Changeset 134 for branches/samba-3.0/docs/htmldocs/Samba3-ByExample/small.html

Timestamp:

May 23, 2008, 6:56:41 AM (17 years ago)

Author:

Paul Smedley

Message:

Update source to 3.0.29

File:

• branches/samba-3.0/docs/htmldocs/Samba3-ByExample/small.html (modified) (47 diffs)

branches/samba-3.0/docs/htmldocs/Samba3-ByExample/small.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. Small Office Networking</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="simple.html" title="Chapter 1. No-Frills Samba Servers"><link rel="next" href="secure.html" title="Chapter 3. Secure Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. Small Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="simple.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="secure.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="small"></a>Chapter 2. Small Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="small.html#id321229">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id321247">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id321293">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id321342">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id321528">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id321546">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id323199">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id323822">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id323841">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id323907">Questions and Answers</a></span></dt></dl></div><p>
-        <a href="simple.html" title="Chapter 1. No-Frills Samba Servers">???</a> focused on the basics of simple yet effective
-        network solutions. Network administrators who take pride in their work 
-        (that's most of us, right?) take care to deliver what our users want, 
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. Small Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="simple.html" title="Chapter 1. No-Frills Samba Servers"><link rel="next" href="secure.html" title="Chapter 3. Secure Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. Small Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="simple.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="secure.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="small"></a>Chapter 2. Small Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="small.html#id344880">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id344898">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id344943">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id344988">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id345160">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id345178">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id346626">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id347201">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id347221">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id347285">Questions and Answers</a></span></dt></dl></div><p>
+        <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">&#8220;No-Frills Samba Servers&#8221;</a> focused on the basics of simple yet effective
+        network solutions. Network administrators who take pride in their work
+        (that's most of us, right?) take care to deliver what our users want,
         but not too much more. If we make things too complex, we confound our users
-        and increase costs of network ownership. A professional network manager 
-        avoids the temptation to put too much pizazz into the way that the network 
+        and increase costs of network ownership. A professional network manager
+        avoids the temptation to put too much pizazz into the way that the network
         operates. Some creativity is helpful, but keep it under control 
         good advice that the following two scenarios illustrate.
         </p><p>
-        <a class="indexterm" name="id321194"></a>
+        <a class="indexterm" name="id344851"></a>
         In one case the network administrator of a mid-sized company spent three
         months building a new network to replace an old Netware server. What he
@@ -37 +37 @@
         sleeves for when you need them.</span>&#8221; Was he smart? You decide. Let's
         get on with our next exercise.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id321229"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id344880"></a>Introduction</h2></div></div></div><p>
         Abmas Accounting has grown. Mr. Meany likes you and says he knew you
         were the right person for the job. That's why he asked you to install the
@@ -45 +45 @@
         network without any problems.
         </p><p>
-        Some of the Windows clients are nearly past their use-by date. 
-        You found damaged and unusable software on some of the workstations
-        that came with the acquired business and found some machines 
-        in need of both hardware and software maintenance. 
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id321247"></a>Assignment Tasks</h3></div></div></div><p>
-                <a class="indexterm" name="id321255"></a>
+        Some of the Windows clients are nearly past their use-by date.  You found damaged and unusable software on
+        some of the workstations that came with the acquired business and found some machines in need of both
+        hardware and software maintenance.
+        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id344898"></a>Assignment Tasks</h3></div></div></div><p>
+                <a class="indexterm" name="id344905"></a>
                 Mr. Meany is retiring in 12 months. Before he goes, he wants you to help ensure
                 that the business is running efficiently. Many of the new staff want notebook
@@ -82 +81 @@
                 user accounts from the Windows desktop. That person will be responsible for
                 basic operations.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id321293"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id344943"></a>Dissection and Discussion</h2></div></div></div><p>
         What are the key requirements in this business example? A quick review indicates
         a need for
@@ -89 +88 @@
                 </p></li><li><p>
                 Mobile computing capability
-                <a class="indexterm" name="id321314"></a>
+                <a class="indexterm" name="id344963"></a>
                 </p></li><li><p>
                 Improved reliability and usability
@@ -95 +94 @@
                 Easier administration
                 </p></li></ul></div><p>
-        In this instance the installed Linux system is assumed to be a Red Hat Linux Fedora Core2 server 
-        (as in <a href="simple.html#AccountingOffice" title="Accounting Office">???</a>).
-        
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id321342"></a>Technical Issues</h3></div></div></div><p>
-                <a class="indexterm" name="id321350"></a>
-                <a class="indexterm" name="id321357"></a>
-                <a class="indexterm" name="id321364"></a>
-                <a class="indexterm" name="id321370"></a>
-                <a class="indexterm" name="id321377"></a>
+        In this instance the installed Linux system is assumed to be a Red Hat Linux Fedora Core2 server
+        (as in <a class="link" href="simple.html#AccountingOffice" title="Accounting Office">&#8220;Accounting Office&#8221;</a>).
+
+        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id344988"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id344995"></a>
+                <a class="indexterm" name="id345002"></a>
+                <a class="indexterm" name="id345008"></a>
+                <a class="indexterm" name="id345014"></a>
+                <a class="indexterm" name="id345020"></a>
                 It is time to implement a domain security environment. You will use the <code class="constant">
                 smbpasswd</code> (default) backend. You should implement a DHCP server. There is no need to
@@ -109 +108 @@
                 BILLMORE</code>. This time, the name of the server will be <code class="constant">SLEETH</code>.
                 </p><p>
-                All printers will be configured as DHCP clients. The DHCP server will assign 
+                All printers will be configured as DHCP clients. The DHCP server will assign
                 the printer a fixed IP address by way of its Ethernet interface (MAC) address.
-                See <a href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">???</a>.
+                See <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
                 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 The <code class="filename">smb.conf</code> file you are creating in this exercise can be used with equal effectiveness
@@ -124 +123 @@
                 other enhancements. It is important that you plan accordingly.
                 </p><p>
-                <a class="indexterm" name="id321431"></a>
+                <a class="indexterm" name="id345070"></a>
                 You have split the network into two separate areas. Each has its own Ethernet switch.
                 There are 20 users on the accounting network and 32 users on the financial services
-                network. The server has two network interfaces, one serving each network. The 
-                network printers will be located in a central area. You plan to install the new 
+                network. The server has two network interfaces, one serving each network. The
+                network printers will be located in a central area. You plan to install the new
                 printers and keep the old printer in use also.
                 </p><p>
@@ -136 +135 @@
                 responsible for file location, so the old share point must be maintained.
                 </p><p>
-                Given that DNS will not be used, you will configure WINS name resolution for UNIX 
+                Given that DNS will not be used, you will configure WINS name resolution for UNIX
                 hostname name resolution.
                 </p><p>
-                <a class="indexterm" name="id321455"></a>
-                <a class="indexterm" name="id321464"></a>
+                <a class="indexterm" name="id345093"></a>
+                <a class="indexterm" name="id345101"></a>
                 It is necessary to map Windows Domain Groups to UNIX groups. It is
                 advisable to also map Windows Local Groups to UNIX groups. Additionally, the two
@@ -157 +156 @@
                 more information.
                 </p><p>
-                <a class="indexterm" name="id321515"></a>
+                <a class="indexterm" name="id345147"></a>
                 Vendor-supplied printer drivers will be installed on each client. The CUPS print
                 spooler on the UNIX host will be operated in <code class="constant">raw</code> mode.
-                </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id321528"></a>Political Issues</h3></div></div></div><p>
+                </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id345160"></a>Political Issues</h3></div></div></div><p>
                 Mr. Meany is an old-school manager. He sets the rules and wants to see compliance.
                 He is willing to spend money on things he believes are of value. You need more
@@ -168 +167 @@
                 supplied with antivirus software? Above all, demonstrate good purchase value and remember
                 to make your users happy.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id321546"></a>Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id321554"></a>
+                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id345178"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id345185"></a>
         In this example, the assumption is made that this server is being configured from a clean start.
         The alternate approach could be to demonstrate the migration of the system that is documented
-        in <a href="simple.html#AcctgNet" title="Implementation">???</a> to meet the new requirements. The decision to treat this case, as with
+        in <a class="link" href="simple.html#AcctgNet" title="Implementation">&#8220;Implementation&#8221;</a> to meet the new requirements. The decision to treat this case, as with
         future examples, as a new installation is based on the premise that you can determine
-        the migration steps from the information provided in <a href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3">???</a>.
+        the migration steps from the information provided in <a class="link" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3">&#8220;Migrating NT4 Domain to Samba-3&#8221;</a>.
         Additionally, a fresh installation makes the example easier to follow.
         </p><p>
-        <a class="indexterm" name="id321581"></a>
+        <a class="indexterm" name="id345207"></a>
         Each user will be given a home directory on the UNIX system, which will be available as a private
         share. Two additional shares will be created, one for the accounting department and the other for
@@ -183 +182 @@
         of group membership.
         </p><p>
-        <a class="indexterm" name="id321593"></a>
+        <a class="indexterm" name="id345220"></a>
         UNIX group membership is the primary mechanism by which Windows Domain users will be granted
         rights and privileges within the Windows environment.
         </p><p>
-        <a class="indexterm" name="id321607"></a>
+        <a class="indexterm" name="id345232"></a>
         The user <code class="literal">alanm</code> will be made the owner of all files. This will be preserved
         by setting the sticky bit (set UID/GID) on the top-level directories.
-        </p><div class="figure"><a name="acct2net"></a><p class="title"><b>Figure 2.1. Abmas Accounting  52-User Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/acct2net.png" alt="Abmas Accounting 52-User Network Topology"></div></div></div><br class="figure-break"><div class="procedure"><a name="id321665"></a><p class="title"><b>Procedure 2.1. Server Installation Steps</b></p><ol type="1"><li><p>
+        </p><div class="figure"><a name="acct2net"></a><p class="title"><b>Figure 2.1. Abmas Accounting  52-User Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/acct2net.png" alt="Abmas Accounting 52-User Network Topology"></div></div></div><br class="figure-break"><div class="procedure"><a name="id345285"></a><p class="title"><b>Procedure 2.1. Server Installation Steps</b></p><ol type="1"><li><p>
                 Using UNIX/Linux system tools, name the server <code class="constant">sleeth</code>.
                 </p></li><li><p>
-                <a class="indexterm" name="id321687"></a>
+                <a class="indexterm" name="id345305"></a>
                 Place an entry for the machine <code class="constant">sleeth</code> in the <code class="filename">/etc/hosts</code>.
                 The printers are network attached, so there should be entries for the
@@ -209 +208 @@
                 Install the ISC DHCP server using the UNIX/Linux system tools available to you.
                 </p></li><li><p>
-                <a class="indexterm" name="id321738"></a>
-                <a class="indexterm" name="id321745"></a>
-                <a class="indexterm" name="id321752"></a>
-                <a class="indexterm" name="id321759"></a>
+                <a class="indexterm" name="id345353"></a>
+                <a class="indexterm" name="id345359"></a>
+                <a class="indexterm" name="id345365"></a>
+                <a class="indexterm" name="id345372"></a>
                 Because Samba will be operating over two network interfaces and clients on each side
                 may want to be able to reach clients on the other side, it is imperative that IP forwarding
@@ -223 +222 @@
                 This causes the Linux kernel to forward IP packets so that it acts as a router.
                 </p></li><li><p>
-                Install the <code class="filename">smb.conf</code> file as shown in <a href="small.html#acct2conf" title="Example 2.3. Accounting Office Network smb.conf File [globals] Section">???</a> and 
-                <a href="small.html#acct3conf" title="Example 2.4. Accounting Office Network smb.conf File Services and Shares Section">???</a>. Combine these two examples to form a single
+                Install the <code class="filename">smb.conf</code> file as shown in <a class="link" href="small.html#acct2conf" title="Example 2.3. Accounting Office Network smb.conf File [globals] Section">&#8220;Accounting Office Network smb.conf File  [globals] Section&#8221;</a> and
+                <a class="link" href="small.html#acct3conf" title="Example 2.4. Accounting Office Network smb.conf File Services and Shares Section">&#8220;Accounting Office Network smb.conf File  Services and Shares Section&#8221;</a>. Combine these two examples to form a single
                 <code class="filename">/etc/samba/smb.conf</code> file.
                 </p></li><li><p>
-                <a class="indexterm" name="id321820"></a>
+                <a class="indexterm" name="id345424"></a>
                 Add the user <code class="literal">root</code> to the Samba password backend:
 </p><pre class="screen">
@@ -235 +234 @@
 <code class="prompt">root# </code>
 </pre><p>
-                <a class="indexterm" name="id321851"></a>
+                <a class="indexterm" name="id345452"></a>
                 This is the Windows Domain Administrator password. Never delete this account from
                 the password backend after Windows Domain Groups have been initialized. If you delete
@@ -241 +240 @@
                 and your Samba server can no longer be administered.
                 </p></li><li><p>
-                <a class="indexterm" name="id321867"></a>
-                Create the username map file to permit the <code class="constant">root</code> account to be called 
+                <a class="indexterm" name="id345467"></a>
+                Create the username map file to permit the <code class="constant">root</code> account to be called
                 <code class="constant">Administrator</code> from the Windows network environment. To do this, create
                 the file <code class="filename">/etc/samba/smbusers</code> with the following contents:
@@ -268 +267 @@
 </pre><p>
                 </p></li><li><p>
-                <a class="indexterm" name="id321909"></a>
+                <a class="indexterm" name="id345501"></a>
                 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in
-                <a href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">???</a>. Create a file containing this script. We called ours 
+                <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">&#8220;Script to Map Windows NT Groups to UNIX Groups&#8221;</a>. Create a file containing this script. We called ours
                 <code class="filename">/etc/samba/initGrps.sh</code>. Set this file so it can be executed,
                 and then execute the script. Sample output should be as follows:
 
-</p><div class="example"><a name="initGrps"></a><p class="title"><b>Example 2.1. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id321939"></a><pre class="screen">
+</p><div class="example"><a name="initGrps"></a><p class="title"><b>Example 2.1. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id345527"></a><pre class="screen">
 #!/bin/bash
 #
@@ -296 +295 @@
 </p><pre class="screen">
 <code class="prompt">root# </code> chmod 755 initGrps.sh
-<code class="prompt">root# </code> cd /etc/samba 
+<code class="prompt">root# </code> cd /etc/samba
 <code class="prompt">root# </code> ./initGrps.sh
 Updated mapping entry for Domain Admins
@@ -306 +305 @@
 Successfully added group Domain Guests to the mapping db
 
-<code class="prompt">root# </code> cd /etc/samba 
+<code class="prompt">root# </code> cd /etc/samba
 <code class="prompt">root# </code> net groupmap list | sort
 Account Operators (S-1-5-32-548) -&gt; -1
@@ -324 +323 @@
 </pre><p>
                 </p></li><li><p>
-                <a class="indexterm" name="id322008"></a>
-                <a class="indexterm" name="id322015"></a>
-                <a class="indexterm" name="id322024"></a>
+                <a class="indexterm" name="id345591"></a>
+                <a class="indexterm" name="id345597"></a>
+                <a class="indexterm" name="id345606"></a>
                 For each user who needs to be given a Windows Domain account, make an entry in the
                 <code class="filename">/etc/passwd</code> file as well as in the Samba password backend.
@@ -332 +331 @@
                 <code class="literal">smbpasswd</code> program to create the Domain user accounts.
                 </p><p>
-                <a class="indexterm" name="id322048"></a>
-                <a class="indexterm" name="id322055"></a>
-                <a class="indexterm" name="id322062"></a>
+                <a class="indexterm" name="id345628"></a>
+                <a class="indexterm" name="id345634"></a>
+                <a class="indexterm" name="id345640"></a>
                 There are a number of tools for user management under UNIX, such as
                 <code class="literal">useradd</code> and <code class="literal">adduser</code>, as well as a plethora of custom
@@ -345 +344 @@
                 data storage for company files. In this case the mount point is indicated in the <code class="filename">smb.conf</code>
                 file is <code class="filename">/data</code>. Format the file system as required, mount the formatted
-                file system partition using <code class="literal">mount</code>, 
+                file system partition using <code class="literal">mount</code>,
                 and make the appropriate changes in <code class="filename">/etc/fstab</code>.
                 </p></li><li><p>
@@ -360 +359 @@
                 The directory root of the <code class="literal">finsvcs</code> share is <code class="filename">/data/finsvcs</code>.
                 </p></li><li><p>
-                Configure the printers with the IP addresses as shown in <a href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">???</a>.
+                Configure the printers with the IP addresses as shown in <a class="link" href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">&#8220;Abmas Accounting  52-User Network Topology&#8221;</a>.
                 Follow the instructions in the manufacturers' manuals to permit printing to port 9100.
                 This allows the CUPS spooler to print using raw mode protocols.
-                <a class="indexterm" name="id322209"></a>
-                <a class="indexterm" name="id322216"></a>
-                </p></li><li><p>
-                <a class="indexterm" name="id322229"></a>
-                <a class="indexterm" name="id322238"></a>
+                <a class="indexterm" name="id345771"></a>
+                <a class="indexterm" name="id345777"></a>
+                </p></li><li><p>
+                <a class="indexterm" name="id345790"></a>
+                <a class="indexterm" name="id345798"></a>
                 Configure the CUPS Print Queues as follows:
 </p><pre class="screen">
@@ -374 +373 @@
 <code class="prompt">root# </code> lpadmin -p qms -v socket://192.168.2.10:9100 -E
 </pre><p>
-                <a class="indexterm" name="id322270"></a>
+                <a class="indexterm" name="id345825"></a>
                 This creates the necessary print queues with no assigned print filter.
                 </p></li><li><p>
-                <a class="indexterm" name="id322284"></a>
-                <a class="indexterm" name="id322291"></a>
-                <a class="indexterm" name="id322298"></a>
+                <a class="indexterm" name="id345839"></a>
+                <a class="indexterm" name="id345845"></a>
+                <a class="indexterm" name="id345851"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
@@ -385 +384 @@
 </pre><p>
                 </p></li><li><p>
-                <a class="indexterm" name="id322324"></a>
+                <a class="indexterm" name="id345875"></a>
                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
@@ -391 +390 @@
 </pre><p>
                 </p></li><li><p>
-                <a class="indexterm" name="id322349"></a>
+                <a class="indexterm" name="id345898"></a>
                 Using your favorite system editor, create an <code class="filename">/etc/dhcpd.conf</code> with the
-                contents as shown in <a href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">???</a>.
-</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example 2.2. Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><a class="indexterm" name="id322384"></a><pre class="screen">
+                contents as shown in <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
+</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example 2.2. Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><a class="indexterm" name="id345927"></a><pre class="screen">
 default-lease-time 86400;
 max-lease-time 172800;
@@ -442 +441 @@
                 automatically at every system reboot. For example,
                 </p><p>
-                <a class="indexterm" name="id322419"></a>
-                <a class="indexterm" name="id322426"></a>
-                <a class="indexterm" name="id322432"></a>
-                <a class="indexterm" name="id322439"></a>
-                <a class="indexterm" name="id322446"></a>
+                <a class="indexterm" name="id345960"></a>
+                <a class="indexterm" name="id345966"></a>
+                <a class="indexterm" name="id345973"></a>
+                <a class="indexterm" name="id345979"></a>
+                <a class="indexterm" name="id345985"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhcp on
@@ -456 +455 @@
 </pre><p>
                 </p></li><li><p>
-                <a class="indexterm" name="id322501"></a>
-                <a class="indexterm" name="id322508"></a>
-                <a class="indexterm" name="id322517"></a>
-                <a class="indexterm" name="id322523"></a>
-                <a class="indexterm" name="id322530"></a>
-                <a class="indexterm" name="id322537"></a>
+                <a class="indexterm" name="id346034"></a>
+                <a class="indexterm" name="id346040"></a>
+                <a class="indexterm" name="id346049"></a>
+                <a class="indexterm" name="id346055"></a>
+                <a class="indexterm" name="id346061"></a>
+                <a class="indexterm" name="id346068"></a>
                 Configure the name service switch (NSS) to handle WINS-based name resolution.
                 Since this system does not use a DNS server, it is safe to remove this option from
@@ -469 +468 @@
 hosts:  files wins
 </pre><p>
-                </p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example 2.3. Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id322599"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id322611"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id322624"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id322637"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id322650"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id322662"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id322675"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id322688"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id322700"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id322713"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id322726"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id322739"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id322752"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id322765"></a><em class="parameter"><code>logon script = scripts\login.bat</code></em></td></tr><tr><td><a class="indexterm" name="id322778"></a><em class="parameter"><code>logon path =  </code></em></td></tr><tr><td><a class="indexterm" name="id322790"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id322803"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id322815"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id322828"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id322840"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="acct3conf"></a><p class="title"><b>Example 2.4. Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id322886"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id322898"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id322911"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id322924"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id322945"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id322958"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id322970"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id322983"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id322995"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323008"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id323029"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id323042"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id323054"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id323067"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id323088"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id323101"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id323114"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id323126"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[finsvcs]</code></em></td></tr><tr><td><a class="indexterm" name="id323148"></a><em class="parameter"><code>comment = Financial Service Files</code></em></td></tr><tr><td><a class="indexterm" name="id323160"></a><em class="parameter"><code>path = /data/finsvcs</code></em></td></tr><tr><td><a class="indexterm" name="id323173"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id323185"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id323199"></a>Validation</h3></div></div></div><p>
+                </p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example 2.3. Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id346123"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id346133"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id346145"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id346155"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id346165"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id346176"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id346186"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id346197"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m -G users '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id346207"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id346217"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id346228"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id346238"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -A '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id346249"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id346260"></a><em class="parameter"><code>logon script = scripts\login.bat</code></em></td></tr><tr><td><a class="indexterm" name="id346271"></a><em class="parameter"><code>logon path =  </code></em></td></tr><tr><td><a class="indexterm" name="id346281"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id346292"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id346302"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id346312"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id346323"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="acct3conf"></a><p class="title"><b>Example 2.4. Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id346363"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id346373"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id346383"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id346394"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id346413"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id346423"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id346433"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id346444"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id346454"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id346465"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id346483"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id346494"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id346504"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id346515"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id346533"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id346544"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id346554"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id346565"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[finsvcs]</code></em></td></tr><tr><td><a class="indexterm" name="id346583"></a><em class="parameter"><code>comment = Financial Service Files</code></em></td></tr><tr><td><a class="indexterm" name="id346594"></a><em class="parameter"><code>path = /data/finsvcs</code></em></td></tr><tr><td><a class="indexterm" name="id346604"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id346615"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id346626"></a>Validation</h3></div></div></div><p>
                 Does everything function as it ought? That is the key question at this point.
                 Here are some simple steps to validate your Samba server configuration.
-                </p><div class="procedure"><a name="id323209"></a><p class="title"><b>Procedure 2.2. Validation Steps</b></p><ol type="1"><li><p>
-                        <a class="indexterm" name="id323220"></a>
+                </p><div class="procedure"><a name="id346636"></a><p class="title"><b>Procedure 2.2. Validation Steps</b></p><ol type="1"><li><p>
+                        <a class="indexterm" name="id346647"></a>
                         If your <code class="filename">smb.conf</code> file has bogus options or parameters, this may cause Samba
                         to refuse to start. The first step should always be to validate the contents
@@ -496 +495 @@
         printcap name = CUPS
         show add printer wizard = No
-        add user script = /usr/sbin/useradd -m '%u'
+        add user script = /usr/sbin/useradd -m -G users '%u'
         delete user script = /usr/sbin/userdel -r '%u'
         add group script = /usr/sbin/groupadd '%g'
         delete group script = /usr/sbin/groupdel '%g'
-        add user to group script = /usr/sbin/usermod -G '%g' '%u'
-        add machine script = /usr/sbin/useradd 
+        add user to group script = /usr/sbin/usermod -A '%g' '%u'
+        add machine script = /usr/sbin/useradd
                                 -s /bin/false -d /var/lib/nobody '%u'
         logon script = scripts\logon.bat
@@ -520 +519 @@
                         Clear away all errors before proceeding, and start or restart samba as necessary.
                         </p></li><li><p>
-                        <a class="indexterm" name="id323270"></a>
-                        <a class="indexterm" name="id323277"></a>
-                        <a class="indexterm" name="id323284"></a>
-                        <a class="indexterm" name="id323291"></a>
+                        <a class="indexterm" name="id346704"></a>
+                        <a class="indexterm" name="id346710"></a>
+                        <a class="indexterm" name="id346716"></a>
+                        <a class="indexterm" name="id346722"></a>
                         Check that the Samba server is running:
 </p><pre class="screen">
@@ -540 +539 @@
                         <code class="literal">smbd</code> is normal.
                         </p></li><li><p>
-                        <a class="indexterm" name="id323342"></a>
+                        <a class="indexterm" name="id346768"></a>
                         Check that an anonymous connection can be made to the Samba server:
 </p><pre class="screen">
@@ -569 +568 @@
                         a <code class="constant">NULL</code> password.
                         </p></li><li><p>
-                        <a class="indexterm" name="id323387"></a>
-                        <a class="indexterm" name="id323393"></a>
-                        <a class="indexterm" name="id323400"></a>
+                        <a class="indexterm" name="id346810"></a>
+                        <a class="indexterm" name="id346816"></a>
+                        <a class="indexterm" name="id346822"></a>
                         Verify that the printers have the IP addresses assigned in the DHCP server configuration file.
                         The easiest way to do this is to ping the printer name. Immediately after the ping response
@@ -590 +589 @@
                         <code class="filename">/etc/dhcpd.conf</code> file.
                         </p></li><li><p>
-                        <a class="indexterm" name="id323459"></a>
+                        <a class="indexterm" name="id346876"></a>
                         Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool:
 </p><pre class="screen">
@@ -607 +606 @@
 smb: \&gt; q
 </pre><p>
-                        </p></li></ol></div></div><div class="procedure"><a name="id323498"></a><p class="title"><b>Procedure 2.3. Windows XP Professional Client Configuration</b></p><ol type="1"><li><p>
-                Configure clients to the network settings shown in <a href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">???</a>.
+                        </p></li></ol></div></div><div class="procedure"><a name="id346912"></a><p class="title"><b>Procedure 2.3. Windows XP Professional Client Configuration</b></p><ol type="1"><li><p>
+                Configure clients to the network settings shown in <a class="link" href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">&#8220;Abmas Accounting  52-User Network Topology&#8221;</a>.
                 All clients use DHCP for TCP/IP protocol stack configuration.
-                <a class="indexterm" name="id323516"></a>
-                <a class="indexterm" name="id323523"></a>
+                <a class="indexterm" name="id346928"></a>
+                <a class="indexterm" name="id346934"></a>
                 DHCP configures all Windows clients to use the WINS Server address <code class="constant">192.168.1.1</code>.
                 </p></li><li><p>
@@ -617 +616 @@
                 username <code class="constant">root</code> and the SMB password you assigned to this account.
                 A detailed step-by-step procedure for joining a Windows 200x/XP Professional client to
-                a Windows Domain is given in <a href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">???</a>, <a href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">???</a>. 
+                a Windows Domain is given in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">&#8220;Joining a Domain: Windows 200x/XP Professional&#8221;</a>.
                 Reboot the machine as prompted and then log on using a Domain User account.
                 </p></li><li><p>
@@ -653 +652 @@
                                 Repeat the printer installation steps above for the HP LaserJet 6 printer
                                 as well as for the QMS Magicolor XXXX laser printer.
-                                </p></li></ol></div></li></ol></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id323822"></a>Notebook Computers: A Special Case</h3></div></div></div><p>
+                                </p></li></ol></div></li></ol></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id347201"></a>Notebook Computers: A Special Case</h3></div></div></div><p>
         As a network administrator, you already know how to create local machine accounts for Windows 200x/XP
         Professional systems. This is the preferred solution to provide continuity of work for notebook users
@@ -663 +662 @@
         that mean that as the network is more tightly secured, it becomes necessary to modify Windows client
         configuration somewhat.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id323841"></a>Key Points Learned</h3></div></div></div><p>
+        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id347221"></a>Key Points Learned</h3></div></div></div><p>
                 In this network design and implementation exercise, you created a Windows NT4-style Domain
                 Controller using Samba-3.0.20. Following these guidelines, you experienced
@@ -669 +668 @@
                 you build on the experience. These are the highlights from this chapter:
                 </p><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id323858"></a>
+                        <a class="indexterm" name="id347237"></a>
                         You implemented a DHCP server, and Microsoft Windows clients were able to obtain all necessary
                         network configuration settings from this server.
                         </p></li><li><p>
-                        <a class="indexterm" name="id323871"></a>
+                        <a class="indexterm" name="id347249"></a>
                         You created a Windows Domain Controller. You were able to use the network logon service
                         and successfully joined Windows 200x/XP Professional clients to the Domain.
                         </p></li><li><p>
-                        <a class="indexterm" name="id323883"></a>
+                        <a class="indexterm" name="id347262"></a>
                         You created raw print queues in the CUPS printing system. You maintained a simple
                         printing system so that all users can share centrally managed printers. You installed
@@ -686 +685 @@
                         You offered Mobile notebook users a solution that allows them to continue to work
                         while away from the office and not connected to the corporate network.
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id323907"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id347285"></a>Questions and Answers</h2></div></div></div><p>
         Your new Domain Controller is ready to serve you. What does it mean? Here are some questions and answers that
         may help.
-        </p><div class="qandaset"><dl><dt>1. <a href="small.html#id323919">
+        </p><div class="qandaset"><dl><dt>1. <a href="small.html#id347297">
                 What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
-                </a></dt><dt>2. <a href="small.html#id323941">
+                </a></dt><dt>2. <a href="small.html#id347318">
                 Are there any DHCP server configuration parameters in the /etc/dhcpd.conf
                 that should be noted in particular?
-                </a></dt><dt>3. <a href="small.html#id323968">
+                </a></dt><dt>3. <a href="small.html#id347344">
                 Is it possible to create a Windows Domain account that is specifically called Administrator?
-                </a></dt><dt>4. <a href="small.html#id324004">
+                </a></dt><dt>4. <a href="small.html#id347378">
                 Why is it necessary to give the Windows Domain Administrator a UNIX UID of 0?
-                </a></dt><dt>5. <a href="small.html#id324039">
+                </a></dt><dt>5. <a href="small.html#id347411">
                 One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
                 root access. How can we do this?
-                </a></dt><dt>6. <a href="small.html#id324077">
+                </a></dt><dt>6. <a href="small.html#id347447">
                 Why must I map Windows Domain Groups to UNIX groups?
-                </a></dt><dt>7. <a href="small.html#id324114">
+                </a></dt><dt>7. <a href="small.html#id347481">
                 I deleted my root account and now I cannot add it back! What can I do?
-                </a></dt><dt>8. <a href="small.html#id324184">
+                </a></dt><dt>8. <a href="small.html#id347546">
                 When I run net groupmap list, it reports a group called Administrators
                 as well as Domain Admins. What is the difference between them?
-                </a></dt><dt>9. <a href="small.html#id324228">
+                </a></dt><dt>9. <a href="small.html#id347586">
                 What is the effect of changing the name of a Samba server or of changing the Domain name?
-                </a></dt><dt>10. <a href="small.html#id324272">
+                </a></dt><dt>10. <a href="small.html#id347628">
                 How can I manage user accounts from my Windows XP Professional workstation?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id323919"></a><a name="id323922"></a><b>1.</b></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id347297"></a><a name="id347299"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
                 What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -721 +720 @@
                 default routes and DNS server addresses that apply only to the Abmas office environment do
                 not interfere with remote operations. This is an extremely important feature of DHCP.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id323941"></a><a name="id323943"></a><b>2.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347318"></a><a name="id347320"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
                 Are there any DHCP server configuration parameters in the <code class="filename">/etc/dhcpd.conf</code>
                 that should be noted in particular?
@@ -730 +729 @@
                 NetBIOS machine name needs to be resolved to an IP Address. This configuration
                 results in far lower UDP broadcast traffic than would be the case if WINS was not used.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id323968"></a><a name="id323970"></a><b>3.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347344"></a><a name="id347346"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
                 Is it possible to create a Windows Domain account that is specifically called <code class="constant">Administrator</code>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -737 +736 @@
                 necessary to use the <em class="parameter"><code>username map</code></em> facility to map this account to the UNIX
                 account called <code class="constant">root</code>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id324004"></a><a name="id324006"></a><b>4.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347378"></a><a name="id347380"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
                 Why is it necessary to give the Windows Domain <code class="constant">Administrator</code> a UNIX UID of 0?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -747 +746 @@
                 settings within the Domain and on the Samba server, equivalent rights must be assigned. This is
                 achieved with the <code class="constant">root</code> UID equal to 0.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id324039"></a><a name="id324042"></a><b>5.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347411"></a><a name="id347414"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
                 One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
                 <code class="constant">root</code> access. How can we do this?
@@ -756 +755 @@
                 This must be the primary GID of the account of the user who is a member of the Windows <code class="constant">
                 Domain Admins</code> account.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id324077"></a><a name="id324079"></a><b>6.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347447"></a><a name="id347449"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
                 Why must I map Windows Domain Groups to UNIX groups?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -762 +761 @@
                 has a UNIX group account equivalent. The Domain groups that should be given UNIX equivalents are
                 <span class="guimenu">Domain Guests</span>, <span class="guimenu">Domain Users</span>, and <span class="guimenu">Domain Admins</span>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id324114"></a><a name="id324116"></a><b>7.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347481"></a><a name="id347483"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
                 I deleted my <code class="constant">root</code> account and now I cannot add it back! What can I do?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                This is a nasty problem. Fortunately, there is a solution. 
+                This is a nasty problem. Fortunately, there is a solution.
                 </p><div class="procedure"><ol type="1"><li><p>
                         Back up your existing configuration files in case you need to restore them.
                         </p></li><li><p>
-                        Rename the <code class="filename">group_mapping.tdb</code> file. 
+                        Rename the <code class="filename">group_mapping.tdb</code> file.
                         </p></li><li><p>
                         Use the <code class="literal">smbpasswd</code> to add the root account.
                         </p></li><li><p>
                         Restore the <code class="filename">group_mapping.tdb</code> file.
-                        </p></li></ol></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id324184"></a><a name="id324186"></a><b>8.</b></td><td align="left" valign="top"><p>
+                        </p></li></ol></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id347546"></a><a name="id347548"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
                 When I run <code class="literal">net groupmap list</code>, it reports a group called <span class="guimenu">Administrators</span>
                 as well as <span class="guimenu">Domain Admins</span>. What is the difference between them?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 The group called <span class="guimenu">Administrators</span> is representative of the same account that would be
-                present as the Local Group account on a Domain Member server or workstation. Samba uses only Domain 
+                present as the Local Group account on a Domain Member server or workstation. Samba uses only Domain
                 Groups at this time. A Workstation or Server Local Group has no meaning in a Samba context. This
                 may change at some later date. These accounts are provided only so that security objects are correctly shown.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id324228"></a><a name="id324230"></a><b>9.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347586"></a><a name="id347588"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
                 What is the effect of changing the name of a Samba server or of changing the Domain name?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -794 +793 @@
                 or the <code class="literal">smbpasswd</code> (Samba-2.2.x). To change the SID, you use the same tool. Be sure
                 to check the man page for this command for detailed instructions regarding the steps involved.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id324272"></a><a name="id324274"></a><b>10.</b></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id347628"></a><a name="id347630"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
                 How can I manage user accounts from my Windows XP Professional workstation?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>