The Official Samba 3.5.x HOWTO and Reference Guide

Edited by

Jelmer R. The Samba Team Vernooij

The Samba Team

Edited by

John H. Samba Team Terpstra

Samba Team

Edited by

Gerald (Jerry) Samba Team Carter

Samba Team


Table of Contents

About the Cover Artwork
Attribution
Foreword
Preface
Conventions Used
Introduction
What Is Samba?
Why This Book?
Book Structure and Layout
I. General Installation
1. How to Install and Test SAMBA
Obtaining and Installing Samba
Configuring Samba (smb.conf)
Configuration File Syntax
TDB Database File Information
Starting Samba
Example Configuration
SWAT
List Shares Available on the Server
Connect with a UNIX Client
Connect from a Remote SMB Client
What If Things Don't Work?
Still Stuck?
Common Errors
Large Number of smbd Processes
Error Message: open_oplock_ipc
The network name cannot be found
2. Fast Start: Cure for Impatience
Features and Benefits
Description of Example Sites
Worked Examples
Standalone Server
Domain Member Server
Domain Controller
II. Server Configuration Basics
3. Server Types and Security Modes
Features and Benefits
Server Types
Samba Security Modes
User Level Security
Share-Level Security
Domain Security Mode (User-Level Security)
ADS Security Mode (User-Level Security)
Server Security (User Level Security)
Password Checking
Common Errors
What Makes Samba a Server?
What Makes Samba a Domain Controller?
What Makes Samba a Domain Member?
Constantly Losing Connections to Password Server
Stand-alone Server is converted to Domain Controller Now User accounts don't work
4. Domain Control
Features and Benefits
Single Sign-On and Domain Security
Basics of Domain Control
Domain Controller Types
Preparing for Domain Control
Domain Control: Example Configuration
Samba ADS Domain Control
Domain and Network Logon Configuration
Domain Network Logon Service
Security Mode and Master Browsers
Common Errors
$ Cannot Be Included in Machine Name
Joining Domain Fails Because of Existing Machine Account
The System Cannot Log You On (C000019B)
The Machine Trust Account Is Not Accessible
Account Disabled
Domain Controller Unavailable
Cannot Log onto Domain Member Workstation After Joining Domain
5. Backup Domain Control
Features and Benefits
Essential Background Information
MS Windows NT4-style Domain Control
LDAP Configuration Notes
Active Directory Domain Control
What Qualifies a Domain Controller on the Network?
How Does a Workstation find its Domain Controller?
Backup Domain Controller Configuration
Example Configuration
Common Errors
Machine Accounts Keep Expiring
Can Samba Be a Backup Domain Controller to an NT4 PDC?
How Do I Replicate the smbpasswd File?
Can I Do This All with LDAP?
6. Domain Membership
Features and Benefits
MS Windows Workstation/Server Machine Trust Accounts
Manual Creation of Machine Trust Accounts
Managing Domain Machine Accounts using NT4 Server Manager
On-the-Fly Creation of Machine Trust Accounts
Making an MS Windows Workstation or Server a Domain Member
Domain Member Server
Joining an NT4-type Domain with Samba-3
Why Is This Better Than security = server?
Samba ADS Domain Membership
Configure smb.conf
Configure /etc/krb5.conf
Create the Computer Account
Testing Server Setup
Testing with smbclient
Notes
Sharing User ID Mappings between Samba Domain Members
Common Errors
Cannot Add Machine Back to Domain
Adding Machine to Domain Fails
I Can't Join a Windows 2003 PDC
7. Standalone Servers
Features and Benefits
Background
Example Configuration
Reference Documentation Server
Central Print Serving
Common Errors
8. MS Windows Network Configuration Guide
Features and Benefits
Technical Details
TCP/IP Configuration
Joining a Domain: Windows 2000/XP Professional
Domain Logon Configuration: Windows 9x/Me
Common Errors
III. Advanced Configuration
9. Important and Critical Change Notes for the Samba 3.x Series
Important Samba-3.2.x Change Notes
Important Samba-3.0.x Change Notes
User and Group Changes
Essential Group Mappings
Passdb Changes
Group Mapping Changes in Samba-3.0.23
LDAP Changes in Samba-3.0.23
10. Network Browsing
Features and Benefits
What Is Browsing?
Discussion
NetBIOS over TCP/IP
TCP/IP without NetBIOS
DNS and Active Directory
How Browsing Functions
Configuring Workgroup Browsing
Domain Browsing Configuration
Forcing Samba to Be the Master
Making Samba the Domain Master
Note about Broadcast Addresses
Multiple Interfaces
Use of the Remote Announce Parameter
Use of the Remote Browse Sync Parameter
WINS: The Windows Internetworking Name Server
WINS Server Configuration
WINS Replication
Static WINS Entries
Helpful Hints
Windows Networking Protocols
Name Resolution Order
Technical Overview of Browsing
Browsing Support in Samba
Problem Resolution
Cross-Subnet Browsing
Common Errors
Flushing the Samba NetBIOS Name Cache
Server Resources Cannot Be Listed
I Get an "Unable to browse the network" Error
Browsing of Shares and Directories is Very Slow
Invalid Cached Share References Affects Network Browsing
11. Account Information Databases
Features and Benefits
Backward Compatibility Account Storage Systems
New Account Storage Systems
Technical Information
Important Notes About Security
Mapping User Identifiers between MS Windows and UNIX
Mapping Common UIDs/GIDs on Distributed Machines
Comments Regarding LDAP
LDAP Directories and Windows Computer Accounts
Account Management Tools
The smbpasswd Tool
The pdbedit Tool
Password Backends
Plaintext
smbpasswd: Encrypted Password Database
tdbsam
ldapsam
Common Errors
Users Cannot Logon
Configuration of auth methods
12. Group Mapping: MS Windows and UNIX
Features and Benefits
Discussion
Warning: User Private Group Problems
Nested Groups: Adding Windows Domain Groups to Windows Local Groups
Important Administrative Information
Default Users, Groups, and Relative Identifiers
Example Configuration
Configuration Scripts
Sample smb.conf Add Group Script
Script to Configure Group Mapping
Common Errors
Adding Groups Fails
Adding Domain Users to the Workstation Power Users Group
13. Remote and Local Management: The Net Command
Overview
Administrative Tasks and Methods
UNIX and Windows Group Management
Adding, Renaming, or Deletion of Group Accounts
Manipulating Group Memberships
Nested Group Support
UNIX and Windows User Management
Adding User Accounts
Deletion of User Accounts
Managing User Accounts
User Mapping
Administering User Rights and Privileges
Managing Trust Relationships
Machine Trust Accounts
Interdomain Trusts
Managing Security Identifiers (SIDS)
Share Management
Creating, Editing, and Removing Shares
Creating and Changing Share ACLs
Share, Directory, and File Migration
Printer Migration
Controlling Open Files
Session and Connection Management
Printers and ADS
Manipulating the Samba Cache
Managing IDMAP UID/SID Mappings
Creating an IDMAP Database Dump File
Restoring the IDMAP Database Dump File
Other Miscellaneous Operations
14. Identity Mapping (IDMAP)
Samba Server Deployment Types and IDMAP
Standalone Samba Server
Domain Member Server or Domain Member Client
Primary Domain Controller
Backup Domain Controller
Examples of IDMAP Backend Usage
Default Winbind TDB
IDMAP_RID with Winbind
IDMAP Storage in LDAP Using Winbind
IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension
15. User Rights and Privileges
Rights Management Capabilities
Using the net rpc rights Utility
Description of Privileges
Privileges Suppored by Windows 2000 Domain Controllers
The Administrator Domain SID
Common Errors
What Rights and Privileges Will Permit Windows Client Administration?
16. File, Directory, and Share Access Controls
Features and Benefits
File System Access Controls
MS Windows NTFS Comparison with UNIX File Systems
Managing Directories
File and Directory Access Control
Share Definition Access Controls
User- and Group-Based Controls
File and Directory Permissions-Based Controls
Miscellaneous Controls
Access Controls on Shares
Share Permissions Management
MS Windows Access Control Lists and UNIX Interoperability
Managing UNIX Permissions Using NT Security Dialogs
Viewing File Security on a Samba Share
Viewing File Ownership
Viewing File or Directory Permissions
Modifying File or Directory Permissions
Interaction with the Standard Samba create mask Parameters
Interaction with the Standard Samba File Attribute Mapping
Windows NT/200X ACLs and POSIX ACLs Limitations
Common Errors
Users Cannot Write to a Public Share
File Operations Done as root with force user Set
MS Word with Samba Changes Owner of File
17. File and Record Locking
Features and Benefits
Discussion
Opportunistic Locking Overview
Samba Oplocks Control
Example Configuration
MS Windows Oplocks and Caching Controls
Workstation Service Entries
Server Service Entries
Persistent Data Corruption
Common Errors
locking.tdb Error Messages
Problems Saving Files in MS Office on Windows XP
Long Delays Deleting Files over Network with XP SP1
Additional Reading
18. Securing Samba
Introduction
Features and Benefits
Technical Discussion of Protective Measures and Issues
Using Host-Based Protection
User-Based Protection
Using Interface Protection
Using a Firewall
Using IPC$ Share-Based Denials
NTLMv2 Security
Upgrading Samba
Common Errors
Smbclient Works on Localhost, but the Network Is Dead
Why Can Users Access Other Users' Home Directories?
19. Interdomain Trust Relationships
Features and Benefits
Trust Relationship Background
Native MS Windows NT4 Trusts Configuration
Creating an NT4 Domain Trust
Completing an NT4 Domain Trust
Interdomain Trust Facilities
Configuring Samba NT-Style Domain Trusts
Samba as the Trusted Domain
Samba as the Trusting Domain
NT4-Style Domain Trusts with Windows 2000
Common Errors
Browsing of Trusted Domain Fails
Problems with LDAP ldapsam and Older Versions of smbldap-tools
20. Hosting a Microsoft Distributed File System Tree
Features and Benefits
Common Errors
MSDFS UNIX Path Is Case-Critical
21. Classical Printing Support
Features and Benefits
Technical Introduction
Client to Samba Print Job Processing
Printing-Related Configuration Parameters
Simple Print Configuration
Verifying Configuration with testparm
Rapid Configuration Validation
Extended Printing Configuration
Detailed Explanation Settings
Printing Developments Since Samba-2.2
Point'n'Print Client Drivers on Samba Servers
The Obsoleted [printer$] Section
Creating the [print$] Share
[print$] Stanza Parameters
The [print$] Share Directory
Installing Drivers into [print$]
Add Printer Wizard Driver Installation
Installing Print Drivers Using rpcclient
Client Driver Installation Procedure
First Client Driver Installation
Setting Device Modes on New Printers
Additional Client Driver Installation
Always Make First Client Connection as root or printer admin
Other Gotchas
Setting Default Print Options for Client Drivers
Supporting Large Numbers of Printers
Adding New Printers with the Windows NT APW
Error Message: Cannot connect under a different Name
Take Care When Assembling Driver Files
Samba and Printer Ports
Avoiding Common Client Driver Misconfiguration
The Imprints Toolset
What Is Imprints?
Creating Printer Driver Packages
The Imprints Server
The Installation Client
Adding Network Printers without User Interaction
The addprinter Command
Migration of Classical Printing to Samba
Publishing Printer Information in Active Directory or LDAP
Common Errors
I Give My Root Password but I Do Not Get Access
My Print Jobs Get Spooled into the Spooling Directory, but Then Get Lost
22. CUPS Printing Support
Introduction
Features and Benefits
Overview
Basic CUPS Support Configuration
Linking smbd with libcups.so
Simple smb.conf Settings for CUPS
More Complex CUPS smb.conf Settings
Advanced Configuration
Central Spooling vs. Peer-to-Peer Printing
Raw Print Serving: Vendor Drivers on Windows Clients
Installation of Windows Client Drivers
Explicitly Enable raw Printing for application/octet-stream
Driver Upload Methods
Advanced Intelligent Printing with PostScript Driver Download
GDI on Windows, PostScript on UNIX
Windows Drivers, GDI, and EMF
UNIX Printfile Conversion and GUI Basics
PostScript and Ghostscript
Ghostscript: The Software RIP for Non-PostScript Printers
PostScript Printer Description (PPD) Specification
Using Windows-Formatted Vendor PPDs
CUPS Also Uses PPDs for Non-PostScript Printers
The CUPS Filtering Architecture
MIME Types and CUPS Filters
MIME Type Conversion Rules
Filtering Overview
Prefilters
pstops
pstoraster
imagetops and imagetoraster
rasterto [printers specific]
CUPS Backends
The Role of cupsomatic/foomatic
The Complete Picture
mime.convs
Raw Printing
application/octet-stream Printing
PostScript Printer Descriptions for Non-PostScript Printers
cupsomatic/foomatic-rip Versus Native CUPS Printing
Examples for Filtering Chains
Sources of CUPS Drivers/PPDs
Printing with Interface Scripts
Network Printing (Purely Windows)
From Windows Clients to an NT Print Server
Driver Execution on the Client
Driver Execution on the Server
Network Printing (Windows Clients and UNIX/Samba Print Servers)
From Windows Clients to a CUPS/Samba Print Server
Samba Receiving Job-Files and Passing Them to CUPS
Network PostScript RIP
PPDs for Non-PS Printers on UNIX
PPDs for Non-PS Printers on Windows
Windows Terminal Servers (WTS) as CUPS Clients
Printer Drivers Running in Kernel Mode Cause Many Problems
Workarounds Impose Heavy Limitations
CUPS: A Magical Stone?
PostScript Drivers with No Major Problems, Even in Kernel Mode
Configuring CUPS for Driver Download
cupsaddsmb: The Unknown Utility
Prepare Your smb.conf for cupsaddsmb
CUPS PostScript Driver for Windows NT/200x/XP
Recognizing Different Driver Files
Acquiring the Adobe Driver Files
ESP Print Pro PostScript Driver for Windows NT/200x/XP
Caveats to Be Considered
Windows CUPS PostScript Driver Versus Adobe Driver
Run cupsaddsmb (Quiet Mode)
Run cupsaddsmb with Verbose Output
Understanding cupsaddsmb
How to Recognize If cupsaddsmb Completed Successfully
cupsaddsmb with a Samba PDC
cupsaddsmb Flowchart
Installing the PostScript Driver on a Client
Avoiding Critical PostScript Driver Settings on the Client
Installing PostScript Driver Files Manually Using rpcclient
A Check of the rpcclient man Page
Understanding the rpcclient man Page
Producing an Example by Querying a Windows Box
Requirements for adddriver and setdriver to Succeed
Manual Driver Installation in 15 Steps
Troubleshooting Revisited
The Printing *.tdb Files
Trivial Database Files
Binary Format
Losing *.tdb Files
Using tdbbackup
CUPS Print Drivers from Linuxprinting.org
foomatic-rip and Foomatic Explained
foomatic-rip and Foomatic PPD Download and Installation
Page Accounting with CUPS
Setting Up Quotas
Correct and Incorrect Accounting
Adobe and CUPS PostScript Drivers for Windows Clients
The page_log File Syntax
Possible Shortcomings
Future Developments
Other Accounting Tools
Additional Material
Autodeletion or Preservation of CUPS Spool Files
CUPS Configuration Settings Explained
Preconditions
Manual Configuration
Printing from CUPS to Windows-Attached Printers
More CUPS Filtering Chains
Common Errors
Windows 9x/Me Client Can't Install Driver
cupsaddsmb Keeps Asking for Root Password in Never-ending Loop
cupsaddsmb or rpcclient addriver Emit Error
cupsaddsmb Errors
Client Can't Connect to Samba Printer
New Account Reconnection from Windows 200x/XP Troubles
Avoid Being Connected to the Samba Server as the Wrong User
Upgrading to CUPS Drivers from Adobe Drivers
Can't Use cupsaddsmb on Samba Server, Which Is a PDC
Deleted Windows 200x Printer Driver Is Still Shown
Windows 200x/XP Local Security Policies
Administrator Cannot Install Printers for All Local Users
Print Change, Notify Functions on NT Clients
Windows XP SP1
Print Options for All Users Can't Be Set on Windows 200x/XP
Most Common Blunders in Driver Settings on Windows Clients
cupsaddsmb Does Not Work with Newly Installed Printer
Permissions on /var/spool/samba/ Get Reset After Each Reboot
Print Queue Called lp Mishandles Print Jobs
Location of Adobe PostScript Driver Files for cupsaddsmb
Overview of the CUPS Printing Processes
23. Stackable VFS modules
Features and Benefits
Discussion
Included Modules
audit
default_quota
extd_audit
fake_perms
recycle
netatalk
shadow_copy
VFS Modules Available Elsewhere
DatabaseFS
vscan
vscan-clamav
24. Winbind: Use of Domain Accounts
Features and Benefits
Introduction
What Winbind Provides
Target Uses
Handling of Foreign SIDs
How Winbind Works
Microsoft Remote Procedure Calls
Microsoft Active Directory Services
Name Service Switch
Pluggable Authentication Modules
User and Group ID Allocation
Result Caching
Installation and Configuration
Introduction
Requirements
Testing Things Out
Conclusion
Common Errors
NSCD Problem Warning
Winbind Is Not Resolving Users and Groups
25. Advanced Network Management
Features and Benefits
Remote Server Administration
Remote Desktop Management
Remote Management from NoMachine.Com
Remote Management with ThinLinc
Network Logon Script Magic
Adding Printers without User Intervention
Limiting Logon Connections
26. System and Account Policies
Features and Benefits
Creating and Managing System Policies
Windows 9x/ME Policies
Windows NT4-Style Policy Files
MS Windows 200x/XP Professional Policies
Managing Account/User Policies
Management Tools
Samba Editreg Toolset
Windows NT4/200x
Samba PDC
System Startup and Logon Processing Overview
Common Errors
Policy Does Not Work
27. Desktop Profile Management
Features and Benefits
Roaming Profiles
Samba Configuration for Profile Handling
Windows Client Profile Configuration Information
User Profile Hive Cleanup Service
Sharing Profiles between Windows 9x/Me and NT4/200x/XP Workstations
Profile Migration from Windows NT4/200x Server to Samba
Mandatory Profiles
Creating and Managing Group Profiles
Default Profile for Windows Users
MS Windows 9x/Me
MS Windows NT4 Workstation
MS Windows 200x/XP
Common Errors
Configuring Roaming Profiles for a Few Users or Groups
Cannot Use Roaming Profiles
Changing the Default Profile
Debugging Roaming Profiles and NT4-style Domain Policies
28. PAM-Based Distributed Authentication
Features and Benefits
Technical Discussion
PAM Configuration Syntax
Example System Configurations
smb.conf PAM Configuration
Remote CIFS Authentication Using winbindd.so
Password Synchronization Using pam_smbpass.so
Common Errors
pam_winbind Problem
Winbind Is Not Resolving Users and Groups
29. Integrating MS Windows Networks with Samba
Features and Benefits
Background Information
Name Resolution in a Pure UNIX/Linux World
/etc/hosts
/etc/resolv.conf
/etc/host.conf
/etc/nsswitch.conf
Name Resolution as Used within MS Windows Networking
The NetBIOS Name Cache
The LMHOSTS File
HOSTS File
DNS Lookup
WINS Lookup
Common Errors
Pinging Works Only One Way
Very Slow Network Connections
Samba Server Name-Change Problem
30. Unicode/Charsets
Features and Benefits
What Are Charsets and Unicode?
Samba and Charsets
Conversion from Old Names
Japanese Charsets
Basic Parameter Setting
Individual Implementations
Migration from Samba-2.2 Series
Common Errors
CP850.so Can't Be Found
31. Backup Techniques
Features and Benefits
Discussion of Backup Solutions
BackupPC
Rsync
Amanda
BOBS: Browseable Online Backup System
32. High Availability
Features and Benefits
Technical Discussion
The Ultimate Goal
Why Is This So Hard?
A Simple Solution
High-Availability Server Products
MS-DFS: The Poor Man's Cluster
Conclusions
33. Handling Large Directories
34. Advanced Configuration Techniques
Implementation
Multiple Server Hosting
Multiple Virtual Server Personalities
Multiple Virtual Server Hosting
IV. Migration and Updating
35. Updating and Upgrading Samba
Key Update Requirements
Upgrading from Samba-3.0.x to Samba-3.2.0
Upgrading from Samba-2.x to Samba-3.0.25
Quick Migration Guide
New Features in Samba-3.x Series
New Features in Samba-3.2.x Series
New Features in Samba-3.0.x
New Functionality
36. Migration from NT4 PDC to Samba-3 PDC
Planning and Getting Started
Objectives
Steps in Migration Process
Migration Options
Planning for Success
Samba-3 Implementation Choices
37. SWAT: The Samba Web Administration Tool
Features and Benefits
Guidelines and Technical Tips
Validate SWAT Installation
Enabling SWAT for Use
Securing SWAT through SSL
Enabling SWAT Internationalization Support
Overview and Quick Tour
The SWAT Home Page
Global Settings
Share Settings
Printers Settings
The SWAT Wizard
The Status Page
The View Page
The Password Change Page
V. Troubleshooting
38. The Samba Checklist
Introduction
Assumptions
The Tests
39. Analyzing and Solving Samba Problems
Diagnostics Tools
Debugging with Samba Itself
Tcpdump
Ethereal
The Windows Network Monitor
Useful URLs
Getting Mailing List Help
How to Get Off the Mailing Lists
40. Reporting Bugs
Introduction
General Information
Debug Levels
Debugging-Specific Operations
Internal Errors
Attaching to a Running Process
Patches
41. Managing TDB Files
Features and Benefits
Managing TDB Files
VI. Reference Section
42. How to Compile Samba
Access Samba Source Code via Subversion
Introduction
Subversion Access to samba.org
Accessing the Samba Sources via rsync and ftp
Verifying Samba's PGP Signature
Building the Binaries
Compiling Samba with Active Directory Support
Starting the smbd nmbd and winbindd
Starting from inetd.conf
Alternative: Starting smbd as a Daemon
43. Portability
HPUX
SCO UNIX
DNIX
Red Hat Linux
AIX: Sequential Read Ahead
Solaris
Locking Improvements
Winbind on Solaris 9
44. Samba and Other CIFS Clients
Macintosh Clients
OS2 Client
Configuring OS/2 Warp Connect or OS/2 Warp 4
Configuring Other Versions of OS/2
Printer Driver Download for OS/2 Clients
Windows for Workgroups
Latest TCP/IP Stack from Microsoft
Delete .pwl Files After Password Change
Configuring Windows for Workgroups Password Handling
Password Case Sensitivity
Use TCP/IP as Default Protocol
Speed Improvement
Windows 95/98
Speed Improvement
Windows 2000 Service Pack 2
Windows NT 3.1
45. Samba Performance Tuning
Comparisons
Socket Options
Read Size
Max Xmit
Log Level
Read Raw
Write Raw
Slow Logins
Client Tuning
Samba Performance Problem Due to Changing Linux Kernel
Corrupt tdb Files
Samba Performance is Very Slow
46. LDAP and Transport Layer Security
Introduction
Configuring
Generating the Certificate Authority
Generating the Server Certificate
Installing the Certificates
Testing
Troubleshooting
47. Samba Support
Free Support
Commercial Support
48. DNS and DHCP Configuration Guide
Features and Benefits
Example Configuration
Dynamic DNS
DHCP Server
A. GNU General Public License version 3
A. Preamble
A. TERMS AND CONDITIONS
A. 0. Definitions.
A. 1. Source Code.
A. 2. Basic Permissions.
A. 3. Protecting Users’ Legal Rights From Anti-Circumvention Law.
A. 4. Conveying Verbatim Copies.
A. 5. Conveying Modified Source Versions.
A. 6. Conveying Non-Source Forms.
A. 7. Additional Terms.
A. 8. Termination.
A. 9. Acceptance Not Required for Having Copies.
A. 10. Automatic Licensing of Downstream Recipients.
A. 11. Patents.
A. 12. No Surrender of Others’ Freedom.
A. 13. Use with the ???TITLE??? Affero General Public License.
A. 14. Revised Versions of this License.
A. 15. Disclaimer of Warranty.
A. 16. Limitation of Liability.
A. 17. Interpretation of Sections 15 and 16.
A. END OF TERMS AND CONDITIONS
A. How to Apply These Terms to Your New Programs
Glossary
Index

List of Figures

4.1. An Example Domain.
8.1. Network Bridge Configuration.
8.2. Internet Protocol (TCP/IP) Properties.
8.3. Advanced Network Settings
8.4. DNS Configuration.
8.5. WINS Configuration
8.6. Local Area Connection Properties.
8.7. Internet Protocol (TCP/IP) Properties.
8.8. Advanced Network Settings.
8.9. DNS Configuration.
8.10. WINS Configuration.
8.11. The Windows Me Network Configuration Panel.
8.12. IP Address.
8.13. DNS Configuration.
8.14. WINS Configuration.
8.15. The General Panel.
8.16. The Computer Name Panel.
8.17. The Computer Name Changes Panel.
8.18. The Computer Name Changes Panel Domain MIDEARTH.
8.19. Computer Name Changes Username and Password Panel.
8.20. The Network Panel.
8.21. Client for Microsoft Networks Properties Panel.
8.22. Identification Panel.
8.23. Access Control Panel.
10.1. Cross-Subnet Browsing Example.
11.1. IDMAP: Resolution of SIDs to UIDs.
11.2. IDMAP: Resolution of UIDs to SIDs.
12.1. IDMAP: Group SID-to-GID Resolution.
12.2. IDMAP: GID Resolution to Matching SID.
12.3. IDMAP Storing Group Mappings.
16.1. Overview of UNIX permissions field.
19.1. Trusts overview.
22.1. Windows Printing to a Local Printer.
22.2. Printing to a PostScript Printer.
22.3. Ghostscript as a RIP for Non-PostScript Printers.
22.4. Prefiltering in CUPS to Form PostScript.
22.5. Adding Device-Specific Print Options.
22.6. PostScript to Intermediate Raster Format.
22.7. CUPS-Raster Production Using Ghostscript.
22.8. Image Format to CUPS-Raster Format Conversion.
22.9. Raster to Printer-Specific Formats.
22.10. cupsomatic/foomatic Processing Versus Native CUPS.
22.11. PDF to Socket Chain.
22.12. PDF to USB Chain.
22.13. Print Driver Execution on the Client.
22.14. Print Driver Execution on the Server.
22.15. Printing via CUPS/Samba Server.
22.16. cupsaddsmb Flowchart.
22.17. Filtering Chain 1.
22.18. Filtering Chain with cupsomatic
22.19. CUPS Printing Overview.
24.1. Winbind Idmap
39.1. Starting a Capture.
39.2. Main Ethereal Data Window.

List of Tables

1.1. Persistent TDB File Descriptions
1.2. Temporary TDB File Descriptions
5.1. Domain Backend Account Distribution Options
6.1. Assumptions
9.1. Essential Domain Group Mappings
10.1. Browse Subnet Example 1
10.2. Browse Subnet Example 2
10.3. Browse Subnet Example 3
10.4. Browse Subnet Example 4
11.1. NT4 Domain v's Samba Policy Controls
11.2. Samba SAM Account Control Block Flags
11.3. Attributes in the sambaSamAccount ObjectClass (LDAP), Part A
11.4. Attributes in the sambaSamAccount ObjectClass (LDAP), Part B
11.5. Possible ldap passwd sync Values
12.1. Well-Known User Default RIDs
15.1. Current Privilege Capabilities
16.1. Managing Directories with UNIX and Windows
16.2. User- and Group-Based Controls
16.3. File and Directory Permission-Based Controls
16.4. Other Controls
16.5. How Windows File ACLs Map to UNIX POSIX File ACLs
21.1. Default Printing Settings
22.1. PPDs Shipped with CUPS
23.1. Extended Auditing Log Information
27.1. User Shell Folder Registry Keys Default Values
27.2. Defaults of Profile Settings Registry Keys
27.3. Defaults of Default User Profile Paths Registry Keys
28.1. Options recognized by pam_smbpass
29.1. Unique NetBIOS Names
29.2. Group Names
30.1. Japanese Character Sets in Samba-2.2 and Samba-3
35.1. Samba-2.2.x TDB File Descriptions
36.1. The Three Major Site Types
36.2. Nature of the Conversion Choices
40.1. Debuggable Functions
41.1. Samba's Trivial Database Files

List of Examples

1.1. A minimal smb.conf
1.2. Another simple smb.conf File
2.1. Anonymous Read-Only Server Configuration
2.2. Modified Anonymous Read-Write smb.conf
2.3. Anonymous Print Server smb.conf
2.4. Secure Office Server smb.conf
2.5. Member Server smb.conf (Globals)
2.6. Member Server smb.conf (Shares and Services)
2.7. Engineering Office smb.conf (globals)
2.8. Engineering Office smb.conf (shares and services)
2.9. LDAP backend smb.conf for PDC
2.10. Remote LDAP BDC smb.conf
4.1. smb.conf for being a PDC
4.2. smb.conf for being a PDC
5.1. Minimal smb.conf for a PDC in Use with a BDC LDAP Server on PDC
5.2. Multiple LDAP Servers in smb.conf
5.3. Minimal Setup for Being a BDC
7.1. smb.conf for Reference Documentation Server
7.2. smb.conf for Anonymous Printing
10.1. Domain Master Browser smb.conf
10.2. Local master browser smb.conf
10.3. smb.conf for Not Being a Master Browser
10.4. Local Master Browser smb.conf
10.5. smb.conf for Not Being a master browser
11.1. Example Configuration with the LDAP idmap Backend
11.2. Configuration with LDAP
12.1. smbgrpadd.sh
12.2. Configuration of smb.conf for the add group Script
12.3. Script to Set Group Mapping
13.1. Script to Auto-add Domain Users to Workstation Power Users Group
13.2. A Magic Netlogon Share
14.1. NT4 Domain Member Server smb.conf
14.2. ADS Domain Member Server smb.conf
14.3. ADS Domain Member smb.conf using idmap_rid
14.4. ADS Domain Member Server using LDAP
14.5. ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS
16.1. Example File
17.1. Share with Some Files Oplocked
17.2. Configuration with Oplock Break Contention Limit
20.1. smb.conf with DFS Configured
21.1. Simple Configuration with BSD Printing
21.2. Extended BSD Printing Configuration
21.3. [print$] Example
22.1. Simplest Printing-Related smb.conf
22.2. Overriding Global CUPS Settings for One Printer
22.3. smb.conf for cupsaddsmb Usage
23.1. smb.conf with VFS modules
23.2. smb.conf with multiple VFS modules
23.3. Share With shadow_copy VFS
24.1. smb.conf for Winbind Setup
25.1. Script to Enforce Single Resource Logon
30.1. VFS CAP
34.1. Elastic smb.conf File
34.2. CDROM Server smb-cdserver.conf file
34.3. Master smb.conf File Global Section
34.4. MERLIN smb-merlin.conf File Share Section
34.5. SAURON smb-sauron.conf File Share Section
38.1. smb.conf with [tmp] Share
38.2. Configuration for Allowing Connections Only from a Certain Subnet
38.3. Configuration for Allowing Connections from a Certain Subnet and localhost
44.1. Minimal Profile Share