summaryrefslogtreecommitdiffstats
path: root/docs/faq/Samba-meta-FAQ.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/faq/Samba-meta-FAQ.txt')
-rw-r--r--docs/faq/Samba-meta-FAQ.txt433
1 files changed, 319 insertions, 114 deletions
diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt
index 967dceac8de..4fb1ed65442 100644
--- a/docs/faq/Samba-meta-FAQ.txt
+++ b/docs/faq/Samba-meta-FAQ.txt
@@ -43,7 +43,7 @@
2.11. Pizza supply details
- 3. About CIFS and SMB
+ 3. About the CIFS and SMB Protocols
3.1. What is the Server Message Block (SMB) Protocol?
@@ -53,7 +53,7 @@
4. Designing A SMB and CIFS Network
- 4.1. Workgroups, Browsing Domains and Authentication Domains
+ 4.1. Workgroups, Domains, Authentication and Browsing
4.1.1. Defining the Terms
@@ -63,19 +63,16 @@
4.2. Authentication Schemes
- 4.2.1. Workgroup Mode Services
- 4.2.2. Windows NT-Style Domain
+ 4.2.1. NIS
- 4.2.3. NIS
+ 4.2.2. Kerberos
- 4.2.4. Kerberos
+ 4.2.3. FTP
- 4.2.5. FTP
+ 4.2.4. Default Server Method
- 4.2.6. Default Server Method
-
- 4.2.7. Client-side Database Only
+ 4.2.5. Client-side Database Only
4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles
@@ -88,47 +85,87 @@
11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn
+
We are endeavouring to provide links here to every major class of
information about Samba or things related to Samba. We cannot list
every document, but we are aiming for all documents to be at most two
referrals from those listed here. This needs constant maintaining, so
please send the author your feedback.
+
11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt
+
You know you should read the documentation but can't wait to start?
What you need to do then is follow the instructions in the following
- documents, in order. This should be enough to get a _s_i_m_p_l_e site going
- quickly. If you have any problems at all, refer back to this section
- and do some more reading.
-
- 1. Getting Samba: ``Download Instructions''
-
- 2. Installing Samba: making sure the binaries are in place and work.
- At the moment there are two kinds of Samba server installs: Unix or
- close relative <INSTALL.txt> and Others <Samba-Server-
- FAQ.html#PortInfo>. Do not forget to
-
- 3. Debug sequence: If you think you have completed the previous step
- and things aren't working properly work through the diagnosis
- recipe. <DIAGNOSIS.txt>
-
- 4. Exporting files to SMB clients: You should read the manual pages
- for smb.conf, but here is a quick answer guide. <Samba-Server-
- FAQ.html#Exporting>
-
- 5. Controlling user access: the quickest and dirtiest way of sharing
- resources is to use ``share level security.'' If you want to spend
- more time and have a proper username and password database you must
- read the paragraph on ``domain mode security.'' If you want
- encryption (eg you are using Windows NT clients) follow the SMB
- encryption instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps>
- 6. Browsing: if you are happy to type in "\samba-serverrename" at the
- client end then do not read any further. Otherwise you need to
- understand the ``browsing terminoligy'' and read <BROWSING.txt>.
-
- 7. Printing: See the printing quick answer guide. <Samba-Server-
- FAQ.html#Printing>
+ documents in the order given. This should be enough to get a fairly
+ simple site going quickly. If you have any problems, refer back to
+ this meta-FAQ and follow the links to find more reading material.
+
+
+
+ GGeettttiinngg SSaammbbaa::
+ The fastest way to get Samba going is and install it is to have
+ an operating system for which the Samba team has put together an
+ installation package. To see if your OS is included have a look
+ at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your
+ nearest mirror site <../MIRRORS>. If it is included follow the
+ installation instructions in the README file there and then do
+ some ``basic testing''. If you are not so fortunate, follow the
+ normal ``download instructions'' and then continue with
+ ``building and installing Samba''.
+
+
+ BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa::
+ At the moment there are two kinds of Samba server installs
+ besides the prepackaged binaries mentioned in the previous step.
+ You need to decide if you have a Unix or close relative
+ <../UNIX_INSTALL.txt> or other supported operating system
+ <Samba-Server-FAQ.html#PortInfo>.
+
+
+ BBaassiicc TTeessttiinngg::
+ Try to connect using the supplied smbclient command-line
+ program. You need to know the IP hostname of your server. A
+ service name must be defined in smb.conf, as given in the
+ examples (under many operating systems if there is a homes
+ service you can just use a valid username.) Then type smbclient
+ \hostnamevicename Under most Unixes you will need to put the
+ parameters within quotation marks. If this works, try connecting
+ from one of the SMB clients you were planning to use with Samba.
+
+
+ DDeebbuugg sseeqquueennccee::
+ If you think you have completed the previous step and things
+ aren't working properly work through the diagnosis recipe.
+ <../DIAGNOSIS.txt>
+
+
+ EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss::
+ You should read the manual pages for smb.conf, but here is a
+ quick answer guide. <Samba-Server-FAQ.html#Exporting>
+
+
+ CCoonnttrroolllliinngg uusseerr aacccceessss::
+ the quickest and dirtiest way of sharing resources is to use
+ ``share level security.'' If you want to spend more time and
+ have a proper username and password database you must read the
+ paragraph on ``domain mode security.'' If you want encryption
+ (eg you are using Windows NT clients) follow the SMB encryption
+ instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps>
+
+
+ BBrroowwssiinngg::
+ if you are happy to type in "\samba-serverrename" at the client
+ end then do not read any further. Otherwise you need to
+ understand the ``browsing terminology'' and read <Samba-Server-
+ FAQ.html#NameBrowsing>.
+
+
+ PPrriinnttiinngg::
+ See the printing quick answer guide. <Samba-Server-
+ FAQ.html#Printing>
+
If you have got everything working to this point, you can expect Samba
to be stable and secure: these are its greatest strengths. However
@@ -138,8 +175,11 @@
so on are all covered either in this document or in those it refers
to.
+
11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn
+
+
+o Meta-FAQ. This is the mother of all documents, and is the one you
are reading now. The latest version is always at
<http://samba.anu.edu.au/[.....]> but there is probably a much
@@ -151,27 +191,31 @@
from...)
+o <Samba-Client-FAQ.html> is the best starting point for information
- about client-side issues, includes a list of all clients that work
- with Samba.
+ about client-side issues, includes a list of all clients that are
+ known to work with Samba.
- +o <samba-man-index.html> contains descriptions of and links to all
- the Samba manual pages, in Unix man and postscript format.
+ +o manual pages <samba-man-index.html> contains descriptions of and
+ links to all the Samba manual pages, in Unix man and postscript
+ format.
+o <samba-txt-index.html> has descriptions of and links to a large
number of text files have been contributed to samba covering many
- topics. These are gradually being absorbed into the FAQs and HOWTOS
+ topics. These are gradually being absorbed into the FAQs and HOWTOs
but in the meantime you might find helpful answers here.
+o
+
22.. GGeenneerraall IInnffoorrmmaattiioonn
+
All about Samba - what it is, how to get it, related sources of
- information, how to understand the version numbering scheme, pizza
- details
+ information, how to understand the numbering scheme, pizza details.
+
22..11.. WWhhaatt iiss SSaammbbaa??
+
Samba is a suite of programs which work together to allow clients to
access to a server's filespace and printers via the SMB (Server
Message Block) and CIFS (Common Internet Filesystem) protocols.
@@ -181,6 +225,7 @@
behave much like a LAN Server, Windows NT Server or Pathworks machine,
only with added functionality and flexibility designed to make life
easier for administrators.
+
This means that using Samba you can share a server's disks and
printers to many sorts of network clients, including Lan Manager,
Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is
@@ -188,6 +233,10 @@
which gives a user on the server an ftp-like interface to access
filespace and printers on any other SMB/CIFS servers.
+ SMB has been implemented over many protocols, including XNS, NBT, IPX,
+ NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to
+ change although there have been some requests for NetBEUI support.
+
Many users report that compared to other SMB implementations Samba is
more stable, faster, and compatible with more clients. Administrators
of some large installations say that Samba is the only SMB server
@@ -206,16 +255,19 @@
versions incorporate much effort by many net.helpers. The man pages
and this FAQ were originally written by Karl Auer.
+
22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa??
+
At time of writing, the current version was 1.9.17. If you want to be
sure check the bottom of the change-log file.
<ftp://samba.anu.edu.au/pub/samba/alpha/change-log>
-
For more information see ``What do the version numbers mean?''
+
22..33.. WWhheerree ccaann II ggeett iitt??
+
The Samba suite is available via anonymous ftp from samba.anu.edu.au
and many mirror <../MIRRORS> sites. You will get much faster
performance if you use a mirror site. The latest and greatest versions
@@ -235,8 +287,18 @@
binaries for that platform. The VMS, OS/2, Netware and Amiga and other
ports typically have binaries made available.
+ A special case is vendor-provided binary packages. Samba binaries and
+ default configuration files are put into packages for a specific
+ operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
+ already included, and others such as OS/2 may follow. All packages are
+ in the directory:
+
+ /pub/samba/Binary_Packages/"OS_Vendor"
+
+
22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann??
+
It is not recommended that you run a version of Samba with the word
"alpha" in its name unless you know what you are doing and are willing
to do some debugging. Many, many people just get the latest
@@ -248,6 +310,7 @@
How the scheme works:
+
1. When major changes are made the version number is increased. For
example, the transition from 1.9.16 to 1.9.17. However, this
version number will not appear immediately and people should
@@ -269,6 +332,7 @@
So the progression goes:
+
1.9.16p10 (production)
1.9.16p11 (production)
1.9.17alpha1 (test sites only)
@@ -277,24 +341,30 @@
1.9.17 (production)
1.9.17p1 (production)
+
+
The above system means that whenever someone looks at the samba ftp
site they will be able to grab the highest numbered release without an
alpha in the name and be sure of getting the current recommended
version.
+
22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn??
+
There are a number of places to look for more information on Samba,
including:
+
+o Two mailing lists devoted to discussion of Samba-related matters.
See below for subscription information.
+o The newsgroup comp.protocols.smb, which has a great deal of
discussion about Samba.
- +o The WWW site 'SAMBA Web Pages' at
- <http://samba.canberra.edu.au/pub/samba/samba.html> includes:
+ +o The WWW site 'SAMBA Web Pages' at <http://samba.anu.edu.au/samba/>
+ includes:
+
+o Links to man pages and documentation, including this FAQ
@@ -306,14 +376,22 @@
+o This FAQ and the rest in its family
+
+
22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss??
+
Send email to listproc@samba.anu.edu.au. Make sure the subject line is
blank, and include the following two lines in the body of the message:
+
+
subscribe samba Firstname Lastname
subscribe samba-announce Firstname Lastname
+
+
+
Obviously you should substitute YOUR first name for "Firstname" and
YOUR last name for "Lastname"! Try not to send any signature, it
sometimes confuses the list processor.
@@ -327,20 +405,29 @@
listproc@samba.anu.edu.au. Make sure the subject line is blank, and
include the following two lines in the body of the message:
+
+
unsubscribe samba
unsubscribe samba-announce
+
+
+
The FFrroomm:: line in your message _M_U_S_T be the same address you used when
you subscribed.
+
22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo??
+
## ****** IIMMPPOORRTTAANNTT!! ****** ##
+
DO NOT post messages on mailing lists or in newsgroups until you have
carried out the first three steps given here!
- 1. See if there are any likely looking entries in this FAQ! If you
+
+ 1. See if there are any likely looking entries in this FAQ! If you
have just installed Samba, have you run through the checklist in
DIAGNOSIS.txt <ftp://samba.anu.edu.au/pub/samba/DIAGNOSIS.txt>? It
can save you a lot of time and effort. DIAGNOSIS.txt can also be
@@ -370,8 +457,12 @@
succinct description of the symptom, the problem and the solution, so
that an explanation can be incorporated into the next version.
+
+
+
22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss??
+
If you make changes to the source code, _p_l_e_a_s_e submit these patches so
that everyone else gets the benefit of your work. This is one of the
most important aspects to the maintainence of Samba. Send all patches
@@ -412,6 +503,7 @@
Some extras :
+
+o what you did and what happened
+o relevant parts of a debugging output file with debuglevel higher.
@@ -420,8 +512,10 @@
+o anything else you think is useful to trace down the bug
+
22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss??
+
If you have spotted something very serious and believe that it is
important to contact the developers quickly send a message to samba-
urgent@samba.anu.edu.au. This will be processed more quickly than mail
@@ -434,21 +528,25 @@
22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt??
+
Samba has a large network of consultants who provide Samba support on
a commercial basis. The list is included in the package in
- Support.txt, and the latest version will always be on the main samba
- ftp site. Any company in the world can request that the samba team
- include their details in Support.txt so we can give no guarantee of
- their services.
+ <../Support.txt>, and the latest version will always be on the main
+ samba ftp site. Any company in the world can request that the samba
+ team include their details in Support.txt so we can give no guarantee
+ of their services.
+
22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss
+
Those who have registered in the Samba survey as "Pizza Factory" will
already know this, but the rest may need some help. Andrew doesn't ask
for payment, but he does appreciate it when people give him pizza.
This calls for a little organisation when the pizza donor is twenty
thousand kilometres away, but it has been done.
+
1. Ring up your local branch of an international pizza chain and see
if they honour their vouchers internationally. Pizza Hut do, which
is how the entire Canberra Linux Users Group got to eat pizza one
@@ -468,7 +566,10 @@
will probably get stuck in customs or torn apart by hungry sniffer
dogs but it will have been a noble gesture.
- 33.. AAbboouutt CCIIFFSS aanndd SSMMBB
+
+ 33.. AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss
+
+
33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll??
@@ -493,6 +594,7 @@
implement more and more of these protocols. Samba began to take a
significant share of the SMB server market.
+
33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))??
The initial pressure for Microsoft to document their current SMB
@@ -516,6 +618,7 @@
The following is taken from <http://www.microsoft.com/intdev/cifs/>
+
CIFS defines a standard remote file system access protocol for use
over the Internet, enabling groups of users to work together and
share documents across the Internet or within their corporate
@@ -526,6 +629,8 @@
users can open and share remote files on the Internet without having
to install new software or change the way they work."
+
+
If you consider CIFS as a backwardsly-compatible refinement of SMB
that will work reasonably efficiently over the Internet you won't be
too far wrong.
@@ -537,6 +642,7 @@
reason why a site shouldn't conduct all its file and printer sharing
with CIFS and yet have no Microsoft products at all.
+
33..33.. WWhhaatt iiss BBrroowwssiinngg??
The term "Browsing" causes a lot of confusion. It is the part of the
@@ -549,11 +655,16 @@
subject for debate. Look at the CIFS list archives to see what the
experts think.
+
+
+
44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk
+
The big issues for installing any network of LAN or WAN file and print
servers are
+
+o How and where usernames, passwords and other security information
is stored
@@ -562,6 +673,7 @@
+o What protocols the clients can converse with
+
If you buy Netware, Windows NT or just about any other LAN fileserver
product you are expected to lock yourself into the product's preferred
answers to these questions. This tendancy is restrictive and often
@@ -573,65 +685,103 @@
administators, which means allowing as many combinations of clients,
servers, operating systems and protocols as possible.
- 44..11.. WWoorrkkggrroouuppss,, BBrroowwssiinngg DDoommaaiinnss aanndd AAuutthheennttiiccaattiioonn DDoommaaiinnss
- The concepts of a Workgroup and a Domain are fundamental to SMB
- networking. Although Microsoft integrates Workgroups and Domains
- tightly with their authentication procedures there is no reason why
- this has to be so in an SMB network. Groups of SMB machines can work
- together just as well with Unix or OS/2 Samba servers as they can with
- Windows NT servers, even though the password storage and access
- methods are totally different.
+ 44..11.. WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg
+
+
+ From the point of view of networking implementation, Domains and
+ Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence.
+ Some kind of distributed authentication database is associated with a
+ domain (there are quite a few choices) and this adds so much
+ flexibility that many people think of a domain as a completely
+ different entity to a workgroup. From Samba's point of view a client
+ connecting to a service presents an authentication token, and it if it
+ is valid they have access. Samba does not care what mechanism was used
+ to generate that token in the first place.
+
+ The SMB client logging on to a domain has an expectation that every
+ other server in the domain should accept the same authentication
+ information. However the network browsing functionality of domains
+ and workgroups is identical and is explained in <../BROWSING.txt>.
+
+ There are some implementation differences: Windows 95 can be a member
+ of both a workgroup and a domain, but Windows NT cannot. Windows 95
+ also has the concept of an "alternative workgroup". Samba can only be
+ a member of a single workgroup or domain, although this is due to
+ change with a future version when nmbd will be split into two daemons,
+ one for WINS and the other for browsing ( <../NetBIOS.txt> explains
+ what WINS is.)
+
44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss
- A Workgroup (or Browsing Domain) is collection of machines that
- maintain a common database contianing information about their shared
- resources. They do not necessarily have any security information in
- common. The database is dynamic, modified as servers come and go on
- the network and as resources are added or deleted. The term "browsing"
- refers to a user accessing the database via whatever interface the
- client provides. SMB servers agree between themselves as to which ones
- will maintain the browsing database. Workgroups can be anywhere on a
- connected TCP/IP network, including on different subnets or anywhere
- on the Interet. This is a very tricky part of SMB to implement.
- Due to the convoluted history of SMB there is now conflicting
- terminology describing Domains and Workgroups. "Domain" is used in the
- browsing specifications to define that group of servers and clients
- who share a common name and a common browsing database. The following
- are used exclusively in the context of Workgroup browsing:
- +o Domain Master Browser
- +o Local Master Browser
+ WWoorrkkggrroouupp
+ means a collection of machines that maintain a common browsing
+ database containing information about their shared resources.
+ They do not necessarily have any security information in common
+ (if they do, it gets called a Domain.) The browsing database is
+ dynamic, modified as servers come and go on the network and as
+ resources are added or deleted. The term "browsing" refers to a
+ user accessing the database via whatever interface the client
+ provides, eg the OS/2 Workplace Shell or Windows 95 Explorer.
+ SMB servers agree between themselves as to which ones will
+ maintain the browsing database. Workgroups can be anywhere on a
+ connected TCP/IP network, including on different subnets or even
+ on the Interet. This is a very tricky part of SMB to implement.
+
- Alternative terms include confusing variations such as "Browse
- Master", and "Master Browser" which we are trying to eliminate from
- the Samba documentation. We are moving to the use of "Browsing Domain"
- wherever the word "Domain" occurs in a workgroup context. Ideally
- "Workgroup" would also be replaced by Browsing Domain but it is very
- widely used terminology.
+ MMaasstteerr BBrroowwsseerrss
+ are machines which holds the master browsing database for a
+ workgroup or domain. There are two kinds of Master Browser:
- Unfortunately the group of machines which use the the Microsoft method
- of sharing authentication information (but not any of the many other
- methods) is also called a Domain. As explained elsewhere Microsoft are
- not making this protocol public and The following are used exclusively
- in the context of Microsoft Authentication domains:
- +o Primary Domain Controller
+ +o Domain Master Browser, which holds the master browsing
+ information for an entire domain, which may well cross multiple
+ TCP/IP subnets.
- +o Backup Domain Controller
+ +o Local Master Browser, which holds the master browsing database
+ for a particular subnet and communicates with the Domain Master
+ Browser to get information on other subnets.
+
+ Subnets are differentiated because browsing is based on
+ broadcasts, and broadcasts do not pass through routers. Subnets
+ are not routed: while it is possible to have more than one
+ subnet on a single network segment this is regarded as very bad
+ practice.
+
+ Master Browsers (both Domain and Local) are elected dynamically
+ according to an algorithm which is supposed to take into account
+ the machine's ability to sustain the browsing load. Samba can be
+ configured to always act as a master browser, ie it always wins
+ elections under all circumstances, even against systems such as
+ a Windows NT Primary Domain Controller which themselves expect
+ to win.
+
+ There are also Backup Browsers which are promoted to Master
+ Browsers in the event of a Master Browser disappearing from the
+ network.
+
+ Alternative terms include confusing variations such as "Browse
+ Master", and "Master Browser" which we are trying to eliminate
+ from the Samba documentation.
+
+
+ DDoommaaiinn CCoonnttrroolllleerr
+ is a term which comes from the Microsoft and IBM etc
+ implementation of the LAN Manager protocols. It is tied to
+ authentication. There are other ways of doing domain
+ authentication, but the Windows NT method has a large market
+ share. The general issues are discussed in <../DOMAIN.txt> and
+ a Windows NT-specific discussion is in <../DOMAIN_CONTROL.txt>.
- +o Domain Logon
- These terms can be very confusing, and so in the Samba documentation
- we are moving to the term "Authentication Domain" wherever Domain is
- used in this sense. As a final touch of irony, all Authentication
- Domains are also Browsing Domains.
44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess
+
With the Samba setting "security = SHARE", all shared resources
information about what password is associated with them but only hints
as to what usernames might be valid (the hint can be 'all users', in
@@ -643,16 +793,20 @@
authentication infrastructure present or requiring them to do more
than fill in a dialogue box.
+
44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess
+
With the Samba settings "security = USER" or "security = SERVER"
accesses to all resources are checked for username/password pair
- matches in a more rigorous manner. This has the effect of emulating a
- Microsoft Authentication Domain. Whether or not an Authentication
- Domain is involved depends on how the network has been designed.
+ matches in a more rigorous manner. To the client, this has the effect
+ of emulating a Microsoft Domain. The client is not concerned whether
+ or not Samba looks up a Windows NT SAM or does it in some other way.
+
44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess
+
In the simple case authentication information is stored on a single
server and the user types a password on connecting for the first time.
However client operating systems often require a password before they
@@ -661,7 +815,8 @@
different contexts just does not work. Some kind of distributed
authentication database is needed. It must cope with password changes
and provide for assigning groups of users the same level of access
- permissions.
+ permissions. This is why Samba installations often choose to implement
+ a Domain model straight away.
Authentication decisions are some of the biggest in designing a
network. Are you going to use a scheme native to the client operating
@@ -671,29 +826,49 @@
setups would be appreciated. refer to server FAQ for "passwd chat"
passwd program password server etc etc...
- 44..22..11.. WWoorrkkggrroouupp MMooddee SSeerrvviicceess
- etc etc
+ 44..22..11.. NNIISS
+
+
+ For Windows 95, Windows for Workgroups and most other clients Samba
+ can be a domain controller and share the password database via NIS
+ transparently. Windows NT is different. Free NIS NT client
+ <http://www.dcs.qmw.ac.uk/~williams>
+
+
+ 44..22..22.. KKeerrbbeerrooss
+
+
+ Kerberos for US users only: Kerberos overview
+ <http://www.cygnus.com/product/unifying-security.html> Download
+ Kerberos <http://www.cygnus.com/product/kerbnet-download.html>
+
+
+ 44..22..33.. FFTTPP
- 44..22..22.. WWiinnddoowwss NNTT--SSttyyllee DDoommaaiinn
- Samba compiled with libdes - enabling encrypted passwords security =
- server
+ Other NT w/s logon hack via NT
- 44..22..33.. NNIISS
- 44..22..44.. KKeerrbbeerrooss
+ 44..22..44.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd
- 44..22..55.. FFTTPP
- 44..22..66.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd
- 44..22..77.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy
+
+
+ 44..22..55.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy
+
+
44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess
+
+ See <../DOMAIN.txt>
+
+
55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg
+
Samba is an important tool for...
It is possible to...
@@ -710,10 +885,40 @@
packages, Samba, and Linux (and other UNIX-based systems) see
<http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework
+
+
66.. MMiisscceellllaanneeoouuss
+
66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt??
+
The CIFS protocol that Samba implements negotiates times in various
formats, all of which are able to cope with dates beyond 2000.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
generated by cgit (git 2.34.1) at 2024-06-01 15:22:58 +0000