diff options
Diffstat (limited to 'docs/textdocs')
34 files changed, 0 insertions, 8216 deletions
diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt deleted file mode 100644 index be5d054615e..00000000000 --- a/docs/textdocs/Application_Serving.txt +++ /dev/null @@ -1,53 +0,0 @@ -!== -!== Application_Serving.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -January 7, 1997 -Updated: June 27, 1997 -Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au> - Copyright (C) 1997 - John H Terpstra -Status: Current - -Subject: Using a Samba share as an administrative share for MS Office, etc. -============================================================================== - -Problem: -======== -Microsoft Office products can be installed as an administrative installation -from which the application can either be run off the administratively installed -product that resides on a shared resource, or from which that product can be -installed onto workstation clients. - -The general mechanism for implementing an adminstrative installation involves -running: - X:\setup /A, where X is the drive letter of either CDROM or floppy - -This installation process will NOT install the product for use per se, but -rather results in unpacking of the compressed distribution files into a target -shared folder. For this process you need write privilidge to the share and it -is desirable to enable file locking and share mode operation during this -process. - -Subsequent installation of MS Office from this share will FAIL unless certain -precautions are taken. This failure will be caused by share mode operation -which will prevent the MS Office installation process from re-opening various -dynamic link library files and will cause sporadic file not found problems. - -Solution: -========= -1. As soon as the administrative installation (unpacking) has completed - set the following parameters on the share containing it: - [MSOP95] - path = /where_you_put_it - comment = Your comment - volume = "The_CD_ROM_Label" - read only = yes - available = yes - share modes = no - locking = no - browseable = yes - public = yes - -2. Now you are ready to run the setup program from the Microsoft Windows -workstation as follows:- - \\"Server_Name"\MSOP95\msoffice\setup - diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt deleted file mode 100644 index 35ab949770e..00000000000 --- a/docs/textdocs/BROWSING.txt +++ /dev/null @@ -1,551 +0,0 @@ -!== -!== BROWSING.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.) -Updated: October 12, 1997 -Status: Current - For VERY Advanced Users ONLY - -Summary: This describes how to configure Samba for improved browsing. -===================================================================== - -OVERVIEW: -========= -SMB networking provides a mechanism by which clients can access a list -of machines that are available within the network. This list is called -the browse list and is heavily used by all SMB clients. Configuration -of SMB browsing has been problematic for some Samba users, hence this -document. - -===================================================================== - -BROWSING -======== -Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). - -Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. See -DOMAIN.txt for more information on domain logons. - -Samba can also act as a domain master browser for a workgroup. This -means that it will collate lists from local browse masters into a -wide area network server list. In order for browse clients to -resolve the names they may find in this list, it is recommended that -both samba and your clients use a WINS server. - -Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain: on each wide area -network, you must only ever have one domain master browser per workgroup, -regardless of whether it is NT, Samba or any other type of domain master -that is providing this service. - -[Note that nmbd can be configured as a WINS server, but it is not -necessary to specifically use samba as your WINS server. NTAS can -be configured as your WINS server. In a mixed NT server and -samba environment on a Wide Area Network, it is recommended that -you use the NT server's WINS server capabilities. In a samba-only -environment, it is recommended that you use one and only one nmbd -as your WINS server]. - -To get browsing to work you need to run nmbd as usual, but will need -to use the "workgroup" option in smb.conf to control what workgroup -Samba becomes a part of. - -Samba also has a useful option for a Samba server to offer itself for -browsing on another subnet. It is recommended that this option is only -used for 'unusual' purposes: announcements over the internet, for -example. See "remote announce" in the smb.conf man page. - -If something doesn't work then hopefully the log.nmb file will -help you track down the problem. Try a debug level of 2 or 3 for -finding problems. - -Note that if it doesn't work for you, then you should still be able to -type the server name as \\SERVER in filemanager then hit enter and -filemanager should display the list of available shares. - -Some people find browsing fails because they don't have the global -"guest account" set to a valid account. Remember that the IPC$ -connection that lists the shares is done as guest, and thus you must -have a valid guest account. - -Also, a lot of people are getting bitten by the problem of too many -parameters on the command line of nmbd in inetd.conf. This trick is to -not use spaces between the option and the parameter (eg: -d2 instead -of -d 2), and to not use the -B and -N options. New versions of nmbd -are now far more likely to correctly find your broadcast and network -addess, so in most cases these aren't needed. - -The other big problem people have is that their broadcast address, -netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf) - - -BROWSING ACROSS SUBNETS -======================= - -With the release of Samba 1.9.17(alpha1 and above) Samba has been -updated to enable it to support the replication of browse lists -across subnet boundaries. New code and options have been added to -achieve this. This section describes how to set this feature up -in different settings. - -To see browse lists that span TCP/IP subnets (ie. networks separated -by routers that don't pass broadcast traffic) you must set up at least -one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing -NetBIOS name to IP address translation to be done by doing a direct -query of the WINS server. This is done via a directed UDP packet on -port 137 to the WINS server machine. The reason for a WINS server is -that by default, all NetBIOS name to IP address translation is done -by broadcasts from the querying machine. This means that machines -on one subnet will not be able to resolve the names of machines on -another subnet without using a WINS server. - -Remember, for browsing across subnets to work correctly, all machines, -be they Windows 95, Windows NT, or Samba servers must have the IP address -of a WINS server given to them by a DHCP server, or by manual configuration -(for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file. - -How does cross subnet browsing work ? -===================================== - -Cross subnet browsing is a complicated dance, containing multiple -moving parts. It has taken Microsoft several years to get the code -that achieves this correct, and Samba lags behind in some areas. -However, with the 1.9.17 release, Samba is capable of cross subnet -browsing when configured correctly. - -Consider a network set up as follows : - - (DMB) - N1_A N1_B N1_C N1_D N1_E - | | | | | - ------------------------------------------------------- - | subnet 1 | - +---+ +---+ - |R1 | Router 1 Router 2 |R2 | - +---+ +---+ - | | - | subnet 2 subnet 3 | - -------------------------- ------------------------------------ - | | | | | | | | - N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D - (WINS) - -Consisting of 3 subnets (1, 2, 3) conneted by two routers -(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines -on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume -for the moment that all these machines are configured to be in the -same workgroup (for simplicities sake). Machine N1_C on subnet 1 -is configured as Domain Master Browser (ie. it will collate the -browse lists for the workgroup). Machine N2_D is configured as -WINS server and all the other machines are configured to register -their NetBIOS names with it. - -As all these machines are booted up, elections for master browsers -will take place on each of the three subnets. Assume that machine -N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on -subnet 3 - these machines are known as local master browsers for -their particular subnet. N1_C has an advantage in winning as the -local master browser on subnet 1 as it is set up as Domain Master -Browser. - -On each of the three networks, machines that are configured to -offer sharing services will broadcast that they are offering -these services. The local master browser on each subnet will -receive these broadcasts and keep a record of the fact that -the machine is offering a service. This list of records is -the basis of the browse list. For this case, assume that -all the machines are configured to offer services so all machines -will be on the browse list. - -For each network, the local master browser on that network is -considered 'authoritative' for all the names it receives via -local broadcast. This is because a machine seen by the local -master browser via a local broadcast must be on the same -network as the local master browser and thus is a 'trusted' -and 'verifiable' resource. Machines on other networks that -the local master browsers learn about when collating their -browse lists have not been directly seen - these records are -called 'non-authoritative'. - -At this point the browse lists look as follows (these are -the machines you would see in your network neighborhood if -you looked in it on a particular network right now). - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Note that at this point all the subnets are separate, no -machine is seen across any of the subnets. - -Now examine subnet 2. As soon as N2_B has become the local -master browser it looks for a Domain master browser to synchronize -its browse list with. It does this by querying the WINS server -(N2_D) for the IP address associated with the NetBIOS name -WORKGROUP<1B>. This name was registerd by the Domain master -browser (N1_C) with the WINS server as soon as it was booted. - -Once N2_B knows the address of the Domain master browser it -tells it that is the local master browser for subnet 2 by -sending a MasterAnnouncement packet as a UDP port 138 packet. -It then synchronizes with it by doing a NetServerEnum2 call. This -tells the Domain Master Browser to send it all the server -names it knows about. Once the domain master browser receives -the MasterAnnouncement packet it schedules a synchronization -request to the sender of that packet. After both synchronizations -are done the browse lists look like : - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Servers with a (*) after them are non-authoritative names. - -At this point users looking in their network neighborhood on -subnets 1 or 2 will see all the servers on both, users on -subnet 3 will still only see the servers on their own subnet. - -The same sequence of events that occured for N2_B now occurs -for the local master browser on subnet 3 (N3_D). When it -synchronizes browse lists with the domain master browser (N1_A) -it gets both the server entries on subnet 1, and those on -subnet 2. After N3_D has synchronized with N1_C and vica-versa -the browse lists look like. - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names. - -At this point users looking in their network neighborhood on -subnets 1 or 3 will see all the servers on all sunbets, users on -subnet 2 will still only see the servers on subnets 1 and 2, but not 3. - -Finally, the local master browser for subnet 2 (N2_B) will sync again -with the domain master browser (N1_C) and will recieve the missing -server entries. Finally - and as a steady state (if no machines -are removed or shut off) the browse lists will look like : - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names. - -Synchronizations between the domain master browser and local -master browsers will continue to occur, but this should be a -steady state situation. - -If either router R1 or R2 fails the following will occur: - -1) Names of computers on each side of the inaccessible network fragments -will be maintained for as long as 36 minutes, in the network neighbourhood -lists. - -2) Attempts to connect to these inaccessible computers will fail, but the -names will not be removed from the network neighbourhood lists. - -3) If one of the fragments is cut off from the WINS server, it will only -be able to access servers on its local subnet, by using subnet-isolated -broadcast NetBIOS name resolution. The effects are similar to that of -losing access to a DNS server. - -Setting up a WINS server -======================== - -Either a Samba machine or a Windows NT Server machine may be set up -as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : -in the [globals] section add the line - - wins support = yes - -Versions of Samba previous to 1.9.17 had this parameter default to -yes. If you have any older versions of Samba on your network it is -strongly suggested you upgrade to 1.9.17 or above, or at the very -least set the parameter to 'no' on all these machines. - -Machines with "wins support = yes" will keep a list of all NetBIOS -names registered with them, acting as a DNS for NetBIOS names. - -You should set up only ONE wins server. Do NOT set the -"wins support = yes" option on more than one Samba server. - -To set up a Windows NT Server as a WINS server you need to set up -the WINS service - see your NT documentation for details. Note that -Windows NT WINS Servers can replicate to each other, allowing more -than one to be set up in a complex subnet environment. As Microsoft -refuse to document these replication protocols Samba cannot currently -participate in these replications. It is possible in the future that -a Samba->Samba WINS replication protocol may be defined, in which -case more than one Samba machine could be set up as a WINS server -but currently only one Samba server should have the "wins support = yes" -parameter set. - -After the WINS server has been configured you must ensure that all -machines participating on the network are configured with the address -of this WINS server. If your WINS server is a Samba machine, fill in -the Samba machine IP address in the "Primary WINS Server" field of -the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs -in Windows 95 or Windows NT. To tell a Samba server the IP address -of the WINS server add the following line to the [global] section of -all smb.conf files : - - wins server = <name or IP address> - -where <name or IP address> is either the DNS name of the WINS server -machine or its IP address. - -Note that this line MUST NOT BE SET in the smb.conf file of the Samba -server acting as the WINS server itself. If you set both the -"wins support = yes" option and the "wins server = <name>" option then -nmbd will fail to start. - -There are two possible scenarios for setting up cross subnet browsing. -The first details setting up cross subnet browsing on a network containing -Windows 95, Samba and Windows NT machines that are not configured as -part of a Windows NT Domain. The second details setting up cross subnet -browsing on networks that contain NT Domains. - -Setting up Browsing in a WORKGROUP -================================== - -To set up cross subnet browsing on a network containing machines -in up to be in a WORKGROUP, not an NT Domain you need to set up one -Samba server to be the Domain Master Browser (note that this is *NOT* -the same as a Primary Domain Controller, although in an NT Domain the -same machine plays both roles). The role of a Domain master browser is -to collate the browse lists from local master browsers on all the -subnets that have a machine participating in the workgroup. Without -one machine configured as a domain master browser each subnet would -be an isolated workgroup, unable to see any machines on any other -subnet. It is the presense of a domain master browser that makes -cross subnet browsing possible for a workgroup. - -In an WORKGROUP environment the domain master browser must be a -Samba server, and there must only be one domain master browser per -workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file : - - domain master = yes - -The domain master browser should also preferrably be the local master -browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file : - - domain master = yes - local master = yes - preferred master = yes - os level = 65 - -The domain master browser may be the same machine as the WINS -server, if you require. - -Next, you should ensure that each of the subnets contains a -machine that can act as a local master browser for the -workgroup. Any NT machine should be able to do this, as will -Windows 95 machines (although these tend to get rebooted more -often, so it's not such a good idea to use these). To make a -Samba server a local master browser set the following -options in the [global] section of the smb.conf file : - - domain master = no - local master = yes - preferred master = yes - os level = 65 - -Do not do this for more than one Samba server on each subnet, -or they will war with each other over which is to be the local -master browser. - -The "local master" parameter allows Samba to act as a local master -browser. The "preferred master" causes nmbd to force a browser -election on startup and the "os level" parameter sets Samba high -enough so that it should win any browser elections. - -If you have an NT machine on the subnet that you wish to -be the local master browser then you can disable Samba from -becoming a local master browser by setting the following -options in the [global] section of the smb.conf file : - - domain master = no - local master = no - preferred master = no - os level = 0 - -Setting up Browsing in a DOMAIN -=============================== - -If you are adding Samba servers to a Windows NT Domain then -you must not set up a Samba server as a domain master browser. -By default, a Windows NT Primary Domain Controller for a Domain -name is also the Domain master browser for that name, and many -things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC. - -For subnets other than the one containing the Windows NT PDC -you may set up Samba servers as local master browsers as -described. To make a Samba server a local master browser set -the following options in the [global] section of the smb.conf -file : - - domain master = no - local master = yes - preferred master = yes - os level = 65 - -If you wish to have a Samba server fight the election with machines -on the same subnet you may set the "os level" parameter to lower -levels. By doing this you can tune the order of machines that -will become local master browsers if they are running. For -more details on this see the section "FORCING SAMBA TO BE THE MASTER" -below. - -If you have Windows NT machines that are members of the domain -on all subnets, and you are sure they will always be running then -you can disable Samba from taking part in browser elections and -ever becoming a local master browser by setting following options -in the [global] section of the smb.conf file : - - domain master = no - local master = no - preferred master = no - os level = 0 - -FORCING SAMBA TO BE THE MASTER -============================== - -Who becomes the "master browser" is determined by an election process -using broadcasts. Each election packet contains a number of parameters -which determine what precedence (bias) a host should have in the -election. By default Samba uses a very low precedence and thus loses -elections to just about anyone else. - -If you want Samba to win elections then just set the "os level" global -option in smb.conf to a higher number. It defaults to 0. Using 34 -would make it win all elections over every other system (except other -samba systems!) - -A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A -NTAS domain controller uses level 32. - -The maximum os level is 255 - -If you want samba to force an election on startup, then set the -"preferred master" global option in smb.conf to "yes". Samba will -then have a slight advantage over other potential master browsers -that are not preferred master browsers. Use this parameter with -care, as if you have two hosts (whether they are windows 95 or NT or -samba) on the same local subnet both set with "preferred master" to -"yes", then periodically and continually they will force an election -in order to become the local master browser. - -If you want samba to be a "domain master browser", then it is -recommended that you also set "preferred master" to "yes", because -samba will not become a domain master browser for the whole of your -LAN or WAN if it is not also a local master browser on its own -broadcast isolated subnet. - -It is possible to configure two samba servers to attempt to become -the domain master browser for a domain. The first server that comes -up will be the domain master browser. All other samba servers will -attempt to become the domain master browser every 5 minutes. They -will find that another samba server is already the domain master -browser and will fail. This provides automatic redundancy, should -the current domain master browser fail. - - -MAKING SAMBA THE DOMAIN MASTER -============================== - -The domain master is responsible for collating the browse lists of -multiple subnets so that browsing can occur between subnets. You can -make samba act as the domain master by setting "domain master = yes" -in smb.conf. By default it will not be a domain master. - -Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain. - -When samba is the domain master and the master browser it will listen -for master announcements (made roughly every twelve minutes) from local -master browsers on other subnets and then contact them to synchronise -browse lists. - -If you want samba to be the domain master then I suggest you also set -the "os level" high enough to make sure it wins elections, and set -"preferred master" to "yes", to get samba to force an election on -startup. - -Note that all your servers (including samba) and clients should be -using a WINS server to resolve NetBIOS names. If your clients are only -using broadcasting to resolve NetBIOS names, then two things will occur: - -a) your local master browsers will be unable to find a domain master - browser, as it will only be looking on the local subnet. - -b) if a client happens to get hold of a domain-wide browse list, and - a user attempts to access a host in that list, it will be unable to - resolve the NetBIOS name of that host. - -If, however, both samba and your clients are using a WINS server, then: - -a) your local master browsers will contact the WINS server and, as long as - samba has registered that it is a domain master browser with the WINS - server, your local master browser will receive samba's ip address - as its domain master browser. - -b) when a client receives a domain-wide browse list, and a user attempts - to access a host in that list, it will contact the WINS server to - resolve the NetBIOS name of that host. as long as that host has - registered its NetBIOS name with the same WINS server, the user will - be able to see that host. - -NOTE ABOUT BROADCAST ADDRESSES -============================== - -If your network uses a "0" based broadcast address (for example if it -ends in a 0) then you will strike problems. Windows for Workgroups -does not seem to support a 0's broadcast and you will probably find -that browsing and name lookups won't work. - - -MULTIPLE INTERFACES -=================== - -Samba now supports machines with multiple network interfaces. If you -have multiple interfaces then you will need to use the "interfaces" -option in smb.conf to configure them. See smb.conf(5) for details. - diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt deleted file mode 100644 index 40e5fa6839b..00000000000 --- a/docs/textdocs/BUGS.txt +++ /dev/null @@ -1,138 +0,0 @@ -!== -!== BUGS.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Samba Team -Updated: June 27, 1997 - -Subject: This file describes how to report Samba bugs. -============================================================================ - ->> The email address for bug reports is samba-bugs@samba.anu.edu.au << - -Please take the time to read this file before you submit a bug -report. Also, please see if it has changed between releases, as we -may be changing the bug reporting mechanism at some time. - -Please also do as much as you can yourself to help track down the -bug. Samba is maintained by a dedicated group of people who volunteer -their time, skills and efforts. We receive far more mail about it than -we can possibly answer, so you have a much higher chance of an answer -and a fix if you send us a "developer friendly" bug report that lets -us fix it fast. - -Do not assume that if you post the bug to the comp.protocols.smb -newsgroup or the mailing list that we will read it. If you suspect that your -problem is not a bug but a configuration problem then it is better to send -it to the Samba mailing list, as there are (at last count) 5000 other users on -that list that may be able to help you. - -You may also like to look though the recent mailing list archives, -which are conveniently accessible on the Samba web pages -at http://samba.anu.edu.au/samba/ - - -GENERAL INFO ------------- - -Before submitting a bug report check your config for silly -errors. Look in your log files for obvious messages that tell you that -you've misconfigured something and run testparm to test your config -file for correct syntax. - -Have you run through DIAGNOSIS.txt? This is very important. - -If you include part of a log file with your bug report then be sure to -annotate it with exactly what you were doing on the client at the -time, and exactly what the results were. - - -DEBUG LEVELS ------------- - -If the bug has anything to do with Samba behaving incorrectly as a -server (like refusing to open a file) then the log files will probably -be very useful. Depending on the problem a log level of between 3 and -10 showing the problem may be appropriate. A higher level givesmore -detail, but may use too much disk space. - -To set the debug level use "log level =" in your smb.conf. You may -also find it useful to set the log level higher for just one machine -and keep separate logs for each machine. To do this use: - -log level = 10 -log file = /usr/local/samba/lib/log.%m -include = /usr/local/samba/lib/smb.conf.%m - -then create a file "/usr/local/samba/lib/smb.conf.machine" where -"machine" is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example "log level=" may be -useful. This also allows you to experiment with different security -systems, protocol levels etc on just one machine. - -The smb.conf entry "log level =" is synonymous with the entry -"debuglevel =" that has been used in older versions of Samba and -is being retained for backwards compatibility of smb.conf files. - -As the "log level =" value is increased you will record a significantly -increasing level of debugging information. For most debugging operations -you may not need a setting higher than 3. Nearly all bugs can be tracked -at a setting of 10, but be prepared for a VERY large volume of log data. - - -INTERNAL ERRORs ---------------- - -If you get a "INTERNAL ERROR" message in your log files it means that -Samba got an unexpected signal while running. It is probably a -segmentation fault and almost certainly means a bug in Samba (unless -you have faulty hardware or system software) - -If the message came from smbd then it will probably be accompanied by -a message which details the last SMB message received by smbd. This -info is often very useful in tracking down the problem so please -include it in your bug report. - -You should also detail how to reproduce the problem, if -possible. Please make this reasonably detailed. - -You may also find that a core file appeared in a "corefiles" -subdirectory of the directory where you keep your samba log -files. This file is the most useful tool for tracking down the bug. To -use it you do this: - -gdb smbd core - -adding appropriate paths to smbd and core so gdb can find them. If you -don't have gdb then try "dbx". Then within the debugger use the -command "where" to give a stack trace of where the problem -occurred. Include this in your mail. - -If you known any assembly language then do a "disass" of the routine -where the problem occurred (if its in a library routine then -disassemble the routine that called it) and try to work out exactly -where the problem is by looking at the surrounding code. Even if you -don't know assembly then incuding this info in the bug report can be -useful. - - -ATTACHING TO A RUNNING PROCESS ------------------------------- - -Unfortunately some unixes (in particular some recent linux kernels) -refuse to dump a core file if the task has changed uid (which smbd -does often). To debug with this sort of system you could try to attach -to the running process using "gdb smbd PID" where you get PID from -smbstatus. Then use "c" to continue and try to cause the core dump -using the client. The debugger should catch the fault and tell you -where it occurred. - - -PATCHES -------- - -The best sort of bug report is one that includes a fix! If you send us -patches please use "diff -u" format if your version of diff supports -it, otherwise use "diff -c4". Make sure your do the diff against a -clean version of the source and let me know exactly what version you -used. - diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt deleted file mode 100644 index a9fb3399582..00000000000 --- a/docs/textdocs/DIAGNOSIS.txt +++ /dev/null @@ -1,275 +0,0 @@ -!== -!== DIAGNOSIS.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Andrew Tridgell -Updated: October 14, 1997 - -Subject: DIAGNOSING YOUR SAMBA SERVER -=========================================================================== - -This file contains a list of tests you can perform to validate your -Samba server. It also tells you what the likely cause of the problem -is if it fails any one of these steps. If it passes all these tests -then it is probably working fine. - -You should do ALL the tests, in the order shown. I have tried to -carefully choose them so later tests only use capabilities verified in -the earlier tests. - -I would welcome additions to this set of tests. Please mail them to -samba-bugs@samba.anu.edu.au - -If you send me an email saying "it doesn't work" and you have not -followed this test procedure then you should not be surprised if I -ignore your email. - - -ASSUMPTIONS ------------ - -In all of the tests I assume you have a Samba server called BIGSERVER -and a PC called ACLIENT. I also assume the PC is running windows for -workgroups with a recent copy of the microsoft tcp/ip stack. Alternatively, -your PC may be running Windows 95 or Windows NT (Workstation or Server). - -The procedure is similar for other types of clients. - -I also assume you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf: - -[tmp] - comment = temporary files - path = /tmp - read only = yes - - -THESE TESTS ASSUME VERSION 1.9.16 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS - -Please pay attention to the error messages you receive. If any error message -reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf -file points to name servers that really do exist. - -Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf" - - -TEST 1: -------- - -In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf -configuration file is faulty. - -Note: Your smb.conf file may be located in: /etc - Or in: /usr/local/samba/lib - - -TEST 2: -------- - -run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from -the unix box. If you don't get a valid response then your TCP/IP -software is not correctly installed. - -Note that you will need to start a "dos prompt" window on the PC to -run ping. - -If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to -run samba without DNS entries for the server and client, but I assume -you do have correct entries for the remainder of these tests. - -Another reason why ping might fail is if your host is running firewall -software. You will need to relax the rules to let in the workstation -in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.) - - -TEST 3: -------- - -Run the command "smbclient -L BIGSERVER" on the unix box. You -should get a list of available shares back. - -If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines. - -If you get a "connection refused" response then the smbd server could -not be running. If you installed it in inetd.conf then you probably edited -that file incorrectly. If you installed it as a daemon then check that -it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a". - -If you get a "session request failed" then the server refused the -connection. If it says "your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" -and that the various directories where samba keeps its log and lock -files exist. - -Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration! - - -TEST 4: -------- - -Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the -IP address of your Samba server back. - -If you don't then nmbd is incorrectly installed. Check your inetd.conf -if you run it from there, or that the daemon is running and listening -to udp port 137. - -One common problem is that many inetd implementations can't take many -parameters on the command line. If this is the case then create a -one-line script that contains the right parameters and run that from -inetd. - - -TEST 5: -------- - -run the command "nmblookup -B ACLIENT '*'" - -You should get the PCs IP address back. If you don't then the client -software on the PC isn't installed correctly, or isn't started, or you -got the name of the PC wrong. - - -TEST 6: -------- - -Run the command "nmblookup -d 2 '*'" - -This time we are trying the same as the previous test but are trying -it via a broadcast to the default broadcast address. A number of -Netbios/TCPIP hosts on the network should respond, although Samba may -not catch all of the responses in the short time it listens. You -should see "got a positive name query response" messages from several -hosts. - -If this doesn't give a similar result to the previous test then -nmblookup isn't correctly getting your broadcast address through its -automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP -address, broadcast and netmask. - -If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs -subnet. - - -TEST 7: -------- - -Run the command "smbclient '\\BIGSERVER\TMP'". You should then be -prompted for a password. You should use the password of the account -you are logged into the unix box with. If you want to test with -another account then add the -U <accountname> option to the command -line. - -Once you enter the password you should get the "smb>" prompt. If you -don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf. - -If it says "bad password" then the likely causes are: - -- you have shadow passords (or some other password system) but didn't -compile in support for them in smbd -- your "valid users" configuration is incorrect -- you have a mixed case password and you haven't enabled the "password -level" option at a high enough level -- the "path =" line in smb.conf is incorrect. Check it with testparm -- you enabled password encryption but didn't create the SMB encrypted -password file - -Once connected you should be able to use the commands "dir" "get" -"put" etc. Type "help <command>" for instructions. You should -especially check that the amount of free disk space shown is correct -when you type "dir". - - -TEST 8: -------- - -On the PC type the command "net view \\BIGSERVER". You will need to do -this from within a "dos prompt" window. You should get back a list of -available shares on the server. - -If you get a "network name not found" or similar error then netbios -name resolution is not working. This is usually caused by a problem in -nmbd. To overcome it you could do one of the following (you only need -to choose one of them): - -- fixup the nmbd installation -- add the IP address of BIGSERVER to the "wins server" box in the -advanced tcp/ip setup on the PC. -- enable windows name resolution via DNS in the advanced section of -the tcp/ip setup -- add BIGSERVER to your lmhosts file on the PC. - -If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man -pages) - -If you get "specified computer is not receiving requests" or similar -it probably means that the host is not contactable via tcp services. -Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.) - - -TEST 9: --------- - -Run the command "net use x: \\BIGSERVER\TMP". You should be prompted -for a password then you should get a "command completed successfully" -message. If not then your PC software is incorrectly installed or your -smb.conf is incorrect. make sure your "hosts allow" and other config -lines in smb.conf are correct. - -It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the -username corresponding to the password you typed. If you find this -fixes things you may need the username mapping option. - - -TEST 10: --------- - -From file manager try to browse the server. Your samba server should -appear in the browse list of your local workgroup (or the one you -specified in smb.conf). You should be able to double click on the name -of the server and get a list of shares. If you get a "invalid -password" error when you do then you are probably running WinNT and it -is refusing to browse a server that has no encrypted password -capability and is in user level security mode. In this case either set -"security = server" AND "password server = Windows_NT_Machine" in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile). - - -Still having troubles? ----------------------- - -Try the mailing list or newsgroup, or use the tcpdump-smb utility to -sniff the problem. The official samba mailing list can be reached at -samba@samba.anu.edu.au. To find out more about samba and how to -subscribe to the mailing list check out the samba web page at - http://samba.anu.edu.au/samba - -Also look at the other docs in the Samba package! - diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt deleted file mode 100644 index 18f85719857..00000000000 --- a/docs/textdocs/DNIX.txt +++ /dev/null @@ -1,72 +0,0 @@ -!== -!== DNIX.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -DNIX has a problem with seteuid() and setegid(). These routines are -needed for Samba to work correctly, but they were left out of the DNIX -C library for some reason. - -For this reason Samba by default defines the macro NO_EID in the DNIX -section of includes.h. This works around the problem in a limited way, -but it is far from ideal, some things still won't work right. - -To fix the problem properly you need to assemble the following two -functions and then either add them to your C library or link them into -Samba. - -put this in the file setegid.s: - - .globl _setegid -_setegid: - moveq #47,d0 - movl #100,a0 - moveq #1,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts - - -put this in the file seteuid.s: - - .globl _seteuid -_seteuid: - moveq #47,d0 - movl #100,a0 - moveq #0,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts - -after creating the above files you then assemble them using - -as seteuid.s -as setegid.s - -that should produce the files seteuid.o and setegid.o - -then you need to add these to the LIBSM line in the DNIX section of -the Samba Makefile. Your LIBSM line will then look something like this: - -LIBSM = setegid.o seteuid.o -ln - -You should then remove the line: - -#define NO_EID - -from the DNIX section of includes.h - -Then recompile and try it out! - -Note that this file was derived from an email from Peter Olsson -<pol@leissner.se>. I don't have DNIX myself, so you're probably better -off contacting Peter if you have problems. - -Andrew - diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt deleted file mode 100644 index 8b8e05733ba..00000000000 --- a/docs/textdocs/DOMAIN.txt +++ /dev/null @@ -1,372 +0,0 @@ -!== -!== DOMAIN.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Samba Team -Updated: June 27, 1997 - -Subject: Network Logons and Roving Profiles -=========================================================================== - -A domain and a workgroup are exactly the same thing in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (samba does not -support this, but NT server and other systems based on NT server do). - -The SMB client logging on to a domain has an expectation that every other -server in the domain should accept the same authentication information. -However the network browsing functionality of domains and workgroups is -identical and is explained in BROWSING.txt. - -Issues related to the single-logon network model are discussed in this -document. Samba supports domain logons, network logon scripts, and user -profiles. The support is still experimental, but it seems to work. - -The support is also not complete. Samba does not yet support the sharing -of the Windows NT-style SAM database with other systems. However this is -only one way of having a shared user database: exactly the same effect can -be achieved by having all servers in a domain share a distributed NIS or -Kerberos authentication database. - -When an SMB client in a domain wishes to logon it broadcast requests for a -logon server. The first one to reply gets the job, and validates its -password using whatever mechanism the Samba administrator has installed. -It is possible (but very stupid) to create a domain where the user -database is not shared between servers, ie they are effectively workgroup -servers advertising themselves as participating in a domain. This -demonstrates how authentication is quite different from but closely -involved with domains. - -Another thing commonly associated with single-logon domains is remote -administration over the SMB protocol. Again, there is no reason why this -cannot be implemented with an underlying username database which is -different from the Windows NT SAM. Support for the Remote Administration -Protocol is planned for a future release of Samba. - -The domain support works for WfWg, and Win95 clients and NT 4.0 and 3.51. -Domain support is currently at an early experimental stage for NT 4.0 and -NT 3.51. Support for Windows OS/2 clients is still being worked on and is -still experimental. - -Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51. -It is possible to specify: the profile location; script file to be loaded -on login; the user's home directory; and for NT a kick-off time could also -now easily be supported. - -With NT Workstations, all this does not require the use or intervention of -an NT 4.0 or NT 3.51 server: Samba can now replace the logon services -provided by an NT server, to a limited and experimental degree (for example, -running "User Manager for Domains" will not provide you with access to -a domain created by a Samba Server). - -With Win95, the help of an NT server can be enlisted, both for profile storage -and for user authentication. For details on user authentication, see -security_level.txt. For details on profile storage, see below. - - -Using these features you can make your clients verify their logon via -the Samba server; make clients run a batch file when they logon to -the network and download their preferences, desktop and start menu. - - -Configuration Instructions: Network Logons -========================================== - -To use domain logons and profiles you need to do the following: - - -1) Setup nmbd and smbd by configuring smb.conf so that Samba is - acting as the master browser. See <your OS>_INSTALL.txt and BROWSING.txt - for details. - -2) Setup a WINS server (see NetBIOS.txt) and configure all your clients - to use that WINS service. - -3) Create a share called [netlogon] in your smb.conf. This share should - be readable by all users, and probably should not be writeable. This - share will hold your network logon scripts, and the CONFIG.POL file - (Note: for details on the CONFIG.POL file, how to use it, what it is, - refer to the Microsoft Windows NT Administration documentation. - The format of these files is not known, so you will need to use - Microsoft tools). - -For example I have used: - - [netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = no - -Note that it is important that this share is not writeable by ordinary -users, in a secure environment: ordinary users should not be allowed -to modify or add files that another user's computer would then download -when they log in. - -4) in the [global] section of smb.conf set the following: - - domain logons = yes - logon script = %U.bat - -The choice of batch file is, of course, up to you. The above would -give each user a separate batch file as the %U will be changed to -their username automatically. The other standard % macros may also be -used. You can make the batch files come from a subdirectory by using -something like: - - logon script = scripts\%U.bat - -5) create the batch files to be run when the user logs in. If the batch - file doesn't exist then no batch file will be run. - -In the batch files you need to be careful to use DOS style cr/lf line -endings. If you don't then DOS may get confused. I suggest you use a -DOS editor to remotely edit the files if you don't know how to produce -DOS style files under unix. - -6) Use smbclient with the -U option for some users to make sure that - the \\server\NETLOGON share is available, the batch files are - visible and they are readable by the users. - -7) you will probabaly find that your clients automatically mount the - \\SERVER\NETLOGON share as drive z: while logging in. You can put - some useful programs there to execute from the batch files. - -NOTE: You must be using "security = user" or "security = server" for -domain logons to work correctly. Share level security won't work -correctly. - - - -Configuration Instructions: Setting up Roaming User Profiles -================================================================ - -In the [global] section of smb.conf set the following (for example): - - logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath - -The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. - -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. Windows 95 appears to -check that it can see the share and any subdirectories within that share -specified by the logon path option, rather than just connecting straight -away. It also attempts to create the components of the full path for -you. If the creation of any component fails, or if it cannot see any -component of the path, the profile creation / reading fails. - -[lkcl 26aug96 - we have discovered a problem where Windows clients can -maintain a connection to the [homes] share in between logins. The -[homes] share must NOT therefore be used in a profile path.] - - -Windows 95 ----------- - -When a user first logs in on Windows 95, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short case preserve = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders. - -The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file. - -2) On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - -3) On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - -Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me. - -You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password. - -Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. - -Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. - -These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set. - -If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the unix file -permissions and ownership rights on the profile directory contents, -on the samba server. - - -If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". - - -1) instead of logging in under the [user, password, domain] dialog], - press escape. - -2) run the regedit.exe program, and look in: - - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - - [Exit the registry editor]. - -3) WARNING - before deleting the contents of the directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - - This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - -4) search for the user's .PWL password-cacheing file in the c:\windows - directory, and delete it. - -5) log off the windows 95 client. - -6) check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - - -If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. - -If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace. - - -Windows NT Workstation 4.0 --------------------------- - -When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter, in exactly the same way as it -can for Win95. [lkcl 10aug97 - i tried setting the path to -\\samba-server\homes\profile, and discovered that this fails because -a background process maintains the connection to the [homes] share -which does _not_ close down in between user logins. you have to -have \\samba-server\%L\profile, where user is the username created -from the [homes] share]. - -There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter. - -The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension) -[lkcl 10aug97 - i found that the creation of the .PDS directory failed, -and had to create these manually for each user, with a shell script. -also, i presume, but have not tested, that the full profile path must -be browseable just as it is for w95, due to the manner in which they -attempt to create the full profile path: test existence of each path -component; create path component]. - -In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown. - -You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one. - -[lkcl 10aug97 - i notice that NT Workstation tells me that it is -downloading a profile from a slow link. whether this is actually the -case, or whether there is some configuration issue, as yet unknown, -that makes NT Workstation _think_ that the link is a slow one is a -matter to be resolved]. - -[lkcl 20aug97 - after samba digest correspondance, one user found, and -another confirmed, that profiles cannot be loaded from a samba server -unless "security = user" and "encrypt passwords = yes" (see the file -ENCRYPTION.txt) or "security = server" and "password server = ip.address. -of.yourNTserver" are used. either of these options will allow the NT -workstation to access the samba server using LAN manager encrypted -passwords, without the user intervention normally required by NT -workstation for clear-text passwords]. - -[lkcl 25aug97 - more comments received about NT profiles: the case of -the profile _matters_. the file _must_ be called NTuser.DAT or, for -a mandatory profile, NTuser.MAN]. - - -Windows NT Server ------------------ - -There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords. - - - -Sharing Profiles between W95 and NT Workstation 4.0 ---------------------------------------------------- - -The default logon path is \\%N\U%. NT Workstation will attempt to create -a directory "\\samba-server\username.PDS" if you specify the logon path -as "\\samba-server\username" with the NT User Manager. Therefore, you -will need to specify (for example) "\\samba-server\username\profile". -NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which -is more likely to succeed. - -If you then want to share the same Start Menu / Desktop with W95, you will -need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 -this has its drawbacks: i created a shortcut to telnet.exe, which attempts -to run from the c:\winnt\system32 directory. this directory is obviously -unlikely to exist on a Win95-only host]. - -If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory. - -[lkcl 25aug97 - there are some issues to resolve with downloading of -NT profiles, probably to do with time/date stamps. i have found that -NTuser.DAT is never updated on the workstation after the first time that -it is copied to the local workstation profile directory. this is in -contrast to w95, where it _does_ transfer / update profiles correctly]. - diff --git a/docs/textdocs/DOMAIN_CONTROL.txt b/docs/textdocs/DOMAIN_CONTROL.txt deleted file mode 100644 index 12c9084e7a6..00000000000 --- a/docs/textdocs/DOMAIN_CONTROL.txt +++ /dev/null @@ -1,108 +0,0 @@ -!== -!== DOMAIN_CONTROL.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Initial Release: August 22, 1996 -Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au> - Copyright (C) 1996-1997 - John H Terpstra -Updated: August 25, 1997 -Status: Current - New Content - -Subject: Windows NT Domain Control & Samba -============================================================================ - -****NOTE:**** -============= -The term "Domain Controller" and those related to it refer to one specific -method of authentication that can underly an SMB domain. Domain Controllers -prior to Windows NT Server 3.1 were sold by various companies and based on -private extensions to the LAN Manager 2.1 protocol. Windows NT introduced -Microsoft-specific ways of distributing the user authentication database. -See DOMAIN.txt for examples of how Samba can participate in or create -SMB domains based on shared authentication database schemes other than the -Windows NT SAM. - -Microsoft Windows NT Domain Control is an extremely complex protocol. -We have received countless requests to implement Domain Control in Samba. -The 1.9.18 release of Samba contains experimental code to implement -this. Please read the file docs/NTDOMAIN.txt for more information on this. -============================================================================ - -Windows NT Server can be installed as either a plain file and print server -(WORKGROUP workstaion or server) or as a server that participates in Domain -Control (DOMAIN member, Primary Domain controller or Backup Domain controller). - -The same is true for OS/2 Warp Server, Digital Pathworks and other similar -products, all of which can participate in Domain Control along with Windows NT. -However only those servers which have licenced Windows NT code in them can be -a primary Domain Controller (eg Windows NT Server, Advanced Server for Unix.) - -To many people these terms can be confusing, so let's try to clear the air. - -Every Windows NT system (workstation or server) has a registry database. -The registry contains entries that describe the initialisation information -for all services (the equivalent of Unix Daemons) that run within the Windows -NT environment. The registry also contains entries that tell application -software where to find dynamically loadable libraries that they depend upon. -In fact, the registry contains entries that describes everything that anything -may need to know to interact with the rest of the system. - -The registry files can be located on any Windows NT machine by opening a -command prompt and typing: - dir %SystemRoot%\System32\config - -The environment variable %SystemRoot% value can be obtained by typing: - echo %SystemRoot% - -The active parts of the registry that you may want to be familiar with are -the files called: default, system, software, sam and security. - -In a domain environment, Microsoft Windows NT domain controllers participate -in replication of the SAM and SECURITY files so that all controllers within -the domain have an exactly identical copy of each. - -The Microsoft Windows NT system is structured within a security model that -says that all applications and services must authenticate themselves before -they can obtain permission from the security manager to do what they set out -to do. - -The Windows NT User database also resides within the registry. This part of -the registry contains the user's security identifier, home directory, group -memberships, desktop profile, and so on. - -Every Windows NT system (workstation as well as server) will have its own -registry. Windows NT Servers that participate in Domain Security control -have a database that they share in common - thus they do NOT own an -independent full registry database of their own, as do Workstations and -plain Servers. - -The User database is called the SAM (Security Access Manager) database and -is used for all user authentication as well as for authentication of inter- -process authentication (ie: to ensure that the service action a user has -requested is permitted within the limits of that user's privileges). - -The Samba team have produced a utility that can dump the Windows NT SAM into -smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and -/pub/samba/pwdump on your nearest Samba mirror for the utility. This -facility is useful but cannot be easily used to implement SAM replication -to Samba systems. - -Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers -can participate in a Domain security system that is controlled by Windows NT -servers that have been correctly configured. At most every domain will have -ONE Primary Domain Controller (PDC). It is desirable that each domain will -have at least one Backup Domain Controller (BDC). - -The PDC and BDCs then participate in replication of the SAM database so that -each Domain Controlling participant will have an up to date SAM component -within its registry. - -Samba can NOT at this time function as a Domain Controller for any of these -security services, but like all other domain members can interact with the -Windows NT security system for all access authentication. - -When Samba is configured with the 'security = server' option and the -'password server = Your_Windows_NT_Server_Name' option, then it will -redirect all access authentication to that server. This way you can -use Windows NT to act as your password server with full support for -Microsoft encrypted passwords. - diff --git a/docs/textdocs/ENCRYPTION.txt b/docs/textdocs/ENCRYPTION.txt deleted file mode 100644 index 08ea9ceb242..00000000000 --- a/docs/textdocs/ENCRYPTION.txt +++ /dev/null @@ -1,327 +0,0 @@ -!== -!== ENCRYPTION.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Jeremy Allison <samba-bugs@samba.anu.edu.au> -Updated: June 27, 1997 -Note: Please refer to WinNT.txt also - -Subject: LanManager / Samba Password Encryption. -============================================================================ - -With the development of LanManager and Windows NT compatible password -encryption for Samba, it is now able to validate user connections in -exactly the same way as a LanManager or Windows NT server. - -This document describes how the SMB password encryption algorithm -works and what issues there are in choosing whether you want to use -it. You should read it carefully, especially the part about security -and the "PROS and CONS" section. - -How does it work ? ------------------- - -LanManager encryption is somewhat similar to UNIX password -encryption. The server uses a file containing a hashed value of a -users password. This is created by taking the users paintext -password, capitalising it, and either truncating to 14 bytes (or -padding to 14 bytes with null bytes). This 14 byte value is used as -two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a -16 byte value which is stored by the server and client. Let this value -be known as the *hashed password*. - -Windows NT encryption is a higher quality mechanism, consisting -of doing an MD4 hash on a Unicode version of the users password. This -also produces a 16 byte hash value that is non-reversible. - -When a client (LanManager, Windows for WorkGroups, Windows 95 or -Windows NT) wishes to mount a Samba drive (or use a Samba resource) it -first requests a connection and negotiates the protocol that the client -and server will use. In the reply to this request the Samba server -generates and appends an 8 byte, random value - this is stored in the -Samba server after the reply is sent and is known as the *challenge*. - -The challenge is different for every client connection. - -The client then uses the hashed password (16 byte values described -above), appended with 5 null bytes, as three 56 bit DES keys, each of -which is used to encrypt the challenge 8 byte value, forming a 24 byte -value known as the *response*. - -In the SMB call SMBsessionsetupX (when user level security is -selected) or the call SMBtconX (when share level security is selected) -the 24 byte response is returned by the client to the Samba server. -For Windows NT protocol levels the above calculation is done on -both hashes of the users password and both responses are returned -in the SMB call, giving two 24 byte values. - -The Samba server then reproduces the above calculation, using it's own -stored value of the 16 byte hashed password (read from the smbpasswd -file - described later) and the challenge value that it kept from the -negotiate protocol reply. It then checks to see if the 24 byte value it -calculates matches the 24 byte value returned to it from the client. - -If these values match exactly, then the client knew the correct -password (or the 16 byte hashed value - see security note below) and -is this allowed access. If not then the client did not know the -correct password and is denied access. - -Note that the Samba server never knows or stores the cleartext of the -users password - just the 16 byte hashed values derived from it. Also -note that the cleartext password or 16 byte hashed values are never -transmitted over the network - thus increasing security. - -IMPORTANT NOTE ABOUT SECURITY ------------------------------ - -The unix and SMB password encryption techniques seem similar on the -surface. This similarity is, however, only skin deep. The unix scheme -typically sends clear text passwords over the nextwork when logging -in. This is bad. The SMB encryption scheme never sends the cleartext -password over the network but it does store the 16 byte hashed values -on disk. This is also bad. Why? Because the 16 byte hashed values are a -"password equivalent". You cannot derive the users password from them, -but they could potentially be used in a modified client to gain access -to a server. This would require considerable technical knowledge on -behalf of the attacker but is perfectly possible. You should thus -treat the smbpasswd file as though it contained the cleartext -passwords of all your users. Its contents must be kept secret, and the -file should be protected accordingly. - -Ideally we would like a password scheme which neither requires plain -text passwords on the net or on disk. Unfortunately this is not -available as Samba is stuck with being compatible with other SMB -systems (WinNT, WfWg, Win95 etc). - - -PROS AND CONS -------------- - -There are advantages and disadvantages to both schemes. - -Advantages of SMB Encryption: ------------------------------ - -- plain text passwords are not passed across the network. Someone using -a network sniffer cannot just record passwords going to the SMB server. - -- WinNT doesn't like talking to a server that isn't using SMB -encrypted passwords. It will refuse to browse the server if the server -is also in user level security mode. It will insist on promting the -user for the password on each connection, which is very annoying. The -only things you can do to stop this is to use SMB encryption. - -Advantages of non-encrypted passwords: --------------------------------------- - -- plain text passwords are not kept on disk. - -- uses same password file as other unix services such as login and -ftp - -- you are probably already using other services (such as telnet and -ftp) which send plain text passwords over the net, so not sending them -for SMB isn't such a big deal. - -Note that Windows NT 4.0 Service pack 3 changed the default for -permissible authentication so that plaintext passwords are *never* -sent over the wire. The solution to this is either to switch to -encrypted passwords with Samba or edit the Windows NT registry to -re-enable plaintext passwords. See the document WinNT.txt for -details on how to do this. - -The smbpasswd file. -------------------- - -In order for Samba to participate in the above protocol it must -be able to look up the 16 byte hashed values given a user name. -Unfortunately, as the UNIX password value is also a one way hash -function (ie. it is impossible to retrieve the cleartext of the users -password given the UNIX hash of it) then a separate password file -containing this 16 byte value must be kept. To minimise problems with -these two password files, getting out of sync, the UNIX /etc/passwd and -the smbpasswd file, a utility, mksmbpasswd.sh, is provided to generate -a smbpasswd file from a UNIX /etc/passwd file. - -To generate the smbpasswd file from your /etc/passwd file use the -following command :- - -cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd - -If you are running on a system that uses NIS, use - -ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd - -The mksmbpasswd.sh program is found in the Samba source directory. By -default, the smbpasswd file is stored in :- - -/usr/local/samba/private/smbpasswd - -The owner of the /usr/local/samba/private directory should be set to -root, and the permissions on it should be set to :- - -r-x------ - -The command - -chmod 500 /usr/local/samba/private - -will do the trick. Likewise, the smbpasswd file inside the private -directory should be owned by root and the permissions on is should be -set to - -rw------- - -by the command :- - -chmod 600 smbpasswd. - -The format of the smbpasswd file is - -username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Long name:user home dir:user shell - -Although only the username, uid, and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -sections are significant and are looked at in the Samba code. - -It is *VITALLY* important that there by 32 'X' characters between the -two ':' characters in the XXX sections - the smbpasswd and Samba code -will fail to validate any entries that do not have 32 characters -between ':' characters. The first XXX section is for the Lanman password -hash, the second is for the Windows NT version. - -When the password file is created all users have password entries -consisting of 32 'X' characters. By default this disallows any access -as this user. When a user has a password set, the 'X' characters change -to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii -representation of the 16 byte hashed value of a users password. - -To set a user to have no password (not recommended), edit the file -using vi, and replace the first 11 characters with the asci text - -NO PASSWORD - -Eg. To clear the password for user bob, his smbpasswd file entry would -look like : - -bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Bob's full name:/bobhome:/bobshell - -If you are allowing users to use the smbpasswd command to set their own -passwords, you may want to give users NO PASSWORD initially so they do -not have to enter a previous password when changing to their new -password (not recommended). - -Note : This file should be protected very carefully. Anyone with -access to this file can (with enough knowledge of the protocols) gain -access to your SMB server. The file is thus more sensitive than a -normal unix /etc/passwd file. - -The smbpasswd Command. ----------------------- - -The smbpasswd command maintains the two 32 byte password fields in -the smbpasswd file. If you wish to make it similar to the unix passwd -or yppasswd programs, install it in /usr/local/samba/bin (or your main -Samba binary directory) and make it setuid root. - -Note that if you do not do this then the root user will have to set all -users passwords. - -To set up smbpasswd as setuid root, change to the Samba binary install -directory and then type (as root) : - -chown root smbpasswd -chmod 4555 smbpasswd - -If smbpasswd is installed as setuid root then you would use it as -follows. - -smbpasswd -Old SMB password: <type old alue here - just hit return if there is NO PASSWORD> -New SMB Password: < type new value > -Repeat New SMB Password: < re-type new value > - -If the old value does not match the current value stored for that user, -or the two new values do not match each other, then the password will -not be changed. - -If invoked by an ordinary user it will only allow the user to change -his or her own Samba password. - -If run by the root user smbpasswd may take an optional argument, -specifying the user name whose SMB password you wish to change. Note -that when run as root smbpasswd does not prompt for or check the old -password value, thus allowing root to set passwords for users who have -forgotten their passwords. - -smbpasswd is designed to work in the same way and be familiar to UNIX -users who use the passwd or yppasswd commands. - -NOTE. As smbpasswd is designed to be installed as setuid root I would -appreciate it if everyone examined the source code to look for -potential security flaws. A setuid program, if not written properly can -be an open door to a system cracker. Please help make this program -secure by reporting all problems to me (the author, Jeremy Allison). - -My email address is :- - -jallison@whistle.com - -Setting up Samba to support LanManager Encryption. --------------------------------------------------- - -This is a very brief description on how to setup samba to support -password encryption. More complete instructions will probably be added -later. - -1) compile and install samba as usual - -2) if your system can't compile the module getsmbpass.c then remove the --DSMBGETPASS define from the Makefile. - -3) enable encrypted passwords in smb.conf by adding the line -"encrypt passwords = yes" in the [global] section - -4) create the initial smbpasswd password file in the place you -specified in the Makefile. A simple way to do this based on your -existing Makefile (assuming it is in a reasonably standard format) is -like this: - -cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd - -Change ownership of private and smbpasswd to root. - -chown -R root /usr/local/samba/private - -Set the correct permissions on /usr/local/samba/private - -chmod 500 /usr/local/samba/private - -Set the correct permissions on /usr/local/samba/private/smbpasswd - -chmod 600 /usr/local/samba/private/smbpasswd - -note that the mksmbpasswd.sh script is in the samba source directory. - -If this fails then you will find that you will need entries that look -like this: - -# SMB password file. -tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh - -note that the uid and username fields must be right. Also, you must get -the number of X's right (there should be 32). - -If you wish, install the smbpasswd program as suid root. - -chown root /usr/local/samba/bin/smbpasswd -chmod 4555 /usr/local/samba/bin/smbpasswd - -5) set the passwords for users using the smbpasswd command. For -example, as root you could do "smbpasswd tridge" - -6) try it out! - -Note that you can test things using smbclient, as it also now supports -encryption. - -============================================================================== -Footnote: Please refer to WinNT.txt also diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt deleted file mode 100644 index 02ee6e64429..00000000000 --- a/docs/textdocs/Faxing.txt +++ /dev/null @@ -1,223 +0,0 @@ -!== -!== Faxing.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Gerhard Zuber <zuber@berlin.snafu.de> -Date: August 5th 1997. -Status: Current - -Subject: F A X I N G with S A M B A -========================================================================== - -This text describes how to turn your SAMBA-server into a fax-server -for any environment, especially for Windows. - Author: Gerhard Zuber <zuber@berlin.snafu.de> - Version: 1.4 - Date: 04. Aug. 1997 - -Requirements: - UNIX box (Linux preferred) with SAMBA and a faxmodem - ghostscript package - mgetty+sendfax package - pbm package (portable bitmap tools) - -FTP sites: - sunsite.unc.edu:/pub/Linux/system/Serial/mgetty+sendfax* - tsx-11.mit.edu:/pub/linux/sources/sbin/mgetty+sendfax - ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/mgetty1.1.6-May05.tar.gz - - pbm10dec91.tgz - ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/pbm10dec91.tgz - sunsite.unc.edu: ..../apps/graphics/convert/pbmplus-10dec91-bin.tar.gz - ftp.gwdg.de/pub/linux/grafik/pbmplus.src.tar.Z (this is 10dec91 source) - or ??? pbm10dec91.tgz pbmplus10dec91.tgz - - -making mgetty+sendfax running: -============================== - - go to source tree: /usr/src/mgetty+sendfax - cp policy.h-dist policy.h - - change your settings: valid tty ports, modem initstring, Station-Id - -#define MODEM_INIT_STRING "AT &F S0=0 &D3 &K3 &C1\\\\N2" - -#define FAX_STATION_ID "49 30 12345678" - -#define FAX_MODEM_TTYS "ttyS1:ttyS2:ttyS3" - - Modem initstring is for rockwell based modems - if you want to use mgetty+sendfax as PPP-dialin-server, - define AUTO_PPP in Makefile: - -CFLAGS=-O2 -Wall -pipe -DAUTO_PPP - - compile it and install the package. - edit your /etc/inittab and let mgetty running on your preferred - ports: - -s3:45:respawn:/usr/local/sbin/mgetty ttyS2 vt100 - - now issue a - kill -HUP 1 - and enjoy with the lightning LEDs on your modem - your now are ready to receive faxes ! - - - if you want a PPP dialin-server, edit - /usr/local/etc/mgetty+sendfax/login.config - -/AutoPPP/ - ppp /usr/sbin/pppd auth debug passive modem - - - Note: this package automatically decides between a fax call and - a modem call. In case of modem call you get a login prompt ! - -Tools for printing faxes: -========================= - - your incomed faxes are in: - /var/spool/fax/incoming - - print it with: - - for i in * - do - g3cat $i | g3tolj | lpr -P hp - done - - in case of low resolution use instead: - - g3cat $i | g3tolj -aspect 2 | lpr -P hp - - - g3cat is in the tools-section, g3tolj is in the contrib-section - for printing to HP lasers. - - If you want to produce files for displaying and printing with Windows, use - some tools from the pbm-package like follow - - g3cat $i | g3topbm - | ppmtopcx - >$i.pcx - - and view it with your favourite Windows tool (maybe paintbrush) - - -Now making the fax-server: -=========================== - - fetch the file - mgetty+sendfax/frontends/winword/faxfilter - - and place it in - - /usr/local/etc/mgetty+sendfax/ - - prepare your faxspool file as mentioned in this file - edit fax/faxspool.in and reinstall or change the final - /usr/local/bin/faxspool too. - - if [ "$user" = "root" -o "$user" = "fax" -o \ - "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] - - find the first line and change the second. - - make sure you have pbmtext (from the pbm-package). This is - needed for creating the small header line on each page. - Notes on pbmplus: - Some peoples had problems with precompiled binaries (especially - at linux) with a shared lib libgr.so.x.x. The better way is - to fetch the source and compile it. One needs only pbmtext for - generating the small line on top of each page /faxheader). Install - only the individual programs you need. If you install the full - package then install pbmplus first and then mgetty+sendfax, because - this package has some changed programs by itself (but not pbmtext). - - make sure your ghostscript is functional. You need fonts ! - I prefer these from the OS/2 disks - - prepare your faxheader - /usr/local/etc/mgetty+sendfax/faxheader - - edit your /etc/printcap file: - -# FAX -lp3|fax:\ - :lp=/dev/null:\ - :sd=/usr/spool/lp3:\ - :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ - :lf=/usr/spool/lp3/fax-log: - - - - - edit your /usr/local/samba/lib/smb.conf - - so you have a smb based printer named "fax" - - -The final step: -=============== - - Now you have a printer called "fax" which can be used via - TCP/IP-printing (lpd-system) or via SAMBA (windows printing). - - On every system you are able to produce postscript-files you - are ready to fax. - - On Windows 3.1 95 and NT: - - Install a printer wich produces postscript output, - e.g. apple laserwriter - - connect the "fax" to your printer - - - Now write your first fax. Use your favourite wordprocessor, - write, winword, notepad or whatever you want, and start - with the headerpage. - - Usually each fax has a header page. It carries your name, - your address, your phone/fax-number. - - It carries also the recipient, his address and his *** fax - number ***. Now here is the trick: - - Use the text: - Fax-Nr: 123456789 - as the recipients fax-number. Make sure this text does not - occur in regular text ! Make sure this text is not broken - by formatting information, e.g. format it as a single entity. - (Windows Write and Win95 Wordpad are functional, maybe newer - versions of Winword are breaking formatting information). - - The trick is that postscript output is human readable and - the faxfilter program scans the text for this pattern and - uses the found number as the fax-destination-number. - - Now print your fax through the fax-printer and it will be - queued for later transmission. Use faxrunq for sending the - queue out. - - Notes of SAMBA smb.conf: - Simply use fall through from the samba printer to the unix - printer. Sample: - - - printcap name = /etc/printcap - print command = /usr/bin/lpr -r -P %p %s - lpq command = /usr/bin/lpq -P %p - lprm command = /usr/bin/lprm -P %p %j - - -[fax] - comment = FAX (mgetty+sendfax) - path = /tmp - printable = yes - public = yes - writable = no - create mode = 0700 - browseable = yes - guest ok = no - - - diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt deleted file mode 100644 index be1a3ed97e4..00000000000 --- a/docs/textdocs/GOTCHAS.txt +++ /dev/null @@ -1,71 +0,0 @@ -!== -!== GOTCHAS.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -This file lists Gotchas to watch out for: -========================================================================= -Item Number: 1.0 -Description: Problem Detecting Interfaces -Symptom: Workstations do NOT see Samba server in Browse List -OS: RedHat - Rembrandt Beta 2 -Platform: Intel -Date: August 16, 1996 -Submitted By: John H Terpstra -Details: - By default RedHat Rembrandt-II during installation adds an - entry to /etc/hosts as follows:- - 127.0.0.1 loopback "hostname"."domainname" - - This causes Samba to loop back onto the loopback interface. - The result is that Samba fails to communicate correctly with - the world and therefor may fail to correctly negotiate who - is the master browse list holder and who is the master browser. - -Corrective Action: Delete the entry after the word loopback - in the line starting 127.0.0.1 -========================================================================= -Item Number: 2.0 -Description: Problems with MS Windows NT Server network logon service -Symptom: Loss of Domain Logon Services and failed Windows NT / 95 - logon attempts. -OS: All Unix systems with Windows NT Domain Control environments. -Platform: All -Date: February 1, 1997 -Submitted By: John H Terpstra -Details: - Samba is configured for Domain logon control in a network - where a Windows NT Domain Primary Controller is running. - - Case 1: - The Windows NT Server is shut down, then restarted. Then - the Samba server is reconfigured so that it NO LONGER offers - Domain logon services. Windows NT and 95 workstations can no - longer log onto the domain. Ouch!!! - - Case 2: - The Windows NT Server which is running the Network logon - Service is shut down and restarted while Samba is a domain - controller offering the Domain LogOn service. Windows NT - Workstation and Server can no longer log onto the network. - - Cause: - Windows NT checks at start up to see if any domain logon - controllers are already running within the domain. It finds - Samba claiming to offer the service and therefore does NOT - start its Network Logon Service. - - Windows NT needs the Windows NT network logon service to gain - from its Domain controller's SAM database the security - identifier for the user loging on. - -Work-around: Stop the Samba nmbd and smbd processes, then on the Windows - NT Primary Domain Controller start the Network Logon Service. - Now restart the Samba nmbd and smbd services. - - Better still: DO NOT CONFIGURE SAMBA AS THE NETWORK LOGON - SERVER, DO NOT SET SAMBA TO BE THE DOMAIN MASTER, DO NOT - SET SAMBA TO OS LEVEL GREATER THAN 0. - - ie: Let Windows NT Server be the Domain Logon server, the - domain master browser and do NOT interfere with any aspect - of Microsoft Windows NT Domain Control. -========================================================================= diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt deleted file mode 100644 index 56165a345de..00000000000 --- a/docs/textdocs/HINTS.txt +++ /dev/null @@ -1,212 +0,0 @@ -!== -!== HINTS.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Many -Updated: Not for a long time! - -Subject: A collection of hints -Status: May be useful information but NOT current -=============================================================================== - -Here are some random hints that you may find useful. These really -should be incorporated in the main docs someday. - - ----------------------- -HINT: Always test your smb.conf with testparm before using it - -If your smb.conf file is invalid then samba will fail to load. Run -testparm over it before you install it just to make sure there aren't -any basic syntax or logical errors. - - ----------------------- -HINT: Try printing with smbclient first - -If you have problems printing, test with smbclient first. Just connect using -"smbclient '\\server\printer' -P" and use the "print" command. - -Once this works, you know that Samba is setup correctly for printing, -and you should be able to get it to work from your PCs. - -This particularly helps in getting the "print command" right. - - ----------------------- -HINT: Mount cdroms with conv=binary - -Some OSes (notably Linux) default to auto detection of file type on -cdroms and do cr/lf translation. This is a very bad idea when use with -Samba. It causes all sorts of stuff ups. - -To overcome this problem use conv=binary when mounting the cdrom -before exporting it with Samba. - - ----------------------- -HINT: Convert between unix and dos text formats - -Jim barry has written an excellent drag-and-drop cr/lf converter for -windows. Just drag your file onto the icon and it converts the file. - -Get it from -ftp://samba.anu.edu.au/pub/samba/contributed/fixcrlf.zip - ----------------------- -HINT: Use the "username map" option - -If the usernames used on your PCs don't match those used on the unix -server then you will find the "username map" option useful. - ------------------------ -HINT: Use "security = user" in [global] - -If you have the same usernames on the unix box and the PCs or have -mapped them with the "username map" option then choose "security = -user" in the [global] section of smb.conf. - -This will mean your password is checked only when you first connect, -and subsequent connections to printers, disks etc will go more -smoothly and much faster. - -The main problem with "security = user" if you use WfWg is that you -will ONLY be able to connect as the username that you log into WfWg -with. This is because WfWg silently ignores the password field in the -connect drive dialog box if the server is in user security mode. - ------------------------- -HINT: Make your printers not "guest ok" - -If your printers are not "guest ok" and you are using "security = -user" and have matching unix and PC usernames then you will attach to -the printer without trouble as your own username. This will mean you -will be able to delete print jobs (in 1.8.06 and above) and printer -accounting will be possible. - - ------------------------ -HINT: Use a sensible "guest" account - -Even if all your services are not available to "guest" you will need a -guest account. This is because the browsing is done as guest. In many -cases setting "guest account = ftp" will do the trick. Using the -default guest account or "guest account = nobody" will give problems on -many unixes. If in doubt create another account with minimal -privilages and use it instead. Your users don't need to know the -password of the guest account. - - ------------------------ -HINT: Use the latest TCP/IP stack from microsoft if you use Windows -for workgroups. - -The early TCP/IP stacks had lots of bugs. - -Microsoft has released an incremental upgrade to their TCP/IP 32-Bit -VxD drivers. The latest release can be found on their ftp site at -ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe. -There is an update.txt file there that describes the problems that were -fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386, -WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE. - - ------------------------ -HINT: nmbd can act as a "WINS" server - -By default SMB clients use broadcasts to find shares. Recent clients -(such as WfWg) can use a "wins" server instead, whcih reduces your -broadcast traffic and allows you to find names across routers. - -Just point your WfWg, Win95 and NT clients at the Samba box in the WINS option. - -Note: nmbd does not support all WINS operations. Anyone out there have -a spec they could send me? - ------------------------ -HINT: you may need to delete your .pwl files when you change password. - -WfWg does a lousy job with passwords. I find that if I change my -password on either the unix box or the PC the safest thing to do is to -delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password. - -If you don't do this you may find that WfWg remembers and uses the old -password, even if you told it a new one. - -Often WfWg will totally ignore a password you give it in a dialog box. - ----------------------- -HINT: Using MS Access - -Here are some notes on running MS-Access on a Samba drive from Stefan -Kjellberg <stefank@esi.com.au> - -1. Opening a database in 'exclusive' mode does NOT work. Samba ignores - r/w/share modes on file open. - -2. Make sure that you open the database as 'shared' and to 'lock modified - records' - -3. Of course locking must be enabled for the particular share (smb.conf) - - ---------------------- -HINT: password cacheing in WfWg - -Here is a hint from michael@ecel.uwa.edu.au (Michael Simmons): - -In case people where not aware. There is a program call admincfg.exe -on the last disk (disk 8) of the WFW 3.11 disk set. To install it -type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon -for it via the "Progam Manager" "New" Menu. This program allows you -to control how WFW handles passwords. ie disable Password Caching etc -for use with "security = user" - - --------------------- -HINT: file descriptor limits - -If you have problems with the limits on the number of open files you -can edit local.h to fix it. - --------------------- -HINT: HPUX initgroups() problem - -here is a hint from Frank Wales [frank@arcglade.demon.co.uk]: - -HP's implementation of supplementary groups is, er, non-standard (for -hysterical reasons). There are two group files, /etc/group and -/etc/logingroup; the system maps UIDs to numbers using the former, but -initgroups() reads the latter. Most system admins who know the ropes -symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons -too stupid to go into here). initgroups() will complain if one of the -groups you're in in /etc/logingroup has what it considers to be an invalid -ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think) -60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody' -GIDs. - -Perhaps you could suggest to users that, if they encounter this problem, -they make sure that the programs that are failing to initgroups() be -run as users not in any groups with GIDs outside the allowed range. - -This is documented in the HP manual pages under setgroups(2) and passwd(4). - - ---------------------- -HINT: Patch your SCO system - -If you run SCO Unix then you may need to get important TCP/IP patches -for Samba to work correctly. Try - -Paul_Davis@mindlink.bc.ca writes: - - I was having problems with Accpac using 1.9.02 on SCO Unix. One - posting function reported corrupted data. After installing uod385a, - the problem went away (a restore from backup and then another - run-thru). - - It appears that the uod385a update for SCO may be fairly important for - a lot of different DOS and Windows software under Samba. - - uod385a can be found at ftp.sco.com /SLS/uod385a.Z and uod385a.ltr.Z. - - diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar deleted file mode 100644 index 413f54d3c65..00000000000 --- a/docs/textdocs/INSTALL.sambatar +++ /dev/null @@ -1,33 +0,0 @@ -Contributor: Ricky Poulten <poultenr@logica.co.uk> -Date: Unknown -Status: Current - -Subject: Using smbtar -============================================================================= - -Please see the readme and the man page for general info. - -1) Follow the samba installation instructions. - -2) If all goes well, test it out by creating a share on your PC (called -backup for example) then doing something like, - - ./smbtar -s mypc -t /dev/rmt/0ubn -x backup - -substituting whatever your tape drive is for the -t option, or set your -tape environmental variable. - -If all does not go well, feel free to mail the author (poultenr@logica.co.uk) -about bug reports / help / money / pizza / etc. - -3) Read the man page and the NOTES file for more information - -4) Work smbtar into your usual nightly backup scheme (presuming you -have one :-}). - - -NOTE: - -If you have problems with smbtar then it's probably best to contact the -author Ricky Poulten (poultenr@logica.co.uk). - diff --git a/docs/textdocs/MIRRORS.txt b/docs/textdocs/MIRRORS.txt deleted file mode 100755 index d5b4e35abb8..00000000000 --- a/docs/textdocs/MIRRORS.txt +++ /dev/null @@ -1,84 +0,0 @@ -!== -!== MIRRORS.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -The main Samba ftp site is samba.anu.edu.au in pub/samba/. Contact -samba-bugs@samba.anu.edu.au for help with this site. - -The 'Source Only' sites may also contain binary packages as we are now -including them on samba.anu.edu.au/pub/samba/Binary_Packages - -Mirror sites include: - ---- Austria --- - ftp://gd.tuwien.ac.at/pub/infosys/servers/samba/sources/ ---- Australia --- - ftp://samba.anu.edu.au/pub/samba/ - ftp://choc.satech.net.au/pub/samba/ ---- USA Educational --- - ftp://sunsite.unc.edu/pub/packages/samba/sources/ - ftp://ftp.micro.caltech.edu/pub/samba/ - ftp://ftp.cs.ucr.edu/pub/software/samba/ ---- Czech Republic --- - ftp://sunsite.mff.cuni.cz/Net/Protocols/Samba/ ---- Denmark --- - ftp://sunsite.auc.dk/pub/unix/networking/samba/ ---- Finland --- - ftp://nic.funet.fi/pub/mirrors/samba.anu.edu.au/ ---- Germany --- - ftp://ftp.uni-trier.de/pub/unix/network/samba/ ---- Greece --- - ftp://ftp.ntua.gr/pub/net/samba/ ---- Italy --- - ftp://volftp.tin.it/mirror/samba/pub/samba/ - http://www.inferentia.it/archives/samba/ (no binaries) ---- Japan --- - ftp://ring.asahi-net.or.jp/archives/net/samba/ - ftp://ring.aist.go.jp/archives/net/samba/ - ftp://ftp.win.or.jp/pub/network/samba/ ---- Korea (South) --- - ftp://CAIR-archive.kaist.ac.kr/pub/samba/ ---- Network --- - ftp://ftp.gbnet.net/pub/samba/ - ftp://ftp.ntrl.net/pub/mirror/samba/ - ftp://despair.capecod.net/pub/Samba/ ---- Poland --- - ftp://giswitch.sggw.waw.pl/pub/unix/samba/ ---- Potugal --- - ftp://ftp.ua.pt/pub/misc/samba/ ---- Romania --- - ftp://ftp.romus.ro/pub/Linux/Network/samba/ ---- Russian Federation --- - ftp://ftp.uic.nsu.ru/pub/vendors/samba/ ---- United Kingdom --- - ftp://sunsite.doc.ic.ac.uk/packages/samba/ - ftp://ftp.demon.co.uk/pub/mirrors/samba/ - -SCO binaries available from: - http://www.math.u-szeged.hu/hardsoft/hsdetail.htm - -AIX and DEC OSF/1 binaries are available from: - ftp://www.inferentia.it/archives/samba (built by davide.migliavacca@inferentia.it) - -QNX binaries and source code: - ftp://quics.qnx.com/usr/free/staging/samba - -Amiga OS binaries and source: - http://www.gbar.dtu.dk/~c948374/Amiga/Samba - -Stratos VOS binaries and source: - ftp://ftp.stratus.com/pub/vos/tools - -OS/2 binaries and source: - http://carol.wins.uva.nl/~leeuw/samba/samba2.html - -IBM OS/390 MVS: - ftp://ftp.mks.com/pub/samba - - -There are several others. Give archie a try. - -Http sites include: -=================== -http://samba.anu.edu.au/samba - -Japanese - http://samba.bento.ad.jp/ diff --git a/docs/textdocs/NTDOMAIN.txt b/docs/textdocs/NTDOMAIN.txt deleted file mode 100644 index 1a24dc3eb48..00000000000 --- a/docs/textdocs/NTDOMAIN.txt +++ /dev/null @@ -1,155 +0,0 @@ -!== -!== NTDOMAIN.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Luke Kenneth Casson Leighton (samba-bugs@samba.anu.edu.au) - Copyright (C) 1997 Luke Kenneth Casson Leighton -Created: October 20, 1997 -Updated: October 29, 1997 - -Subject: NT Domain Logons -=========================================================================== - -As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations, -without the need, use or intervention of NT Server. This document describes -how to set this up. Over the continued development of the 1.9.18alpha -series, this process (and therefore this document) should become simpler. - -One useful thing to do is to get this version of Samba up and running -with Win95 profiles, as you would for the current stable version of -Samba (currently at 1.9.17p4), and is fully documented. You will need -to set up encrypted passwords. Even if you don't have any Win95 machines, -using your Samba Server to store the profile for one of your NT Workstation -users is a good test that you have 1.9.18alpha1 correctly configured *prior* -to attempting NT Domain Logons. - -The support is still experimental, so should be used at your own risk. - -NT is not as robust as you might have been led to believe: during the -development of the Domain Logon Support, one person reported having to -reinstall NT from scratch: their workstation had become totally unuseable. - -[further reports on ntsec@iss.net by independent administrators showing - similar symptoms lead us to believe that the SAM database file may be - corruptible. this _is_ recoverable (or, at least the machine is accessible), - by deleting the SAM file, under which circumstances all user account details - are lost, but at least the Administrator can log in with a blank password. - this is *not* possible except if the NT system is installed in a FAT - partition.] - -This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest. - - -Domain Logons using 1.9.18alpha1 -================================ - -1) compile samba with -DNTDOMAIN - -2) set up samba with encrypted passwords: see ENCRYPTION.txt (probably out - of date: you no longer need the DES libraries, but other than that, - ENCRYPTION.txt is current). - - at this point, you ought to test that your samba server is accessible - correctly with encrypted passwords, before progressing with any of the - NT workstation-specific bits: it's up to you. - -3) [ for each workstation, add a line to smbpasswd with a username of MACHINE$ - and a password of "machine". this process will be automated in further - releases. lkcl02nov97 - done, as of 1.9.18alpha11! added new options - "domain hosts allow/deny" too :-) ] - -4) if using NT server to log in, run the User Manager for Domains, and - add the capability to "Log in Locally" to the policies, which you would - have to do even if you were logging in to another NT PDC instead of a - Samba PDC. - -5) set up the following parameters in smb.conf - -; substitute your workgroup here - workgroup = SAMBA - -; a description of domain sids can be found elsewhere. -; you **MUST** begin the domain SID with S-1-5-21. -; the rest is up to you. - domain sid = S-1-5-21-123-456-789-123 - -; tells workstations to use SAMBA as its Primary Domain Controller. - domain logons = yes - -6) make sure samba is running before the next step is carried out. if - this is your first time, just for fun you might like to switch the - debug log level to about 10. the NT pipes produces some very pretty - output when decoding requests and generating responses, which would - be particularly useful to see in tcpdump at some point. - -7) In the NT Network Settings, change the domain to SAMBA. Do - not attempt to create an account using the other part of the dialog: - it will fail at present. - - You should get a wonderful message saying "Welcome to the SAMBA Domain." - - If you don't, then please first increase your debug log levels and also - get a tcpdump (or preferably NetMonitor) trace and examine it carefully. - You should see a NETLOGON, a SAMLOGON on UDP port 138. If you don't, - then you probably don't have "domain logons = yes" or there is some other - problem in resolving the NetBIOS name SAMBA<1c>. - - On port 139, you should see a LSA_OPEN_POLICY, two LSA_QUERY_INFOs (one - for a domain SID of S-1-3... and another for S-1-5) and then an LSA_CLOSE - or two. - - You may see a pipe connection to a wksta service being refused: this - is acceptable, we have found. You may also see a "Net Server Get Info" - being issued on the srvsvc pipe. - - Assuming you got the Welcome message, go through the obligatory reboot... - -8) When pressing Ctrl-Alt-Delete, the NT login box should have three entries. - If there is a delay of about twenty seconds between pressing Ctrl-Alt-Delete - and the appearance of this login dialog, then there might be a problem: - at this stage the workstation is issuing an LSA_ENUMTRUSTEDDOMAIN request - - The domain box should have two entries: the hostname and the SAMBA domain. - Any local accounts are under the hostname domain, from which you will be - able to shut down the machine etc. At present, we do not specify that - the NT user logging in is a member of any groups, so will have no - priveleges, including the ability to shut down the machine [lkcl02nov97 - - done, as of samba-1.9.18alpha3! see "domain admin/guest users" and - "domain groups" parameters]. - - Select the SAMBA domain, and type in a valid username and password for - which there is a valid entry in the samba server's smbpasswd LM/NT OWF - database. At present, the password is ignored, to allow access to the - domain, but *not* ignored for accesses to Samba's SMB services: that's - completely separate from the SAM Logon process. Even if you log in a - user to a domain, your users will still need to connect to Samba SMB - shares with valid username / passwords, for that share. - - You should see an LSA_REQ_CHAL, followed by LSA_AUTH2, LSA_NET_SRV_PWSET, - and LSA_SAM_LOGON. The SAM Logon will be particularly large (the response - can be approximately 600 bytes) as it contains user info. - - Also, there will probably be a "Net Server Get Info" and a "Net Share Enum" - amongst this lot. If the SAM Logon is successful, the dialog should - disappear, and a standard SMB connection established to download the - profile specified in the SAM Logon (if it was). - - At this point, you _may_ encounter difficulties in creating a remote - profile, and the login may terminate (generating an LSA_SAM_LOGOFF). If - this occurs, then either find an existing profile on the samba server and - copy it into the location specified by the "logon path" smb.conf parameter - for the user logging in, or log in on the local machine, and use the - System | Profiles control panel to make a copy of the _local_ profile onto - the samba server. This process is described and documented in the NT - Help Files. - -9) Play around. Look at the Samba Server: see if it can be found in the - browse lists. Check that it is accessible; run some applications. - Generally stress things. Laugh a lot. Logout of the NT machine - (generating an LSA_SAM_LOGOFF) and log back in again. Try logging in - two users simultaneously. Try logging the same user in twice. - Make Samba fall over, and then send bug reports to us, with NTDOM: at - the start of the subject line, as "samba-bugs@samba.anu.edu.au". - -Your reports, testing, patches, criticism and encouragement will help us -get this right. - diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt deleted file mode 100644 index 7bedce37e05..00000000000 --- a/docs/textdocs/NetBIOS.txt +++ /dev/null @@ -1,155 +0,0 @@ -!== -!== NetBIOS.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: lkcl - samba-bugs@arvidsjaur.anu.edu.au - Copyright 1997 Luke Kenneth Casson Leighton -Date: March 1997 -Status: Current -Updated: 12jun97 - -Subject: Definition of NetBIOS Protocol and Name Resolution Modes -============================================================================= - -======= -NETBIOS -======= - -NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. -Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS -Session Service NetBIOS Datagram Service, and NetBIOS Names, see -rfc1001.txt and rfc1002.txt. - -NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS -datagrams to be sent out over the 'wire' embedded within LLC frames. -NetBEUI is not required when using NetBIOS over TCP/IP protocols and it -is preferable NOT to install NetBEUI if it can be avoided. - -IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is -preferable NOT to install the IPX/SPX transport unless you are using Novell -servers. At the very least, it is recommended that you do not install -'NetBIOS over IPX/SPX'. - -[When installing Windows 95, you will find that NetBEUI and IPX/SPX are -installed as the default protocols. This is because they are the simplest -to manage: no Windows 95 user-configuration is required]. - - -NetBIOS applications (such as samba) offer their services (for example, -SMB file and print sharing) on a NetBIOS name. They must claim this name -on the network before doing so. The NetBIOS session service will then -accept connections on the application's behalf (on the NetBIOS name -claimed by the application). A NetBIOS session between the application -and the client can then commence. - -NetBIOS names consist of 15 characters plus a 'type' character. This is -similar, in concept, to an IP address and a TCP port number, respectively. -A NetBIOS-aware application on a host will offer different services under -different NetBIOS name types, just as a host will offer different TCP/IP -services on different port numbers. - -NetBIOS names must be claimed on a network, and must be defended. The use -of NetBIOS names is most suitable on a single subnet; a Local Area Network -or a Wide Area Network. - -NetBIOS names are either UNIQUE or GROUP. Only one application can claim a -UNIQUE NetBIOS name on a network. - -There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point. - - -================= -BROADCAST NetBIOS -================= - -Clients can claim names, and therefore offer services on successfully claimed -names, on their broadcast-isolated subnet. One way to get NetBIOS services -(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and -SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make -your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. - -This, however, is not recommended. If you have a large LAN or WAN, you will -find that some of your hosts spend 95 percent of their time dealing with -broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find -that this is already happening: a packet analyzer will show, roughly -every twelve minutes, great swathes of broadcast traffic!]. - - -============ -NBNS NetBIOS -============ - -rfc1001.txt describes, amongst other things, the implementation and use -of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' -which is fully rfc1001/2 compliant, but has had to take specific action -with certain NetBIOS names in order to make it useful. (for example, it -deals with the registration of <1c> <1d> <1e> names all in different ways. -I recommend the reading of the Microsoft WINS Server Help files for full -details). - -Samba also offers WINS server capabilities. Samba does not interact -with NT/AS (WINS replication), so if you have a mixed NT server and -Samba server environment, it is recommended that you use the NT server's -WINS capabilities, instead of samba's WINS server capabilities. - -The use of a WINS server cuts down on broadcast network traffic for -NetBIOS name resolution. It has the effect of pulling all the broadcast -isolated subnets together into a single NetBIOS scope, across your LAN -or WAN, while avoiding the use of TCP/IP broadcast packets. - -When you have a WINS server on your LAN, WINS clients will be able to -contact the WINS server to resolve NetBIOS names. Note that only those -WINS clients that have registered with the same WINS server will be -visible. The WINS server _can_ have static NetBIOS entries added to its -database (usually for security reasons you might want to consider putting -your domain controllers or other important servers as static entries, -but you should not rely on this as your sole means of security), but for -the most part, NetBIOS names are registered dynamically. - -[It is important to mention that samba's browsing capabilities (as a WINS -client) must have access to a WINS server. if you are using samba also -as a WINS server, then it will have a direct short-cut into the WINS -database. - -This provides some confusion for lots of people, and is worth mentioning -here: a Browse Server is NOT a WINS Server, even if these services are -implemented in the same application. A Browse Server _needs_ a WINS server -because a Browse Server is a WINS client, which is _not_ the same thing]. - -Clients can claim names, and therefore offer services on successfully claimed -names, on their broadcast-isolated subnet. One way to get NetBIOS services -(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and -SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make -your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. -You will find, however, if you do this on a large LAN or a WAN, that your -network is completely swamped by NetBIOS and browsing packets, which is why -WINS was developed to minimise the necessity of broadcast traffic. - -WINS Clients therefore claim names from the WINS server. If the WINS -server allows them to register a name, the client's NetBIOS session service -can then offer services on this name. Other WINS clients will then -contact the WINS server to resolve a NetBIOS name. - - -======================= -Samba WINS Capabilities -======================= - -To configure samba as a WINS server, you must add "wins support = yes" to -the [global] section of your smb.conf file. This will enable WINS server -capabilities in nmbd. - -To configure samba as a WINS client, you must add "wins server = x.x.x.x" -to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP -address of your WINS server. The browsing capabilities in nmbd will then -register (and resolve) WAN-wide NetBIOS names with this WINS server. - -Note that if samba has "wins support = yes", then the browsing capabilities -will _not_ use the "wins server" option to resolve NetBIOS names: it will -go directly to the internal WINS database for NetBIOS name resolution. It -is therefore invalid to have both "wins support = yes" and -"wins server = x.x.x.x". Note, in particular, that if you configure the -"wins server" parameter to be the ip address of your samba server itself -(as might one intuitively think), that you will run into difficulties. -Do not use both parameters! - - diff --git a/docs/textdocs/OS2-Client-HOWTO.txt b/docs/textdocs/OS2-Client-HOWTO.txt deleted file mode 100644 index 53731f7c2ad..00000000000 --- a/docs/textdocs/OS2-Client-HOWTO.txt +++ /dev/null @@ -1,64 +0,0 @@ -!== -!== OS2-Client-HOWTO.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== - - -Q. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba? - -A. A more complete answer to this question can be found on: - http://carol.wins.uva.nl/~leeuw/samba/warp.html - - Basically, you need three components: - - * The File and Print Client ('IBM Peer') - * TCP/IP ('Internet support') - * The "NetBIOS over TCP/IP" driver ('TCPBEUI') - - Installing the first two together with the base operating system on a blank - system is explained in the Warp manual. If Warp has already been installed, - but you now want to install the networking support, use the "Selective - Install for Networking" object in the "System Setup" folder. - - Adding the "NetBIOS over TCP/IP" driver is not described in the manual and - just barely in the online documentation. Start MPTS.EXE, click on OK, click - on "Configure LAPS" and click on "IBM OS/2 NETBIOS OVER TCP/IP" in - 'Protocols'. This line is then moved to 'Current Configuration'. Select - that line, click on "Change number" and increase it from 0 to 1. Save this - configuration. - - If the Samba server(s) is not on your local subnet, you can optionally add - IP names and addresses of these servers to the "Names List", or specify a - WINS server ('NetBIOS Nameserver' in IBM and RFC terminology). For Warp - Connect you may need to download an update for 'IBM Peer' to bring it on - the same level as Warp 4. See the webpage mentioned above. - - -Q. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for - Samba? - -A. You can use the free Microsoft LAN Manager 2.2c Client for OS/2 from - ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/ - See http://carol.wins.uva.nl/~leeuw/lanman.html for more information on - how to install and use this client. In a nutshell, edit the file \OS2VER - in the root directory of the OS/2 boot partition and add the lines - - 20=setup.exe - 20=netwksta.sys - 20=netvdd.sys - - before you install the client. Also, don't use the included NE2000 driver - because it is buggy. Try the NE2000 or NS2000 driver from - <a href="ftp://ftp.cdrom.com/pub/os2/network/ndis/"> - ftp://ftp.cdrom.com/pub/os2/network/ndis/</a> instead. - - -Q. Are there any other issues when OS/2 (any version) is used as a client? - -A. When you do a NET VIEW or use the "File and Print Client Resource Browser", - no Samba servers show up. This can be fixed by a patch from - http://carol.wins.uva.nl/~leeuw/samba/fix.html - The patch will be included in a later version of Samba. It also fixes a - couple of other problems, such as preserving long filenames when objects - are dragged from the Workplace Shell to the Samba server. - - diff --git a/docs/textdocs/PRINTER_DRIVER.txt b/docs/textdocs/PRINTER_DRIVER.txt deleted file mode 100644 index 7335080ca24..00000000000 --- a/docs/textdocs/PRINTER_DRIVER.txt +++ /dev/null @@ -1,77 +0,0 @@ -!== -!== PRINTER_DRIVER.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -========================================================================== - Supporting the famous PRINTER$ share - - Jean-Francois.Micouleau@utc.fr, 10/26/97 - -=========================================================================== - -Disclaimer: - - This ONLY works with Windows 95 - It does NOT work with Windows NT 4 - - -Goal: - - When you click on a samba shared printer, you can now install the driver - automatically onto the Windows 95 machine, as you would from an NT server. - -How To: - - It's a three step config. - - First, create a new directory, where you will put the driver files, and - make a share in smb.conf pointing to it. - - Example: - - [printer$] - path=/usr/local/samba/printer - public=yes - writable=no - browseable=yes - - Second, you have to build the list of the drivers required for a specific - printer. This is the most complicated thing to do. Get the files - 'msprint.inf' and 'msprint2.inf' from Windows 95, the easiest way is to - grab them from a working Windows 95 computer. They are usually located - in 'c:\windows\inf'. Look in them for the printer you have. Run the new - program 'mkprinterdef' with the file name and the printer name as - parameters. - Example: - - mkprinterdef msprint.def "Apple LaserWriter" >>/usr/local/samba/lib/printers.def - - Copy also all the files into the directory you created in step 1 - - Third, you need to add 2 new parameters in smb.conf. One is in the - [global] section, called 'printer driver file' pointing to the file description, - and the other in each printer share, called 'printer driver location' pointing - to where the client will get the drivers. Don't forget to set correctly - the printer driver parameter to the Windows printer name. - Example: - - [global] - printer driver file=/usr/local/samba/lib/printers.def - - [lp] - comment = My old printer laser - browseable = yes - printable = yes - public = yes - writable = no - create mode = 0700 - printer driver=Apple LaserWriter - printer driver location=\\JOKER\PRINTER$ - - JOKER is in my case my computer name, and PRINTER$ is the name of the - share created in step one. - - -If it doesn't work for you, don't send flame ! It worked for me. In case of -trouble don't hesitate to send me a mail with your smb.conf file and -printers.def - diff --git a/docs/textdocs/PROJECTS b/docs/textdocs/PROJECTS deleted file mode 100644 index 07f82c74d94..00000000000 --- a/docs/textdocs/PROJECTS +++ /dev/null @@ -1,88 +0,0 @@ - Samba Projects Directory - ======================== - - ->>>>> NOTE: THIS FILE IS NOW VERY OUT OF DATE <<<<< - - -This is a list of who's working on what in Samba. It's not guaranteed -to be uptodate or accurate but I hope it will help us getting -coordinated. - -If you are working on something to do with Samba and you aren't here -then please let me know! Also, if you are listed below and you have -any corrections or updates then please let me know. - -Email contact: -samba-bugs@samba.anu.edu.au - -======================================================================== -Documentation and FAQ - -Docs and FAQ files for the Samba suite of software. - -Contact samba-bugs@samba.anu.edu.au with the diffs. These are urgently -required. - -The FAQ is being added to on an ad hoc basis, see the web pages for info. - -Mark Preston was working on a set of formatted docs for Samba. Is this -still happening? Contact mpreston@sghms.ac.uk - -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Netbeui support - -This aimed to produce patches so that Samba can be used with clients -that do not have TCP/IP. It will try to remain as portable as possible. -Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and -although a lot of people have expressed interest nobody has come forward -to do it. The Novell port (see Samba web pages) includes NetBEUI -functionality in a proprietrary library which should still be helpful as -we have the interfaces. Alan Cox (a.cox@li.org) has the information -required to write the state machine if someone is going to do the work. - -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Smbfs - -A mountable smb filesystem for Linux using the userfs userspace filesystem - -Contact lendecke@namu01.gwdg.de (Volker Lendecke) - -This works really well, and is measurably more efficient than commercial -client software. It is now part of the Linux kernel. Long filename support -is in use. - -Status last updated June 1997 -======================================================================== - -======================================================================== -Admin Tool - -Aims to produce a nice smb.conf editor and other useful tools for -administering a Samba system. - -Contact: Steve Brown (steve@unicorn.dungeon.com) - -In the design phase. - -Status last updated 4th September 1994 -======================================================================== - - -======================================================================== -Lanman Client. - -Contact: john@amanda.xs4all.nl (John Stewart) - -Aims to produce a reliable LANMAN Client implementation for LINUX, -and possibly other variations of UNIX. Project ably started by -Tor Lillqvist; tml@hemuli.tte.vtt.fi - -Status last updated 17th January 1995 -======================================================================== diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt deleted file mode 100644 index 22f1b182e84..00000000000 --- a/docs/textdocs/Passwords.txt +++ /dev/null @@ -1,49 +0,0 @@ -!== -!== Passwords.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Unknown -Date: Unknown -Status: Current - -Subject: NOTE ABOUT PASSWORDS -============================================================================= - -Unix systems use a wide variety of methods for checking the validity -of a password. This is primarily controlled with the Makefile defines -mentioned in the Makefile. - -Also note that some clients (notably WfWg) uppercase the password -before sending it. The server tries the password as it receives it and -also after lowercasing it. - -The Samba server can also be configured to try different -upper/lowercase combinations. This is controlled by the [global] -parameter "password level". A level of N means to try all combinations -up to N uppercase characters in the password. A high value can chew a -fair bit of CPU time and can lower the security of your system. Do not -use this options unless you really need it - the time taken for -password checking can become so high that clients time out. - -If you do use the "password level" option then you might like to use --DUFC_CRYPT in your Makefile. On some machine this makes password -checking _much_ faster. This is also useful if you use the @group -syntax in the user= option. - -If your site uses AFS (the Andrew File System), you can use the AFS section -in the Makefile. This will first attempt to authenticate a username and -password to AFS. If that succeeds, then the associated AFS rights will be -granted. Otherwise, the password checking routine falls back to whatever -Unix password checking method you are using. Note that the AFS code is -only written and tested for AFS 3.3 and later. - - -SECURITY = SERVER -================= - -Samba can use a remote server to do its username/password -validation. This allows you to have one central machine (for example a -NT box) control the passwords for the Unix box. - -See the section on "security =" in smb.conf(5) for details. - - diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt deleted file mode 100644 index 9d7c2ea26af..00000000000 --- a/docs/textdocs/Printing.txt +++ /dev/null @@ -1,96 +0,0 @@ -!== -!== Printing.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Unknown <samba-bugs@samba.anu.edu.au> -Date: Unknown -Status: Current - -Subject: Dubugging Printing Problems -============================================================================= - -This is a short description of how to debug printing problems with -Samba. This describes how to debug problems with printing from a SMB -client to a Samba server, not the other way around. For the reverse -see the examples/printing directory. - -Please send enhancements to this file to samba-bugs@samba.anu.edu.au - -Ok, so you want to print to a Samba server from your PC. The first -thing you need to understand is that Samba does not actually do any -printing itself, it just acts as a middleman between your PC client -and your Unix printing subsystem. Samba receives the file from the PC -then passes the file to a external "print command". What print command -you use is up to you. - -The whole things is controlled using options in smb.conf. The most -relevant options (which you should look up in the smb.conf man page) -are: - print command - lpq command - lprm command - -Samba should set reasonable defaults for these depending on your -system type, but it isn't clairvoyant. It is not uncommon that you -have to tweak these for local conditions. - -On my system I use the following settings: - - print command = lpr -r -P%p %s - lpq command = lpq -P%p - lprm command = lprm -P%p %j - -The % bits are "macros" that get dynamically replaced with variables -when they are used. The %s gets replaced with the name of the spool -file that Samba creates and the %p gets replaced with the name of the -printer. The %j gets replaced with the "job number" which comes from -the lpq output. - -When I'm debugging printing problems I often replace these command -with pointers to shell scripts that record the arguments, and the -contents of the print file. A simple example of this kind of things -might be: - - print command = cp %s /tmp/tmp.print - -then you print a file and look at the /tmp/tmp.print file to see what -is produced. Try printing this file with lpr. Does it work? If not -then your problem with with your lpr system, not with Samba. Often -people have problems with their /etc/printcap file or permissions on -various print queues. - -Another common problem is that /dev/null is not world writeable. Yes, -amazing as it may seem, some systems make /dev/null only writeable by -root. Samba uses /dev/null as a place to discard output from external -commands like the "print command" so if /dev/null is not writeable -then nothing will work. - -Other really common problems: - -- lpr isn't in the search path when Samba tries to run it. Fix this by -using the full path name in the "print command" - -- the user that the PC is trying to print as doesn't have permission -to print. Fix your lpr system. - -- you get an extra blank page of output. Fix this in your lpr system, -probably by editing /etc/printcap. It could also be caused by -incorrect setting on your client. For example, under Win95 there is a -option Printers|Printer Name|(Right -Click)Properties|Postscript|Advanced| that allows you to choose if a -Ctrl-D is appended to all jobs. This will affect if a blank page is -output. - -- you get raw postscript instead of nice graphics on the output. Fix -this either by using a "print command" that cleans up the file before -sending it to lpr or by using the "postscript" option in smb.conf. - -Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell -scripts. Doing print accounting is easy by passing the %U option to a -print command shell script. You could even make the print command -detect the type of output and its size and send it to an appropriate -printer. - -If the above debug tips don't help, then maybe you need to bring in -the bug gun, system tracing. See Tracing.txt in this directory. - diff --git a/docs/textdocs/README.DCEDFS b/docs/textdocs/README.DCEDFS deleted file mode 100644 index da9bb2197da..00000000000 --- a/docs/textdocs/README.DCEDFS +++ /dev/null @@ -1,78 +0,0 @@ -Contributor: Jim Doyle <doyle@oec.com> -Date: 06-02-95 -Status: Current but needs updating - -Subject: Basic DCE/DFS Support for SAMBA 1.9.13 -============================================================================= - -Functionality: --------------- - - Per-instance authentication for DCE/DFS. - -Missing Functionality in this Implementation: ---------------------------------------------- - - * No automatic refresh of credentials - - To do so would not be that hard.. One could simply - stash the clear-text key in memory, spawn a key management - thread to wake up right before credentials expire and - refresh the login context. - - * No UNIX Signals support (SIGCLD, SIGPIPE, SIGHUP, SIGBUS, SIGSEGV) - - - There is no support for signal processing in Samba daemons - that need to authenticate with DCE. The explanation for this - is that the smbd is linked against thread-safe libraries in - order to be able to use DCE authentication mechanisms. - Because smbd uses signal() and fork(), it represents the - worst case scenario for DCE portability. In order - to properly support signals in a forked server environment, - some rework of smbd is needed in order to properly - construct, shutdown and reconstruct asynchronous signal - handling threads and synchronous signal traps across the - parent and child. I have not had contiguous time to work - on it, I expect it to be a weeks worth of work to cleanly - integrate thread-safe signal handing into the code and - test it. Until I can get to this task, I will leave it up - to someone adventurous enough to engineer it and negotiate - with Andrew to integrate the changes into the mainline branch. - - The lack of full signal support means that you cannot - rely upon SIGHUP-ing the parent daemon to refresh - the configuration data. Likewise, you cannot take advantage - of the builtin SIGBUS/SIGSEGV traps to diagnose failures. - You will have to halt Samba in order to make changes - and then have them take effect. - - The SMBD server as it stands is suitable to use if you - already have experience with configuring and running - SAMBA. - -Tested Platforms: ------------------ - - HP-UX 9.05 / HP-UX DCE 1.2.1 - AIX 3.2.5 / AIX DCE/6000 1.3 - DEC OSF-1 3.0 / DEC DCE 1.3 - -Building: ---------- - - - Uncomment the the appropriate block in the Makefile - for the platform you wish to build on. - - - Samples of Samba server configuration files for our - DFS environment are included in samples.dcedfs/ - - - -Bugs, Suggestions, etc.. --------------------------- - - Please post them to the mailing list. - That way I will see them and they will become part of - the archives so others can share the knowledge. - diff --git a/docs/textdocs/README.jis b/docs/textdocs/README.jis deleted file mode 100644 index 50ff0cced74..00000000000 --- a/docs/textdocs/README.jis +++ /dev/null @@ -1,149 +0,0 @@ -$B!|(B samba $BF|K\8lBP1~$K$D$$$F(B - -1. $BL\E*(B - - $BF|K\8lBP1~$O!"(B - - (1) MS-Windows $B>e$G!"4A;z%U%!%$%kL>$r$I$&$7$F$b07$&I,MW$N$"$k%"%W%j%1!<%7%g%s$,$A$c(B - $B$s$HF0:n$9$k!#Nc$($P!"(BMS-WORD 5 $B$J$I$O!"%$%s%9%H!<%k;~$K4A;z$N%U%!%$%kL>$r>!<j(B - $B$K$D$1$F$7$^$$$^$9!#$3$&$$$C$?>l9g$K$A$c$s$HBP1~$G$-$k$h$&$K$9$k!#(B - - (2) UNIX $B$O!":G6a$G$O$[$H$s$I$N$b$N$,(B 8 bits $B$N%U%!%$%kL>$r%5%]!<%H$7$F$$$^$9$,!"(B - $BCf$K$O!"$3$l$r%5%]!<%H$7$F$$$J$$$b$N$b$"$j$^$9!#$3$N$h$&$J>l9g$G$b!"(B(1)$B$NL\E*(B - $B$,K~B-$G$-$k$h$&$K$9$k!#(B - - $B$rL\E*$H$7$F$$$^$9!#$=$N$?$a!"F|K\8lBP1~$O!"I,MW:G>.8B$7$+9T$J$C$F$*$j$^$;$s!#(B - - $BF|K\8lBP1~$7$?(B samba $B$rMxMQ$9$k$?$a$K$O!"%3%s%Q%$%k$9$k;~$K!"I,$:!"(BKANJI $B$NDj5A$rDI(B - $B2C$7$F$/$@$5$$!#$3$N%*%W%7%g%s$r;XDj$7$F$$$J$$>l9g$O!"F|K\8l$N%U%!%$%kL>$r@5$7$/07(B - $B$&$3$H$O$G$-$^$;$s!#!J%3%s%Q%$%k$K$D$$$F$O!"2<5-(B 3. $B$r;2>H$7$F2<$5$$!K(B - -2. $BMxMQJ}K!(B - -(1) $BDI2C$7$?%Q%i%a!<%?(B - - smb.conf $B%U%!%$%k$N(B global $B%;%/%7%g%s$K0J2<$N%Q%i%a!<%?$r@_Dj$G$-$k$h$&$K$7$^$7$?!#(B - - [global] - .... - coding system = <$B%3!<%I7O(B> - - $B$3$3$G;XDj$5$l$?%3!<%I7O$,(B UNIX $B>e$N%U%!%$%k%7%9%F%`$N%U%!%$%kL>$N%3!<%I$K$J$j$^$9!#(B - $B@_Dj$G$-$k$b$N$O!"<!$N$h$&$K$J$C$F$$$^$9!#(B - - sjis: SHIFT JIS (MS $B4A;z%3!<%I(B) - euc: EUC $B%3!<%I(B - hex: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$G$9!#Nc$($P!"(B - '$B%*%U%#%9(B' $B$H$$$&L>A0$O!"(B':83:49:83:74:83:42:83:58' $B$N$h$&$K!"(B':' $B$N8e$K#27e(B - $B$N(B16$B?J?t$rB3$1$k7A<0$K$J$j$^$9!#(B - $B$3$3$G!"(B':' $B$rB>$NJ8;z$KJQ99$7$?$$>l9g$O!"(Bhex $B$N8e$m$K$=$NJ8;z$r;XDj$7$^$9!#(B - $BNc$($P!"(B@$B$rJQ$o$j$K;H$$$?$$>l9g$O!"(B'hex@'$B$N$h$&$K;XDj$7$^$9!#(B - cap: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$H$$$&E@$G$O(B - hex$B$HF1MM$G$9$,!"(BCAP (The Columbia AppleTalk Package)$B$H8_49@-$r;}$DJQ49(B - $BJ}<0$H$J$C$F$$$^$9!#(Bhex$B$H$N0c$$$O(B0x80$B0J>e$N%3!<%I$N$_(B':80'$B$N$h$&$KJQ49(B - $B$5$l!"$=$NB>$O(BASCII$B%3!<%I$G8=$5$l$^$9!#(B - $BNc$($P!"(B'$B%*%U%#%9(B'$B$H$$$&L>A0$O!"(B':83I:83t:83B:83X'$B$H$J$j$^$9!#(B - - JIS $B%3!<%I$K$D$$$F$O!"0J2<$NI=$r;2>H$7$F2<$5$$!#(B - $B(#(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(!(!(!(!(!($(B - $B(";XDj(B $B("4A;z3+;O("4A;z=*N;("%+%J3+;O("%+%J=*N;("1Q?t3+;O("Hw9M(B $B("(B - $B('(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(!(!(!(!(!()(B - $B("(Bjis7 $B("(B\E$B $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(Bjis 7$BC10LId9f(B $B("(B - $B("(Bjunet $B("(B\E$B $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(B7bits $B%3!<%I(B $B("(B - $B("(Bjis8 $B("(B\E$B $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(Bjis 8$BC10LId9f(B $B("(B - $B("(Bj7bb $B("(B\E$B $B("(B\E(B $B("(B0x0e $B("(B0x0f $B("(B\E(B $B("(B $B("(B - $B("(Bj7bj $B("(B\E$B $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(Bjis7$B$HF1$8(B $B("(B - $B("(Bj7bh $B("(B\E$B $B("(B\E(H $B("(B0x0e $B("(B0x0f $B("(B\E(H $B("(B $B("(B - $B("(Bj7@b $B("(B\E$@ $B("(B\E(B $B("(B0x0e $B("(B0x0f $B("(B\E(B $B("(B $B("(B - $B("(Bj7@j $B("(B\E$@ $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(B $B("(B - $B("(Bj7@h $B("(B\E$@ $B("(B\E(H $B("(B0x0e $B("(B0x0f $B("(B\E(H $B("(B $B("(B - $B("(Bj8bb $B("(B\E$B $B("(B\E(B $B("(B-- $B("(B-- $B("(B\E(B $B("(B $B("(B - $B("(Bj8bj $B("(B\E$B $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(Bjis8$B$HF1$8(B $B("(B - $B("(Bj8bh $B("(B\E$B $B("(B\E(H $B("(B-- $B("(B-- $B("(B\E(H $B("(B $B("(B - $B("(Bj8@b $B("(B\E@@ $B("(B\E(B $B("(B-- $B("(B-- $B("(B\E(B $B("(B $B("(B - $B("(Bj8@j $B("(B\E$@ $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(B $B("(B - $B("(Bj8@h $B("(B\E$@ $B("(B\E(H $B("(B-- $B("(B-- $B("(B\E(H $B("(B $B("(B - $B("(Bjubb $B("(B\E$B $B("(B\E(B $B("(B\E(I $B("(B\E(B $B("(B\E(B $B("(B $B("(B - $B("(Bjubj $B("(B\E$B $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(Bjunet$B$HF1$8(B $B("(B - $B("(Bjubh $B("(B\E$B $B("(B\E(H $B("(B\E(I $B("(B\E(H $B("(B\E(H $B("(B $B("(B - $B("(Bju@b $B("(B\E$@ $B("(B\E(B $B("(B\E(I $B("(B\E(B $B("(B\E(B $B("(B $B("(B - $B("(Bju@j $B("(B\E$@ $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(B $B("(B - $B("(Bju@h $B("(B\E$@ $B("(B\E(H $B("(B\E(I $B("(B\E(H $B("(B\E(H $B("(B $B("(B - $B(&(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(!(!(!(!(!(%(B - - $B$$$:$l$N>l9g$b!"$9$G$KB8:_$7$F$$$kL>A0$KBP$7$F$O!"4A;z$N3+;O=*N;%7!<%1%s%9$O!"0J2<(B - $B$N$b$N$rG'<1$7$^$9!#(B - $B4A;z$N;O$^$j(B: \E$B $B$+(B \E$@ - $B4A;z$N=*$j(B: \E(J $B$+(B \E(B $B$+(B \E(H - -(2) smbclient $B$N%*%W%7%g%s(B - - $B%/%i%$%"%s%H%W%m%0%i%`$G$b!"4A;z$d2>L>$r4^$s$@%U%!%$%k$r07$($k$h$&$K!"<!$N%*%W%7%g%s(B - $B$rDI2C$7$^$7$?!#(B - - -t <$B%?!<%_%J%k%3!<%I7O(B> - - $B$3$3$G!"(B<$B%?!<%_%J%k%3!<%I7O(B>$B$K;XDj$G$-$k$b$N$O!">e$N(B<$B%3!<%I7O(B>$B$HF1$8$b$N$G$9!#(B - -(3) $B%G%U%)%k%H(B - - $B%G%U%)%k%H$N%3!<%I7O$O!"%3%s%Q%$%k;~$K7h$^$j$^$9!#(B - -3. $B%3%s%Q%$%k;~$N@_Dj(B - - Makefile $B$K@_Dj$9$k9`L\$r0J2<$K<($7$^$9!#(B - -(1) KANJI $B%U%i%0(B - - $B%3%s%Q%$%k%*%W%7%g%s$K(B -DKANJI=\"$B%3!<%I7O(B\" $B$r;XDj$7$^$9!#$3$N%3!<%I7O$O(B 2. $B$G;X(B - $BDj$9$k$b$N$HF1$8$G$9!#Nc$($P!"(B-DKANJI=\"euc\" $B$r(BFLAGSM $B$K@_Dj$9$k$H(B UNIX $B>e$N%U%!(B - $B%$%kL>$O!"(BEUC $B%3!<%I$K$J$j$^$9!#$3$3$G;XDj$7$?%3!<%I7O$O!"%5!<%P5Z$S%/%i%$%"%s%H(B - $B%W%m%0%i%`$N%G%U%)%k%H$KCM$J$j$^$9!#(B - - $B>0!"%*%W%7%g%sCf$N(B \ $B$d(B " $B$bK:$l$:$K;XDj$7$F2<$5$$!#(B - -3. $B@)8B;v9`(B - -(1) $B4A;z%3!<%I(B - smbd $B$rF0:n$5$;$k%[%9%H$N(B UNIX $B$,%5%]!<%H$7$F$$$J$$4A;z%3!<%I$O!"MxMQ$G$-$J$$$3$H$,(B - $B$"$j$^$9!#JQ$JF0:n$r$9$k$h$&$J$i(B hex $B$N;XDj$r$9$k$N$,NI$$$G$7$g$&!#(B - -(2) smbclient $B%3%^%s%I(B - $B%7%U%H%3!<%I$J$I$N4X78$G!"4A;z$d2>L>$r4^$s$@%U%!%$%kL>$N(B ls $B$NI=<($,Mp$l$k$3$H$,$"$j(B - $B$^$9!#(B - -(3) $B%o%$%k%I%+!<%I$K$D$$$F(B - $B$A$c$s$H$7$?%9%Z%C%/$,$h$/$o$+$i$J$+$C$?$N$G$9$,!"0l1~!"(BDOS/V $B$NF0:n$HF1$8F0:n$r9T$J(B - $B$&$h$&$K$J$C$F$$$^$9!#(B - -(4) $B%m%s%0%U%!%$%kL>$K$D$$$F(B - Windows NT/95 $B$G$O!"%m%s%0%U%!%$%kL>$,07$($^$9!#%m%s%0%U%!%$%kL>$r(B 8.3 $B%U%)!<%^%C%H(B - $B$G07$&$?$a$K!"(Bmangling $B$7$F$$$^$9$,!"$3$NJ}K!$O!"(BNT $B$d(B 95 $B$,9T$J$C$F$$$k(B mangling $B$H(B - $B$O0[$J$j$^$9$N$GCm0U$7$F2<$5$$!#(B - -4. $B>c32Ey$N%l%]!<%H$K$D$$$F(B - - $BF|K\8l$N%U%!%$%kL>$K4X$7$F!"J8;z2=$1Ey$N>c32$,$"$l$P!";d$K%l%]!<%H$7$FD:$1$l$P9,$$$G(B -$B$9!#$?$@$7!"%*%j%8%J%k$+$i$NLdBjE@$d<ALd$K$D$$$F$O!"%*%j%8%J%k$N:n<T$XD>@\Ld$$9g$o$;$k(B -$B$+!"$b$7$/$O%a!<%j%s%0%j%9%H$J$I$X%l%]!<%H$9$k$h$&$K$7$F2<$5$$!#(B - -$B%l%]!<%H$5$l$k>l9g!"MxMQ$5$l$F$$$k4D6-(B(UNIX $B5Z$S(B PC $BB&$N(BOS$B$J$I(B)$B$H$G$-$^$7$?$i@_Dj%U%!(B -$B%$%k$d%m%0$J$I$rE:IU$7$FD:$1$k$H9,$$$G$9!#(B - -5. $B$=$NB>(B - - $B%3!<%IJQ49$O0J2<$NJ}!9$,:n$i$l$?%W%m%0%i%`$rMxMQ$7$F$$$^$9!#(B - - hex $B7A<0(B $BBgLZ!wBgDM!&C^GH(B <ohki@gssm.otsuka.tsukuba.ac.jp>$B;a(B - cap $B7A<0(B $BI%ED(B $BF;O:(B (michiro@po.iijnet.or.jp)(michiro@dms.toppan.co.jp)$B;a(B - - $B$=$NB>!"$?$/$5$s$NJ}!9$+$i$$$m$$$m$H8f65<($$$?$@$-$"$j$,$H$&$4$6$$$^$7$?!#:#8e$H$b$h(B -$B$m$7$/$*4j$$CW$7$^$9!#(B - -1994$BG/(B10$B7n(B28$BF|(B $BBh#1HG(B -1995$BG/(B 8$B7n(B16$BF|(B $BBh#2HG(B -1995$BG/(B11$B7n(B24$BF|(B $BBh#3HG(B -1996$BG/(B 5$B7n(B13$BF|(B $BBh#4HG(B - -$BF#ED(B $B?r(B fujita@ainix.isac.co.jp - diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar deleted file mode 100644 index af7250c2a49..00000000000 --- a/docs/textdocs/README.sambatar +++ /dev/null @@ -1,23 +0,0 @@ -Contributor/s: Martin.Kraemer <Martin.Kraemer@mch.sni.de> - and Ricky Poulten (ricky@logcam.co.uk) -Date: Unknown - circa 1994 -Status: Obsoleted - smbtar has been a stable part of Samba - since samba-1.9.13 - -Subject: Sambatar (now smbtar) -============================================================================= - -This is version 1.4 of my small extension to samba that allows PC shares -to be backed up directly to a UNIX tape. It only has been tested under -Solaris 2.3, Linux 1.1.59 and DG/UX 5.4r3.10 with version 1.9.13 of samba. - -See the file INSTALL for installation instructions, and -the man page and NOTES file for some basic usage. Please let me know if you -have any problems getting it to work under your flavour of Unix. - -This is only (yet another) intermediate version of sambatar. -This version also comes with an extra gift, zen.bas, written in -microsoft qbasic by a colleague. It is (apparently) based on a 70s -British sci-fi series known as Blake's 7. If you have any questions -about this program, or any suggestions (e.g. what about servillan.bas -?), feel free to mail the author (of zen.bas) greenm@lilhd.logica.com. diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt deleted file mode 100644 index a5813145c55..00000000000 --- a/docs/textdocs/SCO.txt +++ /dev/null @@ -1,22 +0,0 @@ -!== -!== SCO.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Geza Makay <makayg@math.u-szeged.hu> -Date: Unknown -Status: Obsolete - Dates to SCO Unix v3.2.4 approx. - -Subject: TCP/IP Bug in SCO Unix -============================================================================ - -There is an annoying TCPIP bug in SCO Unix. This causes corruption when -transferring files with Samba. - -Geza Makay (makayg@math.u-szeged.hu) sends this information: - -The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z). - -You do not need anything else but the above patch. It installs in seconds, -and corrected the Excel problem. We also had some other minor problems (not -only with Samba) that disappeared by installing this patch. - diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes deleted file mode 100644 index 679d776f56c..00000000000 --- a/docs/textdocs/SMBTAR.notes +++ /dev/null @@ -1,46 +0,0 @@ -Contributor: Unknown -Date: 1994 -Status: Mostly Current - refer man page - -Subject: Smbtar -============================================================================ - -Intro ------ - -sambatar is just a small extension to the smbclient program distributed with -samba. A basic front end shell script, smbtar, is provided as an interface -to the smbclient extensions. - -Extensions ----------- - -This release adds the following extensions to smbclient, - -tar [c|x] filename - creates or restores from a tar file. The tar file may be a tape -or a unix tar file. tar's behaviour is modified with the newer and tarmode -commands. - -tarmode [full|inc|reset|noreset] - With no arguments, tarmode prints the current tar mode (by default full, -noreset). In full mode, every file is backed up during a tar command. -In incremental, only files with the dos archive bit set are backed up. -The archive bit is reset if in reset mode, or left untouched if in noreset. -In reset mode, the share has to be writable, which makes sambatar even -less secure. An alternative might be to use tarmode inc noreset which -would implement an "expanding incremental" backup (which some may prefer -anyway). - -setmode <setmode string> filename - This is a "freebie" - nothing really to do with sambatar. This -is a crude attrib like command (only the other way around). Setmode string -is a combination of +-rhsa. So for example -rh would reset the read only -bit on filename. - -newer filename - This is in fact part of the 1.9.13 samba distribution, but comes -into its own with sambatar. This causes tar (or get, mget, etc) to -only copy files newer than the specified file name. Could be used -against the previous nights (or whatever) log file to implement incremental -backups. diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt deleted file mode 100644 index 8d13006d2e6..00000000000 --- a/docs/textdocs/Speed.txt +++ /dev/null @@ -1,336 +0,0 @@ -!== -!== Speed.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Andrew Tridgell -Date: January 1995 -Status: Current - -Subject: Samba performance issues -============================================================================ - -This file tries to outline the ways to improve the speed of a Samba server. - -COMPARISONS ------------ - -The Samba server uses TCP to talk to the client. Thus if you are -trying to see if it performs well you should really compare it to -programs that use the same protocol. The most readily available -programs for file transfer that use TCP are ftp or another TCP based -SMB server. - -If you want to test against something like a NT or WfWg server then -you will have to disable all but TCP on either the client or -server. Otherwise you may well be using a totally different protocol -(such as Netbeui) and comparisons may not be valid. - -Generally you should find that Samba performs similarly to ftp at raw -transfer speed. It should perform quite a bit faster than NFS, -although this very much depends on your system. - -Several people have done comparisons between Samba and Novell, NFS or -WinNT. In some cases Samba performed the best, in others the worst. I -suspect the biggest factor is not Samba vs some other system but the -hardware and drivers used on the various systems. Given similar -hardware Samba should certainly be competitive in speed with other -systems. - - -OPLOCKS -------- - -Oplocks are the way that SMB clients get permission from a server to -locally cache file operations. If a server grants an oplock -(opportunistic lock) then the client is free to assume that it is the -only one accessing the file and it will agressively cache file -data. With some oplock types the client may even cache file open/close -operations. This can give enormous performance benefits. - -With the release of Samba 1.9.18 we now correctly support opportunistic -locks. This is turned on by default, and can be turned off on a share- -by-share basis by setting the parameter : - -oplocks = False - -We recommend that you leave oplocks on however, as current benchmark -tests with NetBench seem to give approximately a 30% improvement in -speed with them on. This is on average however, and the actual -improvement seen can be orders of magnitude greater, depending on -what the client redirector is doing. - -Previous to Samba 1.9.18 there was a 'fake oplocks' option. This -option has been left in the code for backwards compatibility reasons -but it's use is now deprecated. A short summary of what the old -code did follows. - -Old 'fake oplocks' option - deprecated. ---------------------------------------- - -Samba can also fake oplocks, by granting a oplock whenever a client -asks for one. This is controlled using the smb.conf option "fake -oplocks". If you set "fake oplocks = yes" then you are telling the -client that it may agressively cache the file data for all opens. - -Enabling 'fake oplocks' on all read-only shares or shares that you know -will only be accessed from one client at a time you will see a big -performance improvement on many operations. If you enable this option -on shares where multiple clients may be accessing the files read-write -at the same time you can get data corruption. - -SOCKET OPTIONS --------------- - -There are a number of socket options that can greatly affect the -performance of a TCP based server like Samba. - -The socket options that Samba uses are settable both on the command -line with the -O option, or in the smb.conf file. - -The "socket options" section of the smb.conf manual page describes how -to set these and gives recommendations. - -Getting the socket options right can make a big difference to your -performance, but getting them wrong can degrade it by just as -much. The correct settings are very dependent on your local network. - -The socket option TCP_NODELAY is the one that seems to make the -biggest single difference for most networks. Many people report that -adding "socket options = TCP_NODELAY" doubles the read performance of -a Samba drive. The best explanation I have seen for this is that the -Microsoft TCP/IP stack is slow in sending tcp ACKs. - - -READ SIZE ---------- - -The option "read size" affects the overlap of disk reads/writes with -network reads/writes. If the amount of data being transferred in -several of the SMB commands (currently SMBwrite, SMBwriteX and -SMBreadbraw) is larger than this value then the server begins writing -the data before it has received the whole packet from the network, or -in the case of SMBreadbraw, it begins writing to the network before -all the data has been read from disk. - -This overlapping works best when the speeds of disk and network access -are similar, having very little effect when the speed of one is much -greater than the other. - -The default value is 16384, but very little experimentation has been -done yet to determine the optimal value, and it is likely that the best -value will vary greatly between systems anyway. A value over 65536 is -pointless and will cause you to allocate memory unnecessarily. - - -MAX XMIT --------- - -At startup the client and server negotiate a "maximum transmit" size, -which limits the size of nearly all SMB commands. You can set the -maximum size that Samba will negotiate using the "max xmit = " option -in smb.conf. Note that this is the maximum size of SMB request that -Samba will accept, but not the maximum size that the *client* will accept. -The client maximum receive size is sent to Samba by the client and Samba -honours this limit. - -It defaults to 65536 bytes (the maximum), but it is possible that some -clients may perform better with a smaller transmit unit. Trying values -of less than 2048 is likely to cause severe problems. - -In most cases the default is the best option. - - -LOCKING -------- - -By default Samba does not implement strict locking on each read/write -call (although it did in previous versions). If you enable strict -locking (using "strict locking = yes") then you may find that you -suffer a severe performance hit on some systems. - -The performance hit will probably be greater on NFS mounted -filesystems, but could be quite high even on local disks. - - -SHARE MODES ------------ - -Some people find that opening files is very slow. This is often -because of the "share modes" code needed to fully implement the dos -share modes stuff. You can disable this code using "share modes = -no". This will gain you a lot in opening and closing files but will -mean that (in some cases) the system won't force a second user of a -file to open the file read-only if the first has it open -read-write. For many applications that do their own locking this -doesn't matter, but for some it may. Most Windows applications -depend heavily on "share modes" working correctly and it is -recommended that the Samba share mode support be left at the -default of "on". - -The share mode code in Samba has been re-written in the 1.9.17 -release following tests with the Ziff-Davis NetBench PC Benchmarking -tool. It is now believed that Samba 1.9.17 implements share modes -similarly to Windows NT. - -NOTE: In the most recent versions of Samba there is an option to use -shared memory via mmap() to implement the share modes. This makes -things much faster. See the Makefile for how to enable this. - - -LOG LEVEL ---------- - -If you set the log level (also known as "debug level") higher than 2 -then you may suffer a large drop in performance. This is because the -server flushes the log file after each operation, which can be very -expensive. - - -WIDE LINKS ----------- - -The "wide links" option is now enabled by default, but if you disable -it (for better security) then you may suffer a performance hit in -resolving filenames. The performance loss is lessened if you have -"getwd cache = yes", which is now the default. - - -READ RAW --------- - -The "read raw" operation is designed to be an optimised, low-latency -file read operation. A server may choose to not support it, -however. and Samba makes support for "read raw" optional, with it -being enabled by default. - -In some cases clients don't handle "read raw" very well and actually -get lower performance using it than they get using the conventional -read operations. - -So you might like to try "read raw = no" and see what happens on your -network. It might lower, raise or not affect your performance. Only -testing can really tell. - - -WRITE RAW ---------- - -The "write raw" operation is designed to be an optimised, low-latency -file write operation. A server may choose to not support it, -however. and Samba makes support for "write raw" optional, with it -being enabled by default. - -Some machines may find "write raw" slower than normal write, in which -case you may wish to change this option. - -READ PREDICTION ---------------- - -Samba can do read prediction on some of the SMB commands. Read -prediction means that Samba reads some extra data on the last file it -read while waiting for the next SMB command to arrive. It can then -respond more quickly when the next read request arrives. - -This is disabled by default. You can enable it by using "read -prediction = yes". - -Note that read prediction is only used on files that were opened read -only. - -Read prediction should particularly help for those silly clients (such -as "Write" under NT) which do lots of very small reads on a file. - -Samba will not read ahead more data than the amount specified in the -"read size" option. It always reads ahead on 1k block boundaries. - - -MEMORY MAPPING --------------- - -Samba supports reading files via memory mapping them. One some -machines this can give a large boost to performance, on others it -makes not difference at all, and on some it may reduce performance. - -To enable you you have to recompile Samba with the -DUSE_MMAP option -on the FLAGS line of the Makefile. - -Note that memory mapping is only used on files opened read only, and -is not used by the "read raw" operation. Thus you may find memory -mapping is more effective if you disable "read raw" using "read raw = -no". - - -SLOW CLIENTS ------------- - -One person has reported that setting the protocol to COREPLUS rather -than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s). - -I suspect that his PC's (386sx16 based) were asking for more data than -they could chew. I suspect a similar speed could be had by setting -"read raw = no" and "max xmit = 2048", instead of changing the -protocol. Lowering the "read size" might also help. - - -SLOW LOGINS ------------ - -Slow logins are almost always due to the password checking time. Using -the lowest practical "password level" will improve things a lot. You -could also enable the "UFC crypt" option in the Makefile. - -CLIENT TUNING -------------- - -Often a speed problem can be traced to the client. The client (for -example Windows for Workgroups) can often be tuned for better TCP -performance. - -See your client docs for details. In particular, I have heard rumours -that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a -large impact on performance. - -Also note that some people have found that setting DefaultRcvWindow in -the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a -big improvement. I don't know why. - -My own experience wth DefaultRcvWindow is that I get much better -performance with a large value (16384 or larger). Other people have -reported that anything over 3072 slows things down enourmously. One -person even reported a speed drop of a factor of 30 when he went from -3072 to 8192. I don't know why. - -It probably depends a lot on your hardware, and the type of unix box -you have at the other end of the link. - - -MY RESULTS ----------- - -Some people want to see real numbers in a document like this, so here -they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b -tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC -Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to -set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My -server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC -Elite-16 card. You can see my server config in the examples/tridge/ -subdirectory of the distribution. - -I get 490k/s on reading a 8Mb file with copy. -I get 441k/s writing the same file to the samba server. - -Of course, there's a lot more to benchmarks than 2 raw throughput -figures, but it gives you a ballpark figure. - -I've also tested Win95 and WinNT, and found WinNT gave me the best -speed as a samba client. The fastest client of all (for me) is -smbclient running on another linux box. Maybe I'll add those results -here someday ... - - -COMMENTS --------- - -If you've read this far then please give me some feedback! Which of -the above suggestions worked for you? - -Mail the samba mailing list or samba-bugs@samba.anu.edu.au diff --git a/docs/textdocs/Support.txt b/docs/textdocs/Support.txt deleted file mode 100644 index dab3ec465cf..00000000000 --- a/docs/textdocs/Support.txt +++ /dev/null @@ -1,1899 +0,0 @@ -!== -!== Support.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -The Samba Consultants List -========================== - -This is a list of people who are prepared to commercialy support -Samba. Being on this list does not imply any sort of endorsement by -anyone, it is just provided in the hope that it will be useful. - -Note that the organisations listed below will expect you to pay for -The support that they offer. We have been told that several people -assumed this was a list of kindly companies offering free commercial -support! - -For free support use the Samba mailing list and the comp.protocols.smb -newsgroup. - -If you want to be added to the list, or want your entry modified then -contact the address below. Please make sure to include a header line -giving the region and country, eg CANBERRA - AUSTRALIA. - -The Samba Team reserves the right not to add support providers. - -You can contact the maintainers at samba-bugs@samba.anu.edu.au - -The support list has now been re-arranged into geographical areas -and are sorted by state/region/town within these areas. -These are currently: - -Region Number of entries ----------------------------------------------------- - AFRICA 2 - AMERICA - CENTRAL & SOUTH 4 - AMERICA - USA 35 - ASIA 1 - AUSTRALIA & NEW ZEALAND 18 - CANADA 9 - EUROPE 36 - MIDDLE EAST 1 - -AFRICA -====== - ------------------------------------------------------------------------------- -GAUTENG - SOUTH AFRICA - -Company: Obsidian Systems -Street Addr: Boskruin Office Park Unit 3, Bosbok street, Randpark Ridge - Gauteng, 2156, South Africa. -Postal Addr: PO Box 4938, Cresta, South Africa, 2118 -Contact no's: +2711 792-6500/38, Fax: +2711-792-6522 - Cell: +2783-379-6889/90/91 or +2783-377-4946 or +27832660199 - -Our level of experience: Low level programming and support for all samba -security and compatability issues. We use Samba in South African Schools -and commercial companies as an affordable solution for LAN and WAN -networking. - -For futher information, please consult our website www.obsidian.co.za ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -JOHANNESBURG - SOUTH AFRICA - - Company: Symphony Research (Pty) Ltd - Contact: Dr Evan Summers, <evan@sr.co.za>, tel 011 728-5742. -keywords: Samba on Linux, support and consulting - Johannesburg (South Africa) - ------------------------------------------------------------------------------- - - - - - - - -AMERICA - CENTRAL & SOUTH -========================= - - ------------------------------------------------------------------------------- -ARGENTINA - SOUTH AMERICA - -Buenos Aires - Argentina - -Guillermo Sansovic -Email: gui@usa.net -Arkham Software -Rivadavia 923 Piso 8 -1002 Buenos Aires -Argentina - -Tel: + 54 1 345-0645 - -At Arkham Software we have been working with Unix systems since 1986. We do -intranets, software development and system integration. Our experience ith -Samba dates from 1995. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CHILE - SOUTH AMERICA - -Company: Magic Consulting Group/Magic Dealer -Street Addr: Alberto Reyes #035 Barrio Bellavista - Providencia Santiago -Contact no's: +56 2 365 19 18, Fax: +56 2 365 14 55 - -Contact Person: Marcelo Bartsch or Roy Zderich - -Email contact: -Samba Support : samba@mg.dyn.ml.org -Other NET OS Support : othernetos@mg.dyn.ml.org -Other Questions : networks@mg.dyn.ml.org -General Info: info@mg.dyn.ml.org - -Our level of experience: support for all Samba and Linux security and -compatability issues. We use Samba in our local network and we have -experience instaling it on some other locations. we also provide -techincal support for Linux, Novell, Windows NT, OS/2 and other -Operating Systems. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -HONDURAS - CENTRAL AMERICA - -Open Systems, S.A. - -Open Systems, S.A. provides support to SAMBA in SCO UnixWare 2.X: - -Server Platform: SCO UnixWare 2.X -Client Platform: Windows NT, Windows 95, WFW (3.11), DOS. - -Open Systems, S.A. also provides consulting services and technical -support in the following server platforms since 1987: - -SCO Open Server 3.0 and 5.0 -SCO UnixWare 2.X (SVR4.2MP) -UNIX SVR4 (NCR, UNISYS) - -Contact: -Selim Jose Miselem -Open Systems, S.A. -Centro Comercial Dallas -San Pedro Sula, Honduras, Central America -Tel/Fax 011 (504) 529868 -e-mail: selim@opensys.hn -URL: http://www.opensys.hn ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -VILLAHERMOSA, TAB. - MEXICO - -Carlos Enrique García Díaz -E-mail: cgarcia@tnet.net.mx -Phone: (93) 12-33-91 - -Samba experience: -Server: Samba 1.9.15 and above with Solaris (Sparc & x86), SG Irix 5.2 - 6.3, -AIX 3.2, DEC OSF1 v4.0, DG/UX v4.11, SunOS. -Client: WinNT, Win95, WfWg, Win 3.1 & LAN WorkPlace. ------------------------------------------------------------------------------- - - - - - - - -AMERICA - USA -============= - ------------------------------------------------------------------------------- -ARIZONA - USA - -Stephen Greenberg -Nick Temple -Coactiv Systems Inc. -4625 S. Lakeshore Drive, suite 401 -Tempe, AZ 85282 -(602) 345 4114 -(602) 345 4105 fax -steveg@coactiv.net - -We are LAN/WAN integrators who specialize in the standard fare (i.e. Novell -and NT) as well as UNIX, NTRIGUE and SAMBA. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BAY AREA, SILICON VALLEY CALIFORNIA - USA - -Adital Corp. - -7291 Coronado Dr. ,Suite 4 San-Jose Ca 95129 - -Phone : (408) 257-7717 Fax : (408) 257-7772 E-Mail: ephi@adital.com - -Contact: Ephi Dror, Director of software development. - -Adital is a company that specialized in networking products development. -We have been doing many development projects on Windows (NT/95), Macintosh, -UNIX and embedded system platforms in the area of networking drivers and -applications during the last few years. In regards to SAMBA, we have a lot -of experience in SMB/CIFS protocol development. - -We have special expertise in porting SAMBA to embedded system environments for -NT/WIN95/WFW client/server connectivity. - -We can help you defining and specifying your product as well as designing, -implementing, testing, upgrading and maintaining it. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SAN FRANCISCO BAY AREA - USA - -Alex Davis --- President of FTL -Faster Than Light, 2570 Ocean Ave. #114, San Francisco, California, 94132 -HTTP://www.ftl.net/ EMAIL:davis@ftl.net TEL:415.334.2922 FAX:415.337.6135 - -We are located in the "Bay Area" of California, USA. We provide -consultant and training for Unix, Windows, Macintosh applications, -and hardware. We also provide Internet access to many of the local -companies as a part of our "one-stop-shop" model. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SAN FRANCISCO BAY AREA - USA - -2125 Hamilton Ave. Suite 100 -San Jose, CA 95125 -888-ACCLAIM [Inside California] -(408) 879 - 3100 -(408) 377-4900 [Fax] - -We can provide commercial support for Samba. We have created additional -scripts that we can add to the Samba distribution to create an installation in -Sun Solaris "package add" format. We are a Sun Reseller, but we can also -support Samba on HP, SGI, Linux, in addition to Sun Solaris Sparc/X86. - -To find out more about our company, look at our website: - http://www.acclaim.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BAY AREA, BERKELEY CALIFORNIA - USA - -Vortex Technology Services - -2467 Warring St Suite 206, Berkeley CA 94704 - -Phone/Fax : (510) 540-VTEX E-Mail: support@vtex.net - (510) 540-8839 - -Contact: Paul Puey, Chief Network Consultant/Engineer - -Vortex Technology is a fast growing technical service company based in -Berkeley, California. Our Co-founders are composed entirely of UC -Berkeley engineering graduates with a broad range of skills in the -technical consultation fields. We provide bay area companies with -professional web site and database design, LAN and WAN consultation, and -custom programming. We ourselves use a mixed NT / Linux Samba server -environment in our office. We are very experienced with Samba -administration as well as administration of UNIX and NT networks. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CALIFORNIA - USA - -Cliff Skolnick -Steam Tunnel Operations -900 Tennessee St, suite 22 -San Francisco, CA 94107 -http://www.steam.com/ -(415) 920-3800 -cliff@steam.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CALIFORNIA - USA - -Craftwork Solutions Inc. - -Craftwork Solutions Inc. is dedicated to providing the best possible -services to our customers. The Craftworks team will provide you with a -total solution package that will work for you both today and tomorrow. -With our own Linux Distribution which we are constantly improving to make -it the best and using it to provide total solutions for companies which -are open to using Linux. - -Please contact mary@craftwork.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------ -SOUTHERN CALIFORNIA - USA - -Michael St. Laurent -Serving Los Angeles and Orange Counties. Please contact via email. -rowl@earthlink.net -Michael St. Laurent -Hartwell Corporation ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SOUTHERN CALIFORNIA - USA - -Yuri Diomin -Yuri Software -13791 Ruette Le Parc, Ste. C -Del Mar, CA 92014 -Phone: 619-350-8541 -Fax: 619-350-7641 -yuri@yurisw.com -http://www.yurisw.com - -We have been supporting Samba in commercial installations for several years -on a variety of client and server platforms. We have extensive experience -in all aspects of UNIX-Windows connectivity solutions for mixed platform -corporate setups. We are a contributor to Samba source code. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NORTH CAROLINA - USA - -Whole Systems Solutions, Inc. - - Whole Systems Solutions, Inc. has been running Samba since the -1.6 release. We specialize in small to medium sized business network -solutions. Whole Systems Solutions, Inc. provides outsourcing of IT to -enhance employee abilities therefore improving productivity. Through -software beta testing and development network of NT, NetWare, Unix, and -Win clients we have developed a vast knowledge base for support. Our -clients choose us for service and support that exceeds their -expectations. Your business depends on your computers. Your computers -should depend on WSS. - -Jay M. Eisenberg Whole Systems Solutions, Inc. -President -Web: http://www.wss.net -Phone: (910) 297-4977 -Email: jay@wss.net ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FORT COLLINS, COLORADO - USA - -Granite Computing Solutions -ATTN: Brian Grossman -P.O. Box 270103 -Fort Collins, CO 80527-0103 -U.S.A. -Tel: +1 (970) 225-2370 -Email: granite@SoftHome.Net WWW: http://www.SoftHome.Net/granite/ - -Information services, including WfWG, NT, Apple <=> Unix interoperability. -WWW solutions. WWW education. Unix education. Custom software -development - eg. http://www.SoftHome.Net/modsim/. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -COLORADO - USA - -Daylight Software -1062 Lexington Lane -Estes Park, CO 80517 USA -(970) 586-6058 - -We have experience with Samba under SunOS, Solaris and Linux, -and also with Windows NT and Microsoft Lan Manager. - -Contact: daylight@frii.net - -Chris Howard Daylight Software -daylight@frii.net Estes Park, Colorado USA ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -Swaney & Associates, Inc. -ATTN: Stephen Swaney - 2543 Lincoln Avenue - Miami, Florida 33133 - U.S.A - (305) 860-0570 - -Specializing in: - High Availability system & networks - UNIX to PC connectivity - Market Data systems - Messaging Systems (Sendmail & Microsoft Exchange) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -Progressive Computer Concepts, Inc. -1371 Cassat Avenue -Jacksonville, FL 32205 -info@progressive-comp.com -800-580-2640 - 904-389-3236 - 904-389-6584 fax - -Related Products and Services: - ncLinux (Network Computer) consulting, installations, and turnkey - networks. Multi-user NT and Samba consulting, installation and - administration (both remote and onsite), Internet and Intranet - connectivity, LAN and WAN, firewall installation, security, - troubleshooting and training, custom LAN/WAN/Intranet business - systems development, WWW/CGI development (e.g. database gateways, - catalogs). ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -The PC Doctor -3009 West Tharpe Street Unit-C -Tallahassee, Florida 32303 -ph 904.531.0364 -fx 904.531.0128 - -Contacts: Andy McRory pcdr@pcdr.com - David Blodgett david@pcdr.com - -The PC Doctor specializes in Linux Internet/Workgroup servers and network -intergration. We have experience in setup and configuration of SAMBA under -Caldera/RedHat/Slackware Linux as well as SCO and AIX. We offer workgroup -Internet gateway servers for Windows client based networks. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -TradeWeb -Bill Harris -(407) 657-8649 -bill@tradeweb.net - -http://www.tradeweb.net - -We have been working with SAMBA since 1995 and support it in a number of -large organizations. We are available to Companies in the Central -Florida area. We are well familiar in the integration of SAMBA and NT -and in SAMBA configuration on AIX, SCO, Linux And SUN Solaris. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -The PC Doctor -Tampa Bay Interactive -1314 Tampa Rd STE 120 -Palm Harbor, FL 34683 - -ph 813.781-2209 -fx 813.571-3805 - -Contacts: Jared Hall: jhall@tbi.net - System Operations: support@tbi.net - -Tampa Bay Interactive provides complete Internet solutions for the Small -Office and Home Office. Specializing in Intel-Based UNIX systems; Linux, -BSD/OS, FreeBSD, SCO. Proxy Server specialists. - -~~ Jared Hall ~~~~~~~ Tampa Bay Interactive -~~~~~~~~~~~~~~~~~~~~~ 1314 Tampa Rd, #120 -~~ jhall@tbi.net ~~~~ Palm Harbor, FL 34683 -~~ (813) 781-2209 ~~~ (http://www.tbi.net) - -Telecom Corner - http://www.tbi.net/~jhall ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GEORGIA - USA - -Hoppe Computer Services -2171 Brooks Road -Dacula(Atlanta), Georgia 30019 -770-995-5099 fax 770-338-3885 - -Supporting the Atlanta, Georgia USA area for two and a half years. -In the computer field for 22 years. - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GEORGIA - USA - -Region: ATLANTA, GA - USA -Company: Advanced Application Development, Inc. -Address: 4383 Burnleigh Chase - Roswell, GA 30075 -Telephone: (770) 552-4248 -email: support@aad.com -Contact Name: Rich Vaughn - rvaughn@aad.com - -Provides consulting, development and system integration -services for businesses throughout the Southeastern US. -We have been using Samba on various UNIX platforms for -several years and are familiar with porting and configuration -issues. Visit our web site at http://www.aad.com. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -IOWA - USA - -Afan Ottenheimer -JEONET -PO Box 1282 -Iowa City, IA 52244 -Phone: 319-338-6353 -Fax: 319-338-6353 -Email: afan@jeonet.com -WWW: http://www.jeonet.com/jeonet/ - -Specializing in systems integration, database, and advanced web -site design since 1995. Have extensive experience in -Linux<->NT<->Windows 3.11<->Windows 95 interaction using SAMBA. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ILLINOIS - USA - -Information One, Inc. -736 Hinman Ave, Suite 2W -Evanston, IL 60202 -708-328-9137 708-328-0117 FAX -info@info1.com - -Providing custom Internet and networking solutions. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ILLINOIS - USA - -Honesty Communications Inc. -1001 W 75th St Suite 179A-200 -Woodridge, IL 60517 - -http://www.honesty.com -support@honesty.com - -(630) 964-8441 -(708) 399-8158 Emergency Pager - -Serving as 'Technical Support for Technical Support' to numerous -companies across the country Honesty Communications provides -solutions for all situations with - -We can provide Samba installation, configuration, and security analysis -as well as on-going support, training and upgrades. We also provide -custom programming and a slew of other services. - -Expertise includes: - - UNIX, Windows 95, Windows NT, Windows 3.x, OS/2, Programming (C/C++, - Java, Visual Basic, Visual C, etc.), Support, Training ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -KANSAS - USA - -NT Integrators -2400 W. 31st Street -Lawrence, KS 66046 -USA -913-842-1100 -http://www.ntintegrators.com/ -email: watts@sunflower.com - -My consulting company does NT/Linux/Samba/etc support. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LAS VEGAS, NEVADA - USA - -DPN, Inc. Las Vegas NV - -(702) 873-3282 Ph. -(702) 873-3913 Fax -Email duane@dpn.com - -Can provide commercial support for samba running on any version of -SCO above 3.0 and for Linux. We currently have installed and are -supporting several versions of samba on over 25 client sites across -the US, in addition to our 6 in-house samba servers. Our largest client -site has approx. 100 users. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NEW JERSEY - USA - -William J. Maggio -LAN & Computer Integrators, Inc. -242 Old New Brunswick Road Email: bmaggio@lci.com -Suite 440 Voice: 908-981-1991 -Piscataway, NJ 08855 Fax : 908-981-1858 - - Specializing in Internet connectivity and security, Sun integration and - high speed, enterprise network design and deployment. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NEW YORK - USA - -67.2 Psytronics Solutions - - 90 County Line Road - Massapequa, NY 11758 - U.S.A. - -Phone: +1 516 598 4619 - -Fax: +1 516 598 4619 - -EMail: info@psytronics.com - -URL: http://www.psytronics.com - -Contact: Jaron Rubenstein - -Type of support: Whatever is required. Support contracts available. - -Special expertise: - - Familiar with most topics. Specializing in dial-up server (PPP) -installation and configuration, custom programming, and Internet and -Intranet server configuration. Authorized Red Hat Reseller. - -Sample prices: - - Upon request, usually US$50-$100/hour. Educational discounts -available. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -OREGON - USA - -Warren Birnbaum -Birnbaum Associates -2934 N.E. 18th Avenue -Portland, OR 97212 -Phone: 503-282-6329 -Fax: 503-288-7074 -birnbaum@teleport.com - -I have been supporting Samba in commercial installations for several -years on HP-UX and Solaris server platforms. I have installed Samba on -over 80 servers used by over 7000 users. I am a contributor to Samba -source code. - -I can provide Samba installation, configuration, and custom coding -as well as on-going support. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -TEXAS - USA - -Jody Winston -xprt Computer Consulting, Inc. -731 Voyager -Houston, TX 77062 -(281) 480 8649, jody@sccsi.com - -We have been supporting software from the Free Software Foundation and -other groups such as Linux for over 8 years. The base rate is 150.00 -US dollars per hour. Please contact us for more information on our -rates and services. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -TEXAS - USA - -The Solutions Group -P.O. Box 31400 -Houston, TX 77231-1400 - -Voice: (713) 729-2602 -Fax: (713) 723-9387 -Email: chuckb@LinuxTX.com - -The Solutions Group provides support for Linux, Solaris, and SCO UNIX. -We specialize in mixed environments using Samba. We are certified NT -as well as UNIX specialists. We can provide onsite support in the -Houston area and remote support in any other areas. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -UNITED STATES - -Stelias Computing is the developer of the InfoMagic Workgroup Server, a -Linux distribution customized for use as a PC and Macintosh file and -print server (using Samba and netatalk respectively). Stelias also -offers custom system programming and Samba support contracts. - -For information about the InfoMagic Workgroup Server contact InfoMagic: - http://www.infomagic.com/ - questions@infomagic.com - voice: 800-800-6613 or 520-526-9565 - fax: 520-526-9573 - -To contact Stelias about custom arrangments, send email to -info@stelias.com. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON DC METRO - USA - -Asset Software, Inc. has been running Samba since the 1.6 release on various -platforms, including SunOS 4.x, Solaris 2.x, IRIX 4.x and 5.x, Linux 1.1x, -1.2x, and 1.3x, and BSD UNIX 4.3 and above. We specialize in small office -network solutions and provide services to enhance a small office's -operations. Primarily a custom software operation, our vast knowledge of -Windows, DOS, Unix, Windows NT, MacOS, and OS/2 enable us to provide quality -technical assistance to the small office environment at a reasonable price. -Our upcoming multi-mailbox mail client, IQ Mail, enables users with more -than one mailbox to send and retrieve their mail from a single, consistent -mail client running in Windows. - -David J. Fenwick Asset Software, Inc. -President djf@assetsw.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON STATE - USA - -Brian Meyer -Personal Data Services -9792 Edmonds Way Suite 121 -Seattle, Washington 98020 USA -Voice: (206) 365-8212 -E-mail: admin@pdsnorth.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON - USA - -Olympic Peninsula Consulting; 1241 Lansing Ave W., Bremerton, WA 98312-4343 -telephone 1+ 360 792 6938; mailto:opc@aa.net; http://www.aa.net/~opc; -Unix Systems and TCP/IP Network design, programming, and administration. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON STATE - USA - -INTERNET: bill@Celestial.COM Bill Campbell; Celestial Systems, Inc. -UUCP: camco!bill PO Box 820; 2835 82nd Avenue S.E. S-100 -FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 -URL: http://www.celestial.com/ - -We provide support for Samba and many other Unix related systems. Our -primary systems are SCO, Caldera Linux, and Solaris on Sun systems. - -Celestial has been in business since late 1984 working primarily on -medium to large Unix systems. More information is available on our -web site, http://www.celestial.com/. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON STATE - USA - -Jeff Clithero jeff@octopi.com APPGEN Vertical -Interstellar Octopus, Ltd. Voice 360-379-1754 Accounting Solutions -1829 Lincoln St. PgVm 800-893-9517 Integration Services -Port Townsend, WA USA FAX 360-379-1753 Sales and Support - -We support SAMBA commercially. - -In the US/Canada we provide 800 number for our clients and can go -onsite to customers in the Northwest US and Vancouver, BC areas. ------------------------------------------------------------------------------- - - - -ASIA -==== - ------------------------------------------------------------------------------- -SEOUL - KOREA - -MultiMedia KOREA Inc, E-Mail : info@seoul.korea.co.kr -Internet,WWW,Network Support Group, TEL : +82-02-597-1631 - FAX : +82-02-521-4463 -SeoChoGu SeoChoDong 1537-6 WWW : http://www.korea.co.kr -JungAng B/D #401 -SEOUL KOREA - -SAMBA Experience : SunOS, Solaris, Linux, SCO-Unix, Win95/NT/3.1 ------------------------------------------------------------------------------- - - - - - - -AUSTRALIA & NEW ZEALAND -======================= - ------------------------------------------------------------------------------- -ADELAIDE - AUSTRALIA - -Richard Sharpe, sharpe@ns.aus.com -NS Computer Software and Services P/L -PO Box 86, -Ingle Farm, SA 5098 -Australia - -Contact: Richard Sharpe - Ph: +61-8-281-0063 (08-281-0063) AH - FAX:+61-8-250-2080 (08-250-2080) - -Located in Adelaide, South Australia. - -Proficient with Digital UNIX, ULTRIX, SunOS, Linux, Win 95, WfWg, Win NT. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ADELAIDE - AUSTRALIA - -Loftus Computing Services -191 Flinders Street -Adelaide 5000 -South Australia - -Phone: +61 8 8407 7577 -Fax: +61 8 8407 7501 -Email: support@loftuscomp.com.au - - -SAMBA Experience : SunOS, Solaris, SCO-Unix, Free BSD, Win95/NT/3.1 ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BRISBANE - AUSTRALIA - -Brett Worth -Select Computer Technology - Brisbane -431 Logan Road -Stones Corner QLD 4120 -E-Mail: brett@sct.com.au ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CANBERRA - AUSTRALIA - -Paul Blackman (ictinus@lake.canberra.edu.au, Ph. 06 2012518) is -available for consultation. Paul's Samba background is with -Solaris 2.3/4 and WFWG/Win95 machines. Paul is also the maintainer -of the SAMBA Web Pages. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CANBERRA - AUSTRALIA - -Ben Elliston -E-mail: bje@air.net.au -Samba systems: Solaris 2.x, Linux, HP-UX. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------ -MELBOURNE - AUSTRALIA - -Michael Ciavarella -Cybersoruce Pty Ltd. -8/140 Queen Street -Melbourne VIC 3000 -Phone: +61-3-9642-5997 -Fax: +61-3-9642-5998 -Email: mikec@cyber.com.au -WWW: http://www.cyber.com.au - -Cybersource specialises in TCP/IP network integration and Open Systems -administration. Cybersource is an Australian-owned and operated -company, with clients including some of Australia's largest financial, -petrochemical and state government organisations. ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -MELBOURNE - AUSTRALIA - -Company Name DARX Consulting -Postal Address PO Box 12329 - A'Beckett St PO - Melbourne 3000 -Area of Service Melb Metro and SE Suburbs -Phone +61 3 9822 1216 -Email info@darx.com.au - -We provide setup and support of samba based systems as well as -Novell/NT Systems. ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -N.T - AUSTRALIA - -Open Systems Network Support - -Server Platforms - Unix/Linux -Client Platforms - Windows3.1/95/NT, Macintosh, Unix/Linux - --- -David Schroeder Darwin Network Services -Ph/Fax (08) 8932 1156 PO Box 82383 -(Int) +61 8 8932 1156 Casuarina N.T -Email: djsc@it.ntu.edu.au Australia 0811 ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -NEW SOUTH WALES - AUSTRALIA - -BITcom Telecommunications Phone: (02) 9747 0011 -P.O. Box 15 Int'l: +61 2 9747 0011 -Burwood NSW 2134 Australia Fax: (02) 9747 6918 -Contact: Craig Bevins Email: consult@bitcom.net.au - -BITcom is an open systems and networking consultancy. We have been -doing Open Systems since long before the term was coined, a key staff -member having participated in the IEEE working group which produced -the POSIX standard for Un*x-like systems in 1988. - -We tend to have a Unix orientation (all flavours) but our focus is on -getting the job done and we are happy to employ other technologies which -fit. Heck, we even use and support Microsoft's products! Our areas -of expertise cover general Unix consultancy, support for public domain -and GNUish software, PC LAN -> Unix integration, Internet, WWW and local -and wide-area network design, implementation and security. We have a -collective masochistic streak and actually enjoy hacking on sendmail -configuration. We are an AUSTEL-licenced telecommunications and data -cabler and hold a NSW security industry licence. - -We know Windows NT, LANMAN, PC-NFS and others. We use, recommend and -support Samba and have done so since 1994. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PERTH - AUSTRALIA - -Bruce Cook - Synonet Corporation. -E-mail: bcook@wantree.com.au -Mobile: 015 999 330 (International +61 15 999 330) -Experience: Samba on FreeBSD, Linux, Solaris (Sparc), Sunos-4 - Microsoft networking using NT/NTAS, Win95, WFW311, DOS ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PERTH - AUSTRALIA - -Geoff Allan Phone: +61 8 9325 9922 -Office Information Fax: +61 8 9325 9938 -Perth, Western Australia Mobile: 0412 903 659 -Email: geoffa@officeinfo.com.au - -Office Information has been in existence since 1991. We are (amongst -other things) systems integrators with experts in Unix, Linux, Novell, -NT and the other DOS & Windows platforms. We also have a number of -Clients for whom we have installed and supported Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -QUEENSLAND - AUSTRALIA - -Plugged In Software Pty Ltd -PO Box 4130 -4/242 Hawken Drive -St. Lucia South, Qld 4067 -Australia -http://www.plugged.net.au -info@plugged.net.au -+61 7 3876 7140 -+61 7 3876 7142 (fax) -Point of Contact: David Wood ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -Philip Rhoades -Pricom Pty Ltd -http://www.pricom.com.au = http://203.12.131.20 -GPO Box 3411 Sydney NSW 2001 Australia -Ph: +61:0411:185652 -Fax: +61:2:9959-3481 -E-mail: philr@mail.austasia.net ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -John Terpstra - Aquasoft (jht@aquasoft.com.au) -Business: +612 9524 4040 -Home: +612 9540 3154 -Mobile: +612 414 334422 (aka 0414 334422) -Samba Experience: Member of Samba-Team. Long term contributor to Samba - Samba on BSD/OS, Solaris (Sparc & x86), ISC Unix, SCO Unix - NCR SVR4, Linux, UnixWare, IBM, HP, DEC, Others. - Training Instructor in Windows NT, wide area networking - over TCP/IP. Providing paid-for support for Public Domain - Software and Linux. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -We are a Unix & Windows developer with a consulting & support component. -In business since 1981 with experience on Sun, hp, sgi, IBM rs6000 plus -Windows, NT and Win95, Using Samba since September 94. -CodeSmiths, 22 Darley Road, MANLY 2095 NSW; 977 1979; fax: 977 2116 -philm@esi.com.au (Australia; New South Wales; SYDNEY; North East) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -Pacific ESI has used and installed Samba since 1.6 on a range -of machines running SunOS, BSD/OS, SCO/UNIX, HP/UX, and Solaris, -and WfWG and Windows95. The largest system worked on to date -involved an Australia wide network of machines with PCs and SUNs -at the various nodes. The in-house testing site is a wide area -network with three sites, remotely connected with PPP and with -SUN servers at each site to all of which are connected several -PCs running mainly WfWG. - -Stefan Kjellberg Pacific Engineering Systems -International -info@eram.esi.com.au Voice:+61-2-9063377 -... Fax:+61-2-9063468 ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WELLINGTON - NEW ZEALAND - -David Gempton -Computer Consultant -UNIX & PC Networking specialist -TTC Technology Training Consulting -PO Box 5444 -Lambton Quay Wellington -New Zealand -Phone (025) 518-574 -Email: ttcdg@cyberspace.co.nz ------------------------------------------------------------------------------- - - - - - - -CANADA -====== - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -Strata Software Limited, Kanata Ontario CANADA -Tel: +1 (613) 591-1922 Fax: +1 (613) 591-3485 -Email: sales@strataware.com WWW: http://www.strataware.com/ - -Strata Software Limited is a software development and consulting group -specializing in data communications (TCP/IP and OSI), X.400, X.500 and -LDAP, and X.509-based security. We have Samba experience with Windows NT, -Windows 95, and Windows for Workgroups clients with Linux, Unixware -(SVR4), and HP-UX servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -WW Works Inc. -3201 Maderna Road -Burlington, Ontario -Canada L7M 2W4 - -Contact: Wade Weppler -(905) 332-5844 -FAX: (905) 332-5535 - -Information Systems Sales and Consulting. -Specializing in Turnkey Windows NT Network environments with emphasis on -Legacy UNIX System integration using Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - - Bilyana Aleksic |Email: baleksic@atitech.ca | - | | -ATI Technologies Inc. |Phone: 905-882-2600 x3179 | -75 Tiverton Court |Fax : 905-475-3930 | -Unionville, Ontario | | -Canada, L3R 9S3 | | ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -Sound Software Ltd. -20 Abelard Avenue -Brampton, Ontario Canada -905 452 0504 -sales@telly.org -www.telly.org - -Sound Software company is a Caldera Business Partner, providing support for -Samba and other applications running under Caldera Linux. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -GenX Internet Laboratories Inc. -20 Madison Ave. -Toronto, Ontario, Canada -M5R 1S2 - -GenX Internet Labs is engaged in systems integration and -the design and development of software for use over the -internet and intranets. - -We install, support and can resolve most system/Samba problems -on Linux. We are also an internet provider and use Samba to -provide a remote office solution to our customers. This solution -provides access to the shared resources on a corporate lan. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -FSC Internet -The FSC Building -188 Davenport Rd -Toronto, Ontario -Canada M5R 1J2 - -(416) 921-4280 -fax (416) 966-2451 - -info@fscinternet.com - -FSC Internet is one of Canada's largest UNIX and NT networking -consulting firms. FSC's clients include numerous top-tier -corporations (e.g. Mazda, Heinz), as well as mid-sized companies -(e.g. the Vermont Telephone Company) and the public sector. FSC -provides full consulting, implementation, support, and training -services for all UNIX and NT network applications, including a -special focus on internetworking (extensive Samba experience), -security, high-performance Web applications, and Intranets. Please -email us at info@fscinternet.com or call us at (416) 921-4280 for -further information. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -MIS Incorporated, London Ontario CANADA -Tel: +1 (519) 673-3777 Fax: +1 (519) 673-4292 -Email: samba-support@netcontech.com - -MIS Incorporated is a Microsoft Certified Solution Provider, -and system support group specializing in applying Windows -front ends to high end relational database servers. Samba -support available on any unix platform in conjunction with -WFW, Windows-NT, Win95, OS/2. Dial-in support -nation-wide, or on-site anywhere in Ontario. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -OTTAWA - CANADA - -Russell McOrmond -Open Systems Internet Consultant -Serving individuals and organizations in the Ottawa (Ontario, Canada) area. -voice: (613) 235-7584 FAX: (613) 230-1258 -russell@flora.org , http://www.flora.org/russell/work/ ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -QUEBEC - CANADA - -Dataden Computer Systems -Attn: Danny Arseneau -arseneau@parkmed.com -895 2nd Avenue -Ile Bizard, Quebec -Canada, H9C 1K3 -Tel: (514)891-2293 -Fax: (514)696-0848 - -Dataden is company that specializes in Unix--TCP/IP networking. -We have over 15 years of experience. We have been installing, -configuring and maintaining Samba for clients for 1-1/2 years now. We -have samba installations on Linx, SunOS and DEC OSF. Our biggest site -has 4 Suns and 3 Linux servers running Samba which are serving a network -of about 50 PC's running WFWg and Win95. ------------------------------------------------------------------------------- - - - - - - - - -EUROPE -====== - ------------------------------------------------------------------------------- -BRUSSELS - BELGIUM - -Phidani Software SPRL -Rue de l'autonomie, 1 -1070 Brussels -Belgium -Tel : +32 (2) 5220663 -Fax: +32 (2) 5220930 - -We provide commercial support in Belgium to large organisations -(eg: N.A.T.O., Unisys, E.C.C. ...) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SOFIA - BULGARIA - -National Laboratory for Computer Virology and SEA Ltd. - -We work mainly in the following fields: - -* Design and testing of antivirus and computer security related software - and hardware; -* Data aquisition equipment -* Network design and consulting. - -Samba is our most common network tool for the export of data collected on -UNIX machines to PC clients, file services and simple client/server -processing schemes. - -Samba experience: Linux, Ultrix, Solaris, AIX, RiscOS. - -Client experience: LanMan, WFW, Win 95, Win NT. - -Address: - -National Laboratory for Computer Virology BAS, -Akad. G. Bonchev Str. bl.8, -Sofia 1113, -Bulgaria -E-mail:sales@nlcv.acad.bg -URL http://www.nlcv.acad.bg - -SEA Ltd, -Akad G.Bonchev Str bl. 8, rm 225, -Sofia 1113. -Bulgaria -E-mail:nmechkov@virbus.bg -URL http://www.orgchm.acad.bg/~sealtd ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PRAHA (PRAGUE) - CZECH - -AGC Praha, -David Doubrava -Sokolovska 141 -PRAHA 8 -180 00 - -Tel: +42 (2) 6600 2202 Fax: +42 (2) 683 02 55 -Email: ddoubrava@agc.cz WWW: http://corwin.agc.cz/ - -I have Samba experience with Windows NT, -Windows 95, and Windows for Workgroups clients with Linux and HP-UX -servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CAMBRIDGE - ENGLAND. Will travel / provide support world-wide. - -Luke Kenneth Casson Leighton -Phone: +44 1223 570 262 or 570 264 or Mobile +44 410 305 745 -lkcl@switchboard.net - -Configuration Experience: - -Clients: MSClient 3.0; WfWg; W95; NT 3.5 and 4.0 Workstation. -Servers: Samba 1.9.15 and above (on-hands experience with Linux, SunOS -4.1.3 and FreeBSD); NT 4.0 Server. - -Present Experience: - -Luke Leighton, a Samba Team member since October 1995, understands -Browsing and WINS from having re-designed and re-written nmbd, and -SMB/CIFS from attending the two CIFS conferences; by listening to -discussions amongst the Samba Developers, and from answering user's -queries on the Samba Digest. - -Support offered: - -If there are either areas of functionality that are missing or bugs -that are affecting the performance of your company; if you require -advice / training on the deployment and administration of SMB/CIFS -Clients and Servers; if your company's policy only allows you to -use samba if it is supported commercially... I am available for hire -anywhere in the world. - -Long-term Project Aims: - -I would like to implement a CIFS proxying system suitable for Enterprise -Networks (large Intranets: 10,000 to 150,000 simultaneous users) that is -backwards compatible with all CIFS/SMB servers (MSClient 3.0 for DOS, -through to NT 4.0). - -I would also like to implement an alternative SMB client for NT and 95. -This would allow samba to offer secure and authenticated file and print -access, to the extent that the laws of your country permit. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CAMBRIDGE - ENGLAND - -Mark Ayliffe MBCS, Technical Consultant -Protechnic Computers Limited http://www.prot.demon.co.uk -7 Signet Court Tel +44 1223 314855 -Swann's Road Fax +44 1223 368168 -Cambridge CB5 8LA -England - - -Protechnic Computers Limited has experience of installing and -maintaining Samba on the following platforms: - -HP/UX 9.0x, 10.1x & 10.2x -DG/UX, Motorola and Intel -Digital UNIX ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CORNWALL - ENGLAND - -Starstream Communications Ltd -Unit 9 -Moss Side Industrial Estate -Callington -Cornwall -PL17 7DU -United Kingdom - -Phone +44 1579 384072 Fax +44 1579 384267 - -Contact : Terry Moore-Read terry@starstream.co.uk - -Website : http://www.ndu-star.demon.co.uk shortly moving to -http://www.starstream.co.uk ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FAREHAM - ENGLAND - -High Field Technology Ltd -Little Park Farm Road, Segensworth West, -Fareham, Hants PO15 5SJ, UK. -sales@hft.co.uk tel +44 148 957 0111 fax +44 148 957 0555 - -Company skills: Real time hardware and software systems - -Samba experience: BSD/OS, Linux, LynxOS <==> WFWG, NT - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LEICESTERSHIRE - ENGLAND - -TECTONIC LIMITED -WESTWOOD -78 LOUGHBOROUGH ROAD -QUORN -LEICESTERSHIRE -LE12 8DX - -TELEPHONE 01509-620922 -FAX 01509-620933 - -Contact Samantha Hull - -We are unix orientated but also specialise in pc to unix communications, we -know and understand pc-nfs, (hence our interest in samba). -we support sunos, solaris 1.x and 2.x, hp-ux 9.0 and 10.0, osf (or dec unix, -whichever you prefer), winnt, wfwg and win95. - -We are already talking to a couple of very large samba users here in the uk. -Tectonic are in the process of creating the UK SAMBA USER GROUP and would -appreciate any feedback or queries. - -For samba support, and for details on the UK SAMBA USER GROUP, please contact -me at: sam@tectonic.demon.co.uk - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LONDON - ENGLAND - -Mark H. Preston, -Network Analyst, | Email : mpreston@sghms.ac.uk -Computer Unit, | Tel : +44 (0)181 725-5434 -St. George's Hospital Med School, | Fax : +44 (0)181 725-3583 -London SW17 ORE. | WWW : http://www.sghms.ac.uk - -Samba Experience: -Server: Solaris 2.3 & 2.4, Irix 5.2 & 5.3 -Client: WinNT, Win95, WfWg, Win3.1, Ms-LanMan, DHCP support ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LONDON - ENGLAND - -Name: Paul Dunne -Address: 30 Onslow Gardens - London - N10 3JU - UK -Phone: +44 (0)181-374 8194 -Fax: None -E-mail: paul@tiny1.demon.co.uk -URL: http://www.tiny1.demon.co.uk - -Contact: Paul Dunne -Type of support: E-mail and onsite. - -Expertise: Installing and troubleshooting Samba, on Linux and Win95. -Sample prices: Basic rate £30/hour. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -READING - ENGLAND - -Philip Hands | E-Mail: info@hands.com Tel:+44 118 9545656 -Philip Hands Computing Ltd. | Mobile: +44 802 242989 Fax:+44 118 9474655 -Unit 1, Cherry Close, Caversham, Reading RG4 8UP ENGLAND - -Samba experience: - Server platforms: Linux,SVR4,SVR3.2 & Sequent ptx - Clients: WfWg, W3.1, OS2 and MS-LanMan ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PARIS - FRANCE - -Alcove -7, rue Royer-Bendelé -92230 Gennevilliers - Email: alcove@alcove.fr -http://www.alcove.fr Phone number: +33 01 40 85 80 06 - Fax number: +33 01 47 90 40 42 ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BERLIN - GERMANY - -Name: innominate - Multifunktionale Serverloesungen und IT-Dienstleistungen - -Address: Stresemannstraße 128, 10117 Berlin -Country: Germany -Phone: +49 30 202 90 477 -Fax: +49 30 202 90 249 -EMail: info@innominate.de -Web: http://innominate.de - -Type of support: vor Ort, Email, Fernzugriff ueber Internet/ISDN, - -Wir verfuegen ueber umfangreiche Erfahrung mit Samba, vor allem -in Intranetumgebungen. Neben Beratung, Dienstleistung -und Schulung bieten wir auch individuell vorkonfigurierte -Kommunikationsserver ("Lingo") auf der Basis von Linux an. -Neben anderen Modulen (ISDN/Internet/Intranet/Email/Proxy -u.a.) ist in Lingo ein Fileserver-Modul auf Samba-Basis inklusive -einem mehrstufigen Firewallsystem enthalten. -Außerdem verfuegt Lingo ueber eine grafische Administrations- -oberflaeche, mit der z.B. das Hinzufuegen von neuen Benutzern -von jedem Client per WWW-Browser moeglich ist. - -Prices: Komplettpreise fuer Lingo nach Vereinbarung - 120 DM/Stunde fuer Dienstleistung - Schulung nach Vereinbarung ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BERLIN - GERMANY - -Ing. Buero Buehler -Dipl.-Ing. Frank Buehler -Paul-Krause-Str. 5 -14129 Berlin -Germany - -Phone: +49/(0)177/825 33 80 Fax: +49/(0)30/803-3039 -mailto:fb@hydmech.fb12.TU-Berlin.de - -We install and maintain small to middle sized Linux-Windows -networks within the Berlin area and are available for consulting and -questions about networking, Linux, database systems and electronics. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BIELEFELD - GERMANY - -I am located in Bielefeld/Germany and have been doing Unix consultancy -work for the past 8 years throughout Germany and the rest of Europe. I -can be contacted by email at <jpm@mens.de> or via phone at +49 521 -9225922 or telefax at +49 521 9225924. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BIELEFELD - GERMANY - -Name : media engineering gmbh -Address: Bleichstr. 77a , D-33607 Bielefeld -Phone : +49-521-1365640 -Fax : +49-521-1365642 -eMail : info@media-eng.bielefeld.com -URL : http://www.media-eng.bielefeld.com/ -Contact: Dipl.Ing. Hartmut Holzgraefe - -Type of support: phone, eMail, inhouse, remote administration ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -DREIEICH - GERMANY - -A. G. Schindler <schindler@az1.de> -c/o Alpha Zero One Gmbh -Frankfurter Str. 141 -D - 63303 Dreieich -Germany - -AZ1 is a company of Value Added Resellers (VARs) of Digital Equipment -Corp. products and solution provider for Industry Applications. - -We're providing commercial support for Samba running on DEC hardware -under Digital Unix (R), Digital OpenVMS (R) and Linux. - -Contract based and hotline support available. Fast response on-site -support coming soon for the Franfurt / Main area. - -Pathworks or WinNT to Samba migrators welcome ! - -Please contact us via: schindler@az1.de ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GOETTINGEN - GERMANY - -Service Network GmbH -Hannah Vogt Str. 1 -37085 Goettingen -Germany -Phone: +49-551-507775 -Fax: +49-551-507776 -http://www.sernet.de/ -samba@sernet.de - -SerNet is a company doing LAN consulting and training. We offer -Internet access for our customers. We have experience with many -different kinds of Unix, especially Linux, as well as NetWare and NT. -Volker Lendecke, one of our our founders and a Samba Team member, -has gained a lot of SMB/CIFS and NetWare experience writing smbfs and -ncpfs, the Linux kernel file systems that enable Linux to access -Windows NT and other SMB/CIFS servers, and NetWare Servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GREIFSWALD - GERMANY - -Mr. Frank Rautenberg, Mr. Heiko Boesel, Mr. Jan Holz -UniCon Computersysteme GmbH -Ziegelhof 20 -D-17489 Greifswald -email: samba@unicon-gmbh.com -www: http://www.unicon-gmbh.com - -We use Samba and we provide support for our customers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -MUENCHEN - GERMANY - -CONSYS GmbH -Landsberger Str. 402 -81241 München -Germany -Phone: +49-89-5808181 -Fax: +49-89-588776 -http://www.consys.de/ -mailto:samba@consys.de - - -CONSYS is a software company. We have experience especially with SCO Unix -and other Unix systems, as well as with Windows 95 and NT. -We are a Premium Partner of SCO and know and have used samba for four years. -Our engineers know a lot about the installation of SCO Unix. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GREECE - -Yiorgos Adamopoulos -Electrical and Computer Engineer -email: adamo@InterWorks.org - -I can provide Samba support for the following operating systems throughout the -whole of Greece: Windows 3.11/95/NT, Ultrix, HP-UX, NetBSD, OpenBSD, SunOS, -Solaris, Linux, Irix. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SZEGED - HUNGARY - - Name: Geza Makay - Institute: Jozsef Attila University of Szeged - Mail: Bolyai Institute, Aradi vertanuk tere 1. - H-6720, Szeged, Hungary - Tel: (62) 454-091 (Hungary's code: 36) - Fax/Message: (62) 326-246 (Hungary's code: 36) - E-mail: makayg@math.u-szeged.hu - World Wide Web: http://www.math.u-szeged.hu/ ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -MILANO - ITALY - -INFERENTIA S.p.A. -Via Tacito 6 -20137 MILANO (MI) -ITALY -tel: +39 2 599281 -fax: +39 2 59928221 -contact: Consulting Division -e-mail: consulting@inferentia.it -www: http://www.inferentia.it - -INFERENTIA Consulting is available for establishing commercial support -contracts on Samba integration with Microsoft Networks-based LANs. -We can offer a solid experience with: -- All flavours of Windows (Workgroups, 95, NT) -- IBM AIX, Digital UNIX, Sun Solaris, Linux, HP/UX -- geographically distributed networks with WAN links ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ITALY - -InfoTecna di Cesana D. & C. s.n.c. -Via Cesana e Villa, 29 -20046 Biassono (Mi) - -Tel: ++39 39 2324054 -Fax: ++39 39 2324054 - -e-mail: infotecn@tin.it -URL: http://space.tin.it/internet/dsbragio - -We provide Samba support along with generic Linux support. Specifically we -have implemented a powerful Fax servicing system for Samba with Win95/NT -clients. Details could be found at our URL, currently, only in Italian. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ABANO TERME (PADOVA) - ITALY - -PROFUSO di Zanetti Giuseppe - Studio di Consulenza Informatica -Abano Terme (PD) - ITALY -profuso@profuso.com -http://www.profuso.com/ -Phone: ++39 49 8059070 / ++39 348 2220811 - -We provide all possible support for Linux, UNIX, -development, security and system integration. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PALERMO - ITALY - -Francesco Cardinale -E-Mail: cardinal@palermo.italtel.it -Samba experience: SVR3.2, SOLARIS, ULTRIX, LINUX <--> DOS LAN-MAN, WFW ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PISA - ITALY - -I3 ICUBE s.r.l. -Via Pascoli 8 -56125 PISA (PI) -ITALY -tel: 050/503202 -fax: 050/504617 -contact person: Marco Bizzarri -e-mail: m.bizzarri@icube.it -www: http://www.icube.it/ - -Our company offers commercial support to integrate eterogenous networks. -We can provide support for the following architectures: - -Windows: -Windows for Workgroup -Windows 95 -Windows NT - -Unix: -Linux -Solaris -Digital Unix - -Macintosh ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ROME - ITALY - -Company: Pantheon Srl - Via del Tritone 132 - 00187 ROME - ITALY - -Phone/Fax: +39 6 47823666 -URL: http://www.pantheon.it - -Contact: Dario Centofanti <dario@pantheon.it> - -Pantheon provide support for SaMBa and other TCP/IP applications running -under Linux. We are also an internet provider. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -VICENZA - ITALY - -Company: AVnet srl -Address: via Fogazzaro, 2 - 36015 SCHIO (VI) - ITALY -phone: 0445/511445 -fax: 0445/511449 -contact: Giovanni Panozzo - -e-mail: samba@avnet.it - - -AVnet provides consulting and support on all problems -regarding unix-to-win networking. We operate as ISP and we -offer in depth TCP/IP knowledge for lan, intranet and WANs. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LUXEMBOURG - EUROPE - -E.C.C. sa -11, Rue Bettlange -L-9657 HARLANGE -Grand-Duche de Luxembourg -Tel. +352 93615 (from 09/97: +352 993615) -Fax +352 93569 (from 09/97: +352 993569) -oontact person: Stefaan A Eeckels -email: Stefaan.Eeckels@ecc.lumail - -We're located in Luxembourg, and recently provided support -for Samba at Eurostat (the European Commision), who are using -Samba to integrate Windows NT workstations in their Solaris -/ Windows3.1 network. All in all, things run rather smoothly now. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -DELFT - NETHERLANDS - -BitWizard B.V. -van Bronckhorststraat 12 -2612 XV Delft -The Netherlands -Tel: +31-15-2137459 -Email: samba@BitWizard.nl -http: http://www.bitwizard.nl/ - -Specific activities: - - - Linux support - - GNU software support - - Linux device driver writing - - Data recovery - -BitWizard supports freely distributable software, -especially quality products like "Samba". ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GRONINGEN - THE NETHERLANDS - -Company: Le Reseau netwerksystemen BV -Address: Bieslookstraat 31 -City: Groningen -Zip: NL-9731 HH -Country: The Netherlands - -We already offer commercial support on Linux and other Unices. Together with -an application house we have developed a office automation environment which -heavily depends on Samba. This environment consists of a Linux application -server which is also the Samba server. A NT server for standard office -applications. A firewall for Internet connectivity. And a large number of -DOS/Win3.x/W95 clients that connect to the different machines. User's home -directories are mounted through Sambe. - -We also support other Unices like Solaris, SunOS, HP-UX, Digital Unix and -AIX. - -Sincerely, - -Arthur Donkers -Le Reseau - -email : arthur@reseau.nl -phone : (+31) 595 552431 -URL http://www.reseau.nl ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NIJMEGEN - THE NETHERLANDS - -Xtended Internet (http://www.xtdnet.nl/) - -Broerdijk 27 Postbus 170 Tel: 31-24-360 39 19 -6523 GM Nijmegen 6500 AD Nijmegen Fax: 31-24-360 19 99 -The Netherlands The Netherlands info@xtdnet.nl ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -UTRECHT - NETHERLANDS - -Van den Hout Creative Communications -Koos van den Hout -Email : koos@kzdoos.xs4all.nl -Phone : +31-30-2871002 -Fax : +31-30-2817051 -Samba experience: Setup and configuration for Linux, Solaris, web -publishing related usage. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WROCLAW - POLAND - -Name: Sergiusz Pawlowicz -Institute: Wroclaw University of Technology -Mail: room 120A, Prusa 53/55, Wroclaw 50-370, Poland -Tel: +48(71)206450 -Fax: +48(71)212448 -E-mail: ser@pwr.wroc.pl -WWW: http://www.arch.pwr.wroc.pl/ ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -VETLANDA - SWEDEN - - IBS Industridata AB - Box 95 - 574 21 VETLANDA - SWEDEN - -Phone: +46-383-16065 -Fax: +46-8-287905 -E-mail: samba@ibs.se -http://www.id.ibs.se/ibsid - -We have offices in about 20 cities in Sweden and can provide commercial -support for Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- - - - - -MIDDLE EAST -=========== - ------------------------------------------------------------------------------- -ISRAEL - -Sela Systems -10 Ha'Kishon St. -Bnei-Brak -Israel 51203 -Phone: +972-3-6190999 -Fax: +972-3-6190992 -Email: info@sela.co.il - -We have been involved in Samba projects since 1995. -We have several large-scale clients using Samba in their network -and getting support from us. We also provide Unix/NT/Novell/Win95 -system and network services and solutions. Our company also provides -courses and training in many aspects of systems and networking, -including TCP/IP and Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt deleted file mode 100644 index 65e854a7924..00000000000 --- a/docs/textdocs/Tracing.txt +++ /dev/null @@ -1,96 +0,0 @@ -!== -!== Tracing.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> -Date: Old -Status: Questionable - -Subject: How to trace samba system calls for debugging purposes -============================================================================= - -This file describes how to do a system call trace on Samba to work out -what its doing wrong. This is not for the faint of heart, but if you -are reading this then you are probably desperate. - -Actually its not as bad as the the above makes it sound, just don't -expect the output to be very pretty :-) - -Ok, down to business. One of the big advantages of unix systems is -that they nearly all come with a system trace utility that allows you -to monitor all system calls that a program is making. This is -extremely using for debugging and also helps when trying to work out -why something is slower than you expect. You can use system tracing -without any special compilation options. - -The system trace utility is called different things on different -systems. On Linux systems its called strace. Under SunOS 4 its called -trace. Under SVR4 style systems (including solaris) its called -truss. Under many BSD systems its called ktrace. - -The first thing you should do is read the man page for your native -system call tracer. In the discussion below I'll assume its called -strace as strace is the only portable system tracer (its available for -free for many unix types) and its also got some of the nicest -features. - -Next, try using strace on some simple commands. For example, "strace -ls" or "strace echo hello". - -You'll notice that it produces a LOT of output. It is showing you the -arguments to every system call that the program makes and the -result. Very little happens in a program without a system call so you -get lots of output. You'll also find that it produces a lot of -"preamble" stuff showing the loading of shared libraries etc. Ignore -this (unless its going wrong!) - -For example, the only line that really matters in the "strace echo -hello" output is: - -write(1, "hello\n", 6) = 6 - -all the rest is just setting up to run the program. - -Ok, now you're famialiar with strace. To use it on Samba you need to -strace the running smbd daemon. The way I tend ot use it is to first -login from my Windows PC to the Samba server, then use smbstatus to -find which process ID that client is attached to, then as root I do -"strace -p PID" to attach to that process. I normally redirect the -stderr output from this command to a file for later perusal. For -example, if I'm using a csh style shell: - - strace -f -p 3872 >& strace.out - -or with a sh style shell: - - strace -f -p 3872 > strace.out 2>&1 - -Note the "-f" option. This is only available on some systems, and -allows you to trace not just the current process, but any children it -forks. This is great for finding printing problems caused by the -"print command" being wrong. - -Once you are attached you then can do whatever it is on the client -that is causing problems and you will capture all the system calls -that smbd makes. - -So how do you interpret the results? Generally I search thorugh the -output for strings that I know will appear when the problem -happens. For example, if I am having touble with permissions on a file -I would search for that files name in the strace output and look at -the surrounding lines. Another trick is to match up file descriptor -numbers and "follow" what happens to an open file until it is closed. - -Beyond this you will have to use your initiative. To give you an idea -of wehat you are looking for here is a piece of strace output that -shows that /dev/null is not world writeable, which causes printing to -fail with Samba: - -[pid 28268] open("/dev/null", O_RDWR) = -1 EACCES (Permission denied) -[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied) - -the process is trying to first open /dev/null read-write then -read-only. Both fail. This means /dev/null has incorrect permissions. - -Have fun! - -(please send updates/fixes to this file to samba-bugs@samba.anu.edu.au) diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt deleted file mode 100644 index e79f54438c6..00000000000 --- a/docs/textdocs/UNIX-SMB.txt +++ /dev/null @@ -1,234 +0,0 @@ -!== -!== UNIX-SMB.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> -Date: April 1995 - -Subject: Discussion of NetBIOS in a Unix World -============================================================================ - -This is a short document that describes some of the issues that -confront a SMB implementation on unix, and how Samba copes with -them. They may help people who are looking at unix<->PC -interoperability. - -It was written to help out a person who was writing a paper on unix to -PC connectivity. - - -Usernames -========= - -The SMB protocol has only a loose username concept. Early SMB -protocols (such as CORE and COREPLUS) have no username concept at -all. Even in later protocols clients often attempt operations -(particularly printer operations) without first validating a username -on the server. - -Unix security is based around username/password pairs. A unix box -should not allow clients to do any substantive operation without some -sort of validation. - -The problem mostly manifests itself when the unix server is in "share -level" security mode. This is the default mode as the alternative -"user level" security mode usually forces a client to connect to the -server as the same user for each connected share, which is -inconvenient in many sites. - -In "share level" security the client normally gives a username in the -"session setup" protocol, but does not supply an accompanying -password. The client then connects to resources using the "tree -connect" protocol, and supplies a password. The problem is that the -user on the PC types the username and the password in different -contexts, unaware that they need to go together to give access to the -server. The username is normally the one the user typed in when they -"logged onto" the PC (this assumes Windows for Workgroups). The -password is the one they chose when connecting to the disk or printer. - -The user often chooses a totally different username for their login as -for the drive connection. Often they also want to access different -drives as different usernames. The unix server needs some way of -divining the correct username to combine with each password. - -Samba tries to avoid this problem using several methods. These succeed -in the vast majority of cases. The methods include username maps, the -service%user syntax, the saving of session setup usernames for later -validation and the derivation of the username from the service name -(either directly or via the user= option). - -File Ownership -============== - -The commonly used SMB protocols have no way of saying "you can't do -that because you don't own the file". They have, in fact, no concept -of file ownership at all. - -This brings up all sorts of interesting problems. For example, when -you copy a file to a unix drive, and the file is world writeable but -owned by another user the file will transfer correctly but will -receive the wrong date. This is because the utime() call under unix -only succeeds for the owner of the file, or root, even if the file is -world writeable. For security reasons Samba does all file operations -as the validated user, not root, so the utime() fails. This can stuff -up shared development diectories as programs like "make" will not get -file time comparisons right. - -There are several possible solutions to this problem, including -username mapping, and forcing a specific username for particular -shares. - -Passwords -========= - -Many SMB clients uppercase passwords before sending them. I have no -idea why they do this. Interestingly WfWg uppercases the password only -if the server is running a protocol greater than COREPLUS, so -obviously it isn't just the data entry routines that are to blame. - -Unix passwords are case sensitive. So if users use mixed case -passwords they are in trouble. - -Samba can try to cope with this by either using the "password level" -option which causes Samba to try the offered password with up to the -specified number of case changes, or by using the "password server" -option which allows Samba to do its validation via another machine -(typically a WinNT server). - -Samba supports the password encryption method used by SMB -clients. Note that the use of password encryption in Microsoft -networking leads to password hashes that are "plain text equivalent". -This means that it is *VERY* important to ensure that the Samba -smbpasswd file containing these password hashes is only readable -by the root user. See the documentation ENCRYPTION.txt for more -details. - - -Locking -======= - -The locking calls available under a DOS/Windows environment are much -richer than those available in unix. This means a unix server (like -Samba) choosing to use the standard fcntl() based unix locking calls -to implement SMB locking has to improvise a bit. - -One major problem is that dos locks can be in a 32 bit (unsigned) -range. Unix locking calls are 32 bits, but are signed, giving only a 31 -bit range. Unfortunately OLE2 clients use the top bit to select a -locking range used for OLE semaphores. - -To work around this problem Samba compresses the 32 bit range into 31 -bits by appropriate bit shifting. This seems to work but is not -ideal. In a future version a separate SMB lockd may be added to cope -with the problem. - -It also doesn't help that many unix lockd daemons are very buggy and -crash at the slightest provocation. They normally go mostly unused in -a unix environment because few unix programs use byte range -locking. The stress of huge numbers of lock requests from dos/windows -clients can kill the daemon on some systems. - -The second major problem is the "opportunistic locking" requested by -some clients. If a client requests opportunistic locking then it is -asking the server to notify it if anyone else tries to do something on -the same file, at which time the client will say if it is willing to -give up its lock. Unix has no simple way of implementing -opportunistic locking, and currently Samba has no support for it. - -Deny Modes -========== - -When a SMB client opens a file it asks for a particular "deny mode" to -be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE, -DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be -allowed by anyone else who tries to use the file at the same time. If -DENY_READ is placed on the file, for example, then any attempt to open -the file for reading should fail. - -Unix has no equivalent notion. To implement this Samba uses either lock -files based on the files inode and placed in a separate lock -directory or a shared memory implementation. The lock file method -is clumsy and consumes processing and file resources, -the shared memory implementation is vastly prefered and is turned on -by default for those systems that support it. - -Trapdoor UIDs -============= - -A SMB session can run with several uids on the one socket. This -happens when a user connects to two shares with different -usernames. To cope with this the unix server needs to switch uids -within the one process. On some unixes (such as SCO) this is not -possible. This means that on those unixes the client is restricted to -a single uid. - -Note that you can also get the "trapdoor uid" message for other -reasons. Please see the FAQ for details. - -Port numbers -============ - -There is a convention that clients on sockets use high "unprivilaged" -port numbers (>1000) and connect to servers on low "privilaged" port -numbers. This is enforced in Unix as non-root users can't open a -socket for listening on port numbers less than 1000. - -Most PC based SMB clients (such as WfWg and WinNT) don't follow this -convention completely. The main culprit is the netbios nameserving on -udp port 137. Name query requests come from a source port of 137. This -is a problem when you combine it with the common firewalling technique -of not allowing incoming packets on low port numbers. This means that -these clients can't query a netbios nameserver on the other side of a -low port based firewall. - -The problem is more severe with netbios node status queries. I've -found that WfWg, Win95 and WinNT3.5 all respond to netbios node status -queries on port 137 no matter what the source port was in the -request. This works between machines that are both using port 137, but -it means it's not possible for a unix user to do a node status request -to any of these OSes unless they are running as root. The answer comes -back, but it goes to port 137 which the unix user can't listen -on. Interestingly WinNT3.1 got this right - it sends node status -responses back to the source port in the request. - - -Protocol Complexity -=================== - -There are many "protocol levels" in the SMB protocol. It seems that -each time new functionality was added to a Microsoft operating system, -they added the equivalent functions in a new protocol level of the SMB -protocol to "externalise" the new capabilities. - -This means the protocol is very "rich", offering many ways of doing -each file operation. This means SMB servers need to be complex and -large. It also means it is very difficult to make them bug free. It is -not just Samba that suffers from this problem, other servers such as -WinNT don't support every variation of every call and it has almost -certainly been a headache for MS developers to support the myriad of -SMB calls that are available. - -There are about 65 "top level" operations in the SMB protocol (things -like SMBread and SMBwrite). Some of these include hundreds of -sub-functions (SMBtrans has at least 120 sub-functions, like -DosPrintQAdd and NetSessionEnum). All of them take several options -that can change the way they work. Many take dozens of possible -"information levels" that change the structures that need to be -returned. Samba supports all but 2 of the "top level" functions. It -supports only 8 (so far) of the SMBtrans sub-functions. Even NT -doesn't support them all. - -Samba currently supports up to the "NT LM 0.12" protocol, which is the -one preferred by Win95 and WinNT3.5. Luckily this protocol level has a -"capabilities" field which specifies which super-duper new-fangled -options the server suports. This helps to make the implementation of -this protocol level much easier. - -There is also a problem with the SMB specications. SMB is a X/Open -spec, but the X/Open book is far from ideal, and fails to cover many -important issues, leaving much to the imagination. Microsoft recently -renamed the SMB protocol CIFS (Common Internet File System) and have -published new specifications. These are far superior to the old -X/Open documents but there are still undocumented calls and features. -This specification is actively being worked on by a CIFS developers -mailing list hosted by Microsft. - diff --git a/docs/textdocs/UNIX_INSTALL.txt b/docs/textdocs/UNIX_INSTALL.txt deleted file mode 100644 index 89951f5b786..00000000000 --- a/docs/textdocs/UNIX_INSTALL.txt +++ /dev/null @@ -1,346 +0,0 @@ -!== -!== UNIX_INSTALL.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> -Date: Unknown -Status: Current -Updated: August 25, 1997 - -Subject: HOW TO INSTALL AND TEST SAMBA -=============================================================================== - - -STEP 0. Read the man pages. They contain lots of useful info that will -help to get you started. If you don't know how to read man pages then -try something like: - - nroff -man smbd.8 | more - -Unfortunately, having said this, the man pages are sadly out of date and -really need more effort to maintain them. Other sources of information -are pointed to by the Samba web site, http://samba.anu.edu.au/samba. - -STEP 1. Building the binaries - -To do this, first edit the file source/Makefile. You will find that -the Makefile has an entry for most unixes and you need to uncomment -the one that matches your operating system. - -You should also edit the section at the top of the Makefile which -determines where things will be installed. You need to get this right -before compilation as Samba needs to find some things at runtime -(smbrun in particular). There are also settings for where you want -your log files etc. Make sure you get these right, and that the -directories exist. - -Then type "make". This will create the binaries. - -Once it's successfully compiled you can use "make install" to install -the binaries and manual pages. You can separately install the binaries -and/or man pages using "make installbin" and "make installman". - -Note that if you are upgrading for a previous version of Samba you -might like to know that the old versions of the binaries will be -renamed with a ".old" extension. You can go back to the previous -version with "make revert" if you find this version a disaster! - -STEP 2. The all important step - -At this stage you must fetch yourself a coffee or other drink you find -stimulating. Getting the rest of the install right can sometimes be -tricky, so you will probably need it. - -If you have installed samba before then you can skip this step. - -STEP 3. Create the smb configuration file. - -There are sample configuration files in the examples subdirectory in -the distribution. I suggest you read them carefully so you can see how -the options go together in practice. See the man page for all the -options. - -The simplest useful configuration file would be something like this: - - workgroup = MYGROUP - - [homes] - guest ok = no - read only = no - -which would allow connections by anyone with an account on the server, -using either their login name or "homes" as the service name. (Note -that I also set the workgroup that Samba is part of. See BROWSING.txt -for defails) - -Note that "make install" will not install a smb.conf file. You need to -create it yourself. You will also need to create the path you specify -in the Makefile for the logs etc, such as /usr/local/samba. - -Make sure you put the smb.conf file in the same place you specified in -the Makefile. - -STEP 4. Test your config file with testparm - -It's important that you test the validity of your smb.conf file using -the testparm program. If testparm runs OK then it will list the loaded -services. If not it will give an error message. - -Make sure it runs OK and that the services look resonable before -proceeding. - -STEP 5. Starting the smbd and nmbd. - -You must choose to start smbd and nmbd either as daemons or from -inetd. Don't try to do both! Either you can put them in inetd.conf -and have them started on demand by inetd, or you can start them as -daemons either from the command line or in /etc/rc.local. See the man -pages for details on the command line options. - -The main advantage of starting smbd and nmbd as a daemon is that they -will respond slightly more quickly to an initial connection -request. This is, however, unlilkely to be a problem. - -Step 5a. Starting from inetd.conf - -NOTE; The following will be different if you use NIS or NIS+ to -distributed services maps. - -Look at your /etc/services. What is defined at port 139/tcp. If -nothing is defined then add a line like this: - -netbios-ssn 139/tcp - -similarly for 137/udp you should have an entry like: - -netbios-ns 137/udp - -Next edit your /etc/inetd.conf and add two lines something like this: - -netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd -netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd - -The exact syntax of /etc/inetd.conf varies between unixes. Look at the -other entries in inetd.conf for a guide. - -NOTE: Some unixes already have entries like netbios_ns (note the -underscore) in /etc/services. You must either edit /etc/services or -/etc/inetd.conf to make them consistant. - -NOTE: On many systems you may need to use the "interfaces" option in -smb.conf to specify the IP address and netmask of your interfaces. Run -ifconfig as root if you don't know what the broadcast is for your -net. nmbd tries to determine it at run time, but fails on some -unixes. See the section on "testing nmbd" for a method of finding if -you need to do this. - -!!!WARNING!!! Many unixes only accept around 5 parameters on the -command line in inetd. This means you shouldn't use spaces between the -options and arguments, or you should use a script, and start the -script from inetd. - -Restart inetd, perhaps just send it a HUP. If you have installed an -earlier version of nmbd then you may need to kill nmbd as well. - -Step 5b. Alternative: starting it as a daemon - -To start the server as a daemon you should create a script something -like this one, perhaps calling it "startsmb" - -#!/bin/sh -/usr/local/samba/bin/smbd -D -/usr/local/samba/bin/nmbd -D - -then make it executable with "chmod +x startsmb" - -You can then run startsmb by hand or execute it from /etc/rc.local - -To kill it send a kill signal to the processes nmbd and smbd. - -NOTE: If you use the SVR4 style init system then you may like to look -at the examples/svr4-startup script to make Samba fit into that system. - - -STEP 6. Try listing the shares available on your server - -smbclient -L yourhostname - -Your should get back a list of shares available on your server. If you -don't then something is incorrectly setup. Note that this method can -also be used to see what shares are available on other LanManager -clients (such as WfWg). - -If you choose user level security then you may find that Samba requests -a password before it will list the shares. See the smbclient docs for -details. (you can force it to list the shares without a password by -adding the option -U% to the command line. This will not work with -non-Samba servers) - -STEP 7. try connecting with the unix client. eg: - -smbclient '\\yourhostname\aservice' - -Typically the "yourhostname" would be the name of the host where you -installed smbd. The "aservice" is any service you have defined in the -smb.conf file. Try your user name if you just have a [homes] section -in smb.conf. - -For example if your unix host is bambi and your login name is fred you -would type: - -smbclient '\\bambi\fred' - -NOTE: The number of slashes to use depends on the type of shell you -use. You may need '\\\\bambi\\fred' with some shells. - -STEP 8. Try connecting from a dos/WfWg/Win95/NT/os-2 client. Try -mounting disks. eg: - -net use d: \\servername\service - -Try printing. eg: - -net use lpt1: \\servername\spoolservice -print filename - -Celebrate, or send me a bug report! - -WHAT IF IT DOESN'T WORK? -======================== - -If nothing works and you start to think "who wrote this pile of trash" -then I suggest you do step 2 again (and again) till you calm down. - -Then you might read the file DIAGNOSIS.txt and the FAQ. If you are -still stuck then try the mailing list or newsgroup (look in the README -for details). Samba has been successfully installed at thousands of -sites worldwide, so maybe someone else has hit your problem and has -overcome it. You could also use the WWW site to scan back issues of -the samba-digest. - -When you fix the problem PLEASE send me some updates to the -documentation (or source code) so that the next person will find it -easier. - -DIAGNOSING PROBLEMS -=================== - -If you have instalation problems then go to DIAGNOSIS.txt to try to -find the problem. - -SCOPE IDs -========= - -By default Samba uses a blank scope ID. This means all your windows -boxes must also have a blank scope ID. If you really want to use a -non-blank scope ID then you will need to use the -i <scope> option to -nmbd, smbd, and smbclient. All your PCs will need to have the same -setting for this to work. I do not recommend scope IDs. - - -CHOOSING THE PROTOCOL LEVEL -=========================== - -The SMB protocol has many dialects. Currently Samba supports 5, called -CORE, COREPLUS, LANMAN1, LANMAN2 and NT1. - -You can choose what maximum protocol to support in the smb.conf -file. The default is NT1 and that is the best for the vast majority of -sites. - -In older versions of Samba you may have found it necessary to use -COREPLUS. The limitations that led to this have mostly been fixed. It -is now less likely that you will want to use less than LANMAN1. The -only remaining advantage of COREPLUS is that for some obscure reason -WfWg preserves the case of passwords in this protocol, whereas under -LANMAN1, LANMAN2 or NT1 it uppercases all passwords before sending them, -forcing you to use the "password level=" option in some cases. - -The main advantage of LANMAN2 and NT1 is support for long filenames with some -clients (eg: smbclient, Windows NT or Win95). - -See the smb.conf manual page for more details. - -Note: To support print queue reporting you may find that you have to -use TCP/IP as the default protocol under WfWg. For some reason if you -leave Netbeui as the default it may break the print queue reporting on -some systems. It is presumably a WfWg bug. - - -PRINTING FROM UNIX TO A CLIENT PC -================================= - -To use a printer that is available via a smb-based server from a unix -host you will need to compile the smbclient program. You then need to -install the script "smbprint". Read the instruction in smbprint for -more details. - -There is also a SYSV style script that does much the same thing called -smbprint.sysv. It contains instructions. - - -LOCKING -======= - -One area which sometimes causes trouble is locking. - -There are two types of locking which need to be performed by a SMB -server. The first is "record locking" which allows a client to lock a -range of bytes in a open file. The second is the "deny modes" that are -specified when a file is open. - -Samba supports "record locking" using the fcntl() unix system -call. This is often implemented using rpc calls to a rpc.lockd process -running on the system that owns the filesystem. Unfortunately many -rpc.lockd implementations are very buggy, particularly when made to -talk to versions from other vendors. It is not uncommon for the -rpc.lockd to crash. - -There is also a problem translating the 32 bit lock requests generated -by PC clients to 31 bit requests supported by most -unixes. Unfortunately many PC applications (typically OLE2 -applications) use byte ranges with the top bit set as semaphore -sets. Samba attempts translation to support these types of -applications, and the translation has proved to be quite successful. - -Strictly a SMB server should check for locks before every read and -write call on a file. Unfortunately with the way fcntl() works this -can be slow and may overstress the rpc.lockd. It is also almost always -unnecessary as clients are supposed to independently make locking -calls before reads and writes anyway if locking is important to -them. By default Samba only makes locking calls when explicitly asked -to by a client, but if you set "strict locking = yes" then it will -make lock checking calls on every read and write. - -You can also disable by range locking completely using "locking = -no". This is useful for those shares that don't support locking or -don't need it (such as cdroms). In this case Samba fakes the return -codes of locking calls to tell clients that everything is OK. - -The second class of locking is the "deny modes". These are set by an -application when it opens a file to determine what types of access -should be allowed simultaneously with its open. A client may ask for -DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special -compatability modes called DENY_FCB and DENY_DOS. - -You can disable share modes using "share modes = no". This may be -useful on a heavily loaded server as the share modes code is very -slow. See also the FAST_SHARE_MODES option in the Makefile for a way -to do full share modes very fast using shared memory (if your OS -supports it). - - -MAPPING USERNAMES -================= - -If you have different usernames on the PCs and the unix server then -take a look at the "username map" option. See the smb.conf man page -for details. - - -OTHER CHARACTER SETS -==================== - -If you have problems using filenames with accented characters in them -(like the German, French or Scandinavian character sets) then I -recommmend you look at the "valid chars" option in smb.conf and also -take a look at the validchars package in the examples directory. diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt deleted file mode 100644 index 109466b7d64..00000000000 --- a/docs/textdocs/Win95.txt +++ /dev/null @@ -1,77 +0,0 @@ -!== -!== Win95.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Copyright (C) 1997 - Samba-Team -Contributed Date: August 20, 1997 -Last Update: August 20, 1997 - -Subject: Windows 95 and Samba Interoperability -=============================================================================== - -Password Handling: ------------------- -Microsoft periodically release updates to all their operating systems. Some of -these are welcomed while others cause us to change the way we do things. Few -people like change, particularly if the change is unexpected. The best advice -always is to read the documentation provided BEFORE applying an update. - -One of the recent Win95 updates (VRDRUPD.EXE) disables plain text (also called -clear text) password authentication. The effects of this updates are desirable -where MS Windows NT is providing the password authentication service. This -update is most undesirable where Samba must provide the authentication service -unless Samba has been specifically configured to use encrypted passwords _AND_ -has been linked with the libdes library. - -If the above conditions have not been complied with, and you are using Samba, -then Windows 95 clients will NOT be able to authenticate to a Samba server. - -To re-enable plain text password capabilities AFTER applying this update -you must create a new value in the Windows 95 registry. - -Either foillow the following procedure or just double click on the -file Win95_PlainPassword.reg for an easier way to do this. - -Procedure: -1) Launch the Registry Editor as follows: - Click on: /Start/Run - Type "regedit" and press enter. - -2) Double click on: HKEY_LOCAL_MACHINE - -3) Locate the following Key: - /HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP - -4) From the menu bar select Edit/New/DWORD Value - -5) Rename the entry from "New Value #1" to: - EnablePlainTextPassword - -6) Press Enter, then double click on the new entry. - A dialog box will pop up and enable you to set a value. - You must set this value to 1. - -------------------------------------------------------------------------------- - -Windows 95 Updates: -------------------- -When using Windows 95 OEM SR2 the following updates are recommended where Samba -is being used. Please NOTE that the above change will affect you once these -updates have been installed. - -There are more updates than the ones mentioned here. You are referred to the -Microsoft Web site for all currently available updates to your specific version -of Windows 95. - -Kernel Update: KRNLUPD.EXE -Ping Fix: PINGUPD.EXE -RPC Update: RPCRTUPD.EXE -TCP/IP Update: VIPUPD.EXE -Redirector Update: VRDRUPD.EXE - -Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This -fix may stop your machine from hanging for an extended period when exiting -OutLook and you may also notice a significant speedup when accessing network -neighborhood services. - -------------------------------------------------------------------------------- -The above password information was provided by: Jochen Huppertz <jhu@nrh.de> diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt deleted file mode 100644 index f2e6214fe78..00000000000 --- a/docs/textdocs/WinNT.txt +++ /dev/null @@ -1,107 +0,0 @@ -!== -!== WinNT.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributors: Various - Password Section - Copyright (C) 1997 - John H Terpstra - Printing Section - Copyright (C) 1997 - Matthew Harrell - Priting Info - Copyright (C) 1997 - Frank Varnavas -Updated: October 16, 1997 -Status: Current - -Subject: Samba and Windows NT Password Handling -============================================================================= - -There are some particular issues with Samba and Windows NT. - -Passwords: -========== -One of the most annoying problems with WinNT is that NT refuses to -connect to a server that is in user level security mode and that -doesn't support password encryption unless it first prompts the user -for a password. - -This means even if you have the same password on the NT box and the -Samba server you will get prompted for a password. Entering the -correct password will get you connected only if Windows NT can -communicate with Samba using a compatible mode of password security. - -All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate -plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed -this default behaviour so it now will only handle encrypted passwords. -The following registry entry change will re-enable clear text password -handling: - -Run regedt32.exe and locate the hive key entry: -HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\ - -Add the following value: - EnablePlainTextPassword:REG_DWORD=1 - -Alternatively, use the NT4_PlainPassword.reg file in this directory (either -by double clicking on it, or run regedit.exe and select "Import Registry -File" from the "Registry" Menu). - -The other major ramification of this feature of NT is that it can't -browse a user level non-encrypted server unless it already has a -connection open. This is because there is no spot for a password -prompt in the browser window. It works fine if you already have a -drive mounted (for example, one auto mounted on startup). -===================================================================== - -Printing: -========= -When you mount a printer using the print manager in NT you may find -the following info from Matthew Harrell <harrell@leech.nrl.navy.mil> -useful: - ------------- - I noticed in your change-log you noted that some people were -still unable to use print manager under NT. If this is the same problem -that I encountered, it's caused by the length of time it takes NT to -determine if the printer is ready. - -The problem occurs when you double-click on a printer to connect it to -the NT machine. Because it's unable to determine if the printer is ready -in the short span of time it has, it assumes it isn't and gives some -strange error about not having enough resources (I forget what the error -is). A solution to this that seems to work fine for us is to click -once on the printer, look at the bottom of the window and wait until -it says it's ready, then clilck on "OK". - -By the way, this problem probably occurs in our group because the -Samba server doesn't actually have the printers - it queues them to -remote printers either on other machines or using their own network -cards. Because of this "middle layer", it takes an extra amount of -time for the NT machine to get verification that the printer queue -actually exists. - -I hope this helped in some way... - -===================================================================== -Printing Info: --------------- - -From: Frank Varnavas <varnavas@ny.ubs.com> -Subject: RE: Samba as a print server - -When an NT client attempts to connect to a printer on a non-NT print -server the attempt is failed with an error, something like: - - "You have insufficient access to your computer to perform the - operation because a driver needs to be installed" - -This is because domain users must have 'Power User' status on the -desktop to connect to printers on a non-NT print server. - -This error occurs regardless of whether the driver in question is -already installed or not. What it really means is that the server is -a non-NT server and the client does not have permission to create -printers locally. Apparently when a connection to a non-NT print -server is made the printer is defined locally. Such an action can be -performed by either a local administrator or a Power User. -Unfortunately there is no way to limit the powers of a Power User, nor -is there any way to grant the Printer Creation right to another group. - -This permission policy is documented in PSS database WINNT, ID Q101874 - -Frank Varnavas (varnavas@ny.ubs.com) diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt deleted file mode 100644 index ad90485c97f..00000000000 --- a/docs/textdocs/cifsntdomain.txt +++ /dev/null @@ -1,1501 +0,0 @@ -!== -!== cifsntdomain.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -NT Domain Authentication ------------------------- - -Authors: - Luke Kenneth Casson Leighton (lkcl@switchboard.net) --------- - Paul Ashton (paul@argo.demon.co.uk) - - Duncan Stansfield (duncans@sco.com) - - Copyright (C) 1997 Luke Kenneth Casson Leighton - Copyright (C) 1997 Paul Ashton - Copyright (C) 1997 Duncan Stansfield - -Version: 0.024 (01Nov97) --------- - -Distribution: Unlimited and encouraged, for the purposes of implementation -------------- and comments. Feedback welcomed by the authors. - -Liability: Absolutely none accepted implicitly or explicitly, direct ----------- or consequentially, for use, abuse, misuse, lack of use, - misunderstandings, mistakes, omissions, mis-information for - anything in or not in, related to or not related to, or - pertaining to this document, or anything else that a lawyer - can think of or not think of. - -Warning: Please bear in mind that an incorrect implementation of this --------- protocol can cause NT workstation to fail irrevocably, for - which the authors accept no liability (see above). Please - contact your vendor if you have any problems. - -Sources: - Packet Traces from Netmonitor (Service Pack 1 and above) --------- - Paul Ashton and Luke Leighton's other "NT Domain" doc. - - CIFS documentation - cifs6.txt - - CIFS documentation - cifsrap2.txt - -Original: http://mailhost.cb1.com/~lkcl/cifsntdomain.txt. ---------- (Controlled copy maintained by lkcl@switchboard.net) - -Credits: - Paul Ashton: loads of work with Net Monitor; --------- understanding the NT authentication system; - reference implementation of the NT domain support on which - this document is originally based. - - Duncan Stansfield: low-level analysis of MSRPC Pipes. - - Linus Nordberg: producing c-code from Paul's crypto spec. - - Windows Sourcer development team - - -Contents: ---------- - - 1) Introduction - - 2) Structures and notes - - 2.1) Notes - 2.3) Enumerations - 2.3) Structures - - 3) Transact Named Pipe Header/Tail - - 3.1) MSRPC Pipes - 3.2) Header - 3.3) Tail - - 4) NTLSA Transact Named Pipe - - 4.1) LSA Open Policy - 4.2) LSA Query Info Policy - 4.3) LSA Enumerate Trusted Domains - 4.4) LSA Open Secret - 4.5) LSA Close - 4.6) LSA Lookup SIDS - 4.7) LSA Lookup Names - - 5) NETLOGON rpc Transact Named Pipe - - 5.1) LSA Request Challenge - 5.2) LSA Authenticate 2 - 5.3) LSA Server Password Set - 5.4) LSA SAM Logon - 5.5) LSA SAM Logoff - - 6) \\MAILSLOT\NET\NTLOGON - - 6.1) Query for PDC - 6.2) SAM Logon - - 7) SRVSVC Transact Named Pipe - - 7.1) Net Share Enum - 7.2) Net Server Get Info - - -Appendix: ---------- - - A1) Cryptographic side of NT Domain Authentication - - A1.1) Definitions - A1.2) Protocol - A1.3) Comments - - A2) SIDs and RIDs - - A2.1) Well-known SIDs - - A2.1.1) Universal well-known SIDs - A2.1.2) NT well-known SIDs - - A2.2) Well-known RIDS - - A2.2.1) Well-known RID users - A2.2.2) Well-known RID groups - A2.2.3) Well-known RID aliases - - - -1) Introduction ---------------- - - -This document contains information to provide an NT workstation with login -services, without the need for an NT server. - -It should be possible to select a domain instead of a workgroup (in the NT -workstation's TCP/IP settings) and after the obligatory reboot, type in a -username, password, select a domain and successfully log in. I would -appreciate any feedback on your experiences with this process, and any -comments, corrections and additions to this document. - - -The packets described here can be easily derived from (and are probably -better understood using) Netmon.exe. You will need to use the version -of Netmon that matches your system, in order to correctly decode the -NETLOGON, lsarpc and srvsvc Transact pipes. This document is derived from -NT Service Pack 1 and its corresponding version of Netmon. It is intended -that an annotated packet trace be produced, which will likely be more -instructive than this document. - -Also needed, to fully implement NT Domain Login Services, is the -document describing the cryptographic part of the NT authentication. -This document is available from comp.protocols.smb; from the ntsecurity.net -digest and from the samba digest, amongst other sources. - -A copy is available from: - -http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708&L=ntbugtraq&O=A&P=2935 -http://mailhost.cb1.com/~lkcl/crypt.html - - -A c-code implementation, provided by Linus Nordberg <linus@incolumitas.se> -of this protocol is available from: - -http://samba.anu.edu.au/cgi-bin/mfs/01/digest/1997/97aug/0391.html -http://mailhost.cb1.com/~lkcl/crypt.txt - - -Also used to provide debugging information is the Check Build version of -NT workstation, and enabling full debugging in NETLOGON. This is -achieved by setting the following REG_SZ registry key to 0x1ffffff: - -HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters - -- Incorrect direct editing of the registry can cause your machine to fail. - Then again, so can incorrect implementation of this protocol. - See "Liability:" above. - - -Bear in mind that each packet over-the-wire will have its origin in an -API call. Therefore, there are likely to be structures, enumerations -and defines that are usefully documented elsewhere. - - -This document is by no means complete or authoritative. Missing sections -include, but are not limited to: - -- the meaning (and use by NT) of SIDs and RIDs. - -- mappings of RIDs to usernames (and vice-versa). - -- what a User ID is and what a Group ID is. - -- the exact meaning/definition of various magic constants or enumerations. - -- the reply error code and use of that error code when a workstation - becomes a member of a domain (to be described later). Failure to - return this error code will make the workstation report that it is - already a member of the domain. - -- the cryptographic side of the NetrServerPasswordSet command, which would - allow the workstation to change its password. This password is used to - generate the long-term session key. [It is possible to reject this - command, and keep the default workstation password]. - - -2) Notes and Structures ------------------------ - - -2.1) Notes ----------- - -- In the SMB Transact pipes, some "Structures", described here, appear to be - 4-byte aligned with the SMB header, at their start. Exactly which - "Structures" need aligning is not precisely known or documented. - -- In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be - 2-byte aligned with the start of the mailslot, at their start. - -- Domain SID is of the format S-revision-version-auth1-auth2...authN. - e.g S-1-5-123-456-789-123-456. the 5 could be a sub-revision. - -- any undocumented buffer pointers must be non-zero if the string buffer it - refers to contains characters. exactly what value they should be is unknown. - 0x0000 0002 seems to do the trick to indicate that the buffer exists. a - NULL buffer pointer indicates that the string buffer is of zero length. - If the buffer pointer is NULL, then it is suspected that the structure it - refers to is NOT put into (or taken out of) the SMB data stream. This is - empirically derived from, for example, the LSA SAM Logon response packet, - where if the buffer pointer is NULL, the user information is not inserted - into the data stream. Exactly what happens with an array of buffer pointers - is not known, although an educated guess can be made. - -- an array of structures (a container) appears to have a count and a pointer. - if the count is zero, the pointer is also zero. no further data is put - into or taken out of the SMB data stream. if the count is non-zero, then - the pointer is also non-zero. immediately following the pointer is the - count again, followed by an array of container sub-structures. the count - appears a third time after the last sub-structure. - - -2.2) Enumerations ------------------ - -- MSRPC Header type. command number in the msrpc packet header - - MSRPC_Request: 0x00 - MSRPC_Response: 0x02 - MSRPC_Bind: 0x0B - MSRPC_BindAck: 0x0C - -- MSRPC Packet info. the meaning of these flags is undocumented - - FirstFrag: 0x01 - LastFrag: 0x02 - NotaFrag: 0x04 - RecRespond: 0x08 - NoMultiplex: 0x10 - NotForIdemp: 0x20 - NotforBcast: 0x40 - NoUuid: 0x80 - - -2.3) Structures ---------------- - -- sizeof VOID* is 32 bits. - -- sizeof char is 8 bits. - -- UTIME is 32 bits, indicating time in seconds since 01jan1970. documented - in cifs6.txt (section 3.5 page, page 30). - -- NTTIME is 64 bits. documented in cifs6.txt (section 3.5 page, page 30). - -- DOM_SID (domain SID structure) : - - UINT32 num of sub-authorities in domain SID - UINT8 SID revision number - UINT8 num of sub-authorities in domain SID - UINT8[6] 6 bytes for domain SID - Identifier Authority. - UINT16[n_subauths] domain SID sub-authorities - - Note: the domain SID is documented elsewhere. - -- STR (string) : - - char[] null-terminated string of ascii characters. - -- UNIHDR (unicode string header) : - - UINT16 length of unicode string - UINT16 max length of unicode string - UINT32 4 - undocumented. - -- UNIHDR2 (unicode string header plus buffer pointer) : - - UNIHDR unicode string header - VOID* undocumented buffer pointer - -- UNISTR (unicode string) : - - UINT16[] null-terminated string of unicode characters. - -- NAME (length-indicated unicode string) : - - UINT32 length of unicode string - UINT16[] null-terminated string of unicode characters. - -- UNISTR2 (aligned unicode string) : - - UINT8[] padding to get unicode string 4-byte aligned - with the start of the SMB header. - UINT32 max length of unicode string - UINT32 0 - undocumented - UINT32 length of unicode string - UINT16[] string of uncode characters. - -- OBJ_ATTR (object attributes) : - - UINT32 0x18 - length (in bytes) including the length field. - VOID* 0 - root directory (pointer) - VOID* 0 - object name (pointer) - UINT32 0 - attributes (undocumented) - VOID* 0 - security descriptior (pointer) - UINT32 0 - security quality of service - -- POL_HND (LSA policy handle) : - - char[20] policy handle - -- DOM_SID2 (domain SID structure, SIDS stored in unicode) : - - UINT32 5 - SID type - UINT32 0 - undocumented - UNIHDR2 domain SID unicode string header - UNISTR domain SID unicode string - - Note: there is a conflict between the unicode string header and the - unicode string itself as to which to use to indicate string - length. this will need to be resolved. - - Note: the SID type indicates, for example, an alias; a well-known group etc. - this is documented somewhere. - -- DOM_RID (domain RID structure) : - - UINT32 5 - well-known SID. 1 - user SID (see ShowACLs) - UINT32 5 - undocumented - UINT32 domain RID - UINT32 0 - domain index out of above reference domains - - -- LOG_INFO (server, account, client structure) : - - Note: logon server name starts with two '\' characters and is upper case. - - Note: account name is the logon client name from the LSA Request Challenge, - with a $ on the end of it, in upper case. - - VOID* undocumented buffer pointer - UNISTR2 logon server unicode string - UNISTR2 account name unicode string - UINT16 sec_chan - security channel type - UNISTR2 logon client machine unicode string - -- CLNT_SRV (server, client names structure) : - - Note: logon server name starts with two '\' characters and is upper case. - - VOID* undocumented buffer pointer - UNISTR2 logon server unicode string - VOID* undocumented buffer pointer - UNISTR2 logon client machine unicode string - -- CREDS (credentials + time stamp) - - char[8] credentials - UTIME time stamp - -- CLNT_INFO2 (server, client structure, client credentials) : - - Note: whenever this structure appears in a request, you must take a copy - of the client-calculated credentials received, because they will be - used in subsequent credential checks. the presumed intention is to - maintain an authenticated request/response trail. - - CLNT_SRV client and server names - UINT8[] ???? padding, for 4-byte alignment with SMB header. - VOID* pointer to client credentials. - CREDS client-calculated credentials + client time - -- CLNT_INFO (server, account, client structure, client credentials) : - - Note: whenever this structure appears in a request, you must take a copy - of the client-calculated credentials received, because they will be - used in subsequent credential checks. the presumed intention is to - maintain an authenticated request/response trail. - - LOG_INFO logon account info - CREDS client-calculated credentials + client time - -- ID_INFO_1 (id info structure, auth level 1) : - - VOID* ptr_id_info_1 - UNIHDR domain name unicode header - UINT32 param control - UINT64 logon ID - UNIHDR user name unicode header - UNIHDR workgroup name unicode header - char[16] rc4 LM OWF Password - char[16] rc4 NT OWF Password - UNISTR2 domain name unicode string - UNISTR2 user name unicode string - UNISTR2 workstation name unicode string - -- SAM_INFO (sam logon/logoff id info structure) : - - Note: presumably, the return credentials is supposedly for the server to - verify that the credential chain hasn't been compromised. - - CLNT_INFO2 client identification/authentication info - VOID* pointer to return credentials. - CRED return credentials - ignored. - UINT16 logon level - UINT16 switch value - - switch (switch_value) - case 1: - { - ID_INFO_1 id_info_1; - } - -- GID (group id info) : - - UINT32 group id - UINT32 user attributes (only used by NT 3.1 and 3.51) - -- DOM_REF (domain reference info) : - - VOID* undocumented buffer pointer. - UINT32 num referenced domains? - VOID* undocumented domain name buffer pointer. - UINT32 32 - max number of entries - UINT32 4 - num referenced domains? - - UNIHDR2 domain name unicode string header - UNIHDR2[num_ref_doms-1] referenced domain unicode string headers - - UNISTR domain name unicode string - DOM_SID[num_ref_doms] referenced domain SIDs - -- DOM_INFO (domain info, levels 3 and 5 are the same)) : - - UINT8[] ??? padding to get 4-byte alignment with start of SMB header - UINT16 domain name string length * 2 - UINT16 domain name string length * 2 - VOID* undocumented domain name string buffer pointer - VOID* undocumented domain SID string buffer pointer - UNISTR2 domain name (unicode string) - DOM_SID domain SID - -- USER_INFO (user logon info) : - - Note: it would be nice to know what the 16 byte user session key is for. - - NTTIME logon time - NTTIME logoff time - NTTIME kickoff time - NTTIME password last set time - NTTIME password can change time - NTTIME password must change time - - UNIHDR username unicode string header - UNIHDR user's full name unicode string header - UNIHDR logon script unicode string header - UNIHDR profile path unicode string header - UNIHDR home directory unicode string header - UNIHDR home directory drive unicode string header - - UINT16 logon count - UINT16 bad password count - - UINT32 User ID - UINT32 Group ID - UINT32 num groups - VOID* undocumented buffer pointer to groups. - - UINT32 user flags - char[16] user session key - - UNIHDR logon server unicode string header - UNIHDR logon domain unicode string header - VOID* undocumented logon domain id pointer - char[40] 40 undocumented padding bytes. future expansion? - - UINT32 0 - num_other_sids? - VOID* NULL - undocumented pointer to other domain SIDs. - - UNISTR2 username unicode string - UNISTR2 user's full name unicode string - UNISTR2 logon script unicode string - UNISTR2 profile path unicode string - UNISTR2 home directory unicode string - UNISTR2 home directory drive unicode string - - UINT32 num groups - GID[num_groups] group info - - UNISTR2 logon server unicode string - UNISTR2 logon domain unicode string - - DOM_SID domain SID - DOM_SID[num_sids] other domain SIDs? - -- SH_INFO_1_PTR (pointers to level 1 share info strings): - -Note: see cifsrap2.txt section5, page 10. - - 0 for shi1_type indicates a Disk. - 1 for shi1_type indicates a Print Queue. - 2 for shi1_type indicates a Device. - 3 for shi1_type indicates an IPC pipe. - 0x8000 0000 (top bit set in shi1_type) indicates a hidden share. - - VOID* shi1_netname - pointer to net name - UINT32 shi1_type - type of share. 0 - undocumented. - VOID* shi1_remark - pointer to comment. - -- SH_INFO_1_STR (level 1 share info strings) : - - UNISTR2 shi1_netname - unicode string of net name - UNISTR2 shi1_remark - unicode string of comment. - -- SHARE_INFO_1_CTR : - - share container with 0 entries: - - UINT32 0 - EntriesRead - UINT32 0 - Buffer - - share container with > 0 entries: - - UINT32 EntriesRead - UINT32 non-zero - Buffer - UINT32 EntriesRead - - SH_INFO_1_PTR[EntriesRead] share entry pointers - SH_INFO_1_STR[EntriesRead] share entry strings - - UINT8[] padding to get unicode string 4-byte - aligned with start of the SMB header. - UINT32 EntriesRead - UINT32 0 - padding - -- SERVER_INFO_101 : - -Note: see cifs6.txt section 6.4 - the fields described therein will be - of assistance here. for example, the type listed below is the - same as fServerType, which is described in 6.4.1. - - SV_TYPE_WORKSTATION 0x00000001 All workstations - SV_TYPE_SERVER 0x00000002 All servers - SV_TYPE_SQLSERVER 0x00000004 Any server running with SQL - server - SV_TYPE_DOMAIN_CTRL 0x00000008 Primary domain controller - SV_TYPE_DOMAIN_BAKCTRL 0x00000010 Backup domain controller - SV_TYPE_TIME_SOURCE 0x00000020 Server running the timesource - service - SV_TYPE_AFP 0x00000040 Apple File Protocol servers - SV_TYPE_NOVELL 0x00000080 Novell servers - SV_TYPE_DOMAIN_MEMBER 0x00000100 Domain Member - SV_TYPE_PRINTQ_SERVER 0x00000200 Server sharing print queue - SV_TYPE_DIALIN_SERVER 0x00000400 Server running dialin service. - SV_TYPE_XENIX_SERVER 0x00000800 Xenix server - SV_TYPE_NT 0x00001000 NT server - SV_TYPE_WFW 0x00002000 Server running Windows for - - SV_TYPE_SERVER_NT 0x00008000 Windows NT non DC server - SV_TYPE_POTENTIAL_BROWSER 0x00010000 Server that can run the browser - service - SV_TYPE_BACKUP_BROWSER 0x00020000 Backup browser server - SV_TYPE_MASTER_BROWSER 0x00040000 Master browser server - SV_TYPE_DOMAIN_MASTER 0x00080000 Domain Master Browser server - SV_TYPE_LOCAL_LIST_ONLY 0x40000000 Enumerate only entries marked - "local" - SV_TYPE_DOMAIN_ENUM 0x80000000 Enumerate Domains. The pszServer - and pszDomain parameters must be - NULL. - - UINT32 500 - platform_id - VOID* pointer to name - UINT32 5 - major version - UINT32 4 - minor version - UINT32 type (SV_TYPE_... bit field) - VOID* pointer to comment - - UNISTR2 sv101_name - unicode string of server name - UNISTR2 sv_101_comment - unicode string of server comment. - - UINT8[] padding to get unicode string 4-byte - aligned with start of the SMB header. - - - -3) MSRPC over Transact Named Pipe ---------------------------------- - -For details on the SMB Transact Named Pipe, see cifs6.txt - - -3.1) MSRPC Pipes ----------------- - -The MSRPC is conducted over an SMB Transact Pipe with a name of "\PIPE\". -You must first obtain a 16 bit file handle, by sending a SMBopenX with the -pipe name "\PIPE\srvsvc" for example. You can then perform an SMB Trans, -and must carry out an SMBclose on the file handle once you are finished. - -Trans Requests must be sent with two setup UINT16s, no UINT16 params (none -known about), and UINT8 data parameters sufficient to contain the MSRPC -header, and MSRPC data. The first UINT16 setup parameter must be either -0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle -state. The second UINT16 parameter must be the file handle for the pipe, -obtained above. - -The Data section for an API Command of 0x0026 (RPC pipe) in the Trans -Request is the RPC Header, followed by the RPC Data. The Data section for -an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes. The -only value seen for these two bytes is 0x00 0x43. - - -MSRPC Responses are sent as response data inside standard SMB Trans -responses, with the MSRPC Header, MSRPC Data and MSRPC tail. - - -It is suspected that the Trans Requests will need to be at least 2-byte -aligned (probably 4-byte). This is standard practice for SMBs. It is also -independent of the observed 4-byte alignments with the start of the MSRPC -header, including the 4-byte alignment between the MSRPC header and the -MSRPC data. - - -First, an SMBtconX connection is made to the IPC$ share. The connection -must be made using encrypted passwords, not clear-text. Then, an SMBopenX -is made on the pipe. Then, a Set Named Pipe Handle State must be sent, -after which the pipe is ready to accept API commands. Lastly, and SMBclose -is sent. - - -To be resolved: - - lkcl/01nov97 there appear to be two additional bytes after the null- - terminated \PIPE\ name for the RPC pipe. Values seen so far are - listed below: - - initial SMBopenX request: RPC API command 0x26 params: - - "\\PIPE\\lsarpc" 0x65 0x63; 0x72 0x70; 0x44 0x65; - "\\PIPE\\srvsvc" 0x73 0x76; 0x4E 0x00; 0x5C 0x43; - - -3.2) Header ------------ - -[section to be rewritten, following receipt of work by Duncan Stansfield] - - -Interesting note: if you set packed data representation to 0x0100 0000 -then all 4-byte and 2-byte word ordering is turned around! - -The start of each of the NTLSA and NETLOGON named pipes begins with: - -00 UINT8 5 - RPC major version -01 UINT8 0 - RPC minor version -02 UINT8 2 - RPC response packet -03 UINT8 3 - (FirstFrag bit-wise or with LastFrag) -04 UINT32 0x1000 0000 - packed data representation -08 UINT16 fragment length - data size (bytes) inc header and tail. -0A UINT16 0 - authentication length -0C UINT32 call identifier. matches 12th UINT32 of incoming RPC data. -10 UINT32 allocation hint - data size (bytes) minus header and tail. -14 UINT16 0 - presentation context identifier -16 UINT8 0 - cancel count -17 UINT8 in replies: 0 - reserved; in requests: opnum - see #defines. -18 ...... start of data (goes on for allocation_hint bytes) - - -RPC_Packet for request, response, bind and bind acknowledgement. -{ - - UINT8 versionmaj # reply same as request (0x05) - UINT8 versionmin # reply same as request (0x00) - UINT8 type # one of the MSRPC_Type enums - UINT8 flags # reply same as request (0x00 for Bind, 0x03 for Request) - UINT32 representation # reply same as request (0x00000010) - UINT16 fraglength # the length of the data section of the SMB trans packet - UINT16 authlength - UINT32 callid # call identifier. (e.g. 0x00149594) - - * stub USE TvPacket # the remainder of the packet depending on the "type" -} - - -# the interfaces are numbered. as yet I haven't seen more than one interface -# used on the same pipe name -# srvsvc -# abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003) -# transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002) -RPC_Iface RW -{ - UINT8 byte[16] # 16 bytes of number - UINT32 version # the interface number -} - - -# the remainder of the packet after the header if "type" was Bind -# in the response header, "type" should be BindAck -RPC_ReqBind RW -{ - UINT16 maxtsize # maximum transmission fragment size (0x1630) - UINT16 maxrsize # max receive fragment size (0x1630) - UINT32 assocgid # associated group id (0x0) - UINT32 numelements # the number of elements (0x1) - UINT16 contextid # presentation context identifier (0x0) - UINT8 numsyntaxes # the number of syntaxes (has always been 1?)(0x1) - UINT8[] # 4-byte alignment padding, against SMB header - - * abstractint USE RPC_Iface # num and vers. of interface client is using - * transferint USE RPC_Iface # num and vers. of interface to use for replies -} - - -RPC_Address RW -{ - UINT16 length # length of the string including null terminator - * port USE string # the string above in single byte, null terminated form -} - - -# the response to place after the header in the reply packet -RPC_ResBind RW -{ - UINT16 maxtsize # same as request - UINT16 maxrsize # same as request - UINT32 assocgid # zero - - * secondaddr USE RPC_Address # the address string, as described earlier - - UINT8[] # 4-byte alignment padding, against SMB header - - UINT8 numresults # the number of results (0x01) - - UINT8[] # 4-byte alignment padding, against SMB header - UINT16 result # result (0x00 = accept) - UINT16 reason # reason (0x00 = no reason specified) - - * transfersyntax USE RPC_Iface # the transfer syntax from the request -} - - -# the remainder of the packet after the header for every other other -# request -RPC_ReqNorm RW -{ - UINT32 allochint # the size of the stub data in bytes - UINT16 prescontext # presentation context identifier (0x0) - UINT16 opnum # operation number (0x15) - - * stub USE TvPacket # a packet dependent on the pipe name - # (probably the interface) and the op number) -} - - -# response to a request -RPC_ResNorm RW -{ - UINT32 allochint # size of the stub data in bytes - UINT16 prescontext # presentation context identifier (same as request) - UINT8 cancelcount # cancel count? (0x0) - UINT8 reserved # 0 - one byte padding - - * stub USE TvPacket # the remainder of the reply -} - - -3.3) Tail ---------- - -The end of each of the NTLSA and NETLOGON named pipes ends with: - - ...... end of data - UINT32 return code - - - -3.4 RPC Bind / Bind Ack ------------------------ - -RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc) -with a "transfer syntax" (see RPC_Iface structure). The purpose for doing -this is unknown. - -Note: The RPC_ResBind SMB Transact request is sent with two uint16 setup - parameters. The first is 0x0026; the second is the file handle - returned by the SMBopenX Transact response. - -Note: The RPC_ResBind members maxtsize, maxrsize and assocgid are the - same in the response as the same members in the RPC_ReqBind. The - RPC_ResBind member transfersyntax is the same in the response as - the - -Note: The RPC_ResBind response member secondaddr contains the name - of what is presumed to be the service behind the RPC pipe. The - mapping identified so far is: - - initial SMBopenX request: RPC_ResBind response: - - "\\PIPE\\srvsvc" "\\PIPE\\ntsvcs" - "\\PIPE\\samr" "\\PIPE\\lsass" - "\\PIPE\\lsarpc" "\\PIPE\\lsass" - "\\PIPE\\wkssvc" "\\PIPE\\wksvcs" - "\\PIPE\\NETLOGON" "\\PIPE\\NETLOGON" - -Note: The RPC_Packet fraglength member in both the Bind Request and Bind - Acknowledgment must contain the length of the entire RPC data, - including the RPC_Packet header. - -Request: - - RPC_Packet - RPC_ReqBind - -Response: - - RPC_Packet - RPC_ResBind - - - -4) NTLSA Transact Named Pipe ----------------------------- - -The sequence of actions taken on this pipe are: - -- Establish a connection to the IPC$ share (SMBtconX). use encrypted passwords. -- Open an RPC Pipe with the name "\\PIPE\\lsarpc". Store the file handle. -- Using the file handle, send a Set Named Pipe Handle state to 0x4300. -- Send an LSA Open Policy request. Store the Policy Handle. -- Using the Policy Handle, send LSA Query Info Policy requests, etc. -- Using the Policy Handle, send an LSA Close. -- Close the IPC$ share. - - -Defines for this pipe, identifying the query are: - -- LSA Open Policy: 0x2c -- LSA Query Info Policy: 0x07 -- LSA Enumerate Trusted Domains: 0x0d -- LSA Open Secret: 0xff -- LSA Lookup SIDs: 0xfe -- LSA Lookup Names: 0xfd -- LSA Close: 0x00 - - -4.1) LSA Open Policy --------------------- - -Note: The policy handle can be anything you like. - -Request: - - VOID* buffer pointer - UNISTR2 server name - unicode string starting with two '\'s - OBJ_ATTR object attributes - UINT32 1 - desired access - -Response: - - POL_HND LSA policy handle - - return 0 - indicates success - - -4.2) LSA Query Info Policy --------------------------- - -Note: The info class in response must be the same as that in the request. - -Request: - - POL_HND LSA policy handle - UINT16 info class (also a policy handle?) - -Response: - - VOID* undocumented buffer pointer - UINT16 info class (same as info class in request). - - switch (info class) - case 3: - case 5: - { - DOM_INFO domain info, levels 3 and 5 (are the same). - } - - return 0 - indicates success - - -4.3) LSA Enumerate Trusted Domains ----------------------------------- - -Request: - - no extra data - -Response: - - UINT32 0 - enumeration context - UINT32 0 - entries read - UINT32 0 - trust information - - return 0x8000 001a - "no trusted domains" success code - - -4.4) LSA Open Secret --------------------- - -Request: - - no extra data - -Response: - - UINT32 0 - undocumented - UINT32 0 - undocumented - UINT32 0 - undocumented - UINT32 0 - undocumented - UINT32 0 - undocumented - - return 0x0C00 0034 - "no such secret" success code - - -4.5) LSA Close --------------- - -Request: - - POL_HND policy handle to be closed - -Response: - - POL_HND 0s - closed policy handle (all zeros) - - return 0 - indicates success - - -4.6) LSA Lookup SIDS --------------------- - -Note: num_entries in response must be same as num_entries in request. - -Request: - - POL_HND LSA policy handle - UINT32 num_entries - VOID* undocumented domain SID buffer pointer - VOID* undocumented domain name buffer pointer - VOID*[num_entries] undocumented domain SID pointers to be looked up. - DOM_SID[num_entries] domain SIDs to be looked up. - char[16] completely undocumented 16 bytes. - -Response: - - DOM_REF domain reference response - - UINT32 num_entries (listed above) - VOID* undocumented buffer pointer - - UINT32 num_entries (listed above) - DOM_SID2[num_entries] domain SIDs (from Request, listed above). - - UINT32 num_entries (listed above) - - return 0 - indicates success - - -4.7) LSA Lookup Names ---------------------- - -Note: num_entries in response must be same as num_entries in request. - -Request: - - POL_HND LSA policy handle - UINT32 num_entries - UINT32 num_entries - VOID* undocumented domain SID buffer pointer - VOID* undocumented domain name buffer pointer - NAME[num_entries] names to be looked up. - char[] undocumented bytes - falsely translated SID structure? - -Response: - - DOM_REF domain reference response - - UINT32 num_entries (listed above) - VOID* undocumented buffer pointer - - UINT32 num_entries (listed above) - DOM_RID[num_entries] domain SIDs (from Request, listed above). - - UINT32 num_entries (listed above) - - return 0 - indicates success - - - -5) NETLOGON rpc Transact Named Pipe ------------------------------------ - -The sequence of actions taken on this pipe are: - -- Establish a connection to the IPC$ share (SMBtconX). use encrypted passwords. -- Open an RPC Pipe with the name "\\PIPE\\NETLOGON". Store the file handle. -- Using the file handle, send a Set Named Pipe Handle state to 0x4300. -- Create Client Challenge. Send LSA Request Challenge. Store Server Challenge. -- Calculate Session Key. Send an LSA Auth 2 Challenge. Store Auth2 Challenge. -- Calc/Verify Client Creds. Send LSA Srv PW Set. Calc/Verify Server Creds. -- Calc/Verify Client Creds. Send LSA SAM Logon . Calc/Verify Server Creds. -- Calc/Verify Client Creds. Send LSA SAM Logoff. Calc/Verify Server Creds. -- Close the IPC$ share. - - -Defines for this pipe, identifying the query are: - -- LSA Request Challenge: 0x04 -- LSA Server Password Set: 0x06 -- LSA SAM Logon: 0x02 -- LSA SAM Logoff: 0x03 -- LSA Auth 2: 0x0f -- LSA Logon Control: 0x0e - - -5.1) LSA Request Challenge --------------------------- - -Note: logon server name starts with two '\' characters and is upper case. - -Note: logon client is the machine, not the user. - -Note: the initial LanManager password hash, against which the challenge - is issued, is the machine name itself (lower case). there will be - calls issued (LSA Server Password Set) which will change this, later. - refusing these calls allows you to always deal with the same password - (i.e the LM# of the machine name in lower case). - -Request: - - VOID* undocumented buffer pointer - UNISTR2 logon server unicode string - UNISTR2 logon client unicode string - char[8] client challenge - -Response: - - char[8] server challenge - - return 0 - indicates success - - - -5.2) LSA Authenticate 2 ------------------------ - -Note: in between request and response, calculate the client credentials, - and check them against the client-calculated credentials (this - process uses the previously received client credentials). - -Note: neg_flags in the response is the same as that in the request. - -Note: you must take a copy of the client-calculated credentials received - here, because they will be used in subsequent authentication packets. - -Request: - - LOG_INFO client identification info - - char[8] client-calculated credentials - UINT8[] padding to 4-byte align with start of SMB header. - UINT32 neg_flags - negotiated flags (usual value is 0x0000 01ff) - -Response: - - char[8] server credentials. - UINT32 neg_flags - same as neg_flags in request. - - return 0 - indicates success. failure value unknown. - - -5.3) LSA Server Password Set ----------------------------- - -Note: the new password is suspected to be a DES encryption using the old - password to generate the key. - -Note: in between request and response, calculate the client credentials, - and check them against the client-calculated credentials (this - process uses the previously received client credentials). - -Note: the server credentials are constructed from the client-calculated - credentials and the client time + 1 second. - -Note: you must take a copy of the client-calculated credentials received - here, because they will be used in subsequent authentication packets. - -Request: - - CLNT_INFO client identification/authentication info - char[] new password - undocumented. - -Response: - - CREDS server credentials. server time stamp appears to be ignored. - - return 0 - indicates success; 0xC000 006a indicates failure - - -5.4) LSA SAM Logon ------------------- - -Note: valid_user is True iff the username and password hash are valid for - the requested domain. - -Request: - - SAM_INFO sam_id structure - -Response: - - VOID* undocumented buffer pointer - CREDS server credentials. server time stamp appears to be ignored. - - if (valid_user) - { - UINT16 3 - switch value indicating USER_INFO structure. - VOID* non-zero - pointer to USER_INFO structure - USER_INFO user logon information - - UINT32 1 - Authoritative response; 0 - Non-Auth? - - return 0 - indicates success - } - else - { - UINT16 0 - switch value. value to indicate no user presumed. - VOID* 0x0000 0000 - indicates no USER_INFO structure. - - UINT32 1 - Authoritative response; 0 - Non-Auth? - - return 0xC000 0064 - NT_STATUS_NO_SUCH_USER. - } - - -5.5) LSA SAM Logoff --------------------- - -Note: presumably, the SAM_INFO structure is validated, and a (currently - undocumented) error code returned if the Logoff is invalid. - -Request: - - SAM_INFO sam_id structure - -Response: - - VOID* undocumented buffer pointer - CREDS server credentials. server time stamp appears to be ignored. - - return 0 - indicates success. undocumented failure indication. - - -6) \\MAILSLOT\NET\NTLOGON -------------------------- - -Note: mailslots will contain a response mailslot, to which the response - should be sent. the target NetBIOS name is REQUEST_NAME<20>, where - REQUEST_NAME is the name of the machine that sent the request. - - -6.1) Query for PDC ------------------- - -Note: NTversion, LMNTtoken, LM20token in response are the same as those - given in the request. - -Request: - - UINT16 0x0007 - Query for PDC - STR machine name - STR response mailslot - UINT8[] padding to 2-byte align with start of mailslot. - UNISTR machine name - UINT32 NTversion - UINT16 LMNTtoken - UINT16 LM20token - -Response: - - UINT16 0x000A - Respose to Query for PDC - STR machine name (in uppercase) - UINT8[] padding to 2-byte align with start of mailslot. - UNISTR machine name - UNISTR domain name - UINT32 NTversion (same as received in request) - UINT16 LMNTtoken (same as received in request) - UINT16 LM20token (same as received in request) - - -6.2) SAM Logon --------------- - -Note: machine name in response is preceded by two '\' characters. - -Note: NTversion, LMNTtoken, LM20token in response are the same as those - given in the request. - -Note: user name in the response is presumably the same as that in the request. - -Request: - - UINT16 0x0012 - SAM Logon - UINT16 request count - UNISTR machine name - UNISTR user name - STR response mailslot - UINT32 alloweable account - UINT32 domain SID size - char[sid_size] domain SID, of sid_size bytes. - UINT8[] ???? padding to 4? 2? -byte align with start of mailslot. - UINT32 NTversion - UINT16 LMNTtoken - UINT16 LM20token - -Response: - - UINT16 0x0013 - Response to SAM Logon - UNISTR machine name - UNISTR user name - workstation trust account - UNISTR domain name - UINT32 NTversion - UINT16 LMNTtoken - UINT16 LM20token - - - -7) SRVSVC Transact Named Pipe ------------------------------ - - -Defines for this pipe, identifying the query are: - -- Net Share Enum : 0x0f -- Net Server Get Info : 0x15 - - -7.1) Net Share Enum ------------------- - -Note: share level and switch value in the response are presumably the - same as those in the request. - -Note: cifsrap2.txt (section 5) may be of limited assistance here. - -Request: - - VOID* pointer (to server name?) - UNISTR2 server name - - UINT8[] padding to get unicode string 4-byte aligned - with the start of the SMB header. - - UINT32 share level - UINT32 switch value - - VOID* pointer to SHARE_INFO_1_CTR - SHARE_INFO_1_CTR share info with 0 entries - - UINT32 preferred maximum length (0xffff ffff) - -Response: - - UINT32 share level - UINT32 switch value - - VOID* pointer to SHARE_INFO_1_CTR - SHARE_INFO_1_CTR share info (only added if share info ptr is non-zero) - - return 0 - indicates success - - -7.2) Net Server Get Info ------------------- - -Note: level is the same value as in the request. - -Request: - - UNISTR2 server name - UINT32 switch level - -Response: - - UINT32 switch level - VOID* pointer to SERVER_INFO_101 - - SERVER_INFO_101 server info (only added if server info ptr is non-zero) - - return 0 - indicates success - - - -Appendix --------- - -A1) Cryptographic side of NT Domain Authentication --------------------------------------------------- - - -A1.1) Definitions ------------------ - -Add(A1,A2): Intel byte ordered addition of corresponding 4 byte words -in arrays A1 and A2 - -E(K,D): DES ECB encryption of 8 byte data D using 7 byte key K - -lmowf(): Lan man hash - -ntowf(): NT hash - -PW: md4(machine_password) == md4(lsadump $machine.acc) == -pwdump(machine$) (initially) == md4(lmowf(unicode(machine))) - -RC4(K,Lk,D,Ld): RC4 encryption of data D of length Ld with key K of -length Lk - -v[m..n(,l)]: subset of v from bytes m to n, optionally padded with -zeroes to length l - -Cred(K,D): E(K[7..7,7],E(K[0..6],D)) computes a credential - -Time(): 4 byte current time - -Cc,Cs: 8 byte client and server challenges Rc,Rs: 8 byte client and -server credentials - - -A1.2) Protocol --------------- - -C->S ReqChal,Cc S->C Cs - -C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) - -C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs), -assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs)) - -On joining the domain the client will optionally attempt to change its -password and the domain controller may refuse to update it depending -on registry settings. This will also occur weekly afterwards. - -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc, -rc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S: -assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1) -S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs' - -User: U with password P wishes to login to the domain (incidental data -such as workstation and domain omitted) - -C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U, -rc4(Ks[0..7,16],16,ntowf(P),16), rc4(Ks[0..7,16],16,lmowf(P),16) S: -assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S: -Ts = Time() - -S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C: -assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1) - - -A1.3) Comments --------------- - -On first joining the domain the session key could be computed by -anyone listening in on the network as the machine password has a well -known value. Until the machine is rebooted it will use this session -key to encrypt NT and LM one way functions of passwords which are -password equivalents. Any user who logs in before the machine has been -rebooted a second time will have their password equivalent exposed. Of -course the new machine password is exposed at this time anyway. - -None of the returned user info such as logon script, profile path and -SIDs *appear* to be protected by anything other than the TCP checksum. - -The server time stamps appear to be ignored. - -The client sends a ReturnAuthenticator in the SamLogon request which I -can't find a use for. However its time is used as the timestamp -returned by the server. - -The password OWFs should NOT be sent over the network reversibly -encrypted. They should be sent using RC4(Ks,md4(owf)) with the server -computing the same function using the owf values in the SAM. - - -A2) SIDs and RIDs ------------------ - -SIDs and RIDs are well documented elsewhere. - -A SID is an NT Security ID (see DOM_SID structure). They are of the form: - - S-revision-NN-SubAuth1-SubAuth2-SubAuth3... - S-revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3... - -currently, the SID revision is 1. -The Sub-Authorities are known as Relative IDs (RIDs). - - -A2.1) Well-known SIDs ---------------------- - - -A2.1.1) Universal well-known SIDs ---------------------------------- - - Null SID S-1-0-0 - World S-1-1-0 - Local S-1-2-0 - Creator Owner ID S-1-3-0 - Creator Group ID S-1-3-1 - Creator Owner Server ID S-1-3-2 - Creator Group Server ID S-1-3-3 - - (Non-unique IDs) S-1-4 - - -A2.1.2) NT well-known SIDs --------------------------- - - NT Authority S-1-5 - Dialup S-1-5-1 - - Network S-1-5-2 - Batch S-1-5-3 - Interactive S-1-5-4 - Service S-1-5-6 - AnonymousLogon S-1-5-7 (aka null logon session) - Proxy S-1-5-8 - ServerLogon S-1-5-8 (aka domain controller account) - - (Logon IDs) S-1-5-5-X-Y - - (NT non-unique IDs) S-1-5-0x15-... - - (Built-in domain) s-1-5-0x20 - - - -A2.2) Well-known RIDS ---------------------- - -A RID is a sub-authority value, as part of either a SID, or in the case -of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1 -structure, in the LSA SAM Logon response. - - -A2.2.1) Well-known RID users ----------------------------- - - DOMAIN_USER_RID_ADMIN 0x0000 01F4 - DOMAIN_USER_RID_GUEST 0x0000 01F5 - - - -A2.2.2) Well-known RID groups ----------------------------- - - DOMAIN_GROUP_RID_ADMINS 0x0000 0200 - DOMAIN_GROUP_RID_USERS 0x0000 0201 - DOMAIN_GROUP_RID_GUESTS 0x0000 0202 - - - -A2.2.3) Well-known RID aliases ------------------------------- - - DOMAIN_ALIAS_RID_ADMINS 0x0000 0220 - DOMAIN_ALIAS_RID_USERS 0x0000 0221 - DOMAIN_ALIAS_RID_GUESTS 0x0000 0222 - DOMAIN_ALIAS_RID_POWER_USERS 0x0000 0223 - - DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x0000 0224 - DOMAIN_ALIAS_RID_SYSTEM_OPS 0x0000 0225 - DOMAIN_ALIAS_RID_PRINT_OPS 0x0000 0226 - DOMAIN_ALIAS_RID_BACKUP_OPS 0x0000 0227 - - DOMAIN_ALIAS_RID_REPLICATOR 0x0000 0228 - - diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt deleted file mode 100644 index 1af9a97c0b7..00000000000 --- a/docs/textdocs/security_level.txt +++ /dev/null @@ -1,99 +0,0 @@ -!== -!== security_level.txt for Samba release 1.9.18alpha11 03 Nov 1997 -!== -Contributor: Andrew Tridgell -Updated: June 27, 1997 -Status: Current - -Subject: Description of SMB security levels. -=========================================================================== - -Samba supports the following options to the global smb.conf parameter -"security =": - share, user, server - -Of the above, "security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support. - -Below is a more complete description of security levels. -=========================================================================== - -A SMB server tells the client at startup what "security level" it is -running. There are two options "share level" and "user level". Which -of these two the client receives affects the way the client then tries -to authenticate itself. It does not directly affect (to any great -extent) the way the Samba server does security. I know this is -strange, but it fits in with the client/server approach of SMB. In SMB -everything is initiated and controlled by the client, and the server -can only tell the client what is available and whether an action is -allowed. - -I'll describe user level security first, as its simpler. In user level -security the client will send a "session setup" command directly after -the protocol negotiation. This contains a username and password. The -server can either accept or reject that username/password -combination. Note that at this stage the server has no idea what -share the client will eventually try to connect to, so it can't base -the "accept/reject" on anything other than: - -- the username/password -- the machine that the client is coming from - -If the server accepts the username/password then the client expects to -be able to mount any share (using a "tree connection") without -specifying a password. It expects that all access rights will be as -the username/password specified in the "session setup". - -It is also possible for a client to send multiple "session setup" -requests. When the server responds it gives the client a "uid" to use -as an authentication tag for that username/password. The client can -maintain multiple authentication contexts in this way (WinDD is an -example of an application that does this) - - -Ok, now for share level security. In share level security (the default -with samba) the client authenticates itself separately for each -share. It will send a password along with each "tree connection" -(share mount). It does not explicitly send a username with this -operation. The client is expecting a password to be associated with -each share, independent of the user. This means that samba has to work -out what username the client probably wants to use. It is never -explicitly sent the username. Some commercial SMB servers such as NT actually -associate passwords directly with shares in share level security, but -samba always uses the unix authentication scheme where it is a -username/password that is authenticated, not a "share/password". - -Many clients send a "session setup" even if the server is in share -level security. They normally send a valid username but no -password. Samba records this username in a list of "possible -usernames". When the client then does a "tree connection" it also adds -to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf -line. The password is then checked in turn against these "possible -usernames". If a match is found then the client is authenticated as -that user. - -Finally "server level" security. In server level security the samba -server reports to the client that it is in user level security. The -client then does a "session setup" as described earlier. The samba -server takes the username/password that the client sends and attempts -to login to the "password server" by sending exactly the same -username/password that it got from the client. If that server is in -user level security and accepts the password then samba accepts the -clients connection. This allows the samba server to use another SMB -server as the "password server". - -You should also note that at the very start of all this, where the -server tells the client what security level it is in, it also tells -the client if it supports encryption. If it does then it supplies the -client with a random "cryptkey". The client will then send all -passwords in encrypted form. You have to compile samba with encryption -enabled to support this feature, and you have to maintain a separate -smbpasswd file with SMB style encrypted passwords. It is -cryptographically impossible to translate from unix style encryption -to SMB style encryption, although there are some fairly simple management -schemes by which the two could be kept in sync. |