Valuable Nuts and Bolts Information
Samba has several features that you might want or might not want to use.
The chapters in this part each cover specific Samba features.
Table of Contents
- 9. Network Browsing
- Features and Benefits
- What Is Browsing?
- Discussion
- NetBIOS over TCP/IP
- TCP/IP without NetBIOS
- DNS and Active Directory
- How Browsing Functions
- Configuring Workgroup Browsing
- Domain Browsing Configuration
- Forcing Samba to Be the Master
- Making Samba the Domain Master
- Note about Broadcast Addresses
- Multiple Interfaces
- Use of the Remote Announce Parameter
- Use of the Remote Browse Sync Parameter
- WINS: The Windows Internetworking Name Server
- WINS Server Configuration
- WINS Replication
- Static WINS Entries
- Helpful Hints
- Windows Networking Protocols
- Name Resolution Order
- Technical Overview of Browsing
- Browsing Support in Samba
- Problem Resolution
- Cross-Subnet Browsing
- Common Errors
- Flushing the Samba NetBIOS Name Cache
- Server Resources Cannot Be Listed
- I Get an "Unable to browse the network" Error
- Browsing of Shares and Directories is Very Slow
- 10. Account Information Databases
- Features and Benefits
- Backward Compatibility Account Storage Systems
- New Account Storage Systems
- Technical Information
- Important Notes About Security
- Mapping User Identifiers between MS Windows and UNIX
- Mapping Common UIDs/GIDs on Distributed Machines
- Comments Regarding LDAP
- LDAP Directories and Windows Computer Accounts
- Account Management Tools
- The smbpasswd Tool
- The pdbedit Tool
- Password Backends
- Plaintext
- smbpasswd: Encrypted Password Database
- tdbsam
- ldapsam
- MySQL
- XML
- Common Errors
- Users Cannot Logon
- Users Being Added to the Wrong Backend Database
- Configuration of
auth methods
- 11. Group Mapping: MS Windows and UNIX
- Features and Benefits
- Discussion
- Warning: User Private Group Problems
- Nested Groups: Adding Windows Domain Groups to Windows Local Groups
- Important Administrative Information
- Default Users, Groups, and Relative Identifiers
- Example Configuration
- Configuration Scripts
- Sample
smb.conf Add Group Script - Script to Configure Group Mapping
- Common Errors
- Adding Groups Fails
- Adding Domain Users to the Workstation Power Users Group
- 12. Remote and Local Management: The Net Command
- Overview
- Administrative Tasks and Methods
- UNIX and Windows Group Management
- Adding, Renaming, or Deletion of Group Accounts
- Manipulating Group Memberships
- Nested Group Support
- UNIX and Windows User Management
- Adding User Accounts
- Deletion of User Accounts
- Managing User Accounts
- User Mapping
- Administering User Rights and Privileges
- Managing Trust Relationships
- Machine Trust Accounts
- Interdomain Trusts
- Managing Security Identifiers (SIDS)
- Share Management
- Creating, Editing, and Removing Shares
- Creating and Changing Share ACLs
- Share, Directory, and File Migration
- Printer Migration
- Controlling Open Files
- Session and Connection Management
- Printers and ADS
- Manipulating the Samba Cache
- Managing IDMAP UID/SID Mappings
- Creating an IDMAP Database Dump File
- Restoring the IDMAP Database Dump File
- Other Miscellaneous Operations
- 13. Identity Mapping (IDMAP)
- Samba Server Deployment Types and IDMAP
- Standalone Samba Server
- Domain Member Server or Domain Member Client
- Primary Domain Controller
- Backup Domain Controller
- Examples of IDMAP Backend Usage
- Default Winbind TDB
- IDMAP_RID with Winbind
- IDMAP Storage in LDAP Using Winbind
- IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension
- 14. User Rights and Privileges
- Rights Management Capabilities
- Using the “net rpc rights” Utility
- Description of Privileges
- Privileges Suppored by Windows 2000 Domain Controllers
- The Administrator Domain SID
- Common Errors
- What Rights and Privileges Will Permit Windows Client Administration?
- 15. File, Directory, and Share Access Controls
- Features and Benefits
- File System Access Controls
- MS Windows NTFS Comparison with UNIX File Systems
- Managing Directories
- File and Directory Access Control
- Share Definition Access Controls
- User- and Group-Based Controls
- File and Directory Permissions-Based Controls
- Miscellaneous Controls
- Access Controls on Shares
- Share Permissions Management
- MS Windows Access Control Lists and UNIX Interoperability
- Managing UNIX Permissions Using NT Security Dialogs
- Viewing File Security on a Samba Share
- Viewing File Ownership
- Viewing File or Directory Permissions
- Modifying File or Directory Permissions
- Interaction with the Standard Samba “create mask” Parameters
- Interaction with the Standard Samba File Attribute Mapping
- Windows NT/200X ACLs and POSIX ACLs Limitations
- Common Errors
- Users Cannot Write to a Public Share
- File Operations Done as root with force user Set
- MS Word with Samba Changes Owner of File
- 16. File and Record Locking
- Features and Benefits
- Discussion
- Opportunistic Locking Overview
- Samba Oplocks Control
- Example Configuration
- MS Windows Oplocks and Caching Controls
- Workstation Service Entries
- Server Service Entries
- Persistent Data Corruption
- Common Errors
- locking.tdb Error Messages
- Problems Saving Files in MS Office on Windows XP
- Long Delays Deleting Files over Network with XP SP1
- Additional Reading
- 17. Securing Samba
- Introduction
- Features and Benefits
- Technical Discussion of Protective Measures and Issues
- Using Host-Based Protection
- User-Based Protection
- Using Interface Protection
- Using a Firewall
- Using IPC$ Share-Based Denials
- NTLMv2 Security
- Upgrading Samba
- Common Errors
- Smbclient Works on Localhost, but the Network Is Dead
- Why Can Users Access Other Users' Home Directories?
- 18. Interdomain Trust Relationships
- Features and Benefits
- Trust Relationship Background
- Native MS Windows NT4 Trusts Configuration
- Creating an NT4 Domain Trust
- Completing an NT4 Domain Trust
- Interdomain Trust Facilities
- Configuring Samba NT-Style Domain Trusts
- Samba as the Trusted Domain
- Samba as the Trusting Domain
- NT4-Style Domain Trusts with Windows 2000
- Common Errors
- Browsing of Trusted Domain Fails
- Problems with LDAP ldapsam and Older Versions of smbldap-tools
- 19. Hosting a Microsoft Distributed File System Tree
- Features and Benefits
- Common Errors
- MSDFS UNIX Path Is Case-Critical
- 20. Classical Printing Support
- Features and Benefits
- Technical Introduction
- Client to Samba Print Job Processing
- Printing-Related Configuration Parameters
- Simple Print Configuration
- Verifying Configuration with testparm
- Rapid Configuration Validation
- Extended Printing Configuration
- Detailed Explanation Settings
- Printing Developments Since Samba-2.2
- Point'n'Print Client Drivers on Samba Servers
- The Obsoleted [printer$] Section
- Creating the [print$] Share
- [print$] Stanza Parameters
- The [print$] Share Directory
- Installing Drivers into [print$]
- Add Printer Wizard Driver Installation
- Installing Print Drivers Using rpcclient
- Client Driver Installation Procedure
- First Client Driver Installation
- Setting Device Modes on New Printers
- Additional Client Driver Installation
- Always Make First Client Connection as root or “printer admin”
- Other Gotchas
- Setting Default Print Options for Client Drivers
- Supporting Large Numbers of Printers
- Adding New Printers with the Windows NT APW
- Error Message: “Cannot connect under a different Name”
- Take Care When Assembling Driver Files
- Samba and Printer Ports
- Avoiding Common Client Driver Misconfiguration
- The Imprints Toolset
- What Is Imprints?
- Creating Printer Driver Packages
- The Imprints Server
- The Installation Client
- Adding Network Printers without User Interaction
- The addprinter Command
- Migration of Classical Printing to Samba
- Publishing Printer Information in Active Directory or LDAP
- Common Errors
- I Give My Root Password but I Do Not Get Access
- My Print Jobs Get Spooled into the Spooling Directory, but Then Get Lost
- 21. CUPS Printing Support
- Introduction
- Features and Benefits
- Overview
- Basic CUPS Support Configuration
- Linking smbd with libcups.so
- Simple
smb.conf Settings for CUPS - More Complex CUPS
smb.conf Settings
- Advanced Configuration
- Central Spooling vs. “Peer-to-Peer” Printing
- Raw Print Serving: Vendor Drivers on Windows Clients
- Installation of Windows Client Drivers
- Explicitly Enable “raw” Printing for application/octet-stream
- Driver Upload Methods
- Advanced Intelligent Printing with PostScript Driver Download
- GDI on Windows, PostScript on UNIX
- Windows Drivers, GDI, and EMF
- UNIX Printfile Conversion and GUI Basics
- PostScript and Ghostscript
- Ghostscript: The Software RIP for Non-PostScript Printers
- PostScript Printer Description (PPD) Specification
- Using Windows-Formatted Vendor PPDs
- CUPS Also Uses PPDs for Non-PostScript Printers
- The CUPS Filtering Architecture
- MIME Types and CUPS Filters
- MIME Type Conversion Rules
- Filtering Overview
- Prefilters
- pstops
- pstoraster
- imagetops and imagetoraster
- rasterto [printers specific]
- CUPS Backends
- The Role of
cupsomatic/foomatic - The Complete Picture
mime.convs- “Raw” Printing
- application/octet-stream Printing
- PostScript Printer Descriptions for Non-PostScript Printers
- cupsomatic/foomatic-rip Versus Native CUPS Printing
- Examples for Filtering Chains
- Sources of CUPS Drivers/PPDs
- Printing with Interface Scripts
- Network Printing (Purely Windows)
- From Windows Clients to an NT Print Server
- Driver Execution on the Client
- Driver Execution on the Server
- Network Printing (Windows Clients and UNIX/Samba Print
Servers)
- From Windows Clients to a CUPS/Samba Print Server
- Samba Receiving Job-Files and Passing Them to CUPS
- Network PostScript RIP
- PPDs for Non-PS Printers on UNIX
- PPDs for Non-PS Printers on Windows
- Windows Terminal Servers (WTS) as CUPS Clients
- Printer Drivers Running in “Kernel Mode” Cause Many
Problems
- Workarounds Impose Heavy Limitations
- CUPS: A “Magical Stone”?
- PostScript Drivers with No Major Problems, Even in Kernel
Mode
- Configuring CUPS for Driver Download
- cupsaddsmb: The Unknown Utility
- Prepare Your
smb.conf for cupsaddsmb - CUPS “PostScript Driver for Windows NT/200x/XP”
- Recognizing Different Driver Files
- Acquiring the Adobe Driver Files
- ESP Print Pro PostScript Driver for Windows NT/200x/XP
- Caveats to Be Considered
- Windows CUPS PostScript Driver Versus Adobe Driver
- Run cupsaddsmb (Quiet Mode)
- Run cupsaddsmb with Verbose Output
- Understanding cupsaddsmb
- How to Recognize If cupsaddsmb Completed Successfully
- cupsaddsmb with a Samba PDC
- cupsaddsmb Flowchart
- Installing the PostScript Driver on a Client
- Avoiding Critical PostScript Driver Settings on the Client
- Installing PostScript Driver Files Manually Using rpcclient
- A Check of the rpcclient man Page
- Understanding the rpcclient man Page
- Producing an Example by Querying a Windows Box
- Requirements for adddriver and setdriver to Succeed
- Manual Driver Installation in 15 Steps
- Troubleshooting Revisited
- The Printing
*.tdb Files - Trivial Database Files
- Binary Format
- Losing
*.tdb Files - Using tdbbackup
- CUPS Print Drivers from Linuxprinting.org
- foomatic-rip and Foomatic Explained
- foomatic-rip and Foomatic PPD Download and Installation
- Page Accounting with CUPS
- Setting Up Quotas
- Correct and Incorrect Accounting
- Adobe and CUPS PostScript Drivers for Windows Clients
- The page_log File Syntax
- Possible Shortcomings
- Future Developments
- Other Accounting Tools
- Additional Material
- Autodeletion or Preservation of CUPS Spool Files
- CUPS Configuration Settings Explained
- Preconditions
- Manual Configuration
- Printing from CUPS to Windows-Attached Printers
- More CUPS Filtering Chains
- Common Errors
- Windows 9x/Me Client Can't Install Driver
- “cupsaddsmb” Keeps Asking for Root Password in Never-ending Loop
- “cupsaddsmb” or “rpcclient addriver” Emit Error
- “cupsaddsmb” Errors
- Client Can't Connect to Samba Printer
- New Account Reconnection from Windows 200x/XP Troubles
- Avoid Being Connected to the Samba Server as the Wrong User
- Upgrading to CUPS Drivers from Adobe Drivers
- Can't Use “cupsaddsmb” on Samba Server, Which Is a PDC
- Deleted Windows 200x Printer Driver Is Still Shown
- Windows 200x/XP Local Security Policies
- Administrator Cannot Install Printers for All Local Users
- Print Change, Notify Functions on NT Clients
- Win XP-SP1
- Print Options for All Users Can't Be Set on Windows 200x/XP
- Most Common Blunders in Driver Settings on Windows Clients
- cupsaddsmb Does Not Work with Newly Installed Printer
- Permissions on
/var/spool/samba/ Get Reset After Each Reboot - Print Queue Called “lp” Mishandles Print Jobs
- Location of Adobe PostScript Driver Files for “cupsaddsmb”
- Overview of the CUPS Printing Processes
- 22. Stackable VFS modules
- Features and Benefits
- Discussion
- Included Modules
- audit
- default_quota
- extd_audit
- fake_perms
- recycle
- netatalk
- shadow_copy
- VFS Modules Available Elsewhere
- DatabaseFS
- vscan
- 23. Winbind: Use of Domain Accounts
- Features and Benefits
- Introduction
- What Winbind Provides
- Target Uses
- Handling of Foreign SIDs
- How Winbind Works
- Microsoft Remote Procedure Calls
- Microsoft Active Directory Services
- Name Service Switch
- Pluggable Authentication Modules
- User and Group ID Allocation
- Result Caching
- Installation and Configuration
- Introduction
- Requirements
- Testing Things Out
- Conclusion
- Common Errors
- NSCD Problem Warning
- Winbind Is Not Resolving Users and Groups
- 24. Advanced Network Management
- Features and Benefits
- Remote Server Administration
- Remote Desktop Management
- Remote Management from NoMachine.Com
- Network Logon Script Magic
- Adding Printers without User Intervention
- Limiting Logon Connections
- 25. System and Account Policies
- Features and Benefits
- Creating and Managing System Policies
- Windows 9x/ME Policies
- Windows NT4-Style Policy Files
- MS Windows 200x/XP Professional Policies
- Managing Account/User Policies
- Management Tools
- Samba Editreg Toolset
- Windows NT4/200x
- Samba PDC
- System Startup and Logon Processing Overview
- Common Errors
- Policy Does Not Work
- 26. Desktop Profile Management
- Features and Benefits
- Roaming Profiles
- Samba Configuration for Profile Handling
- Windows Client Profile Configuration Information
- User Profile Hive Cleanup Service
- Sharing Profiles between Windows 9x/Me and NT4/200x/XP Workstations
- Profile Migration from Windows NT4/200x Server to Samba
- Mandatory Profiles
- Creating and Managing Group Profiles
- Default Profile for Windows Users
- MS Windows 9x/Me
- MS Windows NT4 Workstation
- MS Windows 200x/XP
- Common Errors
- Configuring Roaming Profiles for a Few Users or Groups
- Cannot Use Roaming Profiles
- Changing the Default Profile
- Debugging Roaming Profiles and NT4-style Domain Policies
- 27. PAM-Based Distributed Authentication
- Features and Benefits
- Technical Discussion
- PAM Configuration Syntax
- Example System Configurations
smb.conf PAM Configuration- Remote CIFS Authentication Using
winbindd.so - Password Synchronization Using
pam_smbpass.so
- Common Errors
- pam_winbind Problem
- Winbind Is Not Resolving Users and Groups
- 28. Integrating MS Windows Networks with Samba
- Features and Benefits
- Background Information
- Name Resolution in a Pure UNIX/Linux World
/etc/hosts/etc/resolv.conf/etc/host.conf/etc/nsswitch.conf
- Name Resolution as Used within MS Windows Networking
- The NetBIOS Name Cache
- The LMHOSTS File
- HOSTS File
- DNS Lookup
- WINS Lookup
- Common Errors
- Pinging Works Only One Way
- Very Slow Network Connections
- Samba Server Name-Change Problem
- 29. Unicode/Charsets
- Features and Benefits
- What Are Charsets and Unicode?
- Samba and Charsets
- Conversion from Old Names
- Japanese Charsets
- Basic Parameter Setting
- Individual Implementations
- Migration from Samba-2.2 Series
- Common Errors
- CP850.so Can't Be Found
- 30. Backup Techniques
- Features and Benefits
- Discussion of Backup Solutions
- BackupPC
- Rsync
- Amanda
- BOBS: Browseable Online Backup System
- 31. High Availability
- Features and Benefits
- Technical Discussion
- The Ultimate Goal
- Why Is This So Hard?
- A Simple Solution
- High-Availability Server Products
- MS-DFS: The Poor Man's Cluster
- Conclusions
- 32. Handling Large Directories
- 33. Advanced Configuration Techniques
- Implementation
- Multiple Server Hosting
- Multiple Virtual Server Personalities
- Multiple Virtual Server Hosting