diff options
Diffstat (limited to 'docs/textdocs')
27 files changed, 0 insertions, 5010 deletions
diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt deleted file mode 100644 index caed027893a..00000000000 --- a/docs/textdocs/Application_Serving.txt +++ /dev/null @@ -1,49 +0,0 @@ -January 7, 1997 -Updated: June 27, 1997 -Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au> -Status: Current - -Subject: Using a Samba share as an administrative share for MS Office, etc. -============================================================================== - -Problem: -======== -Microsoft Office products can be installed as an administrative installation -from which the application can either be run off the administratively installed -product that resides on a shared resource, or from which that product can be -installed onto workstation clients. - -The general mechanism for implementing an adminstrative installation involves -running: - X:\setup /A, where X is the drive letter of either CDROM or floppy - -This installation process will NOT install the product for use per se, but -rather results in unpacking of the compressed distribution files into a target -shared folder. For this process you need write privilidge to the share and it -is desirable to enable file locking and share mode operation during this -process. - -Subsequent installation of MS Office from this share will FAIL unless certain -precautions are taken. This failure will be caused by share mode operation -which will prevent the MS Office installation process from re-opening various -dynamic link library files and will cause sporadic file not found problems. - -Solution: -========= -1. As soon as the administrative installation (unpacking) has completed - set the following parameters on the share containing it: - [MSOP95] - path = /where_you_put_it - comment = Your comment - volume = "The_CD_ROM_Label" - read only = yes - available = yes - share modes = no - locking = no - browseable = yes - public = yes - -2. Now you are ready to run the setup program from the Microsoft Windows -workstation as follows:- - \\"Server_Name"\MSOP95\msoffice\setup - diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt deleted file mode 100644 index 12d3417a294..00000000000 --- a/docs/textdocs/BROWSING.txt +++ /dev/null @@ -1,546 +0,0 @@ -Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.) -Updated: June 29, 1997 -Status: Current - For VERY Advanced Users ONLY - -Summary: This describes how to configure Samba for improved browsing. -===================================================================== - -OVERVIEW: -========= -SMB networking provides a mechanism by which clients can access a list -of machines that are available within the network. This list is called -the browse list and is heavily used by all SMB clients. Configuration -of SMB browsing has been problematic for some Samba users, hence this -document. - -===================================================================== - -BROWSING -======== -Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). - -Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. See -DOMAIN.txt for more information on domain logons. - -Samba can also act as a domain master browser for a workgroup. This -means that it will collate lists from local browse masters into a -wide area network server list. In order for browse clients to -resolve the names they may find in this list, it is recommended that -both samba and your clients use a WINS server - -Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain. - -[Note that nmbd can be configured as a WINS server, but it is not -necessary to specifically use samba as your WINS server. NTAS can -be configured as your WINS server. In a mixed NT server and -samba environment on a Wide Area Network, it is recommended that -you use the NT server's WINS server capabilities. In a samba-only -environment, it is recommended that you use one and only one nmbd -as your WINS server]. - -To get browsing to work you need to run nmbd as usual, but will need -to use the "workgroup" option in smb.conf to control what workgroup -Samba becomes a part of. - -Samba also has a useful option for a Samba server to offer itself for -browsing on another subnet. It is recommended that this option is only -used for 'unusual' purposes: announcements over the internet, for -example. See "remote announce" in the smb.conf man page. - -If something doesn't work then hopefully the log.nmb file will -help you track down the problem. Try a debug level of 2 or 3 for -finding problems. - -Note that if it doesn't work for you, then you should still be able to -type the server name as \\SERVER in filemanager then hit enter and -filemanager should display the list of available shares. - -Some people find browsing fails because they don't have the global -"guest account" set to a valid account. Remember that the IPC$ -connection that lists the shares is done as guest, and thus you must -have a valid guest account. - -Also, a lot of people are getting bitten by the problem of too many -parameters on the command line of nmbd in inetd.conf. This trick is to -not use spaces between the option and the parameter (eg: -d2 instead -of -d 2), and to not use the -B and -N options. New versions of nmbd -are now far more likely to correctly find your broadcast and network -addess, so in most cases these aren't needed. - -The other big problem people have is that their broadcast address, -netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf) - -BROWSING ACROSS SUBNETS -======================= - -With the release of Samba 1.9.17(alpha1 and above) Samba has been -updated to enable it to support the replication of browse lists -across subnet boundaries. New code and options have been added to -achieve this. This section describes how to set this feature up -in different settings. - -To see browse lists that span TCP/IP subnets (ie. networks separated -by routers that don't pass broadcast traffic) you must set up at least -one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing -NetBIOS name to IP address translation to be done by doing a direct -query of the WINS server. This is done via a directed UDP packet on -port 137 to the WINS server machine. The reason for a WINS server is -that by default, all NetBIOS name to IP address translation is done -by broadcasts from the querying machine. This means that machines -on one subnet will not be able to resolve the names of machines on -another subnet without using a WINS server. - -Remember, for browsing across subnets to work correctly, all machines, -be they Windows 95, Windows NT, or Samba servers must have the IP address -of a WINS server given to them by a DHCP server, or by manual configuration -(for Win95 and WinNT, this is in the TCP/IP Properties, under Network -settings) for Samba this is in the smb.conf file. - -How does cross subnet browsing work ? -===================================== - -Cross subnet browsing is a complicated dance, containing multiple -moving parts. It has taken Microsoft several years to get the code -that achieves this correct, and Samba lags behind in some areas. -However, with the 1.9.17 release, Samba is capable of cross subnet -browsing when configured correctly. - -Consider a network set up as follows : - - (DMB) - N1_A N1_B N1_C N1_D N1_E - | | | | | - ------------------------------------------------------- - | subnet 1 | - +---+ +---+ - |R1 | Router 1 Router 2 |R2 | - +---+ +---+ - | | - | subnet 2 subnet 3 | - -------------------------- ------------------------------------ - | | | | | | | | - N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D - (WINS) - -Consisting of 3 subnets (1, 2, 3) conneted by two routers -(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines -on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume -for the moment that all these machines are configured to be in the -same workgroup (for simplicities sake). Machine N1_C on subnet 1 -is configured as Domain Master Browser (ie. it will collate the -browse lists for the workgroup). Machine N2_D is configured as -WINS server and all the other machines are configured to register -their NetBIOS names with it. - -As all these machines are booted up, elections for master browsers -will take place on each of the three subnets. Assume that machine -N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on -subnet 3 - these machines are known as local master browsers for -their particular subnet. N1_C has an advantage in winning as the -local master browser on subnet 1 as it is set up as Domain Master -Browser. - -On each of the three networks, machines that are configured to -offer sharing services will broadcast that they are offering -these services. The local master browser on each subnet will -receive these broadcasts and keep a record of the fact that -the machine is offering a service. This list of records is -the basis of the browse list. For this case, assume that -all the machines are configured to offer services so all machines -will be on the browse list. - -For each network, the local master browser on that network is -considered 'authoritative' for all the names it receives via -local broadcast. This is because a machine seen by the local -master browser via a local broadcast must be on the same -network as the local master browser and thus is a 'trusted' -and 'verifiable' resource. Machines on other networks that -the local master browsers learn about when collating their -browse lists have not been directly seen - these records are -called 'non-authoritative'. - -At this point the browse lists look as follows (these are -the machines you would see in your network neighborhood if -you looked in it on a particular network right now). - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Note that at this point all the subnets are separate, no -machine is seen across any of the subnets. - -Now examine subnet 2. As soon as N2_B has become the local -master browser it looks for a Domain master browser to synchronize -its browse list with. It does this by querying the WINS server -(N2_D) for the IP address associated with the NetBIOS name -WORKGROUP<1B>. This name was registerd by the Domain master -browser (N1_C) with the WINS server as soon as it was booted. - -Once N2_B knows the address of the Domain master browser it -tells it that is the local master browser for subnet 2 by -sending a MasterAnnouncement packet as a UDP port 138 packet. -It then synchronizes with it by doing a NetServerEnum2 call. This -tells the Domain Master Browser to send it all the server -names it knows about. Once the domain master browser receives -the MasterAnnouncement packet it schedules a synchronization -request to the sender of that packet. After both synchronizations -are done the browse lists look like : - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - -Servers with a (*) after them are non-authoritative names. - -At this point users looking in their network neighborhood on -subnets 1 or 2 will see all the servers on both, users on -subnet 3 will still only see the servers on their own subnet. - -The same sequence of events that occured for N2_B now occurs -for the local master browser on subnet 3 (N3_D). When it -synchronizes browse lists with the domain master browser (N1_A) -it gets both the server entries on subnet 1, and those on -subnet 2. After N3_D has synchronized with N1_C and vica-versa -the browse lists look like. - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names. - -At this point users looking in their network neighborhood on -subnets 1 or 3 will see all the servers on all sunbets, users on -subnet 2 will still only see the servers on subnets 1 and 2, but not 3. - -Finally, the local master browser for subnet 2 (N2_B) will sync again -with the domain master browser (N1_C) and will recieve the missing -server entries. Finally - and as a steady state (if no machines -are removed or shut off) the browse lists will look like : - -Subnet Browse Master List ------- ------------- ---- -Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, - N2_A(*), N2_B(*), N2_C(*), N2_D(*), - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet2 N2_B N2_A, N2_B, N2_C, N2_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) - N3_A(*), N3_B(*), N3_C(*), N3_D(*) - -Subnet3 N3_D N3_A, N3_B, N3_C, N3_D - N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), - N2_A(*), N2_B(*), N2_C(*), N2_D(*) - -Servers with a (*) after them are non-authoritative names. - -Synchronizations between the domain master browser and local -master browsers will continue to occur, but this should be a -steady state situation. - -If either router R1 or R2 fails the following will occur: - -1) Names of computers on each side of the inaccessible network fragments -will be maintained for as long as 36 minutes, in the network neighbourhood -lists. - -2) Attempts to connect to these inaccessible computers will fail, but the -names will not be removed from the network neighbourhood lists. - -3) If one of the fragments is cut off from the WINS server, it will only -be able to access servers on its local subnet, by using subnet-isolated -broadcast NetBIOS name resolution. The effects are similar to that of -losing access to a DNS server. - -Setting up a WINS server -======================== - -Either a Samba machine or a Windows NT Server machine may be set up -as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : -in the [globals] section add the line - - wins support = yes - -Versions of Samba previous to 1.9.17 had this parameter default to -yes. If you have any older versions of Samba on your network it is -strongly suggested you upgrade to 1.9.17 or above, or at the very -least set the parameter to 'no' on all these machines. - -Machines with "wins support = yes" will keep a list of all NetBIOS -names registered with them, acting as a DNS for NetBIOS names. - -You should set up only ONE wins server. Do NOT set the -"wins support = yes" option on more than one Samba server. - -To set up a Windows NT Server as a WINS server you need to set up -the WINS service - see your NT documentation for details. Note that -Windows NT WINS Servers can replicate to each other, allowing more -than one to be set up in a complex subnet environment. As Microsoft -refuse to document these replication protocols Samba cannot currently -participate in these replications. It is possible in the future that -a Samba->Samba WINS replication protocol may be defined, in which -case more than one Samba machine could be set up as a WINS server -but currently only one Samba server should have the "wins support = yes" -parameter set. - -After the WINS server has been configured you must ensure that all -machines participating on the network are configured with the address -of this WINS server. If your WINS server is a Samba machine, fill in -the Samba machine IP address in the "Primary WINS Server" field of -the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs -in Windows 95 or Windows NT. To tell a Samba server the IP address -of the WINS server add the following line to the [global] section of -all smb.conf files : - - wins server = <name or IP address> - -where <name or IP address> is either the DNS name of the WINS server -machine or it's IP address. - -Note that this line MUST NOT BE SET in the smb.conf file of the Samba -server acting as the WINS server itself. If you set both the -"wins support = yes" option and the "wins server = <name>" option then -nmbd will fail to start. - -There are two possible scenarios for setting up cross subnet browsing. -The first details setting up cross subnet browsing on a network containing -Windows 95, Samba and Windows NT machines that are not configured as -part of a Windows NT Domain. The second details setting up cross subnet -browsing on networks that contain NT Domains. - -Setting up Browsing in a WORKGROUP -================================== - -To set up cross subnet browsing on a network containing machines -in up to be in a WORKGROUP, not an NT Domain you need to set up one -Samba server to be the Domain Master Browser (note that this is *NOT* -the same as a Primary Domain Controller, although in an NT Domain the -same machine plays both roles). The role of a Domain master browser is -to collate the browse lists from local master browsers on all the -subnets that have a machine participating in the workgroup. Without -one machine configured as a domain master browser each subnet would -be an isolated workgroup, unable to see any machines on any other -subnet. It is the presense of a domain master browser that makes -cross subnet browsing possible for a workgroup. - -In an WORKGROUP environment the domain master browser must be a -Samba server, and there must only be one domain master browser per -workgroup name (although the same Samba server can act as Domain -master browser for multiple workgroup names). To set up a Samba -server as a domain master browser set the following option in the -[global] section of the smb.conf file : - - domain master = yes - -The domain master browser should also preferrably be the local master -browser for it's own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file : - - domain master = yes - local master = yes - preferred master = yes - os level = 65 - -The domain master browser may be the same machine as the WINS -server, if you require. - -Next, you should ensure that each of the subnets contains a -machine that can act as a local master browser for the -workgroup. Any NT machine should be able to do this, as will -Windows 95 machines (although these tend to get rebooted more -often, so it's not such a good idea to use these). To make a -Samba server a local master browser set the following -options in the [global] section of the smb.conf file : - - domain master = no - local master = yes - preferred master = yes - os level = 65 - -Do not do this for more than one Samba server on each subnet, -or they will war with each other over which is to be the local -master browser. - -The "local master" parameter allows Samba to act as a local master -browser. The "preferred master" causes nmbd to force a browser -election on startup and the "os level" parameter sets Samba high -enough so that it should win any browser elections. - -If you have an NT machine on the subnet that you wish to -be the local master browser then you can disable Samba from -becoming a local master browser by setting the following -options in the [global] section of the smb.conf file : - - domain master = no - local master = no - preferred master = no - os level = 0 - -Setting up Browsing in a DOMAIN -=============================== - -If you are adding Samba servers to a Windows NT Domain then -you must not set up a Samba server as a domain master browser. -By default, a Windows NT Primary Domain Controller for a Domain -name is also the Domain master browser for that name, and many -things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC. - -For subnets other than the one containing the Windows NT PDC -you may set up Samba servers as local master browsers as -described. To make a Samba server a local master browser set -the following options in the [global] section of the smb.conf -file : - - domain master = no - local master = yes - preferred master = yes - os level = 65 - -If you wish to have a Samba server fight the election with machines -on the same subnet you may set the "os level" parameter to lower -levels. By doing this you can tune the order of machines that -will become local master browsers if they are running. For -more details on this see the section "FORCING SAMBA TO BE THE MASTER" -below. - -If you have Windows NT machines that are members of the domain -on all subnets, and you are sure they will always be running then -you can disable Samba from taking part in browser elections and -ever becoming a local master browser by setting following options -in the [global] section of the smb.conf file : - - domain master = no - local master = no - preferred master = no - os level = 0 - -FORCING SAMBA TO BE THE MASTER -============================== - -Who becomes the "master browser" is determined by an election process -using broadcasts. Each election packet contains a number of parameters -which determine what precedence (bias) a host should have in the -election. By default Samba uses a very low precedence and thus loses -elections to just about anyone else. - -If you want Samba to win elections then just set the "os level" global -option in smb.conf to a higher number. It defaults to 0. Using 34 -would make it win all elections over every other system (except other -samba systems!) - -A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A -NTAS domain controller uses level 32. - -The maximum os level is 255 - -If you want samba to force an election on startup, then set the -"preferred master" global option in smb.conf to "yes". Samba will -then have a slight advantage over other potential master browsers -that are not preferred master browsers. Use this parameter with -care, as if you have two hosts (whether they are windows 95 or NT or -samba) on the same local subnet both set with "preferred master" to -"yes", then periodically and continually they will force an election -in order to become the local master browser. - -If you want samba to be a "domain master browser", then it is -recommended that you also set "preferred master" to "yes", because -samba will not become a domain master browser for the whole of your -LAN or WAN if it is not also a local master browser on its own -broadcast isolated subnet. - -It is possible to configure two samba servers to attempt to become -the domain master browser for a domain. The first server that comes -up will be the domain master browser. All other samba servers will -attempt to become the domain master browser every 5 minutes. They -will find that another samba server is already the domain master -browser and will fail. This provides automatic redundancy, should -the current domain master browser fail. - - -MAKING SAMBA THE DOMAIN MASTER -============================== - -The domain master is responsible for collating the browse lists of -multiple subnets so that browsing can occur between subnets. You can -make samba act as the domain master by setting "domain master = yes" -in smb.conf. By default it will not be a domain master. - -Note that you should NOT set Samba to be the domain master for a -workgroup that has the same name as an NT Domain. - -When samba is the domain master and the master browser it will listen -for master announcements (made roughly every twelve minutes) from local -master browsers on other subnets and then contact them to synchronise -browse lists. - -If you want samba to be the domain master then I suggest you also set -the "os level" high enough to make sure it wins elections, and set -"preferred master" to "yes", to get samba to force an election on -startup. - -Note that all your servers (including samba) and clients should be -using a WINS server to resolve NetBIOS names. If your clients are only -using broadcasting to resolve NetBIOS names, then two things will occur: - -a) your local master browsers will be unable to find a domain master - browser, as it will only be looking on the local subnet. - -b) if a client happens to get hold of a domain-wide browse list, and - a user attempts to access a host in that list, it will be unable to - resolve the NetBIOS name of that host. - -If, however, both samba and your clients are using a WINS server, then: - -a) your local master browsers will contact the WINS server and, as long as - samba has registered that it is a domain master browser with the WINS - server, your local master browser will receive samba's ip address - as its domain master browser. - -b) when a client receives a domain-wide browse list, and a user attempts - to access a host in that list, it will contact the WINS server to - resolve the NetBIOS name of that host. as long as that host has - registered its NetBIOS name with the same WINS server, the user will - be able to see that host. - -NOTE ABOUT BROADCAST ADDRESSES -============================== - -If your network uses a "0" based broadcast address (for example if it -ends in a 0) then you will strike problems. Windows for Workgroups -does not seem to support a 0's broadcast and you will probably find -that browsing and name lookups won't work. - - -MULTIPLE INTERFACES -=================== - -Samba now supports machines with multiple network interfaces. If you -have multiple interfaces then you will need to use the "interfaces" -option in smb.conf to configure them. See smb.conf(5) for details. - diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt deleted file mode 100644 index 0bd12e8af0a..00000000000 --- a/docs/textdocs/BUGS.txt +++ /dev/null @@ -1,135 +0,0 @@ -Contributor: Samba Team -Updated: June 27, 1997 - -Subject: This file describes how to report Samba bugs. -============================================================================ - ->> The email address for bug reports is samba-bugs@samba.anu.edu.au << - -Please take the time to read this file before you submit a bug -report. Also, please see if it has changed between releases, as we -may be changing the bug reporting mechanism at some time. - -Please also do as much as you can yourself to help track down the -bug. Samba is maintained by a dedicated group of people who volunteer -their time, skills and efforts. We receive far more mail about it than -we can possibly answer, so you have a much higher chance of an answer -and a fix if you send us a "developer friendly" bug report that lets -us fix it fast. - -Do not assume that if you post the bug to the comp.protocols.smb -newsgroup or the mailing list that we will read it. If you suspect that your -problem is not a bug but a configuration problem then it is better to send -it to the Samba mailing list, as there are (at last count) 5000 other users on -that list that may be able to help you. - -You may also like to look though the recent mailing list archives, -which are conveniently accessible on the Samba web pages -at http://samba.canberra.edu.au/pub/samba/ - - -GENERAL INFO ------------- - -Before submitting a bug report check your config for silly -errors. Look in your log files for obvious messages that tell you that -you've misconfigured something and run testparm to test your config -file for correct syntax. - -Have you run through DIAGNOSIS.txt? This is very important. - -If you include part of a log file with your bug report then be sure to -annotate it with exactly what you were doing on the client at the -time, and exactly what the results were. - - -DEBUG LEVELS ------------- - -If the bug has anything to do with Samba behaving incorrectly as a -server (like refusing to open a file) then the log files will probably -be very useful. Depending on the problem a log level of between 3 and -10 showing the problem may be appropriate. A higher level givesmore -detail, but may use too much disk space. - -To set the debug level use "log level =" in your smb.conf. You may -also find it useful to set the log level higher for just one machine -and keep separate logs for each machine. To do this use: - -log level = 10 -log file = /usr/local/samba/lib/log.%m -include = /usr/local/samba/lib/smb.conf.%m - -then create a file "/usr/local/samba/lib/smb.conf.machine" where -"machine" is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example "log level=" may be -useful. This also allows you to experiment with different security -systems, protocol levels etc on just one machine. - -The smb.conf entry "log level =" is synonymous with the entry -"debuglevel =" that has been used in older versions of Samba and -is being retained for backwards compatibility of smb.conf files. - -As the "log level =" value is increased you will record a significantly -increasing level of debugging information. For most debugging operations -you may not need a setting higher than 3. Nearly all bugs can be tracked -at a setting of 10, but be prepared for a VERY large volume of log data. - - -INTERNAL ERRORs ---------------- - -If you get a "INTERNAL ERROR" message in your log files it means that -Samba got an unexpected signal while running. It is probably a -segmentation fault and almost certainly means a bug in Samba (unless -you have faulty hardware or system software) - -If the message came from smbd then it will probably be accompanied by -a message which details the last SMB message received by smbd. This -info is often very useful in tracking down the problem so please -include it in your bug report. - -You should also detail how to reproduce the problem, if -possible. Please make this reasonably detailed. - -You may also find that a core file appeared in a "corefiles" -subdirectory of the directory where you keep your samba log -files. This file is the most useful tool for tracking down the bug. To -use it you do this: - -gdb smbd core - -adding appropriate paths to smbd and core so gdb can find them. If you -don't have gdb then try "dbx". Then within the debugger use the -command "where" to give a stack trace of where the problem -occurred. Include this in your mail. - -If you known any assembly language then do a "disass" of the routine -where the problem occurred (if its in a library routine then -disassemble the routine that called it) and try to work out exactly -where the problem is by looking at the surrounding code. Even if you -don't know assembly then incuding this info in the bug report can be -useful. - - -ATTACHING TO A RUNNING PROCESS ------------------------------- - -Unfortunately some unixes (in particular some recent linux kernels) -refuse to dump a core file if the task has changed uid (which smbd -does often). To debug with this sort of system you could try to attach -to the running process using "gdb smbd PID" where you get PID from -smbstatus. Then use "c" to continue and try to cause the core dump -using the client. The debugger should catch the fault and tell you -where it occurred. - - -PATCHES -------- - -The best sort of bug report is one that includes a fix! If you send us -patches please use "diff -u" format if your version of diff supports -it, otherwise use "diff -c4". Make sure your do the diff against a -clean version of the source and let me know exactly what version you -used. - diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt deleted file mode 100644 index 5f20f610310..00000000000 --- a/docs/textdocs/DIAGNOSIS.txt +++ /dev/null @@ -1,251 +0,0 @@ -Contributor: Andrew Tridgell -Updated: June 27, 1997 - -Subject: DIAGNOSING YOUR SAMBA SERVER -=========================================================================== - -This file contains a list of tests you can perform to validate your -Samba server. It also tells you what the likely cause of the problem -is if it fails any one of these steps. If it passes all these tests -then it is probably working fine. - -You should do ALL the tests, in the order shown. I have tried to -carefully choose them so later tests only use capabilities verified in -the earlier tests. - -I would welcome additions to this set of tests. Please mail them to -samba-bugs@samba.anu.edu.au - -If you send me an email saying "it doesn't work" and you have not -followed this test procedure then you should not be surprised if I -ignore your email. - - -ASSUMPTIONS ------------ - -In all of the tests I assume you have a Samba server called BIGSERVER -and a PC called ACLIENT. I also assume the PC is running windows for -workgroups with a recent copy of the microsoft tcp/ip stack. Alternatively, -your PC may be running Windows 95 or Windows NT (Workstation or Server). - -The procedure is similar for other types of clients. - -I also assume you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf: - -[tmp] - comment = temporary files - path = /tmp - read only = yes - - -THESE TESTS ASSUME VERSION 1.9.16 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS - - -TEST 1: -------- - -In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf -configuration file is faulty. - -Note: Your smb.conf file may be located in: /etc - or in: /usr/local/samba/lib - - -TEST 2: -------- - -run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from -the unix box. If you don't get a valid response then your TCP/IP -software is not correctly installed. - -Note that you will need to start a "dos prompt" window on the PC to -run ping. - -If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to -run samba without DNS entries for the server and client, but I assume -you do have correct entries for the remainder of these tests. - - -TEST 3: -------- - -Run the command "smbclient -L BIGSERVER" on the unix box. You -should get a list of available shares back. - -If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines. - -If you get a "connection refused" response then the smbd server could -not be running. If you installed it in inetd.conf then you probably edited -that file incorrectly. If you installed it as a daemon then check that -it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a". - -If you get a "session request failed" then the server refused the -connection. If it says "your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" -and that the various directories where samba keeps its log and lock -files exist. - -Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration! - - -TEST 4: -------- - -Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the -IP address of your Samba server back. - -If you don't then nmbd is incorrectly installed. Check your inetd.conf -if you run it from there, or that the daemon is running and listening -to udp port 137. - -One common problem is that many inetd implementations can't take many -parameters on the command line. If this is the case then create a -one-line script that contains the right parameters and run that from -inetd. - - -TEST 5: -------- - -run the command "nmblookup -B ACLIENT '*'" - -You should get the PCs IP address back. If you don't then the client -software on the PC isn't installed correctly, or isn't started, or you -got the name of the PC wrong. - - -TEST 6: -------- - -Run the command "nmblookup -d 2 '*'" - -This time we are trying the same as the previous test but are trying -it via a broadcast to the default broadcast address. A number of -Netbios/TCPIP hosts on the network should respond, although Samba may -not catch all of the responses in the short time it listens. You -should see "got a positive name query response" messages from several -hosts. - -If this doesn't give a similar result to the previous test then -nmblookup isn't correctly getting your broadcast address through its -automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP -address, broadcast and netmask. - -If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs -subnet. - - -TEST 7: -------- - -Run the command "smbclient '\\BIGSERVER\TMP'". You should then be -prompted for a password. You should use the password of the account -you are logged into the unix box with. If you want to test with -another account then add the -U <accountname> option to the command -line. - -Once you enter the password you should get the "smb>" prompt. If you -don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf. - -If it says "bad password" then the likely causes are: - -- you have shadow passords (or some other password system) but didn't -compile in support for them in smbd -- your "valid users" configuration is incorrect -- you have a mixed case password and you haven't enabled the "password -level" option at a high enough level -- the "path =" line in smb.conf is incorrect. Check it with testparm -- you enabled password encryption but didn't create the SMB encrypted -password file - -Once connected you should be able to use the commands "dir" "get" -"put" etc. Type "help <command>" for instructions. You should -especially check that the amount of free disk space shown is correct -when you type "dir". - - -TEST 8: -------- - -On the PC type the command "net view \\BIGSERVER". You will need to do -this from within a "dos prompt" window. You should get back a list of -available shares on the server. - -If you get a "network name not found" or similar error then netbios -name resolution is not working. This is usually caused by a problem in -nmbd. To overcome it you could do one of the following (you only need -to choose one of them): - -- fixup the nmbd installation -- add the IP address of BIGSERVER to the "wins server" box in the -advanced tcp/ip setup on the PC. -- enable windows name resolution via DNS in the advanced section of -the tcp/ip setup -- add BIGSERVER to your lmhosts file on the PC. - -If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man -pages) - - - -TEST 9: --------- - -Run the command "net use x: \\BIGSERVER\TMP". You should be prompted -for a password then you should get a "command completed successfully" -message. If not then your PC software is incorrectly installed or your -smb.conf is incorrect. make sure your "hosts allow" and other config -lines in smb.conf are correct. - -It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the -username corresponding to the password you typed. If you find this -fixes things you may need the username mapping option. - - -TEST 10: --------- - -From file manager try to browse the server. Your samba server should -appear in the browse list of your local workgroup (or the one you -specified in smb.conf). You should be able to double click on the name -of the server and get a list of shares. If you get a "invalid -password" error when you do then you are probably running WinNT and it -is refusing to browse a server that has no encrypted password -capability and is in user level security mode. In this case either set -"security = server" AND "password server = Windows_NT_Machine" in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile). - - -Still having troubles? ----------------------- - -Try the mailing list or newsgroup, or use the tcpdump-smb utility to -sniff the problem. - -Also look at the other docs in the Samba package! - diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt deleted file mode 100644 index 51005e6ec8c..00000000000 --- a/docs/textdocs/DNIX.txt +++ /dev/null @@ -1,69 +0,0 @@ -DNIX has a problem with seteuid() and setegid(). These routines are -needed for Samba to work correctly, but they were left out of the DNIX -C library for some reason. - -For this reason Samba by default defines the macro NO_EID in the DNIX -section of includes.h. This works around the problem in a limited way, -but it is far from ideal, some things still won't work right. - -To fix the problem properly you need to assemble the following two -functions and then either add them to your C library or link them into -Samba. - -put this in the file setegid.s: - - .globl _setegid -_setegid: - moveq #47,d0 - movl #100,a0 - moveq #1,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts - - -put this in the file seteuid.s: - - .globl _seteuid -_seteuid: - moveq #47,d0 - movl #100,a0 - moveq #0,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts - -after creating the above files you then assemble them using - -as seteuid.s -as setegid.s - -that should produce the files seteuid.o and setegid.o - -then you need to add these to the LIBSM line in the DNIX section of -the Samba Makefile. Your LIBSM line will then look something like this: - -LIBSM = setegid.o seteuid.o -ln - -You should then remove the line: - -#define NO_EID - -from the DNIX section of includes.h - -Then recompile and try it out! - -Note that this file was derived from an email from Peter Olsson -<pol@leissner.se>. I don't have DNIX myself, so you're probably better -off contacting Peter if you have problems. - -Andrew - diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt deleted file mode 100644 index b2d8a3f34d2..00000000000 --- a/docs/textdocs/DOMAIN.txt +++ /dev/null @@ -1,179 +0,0 @@ -Contributor: Samba Team -Updated: June 27, 1997 - -Subject: Network Logons and Roving Profiles -=========================================================================== - -Samba supports domain logons, network logon scripts and user profiles. -The support is still experimental, but it seems to work. - -The support is also not complete. Samba does not yet support the -sharing of the SAM database with other systems, or remote administration. -Support for these kind of things should be added sometime in the future. - -The domain support works for WfWg and Win95 clients. Support for Windows -NT and OS/2 clients is still being worked on and is still experimental. - -Using these features you can make your clients verify their logon via -the Samba server, make clients run a batch file when they logon to -the network and download their preferences, desktop and start menu. - - -Configuration Instructions: Network Logons -============================================== - -To use domain logons and profiles you need to do the following: - -1) Setup nmbd and smbd and configure the smb.conf so that Samba is -acting as the master browser. See INSTALL.txt and BROWSING.txt for -details. - -2) create a share called [netlogon] in your smb.conf. This share should -be readable by all users, and probably should not be writeable. This -share will hold your network logon scripts, and the CONFIG.POL file -(Note: for details on the CONFIG.POL file, refer to the Microsoft -Windows NT Administration documentation. The format of these files -is not known, so you will need to use Microsoft tools.) - -For example I have used: - - [netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = yes - -Note that it is important that this share is not writeable by ordinary -users, in a secure environment: ordinary users should not be allowed -to modify or add files that another user's computer would then download -when they log in. - -3) in the [global] section of smb.conf set the following: - - domain logons = yes - logon script = %U.bat - -the choice of batch file is, of course, up to you. The above would -give each user a separate batch file as the %U will be changed to -their username automatically. The other standard % macros may also be -used. You can make the batch files come from a subdirectory by using -soemthing like: - - logon script = scripts\%U.bat - -4) create the batch files to be run when the user logs in. If the batch -file doesn't exist then no batch file will be run. - -In the batch files you need to be careful to use DOS style cr/lf line -endings. If you don't then DOS may get confused. I suggest you use a -DOS editor to remotely edit the files if you don't know how to produce -DOS style files under unix. - -5) Use smbclient with the -U option for some users to make sure that -the \\server\NETLOGON share is available, the batch files are visible -and they are readable by the users. - -6) you will probabaly find that your clients automatically mount the -\\SERVER\NETLOGON share as drive z: while logging in. You can put some -useful programs there to execute from the batch files. - -NOTE: You must be using "security = user" or "security = server" for -domain logons to work correctly. Share level security won't work -correctly. - - - -Configuration Instructions: Setting up Roaming User Profiles -================================================================ - -1) in the [global] section of smb.conf set the following: - - logon path = \\profileserver\profileshare\profilepath\%U - -The default for this option is \\%L\%U, namely \\sambaserver\username, -The \\L%\%U services is created automatically by the [homes] service. - -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. Windows 95 appears to -check that it can see the share and any subdirectories within that share -specified by the logon path option, rather than just connecting straight -away. - -When a user first logs in on Windows 95, the file user.dat is created, -as are folders "start menu", "desktop", "programs" and "nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. - -The user.dat file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.dat file to user.man, -and deny them write access to the file. - -2) On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - -3) On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Press OK, and this time allow the computer to reboot. - -You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist), -user name and user's password. - -Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. - -Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -(the default is \\samba_server\username) and verify that the "desktop", -"start menu", "programs" and "nethood" folders have been created. - -These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). - - -If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". - - -1) instead of logging in under the [user, password, domain] dialog], - press escape. - -2) run the regedit.exe program, and look in: - - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - - [Exit the registry editor]. - -3) WARNING - before deleting the contents of the directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - - This will have the effect of removing the local (read-only hidden - system file) user.dat in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - -4) search for the user's .PWL password-cacheing file in the c:\windows - directory, and delete it. - -5) log off the windows 95 client. - -6) check the contents of the profile path (see "logon path" described - above), and delete the user.dat or user.man file for the user, - making a backup if required. - - -If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. - diff --git a/docs/textdocs/DOMAIN_CONTROL.txt b/docs/textdocs/DOMAIN_CONTROL.txt deleted file mode 100644 index 19d702040c7..00000000000 --- a/docs/textdocs/DOMAIN_CONTROL.txt +++ /dev/null @@ -1,90 +0,0 @@ -Initial Release: August 22, 1996 -Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au> -Updated: June 27, 1997 -Status: Current - New Content - -Subject: Windows NT Domain Control & Samba -============================================================================ - -****NOTE:**** -============= -Microsoft Windows NT Domain Control is an extremely complex protocol. -We have received countless requests to implement Domain Control in Samba -and have seriously investigated the potential to support this. The Samba -Team have now concluded that since Domain Control is a completely -undocumented protocol we ought NOT to implement our best guess of this -technology. It is a Microsoft business policy NOT to release the information -necessary to enable this to be implemented in a dependable manner. -============================================================================ - -Windows NT Server can be installed as either a plain file and print server -(WORKGROUP workstaion or server) or as a server that participates in Domain -Control (DOMAIN member, Primary Domain controller or Backup Domain controller). - -The same is true for OS/2 Warp Server, Digital Pathworks and other similar -products, all of which can participate in Domain Control along with Windows NT. - -To many people these terms can be confusing, so let's try to clear the air. - -Every Windows NT system (workstation or server) has a registry database. -The registry contains entries that describe the initialisation information -for all services (the equivalent of Unix Daemons) that run within the Windows -NT environment. The registry also contains entries that tell application -software where to find dynamically loadable libraries that they depend upon. -In fact, the registry contains entries that describes everything that anything -may need to know to interact with the rest of the system. - -The registry files will can be located on any Windows NT machine by opening a -command prompt and typing: - dir %SystemRoot%\System32\config - -The environment variable %SystemRoot% value can be obtained by typing: - echo %SystemRoot% - -The active parts of the registry that you may want to be familiar with are -the files called: default, system, software, sam and security. - -In a domain environment, Microsoft Windows NT domain controllers participate -in replication of the SAM and SECURITY files so that all controllers within -the domain have an exactly identical copy of each. - -The Microsoft Windows NT system is structured within a security model that -says that all applications and services must authenticate themselves before -they can obtain permission from the security manager to do what they set out -to do. - -The Windows NT User database also resides within the registry. This part of -the registry contains the user's security identifier, home directory, group -memberships, desktop profile, and so on. - -Every Windows NT system (workstation as well as server) will have it's own -registry. Windows NT Servers that participate in Domain Security control -have a database that they share in common - thus they do NOT own an -independant full registry database of their own, as do Workstations and -plain Servers. - -The User database is called the SAM (Security Access Manager) database and -is used for all user authentication as well as for authentication of inter- -process authentication (ie: to ensure that the service action a user has -requested is permitted within the limits of that user's privilidges). - -Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers -can participate in a Domain security system that is controlled by Windows NT -servers that have been correctly configured. At most every domain will have -ONE Primary Domain Controller (PDC). It is desirable that each domain will -have at least one Backup Domain Controller (BDC). - -The PDC and BDCs then participate in replication of the SAM database so that -each Domain Controlling participant will have an up to date SAM component -within it's registry. - -Samba can NOT at this time function as a Domain Controller for any of these -security services, but like all other domain members can interact with the -Windows NT security system for all access authentication. - -When Samba is configured with the 'security = server' option and the -'password server = Your_Windows_NT_Server_Name' option, then it will -redirect all access authentication to that server. This way you can -use Windows NT to act as your password server with full support for -Microsoft encrypted passwords. - diff --git a/docs/textdocs/ENCRYPTION.txt b/docs/textdocs/ENCRYPTION.txt deleted file mode 100644 index 04822eed329..00000000000 --- a/docs/textdocs/ENCRYPTION.txt +++ /dev/null @@ -1,350 +0,0 @@ -Contributor: Jeremy Allison <samba-bugs@samba.anu.edu.au> -Updated: June 27, 1997 -Note: Please refer to WinNT.txt also - -Subject: LanManager / Samba Password Encryption. -============================================================================ - -With the development of LanManager and Windows NT compatible password -encryption for Samba, it is now able to validate user connections in -exactly the same way as a LanManager or Windows NT server. - -This document describes how the SMB password encryption algorithm -works and what issues there are in choosing whether you want to use -it. You should read it carefully, especially the part about security -and the "PROS and CONS" section. - -How does it work ? ------------------- - - LanManager encryption is somewhat similar to UNIX password -encryption. The server uses a file containing a hashed value of a -users password. This is created by taking the users paintext -password, capitalising it, and either truncating to 14 bytes (or -padding to 14 bytes with null bytes). This 14 byte value is used as -two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a -16 byte value which is stored by the server and client. Let this value -be known as the *hashed password*. - - Windows NT encryption is a higher quality mechanism, consisting -of doing an MD4 hash on a Unicode version of the users password. This -also produces a 16 byte hash value that is non-reversible. - -When a client (LanManager, Windows for WorkGroups, Windows 95 or -Windows NT) wishes to mount a Samba drive (or use a Samba resource) it -first requests a connection and negotiates the protocol that the client -and server will use. In the reply to this request the Samba server -generates and appends an 8 byte, random value - this is stored in the -Samba server after the reply is sent and is known as the *challenge*. - -The challenge is different for every client connection. - -The client then uses the hashed password (16 byte values described -above), appended with 5 null bytes, as three 56 bit DES keys, each of -which is used to encrypt the challenge 8 byte value, forming a 24 byte -value known as the *response*. - -In the SMB call SMBsessionsetupX (when user level security is -selected) or the call SMBtconX (when share level security is selected) -the 24 byte response is returned by the client to the Samba server. -For Windows NT protocol levels the above calculation is done on -both hashes of the users password and both responses are returned -in the SMB call, giving two 24 byte values. - -The Samba server then reproduces the above calculation, using it's own -stored value of the 16 byte hashed password (read from the smbpasswd -file - described later) and the challenge value that it kept from the -negotiate protocol reply. It then checks to see if the 24 byte value it -calculates matches the 24 byte value returned to it from the client. - -If these values match exactly, then the client knew the correct -password (or the 16 byte hashed value - see security note below) and -is this allowed access. If not then the client did not know the -correct password and is denied access. - -Note that the Samba server never knows or stores the cleartext of the -users password - just the 16 byte hashed values derived from it. Also -note that the cleartext password or 16 byte hashed values are never -transmitted over the network - thus increasing security. - -IMPORTANT NOTE ABOUT SECURITY ------------------------------ - -The unix and SMB password encryption techniques seem similar on the -surface. This similarity is, however, only skin deep. The unix scheme -typically sends clear text passwords over the nextwork when logging -in. This is bad. The SMB encryption scheme never sends the cleartext -password over the network but it does store the 16 byte hashed values -on disk. This is also bad. Why? Because the 16 byte hashed values are a -"password equivalent". You cannot derive the users password from them, -but they could potentially be used in a modified client to gain access -to a server. This would require considerable technical knowledge on -behalf of the attacker but is perfectly possible. You should thus -treat the smbpasswd file as though it contained the cleartext -passwords of all your users. Its contents must be kept secret, and the -file should be protected accordingly. - -Ideally we would like a password scheme which neither requires plain -text passwords on the net or on disk. Unfortunately this is not -available as Samba is stuck with being compatible with other SMB -systems (WinNT, WfWg, Win95 etc). - - -PROS AND CONS -------------- - -There are advantages and disadvantages to both schemes. - -Advantages of SMB Encryption: ------------------------------ - -- plain text passwords are not passed across the network. Someone using -a network sniffer cannot just record passwords going to the SMB server. - -- WinNT doesn't like talking to a server that isn't using SMB -encrypted passwords. It will refuse to browse the server if the server -is also in user level security mode. It will insist on promting the -user for the password on each connection, which is very annoying. The -only things you can do to stop this is to use SMB encryption. - -Advantages of non-encrypted passwords: --------------------------------------- - -- plain text passwords are not kept on disk. - -- uses same password file as other unix services such as login and -ftp - -- you are probably already using other services (such as telnet and -ftp) which send plain text passwords over the net, so not sending them -for SMB isn't such a big deal. - -Note that Windows NT 4.0 Service pack 3 changed the default for -permissible authentication so that plaintext passwords are *never* -sent over the wire. The solution to this is either to switch to -encrypted passwords with Samba or edit the Windows NT registry to -re-enable plaintext passwords. See the document WinNT.txt for -details on how to do this. - -The smbpasswd file. -------------------- - - In order for Samba to participate in the above protocol it must -be able to look up the 16 byte hashed values given a user name. -Unfortunately, as the UNIX password value is also a one way hash -function (ie. it is impossible to retrieve the cleartext of the users -password given the UNIX hash of it) then a separate password file -containing this 16 byte value must be kept. To minimise problems with -these two password files, getting out of sync, the UNIX /etc/passwd and -the smbpasswd file, a utility, mksmbpasswd.sh, is provided to generate -a smbpasswd file from a UNIX /etc/passwd file. - -To generate the smbpasswd file from your /etc/passwd file use the -following command :- - -cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd - -If you are running on a system that uses NIS, use - -ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd - -The mksmbpasswd.sh program is found in the Samba source directory. By -default, the smbpasswd file is stored in :- - -/usr/local/samba/private/smbpasswd - -The owner of the /usr/local/samba/private directory should be set to -root, and the permissions on it should be set to :- - -r-x------ - -The command - -chmod 500 /usr/local/samba/private - -will do the trick. Likewise, the smbpasswd file inside the private -directory should be owned by root and the permissions on is should be -set to - -rw------- - -by the command :- - -chmod 600 smbpasswd. - -The format of the smbpasswd file is - -username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Long name:user home dir:user shell - -Although only the username, uid, and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -sections are significant and are looked at in the Samba code. - -It is *VITALLY* important that there by 32 'X' characters between the -two ':' characters in the XXX sections - the smbpasswd and Samba code -will fail to validate any entries that do not have 32 characters -between ':' characters. The first XXX section is for the Lanman password -hash, the second is for the Windows NT version. - -When the password file is created all users have password entries -consisting of 32 'X' characters. By default this disallows any access -as this user. When a user has a password set, the 'X' characters change -to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii -representation of the 16 byte hashed value of a users password. - -To set a user to have no password (not recommended), edit the file -using vi, and replace the first 11 characters with the asci text - -NO PASSWORD - -Eg. To clear the password for user bob, his smbpasswd file entry would -look like : - -bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Bob's full name:/bobhome:/bobshell - -If you are allowing users to use the smbpasswd command to set their own -passwords, you may want to give users NO PASSWORD initially so they do -not have to enter a previous password when changing to their new -password (not recommended). - -Note : This file should be protected very carefully. Anyone with -access to this file can (with enough knowledge of the protocols) gain -access to your SMB server. The file is thus more sensitive than a -normal unix /etc/passwd file. - -The smbpasswd Command. ----------------------- - - The smbpasswd command maintains the two 32 byte password fields in -the smbpasswd file. If you wish to make it similar to the unix passwd -or yppasswd programs, install it in /usr/local/samba/bin (or your main -Samba binary directory) and make it setuid root. - -Note that if you do not do this then the root user will have to set all -users passwords. - -To set up smbpasswd as setuid root, change to the Samba binary install -directory and then type (as root) : - -chown root smbpasswd -chmod 4555 smbpasswd - -If smbpasswd is installed as setuid root then you would use it as -follows. - -smbpasswd -Old SMB password: <type old alue here - just hit return if there is NO PASSWORD> -New SMB Password: < type new value > -Repeat New SMB Password: < re-type new value > - -If the old value does not match the current value stored for that user, -or the two new values do not match each other, then the password will -not be changed. - -If invoked by an ordinary user it will only allow the user to change -his or her own Samba password. - -If run by the root user smbpasswd may take an optional argument, -specifying the user name whose SMB password you wish to change. Note -that when run as root smbpasswd does not prompt for or check the old -password value, thus allowing root to set passwords for users who have -forgotten their passwords. - -smbpasswd is designed to work in the same way and be familiar to UNIX -users who use the passwd or yppasswd commands. - -NOTE. As smbpasswd is designed to be installed as setuid root I would -appreciate it if everyone examined the source code to look for -potential security flaws. A setuid program, if not written properly can -be an open door to a system cracker. Please help make this program -secure by reporting all problems to me (the author, Jeremy Allison). - -My email address is :- - -jallison@whistle.com - -Setting up Samba to support LanManager Encryption. --------------------------------------------------- - -This is a very brief description on how to setup samba to support -password encryption. More complete instructions will probably be added -later. - -1) get and compile the libdes libraries. the source is available from -ftp://samba.anu.edu.au/pub/libdes/ - -2) enable the encryption stuff in the Samba makefile, making sure you -point it to the libdes library and include file (it needs des.h) -The entries you need to uncomment are the four lines after the comment :- - -# This is for SMB encrypted (lanman) passwords. - -Note that you may have to change the variable DES_BASE to -point at the place where you installed the DES library. - -3) compile and install samba as usual - -4) f your system can't compile the module getsmbpass.c then remove the --DSMBGETPASS define from the Makefile. - -5) enable encrypted passwords in smb.conf by adding the line -"encrypt passwords = yes" in the [global] section - -6) create the initial smbpasswd password file in the place you -specified in the Makefile. A simple way to do this based on your -existing Makefile (assuming it is in a reasonably standard format) is -like this: - -cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd - -Change ownership of private and smbpasswd to root. - -chown -R root /usr/local/samba/private - -Set the correct permissions on /usr/local/samba/private - -chmod 500 /usr/local/samba/private - -Set the correct permissions on /usr/local/samba/private/smbpasswd - -chmod 600 /usr/local/samba/private/smbpasswd - -note that the mksmbpasswd.sh script is in the samba source directory. - -If this fails then you will find that you will need entries that look -like this: - -# SMB password file. -tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh - -note that the uid and username fields must be right. Also, you must get -the number of X's right (there should be 32). - -If you wish, install the smbpasswd program as suid root. - -chown root /usr/local/samba/bin/smbpasswd -chmod 4555 /usr/local/samba/bin/smbpasswd - -7) set the passwords for users using the smbpasswd command. For -example, as root you could do "smbpasswd tridge" - -8) try it out! - -Note that you can test things using smbclient, as it also now supports -encryption. - -NOTE TO USA Sites that Mirror Samba ------------------------------------ - -The DES library is considered a munition in the USA. Under US Law it is -illegal to export this software, or to put it in a freely available ftp -site. - -Please do not mirror the libdes directory from the site on -samba.anu.edu.au - -Thank you, - -Jeremy Allison. - -============================================================================== -Footnote: Please refer to WinNT.txt also diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt deleted file mode 100644 index 511640d556f..00000000000 --- a/docs/textdocs/Faxing.txt +++ /dev/null @@ -1,163 +0,0 @@ -Contributor: Gerhard Zuber <zuber@berlin.snafu.de> -Initial Release: ? - -Subject: F A X I N G with S A M B A -============================================================================= - -This text describes how to turn your SAMBA-server into a fax-server -for any environment, especially for Windows. - -Requirements: - UNIX box (Linux preferred) with SAMBA - ghostscript package - mgetty+sendfax package - pbm package (portable bitmap tools) - -FTP sites: - mgetty099-May31.tar.gz - I got it from: ftp://ftp.gwdg.de/pub/linux/misc/mgetty/mgetty099-May31.tar.gz - - -making mgetty+sendfax running: -============================== - - go to source tree: /usr/src/mgetty+sendfax - cp policy.h-dist policy.h - - change your settings: valid tty ports, modem initstring, Station-Id - -#define MODEM_INIT_STRING "AT &F S0=0 &D3 &K3 &C1\\\\N2" - -#define FAX_STATION_ID "49 30 12345678" - -#define FAX_MODEM_TTYS "ttyS1:ttyS2:ttyS3" - - Modem initstring is for rockwell based modems - if you want to use mgetty+sendfax as PPP-dialin-server, - define AUTO_PPP in Makefile: - -CFLAGS=-O2 -Wall -pipe -DAUTO_PPP - - compile it and install the package. - edit your /etc/inittab and let mgetty running on your preferred - ports: - -s3:45:respawn:/usr/local/sbin/mgetty ttyS2 vt100 - - now issue a - kill -HUP 1 - and enjoy with the lightning LEDs on your modem - your now are ready to receive faxes ! - - - if you want a PPP dialin-server, edit - /usr/local/etc/mgetty+sendfax/login.config - -/AutoPPP/ - ppp /usr/sbin/pppd auth debug passive modem - - - -Tools for printing faxes: -========================= - - your incomed faxes are in: - /var/spool/fax/incoming - - print it with: - - for i in * - do - g3cat $i | g3tolj | lpr -P hp - done - - g3cat is in the tools-section, g3tolj is in the contrib-section - for printing to HP lasers. - - - -Now making the fax-server: -=========================== - - fetch the file - mgetty+sendfax/frontends/winword/faxfilter - - and place it in - - /usr/local/etc/mgetty+sendfax/ - - prepare your faxspool file as mentioned in this file - /usr/local/bin/faxspool - - if [ "$user" = "root" -o "$user" = "fax" -o \ - "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] - - make sure you have pbmtext (from the pbm-package). This is - needed for creaating the small header line on each page. - - make sure your ghostscript is functional. You need fonts ! - I prefer these from the OS/2 disks - - - prepare your faxheader - /usr/local/etc/mgetty+sendfax/faxheader - - - edit your /etc/printcap file: - -# FAX -lp3|fax:\ - :lp=/dev/null:\ - :sd=/usr/spool/lp3:\ - :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ - :lf=/usr/spool/lp3/fax-log: - - - - - edit your /usr/local/samba/lib/smb.conf - - so you have a smb based printer named "fax" - - - -The final step: -=============== - - Now you have a printer called "fax" which can be used via - TCP/IP-printing (lpd-system) or via SAMBA (windows printing). - - On every system you are able to produce postscript-files you - are ready to fax. - - On Windows 3.1 95 and NT: - - Install a printer wich produces postscript output, - e.g. apple laserwriter - - connect the "fax" to your printer - - - Now write your first fax. Use your favourite wordprocessor, - write, winword, notepad or whatever you want, and start - with the headerpage. - - Usually each fax has a header page. It carries your name, - your address, your phone/fax-number. - - It carries also the recipient, his address and his *** fax - number ***. Now here is the trick: - - Use the text: - Fax-Nr: 123456789 - as the recipients fax-number. Make sure this text does not - occur in regular text ! Make sure this text is not broken - by formatting information, e.g. format it as a single entity. - - The trick is that postscript output is human readable and - the faxfilter program scans the text for this pattern and - uses the found number as the fax-destination-number. - - Now print your fax through the fax-printer and it will be - queued for later transmission. Use faxrunq for sending the - queue out. - diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt deleted file mode 100644 index d4e5f3e842d..00000000000 --- a/docs/textdocs/GOTCHAS.txt +++ /dev/null @@ -1,68 +0,0 @@ -This file lists Gotchas to watch out for: -========================================================================= -Item Number: 1.0 -Description: Problem Detecting Interfaces -Symptom: Workstations do NOT see Samba server in Browse List -OS: RedHat - Rembrandt Beta 2 -Platform: Intel -Date: August 16, 1996 -Submitted By: John H Terpstra -Details: - By default RedHat Rembrandt-II during installation adds an - entry to /etc/hosts as follows:- - 127.0.0.1 loopback "hostname"."domainname" - - This causes Samba to loop back onto the loopback interface. - The result is that Samba fails to communicate correctly with - the world and therefor may fail to correctly negotiate who - is the master browse list holder and who is the master browser. - -Corrective Action: Delete the entry after the word loopback - in the line starting 127.0.0.1 -========================================================================= -Item Number: 2.0 -Description: Problems with MS Windows NT Server network logon service -Symptom: Loss of Domain Logon Services and failed Windows NT / 95 - logon attempts. -OS: All Unix systems with Windows NT Domain Control environments. -Platform: All -Date: February 1, 1997 -Submitted By: John H Terpstra -Details: - Samba is configured for Domain logon control in a network - where a Windows NT Domain Primary Controller is running. - - Case 1: - The Windows NT Server is shut down, then restarted. Then - the Samba server is reconfigured so that it NO LONGER offers - Domain logon services. Windows NT and 95 workstations can no - longer log onto the domain. Ouch!!! - - Case 2: - The Windows NT Server which is running the Network logon - Service is shut down and restarted while Samba is a domain - controller offering the Domain LogOn service. Windows NT - Workstation and Server can no longer log onto the network. - - Cause: - Windows NT checks at start up to see if any domain logon - controllers are already running within the domain. It finds - Samba claiming to offer the service and therefore does NOT - start it's Network Logon Service. - - Windows NT needs the Windows NT network logon service to gain - from it's Domain controller's SAM database the security - identifier for the user loging on. - -Work-around: Stop the Samba nmbd and smbd processes, then on the Windows - NT Primary Domain Controller start the Network Logon Service. - Now restart the Samba nmbd and smbd services. - - Better still: DO NOT CONFIGURE SAMBA AS THE NETWORK LOGON - SERVER, DO NOT SET SAMBA TO BE THE DOMAIN MASTER, DO NOT - SET SAMBA TO OS LEVEL GREATER THAN 0. - - ie: Let Windows NT Server be the Domain Logon server, the - domain master browser and do NOT interfere with any aspect - of Microsoft Windows NT Domain Control. -========================================================================= diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt deleted file mode 100644 index f5781ee4232..00000000000 --- a/docs/textdocs/HINTS.txt +++ /dev/null @@ -1,209 +0,0 @@ -Contributor: Many -Updated: Not for a long time! - -Subject: A collection of hints -Status: May be useful information but NOT current -=============================================================================== - -Here are some random hints that you may find useful. These really -should be incorporated in the main docs someday. - - ----------------------- -HINT: Always test your smb.conf with testparm before using it - -If your smb.conf file is invalid then samba will fail to load. Run -testparm over it before you install it just to make sure there aren't -any basic syntax or logical errors. - - ----------------------- -HINT: Try printing with smbclient first - -If you have problems printing, test with smbclient first. Just connect using -"smbclient '\\server\printer' -P" and use the "print" command. - -Once this works, you know that Samba is setup correctly for printing, -and you should be able to get it to work from your PCs. - -This particularly helps in getting the "print command" right. - - ----------------------- -HINT: Mount cdroms with conv=binary - -Some OSes (notably Linux) default to auto detection of file type on -cdroms and do cr/lf translation. This is a very bad idea when use with -Samba. It causes all sorts of stuff ups. - -To overcome this problem use conv=binary when mounting the cdrom -before exporting it with Samba. - - ----------------------- -HINT: Convert between unix and dos text formats - -Jim barry has written an excellent drag-and-drop cr/lf converter for -windows. Just drag your file onto the icon and it converts the file. - -Get it from -ftp://samba.anu.edu.au/pub/samba/contributed/fixcrlf.zip - ----------------------- -HINT: Use the "username map" option - -If the usernames used on your PCs don't match those used on the unix -server then you will find the "username map" option useful. - ------------------------ -HINT: Use "security = user" in [global] - -If you have the same usernames on the unix box and the PCs or have -mapped them with the "username map" option then choose "security = -user" in the [global] section of smb.conf. - -This will mean your password is checked only when you first connect, -and subsequent connections to printers, disks etc will go more -smoothly and much faster. - -The main problem with "security = user" if you use WfWg is that you -will ONLY be able to connect as the username that you log into WfWg -with. This is because WfWg silently ignores the password field in the -connect drive dialog box if the server is in user security mode. - ------------------------- -HINT: Make your printers not "guest ok" - -If your printers are not "guest ok" and you are using "security = -user" and have matching unix and PC usernames then you will attach to -the printer without trouble as your own username. This will mean you -will be able to delete print jobs (in 1.8.06 and above) and printer -accounting will be possible. - - ------------------------ -HINT: Use a sensible "guest" account - -Even if all your services are not available to "guest" you will need a -guest account. This is because the browsing is done as guest. In many -cases setting "guest account = ftp" will do the trick. Using the -default guest account or "guest account = nobody" will give problems on -many unixes. If in doubt create another account with minimal -privilages and use it instead. Your users don't need to know the -password of the guest account. - - ------------------------ -HINT: Use the latest TCP/IP stack from microsoft if you use Windows -for workgroups. - -The early TCP/IP stacks had lots of bugs. - -Microsoft has released an incremental upgrade to their TCP/IP 32-Bit -VxD drivers. The latest release can be found on their ftp site at -ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe. -There is an update.txt file there that describes the problems that were -fixed. New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386, -WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE. - - ------------------------ -HINT: nmbd can act as a "WINS" server - -By default SMB clients use broadcasts to find shares. Recent clients -(such as WfWg) can use a "wins" server instead, whcih reduces your -broadcast traffic and allows you to find names across routers. - -Just point your WfWg, Win95 and NT clients at the Samba box in the WINS option. - -Note: nmbd does not support all WINS operations. Anyone out there have -a spec they could send me? - ------------------------ -HINT: you may need to delete your .pwl files when you change password. - -WfWg does a lousy job with passwords. I find that if I change my -password on either the unix box or the PC the safest thing to do is to -delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password. - -If you don't do this you may find that WfWg remembers and uses the old -password, even if you told it a new one. - -Often WfWg will totally ignore a password you give it in a dialog box. - ----------------------- -HINT: Using MS Access - -Here are some notes on running MS-Access on a Samba drive from Stefan -Kjellberg <stefank@esi.com.au> - -1. Opening a database in 'exclusive' mode does NOT work. Samba ignores - r/w/share modes on file open. - -2. Make sure that you open the database as 'shared' and to 'lock modified - records' - -3. Of course locking must be enabled for the particular share (smb.conf) - - ---------------------- -HINT: password cacheing in WfWg - -Here is a hint from michael@ecel.uwa.edu.au (Michael Simmons): - -In case people where not aware. There is a program call admincfg.exe -on the last disk (disk 8) of the WFW 3.11 disk set. To install it -type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon -for it via the "Progam Manager" "New" Menu. This program allows you -to control how WFW handles passwords. ie disable Password Caching etc -for use with "security = user" - - --------------------- -HINT: file descriptor limits - -If you have problems with the limits on the number of open files you -can edit local.h to fix it. - --------------------- -HINT: HPUX initgroups() problem - -here is a hint from Frank Wales [frank@arcglade.demon.co.uk]: - -HP's implementation of supplementary groups is, er, non-standard (for -hysterical reasons). There are two group files, /etc/group and -/etc/logingroup; the system maps UIDs to numbers using the former, but -initgroups() reads the latter. Most system admins who know the ropes -symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons -too stupid to go into here). initgroups() will complain if one of the -groups you're in in /etc/logingroup has what it considers to be an invalid -ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think) -60000 currently on HP-UX. This precludes -2 and 65534, the usual 'nobody' -GIDs. - -Perhaps you could suggest to users that, if they encounter this problem, -they make sure that the programs that are failing to initgroups() be -run as users not in any groups with GIDs outside the allowed range. - -This is documented in the HP manual pages under setgroups(2) and passwd(4). - - ---------------------- -HINT: Patch your SCO system - -If you run SCO Unix then you may need to get important TCP/IP patches -for Samba to work correctly. Try - -Paul_Davis@mindlink.bc.ca writes: - - I was having problems with Accpac using 1.9.02 on SCO Unix. One - posting function reported corrupted data. After installing uod385a, - the problem went away (a restore from backup and then another - run-thru). - - It appears that the uod385a update for SCO may be fairly important for - a lot of different DOS and Windows software under Samba. - - uod385a can be found at ftp.sco.com /SLS/uod385a.Z and uod385a.ltr.Z. - - diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar deleted file mode 100644 index 413f54d3c65..00000000000 --- a/docs/textdocs/INSTALL.sambatar +++ /dev/null @@ -1,33 +0,0 @@ -Contributor: Ricky Poulten <poultenr@logica.co.uk> -Date: Unknown -Status: Current - -Subject: Using smbtar -============================================================================= - -Please see the readme and the man page for general info. - -1) Follow the samba installation instructions. - -2) If all goes well, test it out by creating a share on your PC (called -backup for example) then doing something like, - - ./smbtar -s mypc -t /dev/rmt/0ubn -x backup - -substituting whatever your tape drive is for the -t option, or set your -tape environmental variable. - -If all does not go well, feel free to mail the author (poultenr@logica.co.uk) -about bug reports / help / money / pizza / etc. - -3) Read the man page and the NOTES file for more information - -4) Work smbtar into your usual nightly backup scheme (presuming you -have one :-}). - - -NOTE: - -If you have problems with smbtar then it's probably best to contact the -author Ricky Poulten (poultenr@logica.co.uk). - diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt deleted file mode 100644 index 3ea9e3c479b..00000000000 --- a/docs/textdocs/NetBIOS.txt +++ /dev/null @@ -1,131 +0,0 @@ -Contributor: Unknown -Date: Unknown -Status: Current - -Subject: Definition of NetBIOS Protocol and Name Resolution Modes -============================================================================= - -======= -NETBIOS -======= - -NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. -Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS -Session Service NetBIOS Datagram Service, and NetBIOS Names, see -rfc1001.txt and rfc1002.txt. - -NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS -datagrams to be sent out over the 'wire' embedded within LLC frames. -NetBEUI is not required when using NetBIOS over TCP/IP protocols and it -is preferrable NOT to install NetBEUI if it can be avoided. - -NetBIOS applications (such as samba) offer their services (for example, -SMB file and print sharing) on a NetBIOS name. They must claim this name -on the network before doing so. The NetBIOS session service will then -accept connections on the application's behalf (on the NetBIOS name -claimed by the application). A NetBIOS session between the application -and the client can then commence. - -NetBIOS names consist of 15 characters plus a 'type' character. This is -similar, in concept, to an IP address and a TCP port number, respectively. -A NetBIOS-aware application on a host will offer different services under -different NetBIOS name types, just as a host will offer different TCP/IP -services on different port numbers. - -NetBIOS names must be claimed on a network, and must be defended. The use -of NetBIOS names is most suitable on a single subnet; a Local Area Network -or a Wide Area Network. - -NetBIOS names are either UNIQUE or GROUP. Only one application can claim a -UNIQUE NetBIOS name on a network. - -There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point. - -================= -BROADCAST NetBIOS -================= - -Clients can claim names, and therefore offer services on successfully claimed -names, on their broadcast-isolated subnet. One way to get NetBIOS services -(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and -SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make -your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. - -This, however, is not recommended. If you have a large LAN or WAN, you will -find that some of your hosts spend 95 percent of their time dealing with -broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find -that this is already happening: a packet analyzer will show, roughly -every twelve minutes, great swathes of broadcast traffic!]. - - -============ -NBNS NetBIOS -============ - -rfc1001.txt describes, amongst other things, the implementation and use -of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' -which is fully rfc1001/2 compliant, but has had to take specific action -with certain NetBIOS names in order to make it useful. (for example, it -deals with the registration of <1c> <1d> <1e> names all in different ways. -I recommend the reading of the Microsoft WINS Server Help files for full -details). - -Samba also offers WINS server capabilities. Samba does not interact -with NT/AS (WINS replication), so if you have a mixed NT server and -Samba server environment, it is recommended that you use the NT server's -WINS capabilities, instead of samba's WINS server capabilities. - -The use of a WINS server cuts down on broadcast network traffic for -NetBIOS name resolution. It has the effect of pulling all the broadcast -isolated subnets together into a single NetBIOS scope, across your LAN -or WAN, while avoiding the use of TCP/IP broadcast packets. - -When you have a WINS server on your LAN, WINS clients will be able to -contact the WINS server to resolve NetBIOS names. Note that only those -WINS clients that have registered with the same WINS server will be -visible. The WINS server _can_ have static NetBIOS entries added to its -database (usually for security reasons you might want to consider putting -your domain controllers or other important servers as static entries, -but you should not rely on this as your sole means of security), but for -the most part, NetBIOS names are registered dynamically. - -[It is important to mention that samba's browsing capabilities (as a WINS -client) must have access to a WINS server. if you are using samba also -as a WINS server, then it will have a direct short-cut into the WINS -database. - -This provides some confusion for lots of people, and is worth mentioning -here: a Browse Server is NOT a WINS Server, even if these services are -implemented in the same application. A Browse Server _needs_ a WINS server -because a Browse Server is a WINS client, which is _not_ the same thing]. - -Clients can claim names, and therefore offer services on successfully claimed -names, on their broadcast-isolated subnet. One way to get NetBIOS services -(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and -SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make -your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. - -WINS Clients therefore claim names from the WINS server. If the WINS -server allows them to register a name, the client's NetBIOS session service -can then offer services on this name. Other WINS clients will then -contact the WINS server to resolve a NetBIOS name. - -To configure samba as a WINS server, you must add "wins support = yes" to -the [global] section of your smb.conf file. This will enable WINS server -capabilities in nmbd. - -To configure samba as a WINS client, you must add "wins server = x.x.x.x" -to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP -address of your WINS server. The browsing capabilities in nmbd will then -register (and resolve) WAN-wide NetBIOS names with this WINS server. - -Note that if samba has "wins support = yes", then the browsing capabilities -will _not_ use the "wins server" option to resolve NetBIOS names: it will -go directly to the internal WINS database for NetBIOS name resolution. It -is therefore invalid to have both "wins support = yes" and -"wins server = x.x.x.x". Note, in particular, that if you configure the -"wins server" parameter to be the ip address of your samba server itself -(as might one intuitively think), that you will run into difficulties. -Do not use both parameters! - - diff --git a/docs/textdocs/PROJECTS b/docs/textdocs/PROJECTS deleted file mode 100644 index 07f82c74d94..00000000000 --- a/docs/textdocs/PROJECTS +++ /dev/null @@ -1,88 +0,0 @@ - Samba Projects Directory - ======================== - - ->>>>> NOTE: THIS FILE IS NOW VERY OUT OF DATE <<<<< - - -This is a list of who's working on what in Samba. It's not guaranteed -to be uptodate or accurate but I hope it will help us getting -coordinated. - -If you are working on something to do with Samba and you aren't here -then please let me know! Also, if you are listed below and you have -any corrections or updates then please let me know. - -Email contact: -samba-bugs@samba.anu.edu.au - -======================================================================== -Documentation and FAQ - -Docs and FAQ files for the Samba suite of software. - -Contact samba-bugs@samba.anu.edu.au with the diffs. These are urgently -required. - -The FAQ is being added to on an ad hoc basis, see the web pages for info. - -Mark Preston was working on a set of formatted docs for Samba. Is this -still happening? Contact mpreston@sghms.ac.uk - -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Netbeui support - -This aimed to produce patches so that Samba can be used with clients -that do not have TCP/IP. It will try to remain as portable as possible. -Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and -although a lot of people have expressed interest nobody has come forward -to do it. The Novell port (see Samba web pages) includes NetBEUI -functionality in a proprietrary library which should still be helpful as -we have the interfaces. Alan Cox (a.cox@li.org) has the information -required to write the state machine if someone is going to do the work. - -Status last updated 2nd October 1996 -======================================================================== - -======================================================================== -Smbfs - -A mountable smb filesystem for Linux using the userfs userspace filesystem - -Contact lendecke@namu01.gwdg.de (Volker Lendecke) - -This works really well, and is measurably more efficient than commercial -client software. It is now part of the Linux kernel. Long filename support -is in use. - -Status last updated June 1997 -======================================================================== - -======================================================================== -Admin Tool - -Aims to produce a nice smb.conf editor and other useful tools for -administering a Samba system. - -Contact: Steve Brown (steve@unicorn.dungeon.com) - -In the design phase. - -Status last updated 4th September 1994 -======================================================================== - - -======================================================================== -Lanman Client. - -Contact: john@amanda.xs4all.nl (John Stewart) - -Aims to produce a reliable LANMAN Client implementation for LINUX, -and possibly other variations of UNIX. Project ably started by -Tor Lillqvist; tml@hemuli.tte.vtt.fi - -Status last updated 17th January 1995 -======================================================================== diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt deleted file mode 100644 index 3d7acac9dd3..00000000000 --- a/docs/textdocs/Passwords.txt +++ /dev/null @@ -1,46 +0,0 @@ -Contributor: Unknown -Date: Unknown -Status: Current - -Subject: NOTE ABOUT PASSWORDS -============================================================================= - -Unix systems use a wide variety of methods for checking the validity -of a password. This is primarily controlled with the Makefile defines -mentioned in the Makefile. - -Also note that some clients (notably WfWg) uppercase the password -before sending it. The server tries the password as it receives it and -also after lowercasing it. - -The Samba server can also be configured to try different -upper/lowercase combinations. This is controlled by the [global] -parameter "password level". A level of N means to try all combinations -up to N uppercase characters in the password. A high value can chew a -fair bit of CPU time and can lower the security of your system. Do not -use this options unless you really need it - the time taken for -password checking can become so high that clients time out. - -If you do use the "password level" option then you might like to use --DUFC_CRYPT in your Makefile. On some machine this makes password -checking _much_ faster. This is also useful if you use the @group -syntax in the user= option. - -If your site uses AFS (the Andrew File System), you can use the AFS section -in the Makefile. This will first attempt to authenticate a username and -password to AFS. If that succeeds, then the associated AFS rights will be -granted. Otherwise, the password checking routine falls back to whatever -Unix password checking method you are using. Note that the AFS code is -only written and tested for AFS 3.3 and later. - - -SECURITY = SERVER -================= - -Samba can use a remote server to do it's username/password -validation. This allows you to have one central machine (for example a -NT box) control the passwords for the Unix box. - -See the section on "security =" in smb.conf(5) for details. - - diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt deleted file mode 100644 index e8a2d2ad27f..00000000000 --- a/docs/textdocs/Printing.txt +++ /dev/null @@ -1,93 +0,0 @@ -Contributor: Unknown <samba-bugs@samba.anu.edu.au> -Date: Unknown -Status: Current - -Subject: Dubugging Printing Problems -============================================================================= - -This is a short description of how to debug printing problems with -Samba. This describes how to debug problems with printing from a SMB -client to a Samba server, not the other way around. For the reverse -see the examples/printing directory. - -Please send enhancements to this file to samba-bugs@samba.anu.edu.au - -Ok, so you want to print to a Samba server from your PC. The first -thing you need to understand is that Samba does not actually do any -printing itself, it just acts as a middleman between your PC client -and your Unix printing subsystem. Samba receives the file from the PC -then passes the file to a external "print command". What print command -you use is up to you. - -The whole things is controlled using options in smb.conf. The most -relevant options (which you should look up in the smb.conf man page) -are: - print command - lpq command - lprm command - -Samba should set reasonable defaults for these depending on your -system type, but it isn't clairvoyant. It is not uncommon that you -have to tweak these for local conditions. - -On my system I use the following settings: - - print command = lpr -r -P%p %s - lpq command = lpq -P%p - lprm command = lprm -P%p %j - -The % bits are "macros" that get dynamically replaced with variables -when they are used. The %s gets replaced with the name of the spool -file that Samba creates and the %p gets replaced with the name of the -printer. The %j gets replaced with the "job number" which comes from -the lpq output. - -When I'm debugging printing problems I often replace these command -with pointers to shell scripts that record the arguments, and the -contents of the print file. A simple example of this kind of things -might be: - - print command = cp %s /tmp/tmp.print - -then you print a file and look at the /tmp/tmp.print file to see what -is produced. Try printing this file with lpr. Does it work? If not -then your problem with with your lpr system, not with Samba. Often -people have problems with their /etc/printcap file or permissions on -various print queues. - -Another common problem is that /dev/null is not world writeable. Yes, -amazing as it may seem, some systems make /dev/null only writeable by -root. Samba uses /dev/null as a place to discard output from external -commands like the "print command" so if /dev/null is not writeable -then nothing will work. - -Other really common problems: - -- lpr isn't in the search path when Samba tries to run it. Fix this by -using the full path name in the "print command" - -- the user that the PC is trying to print as doesn't have permission -to print. Fix your lpr system. - -- you get an extra blank page of output. Fix this in your lpr system, -probably by editing /etc/printcap. It could also be caused by -incorrect setting on your client. For example, under Win95 there is a -option Printers|Printer Name|(Right -Click)Properties|Postscript|Advanced| that allows you to choose if a -Ctrl-D is appended to all jobs. This will affect if a blank page is -output. - -- you get raw postscript instead of nice graphics on the output. Fix -this either by using a "print command" that cleans up the file before -sending it to lpr or by using the "postscript" option in smb.conf. - -Note that you can do some pretty magic things by using your -imagination with the "print command" option and some shell -scripts. Doing print accounting is easy by passing the %U option to a -print command shell script. You could even make the print command -detect the type of output and its size and send it to an appropriate -printer. - -If the above debug tips don't help, then maybe you need to bring in -the bug gun, system tracing. See Tracing.txt in this directory. - diff --git a/docs/textdocs/README.DCEDFS b/docs/textdocs/README.DCEDFS deleted file mode 100644 index da9bb2197da..00000000000 --- a/docs/textdocs/README.DCEDFS +++ /dev/null @@ -1,78 +0,0 @@ -Contributor: Jim Doyle <doyle@oec.com> -Date: 06-02-95 -Status: Current but needs updating - -Subject: Basic DCE/DFS Support for SAMBA 1.9.13 -============================================================================= - -Functionality: --------------- - - Per-instance authentication for DCE/DFS. - -Missing Functionality in this Implementation: ---------------------------------------------- - - * No automatic refresh of credentials - - To do so would not be that hard.. One could simply - stash the clear-text key in memory, spawn a key management - thread to wake up right before credentials expire and - refresh the login context. - - * No UNIX Signals support (SIGCLD, SIGPIPE, SIGHUP, SIGBUS, SIGSEGV) - - - There is no support for signal processing in Samba daemons - that need to authenticate with DCE. The explanation for this - is that the smbd is linked against thread-safe libraries in - order to be able to use DCE authentication mechanisms. - Because smbd uses signal() and fork(), it represents the - worst case scenario for DCE portability. In order - to properly support signals in a forked server environment, - some rework of smbd is needed in order to properly - construct, shutdown and reconstruct asynchronous signal - handling threads and synchronous signal traps across the - parent and child. I have not had contiguous time to work - on it, I expect it to be a weeks worth of work to cleanly - integrate thread-safe signal handing into the code and - test it. Until I can get to this task, I will leave it up - to someone adventurous enough to engineer it and negotiate - with Andrew to integrate the changes into the mainline branch. - - The lack of full signal support means that you cannot - rely upon SIGHUP-ing the parent daemon to refresh - the configuration data. Likewise, you cannot take advantage - of the builtin SIGBUS/SIGSEGV traps to diagnose failures. - You will have to halt Samba in order to make changes - and then have them take effect. - - The SMBD server as it stands is suitable to use if you - already have experience with configuring and running - SAMBA. - -Tested Platforms: ------------------ - - HP-UX 9.05 / HP-UX DCE 1.2.1 - AIX 3.2.5 / AIX DCE/6000 1.3 - DEC OSF-1 3.0 / DEC DCE 1.3 - -Building: ---------- - - - Uncomment the the appropriate block in the Makefile - for the platform you wish to build on. - - - Samples of Samba server configuration files for our - DFS environment are included in samples.dcedfs/ - - - -Bugs, Suggestions, etc.. --------------------------- - - Please post them to the mailing list. - That way I will see them and they will become part of - the archives so others can share the knowledge. - diff --git a/docs/textdocs/README.jis b/docs/textdocs/README.jis deleted file mode 100644 index 50ff0cced74..00000000000 --- a/docs/textdocs/README.jis +++ /dev/null @@ -1,149 +0,0 @@ -$B!|(B samba $BF|K\8lBP1~$K$D$$$F(B - -1. $BL\E*(B - - $BF|K\8lBP1~$O!"(B - - (1) MS-Windows $B>e$G!"4A;z%U%!%$%kL>$r$I$&$7$F$b07$&I,MW$N$"$k%"%W%j%1!<%7%g%s$,$A$c(B - $B$s$HF0:n$9$k!#Nc$($P!"(BMS-WORD 5 $B$J$I$O!"%$%s%9%H!<%k;~$K4A;z$N%U%!%$%kL>$r>!<j(B - $B$K$D$1$F$7$^$$$^$9!#$3$&$$$C$?>l9g$K$A$c$s$HBP1~$G$-$k$h$&$K$9$k!#(B - - (2) UNIX $B$O!":G6a$G$O$[$H$s$I$N$b$N$,(B 8 bits $B$N%U%!%$%kL>$r%5%]!<%H$7$F$$$^$9$,!"(B - $BCf$K$O!"$3$l$r%5%]!<%H$7$F$$$J$$$b$N$b$"$j$^$9!#$3$N$h$&$J>l9g$G$b!"(B(1)$B$NL\E*(B - $B$,K~B-$G$-$k$h$&$K$9$k!#(B - - $B$rL\E*$H$7$F$$$^$9!#$=$N$?$a!"F|K\8lBP1~$O!"I,MW:G>.8B$7$+9T$J$C$F$*$j$^$;$s!#(B - - $BF|K\8lBP1~$7$?(B samba $B$rMxMQ$9$k$?$a$K$O!"%3%s%Q%$%k$9$k;~$K!"I,$:!"(BKANJI $B$NDj5A$rDI(B - $B2C$7$F$/$@$5$$!#$3$N%*%W%7%g%s$r;XDj$7$F$$$J$$>l9g$O!"F|K\8l$N%U%!%$%kL>$r@5$7$/07(B - $B$&$3$H$O$G$-$^$;$s!#!J%3%s%Q%$%k$K$D$$$F$O!"2<5-(B 3. $B$r;2>H$7$F2<$5$$!K(B - -2. $BMxMQJ}K!(B - -(1) $BDI2C$7$?%Q%i%a!<%?(B - - smb.conf $B%U%!%$%k$N(B global $B%;%/%7%g%s$K0J2<$N%Q%i%a!<%?$r@_Dj$G$-$k$h$&$K$7$^$7$?!#(B - - [global] - .... - coding system = <$B%3!<%I7O(B> - - $B$3$3$G;XDj$5$l$?%3!<%I7O$,(B UNIX $B>e$N%U%!%$%k%7%9%F%`$N%U%!%$%kL>$N%3!<%I$K$J$j$^$9!#(B - $B@_Dj$G$-$k$b$N$O!"<!$N$h$&$K$J$C$F$$$^$9!#(B - - sjis: SHIFT JIS (MS $B4A;z%3!<%I(B) - euc: EUC $B%3!<%I(B - hex: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$G$9!#Nc$($P!"(B - '$B%*%U%#%9(B' $B$H$$$&L>A0$O!"(B':83:49:83:74:83:42:83:58' $B$N$h$&$K!"(B':' $B$N8e$K#27e(B - $B$N(B16$B?J?t$rB3$1$k7A<0$K$J$j$^$9!#(B - $B$3$3$G!"(B':' $B$rB>$NJ8;z$KJQ99$7$?$$>l9g$O!"(Bhex $B$N8e$m$K$=$NJ8;z$r;XDj$7$^$9!#(B - $BNc$($P!"(B@$B$rJQ$o$j$K;H$$$?$$>l9g$O!"(B'hex@'$B$N$h$&$K;XDj$7$^$9!#(B - cap: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$H$$$&E@$G$O(B - hex$B$HF1MM$G$9$,!"(BCAP (The Columbia AppleTalk Package)$B$H8_49@-$r;}$DJQ49(B - $BJ}<0$H$J$C$F$$$^$9!#(Bhex$B$H$N0c$$$O(B0x80$B0J>e$N%3!<%I$N$_(B':80'$B$N$h$&$KJQ49(B - $B$5$l!"$=$NB>$O(BASCII$B%3!<%I$G8=$5$l$^$9!#(B - $BNc$($P!"(B'$B%*%U%#%9(B'$B$H$$$&L>A0$O!"(B':83I:83t:83B:83X'$B$H$J$j$^$9!#(B - - JIS $B%3!<%I$K$D$$$F$O!"0J2<$NI=$r;2>H$7$F2<$5$$!#(B - $B(#(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(!(!(!(!(!($(B - $B(";XDj(B $B("4A;z3+;O("4A;z=*N;("%+%J3+;O("%+%J=*N;("1Q?t3+;O("Hw9M(B $B("(B - $B('(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(+(!(!(!(!(!(!(!(!(!()(B - $B("(Bjis7 $B("(B\E$B $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(Bjis 7$BC10LId9f(B $B("(B - $B("(Bjunet $B("(B\E$B $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(B7bits $B%3!<%I(B $B("(B - $B("(Bjis8 $B("(B\E$B $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(Bjis 8$BC10LId9f(B $B("(B - $B("(Bj7bb $B("(B\E$B $B("(B\E(B $B("(B0x0e $B("(B0x0f $B("(B\E(B $B("(B $B("(B - $B("(Bj7bj $B("(B\E$B $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(Bjis7$B$HF1$8(B $B("(B - $B("(Bj7bh $B("(B\E$B $B("(B\E(H $B("(B0x0e $B("(B0x0f $B("(B\E(H $B("(B $B("(B - $B("(Bj7@b $B("(B\E$@ $B("(B\E(B $B("(B0x0e $B("(B0x0f $B("(B\E(B $B("(B $B("(B - $B("(Bj7@j $B("(B\E$@ $B("(B\E(J $B("(B0x0e $B("(B0x0f $B("(B\E(J $B("(B $B("(B - $B("(Bj7@h $B("(B\E$@ $B("(B\E(H $B("(B0x0e $B("(B0x0f $B("(B\E(H $B("(B $B("(B - $B("(Bj8bb $B("(B\E$B $B("(B\E(B $B("(B-- $B("(B-- $B("(B\E(B $B("(B $B("(B - $B("(Bj8bj $B("(B\E$B $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(Bjis8$B$HF1$8(B $B("(B - $B("(Bj8bh $B("(B\E$B $B("(B\E(H $B("(B-- $B("(B-- $B("(B\E(H $B("(B $B("(B - $B("(Bj8@b $B("(B\E@@ $B("(B\E(B $B("(B-- $B("(B-- $B("(B\E(B $B("(B $B("(B - $B("(Bj8@j $B("(B\E$@ $B("(B\E(J $B("(B-- $B("(B-- $B("(B\E(J $B("(B $B("(B - $B("(Bj8@h $B("(B\E$@ $B("(B\E(H $B("(B-- $B("(B-- $B("(B\E(H $B("(B $B("(B - $B("(Bjubb $B("(B\E$B $B("(B\E(B $B("(B\E(I $B("(B\E(B $B("(B\E(B $B("(B $B("(B - $B("(Bjubj $B("(B\E$B $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(Bjunet$B$HF1$8(B $B("(B - $B("(Bjubh $B("(B\E$B $B("(B\E(H $B("(B\E(I $B("(B\E(H $B("(B\E(H $B("(B $B("(B - $B("(Bju@b $B("(B\E$@ $B("(B\E(B $B("(B\E(I $B("(B\E(B $B("(B\E(B $B("(B $B("(B - $B("(Bju@j $B("(B\E$@ $B("(B\E(J $B("(B\E(I $B("(B\E(J $B("(B\E(J $B("(B $B("(B - $B("(Bju@h $B("(B\E$@ $B("(B\E(H $B("(B\E(I $B("(B\E(H $B("(B\E(H $B("(B $B("(B - $B(&(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(*(!(!(!(!(!(!(!(!(!(%(B - - $B$$$:$l$N>l9g$b!"$9$G$KB8:_$7$F$$$kL>A0$KBP$7$F$O!"4A;z$N3+;O=*N;%7!<%1%s%9$O!"0J2<(B - $B$N$b$N$rG'<1$7$^$9!#(B - $B4A;z$N;O$^$j(B: \E$B $B$+(B \E$@ - $B4A;z$N=*$j(B: \E(J $B$+(B \E(B $B$+(B \E(H - -(2) smbclient $B$N%*%W%7%g%s(B - - $B%/%i%$%"%s%H%W%m%0%i%`$G$b!"4A;z$d2>L>$r4^$s$@%U%!%$%k$r07$($k$h$&$K!"<!$N%*%W%7%g%s(B - $B$rDI2C$7$^$7$?!#(B - - -t <$B%?!<%_%J%k%3!<%I7O(B> - - $B$3$3$G!"(B<$B%?!<%_%J%k%3!<%I7O(B>$B$K;XDj$G$-$k$b$N$O!">e$N(B<$B%3!<%I7O(B>$B$HF1$8$b$N$G$9!#(B - -(3) $B%G%U%)%k%H(B - - $B%G%U%)%k%H$N%3!<%I7O$O!"%3%s%Q%$%k;~$K7h$^$j$^$9!#(B - -3. $B%3%s%Q%$%k;~$N@_Dj(B - - Makefile $B$K@_Dj$9$k9`L\$r0J2<$K<($7$^$9!#(B - -(1) KANJI $B%U%i%0(B - - $B%3%s%Q%$%k%*%W%7%g%s$K(B -DKANJI=\"$B%3!<%I7O(B\" $B$r;XDj$7$^$9!#$3$N%3!<%I7O$O(B 2. $B$G;X(B - $BDj$9$k$b$N$HF1$8$G$9!#Nc$($P!"(B-DKANJI=\"euc\" $B$r(BFLAGSM $B$K@_Dj$9$k$H(B UNIX $B>e$N%U%!(B - $B%$%kL>$O!"(BEUC $B%3!<%I$K$J$j$^$9!#$3$3$G;XDj$7$?%3!<%I7O$O!"%5!<%P5Z$S%/%i%$%"%s%H(B - $B%W%m%0%i%`$N%G%U%)%k%H$KCM$J$j$^$9!#(B - - $B>0!"%*%W%7%g%sCf$N(B \ $B$d(B " $B$bK:$l$:$K;XDj$7$F2<$5$$!#(B - -3. $B@)8B;v9`(B - -(1) $B4A;z%3!<%I(B - smbd $B$rF0:n$5$;$k%[%9%H$N(B UNIX $B$,%5%]!<%H$7$F$$$J$$4A;z%3!<%I$O!"MxMQ$G$-$J$$$3$H$,(B - $B$"$j$^$9!#JQ$JF0:n$r$9$k$h$&$J$i(B hex $B$N;XDj$r$9$k$N$,NI$$$G$7$g$&!#(B - -(2) smbclient $B%3%^%s%I(B - $B%7%U%H%3!<%I$J$I$N4X78$G!"4A;z$d2>L>$r4^$s$@%U%!%$%kL>$N(B ls $B$NI=<($,Mp$l$k$3$H$,$"$j(B - $B$^$9!#(B - -(3) $B%o%$%k%I%+!<%I$K$D$$$F(B - $B$A$c$s$H$7$?%9%Z%C%/$,$h$/$o$+$i$J$+$C$?$N$G$9$,!"0l1~!"(BDOS/V $B$NF0:n$HF1$8F0:n$r9T$J(B - $B$&$h$&$K$J$C$F$$$^$9!#(B - -(4) $B%m%s%0%U%!%$%kL>$K$D$$$F(B - Windows NT/95 $B$G$O!"%m%s%0%U%!%$%kL>$,07$($^$9!#%m%s%0%U%!%$%kL>$r(B 8.3 $B%U%)!<%^%C%H(B - $B$G07$&$?$a$K!"(Bmangling $B$7$F$$$^$9$,!"$3$NJ}K!$O!"(BNT $B$d(B 95 $B$,9T$J$C$F$$$k(B mangling $B$H(B - $B$O0[$J$j$^$9$N$GCm0U$7$F2<$5$$!#(B - -4. $B>c32Ey$N%l%]!<%H$K$D$$$F(B - - $BF|K\8l$N%U%!%$%kL>$K4X$7$F!"J8;z2=$1Ey$N>c32$,$"$l$P!";d$K%l%]!<%H$7$FD:$1$l$P9,$$$G(B -$B$9!#$?$@$7!"%*%j%8%J%k$+$i$NLdBjE@$d<ALd$K$D$$$F$O!"%*%j%8%J%k$N:n<T$XD>@\Ld$$9g$o$;$k(B -$B$+!"$b$7$/$O%a!<%j%s%0%j%9%H$J$I$X%l%]!<%H$9$k$h$&$K$7$F2<$5$$!#(B - -$B%l%]!<%H$5$l$k>l9g!"MxMQ$5$l$F$$$k4D6-(B(UNIX $B5Z$S(B PC $BB&$N(BOS$B$J$I(B)$B$H$G$-$^$7$?$i@_Dj%U%!(B -$B%$%k$d%m%0$J$I$rE:IU$7$FD:$1$k$H9,$$$G$9!#(B - -5. $B$=$NB>(B - - $B%3!<%IJQ49$O0J2<$NJ}!9$,:n$i$l$?%W%m%0%i%`$rMxMQ$7$F$$$^$9!#(B - - hex $B7A<0(B $BBgLZ!wBgDM!&C^GH(B <ohki@gssm.otsuka.tsukuba.ac.jp>$B;a(B - cap $B7A<0(B $BI%ED(B $BF;O:(B (michiro@po.iijnet.or.jp)(michiro@dms.toppan.co.jp)$B;a(B - - $B$=$NB>!"$?$/$5$s$NJ}!9$+$i$$$m$$$m$H8f65<($$$?$@$-$"$j$,$H$&$4$6$$$^$7$?!#:#8e$H$b$h(B -$B$m$7$/$*4j$$CW$7$^$9!#(B - -1994$BG/(B10$B7n(B28$BF|(B $BBh#1HG(B -1995$BG/(B 8$B7n(B16$BF|(B $BBh#2HG(B -1995$BG/(B11$B7n(B24$BF|(B $BBh#3HG(B -1996$BG/(B 5$B7n(B13$BF|(B $BBh#4HG(B - -$BF#ED(B $B?r(B fujita@ainix.isac.co.jp - diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar deleted file mode 100644 index af7250c2a49..00000000000 --- a/docs/textdocs/README.sambatar +++ /dev/null @@ -1,23 +0,0 @@ -Contributor/s: Martin.Kraemer <Martin.Kraemer@mch.sni.de> - and Ricky Poulten (ricky@logcam.co.uk) -Date: Unknown - circa 1994 -Status: Obsoleted - smbtar has been a stable part of Samba - since samba-1.9.13 - -Subject: Sambatar (now smbtar) -============================================================================= - -This is version 1.4 of my small extension to samba that allows PC shares -to be backed up directly to a UNIX tape. It only has been tested under -Solaris 2.3, Linux 1.1.59 and DG/UX 5.4r3.10 with version 1.9.13 of samba. - -See the file INSTALL for installation instructions, and -the man page and NOTES file for some basic usage. Please let me know if you -have any problems getting it to work under your flavour of Unix. - -This is only (yet another) intermediate version of sambatar. -This version also comes with an extra gift, zen.bas, written in -microsoft qbasic by a colleague. It is (apparently) based on a 70s -British sci-fi series known as Blake's 7. If you have any questions -about this program, or any suggestions (e.g. what about servillan.bas -?), feel free to mail the author (of zen.bas) greenm@lilhd.logica.com. diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt deleted file mode 100644 index 7c01aa57c6c..00000000000 --- a/docs/textdocs/SCO.txt +++ /dev/null @@ -1,19 +0,0 @@ -Contributor: Geza Makay <makayg@math.u-szeged.hu> -Date: Unknown -Status: Obsolete - Dates to SCO Unix v3.2.4 approx. - -Subject: TCP/IP Bug in SCO Unix -============================================================================ - -There is an annoying TCPIP bug in SCO Unix. This causes corruption when -transferring files with Samba. - -Geza Makay (makayg@math.u-szeged.hu) sends this information: - -The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z). - -You do not need anything else but the above patch. It installs in seconds, -and corrected the Excel problem. We also had some other minor problems (not -only with Samba) that disappeared by installing this patch. - diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes deleted file mode 100644 index 679d776f56c..00000000000 --- a/docs/textdocs/SMBTAR.notes +++ /dev/null @@ -1,46 +0,0 @@ -Contributor: Unknown -Date: 1994 -Status: Mostly Current - refer man page - -Subject: Smbtar -============================================================================ - -Intro ------ - -sambatar is just a small extension to the smbclient program distributed with -samba. A basic front end shell script, smbtar, is provided as an interface -to the smbclient extensions. - -Extensions ----------- - -This release adds the following extensions to smbclient, - -tar [c|x] filename - creates or restores from a tar file. The tar file may be a tape -or a unix tar file. tar's behaviour is modified with the newer and tarmode -commands. - -tarmode [full|inc|reset|noreset] - With no arguments, tarmode prints the current tar mode (by default full, -noreset). In full mode, every file is backed up during a tar command. -In incremental, only files with the dos archive bit set are backed up. -The archive bit is reset if in reset mode, or left untouched if in noreset. -In reset mode, the share has to be writable, which makes sambatar even -less secure. An alternative might be to use tarmode inc noreset which -would implement an "expanding incremental" backup (which some may prefer -anyway). - -setmode <setmode string> filename - This is a "freebie" - nothing really to do with sambatar. This -is a crude attrib like command (only the other way around). Setmode string -is a combination of +-rhsa. So for example -rh would reset the read only -bit on filename. - -newer filename - This is in fact part of the 1.9.13 samba distribution, but comes -into its own with sambatar. This causes tar (or get, mget, etc) to -only copy files newer than the specified file name. Could be used -against the previous nights (or whatever) log file to implement incremental -backups. diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt deleted file mode 100644 index b11885fc377..00000000000 --- a/docs/textdocs/Speed.txt +++ /dev/null @@ -1,318 +0,0 @@ -Contributor: Andrew Tridgell -Date: January 1995 -Status: Current - -Subject: Samba performance issues -============================================================================ - -This file tries to outline the ways to improve the speed of a Samba server. - -COMPARISONS ------------ - -The Samba server uses TCP to talk to the client. Thus if you are -trying to see if it performs well you should really compare it to -programs that use the same protocol. The most readily available -programs for file transfer that use TCP are ftp or another TCP based -SMB server. - -If you want to test against something like a NT or WfWg server then -you will have to disable all but TCP on either the client or -server. Otherwise you may well be using a totally different protocol -(such as Netbeui) and comparisons may not be valid. - -Generally you should find that Samba performs similarly to ftp at raw -transfer speed. It should perform quite a bit faster than NFS, -although this very much depends on your system. - -Several people have done comparisons between Samba and Novell, NFS or -WinNT. In some cases Samba performed the best, in others the worst. I -suspect the biggest factor is not Samba vs some other system but the -hardware and drivers used on the various systems. Given similar -hardware Samba should certainly be competitive in speed with other -systems. - - -OPLOCKS -------- - -Oplocks are the way that SMB clients get permission from a server to -locally cache file operations. If a server grants an oplock -(opportunistic lock) then the client is free to assume that it is the -only one accessing the file and it will agressively cache file -data. With some oplock types the client may even cache file open/close -operations. This can give enormous performance benefits. - -Samba does not support opportunistic locks because they are very -difficult to do under Unix. Samba can fake them, however, by granting -a oplock whenever a client asks for one. This is controlled using the -smb.conf option "fake oplocks". If you set "fake oplocks = yes" then -you are telling the client that it may agressively cache the file -data. - -By enabling this option on all read-only shares or shares that you know -will only be accessed from one client at a time you will see a big -performance improvement on many operations. If you enable this option -on shares where multiple clients may be accessing the files read-write -at the same time you can get data corruption. Use this option -carefully! - -This option is disabled by default. - -SOCKET OPTIONS --------------- - -There are a number of socket options that can greatly affect the -performance of a TCP based server like Samba. - -The socket options that Samba uses are settable both on the command -line with the -O option, or in the smb.conf file. - -The "socket options" section of the smb.conf manual page describes how -to set these and gives recommendations. - -Getting the socket options right can make a big difference to your -performance, but getting them wrong can degrade it by just as -much. The correct settings are very dependent on your local network. - -The socket option TCP_NODELAY is the one that seems to make the -biggest single difference for most networks. Many people report that -adding "socket options = TCP_NODELAY" doubles the read performance of -a Samba drive. The best explanation I have seen for this is that the -Microsoft TCP/IP stack is slow in sending tcp ACKs. - - -READ SIZE ---------- - -The option "read size" affects the overlap of disk reads/writes with -network reads/writes. If the amount of data being transferred in -several of the SMB commands (currently SMBwrite, SMBwriteX and -SMBreadbraw) is larger than this value then the server begins writing -the data before it has received the whole packet from the network, or -in the case of SMBreadbraw, it begins writing to the network before -all the data has been read from disk. - -This overlapping works best when the speeds of disk and network access -are similar, having very little effect when the speed of one is much -greater than the other. - -The default value is 16384, but very little experimentation has been -done yet to determine the optimal value, and it is likely that the best -value will vary greatly between systems anyway. A value over 65536 is -pointless and will cause you to allocate memory unnecessarily. - - -MAX XMIT --------- - -At startup the client and server negotiate a "maximum transmit" size, -which limits the size of nearly all SMB commands. You can set the -maximum size that Samba will negotiate using the "max xmit = " option -in smb.conf. Note that this is the maximum size of SMB request that -Samba will accept, but not the maximum size that the *client* will accept. -The client maximum receive size is sent to Samba by the client and Samba -honours this limit. - -It defaults to 65536 bytes (the maximum), but it is possible that some -clients may perform better with a smaller transmit unit. Trying values -of less than 2048 is likely to cause severe problems. - -In most cases the default is the best option. - - -LOCKING -------- - -By default Samba does not implement strict locking on each read/write -call (although it did in previous versions). If you enable strict -locking (using "strict locking = yes") then you may find that you -suffer a severe performance hit on some systems. - -The performance hit will probably be greater on NFS mounted -filesystems, but could be quite high even on local disks. - - -SHARE MODES ------------ - -Some people find that opening files is very slow. This is often -because of the "share modes" code needed to fully implement the dos -share modes stuff. You can disable this code using "share modes = -no". This will gain you a lot in opening and closing files but will -mean that (in some cases) the system won't force a second user of a -file to open the file read-only if the first has it open -read-write. For many applications that do their own locking this -doesn't matter, but for some it may. Most Windows applications -depend heavily on "share modes" working correctly and it is -recommended that the Samba share mode support be left at the -default of "on". - -The share mode code in Samba has been re-written in the 1.9.17 -release following tests with the Ziff-Davis NetBench PC Benchmarking -tool. It is now believed that Samba 1.9.17 implements share modes -similarly to Windows NT. - -NOTE: In the most recent versions of Samba there is an option to use -shared memory via mmap() to implement the share modes. This makes -things much faster. See the Makefile for how to enable this. - - -LOG LEVEL ---------- - -If you set the log level (also known as "debug level") higher than 2 -then you may suffer a large drop in performance. This is because the -server flushes the log file after each operation, which can be very -expensive. - - -WIDE LINKS ----------- - -The "wide links" option is now enabled by default, but if you disable -it (for better security) then you may suffer a performance hit in -resolving filenames. The performance loss is lessened if you have -"getwd cache = yes", which is now the default. - - -READ RAW --------- - -The "read raw" operation is designed to be an optimised, low-latency -file read operation. A server may choose to not support it, -however. and Samba makes support for "read raw" optional, with it -being enabled by default. - -In some cases clients don't handle "read raw" very well and actually -get lower performance using it than they get using the conventional -read operations. - -So you might like to try "read raw = no" and see what happens on your -network. It might lower, raise or not affect your performance. Only -testing can really tell. - - -WRITE RAW ---------- - -The "write raw" operation is designed to be an optimised, low-latency -file write operation. A server may choose to not support it, -however. and Samba makes support for "write raw" optional, with it -being enabled by default. - -Some machines may find "write raw" slower than normal write, in which -case you may wish to change this option. - -READ PREDICTION ---------------- - -Samba can do read prediction on some of the SMB commands. Read -prediction means that Samba reads some extra data on the last file it -read while waiting for the next SMB command to arrive. It can then -respond more quickly when the next read request arrives. - -This is disabled by default. You can enable it by using "read -prediction = yes". - -Note that read prediction is only used on files that were opened read -only. - -Read prediction should particularly help for those silly clients (such -as "Write" under NT) which do lots of very small reads on a file. - -Samba will not read ahead more data than the amount specified in the -"read size" option. It always reads ahead on 1k block boundaries. - - -MEMORY MAPPING --------------- - -Samba supports reading files via memory mapping them. One some -machines this can give a large boost to performance, on others it -makes not difference at all, and on some it may reduce performance. - -To enable you you have to recompile Samba with the -DUSE_MMAP option -on the FLAGS line of the Makefile. - -Note that memory mapping is only used on files opened read only, and -is not used by the "read raw" operation. Thus you may find memory -mapping is more effective if you disable "read raw" using "read raw = -no". - - -SLOW CLIENTS ------------- - -One person has reported that setting the protocol to COREPLUS rather -than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s). - -I suspect that his PC's (386sx16 based) were asking for more data than -they could chew. I suspect a similar speed could be had by setting -"read raw = no" and "max xmit = 2048", instead of changing the -protocol. Lowering the "read size" might also help. - - -SLOW LOGINS ------------ - -Slow logins are almost always due to the password checking time. Using -the lowest practical "password level" will improve things a lot. You -could also enable the "UFC crypt" option in the Makefile. - -CLIENT TUNING -------------- - -Often a speed problem can be traced to the client. The client (for -example Windows for Workgroups) can often be tuned for better TCP -performance. - -See your client docs for details. In particular, I have heard rumours -that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a -large impact on performance. - -Also note that some people have found that setting DefaultRcvWindow in -the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a -big improvement. I don't know why. - -My own experience wth DefaultRcvWindow is that I get much better -performance with a large value (16384 or larger). Other people have -reported that anything over 3072 slows things down enourmously. One -person even reported a speed drop of a factor of 30 when he went from -3072 to 8192. I don't know why. - -It probably depends a lot on your hardware, and the type of unix box -you have at the other end of the link. - - -MY RESULTS ----------- - -Some people want to see real numbers in a document like this, so here -they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b -tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC -Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to -set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My -server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC -Elite-16 card. You can see my server config in the examples/tridge/ -subdirectory of the distribution. - -I get 490k/s on reading a 8Mb file with copy. -I get 441k/s writing the same file to the samba server. - -Of course, there's a lot more to benchmarks than 2 raw throughput -figures, but it gives you a ballpark figure. - -I've also tested Win95 and WinNT, and found WinNT gave me the best -speed as a samba client. The fastest client of all (for me) is -smbclient running on another linux box. Maybe I'll add those results -here someday ... - - -COMMENTS --------- - -If you've read this far then please give me some feedback! Which of -the above suggestions worked for you? - -Mail the samba mailing list or samba-bugs@samba.anu.edu.au diff --git a/docs/textdocs/Support.txt b/docs/textdocs/Support.txt deleted file mode 100644 index 3c7430d1736..00000000000 --- a/docs/textdocs/Support.txt +++ /dev/null @@ -1,1388 +0,0 @@ -The Samba Consultants List -========================== - -This is a list of people who are prepared to commercialy support -Samba. Being on this list does not imply any sort of endorsement by -anyone, it is just provided in the hope that it will be useful. - -Note that the organisations listed below will expect you to pay for -The support that they offer. We have been told that several people -assumed this was a list of kindly companies offering free commercial -support! - -For free support use the Samba mailing list and the comp.protocols.smb -newsgroup. - -If you want to be added to the list, or want your entry modified then -contact the address below. Please make sure to include a header line -giving the region and country, eg CANBERRA - AUSTRALIA. - -You can contact the maintainers at samba-bugs@samba.anu.edu.au - -The support list has now been re-arranged into geographical areas -and are sorted by state/region/town within these areas. -These are currently: - -Region Number of entries ----------------------------------------------------- - AFRICA 2 - AMERICA - CENTRAL & SOUTH 3 - AMERICA - USA 22 - ASIA 1 - AUSTRALIA & NEW ZEALAND 18 - CANADA 6 - EUROPE 28 - - -AFRICA -====== - ------------------------------------------------------------------------------- -GAUTENG - SOUTH AFRICA - -Company: Obsidian Systems -Street Addr: Boskruin Office Park Unit 3, Bosbok street, Randpark Ridge - Gauteng, 2156, South Africa. -Postal Addr: PO Box 4938, Cresta, South Africa, 2118 -Contact no's: +2711 792-6500/38, Fax: +2711-792-6522 - Cell: +2783-379-6889/90/91 or +2783-377-4946 or +27832660199 - -Our level of experience: Low level programming and support for all samba -security and compatability issues. We use Samba in South African Schools -and commercial companies as an affordable solution for LAN and WAN -networking. - -For futher information, please consult our website www.obsidian.co.za ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -JOHANNESBURG - SOUTH AFRICA - - Company: Symphony Research (Pty) Ltd - Contact: Dr Evan Summers, <evan@sr.co.za>, cell 082 900-8632. -keywords: Samba on Linux, support and consulting - Johannesburg (South Africa) - -Evan Summers, PhD Tel +27 82 900-8632 Symphony -Linux systems integration http://sr.co.za Research -Johannesburg, South Africa mailto:evan@sr.co.za (Pty)Ltd ------------------------------------------------------------------------------- - - - - - - - -AMERICA - CENTRAL & SOUTH -========================= - - ------------------------------------------------------------------------------- -CHILE - SOUTH AMERICA - -Company: Magic Consulting Group/Magic Dealer -Street Addr: Alberto Reyes #035 Barrio Bellavista - Providencia Santiago -Contact no's: +56 2 365 19 18, Fax: +56 2 365 14 55 - -Contact Person: Marcelo Bartsch or Roy Zderich - - -Our level of experience: support for all Samba and Linux security and -compatability issues. We use Samba in our local network and we have -experience instaling it on some other locations. we also provide -techincal support for Linux, Novell, Windows NT, OS/2 and other -Operating Systems. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -HONDURAS - CENTRAL AMERICA - -Open Systems, S.A. - -Open Systems, S.A. provides support to SAMBA in SCO UnixWare 2.X: - -Server Platform: SCO UnixWare 2.X -Client Platform: Windows NT, Windows 95, WFW (3.11), DOS. - -Open Systems, S.A. also provides consulting services and technical -support in the following server platforms since 1987: - -SCO Open Server 3.0 and 5.0 -SCO UnixWare 2.X (SVR4.2MP) -UNIX SVR4 (NCR, UNISYS) - -Contact: -Selim Jose Miselem -Open Systems, S.A. -Centro Comercial Dallas -San Pedro Sula, Honduras, Central America -Tel/Fax 011 (504) 529868 -e-mail: selim@opensys.hn -URL: http://www.opensys.hn ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -VILLAHERMOSA, TAB. - MEXICO - -Carlos Enrique García Díaz -E-mail: cgarcia@tnet.net.mx -Phone: (93) 12-33-91 - -Samba experience: -Server: Samba 1.9.15 and above with Solaris (Sparc & x86), SG Irix 5.2 - 6.3, -AIX 3.2, DEC OSF1 v4.0, DG/UX v4.11, SunOS. -Client: WinNT, Win95, WfWg, Win 3.1 & LAN WorkPlace. ------------------------------------------------------------------------------- - - - - - - - -AMERICA - USA -============= - ------------------------------------------------------------------------------- -BAY AREA, SILICON VALLEY CALIFORNIA - USA - -Adital Corp. - -7291 Coronado Dr. ,Suite 4 San-Jose Ca 95129 - -Phone : (408) 257-7717 Fax : (408) 257-7772 E-Mail: ephi@adital.com - -Contact: Ephi Dror, Director of software development. - -Adital is a company that specialized in networking products development. -We have been doing many development projects on Windows (NT/95), Macintosh, -UNIX and embedded system platforms in the area of networking drivers and -applications during the last few years. In regards to SAMBA, we have a lot -of experience in SMB/CIFS protocol development. - -We have special expertise in porting SAMBA to embedded system environments for -NT/WIN95/WFW client/server connectivity. - -We can help you defining and specifying your product as well as designing, -implementing, testing, upgrading and maintaining it. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SAN FRANCISCO BAY AREA - USA - -Alex Davis --- President of FTL -Faster Than Light, 2570 Ocean Ave. #114, San Francisco, California, 94132 -HTTP://www.ftl.net/ EMAIL:davis@ftl.net TEL:415.334.2922 FAX:415.337.6135 - -We are located in the "Bay Area" of California, USA. We provide -consultant and training for Unix, Windows, Macintosh applications, -and hardware. We also provide Internet access to many of the local -companies as a part of our "one-stop-shop" model. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SAN FRANCISCO BAY AREA - USA - -2125 Hamilton Ave. Suite 100 -San Jose, CA 95125 -888-ACCLAIM [Inside California] -(408) 879 - 3100 -(408) 377-4900 [Fax] - -We can provide commercial support for Samba. We have created additional -scripts that we can add to the Samba distribution to create an installation in -Sun Solaris "package add" format. We are a Sun Reseller, but we can also -support Samba on HP, SGI, Linux, in addition to Sun Solaris Sparc/X86. - -To find out more about our company, look at our website: - http://www.acclaim.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CALIFORNIA - USA - -Cliff Skolnick -Steam Tunnel Operations -900 Tennessee St, suite 22 -San Francisco, CA 94107 -http://www.steam.com/ -(415) 920-3800 -cliff@steam.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CALIFORNIA - USA - -Craftwork Solutions Inc. - -Craftwork Solutions Inc. is dedicated to providing the best possible -services to our customers. The Craftworks team will provide you with a -total solution package that will work for you both today and tomorrow. -With our own Linux Distribution which we are constantly improving to make -it the best and using it to provide total solutions for companies which -are open to using Linux. - -Please contact mary@craftwork.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------ -SOUTHERN CALIFORNIA - USA - -Michael St. Laurent -Serving Los Angeles and Orange Counties. Please contact via email. -rowl@earthlink.net -Michael St. Laurent -Hartwell Corporation ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SOUTHERN CALIFORNIA - USA - -Yuri Diomin -Yuri Software -13791 Ruette Le Parc, Ste. C -Del Mar, CA 92014 -Phone: 619-350-8541 -Fax: 619-350-7641 -yuri@yurisw.com -http://www.yurisw.com - -We have been supporting Samba in commercial installations for several years -on a variety of client and server platforms. We have extensive experience -in all aspects of UNIX-Windows connectivity solutions for mixed platform -corporate setups. We are a contributor to Samba source code. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FORT COLLINS, CO - USA - -Granite Computing Solutions -ATTN: Brian Grossman -P.O. Box 270103 -Fort Collins, CO 80527-0103 -U.S.A. -Tel: +1 (970) 225-2370 -Email: granite@SoftHome.Net WWW: http://www.SoftHome.Net/granite/ - -Information services, including WfWG, NT, Apple <=> Unix interoperability. -WWW solutions. WWW education. Unix education. Custom software -development - eg. http://www.SoftHome.Net/modsim/. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -Swaney & Associates, Inc. -ATTN: Stephen Swaney - 2543 Lincoln Avenue - Miami, Florida 33133 - U.S.A - (305) 860-0570 - -Specializing in: - High Availability system & networks - UNIX to PC connectivity - Market Data systems - Messaging Systems (Sendmail & Microsoft Exchange) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FLORIDA - USA - -Progressive Computer Concepts, Inc. -1371 Cassat Avenue -Jacksonville, FL 32205 -info@progressive-comp.com -800-580-2640 - 904-389-3236 - 904-389-6584 fax - -Related Products and Services: - ncLinux (Network Computer) consulting, installations, and turnkey - networks. Multi-user NT and Samba consulting, installation and - administration (both remote and onsite), Internet and Intranet - connectivity, LAN and WAN, firewall installation, security, - troubleshooting and training, custom LAN/WAN/Intranet business - systems development, WWW/CGI development (e.g. database gateways, - catalogs). ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GEORGIA - USA - -Hoppe Computer Services -2171 Brooks Road -Dacula(Atlanta), Georgia 30019 -770-995-5099 fax 770-338-3885 - -Supporting the Atlanta, Georgia USA area for two and a half years. -In the computer field for 22 years. - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -OWA - USA - -Afan Ottenheimer -JEONET -PO Box 1282 -Iowa City, IA 52244 -Phone: 319-338-6353 -Fax: 319-338-6353 -Email: afan@jeonet.com -WWW: http://www.jeonet.com/jeonet/ - -Specializing in systems integration, database, and advanced web -site design since 1995. Have extensive experience in -Linux<->NT<->Windows 3.11<->Windows 95 interaction using SAMBA. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ILLONOIS - USA - -Information One, Inc. -736 Hinman Ave, Suite 2W -Evanston, IL 60202 -708-328-9137 708-328-0117 FAX -info@info1.com - -Providing custom Internet and networking solutions. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -KANSAS - USA - -NT Integrators -2400 W. 31st Street -Lawrence, KS 66046 -USA -913-842-1100 -http://www.ntintegrators.com/ -email: watts@sunflower.com - -My consulting company does NT/Linux/Samba/etc support. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LAS VEGAS, NEVADA - USA - -DPN, Inc. Las Vegas NV - -(702) 873-3282 Ph. -(702) 873-3913 Fax -Email duane@dpn.com - -Can provide commercial support for samba running on any version of -SCO above 3.0 and for Linux. We currently have installed and are -supporting several versions of samba on over 25 client sites across -the US, in addition to our 6 in-house samba servers. Our largest client -site has approx. 100 users. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NEW JERSEY - USA - -William J. Maggio -LAN & Computer Integrators, Inc. -242 Old New Brunswick Road Email: bmaggio@lci.com -Suite 440 Voice: 908-981-1991 -Piscataway, NJ 08855 Fax : 908-981-1858 - - Specializing in Internet connectivity and security, Sun integration and - high speed, enterprise network design and deployment. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NEW YORK - USA - -67.2 Psytronics Solutions - - 90 County Line Road - Massapequa, NY 11758 - U.S.A. - -Phone: +1 516 598 4619 - -Fax: +1 516 598 4619 - -EMail: info@psytronics.com - -URL: http://www.psytronics.com - -Contact: Jaron Rubenstein - -Type of support: Whatever is required. Support contracts available. - -Special expertise: - - Familiar with most topics. Specializing in dial-up server (PPP) -installation and configuration, custom programming, and Internet and -Intranet server configuration. Authorized Red Hat Reseller. - -Sample prices: - - Upon request, usually US$50-$100/hour. Educational discounts -available. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -TEXAS - USA - -Jody Winston -xprt Computer Consulting, Inc. -731 Voyager -Houston, TX 77062 -(281) 480 8649, jody@sccsi.com - -We have been supporting software from the Free Software Foundation and -other groups such as Linux for over 8 years. The base rate is 150.00 -US dollars per hour. Please contact us for more information on our -rates and services. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -UNITED STATES - -Stelias Computing is the developer of the InfoMagic Workgroup Server, a -Linux distribution customized for use as a PC and Macintosh file and -print server (using Samba and netatalk respectively). Stelias also -offers custom system programming and Samba support contracts. - -For information about the InfoMagic Workgroup Server contact InfoMagic: - http://www.infomagic.com/ - questions@infomagic.com - voice: 800-800-6613 or 520-526-9565 - fax: 520-526-9573 - -To contact Stelias about custom arrangments, send email to -info@stelias.com. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON DC METRO - USA - -Asset Software, Inc. has been running Samba since the 1.6 release on various -platforms, including SunOS 4.x, Solaris 2.x, IRIX 4.x and 5.x, Linux 1.1x, -1.2x, and 1.3x, and BSD UNIX 4.3 and above. We specialize in small office -network solutions and provide services to enhance a small office's -operations. Primarily a custom software operation, our vast knowledge of -Windows, DOS, Unix, Windows NT, MacOS, and OS/2 enable us to provide quality -technical assistance to the small office environment at a reasonable price. -Our upcoming multi-mailbox mail client, IQ Mail, enables users with more -than one mailbox to send and retrieve their mail from a single, consistent -mail client running in Windows. - -David J. Fenwick Asset Software, Inc. -President djf@assetsw.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON STATE - USA - -Brian Meyer -Personal Data Services -9792 Edmonds Way Suite 121 -Seattle, Washington 98020 USA -Voice: (206) 365-8212 -E-mail: admin@pdsnorth.com ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WASHINGTON - USA - -Olympic Peninsula Consulting; 1241 Lansing Ave W., Bremerton, WA 98312-4343 -telephone 1+ 360 792 6938; mailto:opc@aa.net; http://www.aa.net/~opc; -Unix Systems and TCP/IP Network design, programming, and administration. ------------------------------------------------------------------------------- - - - - - - -ASIA -==== - ------------------------------------------------------------------------------- -SEOUL - KOREA - -MultiMedia KOREA Inc, E-Mail : info@seoul.korea.co.kr -Internet,WWW,Network Support Group, TEL : +82-02-597-1631 - FAX : +82-02-521-4463 -SeoChoGu SeoChoDong 1537-6 WWW : http://www.korea.co.kr -JungAng B/D #401 -SEOUL KOREA - -SAMBA Experience : SunOS, Solaris, Linux, SCO-Unix, Win95/NT/3.1 ------------------------------------------------------------------------------- - - - - - - -AUSTRALIA & NEW ZEALAND -======================= - ------------------------------------------------------------------------------- -ADELAIDE, AUSTRALIA - -NS Computer Software and Services P/L -PO Box 86 -Ingle Farm -SA 5098 - -Contact: Richard Sharpe - Ph: +61-8-281-0063 (08-281-0063) AH - FAX:+61-8-250-2080 (08-250-2080) - -Experience with: ULTRIX, Digital UNIX, SunOS, WfW 3.11, Win95, WNT 3.51 - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ADELAIDE - AUSTRALIA - -Richard Sharpe, sharpe@ns.aus.com -NS Computer Software and Services P/L -PO Box 86, -Ingle Farm, SA 5098 -Australia - -Located in Adelaide, South Australia. - -Proficient with Digital UNIX, ULTRIX, SunOS, Linux, Win 95, WfWg, Win NT. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BRISBANE - AUSTRALIA - -Brett Worth -Select Computer Technology - Brisbane -431 Logan Road -Stones Corner QLD 4120 -E-Mail: brett@sct.com.au ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CANBERRA - AUSTRALIA - -Paul Blackman (ictinus@lake.canberra.edu.au, Ph. 06 2012518) is -available for consultation. Paul's Samba background is with -Solaris 2.3/4 and WFWG/Win95 machines. Paul is also the maintainer -of the SAMBA Web Pages. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CANBERRA - AUSTRALIA - -Ben Elliston -E-mail: bje@air.net.au -Samba systems: Solaris 2.x, Linux, HP-UX. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------ -MELBOURNE - AUSTRALIA - -Michael Ciavarella -Cybersoruce Pty Ltd. -8/140 Queen Street -Melbourne VIC 3000 -Phone: +61-3-9642-5997 -Fax: +61-3-9642-5998 -Email: mikec@cyber.com.au -WWW: http://www.cyber.com.au - -Cybersource specialises in TCP/IP network integration and Open Systems -administration. Cybersource is an Australian-owned and operated -company, with clients including some of Australia's largest financial, -petrochemical and state government organisations. ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -MELBOURNE - AUSTRALIA - -Company Name DARX Consulting -Postal Address PO Box 12329 - A'Beckett St PO - Melbourne 3000 -Area of Service Melb Metro and SE Suburbs -Phone +61 3 9822 1216 -Email info@darx.com.au - -We provide setup and support of samba based systems as well as -Novell/NT Systems. ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -N.T - AUSTRALIA - -Open Systems Network Support - -Server Platforms - Unix/Linux -Client Platforms - Windows3.1/95/NT, Macintosh, Unix/Linux - --- -David Schroeder Darwin Network Services -Ph/Fax (08) 8932 1156 PO Box 82383 -(Int) +61 8 8932 1156 Casuarina N.T -Email: djsc@it.ntu.edu.au Australia 0811 ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -NEW SOUTH WALES - AUSTRALIA - -BITcom Telecommunications Phone: (02) 9747 0011 -P.O. Box 15 Int'l: +61 2 9747 0011 -Burwood NSW 2134 Australia Fax: (02) 9747 6918 -Contact: Craig Bevins Email: consult@bitcom.net.au - -BITcom is an open systems and networking consultancy. We have been -doing Open Systems since long before the term was coined, a key staff -member having participated in the IEEE working group which produced -the POSIX standard for Un*x-like systems in 1988. - -We tend to have a Unix orientation (all flavours) but our focus is on -getting the job done and we are happy to employ other technologies which -fit. Heck, we even use and support Microsoft's products! Our areas -of expertise cover general Unix consultancy, support for public domain -and GNUish software, PC LAN -> Unix integration, Internet, WWW and local -and wide-area network design, implementation and security. We have a -collective masochistic streak and actually enjoy hacking on sendmail -configuration. We are an AUSTEL-licenced telecommunications and data -cabler and hold a NSW security industry licence. - -We know Windows NT, LANMAN, PC-NFS and others. We use, recommend and -support Samba and have done so since 1994. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PERTH - AUSTRALIA - -Bruce Cook - Synonet Corporation. -E-mail: bcook@wantree.com.au -Mobile: 015 999 330 (International +61 15 999 330) -Experience: Samba on FreeBSD, Linux, Solaris (Sparc), Sunos-4 - Microsoft networking using NT/NTAS, Win95, WFW311, DOS ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PERTH - AUSTRALIA - -Geoff Allan Phone: +61 8 9325 9922 -Office Information Fax: +61 8 9325 9938 -Perth, Western Australia Mobile: 0412 903 659 -Email: geoffa@officeinfo.com.au - -Office Information has been in existence since 1991. We are (amongst -other things) systems integrators with experts in Unix, Linux, Novell, -NT and the other DOS & Windows platforms. We also have a number of -Clients for whom we have installed and supported Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -QUEENSLAND - AUSTRALIA - -Plugged In Software Pty Ltd -PO Box 4130 -4/242 Hawken Drive -St. Lucia South, Qld 4067 -Australia -http://www.plugged.net.au -info@plugged.net.au -+61 7 3876 7140 -+61 7 3876 7142 (fax) -Point of Contact: David Wood ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -Philip Rhoades -Pricom Pty Ltd -http://www.pricom.com.au = http://203.12.131.20 -GPO Box 3411 Sydney NSW 2001 Australia -Ph: +61:0411:185652 -Fax: +61:2:9959-3481 -E-mail: philr@mail.austasia.net ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -John Terpstra - Aquasoft (jht@aquasoft.com.au) -Business: +612 9524 4040 -Home: +612 9540 3154 -Mobile: +612 414 334422 (aka 0414 334422) -Samba Experience: Member of Samba-Team. Long term contributor to Samba - Samba on BSD/OS, Solaris (Sparc & x86), ISC Unix, SCO Unix - NCR SVR4, Linux, UnixWare, IBM, HP, DEC, Others. - Training Instructor in Windows NT, wide area networking - over TCP/IP. Providing paid-for support for Public Domain - Software and Linux. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -We are a Unix & Windows developer with a consulting & support component. -In business since 1981 with experience on Sun, hp, sgi, IBM rs6000 plus -Windows, NT and Win95, Using Samba since September 94. -CodeSmiths, 22 Darley Road, MANLY 2095 NSW; 977 1979; fax: 977 2116 -philm@esi.com.au (Australia; New South Wales; SYDNEY; North East) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -Pacific ESI has used and installed Samba since 1.6 on a range -of machines running SunOS, BSD/OS, SCO/UNIX, HP/UX, and Solaris, -and WfWG and Windows95. The largest system worked on to date -involved an Australia wide network of machines with PCs and SUNs -at the various nodes. The in-house testing site is a wide area -network with three sites, remotely connected with PPP and with -SUN servers at each site to all of which are connected several -PCs running mainly WfWG. - -Stefan Kjellberg Pacific Engineering Systems -International -info@eram.esi.com.au Voice:+61-2-9063377 -... Fax:+61-2-9063468 ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -WELLINGTON - NEW ZEALAND - -David Gempton -Computer Consultant -UNIX & PC Networking specialist -TTC Technology Training Consulting -PO Box 5444 -Lambton Quay Wellington -New Zealand -Phone (025) 518-574 -Email: ttcdg@cyberspace.co.nz ------------------------------------------------------------------------------- - - - - - - -CANADA -====== - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -Strata Software Limited, Kanata Ontario CANADA -Tel: +1 (613) 591-1922 Fax: +1 (613) 591-3485 -Email: sales@strataware.com WWW: http://www.strataware.com/ - -Strata Software Limited is a software development and consulting group -specializing in data communications (TCP/IP and OSI), X.400, X.500 and -LDAP, and X.509-based security. We have Samba experience with Windows NT, -Windows 95, and Windows for Workgroups clients with Linux, Unixware -(SVR4), and HP-UX servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -WW Works Inc. -3201 Maderna Road -Burlington, Ontario -Canada L7M 2W4 - -Contact: Wade Weppler -(905) 332-5844 -FAX: (905) 332-5535 - -Information Systems Sales and Consulting. -Specializing in Turnkey Windows NT Network environments with emphasis on -Legacy UNIX System integration using Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - - Bilyana Aleksic |Email: baleksic@atitech.ca | - | | -ATI Technologies Inc. |Phone: 905-882-2600 x3179 | -75 Tiverton Court |Fax : 905-475-3930 | -Unionville, Ontario | | -Canada, L3R 9S3 | | ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -Sound Software Ltd. -20 Abelard Avenue -Brampton, Ontario Canada -905 452 0504 -sales@telly.org -www.telly.org - -Sound Software company is a Caldera Business Partner, providing support for -Samba and other applications running under Caldera Linux. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -OTTAWA - CANADA - -Russell McOrmond -Open Systems Internet Consultant -Serving individuals and organizations in the Ottawa (Ontario, Canada) area. -voice: (613) 235-7584 FAX: (613) 230-1258 -russell@flora.org , http://www.flora.org/russell/work/ ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -QUEBEC - CANADA - -Dataden Computer Systems -Attn: Danny Arseneau -arseneau@parkmed.com -895 2nd Avenue -Ile Bizard, Quebec -Canada, H9C 1K3 -Tel: (514)891-2293 -Fax: (514)696-0848 - -Dataden is company that specializes in Unix--TCP/IP networking. -We have over 15 years of experience. We have been installing, -configuring and maintaining Samba for clients for 1-1/2 years now. We -have samba installations on Linx, SunOS and DEC OSF. Our biggest site -has 4 Suns and 3 Linux servers running Samba which are serving a network -of about 50 PC's running WFWg and Win95. ------------------------------------------------------------------------------- - - - - - - - - -EUROPE -====== - ------------------------------------------------------------------------------- -BRUSSELS - BELGIUM - -Phidani Software SPRL -Rue de l'autonomie, 1 -1070 Brussels -Belgium -Tel : +32 (2) 5220663 -Fax: +32 (2) 5220930 - -We provide commercial support in Belgium to large organisations -(eg: N.A.T.O., Unisys, E.C.C. ...) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PRAHA (PRAGUE) - CZECH - -AGC Praha, -David Doubrava -Sokolovska 141 -PRAHA 8 -180 00 - -Tel: +42 (2) 6600 2202 Fax: +42 (2) 683 02 55 -Email: ddoubrava@agc.cz WWW: http://corwin.agc.cz/ - -I have Samba experience with Windows NT, -Windows 95, and Windows for Workgroups clients with Linux and HP-UX -servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CAMBRIDGE - ENGLAND. Will travel / provide support world-wide. - -Luke Kenneth Casson Leighton -Phone: +44 1223 570 262 or 570 264 -lkcl@cb1.com - -Configuration Experience: - -Clients: MSClient 3.0; WfWg; W95; NT 3.5 and 4.0 Workstation. -Servers: Samba 1.9.15 and above (on-hands experience with Linux, SunOS -4.1.3 and FreeBSD); NT 4.0 Server. - -Present Experience: - -Luke Leighton, a Samba Team member since October 1995, understands -Browsing and WINS from having re-designed and re-written nmbd, and -SMB/CIFS from attending the two CIFS conferences; by listening to -discussions amongst the Samba Developers, and from answering user's -queries on the Samba Digest. - -Support offered: - -If there are either areas of functionality that are missing or bugs -that are affecting the performance of your company; if you require -advice / training on the deployment and administration of SMB/CIFS -Clients and Servers; if your company's policy only allows you to -use samba if it is supported commercially... I am available for hire -anywhere in the world. - -Long-term Project Aims: - -I would like to implement a CIFS proxying system suitable for Enterprise -Networks (large Intranets: 10,000 to 150,000 simultaneous users) that is -backwards compatible with all CIFS/SMB servers (MSClient 3.0 for DOS, -through to NT 4.0). - -I would also like to implement an alternative SMB client for NT and 95. -This would allow samba to offer secure and authenticated file and print -access, to the extent that the laws of your country permit. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CAMBRIDGE - ENGLAND - -Mark Ayliffe MBCS, Technical Consultant -Protechnic Computers Limited http://www.prot.demon.co.uk -7 Signet Court Tel +44 1223 314855 -Swann's Road Fax +44 1223 368168 -Cambridge CB5 8LA -England - - -Protechnic Computers Limited has experience of installing and -maintaining Samba on the following platforms: - -HP/UX 9.0x, 10.1x & 10.2x -DG/UX, Motorola and Intel -Digital UNIX ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CORNWALL - ENGLAND - -Starstream Communications Ltd -Unit 9 -Moss Side Industrial Estate -Callington -Cornwall -PL17 7DU -United Kingdom - -Phone +44 1579 384072 Fax +44 1579 384267 - -Contact : Terry Moore-Read terry@starstream.co.uk - -Website : http://www.ndu-star.demon.co.uk shortly moving to -http://www.starstream.co.uk ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FAREHAM - ENGLAND - -High Field Technology Ltd -Little Park Farm Road, Segensworth West, -Fareham, Hants PO15 5SJ, UK. -sales@hft.co.uk tel +44 148 957 0111 fax +44 148 957 0555 - -Company skills: Real time hardware and software systems - -Samba experience: BSD/OS, Linux, LynxOS <==> WFWG, NT - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LEICESTERSHIRE - ENGLAND - -TECTONIC LIMITED -WESTWOOD -78 LOUGHBOROUGH ROAD -QUORN -LEICESTERSHIRE -LE12 8DX - -TELEPHONE 01509-620922 -FAX 01509-620933 - -Contact Samantha Hull - -We are unix orientated but also specialise in pc to unix communications, we -know and understand pc-nfs, (hence our interest in samba). -we support sunos, solaris 1.x and 2.x, hp-ux 9.0 and 10.0, osf (or dec unix, -whichever you prefer), winnt, wfwg and win95. - -We are already talking to a couple of very large samba users here in the uk. -Tectonic are in the process of creating the UK SAMBA USER GROUP and would -appreciate any feedback or queries. - -For samba support, and for details on the UK SAMBA USER GROUP, please contact -me at: sam@tectonic.demon.co.uk - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LONDON - ENGLAND - -Mark H. Preston, -Network Analyst, | Email : mpreston@sghms.ac.uk -Computer Unit, | Tel : +44 (0)181 725-5434 -St. George's Hospital Med School, | Fax : +44 (0)181 725-3583 -London SW17 ORE. | WWW : http://www.sghms.ac.uk - -Samba Experience: -Server: Solaris 2.3 & 2.4, Irix 5.2 & 5.3 -Client: WinNT, Win95, WfWg, Win3.1, Ms-LanMan, DHCP support ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -READING - ENGLAND - -Philip Hands | E-Mail: info@hands.com Tel:+44 118 9545656 -Philip Hands Computing Ltd. | Mobile: +44 802 242989 Fax:+44 118 9474655 -Unit 1, Cherry Close, Caversham, Reading RG4 8UP ENGLAND - -Samba experience: - Server platforms: Linux,SVR4,SVR3.2 & Sequent ptx - Clients: WfWg, W3.1, OS2 and MS-LanMan ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PARIS - FRANCE - -Alcove -7, rue Royer-Bendelé -92230 Gennevilliers - Email: alcove@alcove.fr -http://www.alcove.fr Phone number: +33 01 40 85 80 06 - Fax number: +33 01 47 90 40 42 ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BERLIN - GERMANY - -Name: innominate GbR -Address: Soldiner Str. 96, 13359 Berlin; Bundesland: Berlin; -Country: Germany -Phone: +49 30 49308195, +49 177 2649655 (mobil) -Fax: +49 30 49308196 -EMail: innominate@poboxes.com - -Contact : Sascha Ottolski - -Type of support: vor Ort, Email, Fernzugriff ueber Internet/ISDN, - -Special -expertise: Wir verfuegen ueber umfangreiche Erfahrung mit Samba, vor allem - in Internet- und Intranetumgebungen. Neben Beratung, Dienstleistung - und Schulung bieten wir auch individuell vorkonfigurierte - Kommunikationsserver ("Lingo") auf der Basis von Linux an. - Neben anderen Modulen (ISDN/Internet/Intranet/Email/Proxy - u.a.) ist in Lingo ein Fileserver-Modul auf Samba-Basis inklusive - einem mehrstufigen Firewallsystem enthalten. - Außerdem verfuegt Lingo ueber eine grafische Administrations- - oberflaeche, mit der z.B. das Hinzufuegen von neuen Benutzern - von jedem Client per WWW-Browser moeglich ist. - -Sample prices: - Komplettpreise fuer Lingo nach Vereinbarung - - 120 DM/Stunde fuer Dienstleistung - - Schulung nach Vereinbarung ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BERLIN - GERMANY - -Ing. Buero Buehler -Dipl.-Ing. Frank Buehler -Paul-Krause-Str. 5 -14129 Berlin -Germany - -Phone: +49/(0)177/825 33 80 Fax: +49/(0)30/803-3039 -mailto:fb@hydmech.fb12.TU-Berlin.de - -We install and maintain small to middle sized Linux-Windows -networks within the Berlin area and are available for consulting and -questions about networking, Linux, database systems and electronics. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BIELEFELD - GERMANY - -I am located in Bielefeld/Germany and have been doing Unix consultancy -work for the past 8 years throughout Germany and the rest of Europe. I -can be contacted by email at <jpm@mens.de> or via phone at +49 521 -9225922 or telefax at +49 521 9225924. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BIELEFELD - GERMANY - -Name : media engineering gmbh -Address: Bleichstr. 77a , D-33607 Bielefeld -Phone : +49-521-1365640 -Fax : +49-521-1365642 -eMail : info@media-eng.bielefeld.com -URL : http://www.media-eng.bielefeld.com/ -Contact: Dipl.Ing. Hartmut Holzgraefe - -Type of support: phone, eMail, inhouse, remote administration ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -DREIEICH - GERMANY - -A. G. Schindler <schindler@az1.de> -c/o Alpha Zero One Gmbh -Frankfurter Str. 141 -D - 63303 Dreieich -Germany - -AZ1 is a company of Value Added Resellers (VARs) of Digital Equipment -Corp. products and solution provider for Industry Applications. - -We're providing commercial support for Samba running on DEC hardware -under Digital Unix (R), Digital OpenVMS (R) and Linux. - -Contract based and hotline support available. Fast response on-site -support coming soon for the Franfurt / Main area. - -Pathworks or WinNT to Samba migrators welcome ! - -Please contact us via: schindler@az1.de ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GOETTINGEN - GERMANY - -Service Network GmbH -Hannah Vogt Str. 1 -37085 Goettingen -Germany -Phone: +49-551-507775 -Fax: +49-551-507776 -http://www.sernet.de/ -samba@sernet.de - -SerNet is a company doing LAN consulting and training. We offer -Internet access for our customers. We have experience with many -different kinds of Unix, especially Linux, as well as NetWare and NT. -Volker Lendecke, one of our our founders and a Samba Team member, -has gained a lot of SMB/CIFS and NetWare experience writing smbfs and -ncpfs, the Linux kernel file systems that enable Linux to access -Windows NT and other SMB/CIFS servers, and NetWare Servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GREIFSWALD - GERMANY - -Mr. Frank Rautenberg, Mr. Heiko Boesel, Mr. Jan Holz -UniCon Computersysteme GmbH -Ziegelhof 20 -D-17489 Greifswald -email: samba@unicon-gmbh.com -www: http://www.unicon-gmbh.com - -We use Samba and we provide support for our customers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -MUENCHEN - GERMANY - -CONSYS GmbH -Landsberger Str. 402 -81241 München -Germany -Phone: +49-89-5808181 -Fax: +49-89-588776 -http://www.consys.de/ -mailto:samba@consys.de - - -CONSYS is a software company. We have experience especially with SCO Unix -and other Unix systems, as well as with Windows 95 and NT. -We are a Premium Partner of SCO and know and have used samba for four years. -Our engineers know a lot about the installation of SCO Unix. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SZEGED - HUNGARY - - Name: Geza Makay - Institute: Jozsef Attila University of Szeged - Mail: Bolyai Institute, Aradi vertanuk tere 1. - H-6720, Szeged, Hungary - Tel: (62) 454-091 (Hungary's code: 36) - Fax/Message: (62) 326-246 (Hungary's code: 36) - E-mail: makayg@math.u-szeged.hu - World Wide Web: http://www.math.u-szeged.hu/ ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PALERMO - ITALY - -Francesco Cardinale -E-Mail: cardinal@palermo.italtel.it -Samba experience: SVR3.2, SOLARIS, ULTRIX, LINUX <--> DOS LAN-MAN, WFW ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PISA - ITALY - -I3 ICUBE s.r.l. -Via Pascoli 8 -56125 PISA (PI) -ITALY -tel: 050/503202 -fax: 050/504617 -contact person: Marco Bizzarri -e-mail: m.bizzarri@icube.it -www: http://www.icube.it/ - -Our company offers commercial support to integrate eterogenous networks. -We can provide support for the following architectures: - -Windows: -Windows for Workgroup -Windows 95 -Windows NT - -Unix: -Linux -Solaris -Digital Unix - -Macintosh ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LUXEMBOURG - EUROPE - -E.C.C. sa -11, Rue Bettlange -L-9657 HARLANGE -Grand-Duche de Luxembourg -Tel. +352 93615 (from 09/97: +352 993615) -Fax +352 93569 (from 09/97: +352 993569) -oontact person: Stefaan A Eeckels -email: Stefaan.Eeckels@ecc.lumail - -We're located in Luxembourg, and recently provided support -for Samba at Eurostat (the European Commision), who are using -Samba to integrate Windows NT workstations in their Solaris -/ Windows3.1 network. All in all, things run rather smoothly now. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -DELFT - NETHERLANDS - -BitWizard B.V. -van Bronckhorststraat 12 -2612 XV Delft -The Netherlands -Tel: +31-15-2137459 -Email: samba@BitWizard.nl -http: http://www.bitwizard.nl/ - -Specific activities: - - - Linux support - - GNU software support - - Linux device driver writing - - Data recovery - -BitWizard supports freely distributable software, -especially quality products like "Samba". ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -GRONINGEN - THE NETHERLANDS - -Company: Le Reseau netwerksystemen BV -Address: Bieslookstraat 31 -City: Groningen -Zip: NL-9731 HH -Country: The Netherlands - -We already offer commercial support on Linux and other Unices. Together with -an application house we have developed a office automation environment which -heavily depends on Samba. This environment consists of a Linux application -server which is also the Samba server. A NT server for standard office -applications. A firewall for Internet connectivity. And a large number of -DOS/Win3.x/W95 clients that connect to the different machines. User's home -directories are mounted through Sambe. - -We also support other Unices like Solaris, SunOS, HP-UX, Digital Unix and -AIX. - -Sincerely, - -Arthur Donkers -Le Reseau - -email : arthur@reseau.nl -phone : (+31) 595 552431 -URL http://www.reseau.nl ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -NIJMEGEN - THE NETHERLANDS - -Xtended Internet (http://www.xtdnet.nl/) - -Broerdijk 27 Postbus 170 Tel: 31-24-360 39 19 -6523 GM Nijmegen 6500 AD Nijmegen Fax: 31-24-360 19 99 -The Netherlands The Netherlands info@xtdnet.nl ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -UTRECHT - NETHERLANDS - -Van den Hout Creative Communications -Koos van den Hout -Email : koos@kzdoos.xs4all.nl -Phone : +31-30-2871002 -Fax : +31-30-2817051 -Samba experience: Setup and configuration for Linux, Solaris, web -publishing related usage. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ITALY - -InfoTecna di Cesana D. & C. s.n.c. -Via Cesana e Villa, 29 -20046 Biassono (Mi) - -Tel: ++39 39 2324054 -Fax: ++39 39 2324054 - -e-mail: infotecn@tin.it -URL: http://space.tin.it/internet/dsbragio - -We provide Samba support along with generic Linux support. Specifically we -have implemented a powerful Fax servicing system for Samba with Win95/NT -clients. Details could be found at our URL, currently, only in Italian. ------------------------------------------------------------------------------- -VETLANDA - SWEDEN - - IBS Industridata AB - Box 95 - 574 21 VETLANDA - SWEDEN - -Phone: +46-383-16065 -Fax: +46-8-287905 -E-mail: samba@ibs.se -http://www.id.ibs.se/ibsid - -We have offices in about 20 cities in Sweden and can provide commercial -support for Samba. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- - - - - diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt deleted file mode 100644 index d8b38378228..00000000000 --- a/docs/textdocs/Tracing.txt +++ /dev/null @@ -1,93 +0,0 @@ -Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> -Date: Old -Status: Questionable - -Subject: How to trace samba system calls for debugging purposes -============================================================================= - -This file describes how to do a system call trace on Samba to work out -what its doing wrong. This is not for the faint of heart, but if you -are reading this then you are probably desperate. - -Actually its not as bad as the the above makes it sound, just don't -expect the output to be very pretty :-) - -Ok, down to business. One of the big advantages of unix systems is -that they nearly all come with a system trace utility that allows you -to monitor all system calls that a program is making. This is -extremely using for debugging and also helps when trying to work out -why something is slower than you expect. You can use system tracing -without any special compilation options. - -The system trace utility is called different things on different -systems. On Linux systems its called strace. Under SunOS 4 its called -trace. Under SVR4 style systems (including solaris) its called -truss. Under many BSD systems its called ktrace. - -The first thing you should do is read the man page for your native -system call tracer. In the discussion below I'll assume its called -strace as strace is the only portable system tracer (its available for -free for many unix types) and its also got some of the nicest -features. - -Next, try using strace on some simple commands. For example, "strace -ls" or "strace echo hello". - -You'll notice that it produces a LOT of output. It is showing you the -arguments to every system call that the program makes and the -result. Very little happens in a program without a system call so you -get lots of output. You'll also find that it produces a lot of -"preamble" stuff showing the loading of shared libraries etc. Ignore -this (unless its going wrong!) - -For example, the only line that really matters in the "strace echo -hello" output is: - -write(1, "hello\n", 6) = 6 - -all the rest is just setting up to run the program. - -Ok, now you're famialiar with strace. To use it on Samba you need to -strace the running smbd daemon. The way I tend ot use it is to first -login from my Windows PC to the Samba server, then use smbstatus to -find which process ID that client is attached to, then as root I do -"strace -p PID" to attach to that process. I normally redirect the -stderr output from this command to a file for later perusal. For -example, if I'm using a csh style shell: - - strace -f -p 3872 >& strace.out - -or with a sh style shell: - - strace -f -p 3872 > strace.out 2>&1 - -Note the "-f" option. This is only available on some systems, and -allows you to trace not just the current process, but any children it -forks. This is great for finding printing problems caused by the -"print command" being wrong. - -Once you are attached you then can do whatever it is on the client -that is causing problems and you will capture all the system calls -that smbd makes. - -So how do you interpret the results? Generally I search thorugh the -output for strings that I know will appear when the problem -happens. For example, if I am having touble with permissions on a file -I would search for that files name in the strace output and look at -the surrounding lines. Another trick is to match up file descriptor -numbers and "follow" what happens to an open file until it is closed. - -Beyond this you will have to use your initiative. To give you an idea -of wehat you are looking for here is a piece of strace output that -shows that /dev/null is not world writeable, which causes printing to -fail with Samba: - -[pid 28268] open("/dev/null", O_RDWR) = -1 EACCES (Permission denied) -[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied) - -the process is trying to first open /dev/null read-write then -read-only. Both fail. This means /dev/null has incorrect permissions. - -Have fun! - -(please send updates/fixes to this file to samba-bugs@samba.anu.edu.au) diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt deleted file mode 100644 index 88a7324dd73..00000000000 --- a/docs/textdocs/UNIX-SMB.txt +++ /dev/null @@ -1,231 +0,0 @@ -Contributor: Andrew Tridgell <samba-bugs@samba.anu.edu.au> -Date: April 1995 - -Subject: Discussion of NetBIOS in a Unix World -============================================================================ - -This is a short document that describes some of the issues that -confront a SMB implementation on unix, and how Samba copes with -them. They may help people who are looking at unix<->PC -interoperability. - -It was written to help out a person who was writing a paper on unix to -PC connectivity. - - -Usernames -========= - -The SMB protocol has only a loose username concept. Early SMB -protocols (such as CORE and COREPLUS) have no username concept at -all. Even in later protocols clients often attempt operations -(particularly printer operations) without first validating a username -on the server. - -Unix security is based around username/password pairs. A unix box -should not allow clients to do any substantive operation without some -sort of validation. - -The problem mostly manifests itself when the unix server is in "share -level" security mode. This is the default mode as the alternative -"user level" security mode usually forces a client to connect to the -server as the same user for each connected share, which is -inconvenient in many sites. - -In "share level" security the client normally gives a username in the -"session setup" protocol, but does not supply an accompanying -password. The client then connects to resources using the "tree -connect" protocol, and supplies a password. The problem is that the -user on the PC types the username and the password in different -contexts, unaware that they need to go together to give access to the -server. The username is normally the one the user typed in when they -"logged onto" the PC (this assumes Windows for Workgroups). The -password is the one they chose when connecting to the disk or printer. - -The user often chooses a totally different username for their login as -for the drive connection. Often they also want to access different -drives as different usernames. The unix server needs some way of -divining the correct username to combine with each password. - -Samba tries to avoid this problem using several methods. These succeed -in the vast majority of cases. The methods include username maps, the -service%user syntax, the saving of session setup usernames for later -validation and the derivation of the username from the service name -(either directly or via the user= option). - -File Ownership -============== - -The commonly used SMB protocols have no way of saying "you can't do -that because you don't own the file". They have, in fact, no concept -of file ownership at all. - -This brings up all sorts of interesting problems. For example, when -you copy a file to a unix drive, and the file is world writeable but -owned by another user the file will transfer correctly but will -receive the wrong date. This is because the utime() call under unix -only succeeds for the owner of the file, or root, even if the file is -world writeable. For security reasons Samba does all file operations -as the validated user, not root, so the utime() fails. This can stuff -up shared development diectories as programs like "make" will not get -file time comparisons right. - -There are several possible solutions to this problem, including -username mapping, and forcing a specific username for particular -shares. - -Passwords -========= - -Many SMB clients uppercase passwords before sending them. I have no -idea why they do this. Interestingly WfWg uppercases the password only -if the server is running a protocol greater than COREPLUS, so -obviously it isn't just the data entry routines that are to blame. - -Unix passwords are case sensitive. So if users use mixed case -passwords they are in trouble. - -Samba can try to cope with this by either using the "password level" -option which causes Samba to try the offered password with up to the -specified number of case changes, or by using the "password server" -option which allows Samba to do it's validation via another machine -(typically a WinNT server). - -Samba supports the password encryption method used by SMB -clients. Note that the use of password encryption in Microsoft -networking leads to password hashes that are "plain text equivalent". -This means that it is *VERY* important to ensure that the Samba -smbpasswd file containing these password hashes is only readable -by the root user. See the documentation ENCRYPTION.txt for more -details. - - -Locking -======= - -The locking calls available under a DOS/Windows environment are much -richer than those available in unix. This means a unix server (like -Samba) choosing to use the standard fcntl() based unix locking calls -to implement SMB locking has to improvise a bit. - -One major problem is that dos locks can be in a 32 bit (unsigned) -range. Unix locking calls are 32 bits, but are signed, giving only a 31 -bit range. Unfortunately OLE2 clients use the top bit to select a -locking range used for OLE semaphores. - -To work around this problem Samba compresses the 32 bit range into 31 -bits by appropriate bit shifting. This seems to work but is not -ideal. In a future version a separate SMB lockd may be added to cope -with the problem. - -It also doesn't help that many unix lockd daemons are very buggy and -crash at the slightest provocation. They normally go mostly unused in -a unix environment because few unix programs use byte range -locking. The stress of huge numbers of lock requests from dos/windows -clients can kill the daemon on some systems. - -The second major problem is the "opportunistic locking" requested by -some clients. If a client requests opportunistic locking then it is -asking the server to notify it if anyone else tries to do something on -the same file, at which time the client will say if it is willing to -give up it's lock. Unix has no simple way of implementing -opportunistic locking, and currently Samba has no support for it. - -Deny Modes -========== - -When a SMB client opens a file it asks for a particular "deny mode" to -be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE, -DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be -allowed by anyone else who tries to use the file at the same time. If -DENY_READ is placed on the file, for example, then any attempt to open -the file for reading should fail. - -Unix has no equivalent notion. To implement this Samba uses either lock -files based on the files inode and placed in a separate lock -directory or a shared memory implementation. The lock file method -is clumsy and consumes processing and file resources, -the shared memory implementation is vastly prefered and is turned on -by default for those systems that support it. - -Trapdoor UIDs -============= - -A SMB session can run with several uids on the one socket. This -happens when a user connects to two shares with different -usernames. To cope with this the unix server needs to switch uids -within the one process. On some unixes (such as SCO) this is not -possible. This means that on those unixes the client is restricted to -a single uid. - -Note that you can also get the "trapdoor uid" message for other -reasons. Please see the FAQ for details. - -Port numbers -============ - -There is a convention that clients on sockets use high "unprivilaged" -port numbers (>1000) and connect to servers on low "privilaged" port -numbers. This is enforced in Unix as non-root users can't open a -socket for listening on port numbers less than 1000. - -Most PC based SMB clients (such as WfWg and WinNT) don't follow this -convention completely. The main culprit is the netbios nameserving on -udp port 137. Name query requests come from a source port of 137. This -is a problem when you combine it with the common firewalling technique -of not allowing incoming packets on low port numbers. This means that -these clients can't query a netbios nameserver on the other side of a -low port based firewall. - -The problem is more severe with netbios node status queries. I've -found that WfWg, Win95 and WinNT3.5 all respond to netbios node status -queries on port 137 no matter what the source port was in the -request. This works between machines that are both using port 137, but -it means it's not possible for a unix user to do a node status request -to any of these OSes unless they are running as root. The answer comes -back, but it goes to port 137 which the unix user can't listen -on. Interestingly WinNT3.1 got this right - it sends node status -responses back to the source port in the request. - - -Protocol Complexity -=================== - -There are many "protocol levels" in the SMB protocol. It seems that -each time new functionality was added to a Microsoft operating system, -they added the equivalent functions in a new protocol level of the SMB -protocol to "externalise" the new capabilities. - -This means the protocol is very "rich", offering many ways of doing -each file operation. This means SMB servers need to be complex and -large. It also means it is very difficult to make them bug free. It is -not just Samba that suffers from this problem, other servers such as -WinNT don't support every variation of every call and it has almost -certainly been a headache for MS developers to support the myriad of -SMB calls that are available. - -There are about 65 "top level" operations in the SMB protocol (things -like SMBread and SMBwrite). Some of these include hundreds of -sub-functions (SMBtrans has at least 120 sub-functions, like -DosPrintQAdd and NetSessionEnum). All of them take several options -that can change the way they work. Many take dozens of possible -"information levels" that change the structures that need to be -returned. Samba supports all but 2 of the "top level" functions. It -supports only 8 (so far) of the SMBtrans sub-functions. Even NT -doesn't support them all. - -Samba currently supports up to the "NT LM 0.12" protocol, which is the -one preferred by Win95 and WinNT3.5. Luckily this protocol level has a -"capabilities" field which specifies which super-duper new-fangled -options the server suports. This helps to make the implementation of -this protocol level much easier. - -There is also a problem with the SMB specications. SMB is a X/Open -spec, but the X/Open book is far from ideal, and fails to cover many -important issues, leaving much to the imagination. Microsoft recently -renamed the SMB protocol CIFS (Common Internet File System) and have -published new specifications. These are far superior to the old -X/Open documents but there are still undocumented calls and features. -This specification is actively being worked on by a CIFS developers -mailing list hosted by Microsft. - diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt deleted file mode 100644 index 772ef74a4c0..00000000000 --- a/docs/textdocs/WinNT.txt +++ /dev/null @@ -1,69 +0,0 @@ -Contributor: Various -Updated: June 27, 1997 -Status: Current - -Subject: Samba and Windows NT Password Handling -============================================================================= - -There are some particular issues with Samba and Windows NT. - -Passwords: -========== -One of the most annoying problems with WinNT is that NT refuses to -connect to a server that is in user level security mode and that -doesn't support password encryption unless it first prompts the user -for a password. - -This means even if you have the same password on the NT box and the -Samba server you will get prompted for a password. Entering the -correct password will get you connected only if Windows NT can -communicate with Samba using a compatible mode of password security. - -All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate -plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed -this default behaviour so it now will only handle encrypted passwords. -The following registry entry change will re-enable clear text password -handling: - -Run regedt32.exe and locate the hive key entry: -HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\rdr\parameters\ - -Add the following value: - EnablePlainTextPassword:REG_DWORD=1 - - -The other major ramification of this feature of NT is that it can't -browse a user level non-encrypted server unless it already has a -connection open. This is because there is no spot for a password -prompt in the browser window. It works fine if you already have a -drive mounted (for example, one auto mounted on startup). -===================================================================== - -Printing: -========= -When you mount a printer using the print manager in NT you may find -the following info from Matthew Harrell <harrell@leech.nrl.navy.mil> -useful: - ------------- - I noticed in your change-log you noted that some people were -still unable to use print manager under NT. If this is the same problem -that I encountered, it's caused by the length of time it takes NT to -determine if the printer is ready. - -The problem occurs when you double-click on a printer to connect it to -the NT machine. Because it's unable to determine if the printer is ready -in the short span of time it has, it assumes it isn't and gives some -strange error about not having enough resources (I forget what the error -is). A solution to this that seems to work fine for us is to click -once on the printer, look at the bottom of the window and wait until -it says it's ready, then clilck on "OK". - -By the way, this problem probably occurs in our group because the -Samba server doesn't actually have the printers - it queues them to -remote printers either on other machines or using their own network -cards. Because of this "middle layer", it takes an extra amount of -time for the NT machine to get verification that the printer queue -actually exists. - -I hope this helped in some way... diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt deleted file mode 100644 index fac446fda8e..00000000000 --- a/docs/textdocs/security_level.txt +++ /dev/null @@ -1,96 +0,0 @@ -Contributor: Andrew Tridgell -Updated: June 27, 1997 -Status: Current - -Subject: Description of SMB security levels. -=========================================================================== - -Samba supports the following options to the global smb.conf parameter -"security =": - share, user, server - -Of the above, "security = server" means that Samba reports to clients that -it is running in "user mode" but actually passes off all authentication -requests to another "user mode" server. This requires an additional -parameter "password server =" that points to the real authentication server. -That real authentication server can be another Samba server or can be a -Windows NT server, the later natively capable of encrypted password support. - -Below is a more complete description of security levels. -=========================================================================== - -A SMB server tells the client at startup what "security level" it is -running. There are two options "share level" and "user level". Which -of these two the client receives affects the way the client then tries -to authenticate itself. It does not directly affect (to any great -extent) the way the Samba server does security. I know this is -strange, but it fits in with the client/server approach of SMB. In SMB -everything is initiated and controlled by the client, and the server -can only tell the client what is available and whether an action is -allowed. - -I'll describe user level security first, as its simpler. In user level -security the client will send a "session setup" command directly after -the protocol negotiation. This contains a username and password. The -server can either accept or reject that username/password -combination. Note that at this stage the server has no idea what -share the client will eventually try to connect to, so it can't base -the "accept/reject" on anything other than: - -- the username/password -- the machine that the client is coming from - -If the server accepts the username/password then the client expects to -be able to mount any share (using a "tree connection") without -specifying a password. It expects that all access rights will be as -the username/password specified in the "session setup". - -It is also possible for a client to send multiple "session setup" -requests. When the server responds it gives the client a "uid" to use -as an authentication tag for that username/password. The client can -maintain multiple authentication contexts in this way (WinDD is an -example of an application that does this) - - -Ok, now for share level security. In share level security (the default -with samba) the client authenticates itself separately for each -share. It will send a password along with each "tree connection" -(share mount). It does not explicitly send a username with this -operation. The client is expecting a password to be associated with -each share, independent of the user. This means that samba has to work -out what username the client probably wants to use. It is never -explicitly sent the username. Some commercial SMB servers such as NT actually -associate passwords directly with shares in share level security, but -samba always uses the unix authentication scheme where it is a -username/password that is authenticated, not a "share/password". - -Many clients send a "session setup" even if the server is in share -level security. They normally send a valid username but no -password. Samba records this username in a list of "possible -usernames". When the client then does a "tree connection" it also adds -to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the "user =" smb.conf -line. The password is then checked in turn against these "possible -usernames". If a match is found then the client is authenticated as -that user. - -Finally "server level" security. In server level security the samba -server reports to the client that it is in user level security. The -client then does a "session setup" as described earlier. The samba -server takes the username/password that the client sends and attempts -to login to the "password server" by sending exactly the same -username/password that it got from the client. If that server is in -user level security and accepts the password then samba accepts the -clients connection. This allows the samba server to use another SMB -server as the "password server". - -You should also note that at the very start of all this, where the -server tells the client what security level it is in, it also tells -the client if it supports encryption. If it does then it supplies the -client with a random "cryptkey". The client will then send all -passwords in encrypted form. You have to compile samba with encryption -enabled to support this feature, and you have to maintain a separate -smbpasswd file with SMB style encrypted passwords. It is -cryptographically impossible to translate from unix style encryption -to SMB style encryption, although there are some fairly simple management -schemes by which the two could be kept in sync. |