From 3395decfee3b749fb197e243e9bb44b66cc27f1c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 13 Oct 2001 08:19:27 +0000 Subject: Sync up with Gerry's changes. Jeremy --- docs/htmldocs/DOMAIN_MEMBER.html | 29 +- docs/htmldocs/PAM-Authentication-And-Samba.html | 29 +- docs/htmldocs/Samba-HOWTO-Collection.html | 383 ++++++++++++------------ docs/htmldocs/printer_driver2.html | 174 +++++------ docs/htmldocs/smb.conf.5.html | 32 +- 5 files changed, 326 insertions(+), 321 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/DOMAIN_MEMBER.html b/docs/htmldocs/DOMAIN_MEMBER.html index bb29c416eb4..b7ef4c9a61b 100644 --- a/docs/htmldocs/DOMAIN_MEMBER.html +++ b/docs/htmldocs/DOMAIN_MEMBER.html @@ -32,17 +32,7 @@ NAME="AEN3" >Joining an NT Domain with Samba 2.2

In order for a Samba-2 server to join an NT domain, - you must first add the NetBIOS name of the Samba server to the - NT domain on the PDC using Server Manager for Domains. This creates - the machine account in the domain (PDC) SAM. Note that you should - add the Samba server as a "Windows NT Workstation or Server", - NOT as a Primary or backup domain controller.

Assume you have a Samba-2 server with a NetBIOS name of +>Assume you have a Samba 2.x server with a NetBIOS name of SERV1smbpasswd -j DOM -r DOMPDC - Administrator%password

as we are joining the domain DOM and the PDC for that domain (the only machine that has write access to the domain SAM database) - is DOMPDC. If this is successful you will see the message:

Administrator%password is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:

pam_smbpass.so module is provided by -Samba version 2.2.1 or later. It can be compiled only if the ---with-pam --with-pam_smbpass options are both -provided to the Samba configure program.

--with-pam_smbpass options when running Samba's +configure script. For more information +on the pam_smbpass module, see the documentation +in the source/pam_smbpass directory of the Samba +source distribution.

Distributed Authentication
PAM Configuration in smb.conf
3.2. Distributed Authentication
3.3. PAM Configuration in smb.conf
4.1. Instructions
4.1.1. Notes
5.1. Viewing and changing UNIX permissions using the NT 
 	security dialogs
5.2. How to view file security on a Samba share
5.3. Viewing file ownership
5.4. Viewing file or directory permissions
5.4.1. File Permissions
5.4.2. Directory Permissions
5.5. Modifying file or directory permissions
5.6. Interaction with the standard Samba create mask 
 	parameters
5.7. Interaction with the standard Samba file attribute 
 	mapping
6.1. Introduction
6.2. Configuration
6.2.1. Creating [print$]
6.2.2. Setting Drivers for Existing Printers
6.2.3. Support a large number of printers
6.2.4. Adding New Printers via the Windows NT APW
6.2.5. Samba and Printer Ports
6.3. The Imprints Toolset
6.3.1. What is Imprints?
6.3.2. Creating Printer Driver Packages
6.3.3. The Imprints server
6.3.4. The Installation Client
6.4. 
7.1. Joining an NT Domain with Samba 2.2
7.2. Samba and Windows 2000 Domains
7.3. Why is this better than security = server?
8.1. Prerequisite Reading
8.2. Background
8.3. Configuring the Samba Domain Controller
8.4. Creating Machine Trust Accounts and Joining Clients 
 to the Domain
8.4.1. Manually creating machine trust accounts
8.4.2. Creating machine trust accounts "on the fly"
8.5. Common Problems and Errors
8.6. System Policies and Profiles
8.7. What other help can I get ?
8.8. Domain Control for Windows 9x/ME
8.8.1. Configuration Instructions:	Network Logons
8.8.2. Configuration Instructions:	Setting up Roaming User Profiles
8.8.2.1. Windows NT Configuration
8.8.2.2. Windows 9X Configuration
8.8.2.3. Win9X and WinNT Configuration
8.8.2.4. Windows 9X Profile Setup
8.8.2.5. Windows NT Workstation 4.0
8.8.2.6. Windows NT Server
8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0
8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
9.1. Abstract
9.2. Introduction
9.3. What Winbind Provides
9.3.1. Target Uses
9.4. How Winbind Works
9.4.1. Microsoft Remote Procedure Calls
9.4.2. Name Service Switch
9.4.3. Pluggable Authentication Modules
9.4.4. User and Group ID Allocation
9.4.5. Result Caching
9.5. Installation and Configuration
9.5.1. Introduction
9.5.2. Requirements
9.5.3. Testing Things Out
9.5.3.1. Configure and compile SAMBA
9.5.3.2. Configure nsswitch.conf and the winbind libraries
9.5.3.3. Configure smb.conf
9.5.3.4. Join the SAMBA server to the PDC domain
9.5.3.5. Start up the winbindd daemon and test it!
9.5.3.6. Fix the /etc/rc.d/init.d/smb startup files
9.5.3.7. Configure Winbind and PAM
9.6. Limitations
9.7. Conclusion
10.1. FAQs
10.1.1. How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?
10.1.2. How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?
10.1.3. Are there any other issues when OS/2 (any version) 
 		is used as a client?
10.1.4. How do I get printer driver download working 
 		for OS/2 clients?
11.1. Introduction
11.2. CVS Access to samba.org
11.2.1. Access via CVSweb
11.2.2. Access via cvs
Index
pam_smbpass.so module is provided by 
-Samba version 2.2.1 or later. It can be compiled only if the 
---with-pam --with-pam_smbpass options are both 
-provided to the Samba configure program.
--with-pam_smbpass options when running Samba's
+configure script.  For more information
+on the pam_smbpass module, see the documentation
+in the source/pam_smbpass directory of the Samba 
+source distribution.
3.2. Distributed Authentication
3.3. PAM Configuration in smb.conf
4.1. Instructions
4.1.1. Notes
5.1. Viewing and changing UNIX permissions using the NT 
 	security dialogs
5.2. How to view file security on a Samba share
5.3. Viewing file ownership
5.4. Viewing file or directory permissions
5.4.1. File Permissions
5.4.2. Directory Permissions
5.5. Modifying file or directory permissions
5.6. Interaction with the standard Samba create mask 
 	parameters
5.7. Interaction with the standard Samba file attribute 
 	mapping
6.1. Introduction
6.2. Configuration
6.2.1. Creating [print$]
6.2.2. Setting Drivers for Existing Printers
6.2.3. Support a large number of printers
6.2.4. Adding New Printers via the Windows NT APW
6.2.5. Samba and Printer Ports
6.3. The Imprints Toolset
6.3.1. What is Imprints?
6.3.2. Creating Printer Driver Packages
6.3.3. The Imprints server
6.3.4. The Installation Client
6.4. 
7.1. Joining an NT Domain with Samba 2.2
In order for a Samba-2 server to join an NT domain, 
-	you must first add the NetBIOS name of the Samba server to the 
-	NT domain on the PDC using Server Manager for Domains.  This creates 
-	the machine account in the domain (PDC) SAM. Note that you should 
-	add the Samba server as a "Windows NT Workstation or Server", 
-	NOT as a Primary or backup domain controller.
Assume you have a Samba-2 server with a NetBIOS name of 
+>Assume you have a Samba 2.x server with a NetBIOS name of 
 	SERV1smbpasswd -j DOM -r DOMPDC
-	Administrator%password
as we are joining the domain DOM and the PDC for that domain 
 	(the only machine that has write access to the domain SAM database) 
-	is DOMPDC. If this is successful you will see the message:
Administrator%password is 
+	the login name and password for an account which has the necessary 
+	privilege to add machines to the domain.  If this is successful 
+	you will see the message:
7.2. Samba and Windows 2000 Domains
7.3. Why is this better than security = server?
8.1. Prerequisite Reading
8.2. Background
8.3. Configuring the Samba Domain Controller
8.4. Creating Machine Trust Accounts and Joining Clients 
 to the Domain
8.4.1. Manually creating machine trust accounts
8.4.2. Creating machine trust accounts "on the fly"
8.5. Common Problems and Errors
8.6. System Policies and Profiles
8.7. What other help can I get ?
8.8. Domain Control for Windows 9x/ME
8.8.1. Configuration Instructions:	Network Logons
8.8.2. Configuration Instructions:	Setting up Roaming User Profiles
8.8.2.1. Windows NT Configuration
8.8.2.2. Windows 9X Configuration
8.8.2.3. Win9X and WinNT Configuration
8.8.2.4. Windows 9X Profile Setup
8.8.2.5. Windows NT Workstation 4.0
8.8.2.6. Windows NT Server
8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0
8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
9.1. Abstract
9.2. Introduction
9.3. What Winbind Provides
9.3.1. Target Uses
9.4. How Winbind Works
9.4.1. Microsoft Remote Procedure Calls
9.4.2. Name Service Switch
9.4.3. Pluggable Authentication Modules
9.4.4. User and Group ID Allocation
9.4.5. Result Caching
9.5. Installation and Configuration
9.5.1. Introduction
9.5.2. Requirements
9.5.3. Testing Things Out
9.5.3.1. Configure and compile SAMBA
9.5.3.2. Configure nsswitch.conf and the winbind libraries
9.5.3.3. Configure smb.conf
9.5.3.4. Join the SAMBA server to the PDC domain
9.5.3.5. Start up the winbindd daemon and test it!
9.5.3.6. Fix the /etc/rc.d/init.d/smb startup files
9.5.3.7. Configure Winbind and PAM
9.6. Limitations
9.7. Conclusion
10.1. FAQs
10.1.1. How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?
10.1.2. How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?
10.1.3. Are there any other issues when OS/2 (any version) 
 		is used as a client?
10.1.4. How do I get printer driver download working 
 		for OS/2 clients?
11.1. Introduction
11.2. CVS Access to samba.org
11.2.1. Access via CVSweb
11.2.2. Access via cvs
Index
Primary  Domain Controller,
     Background
   
Given that printer driver management has changed (we hope improved) in 
 2.2 over prior releases, migration from an existing setup to 2.2 can 
-follow several paths.
Windows clients have a tendency to remember things for quite a while.
-For example, if a Windows NT client has attached to a Samba 2.0 server,
-it will remember the server as a LanMan printer server.  Upgrading 
-the Samba host to 2.2 makes support for MSRPC printing possible, but 
-the NT client will still remember the previous setting.
  • In order to give an NT client printing "amnesia" (only necessary if you 
-want to use the newer MSRPC printing functionality in Samba), delete 
-the registry keys associated with the print server contained in 
-[HKLM\SYSTEM\CurrentControlSet\Control\Print].  The 
-spooler service on the client should be stopped prior to doing this:
    If you do not desire the new Windows NT 
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.
  • C:\WINNT\ > net stop spooler
    If you want to take advantage of NT printer 
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	printers.def file.  When smbd attempts 
+	to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The make_printerdef 
+	tool will also remain for backwards compatibility but will 
+	be removed in the next major release.
  • All the normal disclaimers about editing the registry go 
-here.  Be careful, and know what you are doing.
    If you install a Windows 9x driver for a printer 
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).
  • The spooler service should be restarted after you have finished 
-removing the appropriate registry entries by replacing the 
-If you want to migrate an existing printers.def 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using stop command above with smbclient and start.
    Windows 9x clients will continue to use LanMan printing calls
-with a 2.2 Samba server so there is no need to perform any of these
-modifications on non-NT clients.
    rpcclient.  See the 
+	Imprints installation client at http://imprints.sourceforge.net/ 
+	for an example.
+	
The following smb.conf parameters are considered to be depreciated and will 
-be removed soon.  Do not use them in new installations
The following smb.conf parameters are considered to 
+be deprecated and will be removed soon.  Do not use them in new 
+installations
    Here are the possible scenarios for supporting migration:
    • If you do not desire the new Windows NT 
-	print driver support, nothing needs to be done.  
-	All existing parameters work the same.
    • If you want to take advantage of NT printer 
-	driver support but do not want to migrate the 
-	9x drivers to the new setup, the leave the existing 
-	printers.def file.  When smbd attempts to locate a 
-	9x driver for the printer in the TDB and fails it 
-	will drop down to using the printers.def (and all 
-	associated parameters).  The make_printerdef 
-	tool will also remain for backwards compatibility but will 
-	be moved to the "this tool is the old way of doing it" 
-	pile.
    • If you install a Windows 9x driver for a printer 
-	on your Samba host (in the printing TDB), this information will 
-	take precedence and the three old printing parameters
-	will be ignored (including print driver location).
    • If you want to migrate an existing printers.def 
-	file into the new setup, the current only solution is to use the Windows 
-	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
-	using smbclient and rpcclient.  See the 
-	Imprints installation client at http://imprints.sourceforge.net/ 
-	for an example.
-	
    The have been two new parameters add in Samba 2.2.2 to for 
+better support of Samba 2.0.x backwards capability (disable
+spoolss) and for using local printers drivers on Windows 
+NT/2000 clients (use client driver). Both of 
+these options are described in the smb.coinf(5) man page and are 
+disabled by default.
  • nt acl support
  • COMPLETE LIST OF SERVICE PARAMETERS
  • nt acl support
  • nt acl support (G)nt acl support (S)
    This boolean parameter controls whether 
@@ -12613,7 +12613,9 @@ HREF="smbd.8.html"
 TARGET="_top"
 >smbd(8) will attempt to map 
-		UNIX permissions into Windows NT access control lists.
    Default: