<para>
<simplelist>
-
<member>A "foomatic+<replaceable>something</replaceable>" PPD is not enough to print with CUPS (but it is *one* important component)</member>
<member>The "cupsomatic" filter script (Perl) in <filename>/usr/lib/cups/filters/</filename></member>
<member>Perl to make cupsomatic run</member>
the files:
</para>
- <computeroutput>
- cups-samba.install
- cups-samba.license
- cups-samba.readme
- cups-samba.remove
- cups-samba.ss
- </computeroutput>
- </para>
+<para>
+<computeroutput>
+ cups-samba.install
+ cups-samba.license
+ cups-samba.readme
+ cups-samba.remove
+ cups-samba.ss
+</computeroutput>
+</para>
<para>
These have been packaged with the ESP meta packager software "EPM". The
into <filename>/usr/share/cups/drivers/</filename>. Its contents are 3 files:
</para>
- <computeroutput>
- cupsdrvr.dll
- cupsui.dll
- cups.hlp
- </computeroutput>
- </para>
+<para>
+<computeroutput>
+ cupsdrvr.dll
+ cupsui.dll
+ cups.hlp
+</computeroutput>
+</para>
<caution><para>
Due to a bug one CUPS release puts the <filename>cups.hlp</filename>
</para>
<para>
- <userinput> cp /usr/share/drivers/cups.hlp /usr/share/cups/drivers/
- </userinput>
+<userinput> cp /usr/share/drivers/cups.hlp /usr/share/cups/drivers/
+</userinput>
</para></caution>
<note>
</para>
<para>
-<itemizedlist>
+<simplelist>
no hassle with the Adobe EULA
- </para></listitem>
+ </para></member>
no hassle with the question "where do I get the ADOBE*.* driver files from?"
- </para></listitem>
+ </para></member>
the Adobe drivers (depending on the printer PPD associated with them)
often put a PJL header in front of the core PostScript part of the print
file (thus the file starts with "<replaceable>1B</replaceable>%-12345X"
leads to the page accounting in "/var/log/cups/page_log" not receiving
the exact mumber of pages; instead the dummy page number of "1" is
logged in a standard setup)
- </para></listitem>
+ </para></member>
the Adobe driver has more options to "mis-configure" the PostScript
generated by it (like setting it inadvertedly to "Optimize for Speed",
instead of "Optimize for Portability", which could lead to CUPS being
unable to process it)
- </para></listitem>
+ </para></member>
the CUPS PostScript driver output sent by Windows clients to the CUPS
server will be guaranteed to be auto-typed as generic MIME type
"application/postscript", thusly passing thru the CUPS "pstops" filter
and logging the correct number of pages in the page_log for accounting
and quota purposes
- </para></listitem>
+ </para></member>
the CUPS PostScript driver supports the sending of additional print
options by the Win NT/2k/XP clients, such as naming the CUPS standard
banner pages (or the custom ones, should they be installed at the time
of driver download), using the CUPS "page-label" option, setting a
job-priority and setting the scheduled time of printing (with the option
to support additional useful IPP job attributes in the future).
- </para></listitem>
+ </para></member>
the CUPS PostScript driver supports the inclusion of the new
"*cupsJobTicket" comments at the beginnig of the PostScript file (which
could be used in the future for all sort of beneficial extensions on
the CUPS side, but which will not disturb any other application as those
will regard it as a comment and simply ignore it).
- </para></listitem>
+ </para></member>
the CUPS PostScript driver will be the heart of the fully fledged CUPS
IPP client for Windows NT/2k/XP to be released soon (probably alongside
the first Beta release for CUPS 1.2).
- </para></listitem>
+ </para></member>
-</itemizedlist>
+</simplelist>
</para>
</sect1>
<title>Compiling samba with Active Directory support</title>
<para>In order to compile samba with ADS support, you need to have installed
- on your system:
- <simplelist>
- <member>the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work.</member>
- <member>the OpenLDAP development libraries.</member>
-</simplelist></para>
+ on your system:</para>
+ <itemizedlist>
+
+ <listitem><para>the MIT kerberos development libraries
+ (either install from the sources or use a package). The
+ heimdal libraries will not work.</para></listitem>
+
+ <listitem><para>the OpenLDAP development libraries.</para></listitem>
+
+ </itemizedlist>
<para>If your kerberos libraries are in a non-standard location then
remember to add the configure option --with-krb5=DIR.</para>
<para><programlisting>
#define HAVE_KRB5 1
#define HAVE_LDAP 1
- </programlisting></para>
+</programlisting></para>
<para>If it doesn't then configure did not find your krb5 libraries or
your ldap libraries. Look in config.log to figure out why and fix
<para>On Debian you need to install the following packages:</para>
<para>
- <simplelist>
- <member>libkrb5-dev</member>
- <member>krb5-user</member>
- </simplelist>
+ <itemizedlist>
+ <listitem>libkrb5-dev</listitem>
+ <listitem>krb5-user</listitem>
+ </itemizedlist>
</para>
</sect3>
<para>On RedHat this means you should have at least: </para>
<para>
- <simplelist>
- <member>krb5-workstation (for kinit)</member>
- <member>krb5-libs (for linking with)</member>
- <member>krb5-devel (because you are compiling from source)</member>
- </simplelist>
+ <itemizedlist>
+ <listitem>krb5-workstation (for kinit)</listitem>
+ <listitem>krb5-libs (for linking with)</listitem>
+ <listitem>krb5-devel (because you are compiling from source)</listitem>
+ </itemizedlist>
</para>
<para>in addition to the standard development environment.</para>
</para>
<table frame="all"><title>The 3 Major Site Types</title>
-<tgroup cols="2" align="center">
+<tgroup cols="2">
<thead>
- <row><entry align="center">Number of Users</entry><entry>Description</entry></row>
+ <row><entry>Number of Users</entry><entry>Description</entry></row>
</thead>
<tbody>
- <row><entry
align="center">< 50</entry><entry><para>Want simple conversion with NO pain</para></entry></row>
- <row><entry
align="center">50 - 250</entry><entry><para>Want new features, can manage some in-house complexity</para></entry></row>
- <row><entry
align="center">> 250</entry><entry><para>Solution/Implementation MUST scale well, complex needs. Cross departmental decision process. Local expertise in most areas</para></entry></row>
+ <row><entry>< 50</entry><entry><para>Want simple conversion with NO pain</para></entry></row>
+ <row><entry>50 - 250</entry><entry><para>Want new features, can manage some in-house complexity</para></entry></row>
+ <row><entry>> 250</entry><entry><para>Solution/Implementation MUST scale well, complex needs. Cross departmental decision process. Local expertise in most areas</para></entry></row>
</tbody>
</tgroup>
</table>
</itemizedlist>
<table frame="top"><title>Nature of the Conversion Choices</title>
-<tgroup cols="3" align="center">
+<tgroup cols="3">
<thead>
<row><entry>Simple</entry><entry>Upgraded</entry><entry>Redesign</entry></row>
</thead>
account is automatically created by Samba at the time the client
is joined to the domain. (For security, this is the
recommended method.) The corresponding Unix account may be
- created automatically or manually. This option requires that the
- administrator configures in smb.conf [globals] the <emphasis>add machine script</emphasis>
- parameter entry.
- </para>
+ created automatically or manually. </para>
</listitem>
</itemizedlist>
<para>Since each Samba machine trust account requires a corresponding
Unix account, a method for automatically creating the
Unix account is usually supplied; this requires configuration of the
-<ulink url="smb.conf.5.html#ADDMACHINESCRIPT">add machine script</ulink>
+<ulink url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink>
option in <filename>smb.conf</filename>. This
method is not required, however; corresponding Unix accounts may also
be created manually.
</para>
-<para>Below is an example for a Red Hat Linux system.
+<para>Below is an example for a RedHat 6.2 Linux system.
</para>
<para><programlisting>
[global]
# <...remainder of parameters...>
- add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
+ add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
</programlisting></para>
</sect2>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE book SYSTEM "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities;
]>
The most recent version of this document can be found at
<ulink url="http://www.samba.org/">http://www.samba.org/</ulink>
on the "Documentation" page. Please send updates to
-<ulink url="mailto:jelmer@samba.org">jelmer@samba.org</ulink>,
-<ulink url="mailto:jht@samba.org">jht@samba.org</ulink> or
-<ulink url="mailto:jerry@samba.org">jerry@samba.org</ulink>.
+<ulink url="mailto:jelmer@samba.org">Jelmer Venrooij</ulink>,
+<ulink url="mailto:jht@samba.org">John Terpstra</ulink> or
+<ulink url="mailto:jerry@samba.org">Gerald (Jerry) Carter</ulink>.
</para>
<para>
</legalnotice>
</bookinfo>
+<!-- Contents -->
+<toc/>
<!-- Chapters -->
<part id="introduction">
&SWAT;
&SPEED;
</part>
+
</book>
WINBIND:
program = /usr/lib/security/WINBIND
options = authonly
-<programlisting></para>
+</programlisting></para>
-<para>can then be added to <filename>/usr/lib/security/methods.cfg</filename>.
-This module only supports identification, but there have been success reports
-using the standard winbind pam module for authentication. Use caution
-configuring loadable authentication modules as it is possible to make
-it impossible to logon to the system. More information about the AIX
-authentication module API can be found at
-<link url="http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_load_mod.htm"/> and more information on administering the
-modules at <link url="http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/baseadmn/iandaadmin.htm"/>.
+<para>can then be added to
+<filename>/usr/lib/security/methods.cfg</filename>. This module only
+supports identification, but there have been success reports using the
+standard winbind pam module for authentication. Use caution configuring
+loadable authentication modules as it is possible to make it impossible
+to logon to the system. More information about the AIX authentication
+module API can be found at "Kernel Extensions and Device Support
+Programming Concepts for AIX": <link
+url="http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_load_mod.htm">
+Chapter 18. Loadable Authentication Module Programming Interface</link>
+and more information on administering the modules at <link
+url="http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/baseadmn/iandaadmin.htm">
+"System Management Guide: Operating System and Devices"</link>.
</para>
</sect3>
Several parameters are needed in the smb.conf file to control
the behavior of <command>winbindd</command>. Configure
<filename>smb.conf</filename> These are described in more detail in
-the <ulink url="winbindd.8.html">winbindd(8)</ulink> man page. My
+the <citerefentry><refentrytitle>winbindd</refentrytitle>
+<manvolnum>8</manvolnum></citerefentry> man page. My
<filename>smb.conf</filename> file was modified to
include the following entries in the [global] section:
</para>
git.samba.org / samba.git / commitdiff