/licenses/gpl.txt" -TARGET="_top" ->http://www.fsf.org/licenses/gpl.txt</A -></P -><P ->Cheers, jerry</P -><DIV -CLASS="TOC" -><DL -><DT -><B ->Table of Contents</B -></DT -><DT ->I. <A -HREF="introduction.html" ->General installation</A -></DT -><DD -><DL -><DT ->1. <A -HREF="install.html" ->How to Install and Test SAMBA</A -></DT -><DD -><DL -><DT ->1.1. <A -HREF="install.html#AEN26" ->Read the man pages</A -></DT -><DT ->1.2. <A -HREF="install.html#AEN36" ->Building the Binaries</A -></DT -><DT ->1.3. <A -HREF="install.html#AEN64" ->The all important step</A -></DT -><DT ->1.4. <A -HREF="install.html#AEN68" ->Create the smb configuration file.</A -></DT -><DT ->1.5. <A -HREF="install.html#AEN82" ->Test your config file with - <B -CLASS="COMMAND" ->testparm</B -></A -></DT -><DT ->1.6. <A -HREF="install.html#AEN90" ->Starting the smbd and nmbd</A -></DT -><DT ->1.7. <A -HREF="install.html#AEN145" ->Try listing the shares available on your - server</A -></DT -><DT ->1.8. <A -HREF="install.html#AEN154" ->Try connecting with the unix client</A -></DT -><DT ->1.9. <A -HREF="install.html#AEN170" ->Try connecting from a DOS, WfWg, Win9x, WinNT, - Win2k, OS/2, etc... client</A -></DT -><DT ->1.10. <A -HREF="install.html#AEN184" ->What If Things Don't Work?</A -></DT -></DL -></DD -><DT ->2. <A -HREF="improved-browsing.html" ->Improved browsing in samba</A -></DT -><DD -><DL -><DT ->2.1. <A -HREF="improved-browsing.html#AEN229" ->Overview of browsing</A -></DT -><DT ->2.2. <A -HREF="improved-browsing.html#AEN233" ->Browsing support in samba</A -></DT -><DT ->2.3. <A -HREF="improved-browsing.html#AEN242" ->Problem resolution</A -></DT -><DT ->2.4. <A -HREF="improved-browsing.html#AEN249" ->Browsing across subnets</A -></DT -><DT ->2.5. <A -HREF="improved-browsing.html#AEN289" ->Setting up a WINS server</A -></DT -><DT ->2.6. <A -HREF="improved-browsing.html#AEN308" ->Setting up Browsing in a WORKGROUP</A -></DT -><DT ->2.7. <A -HREF="improved-browsing.html#AEN326" ->Setting up Browsing in a DOMAIN</A -></DT -><DT ->2.8. <A -HREF="improved-browsing.html#AEN336" ->Forcing samba to be the master</A -></DT -><DT ->2.9. <A -HREF="improved-browsing.html#AEN345" ->Making samba the domain master</A -></DT -><DT ->2.10. <A -HREF="improved-browsing.html#AEN363" ->Note about broadcast addresses</A -></DT -><DT ->2.11. <A -HREF="improved-browsing.html#AEN366" ->Multiple interfaces</A -></DT -></DL -></DD -><DT ->3. <A -HREF="browsing-quick.html" ->Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A -></DT -><DD -><DL -><DT ->3.1. <A -HREF="browsing-quick.html#AEN377" ->Discussion</A -></DT -><DT ->3.2. <A -HREF="browsing-quick.html#AEN385" ->Use of the "Remote Announce" parameter</A -></DT -><DT ->3.3. <A -HREF="browsing-quick.html#AEN399" ->Use of the "Remote Browse Sync" parameter</A -></DT -><DT ->3.4. <A -HREF="browsing-quick.html#AEN404" ->Use of WINS</A -></DT -><DT ->3.5. <A -HREF="browsing-quick.html#AEN415" ->Do NOT use more than one (1) protocol on MS Windows machines</A -></DT -><DT ->3.6. <A -HREF="browsing-quick.html#AEN421" ->Name Resolution Order</A -></DT -></DL -></DD -><DT ->4. <A -HREF="pwencrypt.html" ->LanMan and NT Password Encryption in Samba</A -></DT -><DD -><DL -><DT ->4.1. <A -HREF="pwencrypt.html#AEN457" ->Introduction</A -></DT -><DT ->4.2. <A -HREF="pwencrypt.html#AEN462" ->Important Notes About Security</A -></DT -><DT ->4.3. <A -HREF="pwencrypt.html#AEN497" ->The smbpasswd Command</A -></DT -></DL -></DD -></DL -></DD -><DT ->II. <A -HREF="type.html" ->Type of installation</A -></DT -><DD -><DL -><DT ->5. <A -HREF="securitylevels.html" ->User and Share security level (for servers not in a domain)</A -></DT -><DT ->6. <A -HREF="samba-pdc.html" ->How to Configure Samba as a NT4 Primary Domain Controller</A -></DT -><DD -><DL -><DT ->6.1. <A -HREF="samba-pdc.html#AEN575" ->Prerequisite Reading</A -></DT -><DT ->6.2. <A -HREF="samba-pdc.html#AEN581" ->Background</A -></DT -><DT ->6.3. <A -HREF="samba-pdc.html#AEN620" ->Configuring the Samba Domain Controller</A -></DT -><DT ->6.4. <A -HREF="samba-pdc.html#AEN663" ->Creating Machine Trust Accounts and Joining Clients to the -Domain</A -></DT -><DT ->6.5. <A -HREF="samba-pdc.html#AEN747" ->Common Problems and Errors</A -></DT -><DT ->6.6. <A -HREF="samba-pdc.html#AEN795" ->System Policies and Profiles</A -></DT -><DT ->6.7. <A -HREF="samba-pdc.html#AEN839" ->What other help can I get?</A -></DT -><DT ->6.8. <A -HREF="samba-pdc.html#AEN953" ->Domain Control for Windows 9x/ME</A -></DT -><DT ->6.9. <A -HREF="samba-pdc.html#AEN1091" ->DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A -></DT -></DL -></DD -><DT ->7. <A -HREF="samba-bdc.html" ->How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A -></DT -><DD -><DL -><DT ->7.1. <A -HREF="samba-bdc.html#AEN1127" ->Prerequisite Reading</A -></DT -><DT ->7.2. <A -HREF="samba-bdc.html#AEN1131" ->Background</A -></DT -><DT ->7.3. <A -HREF="samba-bdc.html#AEN1139" ->What qualifies a Domain Controller on the network?</A -></DT -><DT ->7.4. <A -HREF="samba-bdc.html#AEN1148" ->Can Samba be a Backup Domain Controller?</A -></DT -><DT ->7.5. <A -HREF="samba-bdc.html#AEN1152" ->How do I set up a Samba BDC?</A -></DT -></DL -></DD -><DT ->8. <A -HREF="ads.html" ->Samba as a ADS domain member</A -></DT -><DD -><DL -><DT ->8.1. <A -HREF="ads.html#AEN1187" ->Installing the required packages for Debian</A -></DT -><DT ->8.2. <A -HREF="ads.html#AEN1193" ->Installing the required packages for RedHat</A -></DT -><DT ->8.3. <A -HREF="ads.html#AEN1202" ->Compile Samba</A -></DT -><DT ->8.4. <A -HREF="ads.html#AEN1217" ->Setup your /etc/krb5.conf</A -></DT -><DT ->8.5. <A -HREF="ads.html#AEN1227" ->Create the computer account</A -></DT -><DT ->8.6. <A -HREF="ads.html#AEN1243" ->Test your server setup</A -></DT -><DT ->8.7. <A -HREF="ads.html#AEN1248" ->Testing with smbclient</A -></DT -><DT ->8.8. <A -HREF="ads.html#AEN1251" ->Notes</A -></DT -></DL -></DD -><DT ->9. <A -HREF="domain-security.html" ->Samba as a NT4 domain member</A -></DT -><DD -><DL -><DT ->9.1. <A -HREF="domain-security.html#AEN1273" ->Joining an NT Domain with Samba 2.2</A -></DT -><DT ->9.2. <A -HREF="domain-security.html#AEN1337" ->Samba and Windows 2000 Domains</A -></DT -><DT ->9.3. <A -HREF="domain-security.html#AEN1342" ->Why is this better than security = server?</A -></DT -></DL -></DD -></DL -></DD -><DT ->III. <A -HREF="optional.html" ->Optional configuration</A -></DT -><DD -><DL -><DT ->10. <A -HREF="integrate-ms-networks.html" ->Integrating MS Windows networks with Samba</A -></DT -><DD -><DL -><DT ->10.1. <A -HREF="integrate-ms-networks.html#AEN1374" ->Agenda</A -></DT -><DT ->10.2. <A -HREF="integrate-ms-networks.html#AEN1396" ->Name Resolution in a pure Unix/Linux world</A -></DT -><DT ->10.3. <A -HREF="integrate-ms-networks.html#AEN1459" ->Name resolution as used within MS Windows networking</A -></DT -><DT ->10.4. <A -HREF="integrate-ms-networks.html#AEN1504" ->How browsing functions and how to deploy stable and -dependable browsing using Samba</A -></DT -><DT ->10.5. <A -HREF="integrate-ms-networks.html#AEN1514" ->MS Windows security options and how to configure -Samba for seemless integration</A -></DT -><DT ->10.6. <A -HREF="integrate-ms-networks.html#AEN1584" ->Conclusions</A -></DT -></DL -></DD -><DT ->11. <A -HREF="unix-permissions.html" ->UNIX Permission Bits and Windows NT Access Control Lists</A -></DT -><DD -><DL -><DT ->11.1. <A -HREF="unix-permissions.html#AEN1605" ->Viewing and changing UNIX permissions using the NT - security dialogs</A -></DT -><DT ->11.2. <A -HREF="unix-permissions.html#AEN1614" ->How to view file security on a Samba share</A -></DT -><DT ->11.3. <A -HREF="unix-permissions.html#AEN1625" ->Viewing file ownership</A -></DT -><DT ->11.4. <A -HREF="unix-permissions.html#AEN1645" ->Viewing file or directory permissions</A -></DT -><DT ->11.5. <A -HREF="unix-permissions.html#AEN1681" ->Modifying file or directory permissions</A -></DT -><DT ->11.6. <A -HREF="unix-permissions.html#AEN1703" ->Interaction with the standard Samba create mask - parameters</A -></DT -><DT ->11.7. <A -HREF="unix-permissions.html#AEN1767" ->Interaction with the standard Samba file attribute - mapping</A -></DT -></DL -></DD -><DT ->12. <A -HREF="pam.html" ->Configuring PAM for distributed but centrally -managed authentication</A -></DT -><DD -><DL -><DT ->12.1. <A -HREF="pam.html#AEN1788" ->Samba and PAM</A -></DT -><DT ->12.2. <A -HREF="pam.html#AEN1832" ->Distributed Authentication</A -></DT -><DT ->12.3. <A -HREF="pam.html#AEN1839" ->PAM Configuration in smb.conf</A -></DT -></DL -></DD -><DT ->13. <A -HREF="msdfs.html" ->Hosting a Microsoft Distributed File System tree on Samba</A -></DT -><DD -><DL -><DT ->13.1. <A -HREF="msdfs.html#AEN1859" ->Instructions</A -></DT -></DL -></DD -><DT ->14. <A -HREF="printing.html" ->Printing Support</A -></DT -><DD -><DL -><DT ->14.1. <A -HREF="printing.html#AEN1920" ->Introduction</A -></DT -><DT ->14.2. <A -HREF="printing.html#AEN1942" ->Configuration</A -></DT -><DT ->14.3. <A -HREF="printing.html#AEN2050" ->The Imprints Toolset</A -></DT -><DT ->14.4. <A -HREF="printing.html#AEN2093" ->Diagnosis</A -></DT -></DL -></DD -><DT ->15. <A -HREF="winbind.html" ->Unified Logons between Windows NT and UNIX using Winbind</A -></DT -><DD -><DL -><DT ->15.1. <A -HREF="winbind.html#AEN2225" ->Abstract</A -></DT -><DT ->15.2. <A -HREF="winbind.html#AEN2229" ->Introduction</A -></DT -><DT ->15.3. <A -HREF="winbind.html#AEN2242" ->What Winbind Provides</A -></DT -><DT ->15.4. <A -HREF="winbind.html#AEN2253" ->How Winbind Works</A -></DT -><DT ->15.5. <A -HREF="winbind.html#AEN2293" ->Installation and Configuration</A -></DT -><DT ->15.6. <A -HREF="winbind.html#AEN2542" ->Limitations</A -></DT -><DT ->15.7. <A -HREF="winbind.html#AEN2552" ->Conclusion</A -></DT -></DL -></DD -><DT ->16. <A -HREF="pdb-mysql.html" ->Passdb MySQL plugin</A -></DT -><DD -><DL -><DT ->16.1. <A -HREF="pdb-mysql.html#AEN2566" ->Building</A -></DT -><DT ->16.2. <A -HREF="pdb-mysql.html#AEN2572" ->Configuring</A -></DT -><DT ->16.3. <A -HREF="pdb-mysql.html#AEN2589" ->Using plaintext passwords or encrypted password</A -></DT -><DT ->16.4. <A -HREF="pdb-mysql.html#AEN2594" ->Getting non-column data from the table</A -></DT -></DL -></DD -><DT ->17. <A -HREF="pdb-xml.html" ->Passdb XML plugin</A -></DT -><DD -><DL -><DT ->17.1. <A -HREF="pdb-xml.html#AEN2613" ->Building</A -></DT -><DT ->17.2. <A -HREF="pdb-xml.html#AEN2619" ->Usage</A -></DT -></DL -></DD -><DT ->18. <A -HREF="vfs.html" ->Stackable VFS modules</A -></DT -><DD -><DL -><DT ->18.1. <A -HREF="vfs.html#AEN2640" ->Introduction and configuration</A -></DT -><DT ->18.2. <A -HREF="vfs.html#AEN2649" ->Included modules</A -></DT -><DT ->18.3. <A -HREF="vfs.html#AEN2703" ->VFS modules available elsewhere</A -></DT -></DL -></DD -><DT ->19. <A -HREF="samba-ldap-howto.html" ->Storing Samba's User/Machine Account information in an LDAP Directory</A -></DT -><DD -><DL -><DT ->19.1. <A -HREF="samba-ldap-howto.html#AEN2737" ->Purpose</A -></DT -><DT ->19.2. <A -HREF="samba-ldap-howto.html#AEN2757" ->Introduction</A -></DT -><DT ->19.3. <A -HREF="samba-ldap-howto.html#AEN2786" ->Supported LDAP Servers</A -></DT -><DT ->19.4. <A -HREF="samba-ldap-howto.html#AEN2791" ->Schema and Relationship to the RFC 2307 posixAccount</A -></DT -><DT ->19.5. <A -HREF="samba-ldap-howto.html#AEN2803" ->Configuring Samba with LDAP</A -></DT -><DT ->19.6. <A -HREF="samba-ldap-howto.html#AEN2850" ->Accounts and Groups management</A -></DT -><DT ->19.7. <A -HREF="samba-ldap-howto.html#AEN2855" ->Security and sambaAccount</A -></DT -><DT ->19.8. <A -HREF="samba-ldap-howto.html#AEN2875" ->LDAP specials attributes for sambaAccounts</A -></DT -><DT ->19.9. <A -HREF="samba-ldap-howto.html#AEN2945" ->Example LDIF Entries for a sambaAccount</A -></DT -><DT ->19.10. <A -HREF="samba-ldap-howto.html#AEN2953" ->Comments</A -></DT -></DL -></DD -><DT ->20. <A -HREF="cvs-access.html" ->HOWTO Access Samba source code via CVS</A -></DT -><DD -><DL -><DT ->20.1. <A -HREF="cvs-access.html#AEN2964" ->Introduction</A -></DT -><DT ->20.2. <A -HREF="cvs-access.html#AEN2969" ->CVS Access to samba.org</A -></DT -></DL -></DD -><DT ->21. <A -HREF="groupmapping.html" ->Group mapping HOWTO</A -></DT -><DT ->22. <A -HREF="speed.html" ->Samba performance issues</A -></DT -><DD -><DL -><DT ->22.1. <A -HREF="speed.html#AEN3055" ->Comparisons</A -></DT -><DT ->22.2. <A -HREF="speed.html#AEN3061" ->Socket options</A -></DT -><DT ->22.3. <A -HREF="speed.html#AEN3068" ->Read size</A -></DT -><DT ->22.4. <A -HREF="speed.html#AEN3073" ->Max xmit</A -></DT -><DT ->22.5. <A -HREF="speed.html#AEN3078" ->Log level</A -></DT -><DT ->22.6. <A -HREF="speed.html#AEN3081" ->Read raw</A -></DT -><DT ->22.7. <A -HREF="speed.html#AEN3086" ->Write raw</A -></DT -><DT ->22.8. <A -HREF="speed.html#AEN3090" ->Slow Clients</A -></DT -><DT ->22.9. <A -HREF="speed.html#AEN3094" ->Slow Logins</A -></DT -><DT ->22.10. <A -HREF="speed.html#AEN3097" ->Client tuning</A -></DT -></DL -></DD -></DL -></DD -><DT ->IV. <A -HREF="appendixes.html" ->Appendixes</A -></DT -><DD -><DL -><DT ->23. <A -HREF="portability.html" ->Portability</A -></DT -><DD -><DL -><DT ->23.1. <A -HREF="portability.html#AEN3139" ->HPUX</A -></DT -><DT ->23.2. <A -HREF="portability.html#AEN3145" ->SCO Unix</A -></DT -><DT ->23.3. <A -HREF="portability.html#AEN3149" ->DNIX</A -></DT -><DT ->23.4. <A -HREF="portability.html#AEN3178" ->RedHat Linux Rembrandt-II</A -></DT -></DL -></DD -><DT ->24. <A -HREF="other-clients.html" ->Samba and other CIFS clients</A -></DT -><DD -><DL -><DT ->24.1. <A -HREF="other-clients.html#AEN3199" ->Macintosh clients?</A -></DT -><DT ->24.2. <A -HREF="other-clients.html#AEN3208" ->OS2 Client</A -></DT -><DT ->24.3. <A -HREF="other-clients.html#AEN3248" ->Windows for Workgroups</A -></DT -><DT ->24.4. <A -HREF="other-clients.html#AEN3269" ->Windows '95/'98</A -></DT -><DT ->24.5. <A -HREF="other-clients.html#AEN3285" ->Windows 2000 Service Pack 2</A -></DT -></DL -></DD -><DT ->25. <A -HREF="bugreport.html" ->Reporting Bugs</A -></DT -><DD -><DL -><DT ->25.1. <A -HREF="bugreport.html#AEN3309" ->Introduction</A -></DT -><DT ->25.2. <A -HREF="bugreport.html#AEN3319" ->General info</A -></DT -><DT ->25.3. <A -HREF="bugreport.html#AEN3325" ->Debug levels</A -></DT -><DT ->25.4. <A -HREF="bugreport.html#AEN3342" ->Internal errors</A -></DT -><DT ->25.5. <A -HREF="bugreport.html#AEN3352" ->Attaching to a running process</A -></DT -><DT ->25.6. <A -HREF="bugreport.html#AEN3355" ->Patches</A -></DT -></DL -></DD -><DT ->26. <A -HREF="diagnosis.html" ->Diagnosing your samba server</A -></DT -><DD -><DL -><DT ->26.1. <A -HREF="diagnosis.html#AEN3378" ->Introduction</A -></DT -><DT ->26.2. <A -HREF="diagnosis.html#AEN3383" ->Assumptions</A -></DT -><DT ->26.3. <A -HREF="diagnosis.html#AEN3393" ->Tests</A -></DT -><DT ->26.4. <A -HREF="diagnosis.html#AEN3503" ->Still having troubles?</A -></DT -></DL -></DD -></DL -></DD -></DL -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -> </TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="introduction.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -> </TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -> </TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->General installation</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/samba-ldap-howto.html b/docs/htmldocs/samba-ldap-howto.html deleted file mode 100644 index 884bb756c10..00000000000 --- a/docs/htmldocs/samba-ldap-howto.html +++ /dev/null @@ -1,986 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Storing Samba's User/Machine Account information in an LDAP Directory</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Stackable VFS modules" -HREF="vfs.html"><LINK -REL="NEXT" -TITLE="HOWTO Access Samba source code via CVS" -HREF="cvs-access.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="vfs.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="cvs-access.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="SAMBA-LDAP-HOWTO">Chapter 19. Storing Samba's User/Machine Account information in an LDAP Directory</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2737">19.1. Purpose</H1 -><P ->This document describes how to use an LDAP directory for storing Samba user -account information traditionally stored in the smbpasswd(5) file. It is -assumed that the reader already has a basic understanding of LDAP concepts -and has a working directory server already installed. For more information -on LDAP architectures and Directories, please refer to the following sites.</P -><P -></P -><UL -><LI -><P ->OpenLDAP - <A -HREF="http://www.openldap.org/" -TARGET="_top" ->http://www.openldap.org/</A -></P -></LI -><LI -><P ->iPlanet Directory Server - <A -HREF="http://iplanet.netscape.com/directory" -TARGET="_top" ->http://iplanet.netscape.com/directory</A -></P -></LI -></UL -><P ->Note that <A -HREF="http://www.ora.com/" -TARGET="_top" ->O'Reilly Publishing</A -> is working on -a guide to LDAP for System Administrators which has a planned release date of -early summer, 2002.</P -><P ->Two additional Samba resources which may prove to be helpful are</P -><P -></P -><UL -><LI -><P ->The <A -HREF="http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html" -TARGET="_top" ->Samba-PDC-LDAP-HOWTO</A -> - maintained by Ignacio Coupeau.</P -></LI -><LI -><P ->The NT migration scripts from <A -HREF="http://samba.idealx.org/" -TARGET="_top" ->IDEALX</A -> that are - geared to manage users and group in such a Samba-LDAP Domain Controller configuration. - </P -></LI -></UL -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2757">19.2. Introduction</H1 -><P ->Traditionally, when configuring <A -HREF="smb.conf.5.html#ENCRYPTPASSWORDS" -TARGET="_top" ->"encrypt -passwords = yes"</A -> in Samba's <TT -CLASS="FILENAME" ->smb.conf</TT -> file, user account -information such as username, LM/NT password hashes, password change times, and account -flags have been stored in the <TT -CLASS="FILENAME" ->smbpasswd(5)</TT -> file. There are several -disadvantages to this approach for sites with very large numbers of users (counted -in the thousands).</P -><P -></P -><UL -><LI -><P ->The first is that all lookups must be performed sequentially. Given that -there are approximately two lookups per domain logon (one for a normal -session connection such as when mapping a network drive or printer), this -is a performance bottleneck for lareg sites. What is needed is an indexed approach -such as is used in databases.</P -></LI -><LI -><P ->The second problem is that administrators who desired to replicate a -smbpasswd file to more than one Samba server were left to use external -tools such as <B -CLASS="COMMAND" ->rsync(1)</B -> and <B -CLASS="COMMAND" ->ssh(1)</B -> -and wrote custom, in-house scripts.</P -></LI -><LI -><P ->And finally, the amount of information which is stored in an -smbpasswd entry leaves no room for additional attributes such as -a home directory, password expiration time, or even a Relative -Identified (RID).</P -></LI -></UL -><P ->As a result of these defeciencies, a more robust means of storing user attributes -used by smbd was developed. The API which defines access to user accounts -is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support -for a samdb backend (e.g. <TT -CLASS="PARAMETER" -><I ->--with-ldapsam</I -></TT -> or -<TT -CLASS="PARAMETER" -><I ->--with-tdbsam</I -></TT ->) requires compile time support.</P -><P ->When compiling Samba to include the <TT -CLASS="PARAMETER" -><I ->--with-ldapsam</I -></TT -> autoconf -option, smbd (and associated tools) will store and lookup user accounts in -an LDAP directory. In reality, this is very easy to understand. If you are -comfortable with using an smbpasswd file, simply replace "smbpasswd" with -"LDAP directory" in all the documentation.</P -><P ->There are a few points to stress about what the <TT -CLASS="PARAMETER" -><I ->--with-ldapsam</I -></TT -> -does not provide. The LDAP support referred to in the this documentation does not -include:</P -><P -></P -><UL -><LI -><P ->A means of retrieving user account information from - an Windows 2000 Active Directory server.</P -></LI -><LI -><P ->A means of replacing /etc/passwd.</P -></LI -></UL -><P ->The second item can be accomplished by using LDAP NSS and PAM modules. LGPL -versions of these libraries can be obtained from PADL Software -(<A -HREF="http://www.padl.com/" -TARGET="_top" ->http://www.padl.com/</A ->). However, -the details of configuring these packages are beyond the scope of this document.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2786">19.3. Supported LDAP Servers</H1 -><P ->The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP -2.0 server and client libraries. The same code should be able to work with -Netscape's Directory Server and client SDK. However, due to lack of testing -so far, there are bound to be compile errors and bugs. These should not be -hard to fix. If you are so inclined, please be sure to forward all patches to -<A -HREF="samba-patches@samba.org" -TARGET="_top" ->samba-patches@samba.org</A -> and -<A -HREF="jerry@samba.org" -TARGET="_top" ->jerry@samba.org</A ->.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2791">19.4. Schema and Relationship to the RFC 2307 posixAccount</H1 -><P ->Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in -<TT -CLASS="FILENAME" ->examples/LDAP/samba.schema</TT ->. (Note that this schema -file has been modified since the experimental support initially included -in 2.2.2). The sambaAccount objectclass is given here:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL - DESC 'Samba Account' - MUST ( uid $ rid ) - MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ - logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ - displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ - description $ userWorkstations $ primaryGroupID $ domain ))</PRE -></P -><P ->The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are -owned by the Samba Team and as such is legal to be openly published. -If you translate the schema to be used with Netscape DS, please -submit the modified schema file as a patch to <A -HREF="jerry@samba.org" -TARGET="_top" ->jerry@samba.org</A -></P -><P ->Just as the smbpasswd file is mean to store information which supplements a -user's <TT -CLASS="FILENAME" ->/etc/passwd</TT -> entry, so is the sambaAccount object -meant to supplement the UNIX user account information. A sambaAccount is a -<TT -CLASS="CONSTANT" ->STRUCTURAL</TT -> objectclass so it can be stored individually -in the directory. However, there are several fields (e.g. uid) which overlap -with the posixAccount objectclass outlined in RFC2307. This is by design.</P -><P ->In order to store all user account information (UNIX and Samba) in the directory, -it is necessary to use the sambaAccount and posixAccount objectclasses in -combination. However, smbd will still obtain the user's UNIX account -information via the standard C library calls (e.g. getpwnam(), et. al.). -This means that the Samba server must also have the LDAP NSS library installed -and functioning correctly. This division of information makes it possible to -store all Samba account information in LDAP, but still maintain UNIX account -information in NIS while the network is transitioning to a full LDAP infrastructure.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2803">19.5. Configuring Samba with LDAP</H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2805">19.5.1. OpenLDAP configuration</H2 -><P ->To include support for the sambaAccount object in an OpenLDAP directory -server, first copy the samba.schema file to slapd's configuration directory.</P -><P -><TT -CLASS="PROMPT" ->root# </TT -><B -CLASS="COMMAND" ->cp samba.schema /etc/openldap/schema/</B -></P -><P ->Next, include the <TT -CLASS="FILENAME" ->samba.schema</TT -> file in <TT -CLASS="FILENAME" ->slapd.conf</TT ->. -The sambaAccount object contains two attributes which depend upon other schema -files. The 'uid' attribute is defined in <TT -CLASS="FILENAME" ->cosine.schema</TT -> and -the 'displayName' attribute is defined in the <TT -CLASS="FILENAME" ->inetorgperson.schema</TT -> -file. Both of these must be included before the <TT -CLASS="FILENAME" ->samba.schema</TT -> file.</P -><P -><PRE -CLASS="PROGRAMLISTING" ->## /etc/openldap/slapd.conf - -## schema files (core.schema is required by default) -include /etc/openldap/schema/core.schema - -## needed for sambaAccount -include /etc/openldap/schema/cosine.schema -include /etc/openldap/schema/inetorgperson.schema -include /etc/openldap/schema/samba.schema - -## uncomment this line if you want to support the RFC2307 (NIS) schema -## include /etc/openldap/schema/nis.schema - -....</PRE -></P -><P ->It is recommended that you maintain some indices on some of the most usefull attributes, -like in the following example, to speed up searches made on sambaAccount objectclasses -(and possibly posixAccount and posixGroup as well).</P -><P -><PRE -CLASS="PROGRAMLISTING" -># Indices to maintain -## required by OpenLDAP 2.0 -index objectclass eq - -## support pb_getsampwnam() -index uid pres,eq -## support pdb_getsambapwrid() -index rid eq - -## uncomment these if you are storing posixAccount and -## posixGroup entries in the directory as well -##index uidNumber eq -##index gidNumber eq -##index cn eq -##index memberUid eq</PRE -></P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2822">19.5.2. Configuring Samba</H2 -><P ->The following parameters are available in smb.conf only with <TT -CLASS="PARAMETER" -><I ->--with-ldapsam</I -></TT -> -was included with compiling Samba.</P -><P -></P -><UL -><LI -><P -><A -HREF="smb.conf.5.html#LDAPSSL" -TARGET="_top" ->ldap ssl</A -></P -></LI -><LI -><P -><A -HREF="smb.conf.5.html#LDAPSERVER" -TARGET="_top" ->ldap server</A -></P -></LI -><LI -><P -><A -HREF="smb.conf.5.html#LDAPADMINDN" -TARGET="_top" ->ldap admin dn</A -></P -></LI -><LI -><P -><A -HREF="smb.conf.5.html#LDAPSUFFIX" -TARGET="_top" ->ldap suffix</A -></P -></LI -><LI -><P -><A -HREF="smb.conf.5.html#LDAPFILTER" -TARGET="_top" ->ldap filter</A -></P -></LI -><LI -><P -><A -HREF="smb.conf.5.html#LDAPPORT" -TARGET="_top" ->ldap port</A -></P -></LI -></UL -><P ->These are described in the <A -HREF="smb.conf.5.html" -TARGET="_top" ->smb.conf(5)</A -> man -page and so will not be repeated here. However, a sample smb.conf file for -use with an LDAP directory could appear as</P -><P -><PRE -CLASS="PROGRAMLISTING" ->## /usr/local/samba/lib/smb.conf -[global] - security = user - encrypt passwords = yes - - netbios name = TASHTEGO - workgroup = NARNIA - - # ldap related parameters - - # define the DN to use when binding to the directory servers - # The password for this DN is not stored in smb.conf. Rather it - # must be set by using 'smbpasswd -w <TT -CLASS="REPLACEABLE" -><I ->secretpw</I -></TT ->' to store the - # passphrase in the secrets.tdb file. If the "ldap admin dn" values - # changes, this password will need to be reset. - ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org" - - # specify the LDAP server's hostname (defaults to locahost) - ldap server = ahab.samba.org - - # Define the SSL option when connecting to the directory - # ('off', 'start tls', or 'on' (default)) - ldap ssl = start tls - - # define the port to use in the LDAP session (defaults to 636 when - # "ldap ssl = on") - ldap port = 389 - - # specify the base DN to use when searching the directory - ldap suffix = "ou=people,dc=samba,dc=org" - - # generally the default ldap search filter is ok - # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"</PRE -></P -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2850">19.6. Accounts and Groups management</H1 -><P ->As users accounts are managed thru the sambaAccount objectclass, you should -modify you existing administration tools to deal with sambaAccount attributes.</P -><P ->Machines accounts are managed with the sambaAccount objectclass, just -like users accounts. However, it's up to you to stored thoses accounts -in a different tree of you LDAP namespace: you should use -"ou=Groups,dc=plainjoe,dc=org" to store groups and -"ou=People,dc=plainjoe,dc=org" to store users. Just configure your -NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration -file).</P -><P ->In Samba release 2.2.3, the group management system is based on posix -groups. This meand that Samba make usage of the posixGroup objectclass. -For now, there is no NT-like group system management (global and local -groups).</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2855">19.7. Security and sambaAccount</H1 -><P ->There are two important points to remember when discussing the security -of sambaAccount entries in the directory.</P -><P -></P -><UL -><LI -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Never</I -></SPAN -> retrieve the lmPassword or - ntPassword attribute values over an unencrypted LDAP session.</P -></LI -><LI -><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Never</I -></SPAN -> allow non-admin users to - view the lmPassword or ntPassword attribute values.</P -></LI -></UL -><P ->These password hashes are clear text equivalents and can be used to impersonate -the user without deriving the original clear text strings. For more information -on the details of LM/NT password hashes, refer to the <A -HREF="ENCRYPTION.html" -TARGET="_top" ->ENCRYPTION chapter</A -> of the Samba-HOWTO-Collection.</P -><P ->To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults -to require an encrypted session (<B -CLASS="COMMAND" ->ldap ssl = on</B ->) using -the default port of 636 -when contacting the directory server. When using an OpenLDAP 2.0 server, it -is possible to use the use the StartTLS LDAP extended operation in the place of -LDAPS. In either case, you are strongly discouraged to disable this security -(<B -CLASS="COMMAND" ->ldap ssl = off</B ->).</P -><P ->Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS -extended operation. However, the OpenLDAP library still provides support for -the older method of securing communication between clients and servers.</P -><P ->The second security precaution is to prevent non-administrative users from -harvesting password hashes from the directory. This can be done using the -following ACL in <TT -CLASS="FILENAME" ->slapd.conf</TT ->:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->## allow the "ldap admin dn" access, but deny everyone else -access to attrs=lmPassword,ntPassword - by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write - by * none</PRE -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2875">19.8. LDAP specials attributes for sambaAccounts</H1 -><P ->The sambaAccount objectclass is composed of the following attributes:</P -><P -></P -><UL -><LI -><P -><TT -CLASS="CONSTANT" ->lmPassword</TT ->: the LANMAN password 16-byte hash stored as a character - representation of a hexidecimal string.</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->ntPassword</TT ->: the NT password hash 16-byte stored as a character - representation of a hexidecimal string.</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->pwdLastSet</TT ->: The integer time in seconds since 1970 when the - <TT -CLASS="CONSTANT" ->lmPassword</TT -> and <TT -CLASS="CONSTANT" ->ntPassword</TT -> attributes were last set. - </P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->acctFlags</TT ->: string of 11 characters surrounded by square brackets [] - representing account flags such as U (user), W(workstation), X(no password expiration), and - D(disabled).</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->logonTime</TT ->: Integer value currently unused</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->logoffTime</TT ->: Integer value currently unused</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->kickoffTime</TT ->: Integer value currently unused</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->pwdCanChange</TT ->: Integer value currently unused</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->pwdMustChange</TT ->: Integer value currently unused</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->homeDrive</TT ->: specifies the drive letter to which to map the - UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" - where X is the letter of the drive to map. Refer to the "logon drive" parameter in the - smb.conf(5) man page for more information.</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->scriptPath</TT ->: The scriptPath property specifies the path of - the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path - is relative to the netlogon share. Refer to the "logon script" parameter in the - smb.conf(5) man page for more information.</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->profilePath</TT ->: specifies a path to the user's profile. - This value can be a null string, a local absolute path, or a UNC path. Refer to the - "logon path" parameter in the smb.conf(5) man page for more information.</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->smbHome</TT ->: The homeDirectory property specifies the path of - the home directory for the user. The string can be null. If homeDrive is set and specifies - a drive letter, homeDirectory should be a UNC path. The path must be a network - UNC path of the form \\server\share\directory. This value can be a null string. - Refer to the "logon home" parameter in the smb.conf(5) man page for more information. - </P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->userWorkstation</TT ->: character string value currently unused. - </P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->rid</TT ->: the integer representation of the user's relative identifier - (RID).</P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->primaryGroupID</TT ->: the relative identifier (RID) of the primary group - of the user.</P -></LI -></UL -><P ->The majority of these parameters are only used when Samba is acting as a PDC of -a domain (refer to the <A -HREF="Samba-PDC-HOWTO.html" -TARGET="_top" ->Samba-PDC-HOWTO</A -> for details on -how to configure Samba as a Primary Domain Controller). The following four attributes -are only stored with the sambaAccount entry if the values are non-default values:</P -><P -></P -><UL -><LI -><P ->smbHome</P -></LI -><LI -><P ->scriptPath</P -></LI -><LI -><P ->logonPath</P -></LI -><LI -><P ->homeDrive</P -></LI -></UL -><P ->These attributes are only stored with the sambaAccount entry if -the values are non-default values. For example, assume TASHTEGO has now been -configured as a PDC and that <B -CLASS="COMMAND" ->logon home = \\%L\%u</B -> was defined in -its <TT -CLASS="FILENAME" ->smb.conf</TT -> file. When a user named "becky" logons to the domain, -the <TT -CLASS="PARAMETER" -><I ->logon home</I -></TT -> string is expanded to \\TASHTEGO\becky. -If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", -this value is used. However, if this attribute does not exist, then the value -of the <TT -CLASS="PARAMETER" -><I ->logon home</I -></TT -> parameter is used in its place. Samba -will only write the attribute value to the directory entry is the value is -something other than the default (e.g. \\MOBY\becky).</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2945">19.9. Example LDIF Entries for a sambaAccount</H1 -><P ->The following is a working LDIF with the inclusion of the posixAccount objectclass:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->dn: uid=guest2, ou=people,dc=plainjoe,dc=org -ntPassword: 878D8014606CDA29677A44EFA1353FC7 -pwdMustChange: 2147483647 -primaryGroupID: 1201 -lmPassword: 552902031BEDE9EFAAD3B435B51404EE -pwdLastSet: 1010179124 -logonTime: 0 -objectClass: sambaAccount -uid: guest2 -kickoffTime: 2147483647 -acctFlags: [UX ] -logoffTime: 2147483647 -rid: 19006 -pwdCanChange: 0</PRE -></P -><P ->The following is an LDIF entry for using both the sambaAccount and -posixAccount objectclasses:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->dn: uid=gcarter, ou=people,dc=plainjoe,dc=org -logonTime: 0 -displayName: Gerald Carter -lmPassword: 552902031BEDE9EFAAD3B435B51404EE -primaryGroupID: 1201 -objectClass: posixAccount -objectClass: sambaAccount -acctFlags: [UX ] -userPassword: {crypt}BpM2ej8Rkzogo -uid: gcarter -uidNumber: 9000 -cn: Gerald Carter -loginShell: /bin/bash -logoffTime: 2147483647 -gidNumber: 100 -kickoffTime: 2147483647 -pwdLastSet: 1010179230 -rid: 19000 -homeDirectory: /home/tashtego/gcarter -pwdCanChange: 0 -pwdMustChange: 2147483647 -ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE -></P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2953">19.10. Comments</H1 -><P ->Please mail all comments regarding this HOWTO to <A -HREF="mailto:jerry@samba.org" -TARGET="_top" ->jerry@samba.org</A ->. This documents was -last updated to reflect the Samba 2.2.3 release. </P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="vfs.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="cvs-access.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Stackable VFS modules</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->HOWTO Access Samba source code via CVS</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/securitylevels.html b/docs/htmldocs/securitylevels.html deleted file mode 100644 index f1b9967540e..00000000000 --- a/docs/htmldocs/securitylevels.html +++ /dev/null @@ -1,234 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->User and Share security level (for servers not in a domain)</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Type of installation" -HREF="type.html"><LINK -REL="PREVIOUS" -TITLE="Type of installation" -HREF="type.html"><LINK -REL="NEXT" -TITLE="How to Configure Samba as a NT4 Primary Domain Controller" -HREF="samba-pdc.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="type.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="samba-pdc.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="SECURITYLEVELS">Chapter 5. User and Share security level (for servers not in a domain)</H1 -><P ->A SMB server tells the client at startup what "security level" it is -running. There are two options "share level" and "user level". Which -of these two the client receives affects the way the client then tries -to authenticate itself. It does not directly affect (to any great -extent) the way the Samba server does security. I know this is -strange, but it fits in with the client/server approach of SMB. In SMB -everything is initiated and controlled by the client, and the server -can only tell the client what is available and whether an action is -allowed. </P -><P ->I'll describe user level security first, as its simpler. In user level -security the client will send a "session setup" command directly after -the protocol negotiation. This contains a username and password. The -server can either accept or reject that username/password -combination. Note that at this stage the server has no idea what -share the client will eventually try to connect to, so it can't base -the "accept/reject" on anything other than:</P -><P -></P -><OL -TYPE="1" -><LI -><P ->the username/password</P -></LI -><LI -><P ->the machine that the client is coming from</P -></LI -></OL -><P ->If the server accepts the username/password then the client expects to -be able to mount any share (using a "tree connection") without -specifying a password. It expects that all access rights will be as -the username/password specified in the "session setup". </P -><P ->It is also possible for a client to send multiple "session setup" -requests. When the server responds it gives the client a "uid" to use -as an authentication tag for that username/password. The client can -maintain multiple authentication contexts in this way (WinDD is an -example of an application that does this)</P -><P ->Ok, now for share level security. In share level security the client -authenticates itself separately for each share. It will send a -password along with each "tree connection" (share mount). It does not -explicitly send a username with this operation. The client is -expecting a password to be associated with each share, independent of -the user. This means that samba has to work out what username the -client probably wants to use. It is never explicitly sent the -username. Some commercial SMB servers such as NT actually associate -passwords directly with shares in share level security, but samba -always uses the unix authentication scheme where it is a -username/password that is authenticated, not a "share/password".</P -><P ->Many clients send a "session setup" even if the server is in share -level security. They normally send a valid username but no -password. Samba records this username in a list of "possible -usernames". When the client then does a "tree connection" it also adds -to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf -line. The password is then checked in turn against these "possible -usernames". If a match is found then the client is authenticated as -that user.</P -><P ->Finally "server level" security. In server level security the samba -server reports to the client that it is in user level security. The -client then does a "session setup" as described earlier. The samba -server takes the username/password that the client sends and attempts -to login to the "password server" by sending exactly the same -username/password that it got from the client. If that server is in -user level security and accepts the password then samba accepts the -clients connection. This allows the samba server to use another SMB -server as the "password server". </P -><P ->You should also note that at the very start of all this, where the -server tells the client what security level it is in, it also tells -the client if it supports encryption. If it does then it supplies the -client with a random "cryptkey". The client will then send all -passwords in encrypted form. You have to compile samba with encryption -enabled to support this feature, and you have to maintain a separate -smbpasswd file with SMB style encrypted passwords. It is -cryptographically impossible to translate from unix style encryption -to SMB style encryption, although there are some fairly simple management -schemes by which the two could be kept in sync.</P -><P ->"security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support.</P -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="type.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="samba-pdc.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Type of installation</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="type.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->How to Configure Samba as a NT4 Primary Domain Controller</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/unix-permissions.html b/docs/htmldocs/unix-permissions.html deleted file mode 100644 index f29d450e6df..00000000000 --- a/docs/htmldocs/unix-permissions.html +++ /dev/null @@ -1,907 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->UNIX Permission Bits and Windows NT Access Control Lists</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Integrating MS Windows networks with Samba" -HREF="integrate-ms-networks.html"><LINK -REL="NEXT" -TITLE="Configuring PAM for distributed but centrally -managed authentication" -HREF="pam.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="integrate-ms-networks.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="pam.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="UNIX-PERMISSIONS">Chapter 11. UNIX Permission Bits and Windows NT Access Control Lists</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1605">11.1. Viewing and changing UNIX permissions using the NT - security dialogs</H1 -><P ->New in the Samba 2.0.4 release is the ability for Windows - NT clients to use their native security settings dialog box to - view and modify the underlying UNIX permissions.</P -><P ->Note that this ability is careful not to compromise - the security of the UNIX host Samba is running on, and - still obeys all the file permission rules that a Samba - administrator can set.</P -><P ->In Samba 2.0.4 and above the default value of the - parameter <A -HREF="smb.conf.5.html#NTACLSUPPORT" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I -> nt acl support</I -></TT -></A -> has been changed from - <TT -CLASS="CONSTANT" ->false</TT -> to <TT -CLASS="CONSTANT" ->true</TT ->, so - manipulation of permissions is turned on by default.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1614">11.2. How to view file security on a Samba share</H1 -><P ->From an NT 4.0 client, single-click with the right - mouse button on any file or directory in a Samba mounted - drive letter or UNC path. When the menu pops-up, click - on the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Properties</I -></SPAN -> entry at the bottom of - the menu. This brings up the normal file properties dialog - box, but with Samba 2.0.4 this will have a new tab along the top - marked <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Security</I -></SPAN ->. Click on this tab and you - will see three buttons, <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Permissions</I -></SPAN ->, - <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Auditing</I -></SPAN ->, and <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Ownership</I -></SPAN ->. - The <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Auditing</I -></SPAN -> button will cause either - an error message <SPAN -CLASS="ERRORNAME" ->A requested privilege is not held - by the client</SPAN -> to appear if the user is not the - NT Administrator, or a dialog which is intended to allow an - Administrator to add auditing requirements to a file if the - user is logged on as the NT Administrator. This dialog is - non-functional with a Samba share at this time, as the only - useful button, the <B -CLASS="COMMAND" ->Add</B -> button will not currently - allow a list of users to be seen.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1625">11.3. Viewing file ownership</H1 -><P ->Clicking on the <B -CLASS="COMMAND" ->"Ownership"</B -> button - brings up a dialog box telling you who owns the given file. The - owner name will be of the form :</P -><P -><B -CLASS="COMMAND" ->"SERVER\user (Long name)"</B -></P -><P ->Where <TT -CLASS="REPLACEABLE" -><I ->SERVER</I -></TT -> is the NetBIOS name of - the Samba server, <TT -CLASS="REPLACEABLE" -><I ->user</I -></TT -> is the user name of - the UNIX user who owns the file, and <TT -CLASS="REPLACEABLE" -><I ->(Long name)</I -></TT -> - is the descriptive string identifying the user (normally found in the - GECOS field of the UNIX password database). Click on the <B -CLASS="COMMAND" ->Close - </B -> button to remove this dialog.</P -><P ->If the parameter <TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -> - is set to <TT -CLASS="CONSTANT" ->false</TT -> then the file owner will - be shown as the NT user <B -CLASS="COMMAND" ->"Everyone"</B ->.</P -><P ->The <B -CLASS="COMMAND" ->Take Ownership</B -> button will not allow - you to change the ownership of this file to yourself (clicking on - it will display a dialog box complaining that the user you are - currently logged onto the NT client cannot be found). The reason - for this is that changing the ownership of a file is a privileged - operation in UNIX, available only to the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->root</I -></SPAN -> - user. As clicking on this button causes NT to attempt to change - the ownership of a file to the current user logged into the NT - client this will not work with Samba at this time.</P -><P ->There is an NT chown command that will work with Samba - and allow a user with Administrator privilege connected - to a Samba 2.0.4 server as root to change the ownership of - files on both a local NTFS filesystem or remote mounted NTFS - or Samba drive. This is available as part of the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->Seclib - </I -></SPAN -> NT security library written by Jeremy Allison of - the Samba Team, available from the main Samba ftp site.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1645">11.4. Viewing file or directory permissions</H1 -><P ->The third button is the <B -CLASS="COMMAND" ->"Permissions"</B -> - button. Clicking on this brings up a dialog box that shows both - the permissions and the UNIX owner of the file or directory. - The owner is displayed in the form :</P -><P -><B -CLASS="COMMAND" ->"SERVER\user (Long name)"</B -></P -><P ->Where <TT -CLASS="REPLACEABLE" -><I ->SERVER</I -></TT -> is the NetBIOS name of - the Samba server, <TT -CLASS="REPLACEABLE" -><I ->user</I -></TT -> is the user name of - the UNIX user who owns the file, and <TT -CLASS="REPLACEABLE" -><I ->(Long name)</I -></TT -> - is the descriptive string identifying the user (normally found in the - GECOS field of the UNIX password database).</P -><P ->If the parameter <TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -> - is set to <TT -CLASS="CONSTANT" ->false</TT -> then the file owner will - be shown as the NT user <B -CLASS="COMMAND" ->"Everyone"</B -> and the - permissions will be shown as NT "Full Control".</P -><P ->The permissions field is displayed differently for files - and directories, so I'll describe the way file permissions - are displayed first.</P -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN1660">11.4.1. File Permissions</H2 -><P ->The standard UNIX user/group/world triple and - the corresponding "read", "write", "execute" permissions - triples are mapped by Samba into a three element NT ACL - with the 'r', 'w', and 'x' bits mapped into the corresponding - NT permissions. The UNIX world permissions are mapped into - the global NT group <B -CLASS="COMMAND" ->Everyone</B ->, followed - by the list of permissions allowed for UNIX world. The UNIX - owner and group permissions are displayed as an NT - <B -CLASS="COMMAND" ->user</B -> icon and an NT <B -CLASS="COMMAND" ->local - group</B -> icon respectively followed by the list - of permissions allowed for the UNIX user and group.</P -><P ->As many UNIX permission sets don't map into common - NT names such as <B -CLASS="COMMAND" ->"read"</B ->, <B -CLASS="COMMAND" -> "change"</B -> or <B -CLASS="COMMAND" ->"full control"</B -> then - usually the permissions will be prefixed by the words <B -CLASS="COMMAND" -> "Special Access"</B -> in the NT display list.</P -><P ->But what happens if the file has no permissions allowed - for a particular UNIX user group or world component ? In order - to allow "no permissions" to be seen and modified then Samba - overloads the NT <B -CLASS="COMMAND" ->"Take Ownership"</B -> ACL attribute - (which has no meaning in UNIX) and reports a component with - no permissions as having the NT <B -CLASS="COMMAND" ->"O"</B -> bit set. - This was chosen of course to make it look like a zero, meaning - zero permissions. More details on the decision behind this will - be given below.</P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN1674">11.4.2. Directory Permissions</H2 -><P ->Directories on an NT NTFS file system have two - different sets of permissions. The first set of permissions - is the ACL set on the directory itself, this is usually displayed - in the first set of parentheses in the normal <B -CLASS="COMMAND" ->"RW"</B -> - NT style. This first set of permissions is created by Samba in - exactly the same way as normal file permissions are, described - above, and is displayed in the same way.</P -><P ->The second set of directory permissions has no real meaning - in the UNIX permissions world and represents the <B -CLASS="COMMAND" -> "inherited"</B -> permissions that any file created within - this directory would inherit.</P -><P ->Samba synthesises these inherited permissions for NT by - returning as an NT ACL the UNIX permission mode that a new file - created by Samba on this share would receive.</P -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1681">11.5. Modifying file or directory permissions</H1 -><P ->Modifying file and directory permissions is as simple - as changing the displayed permissions in the dialog box, and - clicking the <B -CLASS="COMMAND" ->OK</B -> button. However, there are - limitations that a user needs to be aware of, and also interactions - with the standard Samba permission masks and mapping of DOS - attributes that need to also be taken into account.</P -><P ->If the parameter <TT -CLASS="PARAMETER" -><I ->nt acl support</I -></TT -> - is set to <TT -CLASS="CONSTANT" ->false</TT -> then any attempt to set - security permissions will fail with an <B -CLASS="COMMAND" ->"Access Denied" - </B -> message.</P -><P ->The first thing to note is that the <B -CLASS="COMMAND" ->"Add"</B -> - button will not return a list of users in Samba 2.0.4 (it will give - an error message of <B -CLASS="COMMAND" ->"The remote procedure call failed - and did not execute"</B ->). This means that you can only - manipulate the current user/group/world permissions listed in - the dialog box. This actually works quite well as these are the - only permissions that UNIX actually has.</P -><P ->If a permission triple (either user, group, or world) - is removed from the list of permissions in the NT dialog box, - then when the <B -CLASS="COMMAND" ->"OK"</B -> button is pressed it will - be applied as "no permissions" on the UNIX side. If you then - view the permissions again the "no permissions" entry will appear - as the NT <B -CLASS="COMMAND" ->"O"</B -> flag, as described above. This - allows you to add permissions back to a file or directory once - you have removed them from a triple component.</P -><P ->As UNIX supports only the "r", "w" and "x" bits of - an NT ACL then if other NT security attributes such as "Delete - access" are selected then they will be ignored when applied on - the Samba server.</P -><P ->When setting permissions on a directory the second - set of permissions (in the second set of parentheses) is - by default applied to all files within that directory. If this - is not what you want you must uncheck the <B -CLASS="COMMAND" ->"Replace - permissions on existing files"</B -> checkbox in the NT - dialog before clicking <B -CLASS="COMMAND" ->"OK"</B ->.</P -><P ->If you wish to remove all permissions from a - user/group/world component then you may either highlight the - component and click the <B -CLASS="COMMAND" ->"Remove"</B -> button, - or set the component to only have the special <B -CLASS="COMMAND" ->"Take - Ownership"</B -> permission (displayed as <B -CLASS="COMMAND" ->"O" - </B ->) highlighted.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1703">11.6. Interaction with the standard Samba create mask - parameters</H1 -><P ->Note that with Samba 2.0.5 there are four new parameters - to control this interaction. These are :</P -><P -><TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force security mode</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->directory security mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force directory security mode</I -></TT -></P -><P ->Once a user clicks <B -CLASS="COMMAND" ->"OK"</B -> to apply the - permissions Samba maps the given permissions into a user/group/world - r/w/x triple set, and then will check the changed permissions for a - file against the bits set in the <A -HREF="smb.conf.5.html#SECURITYMASK" -TARGET="_top" -> - <TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -></A -> parameter. Any bits that - were changed that are not set to '1' in this parameter are left alone - in the file permissions.</P -><P ->Essentially, zero bits in the <TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -> - mask may be treated as a set of bits the user is <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->not</I -></SPAN -> - allowed to change, and one bits are those the user is allowed to change. - </P -><P ->If not set explicitly this parameter is set to the same value as - the <A -HREF="smb.conf.5.html#CREATEMASK" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I ->create mask - </I -></TT -></A -> parameter to provide compatibility with Samba 2.0.4 - where this permission change facility was introduced. To allow a user to - modify all the user/group/world permissions on a file, set this parameter - to 0777.</P -><P ->Next Samba checks the changed permissions for a file against - the bits set in the <A -HREF="smb.conf.5.html#FORCESECURITYMODE" -TARGET="_top" -> <TT -CLASS="PARAMETER" -><I ->force security mode</I -></TT -></A -> parameter. Any bits - that were changed that correspond to bits set to '1' in this parameter - are forced to be set.</P -><P ->Essentially, bits set in the <TT -CLASS="PARAMETER" -><I ->force security mode - </I -></TT -> parameter may be treated as a set of bits that, when - modifying security on a file, the user has always set to be 'on'.</P -><P ->If not set explicitly this parameter is set to the same value - as the <A -HREF="smb.conf.5.html#FORCECREATEMODE" -TARGET="_top" -><TT -CLASS="PARAMETER" -><I ->force - create mode</I -></TT -></A -> parameter to provide compatibility - with Samba 2.0.4 where the permission change facility was introduced. - To allow a user to modify all the user/group/world permissions on a file - with no restrictions set this parameter to 000.</P -><P ->The <TT -CLASS="PARAMETER" -><I ->security mask</I -></TT -> and <TT -CLASS="PARAMETER" -><I ->force - security mode</I -></TT -> parameters are applied to the change - request in that order.</P -><P ->For a directory Samba will perform the same operations as - described above for a file except using the parameter <TT -CLASS="PARAMETER" -><I -> directory security mask</I -></TT -> instead of <TT -CLASS="PARAMETER" -><I ->security - mask</I -></TT ->, and <TT -CLASS="PARAMETER" -><I ->force directory security mode - </I -></TT -> parameter instead of <TT -CLASS="PARAMETER" -><I ->force security mode - </I -></TT ->.</P -><P ->The <TT -CLASS="PARAMETER" -><I ->directory security mask</I -></TT -> parameter - by default is set to the same value as the <TT -CLASS="PARAMETER" -><I ->directory mask - </I -></TT -> parameter and the <TT -CLASS="PARAMETER" -><I ->force directory security - mode</I -></TT -> parameter by default is set to the same value as - the <TT -CLASS="PARAMETER" -><I ->force directory mode</I -></TT -> parameter to provide - compatibility with Samba 2.0.4 where the permission change facility - was introduced.</P -><P ->In this way Samba enforces the permission restrictions that - an administrator can set on a Samba share, whilst still allowing users - to modify the permission bits within that restriction.</P -><P ->If you want to set up a share that allows users full control - in modifying the permission bits on their files and directories and - doesn't force any particular bits to be set 'on', then set the following - parameters in the <A -HREF="smb.conf.5.html" -TARGET="_top" -><TT -CLASS="FILENAME" ->smb.conf(5) - </TT -></A -> file in that share specific section :</P -><P -><TT -CLASS="PARAMETER" -><I ->security mask = 0777</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force security mode = 0</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->directory security mask = 0777</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force directory security mode = 0</I -></TT -></P -><P ->As described, in Samba 2.0.4 the parameters :</P -><P -><TT -CLASS="PARAMETER" -><I ->create mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force create mode</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->directory mask</I -></TT -></P -><P -><TT -CLASS="PARAMETER" -><I ->force directory mode</I -></TT -></P -><P ->were used instead of the parameters discussed here.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN1767">11.7. Interaction with the standard Samba file attribute - mapping</H1 -><P ->Samba maps some of the DOS attribute bits (such as "read - only") into the UNIX permissions of a file. This means there can - be a conflict between the permission bits set via the security - dialog and the permission bits set by the file attribute mapping. - </P -><P ->One way this can show up is if a file has no UNIX read access - for the owner it will show up as "read only" in the standard - file attributes tabbed dialog. Unfortunately this dialog is - the same one that contains the security info in another tab.</P -><P ->What this can mean is that if the owner changes the permissions - to allow themselves read access using the security dialog, clicks - <B -CLASS="COMMAND" ->"OK"</B -> to get back to the standard attributes tab - dialog, and then clicks <B -CLASS="COMMAND" ->"OK"</B -> on that dialog, then - NT will set the file permissions back to read-only (as that is what - the attributes still say in the dialog). This means that after setting - permissions and clicking <B -CLASS="COMMAND" ->"OK"</B -> to get back to the - attributes dialog you should always hit <B -CLASS="COMMAND" ->"Cancel"</B -> - rather than <B -CLASS="COMMAND" ->"OK"</B -> to ensure that your changes - are not overridden.</P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="integrate-ms-networks.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="pam.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Integrating MS Windows networks with Samba</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Configuring PAM for distributed but centrally -managed authentication</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file diff --git a/docs/htmldocs/vfs.html b/docs/htmldocs/vfs.html deleted file mode 100644 index 11934ae47cb..00000000000 --- a/docs/htmldocs/vfs.html +++ /dev/null @@ -1,389 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<HTML -><HEAD -><TITLE ->Stackable VFS modules</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="SAMBA Project Documentation" -HREF="samba-howto-collection.html"><LINK -REL="UP" -TITLE="Optional configuration" -HREF="optional.html"><LINK -REL="PREVIOUS" -TITLE="Passdb XML plugin" -HREF="pdb-xml.html"><LINK -REL="NEXT" -TITLE="Storing Samba's User/Machine Account information in an LDAP Directory" -HREF="samba-ldap-howto.html"></HEAD -><BODY -CLASS="CHAPTER" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->SAMBA Project Documentation</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="pdb-xml.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" -></TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="samba-ldap-howto.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="CHAPTER" -><H1 -><A -NAME="VFS">Chapter 18. Stackable VFS modules</H1 -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2640">18.1. Introduction and configuration</H1 -><P ->Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. -Samba passes each request to access the unix file system thru the loaded VFS modules. -This chapter covers all the modules that come with the samba source and references to -some external modules.</P -><P ->You may have problems to compile these modules, as shared libraries are -compiled and linked in different ways on different systems. -They currently have been tested against GNU/linux and IRIX.</P -><P ->To use the VFS modules, create a share similar to the one below. The -important parameter is the <B -CLASS="COMMAND" ->vfs object</B -> parameter which must point to -the exact pathname of the shared library objects. For example, to log all access -to files and use a recycle bin: - -<PRE -CLASS="PROGRAMLISTING" -> [audit] - comment = Audited /data directory - path = /data - vfs object = /path/to/audit.so /path/to/recycle.so - writeable = yes - browseable = yes</PRE -></P -><P ->The modules are used in the order they are specified.</P -><P ->Further documentation on writing VFS modules for Samba can be found in -the Samba Developers Guide.</P -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2649">18.2. Included modules</H1 -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2651">18.2.1. audit</H2 -><P ->A simple module to audit file access to the syslog -facility. The following operations are logged: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->share</TD -></TR -><TR -><TD ->connect/disconnect</TD -></TR -><TR -><TD ->directory opens/create/remove</TD -></TR -><TR -><TD ->file open/close/rename/unlink/chmod</TD -></TR -></TBODY -></TABLE -><P -></P -></P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2659">18.2.2. recycle</H2 -><P ->A recycle-bin like modules. When used any unlink call -will be intercepted and files moved to the recycle -directory instead of beeing deleted.</P -><P ->Supported options: -<P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->vfs_recycle_bin:repository</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:keeptree</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:versions</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:touch</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:maxsize</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:exclude</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:exclude_dir</DT -><DD -><P ->FIXME</P -></DD -><DT ->vfs_recycle_bin:noversions</DT -><DD -><P ->FIXME</P -></DD -></DL -></DIV -></P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2696">18.2.3. netatalk</H2 -><P ->A netatalk module, that will ease co-existence of samba and -netatalk file sharing services.</P -><P ->Advantages compared to the old netatalk module: -<P -></P -><TABLE -BORDER="0" -><TBODY -><TR -><TD ->it doesn't care about creating of .AppleDouble forks, just keeps ones in sync</TD -></TR -><TR -><TD ->if share in smb.conf doesn't contain .AppleDouble item in hide or veto list, it will be added automatically</TD -></TR -></TBODY -></TABLE -><P -></P -></P -></DIV -></DIV -><DIV -CLASS="SECT1" -><H1 -CLASS="SECT1" -><A -NAME="AEN2703">18.3. VFS modules available elsewhere</H1 -><P ->This section contains a listing of various other VFS modules that -have been posted but don't currently reside in the Samba CVS -tree for one reason ot another (e.g. it is easy for the maintainer -to have his or her own CVS tree).</P -><P ->No statemets about the stability or functionality any module -should be implied due to its presence here.</P -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2707">18.3.1. DatabaseFS</H2 -><P ->URL: <A -HREF="http://www.css.tayloru.edu/~elorimer/databasefs/index.php" -TARGET="_top" ->http://www.css.tayloru.edu/~elorimer/databasefs/index.php</A -></P -><P ->By <A -HREF="mailto:elorimer@css.tayloru.edu" -TARGET="_top" ->Eric Lorimer</A ->.</P -><P ->I have created a VFS module which implements a fairly complete read-only -filesystem. It presents information from a database as a filesystem in -a modular and generic way to allow different databases to be used -(originally designed for organizing MP3s under directories such as -"Artists," "Song Keywords," etc... I have since applied it to a student -roster database very easily). The directory structure is stored in the -database itself and the module makes no assumptions about the database -structure beyond the table it requires to run.</P -><P ->Any feedback would be appreciated: comments, suggestions, patches, -etc... If nothing else, hopefully it might prove useful for someone -else who wishes to create a virtual filesystem.</P -></DIV -><DIV -CLASS="SECT2" -><H2 -CLASS="SECT2" -><A -NAME="AEN2715">18.3.2. vscan</H2 -><P ->URL: <A -HREF="http://www.openantivirus.org/" -TARGET="_top" ->http://www.openantivirus.org/</A -></P -><P ->samba-vscan is a proof-of-concept module for Samba, which -uses the VFS (virtual file system) features of Samba 2.2.x/3.0 -alphaX. Of couse, Samba has to be compiled with VFS support. -samba-vscan supports various virus scanners and is maintained -by Rainer Link.</P -></DIV -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="pdb-xml.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="samba-howto-collection.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="samba-ldap-howto.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Passdb XML plugin</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="optional.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->Storing Samba's User/Machine Account information in an LDAP Directory</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file |