<para>
Set the ownership to whatever public user and group you want
<screen>
-&prompt;find `directory_name' -type d -exec chown user.group {}\;
+&prompt;find `directory_name' -type d -exec chown user:group {}\;
&prompt;find `directory_name' -type d -exec chmod 1775 {}\;
&prompt;find `directory_name' -type f -exec chmod 0775 {}\;
-&prompt;find `directory_name' -type f -exec chown user.group {}\;
+&prompt;find `directory_name' -type f -exec chown user:group {}\;
</screen>
</para>
<para>
Directory is <replaceable>/foodbar</replaceable>:
<screen>
-&prompt;<userinput>chown jack.engr /foodbar</userinput>
+&prompt;<userinput>chown jack:engr /foodbar</userinput>
</screen>
</para>
#!/bin/bash
IFS="-"
-RESULT=$(smbstatus -S -u $1 2> /dev/null | awk 'NF > 6 {print $1}' | sort | uniq -d)
+RESULT=$(smbstatus -S -u $1 2> /dev/null | awk 'NF \
+ > 6 {print $1}' | sort | uniq -d)
if [ "X${RESULT}" == X ]; then
exit 0
</para>
<para>
-From CUPS 1.1.16 onward, you can use the CUPS PostScript driver for Windows NT/200x/XP
+From CUPS 1.1.16 and later releases, you can use the CUPS PostScript driver for Windows NT/200x/XP
clients (which is tagged in the download area of <filename>http://www.cups.org/</filename> as the
<filename>cups-samba-1.1.16.tar.gz</filename> package). It does <emphasis>not</emphasis> work for Windows
9x/Me clients, but it guarantees:
<figure id="cups2">
<title>Filtering Chain with cupsomatic</title>
- <imagefile>cups2</imagefile>
+ <imagefile scale="70">cups2</imagefile>
</figure>
</sect1>
message while PPD file is present. What might the problem be?
</para>
- <para>Have you enabled printer sharing on CUPS? This means,
- do you have a <parameter><Location
- /printers>....</Location></parameter> section in CUPS
- server's <filename>cupsd.conf</filename> that does not deny access to
- the host you run <quote>cupsaddsmb</quote> from? It <emphasis>could</emphasis> be
- an issue if you use cupsaddsmb remotely, or if you use it with a
- <option>-h</option> parameter: <userinput>cupsaddsmb -H
- sambaserver -h cupsserver -v printername</userinput>.
+ <para>
+ Have you enabled printer sharing on CUPS? This means, do you have a <literal><Location
+ /printers>....</Location></literal> section in CUPS server's <filename>cupsd.conf</filename> that
+ does not deny access to the host you run <quote>cupsaddsmb</quote> from? It <emphasis>could</emphasis> be an
+ issue if you use cupsaddsmb remotely, or if you use it with a <option>-h</option> parameter:
+ <userinput>cupsaddsmb -H sambaserver -h cupsserver -v printername</userinput>.
</para>
<para>Is your <parameter>TempDir</parameter> directive in
<figure id="a_small">
<title>CUPS Printing Overview.</title>
- <imagefile>a_small</imagefile>
+ <imagefile scale="60">a_small</imagefile>
</figure>
</sect1>
that is normally used to create new UNIX accounts. The following is an example for
a Linux-based Samba server:
<screen>
-&rootprompt;<userinput>/usr/sbin/useradd -g machines -d /var/lib/nobody -c <replaceable>"machine nickname"</replaceable> \
+&rootprompt;<userinput>/usr/sbin/useradd -g machines -d /var/lib/nobody \
+ -c <replaceable>"machine nickname"</replaceable> \
-s /bin/false <replaceable>machine_name</replaceable>$ </userinput>
&rootprompt;<userinput>passwd -l <replaceable>machine_name</replaceable>$</userinput>
</para>
<para>
-Further information about these tools may be obtained from the following locations:
-</para>
-
-<para>
-<simplelist>
-<member><ulink noescape="1" url="http://support.microsoft.com/default.aspx?scid=kb;en-us;173673">Knowledge
-Base article 173673</ulink></member>
-<member><ulink noescape="1" url="http://support.microsoft.com/default.aspx?scid=kb;en-us;172540">Knowledge
-Base article 172540</ulink></member>
-</simplelist>
+Further information about these tools may be obtained from Knowledge Base articles
+<ulink url="http://support.microsoft.com/default.aspx?scid=kb;en-us;173673">173673</ulink>, and
+<ulink url="http://support.microsoft.com/default.aspx?scid=kb;en-us;172540">172540</ulink>
</para>
<para>
<para>
<indexterm><primary></primary></indexterm>
- Joining a Samba client to a domain is documented in the next section<link linkend="domain-member-server"></link>.
+ Joining a Samba client to a domain is documented in <link linkend="domain-member-server">the next section</link>.
</para>
</sect3>
</sect2>
<sect2>
- <title>Adding <emphasis>Domain Users</emphasis> to the <literal>Power Users</literal> Group</title>
+ <title>Adding Domain Users to the Workstation Power Users Group</title>
<para><quote>
What must I do to add domain users to the Power Users group?
<para>
<indexterm><primary>SessionSetupAndX</primary></indexterm>
<indexterm><primary>/etc/passwd</primary></indexterm>
- For example, if an incoming SessionSetupAndX request is owned by the user
- <constant>BERYLIUM\WambatW</constant>, a system call will be made to look up
- the user <constant>WambatW</constant> in the <filename>/etc/passwd</filename>
- file.
+ For example, when the user <literal>BERYLIUM\WambatW</literal> tries to open a
+ connection to a Samba server the incoming SessionSetupAndX request will make a
+ system call to look up the user <literal>WambatW</literal> in the
+ <filename>/etc/passwd</filename> file.
</para>
<para>
<para>
<indexterm><primary>RID base</primary></indexterm>
For example, if a user has a UID of 4321, and the algorithmic RID base has a value of 1000, the RID will
- be <constant>1000 + (2 x 4321) = 9642</constant>. Thus, if the domain SID is
- <constant>S-1-5-21-89238497-92787123-12341112</constant>, the resulting SID is
- <constant>S-1-5-21-89238497-92787123-12341112-9642</constant>.
+ be <literal>1000 + (2 x 4321) = 9642</literal>. Thus, if the domain SID is
+ <literal>S-1-5-21-89238497-92787123-12341112</literal>, the resulting SID is
+ <literal>S-1-5-21-89238497-92787123-12341112-9642</literal>.
</para>
<para>
<para>
<emphasis>Browsing from a machine in a trusted Windows 200x domain to a Windows 200x member of
a trusting Samba domain, I get the following error:</emphasis>
-</para>
-
<screen>
-The system detected a possible attempt to compromise security. Please ensure that
-you can contact the server that authenticated you.
+The system detected a possible attempt to compromise security. Please
+ensure that you can contact the server that authenticated you.
</screen>
+</para>
<para>
<emphasis>The event logs on the box I'm trying to connect to have entries regarding group
<term>_ldap._tcp.<emphasis>Site</emphasis>.gc._msdcs.<emphasis>DomainTree</emphasis></term>
<listitem>
<para>
- Used by MS Windows clients to locate site configuration-dependent global catalog server.
+ Used by Microsoft Windows clients to locate the site configuration-dependent global catalog server.
</para>
</listitem>
</varlistentry>
<figure id="domain-example">
<title>An Example Domain.</title>
- <imagefile scale="50">domain</imagefile>
+ <imagefile scale="40">domain</imagefile>
</figure>
<para>
<para>
<indexterm><primary>MySQL-based SAM</primary></indexterm>
<indexterm><primary>database backend</primary></indexterm>
+<indexterm><primary>mysqlsam</primary></indexterm>
It is expected that the MySQL-based SAM will be very popular in some corners.
This database backend will be of considerable interest to sites that want to
leverage existing MySQL technology.
<para>
<indexterm><primary>PostgreSQL database</primary></indexterm>
<indexterm><primary>mysqlsam</primary></indexterm>
- Stores user information in a PostgreSQL database. This backend is largely undocumented at
+ Makes use of a PostgreSQL database to store account information. This backend is largely undocumented at
the moment, though its configuration is very similar to that of the mysqlsam backend.
</para>
</listitem>
</para>
<para>
-You can easily verify which settings were implicitly added by Samba's
-default behavior. <emphasis>Remember: it may
-be important in your future dealings with Samba.</emphasis>
+You can easily verify which settings were implicitly added by Samba's default behavior. <emphasis>Remember: it
+may be important in your future dealings with Samba.</emphasis>
</para>
<note><para>
</para>
<example id="prtdollar">
-<title>[print\$] Example</title>
+<title>[print$] Example</title>
<smbconfblock>
<smbconfsection name="[global]"/>
<smbconfcomment>members of the ntadmin group should be able to add drivers and set</smbconfcomment>
<smbconfcomment>printer properties. root is implicitly always a 'printer admin'.</smbconfcomment>
<smbconfoption name="printer admin">@ntadmin</smbconfoption>
+<smbconfcomment>...</smbconfcomment>
+
<smbconfsection name="[printers]"/>
+<smbconfcomment>...</smbconfcomment>
+
<smbconfsection name="[print$]"/>
<smbconfoption name="comment">Printer Driver Download Area</smbconfoption>
<smbconfoption name="path">/etc/samba/drivers</smbconfoption>
</sect2>
<sect2>
-<title>[print$] Section Parameters</title>
+<title>[print$] Stanza Parameters</title>
<para>
<indexterm><primary>special section</primary></indexterm>
+<indexterm><primary>special stanza</primary></indexterm>
<indexterm><primary>potential printer</primary></indexterm>
<indexterm><primary>driver download</primary></indexterm>
<indexterm><primary>local print driver</primary></indexterm>
<varlistentry><term><smbconfoption name="browseable">no </smbconfoption></term>
<listitem><para>
Makes the <smbconfsection name="[print$]"/> share invisible to clients from the
- <guimenu>Network Neighborhood</guimenu>. However, you can still mount it from any client
- using the <command>net use g:\\sambaserver\print$</command> command in a DOS box or the
+ <guimenu>Network Neighborhood</guimenu>. By excuting from a <command>cmd</command> shell:
+<screen>
+&dosprompt; <command>net use g:\\sambaserver\print$</command>
+</screen>
+ you can still mount it from any client. This can also be done from the
<guimenu>Connect network drive menu></guimenu> from Windows Explorer.
</para></listitem>
</varlistentry>
authenticate against Samba. Samba does not know the UNIX password. Root access to Samba resources
requires that a Samba account for root must first be created. This is done with the <command>smbpasswd</command>
command as follows:
-</para>
-
-<para><screen>
+<screen>
&rootprompt; smbpasswd -a root
New SMB password: secret
Retype new SMB password: secret
-</screen></para>
+</screen>
+</para>
</sect2>
<para>
Do not use the existing UNIX print system spool directory for the Samba spool directory. It may seem
-convenient and a savings of space, but it only leads to problems. The two must be separate.
+convenient and a savings of space, but it only leads to problems. The two must be separate. The UNIX/Linux
+system print spool directory (e.g., <filename>/var/spool/cups</filename>) is typically owned by a
+non-privileged user such as <literal>cups</literal> or <literal>lp</literal>. Additionally. the permissions on
+the spool directory are typically restrictive to the owner and/or group. On the other hand, the Samba
+spool directory must be world writable, and should have the 't' bit set to ensure that only a temporary
+spool file owner can change or delete the file.
+</para>
+
+<para>
+Depending on the type of print spooling system in use on the UNIX/Linux host, files that the spool
+management application finds and that are not currently part of job queue that it is managing can be deleted.
+This may explain the observation that jobs are spooled (by Samba) into this directory and just disappear.
</para>
</sect2>
</sect3>
<sect3>
-<title>Mixed Windows 9x/Me and Windows NT4/200x User Profiles</title>
+<title>Mixed Windows Windows 9x/Me and NT4/200x User Profiles</title>
<para>
You can support profiles for Windows 9x and Windows NT clients by setting both the
<indexterm><primary>mkdir</primary></indexterm>
<indexterm><primary>permissions</primary></indexterm>
<indexterm><primary>chmod</primary></indexterm>
- Now we need to prepare the directory with something like <command>mkdir -p /data/shadow_share</command> or
- whatever you want to name your shadow copy enabled Samba share. Make sure you set the permissions such that
+ Now we need to prepare the directory with something like
+<screen>
+&rootprompt; mkdir -p /data/shadow_share
+</screen>
+ or whatever you want to name your shadow copy enabled Samba share. Make sure you set the permissions such that
you can use it. If in doubt, use <command>chmod 777 /data/shadow_share</command> and tighten the permissions
once you get things working.
</para></listitem>
lvcreate -L10M -s -n $SNAPNAME /dev/shadowvol/sh_test
xfs_freeze -u /data/shadow_share/
mkdir /data/shadow_share/@GMT-$SNAPNAME
-mount /dev/shadowvol/$SNAPNAME /data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
+mount /dev/shadowvol/$SNAPNAME \
+ /data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
</screen>
Note that the script does not handle other things like remounting snapshots on reboot.
</para></listitem>
<address><email>jtrostel@snapserver.com</email></address>
</affiliation>
</author>
-
&author.jelmer;
&author.jht;
<pubdate>June 15, 2005</pubdate>