</listitem>
</varlistentry>
- <indexterm><primary>8.3</primary><secondary>file names</secondary></indexterm>
<varlistentry>
<term>Case Sensitivity</term>
<listitem>
<para>
+ <indexterm><primary>8.3</primary><secondary>file names</secondary></indexterm>
MS Windows file names are generally upper case if made up of 8.3 (ie: 8 character file name
and 3 character extension. If longer than 8.3 file names are Case Preserving, and Case
Insensitive.
</listitem>
</varlistentry>
- <indexterm><primary>Links</primary><secondary>hard</secondary></indexterm>
- <indexterm><primary>Links</primary><secondary>soft</secondary></indexterm>
- <indexterm><primary>Short-Cuts</primary></indexterm>
<varlistentry>
<term>Links and Short-Cuts</term>
<listitem>
<para>
+ <indexterm><primary>Links</primary><secondary>hard</secondary></indexterm>
+ <indexterm><primary>Links</primary><secondary>soft</secondary></indexterm>
+ <indexterm><primary>Short-Cuts</primary></indexterm>
+
MS Windows make use of "links and Short-Cuts" that are actually special types of files that will
redirect an attempt to execute the file to the real location of the file. UNIX knows of file and directory
links, but they are entirely different from what MS Windows users are used to.
<table frame='all' pgwide='0'><title>User and Group Based Controls</title>
<tgroup cols='2'>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row>
<entry align="center">Control Parameter</entry>
<table frame='all'><title>File and Directory Permission Based Controls</title>
<tgroup cols='2'>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row>
<entry align="center">Control Parameter</entry>
<table frame='all'><title>Other Controls</title>
<tgroup cols='2'>
- <colspec align="justify" width="1*"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
+ <colspec align="justify"/>
<thead>
<row>
<entry align="center">Control Parameter</entry>
</screen>
</para>
- <note><para>
+ <note>
<para>This is the same as doing:</para>
<screen>
&prompt;<userinput>chown jack /foodbar</userinput>
&prompt;<userinput>chgrp engr /foodbar</userinput>
</screen>
- </para></note>
+ </note>
</step>
<step>
<para>Now do:
<para>
This chapter did not make it into this release.
It is planned for the published release of this document.
-If you have something to contribute for this section please email it to
-<link url="mail://jht@samba.org">jht@samba.org</link>/
</para>
</sect1>
<title>PPD's shipped with CUPS</title>
<tgroup cols="2" align="left">
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead><row><entry>PPD file</entry><entry>Printer type</entry></row></thead>
<tbody>
<row><entry>deskjet.ppd</entry><entry>older HP inkjet printers and compatible</entry></row>
corresponding UNIX account are created by hand.
</para></listitem>
- <indexterm><primary>Server Manager</primary></indexterm>
<listitem><para>
+ <indexterm><primary>Server Manager</primary></indexterm>
Using the MS Windows NT4 Server Manager (either from an NT4 Domain member
server, or using the Nexus toolkit available from the Microsoft web site.
This tool can be run from any MS Windows machine so long as the user is
create the corresponding UNIX account in <filename>/etc/passwd</filename>.
This can be done using <command>vipw</command> or another 'add user' command
that is normally used to create new UNIX accounts. The following is an example for a Linux based Samba server:
-</para>
-
<indexterm><primary>useradd</primary></indexterm>
<indexterm><primary>vipw</primary></indexterm>
+
+</para>
+
<para>
<screen>
&rootprompt;<userinput>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine nickname"</replaceable> \
</screen>
</para>
-<indexterm><primary>chpass</primary></indexterm>
<para>
+<indexterm><primary>chpass</primary></indexterm>
On *BSD systems, this can be done using the <command>chpass</command> utility:
</para>
<para>
There are two steps to creating an interdomain trust relationship. To effect a two-way trust
relationship it is necessary for each domain administrator to create a trust account for the
-other domain to use in verifying security credentials.</para>
+other domain to use in verifying security credentials.
<indexterm><primary>Interdomain Trusts</primary><secondary>creating</secondary></indexterm>
+</para>
<sect2>
<title>Creating an NT4 Domain Trust</title>
</sect2>
-<indexterm><primary>Interdomain Trusts</primary><secondary>Completing</secondary></indexterm>
<sect2>
<title>Completing an NT4 Domain Trust</title>
<para>
+<indexterm><primary>Interdomain Trusts</primary><secondary>completing</secondary></indexterm>
A trust relationship will work only when the other (trusting) domain makes the appropriate connections
with the trusted domain. To consummate the trust relationship the administrator will launch the
Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the
<table frame="all"><title>Nature of the Conversion Choices</title>
<tgroup cols="3">
- <colspec align="justify" width="1*"/>
- <colspec align="justify" width="1*"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
+ <colspec align="justify"/>
+ <colspec align="justify"/>
<thead>
<row><entry>Simple</entry><entry>Upgraded</entry><entry>Redesign</entry></row>
</thead>
<title>Samba-3 Implementation Choices</title>
<variablelist>
- <varlistentry><term>Authentication database/back end:</term><listitem><para>-</para>
+ <varlistentry><term>Authentication database/back end:</term><listitem>
<para>
Samba-3 can use an external authentication backend:
</para>
</listitem>
</varlistentry>
- <varlistentry><term>Access Control Points:</term><listitem><para>-</para>
+ <varlistentry><term>Access Control Points:</term><listitem>
<itemizedlist>
<listitem><para>On the Share itself - using Share ACLs</para></listitem>
<listitem><para>On the file system - using UNIX permissions on files and directories</para>
</listitem>
</varlistentry>
- <varlistentry><term>Policies (migrate or create new ones):</term><listitem><para>-</para>
+ <varlistentry><term>Policies (migrate or create new ones):</term><listitem>
<itemizedlist>
<listitem><para>Using Group Policy Editor (NT4)</para></listitem>
<listitem><para>- Watch out for Tattoo effect</para></listitem>
</listitem>
</varlistentry>
- <varlistentry><term>User and Group Profiles:</term><listitem><para>-</para>
+ <varlistentry><term>User and Group Profiles:</term><listitem>
<para>
Platform specific so use platform tool to change from a Local to a Roaming profile
Can use new profiles tool to change SIDs (NTUser.DAT)
</listitem>
</varlistentry>
- <varlistentry><term>Logon Scripts:</term><listitem><para>-</para>
+ <varlistentry><term>Logon Scripts:</term><listitem>
<para>
Know how they work
</para>
</listitem>
</varlistentry>
- <varlistentry><term>User and Group mapping to Unix/Linux:</term><listitem><para>-</para>
+ <varlistentry><term>User and Group mapping to Unix/Linux:</term><listitem>
<itemizedlist>
<listitem><para>username map facility may be needed</para></listitem>
<listitem><para>Use 'net groupmap' to connect NT4 groups to Unix groups</para></listitem>
</listitem>
</varlistentry>
- <varlistentry><term>OS specific scripts/programs may be needed:</term><listitem><para>-</para>
+ <varlistentry><term>OS specific scripts/programs may be needed:</term><listitem>
<itemizedlist>
<listitem><para>Add/Delete Users: Note OS limits on size of name
(Linux 8 chars) NT4 up to 254 chars</para></listitem>
</listitem>
</varlistentry>
- <varlistentry><term>Migration Tools:</term><listitem><para>-</para>
+ <varlistentry><term>Migration Tools:</term><listitem>
<para>
Domain Control (NT4 Style) Profiles, Policies, Access Controls, Security
<itemizedlist>
<variablelist>
<varlistentry><term><replaceable>a.b.c.d</replaceable> and
<replaceable>e.f.g.h</replaceable></term>
-<indexterm><primary>LMB</primary><see>Local Master Browser</see></indexterm>
+<listitem><para>
+ <indexterm><primary>LMB</primary><see>Local Master Browser</see></indexterm>
<indexterm><primary>Local Master Browser</primary></indexterm>
-<listitem><para>is either the LMB (Local Master Browser) IP address
+
+ is either the LMB (Local Master Browser) IP address
or the broadcast address of the remote network.
ie: the LMB is at 192.168.1.10, or the address
could be given as 192.168.1.255 where the netmask
<tgroup cols="3">
<colspec align="left"/>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row>
</thead>
<tgroup cols="3" align="left">
<colspec align="left"/>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row>
<tgroup cols="3" align="left">
<colspec align="left"/>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row>
<title>Options recognized by pam_smbpass</title>
<tgroup cols="2" align="left">
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<tbody>
<row><entry>debug</entry><entry>log more debugging info</entry></row>
<row><entry>audit</entry><entry>like debug, but also logs unknown usernames</entry></row>
<variablelist>
<varlistentry>
- <term>Local profiles:</term> <para>-</para>
+ <term>Local profiles:</term>
<listitem><para>
I know of no registry keys that will allow auto-deletion of LOCAL profiles on log out
</para></listitem>
</varlistentry>
<varlistentry>
- <term>Roaming profiles:</term> <para>-</para>
+ <term>Roaming profiles:</term>
<listitem><para>
As a user logs onto the network a centrally stored profile is copied to the workstation
to form a local profile. This local profile will persist (remain on the workstation disk)
<variablelist>
<varlistentry>
- <term>Personal Roaming profiles</term> <para>-</para>
+ <term>Personal Roaming profiles</term>
<listitem><para>
These are typically stored in a profile share on a central (or conveniently located
local) server.
</varlistentry>
<varlistentry>
- <term>Group profiles</term> <para>-</para>
+ <term>Group profiles</term>
<listitem><para>These are loaded from a central profile server</para></listitem>
</varlistentry>
<varlistentry>
- <term>Mandatory profiles</term> <para>-</para>
+ <term>Mandatory profiles</term>
<listitem><para>
Mandatory profiles can be created for a user as well as for any group that a user
is a member of. Mandatory profiles can NOT be changed by ordinary users. Only the administrator
<figure id="domain-example"><title>An Example Domain</title>
<mediaobject>
-<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/domain" width="4in" height="3in" scalefit="1"/></imageobject>
+<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/domain" scalefit="1"/></imageobject>
<imageobject><imagedata fileref="projdoc/imagefiles/domain.png" scale="50" scalefit="1"/></imageobject>
</mediaobject>
</figure>
</para>
<variablelist>
- <varlistentry><term>passdb backend</term><para>:</para>
+ <varlistentry><term>passdb backend</term>
<listitem><para>
This contains all the user and group account information. Acceptable values for a PDC
are: <emphasis>smbpasswd, tdbsam, ldapsam</emphasis>. The 'guest' entry provides needed
can not effectively be distributed and therefore should not be used.
</para></listitem>
</varlistentry>
- <varlistentry><term>Domain Control Parameters</term><para>:</para>
+ <varlistentry><term>Domain Control Parameters</term>
<listitem><para>
The parameters <emphasis>os level, preferred master, domain master, security,
encrypt passwords, domain logons</emphasis> play a central role in assuring domain
to do this, refer to <link linkend="passdb"></link>.
</para></listitem>
</varlistentry>
- <varlistentry><term>Environment Parameters</term><para>:</para>
+ <varlistentry><term>Environment Parameters</term>
<listitem><para>
The parameters <emphasis>logon path, logon home, logon drive, logon script</emphasis> are
environment support settings that help to facilitate client logon operations and that help
to the man page information for these parameters.
</para></listitem>
</varlistentry>
- <varlistentry><term>NETLOGON Share</term><para>:</para>
+ <varlistentry><term>NETLOGON Share</term>
<listitem><para>
The NETLOGON share plays a central role in domain logon and domain membership support.
This share is provided on all Microsoft domain controllers. It is used to provide logon
tools that may be needed for logon processing. This is an essential share on a domain controller.
</para></listitem>
</varlistentry>
- <varlistentry><term>PROFILE Share</term><para>:</para>
+ <varlistentry><term>PROFILE Share</term>
<listitem><para>
This share is used to store user desktop profiles. Eash user must have a directory at the root
of this share. This directory must be write enabled for the user and must be globally read enabled.
<para>
<quote>
We are seeing lots of errors in the samba logs like:
+</quote>
<programlisting>
tdb(/usr/local/samba_2.2.7/var/locks/locking.tdb): rec_read bad magic
0x4d6f4b61 at offset=36116
</programlisting>
-
+<quote>
What do these mean?
</quote>
</para>
</sect2>
+<sect2>
+ <title>New Backends</title>
+
<para>
Samba-3 introduces the following new password backend capabilities:
</para>
-<sect2>
- <title>New Backends</title>
+
<variablelist>
<varlistentry><term>tdbsam:</term>
<title>Attributes in the sambaSamAccount objectclass (LDAP)</title>
<tgroup cols="2" align="justify">
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<tbody>
<row><entry><constant>sambaLMPassword</constant></entry><entry>the LANMAN password 16-byte hash stored as a character
representation of a hexadecimal string.</entry></row>
<title>Basic smb.conf options for MySQL passdb backend</title>
<tgroup cols="2">
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row><entry>Field</entry><entry>Contents</entry></row>
</thead>
<tgroup cols="3" align="justify">
<colspec align="left"/>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<thead>
<row><entry>Field</entry><entry>Type</entry><entry>Contents</entry></row>
</thead>
<para>
<smbconfblock>
- [globals]
- ...
+ <smbconfsection>[globals]</smbconfsection>
+ <member>...</member>
<smbconfoption><name>passdb backend</name><value>tdbsam, smbpasswd</value></smbconfoption>
- ...
+ <member>...</member>
</smbconfblock>
</para>
&smb.conf; man page for detailed explanations:
</para>
-<formalpara>
- <title>List of printing related parameters in Samba 3</title>
-
<para>Global level parameters: <smbconfoption><name>addprinter command</name></smbconfoption>,
<smbconfoption><name>deleteprinter command</name></smbconfoption>,
<smbconfoption><name>disable spoolss</name></smbconfoption>,
<smbconfoption><name>queueresume command</name></smbconfoption>,
<smbconfoption><name>total print jobs</name></smbconfoption>.
</para>
-</formalpara>
<para>
Samba's printing support implements the Microsoft Remote Procedure
<table frame='all'><title>TDB File Descriptions</title>
<tgroup cols='3'>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify"/>
<colspec align="left"/>
<thead>
<row>
<para><smbconfexample>
<title>smb.conf for winbind set-up</title>
<smbconfsection>[global]</smbconfsection>
- <...>
+<member>...</member>
<smbconfcomment> separate domain and username with '+', like DOMAIN+username</smbconfcomment>
<smbconfoption><name>winbind separator</name><value>+</value></smbconfoption>
<smbconfcomment> use uids from 10000 to 20000 for domain users</smbconfcomment>
</xsl:element>
</xsl:template>
-<xsl:template match="smbconfexample/smbconfcomment">
+<xsl:template match="smbconfexample/smbconfcomment|smbconfblock/smbconfcomment">
<xsl:element name="member">
<xsl:text># </xsl:text>
<xsl:apply-templates/>
</xsl:element>
</xsl:template>
-<xsl:template match="smbconfexample/smbconfsection">
+<xsl:template match="smbconfexample/smbconfsection|smbconfblock/smbconfsection">
<xsl:element name="member">
<xsl:text> </xsl:text>
</xsl:element>