Valuable Nuts and Bolts Information
Samba has several features that you might want or might not want to use.
The chapters in this part each cover specific Samba features.
Table of Contents
- 9. Important and Critical Change Notes for the Samba 3.x Series
- Important Samba-3.2.x Change Notes
- Important Samba-3.0.x Change Notes
- User and Group Changes
- Essential Group Mappings
- Passdb Changes
- Group Mapping Changes in Samba-3.0.23
- LDAP Changes in Samba-3.0.23
- 10. Network Browsing
- Features and Benefits
- What Is Browsing?
- Discussion
- NetBIOS over TCP/IP
- TCP/IP without NetBIOS
- DNS and Active Directory
- How Browsing Functions
- Configuring Workgroup Browsing
- Domain Browsing Configuration
- Forcing Samba to Be the Master
- Making Samba the Domain Master
- Note about Broadcast Addresses
- Multiple Interfaces
- Use of the Remote Announce Parameter
- Use of the Remote Browse Sync Parameter
- WINS: The Windows Internetworking Name Server
- WINS Server Configuration
- WINS Replication
- Static WINS Entries
- Helpful Hints
- Windows Networking Protocols
- Name Resolution Order
- Technical Overview of Browsing
- Browsing Support in Samba
- Problem Resolution
- Cross-Subnet Browsing
- Common Errors
- Flushing the Samba NetBIOS Name Cache
- Server Resources Cannot Be Listed
- I Get an "Unable to browse the network" Error
- Browsing of Shares and Directories is Very Slow
- Invalid Cached Share References Affects Network Browsing
- 11. Account Information Databases
- Features and Benefits
- Backward Compatibility Account Storage Systems
- New Account Storage Systems
- Technical Information
- Important Notes About Security
- Mapping User Identifiers between MS Windows and UNIX
- Mapping Common UIDs/GIDs on Distributed Machines
- Comments Regarding LDAP
- LDAP Directories and Windows Computer Accounts
- Account Management Tools
- The smbpasswd Tool
- The pdbedit Tool
- Password Backends
- Plaintext
- smbpasswd: Encrypted Password Database
- tdbsam
- ldapsam
- Common Errors
- Users Cannot Logon
- Configuration of auth methods
- 12. Group Mapping: MS Windows and UNIX
- Features and Benefits
- Discussion
- Warning: User Private Group Problems
- Nested Groups: Adding Windows Domain Groups to Windows Local Groups
- Important Administrative Information
- Default Users, Groups, and Relative Identifiers
- Example Configuration
- Configuration Scripts
- Sample smb.conf Add Group Script
- Script to Configure Group Mapping
- Common Errors
- Adding Groups Fails
- Adding Domain Users to the Workstation Power Users Group
- 13. Remote and Local Management: The Net Command
- Overview
- Administrative Tasks and Methods
- UNIX and Windows Group Management
- Adding, Renaming, or Deletion of Group Accounts
- Manipulating Group Memberships
- Nested Group Support
- UNIX and Windows User Management
- Adding User Accounts
- Deletion of User Accounts
- Managing User Accounts
- User Mapping
- Administering User Rights and Privileges
- Managing Trust Relationships
- Machine Trust Accounts
- Interdomain Trusts
- Managing Security Identifiers (SIDS)
- Share Management
- Creating, Editing, and Removing Shares
- Creating and Changing Share ACLs
- Share, Directory, and File Migration
- Printer Migration
- Controlling Open Files
- Session and Connection Management
- Printers and ADS
- Manipulating the Samba Cache
- Managing IDMAP UID/SID Mappings
- Creating an IDMAP Database Dump File
- Restoring the IDMAP Database Dump File
- Other Miscellaneous Operations
- 14. Identity Mapping (IDMAP)
- Samba Server Deployment Types and IDMAP
- Standalone Samba Server
- Domain Member Server or Domain Member Client
- Primary Domain Controller
- Backup Domain Controller
- Examples of IDMAP Backend Usage
- Default Winbind TDB
- IDMAP_RID with Winbind
- IDMAP Storage in LDAP Using Winbind
- IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension
- 15. User Rights and Privileges
- Rights Management Capabilities
- Using the net rpc rights Utility
- Description of Privileges
- Privileges Suppored by Windows 2000 Domain Controllers
- The Administrator Domain SID
- Common Errors
- What Rights and Privileges Will Permit Windows Client Administration?
- 16. File, Directory, and Share Access Controls
- Features and Benefits
- File System Access Controls
- MS Windows NTFS Comparison with UNIX File Systems
- Managing Directories
- File and Directory Access Control
- Share Definition Access Controls
- User- and Group-Based Controls
- File and Directory Permissions-Based Controls
- Miscellaneous Controls
- Access Controls on Shares
- Share Permissions Management
- MS Windows Access Control Lists and UNIX Interoperability
- Managing UNIX Permissions Using NT Security Dialogs
- Viewing File Security on a Samba Share
- Viewing File Ownership
- Viewing File or Directory Permissions
- Modifying File or Directory Permissions
- Interaction with the Standard Samba create mask Parameters
- Interaction with the Standard Samba File Attribute Mapping
- Windows NT/200X ACLs and POSIX ACLs Limitations
- Common Errors
- Users Cannot Write to a Public Share
- File Operations Done as root with force user Set
- MS Word with Samba Changes Owner of File
- 17. File and Record Locking
- Features and Benefits
- Discussion
- Opportunistic Locking Overview
- Samba Oplocks Control
- Example Configuration
- MS Windows Oplocks and Caching Controls
- Workstation Service Entries
- Server Service Entries
- Persistent Data Corruption
- Common Errors
- locking.tdb Error Messages
- Problems Saving Files in MS Office on Windows XP
- Long Delays Deleting Files over Network with XP SP1
- Additional Reading
- 18. Securing Samba
- Introduction
- Features and Benefits
- Technical Discussion of Protective Measures and Issues
- Using Host-Based Protection
- User-Based Protection
- Using Interface Protection
- Using a Firewall
- Using IPC$ Share-Based Denials
- NTLMv2 Security
- Upgrading Samba
- Common Errors
- Smbclient Works on Localhost, but the Network Is Dead
- Why Can Users Access Other Users' Home Directories?
- 19. Interdomain Trust Relationships
- Features and Benefits
- Trust Relationship Background
- Native MS Windows NT4 Trusts Configuration
- Creating an NT4 Domain Trust
- Completing an NT4 Domain Trust
- Interdomain Trust Facilities
- Configuring Samba NT-Style Domain Trusts
- Samba as the Trusted Domain
- Samba as the Trusting Domain
- NT4-Style Domain Trusts with Windows 2000
- Common Errors
- Browsing of Trusted Domain Fails
- Problems with LDAP ldapsam and Older Versions of smbldap-tools
- 20. Hosting a Microsoft Distributed File System Tree
- Features and Benefits
- Common Errors
- MSDFS UNIX Path Is Case-Critical
- 21. Classical Printing Support
- Features and Benefits
- Technical Introduction
- Client to Samba Print Job Processing
- Printing-Related Configuration Parameters
- Simple Print Configuration
- Verifying Configuration with testparm
- Rapid Configuration Validation
- Extended Printing Configuration
- Detailed Explanation Settings
- Printing Developments Since Samba-2.2
- Point'n'Print Client Drivers on Samba Servers
- The Obsoleted [printer$] Section
- Creating the [print$] Share
- [print$] Stanza Parameters
- The [print$] Share Directory
- Installing Drivers into [print$]
- Add Printer Wizard Driver Installation
- Installing Print Drivers Using rpcclient
- Client Driver Installation Procedure
- First Client Driver Installation
- Setting Device Modes on New Printers
- Additional Client Driver Installation
- Always Make First Client Connection as root or printer admin
- Other Gotchas
- Setting Default Print Options for Client Drivers
- Supporting Large Numbers of Printers
- Adding New Printers with the Windows NT APW
- Error Message: Cannot connect under a different Name
- Take Care When Assembling Driver Files
- Samba and Printer Ports
- Avoiding Common Client Driver Misconfiguration
- The Imprints Toolset
- What Is Imprints?
- Creating Printer Driver Packages
- The Imprints Server
- The Installation Client
- Adding Network Printers without User Interaction
- The addprinter Command
- Migration of Classical Printing to Samba
- Publishing Printer Information in Active Directory or LDAP
- Common Errors
- I Give My Root Password but I Do Not Get Access
- My Print Jobs Get Spooled into the Spooling Directory, but Then Get Lost
- 22. CUPS Printing Support
- Introduction
- Features and Benefits
- Overview
- Basic CUPS Support Configuration
- Linking smbd with libcups.so
- Simple smb.conf Settings for CUPS
- More Complex CUPS smb.conf Settings
- Advanced Configuration
- Central Spooling vs. Peer-to-Peer Printing
- Raw Print Serving: Vendor Drivers on Windows Clients
- Installation of Windows Client Drivers
- Explicitly Enable raw Printing for application/octet-stream
- Driver Upload Methods
- Advanced Intelligent Printing with PostScript Driver Download
- GDI on Windows, PostScript on UNIX
- Windows Drivers, GDI, and EMF
- UNIX Printfile Conversion and GUI Basics
- PostScript and Ghostscript
- Ghostscript: The Software RIP for Non-PostScript Printers
- PostScript Printer Description (PPD) Specification
- Using Windows-Formatted Vendor PPDs
- CUPS Also Uses PPDs for Non-PostScript Printers
- The CUPS Filtering Architecture
- MIME Types and CUPS Filters
- MIME Type Conversion Rules
- Filtering Overview
- Prefilters
- pstops
- pstoraster
- imagetops and imagetoraster
- rasterto [printers specific]
- CUPS Backends
- The Role of cupsomatic/foomatic
- The Complete Picture
- mime.convs
- Raw Printing
- application/octet-stream Printing
- PostScript Printer Descriptions for Non-PostScript Printers
- cupsomatic/foomatic-rip Versus Native CUPS Printing
- Examples for Filtering Chains
- Sources of CUPS Drivers/PPDs
- Printing with Interface Scripts
- Network Printing (Purely Windows)
- From Windows Clients to an NT Print Server
- Driver Execution on the Client
- Driver Execution on the Server
- Network Printing (Windows Clients and UNIX/Samba Print
Servers)
- From Windows Clients to a CUPS/Samba Print Server
- Samba Receiving Job-Files and Passing Them to CUPS
- Network PostScript RIP
- PPDs for Non-PS Printers on UNIX
- PPDs for Non-PS Printers on Windows
- Windows Terminal Servers (WTS) as CUPS Clients
- Printer Drivers Running in Kernel Mode Cause Many
Problems
- Workarounds Impose Heavy Limitations
- CUPS: A Magical Stone?
- PostScript Drivers with No Major Problems, Even in Kernel
Mode
- Configuring CUPS for Driver Download
- cupsaddsmb: The Unknown Utility
- Prepare Your smb.conf for cupsaddsmb
- CUPS PostScript Driver for Windows NT/200x/XP
- Recognizing Different Driver Files
- Acquiring the Adobe Driver Files
- ESP Print Pro PostScript Driver for Windows NT/200x/XP
- Caveats to Be Considered
- Windows CUPS PostScript Driver Versus Adobe Driver
- Run cupsaddsmb (Quiet Mode)
- Run cupsaddsmb with Verbose Output
- Understanding cupsaddsmb
- How to Recognize If cupsaddsmb Completed Successfully
- cupsaddsmb with a Samba PDC
- cupsaddsmb Flowchart
- Installing the PostScript Driver on a Client
- Avoiding Critical PostScript Driver Settings on the Client
- Installing PostScript Driver Files Manually Using rpcclient
- A Check of the rpcclient man Page
- Understanding the rpcclient man Page
- Producing an Example by Querying a Windows Box
- Requirements for adddriver and setdriver to Succeed
- Manual Driver Installation in 15 Steps
- Troubleshooting Revisited
- The Printing *.tdb Files
- Trivial Database Files
- Binary Format
- Losing *.tdb Files
- Using tdbbackup
- CUPS Print Drivers from Linuxprinting.org
- foomatic-rip and Foomatic Explained
- foomatic-rip and Foomatic PPD Download and Installation
- Page Accounting with CUPS
- Setting Up Quotas
- Correct and Incorrect Accounting
- Adobe and CUPS PostScript Drivers for Windows Clients
- The page_log File Syntax
- Possible Shortcomings
- Future Developments
- Other Accounting Tools
- Additional Material
- Autodeletion or Preservation of CUPS Spool Files
- CUPS Configuration Settings Explained
- Preconditions
- Manual Configuration
- Printing from CUPS to Windows-Attached Printers
- More CUPS Filtering Chains
- Common Errors
- Windows 9x/Me Client Can't Install Driver
- cupsaddsmb Keeps Asking for Root Password in Never-ending Loop
- cupsaddsmb or rpcclient addriver Emit Error
- cupsaddsmb Errors
- Client Can't Connect to Samba Printer
- New Account Reconnection from Windows 200x/XP Troubles
- Avoid Being Connected to the Samba Server as the Wrong User
- Upgrading to CUPS Drivers from Adobe Drivers
- Can't Use cupsaddsmb on Samba Server, Which Is a PDC
- Deleted Windows 200x Printer Driver Is Still Shown
- Windows 200x/XP Local Security Policies
- Administrator Cannot Install Printers for All Local Users
- Print Change, Notify Functions on NT Clients
- Windows XP SP1
- Print Options for All Users Can't Be Set on Windows 200x/XP
- Most Common Blunders in Driver Settings on Windows Clients
- cupsaddsmb Does Not Work with Newly Installed Printer
- Permissions on /var/spool/samba/ Get Reset After Each Reboot
- Print Queue Called lp Mishandles Print Jobs
- Location of Adobe PostScript Driver Files for cupsaddsmb
- Overview of the CUPS Printing Processes
- 23. Stackable VFS modules
- Features and Benefits
- Discussion
- Included Modules
- audit
- default_quota
- extd_audit
- fake_perms
- recycle
- netatalk
- shadow_copy
- VFS Modules Available Elsewhere
- DatabaseFS
- vscan
- vscan-clamav
- 24. Winbind: Use of Domain Accounts
- Features and Benefits
- Introduction
- What Winbind Provides
- Target Uses
- Handling of Foreign SIDs
- How Winbind Works
- Microsoft Remote Procedure Calls
- Microsoft Active Directory Services
- Name Service Switch
- Pluggable Authentication Modules
- User and Group ID Allocation
- Result Caching
- Installation and Configuration
- Introduction
- Requirements
- Testing Things Out
- Conclusion
- Common Errors
- NSCD Problem Warning
- Winbind Is Not Resolving Users and Groups
- 25. Advanced Network Management
- Features and Benefits
- Remote Server Administration
- Remote Desktop Management
- Remote Management from NoMachine.Com
- Remote Management with ThinLinc
- Network Logon Script Magic
- Adding Printers without User Intervention
- Limiting Logon Connections
- 26. System and Account Policies
- Features and Benefits
- Creating and Managing System Policies
- Windows 9x/ME Policies
- Windows NT4-Style Policy Files
- MS Windows 200x/XP Professional Policies
- Managing Account/User Policies
- Management Tools
- Samba Editreg Toolset
- Windows NT4/200x
- Samba PDC
- System Startup and Logon Processing Overview
- Common Errors
- Policy Does Not Work
- 27. Desktop Profile Management
- Features and Benefits
- Roaming Profiles
- Samba Configuration for Profile Handling
- Windows Client Profile Configuration Information
- User Profile Hive Cleanup Service
- Sharing Profiles between Windows 9x/Me and NT4/200x/XP Workstations
- Profile Migration from Windows NT4/200x Server to Samba
- Mandatory Profiles
- Creating and Managing Group Profiles
- Default Profile for Windows Users
- MS Windows 9x/Me
- MS Windows NT4 Workstation
- MS Windows 200x/XP
- Common Errors
- Configuring Roaming Profiles for a Few Users or Groups
- Cannot Use Roaming Profiles
- Changing the Default Profile
- Debugging Roaming Profiles and NT4-style Domain Policies
- 28. PAM-Based Distributed Authentication
- Features and Benefits
- Technical Discussion
- PAM Configuration Syntax
- Example System Configurations
- smb.conf PAM Configuration
- Remote CIFS Authentication Using winbindd.so
- Password Synchronization Using pam_smbpass.so
- Common Errors
- pam_winbind Problem
- Winbind Is Not Resolving Users and Groups
- 29. Integrating MS Windows Networks with Samba
- Features and Benefits
- Background Information
- Name Resolution in a Pure UNIX/Linux World
- /etc/hosts
- /etc/resolv.conf
- /etc/host.conf
- /etc/nsswitch.conf
- Name Resolution as Used within MS Windows Networking
- The NetBIOS Name Cache
- The LMHOSTS File
- HOSTS File
- DNS Lookup
- WINS Lookup
- Common Errors
- Pinging Works Only One Way
- Very Slow Network Connections
- Samba Server Name-Change Problem
- 30. Unicode/Charsets
- Features and Benefits
- What Are Charsets and Unicode?
- Samba and Charsets
- Conversion from Old Names
- Japanese Charsets
- Basic Parameter Setting
- Individual Implementations
- Migration from Samba-2.2 Series
- Common Errors
- CP850.so Can't Be Found
- 31. Backup Techniques
- Features and Benefits
- Discussion of Backup Solutions
- BackupPC
- Rsync
- Amanda
- BOBS: Browseable Online Backup System
- 32. High Availability
- Features and Benefits
- Technical Discussion
- The Ultimate Goal
- Why Is This So Hard?
- A Simple Solution
- High-Availability Server Products
- MS-DFS: The Poor Man's Cluster
- Conclusions
- 33. Handling Large Directories
- 34. Advanced Configuration Techniques
- Implementation
- Multiple Server Hosting
- Multiple Virtual Server Personalities
- Multiple Virtual Server Hosting