Windows2000 KDC.
</para>
-<para>Pieces you need before you begin:
+<para>Pieces you need before you begin:</para>
+<para>
<simplelist>
<member>a Windows 2000 server.</member>
<member>samba 3.0 or higher.</member>
<sect1>
<title>Installing the required packages for Debian</title>
-<para>On Debian you need to install the following packages:
+<para>On Debian you need to install the following packages:</para>
+<para>
<simplelist>
<member>libkrb5-dev</member>
<member>krb5-user</member>
<sect1>
<title>Installing the required packages for RedHat</title>
-<para>On RedHat this means you should have at least:
+<para>On RedHat this means you should have at least: </para>
+<para>
<simplelist>
<member>krb5-workstation (for kinit)</member>
<member>krb5-libs (for linking with)</member>
<para>The minimal configuration for krb5.conf is:</para>
<para><programlisting>
- [realms]
+[realms]
YOUR.KERBEROS.REALM = {
kdc = your.kerberos.server
}
<para>
The syntax of the "remote browse sync" parameter is:
+
<programlisting>
- remote browse sync = a.b.c.d
+remote browse sync = a.b.c.d
</programlisting>
where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment.
<para>
Resolution of NetBIOS names to IP addresses can take place using a number
of methods. The only ones that can provide NetBIOS name_type information
-are:
+are:</para>
+
<simplelist>
<member>WINS: the best tool!</member>
<member>LMHOSTS: is static and hard to maintain.</member>
<member>Broadcast: uses UDP and can not resolve names across remote segments.</member>
</simplelist>
-</para>
<para>
-Alternative means of name resolution includes:
+Alternative means of name resolution includes:</para>
<simplelist>
<member>/etc/hosts: is static, hard to maintain, and lacks name_type info</member>
<member>DNS: is a good choice but lacks essential name_type info.</member>
</simplelist>
-</para>
<para>
Many sites want to restrict DNS lookups and want to avoid broadcast name
resolution traffic. The "name resolve order" parameter is of great help here.
The syntax of the "name resolve order" parameter is:
<programlisting>
- name resolve order = wins lmhosts bcast host
+name resolve order = wins lmhosts bcast host
</programlisting>
_or_
<programlisting>
- name resolve order = wins lmhosts (eliminates bcast and host)
+name resolve order = wins lmhosts (eliminates bcast and host)
</programlisting>
The default is:
<programlisting>
- name resolve order = host lmhost wins bcast
+name resolve order = host lmhost wins bcast
</programlisting>.
where "host" refers the the native methods used by the Unix system
to implement the gethostbyname() function call. This is normally
+<?xml version="1.0" encoding="iso8859-1"?>
<chapter id="groupmapping">
<chapterinfo>
<author>
<para><programlisting>
Unique NetBIOS Names:
- MACHINENAME<00> = Server Service is running on MACHINENAME
- MACHINENAME<03> = Generic Machine Name (NetBIOS name)
- MACHINENAME<20> = LanMan Server service is running on MACHINENAME
- WORKGROUP<1b> = Domain Master Browser
+ MACHINENAME<00> = Server Service is running on MACHINENAME
+ MACHINENAME<03> = Generic Machine Name (NetBIOS name)
+ MACHINENAME<20> = LanMan Server service is running on MACHINENAME
+ WORKGROUP<1b> = Domain Master Browser
Group Names:
- WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
- WORKGROUP<1c> = Domain Controllers / Netlogon Servers
- WORKGROUP<1d> = Local Master Browsers
- WORKGROUP<1e> = Internet Name Resolvers
+ WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
+ WORKGROUP<1c> = Domain Controllers / Netlogon Servers
+ WORKGROUP<1d> = Local Master Browsers
+ WORKGROUP<1e> = Internet Name Resolvers
</programlisting></para>
<para>
wants to locate a domain logon server. It find this service and the IP
address of a server that provides it by performing a lookup (via a
NetBIOS broadcast) for enumeration of all machines that have
-registered the name type *<1c>. A logon request is then sent to each
+registered the name type *<1c>. A logon request is then sent to each
IP address that is returned in the enumerated list of IP addresses. Which
ever machine first replies then ends up providing the logon services.
</para>
steps.
</para>
-<orderedlist numeration="Arabic">
+<orderedlist numeration="arabic">
<listitem><para>
Configuring the Samba PDC
</para></listitem>
<para><programlisting>
[global]
- # <...remainder of parameters...>
+ # <...remainder of parameters...>
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
</programlisting></para>
</para>
<para>
- A 'machine name' in (typically) <filename>/etc/passwd</>
+ A 'machine name' in (typically) <filename>/etc/passwd</filename>
of the machine name with a '$' appended. FreeBSD (and other BSD
systems?) won't create a user with a '$' in their name.
</para>
<para>
The problem is only in the program used to make the entry, once
made, it works perfectly. So create a user without the '$' and
- use <command>vipw</> to edit the entry, adding the '$'. Or create
+ use <command>vipw</command> to edit the entry, adding the '$'. Or create
the whole entry with vipw if you like, make sure you use a
unique User ID !
</para>
Policy Editor can be installed on an NT Workstation/Server, it will not
work with NT policies because the registry key that are set by the policy templates.
However, the files from the NT Server will run happily enough on an NTws.
- You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient
- to put the two *.adm files in <filename>c:\winnt\inf</> which is where
+ You need <filename>poledit.exe, common.adm</filename> and <filename>winnt.adm</filename>. It is convenient
+ to put the two *.adm files in <filename>c:\winnt\inf</filename> which is where
the binary will look for them unless told otherwise. Note also that that
directory is 'hidden'.
</para>
<listitem><para>See how Scott Merrill simulates a BDC behavior at
<ulink url="http://www.skippy.net/linux/smb-howto.html">
- http://www.skippy.net/linux/smb-howto.html</>. </para></listitem>
+ http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem>
<listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will
keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba">
<para>
There are a number of Samba related mailing lists. Go to <ulink
url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror
- and then click on <command>Support</> and then click on <command>
- Samba related mailing lists</>.
+ and then click on <command>Support</command> and then click on <command>
+ Samba related mailing lists</command>.
</para>
<para>
<para>To have your name removed from a samba mailing list, go to the
same place you went to to get on it. Go to <ulink
url="http://lists.samba.org/">http://lists.samba.org</ulink>,
- click on your nearest mirror and then click on <command>Support</> and
- then click on <command> Samba related mailing lists</>. Or perhaps see
+ click on your nearest mirror and then click on <command>Support</command> and
+ then click on <command> Samba related mailing lists</command>. Or perhaps see
<ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink>
</para>
<listitem>
<para>
The client broadcasts (to the IP broadcast address of the subnet it is in)
- a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the
+ a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the
NetBIOS layer. The client chooses the first response it receives, which
contains the NetBIOS name of the logon server to use in the format of
\\SERVER.
<sect1>
<title>
-DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
+DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
</title>
<warning>
<author>
<firstname>Shirish</firstname><surname>Kalele</surname>
<affiliation>
- <orgname>Samba Team & Veritas Software</orgname>
+ <orgname>Samba Team & Veritas Software</orgname>
<address>
<email>samba@samba.org</email>
</address>
echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP
echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP
-touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
-chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
+touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
+chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
mkdir /var/spool/lpd/$2
chmod 700 /var/spool/lpd/$2
/usr/bin/id -p >/tmp/tmp.print
# we run the command and save the error messages
# replace the command with the one appropriate for your system
- /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print
+ /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print
</programlisting></para>
<para>
<chapterinfo>
+ <authorgroup>
<author>
<firstname>Tim</firstname><surname>Potter</surname>
<affiliation>
</affiliation>
</author>
<author>
- <firstname>Andrew</firstname><surname>Trigdell</surname>
+ <firstname>Andrew</firstname><surname>Tridgell</surname>
<affiliation>
<orgname>Samba Team</orgname>
<address><email>tridge@linuxcare.com.au</email></address>
<address><email>jelmer@nl.linux.org</email></address>
</affiliation>
</author>
+ </authorgroup>
<pubdate>27 June 2002</pubdate>
</chapterinfo>
<para><programlisting>
[global]
- <...>
+ <...>
# separate domain and username with '+', like DOMAIN+username
<ulink url="winbindd.8.html#WINBINDSEPARATOR">winbind separator</ulink> = +
# use uids from 10000 to 20000 for domain users
daemon /usr/local/samba/bin/winbindd
RETVAL3=$?
echo
- [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \
+ [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \
RETVAL=1
return $RETVAL
}
echo -n $"Shutting down $KIND services: "
killproc winbindd
RETVAL3=$?
- [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb
+ [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb
echo ""
return $RETVAL
}
pid=`/usr/bin/ps -e |
/usr/bin/grep -w $1 |
/usr/bin/sed -e 's/^ *//' -e 's/ .*//'`
- [ "$pid" != "" ] && kill $pid
+ [ "$pid" != "" ] && kill $pid
}
# Start/stop processes required for samba server
</para>
<para>
-Now restart your Samba & try connecting through your application that you
+Now restart your Samba and try connecting through your application that you
configured in the pam.conf.
</para>