Changeset 368 for branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/happy.html

Timestamp:

Jan 15, 2010, 8:21:06 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3 to 3.3.10 (docs)

File:

• branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/happy.html (modified) (167 diffs)

branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/happy.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Making Happy Users</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="Big500users.html" title="Chapter 4. The 500-User Office"><link rel="next" href="2000users.html" title="Chapter 6. A Distributed 2000-User Network"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Making Happy Users</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Big500users.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="2000users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="happy"></a>Chapter 5. Making Happy Users</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="happy.html#id2571048">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id2571190">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571288">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2571425">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571882">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573760">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573776">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2573956">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2576854">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id2580803">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2580823">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id2580918">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581163">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581274">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2581407">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582162">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582477">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582657">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583160">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583195">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2583229">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id2583345">Questions and Answers</a></span></dt></dl></div><p>
-        It is said that &#8220;<span class="quote">a day that is without troubles is not fulfilling.  Rather, give 
-        me a day of troubles well handled so that I can be content with my achievements.</span>&#8221;
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Making Happy Users</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="Big500users.html" title="Chapter 4. The 500-User Office"><link rel="next" href="2000users.html" title="Chapter 6. A Distributed 2000-User Network"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Making Happy Users</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Big500users.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="2000users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 5. Making Happy Users"><div class="titlepage"><div><div><h2 class="title"><a name="happy"></a>Chapter 5. Making Happy Users</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="happy.html#id2577106">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id2577248">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2577346">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2577483">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2577941">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2579819">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2579834">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2580015">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582912">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id2586862">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2586882">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id2586977">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id2587221">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2587332">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2587466">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id2588220">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id2588536">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id2588716">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id2589218">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id2589254">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2589288">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id2589403">Questions and Answers</a></span></dt></dl></div><p>
+        It is said that <span class="quote">&#8220;<span class="quote">a day that is without troubles is not fulfilling.  Rather, give 
+        me a day of troubles well handled so that I can be content with my achievements.</span>&#8221;</span>
         </p><p>
         In the world of computer networks, problems are as varied as the people who create them
@@ -7 +7 @@
         may create problems for some network users. The following lists some of the problems that
         may occur:
-        </p><a class="indexterm" name="id2570626"></a><a class="indexterm" name="id2570632"></a><a class="indexterm" name="id2570642"></a><a class="indexterm" name="id2570648"></a><a class="indexterm" name="id2570655"></a><div class="caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p>
+        </p><a class="indexterm" name="id2576684"></a><a class="indexterm" name="id2576691"></a><a class="indexterm" name="id2576700"></a><a class="indexterm" name="id2576707"></a><a class="indexterm" name="id2576714"></a><div class="caution" title="Caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p>
 A significant number of network administrators have responded to the guidance given
 here. It should be noted that there are sites that have a single PDC for many hundreds of
@@ -20 +20 @@
 clients is conservative and if followed will minimize problems  but it is not absolute.
 </p></div><div class="variablelist"><dl><dt><span class="term">Users experiencing difficulty logging onto the network</span></dt><dd><p>
-                <a class="indexterm" name="id2570700"></a>
-                <a class="indexterm" name="id2570710"></a>
+                <a class="indexterm" name="id2576759"></a>
+                <a class="indexterm" name="id2576768"></a>
                 When a Windows client logs onto the network, many data packets are exchanged
                 between the client and the server that is providing the network logon services.
@@ -31 +31 @@
                 characteristics. 
                 </p><p>
-                <a class="indexterm" name="id2570730"></a>
-                <a class="indexterm" name="id2570736"></a>
-                <a class="indexterm" name="id2570743"></a>
+                <a class="indexterm" name="id2576788"></a>
+                <a class="indexterm" name="id2576795"></a>
+                <a class="indexterm" name="id2576801"></a>
                 If the domain controller provides only network logon services
                 and all file and print activity is handled by domain member servers, one domain 
@@ -47 +47 @@
                 the Samba server as well as network bandwidth utilization.
                 </p></dd><dt><span class="term">Slow logons and log-offs</span></dt><dd><p>
-                <a class="indexterm" name="id2570776"></a>
+                <a class="indexterm" name="id2576835"></a>
                 Slow logons and log-offs may be caused by many factors that include:
 
-                        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                                <a class="indexterm" name="id2570790"></a>
-                                <a class="indexterm" name="id2570802"></a>
+                        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                                <a class="indexterm" name="id2576848"></a>
+                                <a class="indexterm" name="id2576860"></a>
                                 Excessive delays in the resolution of a NetBIOS name to its IP
                                 address. This may be observed when an overloaded domain controller 
                                 is also the WINS server. Another cause may be the failure to use
                                 a WINS server (this assumes that there is a single network segment).
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570820"></a>
-                                <a class="indexterm" name="id2570827"></a>
-                                <a class="indexterm" name="id2570834"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id2576879"></a>
+                                <a class="indexterm" name="id2576886"></a>
+                                <a class="indexterm" name="id2576892"></a>
                                 Network traffic collisions due to overloading of the network
                                 segment. One short-term workaround to this may be to replace
                                 network HUBs with Ethernet switches.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570848"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id2576907"></a>
                                 Defective networking hardware. Over the past few years, we have seen
                                 on the Samba mailing list a significant increase in the number of
@@ -72 +72 @@
                                 it was the erratic nature of the problem that ultimately pointed to
                                 the cause of the problem.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570869"></a>
-                                <a class="indexterm" name="id2570878"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id2576927"></a>
+                                <a class="indexterm" name="id2576936"></a>
                                 Excessively large roaming profiles. This type of problem is typically
                                 the result of poor user education as well as poor network management.
@@ -81 +81 @@
                                 These are old bad habits that require much discipline and vigilance
                                 on the part of network management.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570898"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id2576957"></a>
                                 You should verify that the Windows XP WebClient service is not running.
                                 The use of the WebClient service has been implicated in many Windows
@@ -90 +90 @@
                 Loss of access to network resources during client operation may be caused by a number
                 of factors, including:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                                <a class="indexterm" name="id2570931"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                                <a class="indexterm" name="id2576989"></a>
                                 Network overload (typically indicated by a high network collision rate)
-                                </p></li><li><p>
+                                </p></li><li class="listitem"><p>
                                 Server overload
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570950"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id2577009"></a>
                                 Timeout causing the client to close a connection that is in use but has
                                 been latent (no traffic) for some time (5 minutes or more)
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570966"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id2577025"></a>
                                 Defective networking hardware
                                 </p></li></ul></div><p>
-                <a class="indexterm" name="id2570981"></a>
+                <a class="indexterm" name="id2577039"></a>
                 No matter what the cause, a sudden loss of access to network resources can
                 result in BSOD (blue screen of death) situations that necessitate rebooting of the client
@@ -110 +110 @@
                 problem, data corruption.
                 </p></dd><dt><span class="term">Potential data corruption</span></dt><dd><p>
-                <a class="indexterm" name="id2571014"></a>
+                <a class="indexterm" name="id2577073"></a>
                 Data corruption is one of the most serious problems. It leads to uncertainty, anger, and 
                 frustration, and generally precipitates immediate corrective demands. Management response
@@ -124 +124 @@
         methods to improve the reliability of your network environment, but be warned that all such steps
         demand the price of complexity.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571048"></a>Regarding LDAP Directories and Windows Computer Accounts</h2></div></div></div><p>
-        <a class="indexterm" name="id2571056"></a>
+        </p><div class="sect1" title="Regarding LDAP Directories and Windows Computer Accounts"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2577106"></a>Regarding LDAP Directories and Windows Computer Accounts</h2></div></div></div><p>
+        <a class="indexterm" name="id2577115"></a>
         Computer (machine) accounts can be placed wherever you like in an LDAP directory subject to some 
         constraints that are described in this section.
         </p><p>
-        <a class="indexterm" name="id2571071"></a>
-        <a class="indexterm" name="id2571078"></a>
-        <a class="indexterm" name="id2571085"></a>
-        <a class="indexterm" name="id2571092"></a>
+        <a class="indexterm" name="id2577130"></a>
+        <a class="indexterm" name="id2577136"></a>
+        <a class="indexterm" name="id2577143"></a>
+        <a class="indexterm" name="id2577150"></a>
         The POSIX and SambaSAMAccount components of computer (machine) accounts are both used by Samba. 
         That is, machine  accounts are treated inside Samba in the same way that Windows NT4/200X treats 
@@ -138 +138 @@
         the machine account ends in a $ character, as do trust accounts.
         </p><p>
-        <a class="indexterm" name="id2571108"></a>
-        <a class="indexterm" name="id2571115"></a>
+        <a class="indexterm" name="id2577167"></a>
+        <a class="indexterm" name="id2577173"></a>
         The need for Windows user, group, machine, trust, and other such accounts to be tied to a valid UNIX UID
         is a design decision that was made a long way back in the history of Samba development. It is 
@@ -145 +145 @@
         Samba-3.x series. 
         </p><p>
-        <a class="indexterm" name="id2571130"></a>
-        <a class="indexterm" name="id2571136"></a>
+        <a class="indexterm" name="id2577188"></a>
+        <a class="indexterm" name="id2577195"></a>
         The resolution of a UID from the Windows SID is achieved within Samba through a mechanism that
         must refer back to the host operating system on which Samba is running. The name service
@@ -152 +152 @@
         need to know everything about every host OS it runs on.
         </p><p>
-        Samba asks the host OS to provide a UID via the &#8220;<span class="quote">passwd</span>&#8221;, &#8220;<span class="quote">shadow</span>&#8221;
-        and &#8220;<span class="quote">group</span>&#8221; facilities in the NSS control (configuration) file. The best tool
+        Samba asks the host OS to provide a UID via the <span class="quote">&#8220;<span class="quote">passwd</span>&#8221;</span>, <span class="quote">&#8220;<span class="quote">shadow</span>&#8221;</span>
+        and <span class="quote">&#8220;<span class="quote">group</span>&#8221;</span> facilities in the NSS control (configuration) file. The best tool
         for achieving this is left up to the UNIX administrator to determine. It is not imposed by
         Samba. Samba provides winbindd together with its support libraries as one method. It is
@@ -159 +159 @@
         all account entities can be located in an LDAP directory.
         </p><p>
-        <a class="indexterm" name="id2571174"></a>
+        <a class="indexterm" name="id2577232"></a>
         For many the weapon of choice is to use the PADL nss_ldap utility. This utility must
         be configured so that computer accounts can be resolved to a POSIX/UNIX account UID. That
@@ -165 +165 @@
         in the documentation is directed at providing working examples only. The design
         of an LDAP directory is a complex subject that is beyond the scope of this documentation.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571190"></a>Introduction</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2577248"></a>Introduction</h2></div></div></div><p>
         You just opened an email from Christine that reads:
         </p><p>
@@ -194 +194 @@
         </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Christine</span></td></tr></table></div><p>
         </p><p>
-        <a class="indexterm" name="id2571252"></a>      
-        <a class="indexterm" name="id2571259"></a>
+        <a class="indexterm" name="id2577310"></a>      
+        <a class="indexterm" name="id2577318"></a>
         Every compromise has consequences. Having a large routed (i.e., multisegment) network with only a
         single domain controller is a poor design that has obvious operational effects that may
@@ -205 +205 @@
         Please let Stan know what the estimated cost will be so I can approve the expense. Do not wait
         for approval; I appreciate the urgency.
-        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Bob</span></td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2571288"></a>Assignment Tasks</h3></div></div></div><p>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Bob</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id2577346"></a>Assignment Tasks</h3></div></div></div><p>
                 The priority of assigned tasks in this chapter is:
-                </p><div class="orderedlist"><ol type="1"><li><p>
-                        <a class="indexterm" name="id2571308"></a>
-                        <a class="indexterm" name="id2571317"></a>
-                        <a class="indexterm" name="id2571323"></a>
-                        <a class="indexterm" name="id2571330"></a><a class="indexterm" name="id2571336"></a>
+                </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
+                        <a class="indexterm" name="id2577366"></a>
+                        <a class="indexterm" name="id2577375"></a>
+                        <a class="indexterm" name="id2577382"></a>
+                        <a class="indexterm" name="id2577389"></a><a class="indexterm" name="id2577394"></a>
                         Implement Backup Domain Controllers (BDCs) in each building. This involves
                         a change from a <span class="emphasis"><em>tdbsam</em></span> backend that was used in the previous
@@ -217 +217 @@
                         </p><p>
                         You can implement a single central LDAP server for this purpose.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2571358"></a>
-                        <a class="indexterm" name="id2571365"></a>
-                        <a class="indexterm" name="id2571372"></a>
-                        <a class="indexterm" name="id2571379"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id2577417"></a>
+                        <a class="indexterm" name="id2577424"></a>
+                        <a class="indexterm" name="id2577430"></a>
+                        <a class="indexterm" name="id2577437"></a>
                         Rectify the problem of excessive logon times. This involves redirection of
                         folders to network shares as well as modification of all user desktops to
@@ -227 +227 @@
                         create a new default profile that can be used for all new users.
                         </p></li></ol></div><p>
-                <a class="indexterm" name="id2571398"></a>
+                <a class="indexterm" name="id2577456"></a>
                 You configure a new MS Windows XP Professional workstation disk image that you roll out
                 to all desktop users. The instructions you have created are followed on a staging machine
                 from which all changes can be carefully tested before inflicting them on your network users.
                 </p><p>
-                <a class="indexterm" name="id2571412"></a>
+                <a class="indexterm" name="id2577471"></a>
                 This is the last network example in which specific mention of printing is made. The example
                 again makes use of the CUPS printing system.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571425"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2571433"></a>
-        <a class="indexterm" name="id2571439"></a>
-        <a class="indexterm" name="id2571446"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2577483"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id2577491"></a>
+        <a class="indexterm" name="id2577498"></a>
+        <a class="indexterm" name="id2577505"></a>
         The implementation of Samba BDCs necessitates the installation and configuration of LDAP.
         For this site, you use OpenLDAP, the open source software LDAP server platform. Commercial
         LDAP servers in current use with Samba-3 include:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2571464"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id2577522"></a>
                 Novell <a class="ulink" href="http://www.novell.com/products/edirectory/" target="_top">eDirectory</a>
                 is being successfully used by some sites. Information on how to use eDirectory can be
                 obtained from the Samba mailing lists or from Novell.
-                </p></li><li><p>
-                <a class="indexterm" name="id2571484"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id2577542"></a>
                 IBM <a class="ulink" href="http://www-306.ibm.com/software/tivoli/products/directory-server/" target="_top">Tivoli 
                 Directory Server</a> can be used to provide the Samba LDAP backend. Example schema 
                 files are provided in the Samba source code tarball under the directory 
                 <code class="filename">~samba/example/LDAP.</code>
-                </p></li><li><p>
-                <a class="indexterm" name="id2571511"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id2577570"></a>
                 Sun <a class="ulink" href="http://www.sun.com/software/software/products/identity_srvr/home_identity.xml" target="_top">ONE Identity 
                 Server product suite</a> provides an LDAP server that can be used for Samba.
@@ -265 +265 @@
         help you to get OpenLDAP and Samba-3 running as required, albeit with some learning curve challenges.
         </p><p>
-        <a class="indexterm" name="id2571548"></a>
+        <a class="indexterm" name="id2577607"></a>
         For most sites, the deployment of Microsoft Active Directory from the shrink-wrapped installation is quite
         adequate. If you are migrating from Microsoft Active Directory, be warned that OpenLDAP does not include
@@ -271 +271 @@
         requires an understanding of what you are doing, why you are doing it, and the tools that you must use.
         </p><p>
-        <a class="indexterm" name="id2571566"></a>
-        <a class="indexterm" name="id2571573"></a>
-        <a class="indexterm" name="id2571580"></a>
-        <a class="indexterm" name="id2571589"></a>
-        <a class="indexterm" name="id2571598"></a>
-        <a class="indexterm" name="id2571605"></a>
-        <a class="indexterm" name="id2571614"></a>
+        <a class="indexterm" name="id2577624"></a>
+        <a class="indexterm" name="id2577631"></a>
+        <a class="indexterm" name="id2577638"></a>
+        <a class="indexterm" name="id2577647"></a>
+        <a class="indexterm" name="id2577657"></a>
+        <a class="indexterm" name="id2577663"></a>
+        <a class="indexterm" name="id2577673"></a>
         When installed and configured, an OpenLDAP Identity Management backend for Samba functions well. 
         High availability operation may be obtained through directory replication/synchronization and 
@@ -287 +287 @@
         with Microsoft Active Directory.
         </p><p>
-        <a class="indexterm" name="id2571639"></a>
-        <a class="indexterm" name="id2571649"></a>
-        <a class="indexterm" name="id2571656"></a>
-        <a class="indexterm" name="id2571663"></a>
+        <a class="indexterm" name="id2577698"></a>
+        <a class="indexterm" name="id2577707"></a>
+        <a class="indexterm" name="id2577714"></a>
+        <a class="indexterm" name="id2577721"></a>
         A comparison of OpenLDAP with Microsoft Active Directory does not do justice to either. OpenLDAP is an LDAP directory
         tool-set. Microsoft Active Directory Server is an implementation of an LDAP server that is largely preconfigured
@@ -301 +301 @@
         of OpenLDAP.
         </p><p>
-        <a class="indexterm" name="id2571692"></a>
-        <a class="indexterm" name="id2571701"></a>
+        <a class="indexterm" name="id2577751"></a>
+        <a class="indexterm" name="id2577760"></a>
         You may wish to consider outsourcing the development of your OpenLDAP directory to an expert, particularly
         if you find the challenge of learning about LDAP directories, schemas, configuration, and management
@@ -310 +310 @@
         that is required for use as a passdb backend.
         </p><p>
-        <a class="indexterm" name="id2571719"></a>
+        <a class="indexterm" name="id2577778"></a>
         For those who are willing to brave the process of installing and configuring LDAP and Samba-3 interoperability,
         there are a few nice Web-based tools that may help you to manage your users and groups more effectively.
@@ -324 +324 @@
         <a class="ulink" href="http://www.jxplorer.org/" target="_top">; JXplorer</a> (by Computer Associates);
         and <a class="ulink" href="http://phpldapadmin.sourceforge.net/" target="_top">phpLDAPadmin</a>.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         The following prescriptive guidance is not an LDAP tutorial. The LDAP implementation expressly uses minimal
         security controls. No form of secure LDAP communications is attempted. The LDAP configuration information provided
@@ -335 +335 @@
         by Jerry Carter quite useful.
         </p><p>
-        <a class="indexterm" name="id2571817"></a>
-        <a class="indexterm" name="id2571824"></a>
-        <a class="indexterm" name="id2571833"></a>
-        <a class="indexterm" name="id2571840"></a>
+        <a class="indexterm" name="id2577876"></a>
+        <a class="indexterm" name="id2577882"></a>
+        <a class="indexterm" name="id2577892"></a>
+        <a class="indexterm" name="id2577898"></a>
         Mary's problems are due to two factors. First, the absence of a domain controller on the local network is the
         main cause of the errors that result in blue screen crashes. Second, Mary has a large profile that must
@@ -346 +346 @@
         staff morale. The following procedures solve this problem.
         </p><p>
-        <a class="indexterm" name="id2571862"></a>
+        <a class="indexterm" name="id2577921"></a>
         There is also an opportunity to implement smart printing features. You add this to the Samba configuration
         so that future printer changes can be managed without need to change desktop configurations.
@@ -353 +353 @@
         in the default desktop profile. Only one example of printing configuration is given. It is assumed that
         you can extrapolate the principles and use them to install all printers that may be needed.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2571882"></a>Technical Issues</h3></div></div></div><p>
-        <a class="indexterm" name="id2571890"></a>
-        <a class="indexterm" name="id2571899"></a>
-        <a class="indexterm" name="id2571908"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2577941"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id2577949"></a>
+        <a class="indexterm" name="id2577958"></a>
+        <a class="indexterm" name="id2577967"></a>
         The solution provided is a minimal approach to getting OpenLDAP running as an identity management directory
         server for UNIX system accounts as well as for Samba. From the OpenLDAP perspective, UNIX system
         accounts are stored POSIX schema extensions. Samba provides its own schema to permit storage of account 
         attributes Samba needs. Samba-3 can use the LDAP backend to store:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Windows Networking User Accounts</p></li><li><p>Windows NT Group Accounts</p></li><li><p>Mapping Information between UNIX Groups and Windows NT Groups</p></li><li><p>ID Mappings for SIDs to UIDs (also for foreign Domain SIDs)</p></li></ul></div><p>
-        <a class="indexterm" name="id2571949"></a>
-        <a class="indexterm" name="id2571956"></a>
-        <a class="indexterm" name="id2571963"></a>
-        <a class="indexterm" name="id2571970"></a>
-        <a class="indexterm" name="id2571977"></a>
-        <a class="indexterm" name="id2571984"></a>
-        <a class="indexterm" name="id2571993"></a>
-        <a class="indexterm" name="id2571999"></a>
-        <a class="indexterm" name="id2572006"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Windows Networking User Accounts</p></li><li class="listitem"><p>Windows NT Group Accounts</p></li><li class="listitem"><p>Mapping Information between UNIX Groups and Windows NT Groups</p></li><li class="listitem"><p>ID Mappings for SIDs to UIDs (also for foreign Domain SIDs)</p></li></ul></div><p>
+        <a class="indexterm" name="id2578008"></a>
+        <a class="indexterm" name="id2578015"></a>
+        <a class="indexterm" name="id2578022"></a>
+        <a class="indexterm" name="id2578028"></a>
+        <a class="indexterm" name="id2578035"></a>
+        <a class="indexterm" name="id2578042"></a>
+        <a class="indexterm" name="id2578051"></a>
+        <a class="indexterm" name="id2578058"></a>
+        <a class="indexterm" name="id2578064"></a>
         The use of LDAP with Samba-3 makes it necessary to store UNIX accounts as well as Windows Networking
         accounts in the LDAP backend. This implies the need to use the 
@@ -379 +379 @@
         of the UNIX username to the UID. The relationships are demonstrated in <a class="link" href="happy.html#sbehap-LDAPdiag" title="Figure 5.1. The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts">&#8220;The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts&#8221;</a>.
         </p><div class="figure"><a name="sbehap-LDAPdiag"></a><p class="title"><b>Figure 5.1. The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UNIX-Samba-and-LDAP.png" width="270" alt="The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2572091"></a>
-        <a class="indexterm" name="id2572098"></a>
+        <a class="indexterm" name="id2578150"></a>
+        <a class="indexterm" name="id2578157"></a>
         You configure OpenLDAP so that it is operational. Before deploying the OpenLDAP, you really
         ought to learn how to configure secure communications over LDAP so that site security is not
         at risk. This is not covered in the following guidance.
         </p><p>
-        <a class="indexterm" name="id2572115"></a>
-        <a class="indexterm" name="id2572121"></a>
-        <a class="indexterm" name="id2572131"></a>
-        <a class="indexterm" name="id2572138"></a>
+        <a class="indexterm" name="id2578173"></a>
+        <a class="indexterm" name="id2578180"></a>
+        <a class="indexterm" name="id2578189"></a>
+        <a class="indexterm" name="id2578196"></a>
         When OpenLDAP has been made operative, you configure the PDC called <code class="constant">MASSIVE</code>.
         You initialize the Samba <code class="filename">secrets.tdb<sub></sub></code> file. Then you
@@ -396 +396 @@
         that help to manage user and group configuration.
         </p><p>
-        <a class="indexterm" name="id2572172"></a>
-        <a class="indexterm" name="id2572178"></a>
-        <a class="indexterm" name="id2572185"></a>
+        <a class="indexterm" name="id2578230"></a>
+        <a class="indexterm" name="id2578237"></a>
+        <a class="indexterm" name="id2578244"></a>
         In order to effect folder redirection and to add robustness to the implementation,
         create a network default profile. All network users workstations are configured to use
@@ -404 +404 @@
         when the user logs off.
         </p><p>
-        <a class="indexterm" name="id2572205"></a>
+        <a class="indexterm" name="id2578263"></a>
         The profile is configured so that users cannot change the appearance
         of their desktop. This is known as a mandatory profile. You make certain that users
         are able to use their computers efficiently.
         </p><p>
-        <a class="indexterm" name="id2572218"></a>
+        <a class="indexterm" name="id2578277"></a>
         A network logon script is used to deliver flexible but consistent network drive
         connections.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-ppc"></a>Addition of Machines to the Domain</h4></div></div></div><p>
-                <a class="indexterm" name="id2572240"></a>
-                <a class="indexterm" name="id2572245"></a>
-                <a class="indexterm" name="id2572251"></a>
-                <a class="indexterm" name="id2572256"></a>
+        </p><div class="sect3" title="Addition of Machines to the Domain"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-ppc"></a>Addition of Machines to the Domain</h4></div></div></div><p>
+                <a class="indexterm" name="id2578299"></a>
+                <a class="indexterm" name="id2578304"></a>
+                <a class="indexterm" name="id2578309"></a>
+                <a class="indexterm" name="id2578315"></a>
                 Samba versions prior to 3.0.11 necessitated the use of a domain administrator account
                 that maps to the UNIX UID=0. The UNIX operating system permits only the <code class="constant">root</code>
@@ -426 +426 @@
                 how any user can now be given the ability to add machines to the domain using a normal user account
                 that has been given the appropriate privileges.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572394"></a>Roaming Profile Background</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Roaming Profile Background"><div class="titlepage"><div><div><h4 class="title"><a name="id2578452"></a>Roaming Profile Background</h4></div></div></div><p>
                 As XP roaming profiles grow, so does the amount of time it takes to log in and out.
                 </p><p>
-                <a class="indexterm" name="id2572407"></a>
-                <a class="indexterm" name="id2572414"></a>
-                <a class="indexterm" name="id2572420"></a>
-                <a class="indexterm" name="id2572427"></a>
+                <a class="indexterm" name="id2578465"></a>
+                <a class="indexterm" name="id2578472"></a>
+                <a class="indexterm" name="id2578479"></a>
+                <a class="indexterm" name="id2578486"></a>
                 An XP roaming profile consists of the <code class="constant">HKEY_CURRENT_USER</code> hive file
                 <code class="filename">NTUSER.DAT</code> and a number of folders (My Documents, Application Data,
@@ -454 +454 @@
                 instead of the <code class="filename">My Documents</code> folder for saving documents.
                 </p><p>
-                <a class="indexterm" name="id2572506"></a>
+                <a class="indexterm" name="id2578565"></a>
                 Using a folder other than <code class="filename">My Documents</code> is a nuisance for 
                 some users, since many applications use it by default.
                 </p><p>
-                <a class="indexterm" name="id2572524"></a>
-                <a class="indexterm" name="id2572531"></a>
-                <a class="indexterm" name="id2572538"></a>
+                <a class="indexterm" name="id2578583"></a>
+                <a class="indexterm" name="id2578590"></a>
+                <a class="indexterm" name="id2578597"></a>
                 The secret to rapid loading of roaming profiles is to prevent unnecessary data from 
                 being copied back and forth, without losing any functionality. This is not difficult; 
@@ -466 +466 @@
                 as changing some paths in each user's <code class="filename">NTUSER.DAT</code> hive.
                 </p><p>
-                <a class="indexterm" name="id2572559"></a>
-                <a class="indexterm" name="id2572566"></a>
+                <a class="indexterm" name="id2578618"></a>
+                <a class="indexterm" name="id2578625"></a>
                 Every user profile has its own <code class="filename">NTUSER.DAT</code> file. This means
                 you need to edit every user's profile, unless a better method can be
@@ -475 +475 @@
                 necessary to copy all files from redirected folders to the network share to which
                 they are redirected.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-locgrppol"></a>The Local Group Policy</h4></div></div></div><p>
-                <a class="indexterm" name="id2572607"></a>
-                <a class="indexterm" name="id2572614"></a>
-                <a class="indexterm" name="id2572620"></a>
-                <a class="indexterm" name="id2572627"></a>
+                </p></div><div class="sect3" title="The Local Group Policy"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-locgrppol"></a>The Local Group Policy</h4></div></div></div><p>
+                <a class="indexterm" name="id2578665"></a>
+                <a class="indexterm" name="id2578672"></a>
+                <a class="indexterm" name="id2578679"></a>
+                <a class="indexterm" name="id2578686"></a>
                 Without an Active Directory PDC, you cannot take full advantage of Group Policy 
                 Objects. However, you can still make changes to the Local Group Policy by using 
@@ -488 +488 @@
                 <span class="guimenu">User Configuration</span> &#8594; <span class="guimenuitem">Administrative Templates</span> &#8594; <span class="guimenuitem">System</span> &#8594; <span class="guimenuitem">User Profiles</span>. 
                 By default this setting contains
-                &#8220;<span class="quote">Local Settings; Temporary Internet Files; History; Temp</span>&#8221;.
+                <span class="quote">&#8220;<span class="quote">Local Settings; Temporary Internet Files; History; Temp</span>&#8221;</span>.
                 </p><p>
                 Simply add the folders you do not wish to be copied back and forth to this 
                 semicolon-separated list. Note that this change must be made on all clients 
                 that are using roaming profiles.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572694"></a>Profile Changes</h4></div></div></div><p>
-                <a class="indexterm" name="id2572702"></a>
-                <a class="indexterm" name="id2572709"></a>
+                </p></div><div class="sect3" title="Profile Changes"><div class="titlepage"><div><div><h4 class="title"><a name="id2578753"></a>Profile Changes</h4></div></div></div><p>
+                <a class="indexterm" name="id2578761"></a>
+                <a class="indexterm" name="id2578768"></a>
                 There are two changes that should be done to each user's profile. Move each of 
                 the directories that you have excluded from being copied back and forth out of 
@@ -502 +502 @@
                 path (<code class="filename">C:\Documents and Settings\%USERNAME%</code>).
                 </p><p>
-                <a class="indexterm" name="id2572737"></a>
-                <a class="indexterm" name="id2572744"></a>
+                <a class="indexterm" name="id2578795"></a>
+                <a class="indexterm" name="id2578802"></a>
                 The above modifies existing user profiles. So that newly created profiles have 
                 these settings, you need to modify the <code class="filename">NTUSER.DAT</code> in 
@@ -510 +510 @@
                 <code class="filename">NTUSER.DAT</code> to a Linux box and using <code class="literal">regedt32</code>.
                 The basic method is described under <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572788"></a>Using a Network Default User Profile</h4></div></div></div><p>
-                <a class="indexterm" name="id2572797"></a>
-                <a class="indexterm" name="id2572804"></a>
+                </p></div><div class="sect3" title="Using a Network Default User Profile"><div class="titlepage"><div><div><h4 class="title"><a name="id2578847"></a>Using a Network Default User Profile</h4></div></div></div><p>
+                <a class="indexterm" name="id2578855"></a>
+                <a class="indexterm" name="id2578862"></a>
                 If you are using Samba as your PDC, you should create a file share called 
                 <code class="constant">NETLOGON</code> and within that create a directory called 
@@ -521 +521 @@
                 See also <a class="ulink" href="http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html" target="_top">
                 the Real Men Don't Click</a> Web site.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572847"></a>Installation of Printer Driver Auto-Download</h4></div></div></div><p>
-                <a class="indexterm" name="id2572855"></a>
-                <a class="indexterm" name="id2572865"></a>
-                <a class="indexterm" name="id2572872"></a>
+                </p></div><div class="sect3" title="Installation of Printer Driver Auto-Download"><div class="titlepage"><div><div><h4 class="title"><a name="id2578906"></a>Installation of Printer Driver Auto-Download</h4></div></div></div><p>
+                <a class="indexterm" name="id2578914"></a>
+                <a class="indexterm" name="id2578923"></a>
+                <a class="indexterm" name="id2578930"></a>
                 The subject of printing is quite topical. Printing problems run second place to name
                 resolution issues today. So far in this book, you have experienced only what is generally
-                known as &#8220;<span class="quote">dumb</span>&#8221; printing. Dumb printing is the arrangement by which all drivers
+                known as <span class="quote">&#8220;<span class="quote">dumb</span>&#8221;</span> printing. Dumb printing is the arrangement by which all drivers
                 are manually installed on each client and the printing subsystems perform no filtering
                 or intelligent processing. Dumb printing is easily understood. It usually works without
@@ -533 +533 @@
                 <code class="literal">Raw-Print-Through</code> printing.
                 </p><p>
-                <a class="indexterm" name="id2572900"></a>
-                <a class="indexterm" name="id2572910"></a>
+                <a class="indexterm" name="id2578959"></a>
+                <a class="indexterm" name="id2578968"></a>
                 Samba permits the configuration of <code class="literal">smart</code> printing using the Microsoft
                 Windows point-and-click (also called drag-and-drop) printing. What this provides is
@@ -548 +548 @@
                 suited to the printer to which the job is dispatched.
                 </p><p>
-                <a class="indexterm" name="id2572957"></a>
-                <a class="indexterm" name="id2572963"></a>
-                <a class="indexterm" name="id2572970"></a>
+                <a class="indexterm" name="id2579015"></a>
+                <a class="indexterm" name="id2579022"></a>
+                <a class="indexterm" name="id2579029"></a>
                 The CUPS printing subsystem is capable of intelligent printing. It has the capacity to
                 detect the data format and apply a print filter. This means that it is feasible to install
@@ -567 +567 @@
                 style of installation. Those interested in further information regarding intelligent
                 printing should review documentation on the Easy Software Products Web site.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbeavoid"></a>Avoiding Failures: Solving Problems Before They Happen</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Avoiding Failures: Solving Problems Before They Happen"><div class="titlepage"><div><div><h4 class="title"><a name="sbeavoid"></a>Avoiding Failures: Solving Problems Before They Happen</h4></div></div></div><p>
                 It has often been said that there are three types of people in the world: those who
                 have sharp minds and those who forget things. Please do not ask what the third group
@@ -575 +575 @@
                 </p><p>
                 Here are some diagnostic guidelines that can be referred to when things go wrong:
-                </p><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573037"></a>Preliminary Advice: Dangers Can Be Avoided</h5></div></div></div><p>
-                The best advice regarding how to mend a broken leg is &#8220;<span class="quote">Never break a leg!</span>&#8221;
-                </p><p>
-                <a class="indexterm" name="id2573053"></a>
+                </p><div class="sect4" title="Preliminary Advice: Dangers Can Be Avoided"><div class="titlepage"><div><div><h5 class="title"><a name="id2579096"></a>Preliminary Advice: Dangers Can Be Avoided</h5></div></div></div><p>
+                The best advice regarding how to mend a broken leg is <span class="quote">&#8220;<span class="quote">Never break a leg!</span>&#8221;</span>
+                </p><p>
+                <a class="indexterm" name="id2579112"></a>
                 Newcomers to Samba and LDAP seem to struggle a great deal at first.  If you want advice
-                regarding the best way to remedy LDAP and Samba problems: &#8220;<span class="quote">Avoid them like the plague!</span>&#8221;
+                regarding the best way to remedy LDAP and Samba problems: <span class="quote">&#8220;<span class="quote">Avoid them like the plague!</span>&#8221;</span>
                 </p><p>
                 If you are now asking yourself how problems can be avoided, the best advice is to start
@@ -590 +590 @@
                 that they could serve as the kick-off point for your journey through fields of knowledge.
                 Use this resource carefully; we hope it serves you well.
-                </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+                </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
                 Do not be lulled into thinking that you can easily adopt the examples in this
                 book and adapt them without first working through the examples provided. A little
                 thing overlooked can cause untold pain and may permanently tarnish your experience.
-                </p></div></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573097"></a>The Name Service Caching Daemon</h5></div></div></div><p>
+                </p></div></div><div class="sect4" title="The Name Service Caching Daemon"><div class="titlepage"><div><div><h5 class="title"><a name="id2579156"></a>The Name Service Caching Daemon</h5></div></div></div><p>
                 The name service caching daemon (nscd) is a primary cause of difficulties with name
                 resolution, particularly where <code class="literal">winbind</code> is used. Winbind does its
@@ -661 +661 @@
 <code class="prompt">root# </code> rcnscd off
 </pre><p>
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573271"></a>Debugging LDAP</h5></div></div></div><p>
-                <a class="indexterm" name="id2573279"></a>
-                <a class="indexterm" name="id2573286"></a>
-                <a class="indexterm" name="id2573293"></a>
+                </p></div><div class="sect4" title="Debugging LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id2579330"></a>Debugging LDAP</h5></div></div></div><p>
+                <a class="indexterm" name="id2579338"></a>
+                <a class="indexterm" name="id2579345"></a>
+                <a class="indexterm" name="id2579351"></a>
                 In the example <code class="filename">/etc/openldap/slapd.conf</code> control file
                 (see <a class="link" href="happy.html#sbehap-dbconf" title="Example 5.1. LDAP DB_CONFIG File">&#8220;LDAP DB_CONFIG File&#8221;</a>) there is an entry for <code class="constant">loglevel      256</code>.
@@ -670 +670 @@
                 and restart <code class="literal">slapd</code>.
                 </p><p>
-                <a class="indexterm" name="id2573328"></a>
-                <a class="indexterm" name="id2573335"></a>
+                <a class="indexterm" name="id2579387"></a>
+                <a class="indexterm" name="id2579394"></a>
                 LDAP log information can be directed into a file that is separate from the normal system
                 log files by changing the <code class="filename">/etc/syslog.conf</code> file so it has the following
@@ -690 +690 @@
                 customization with the intent that LDAP log files will be stored at a location
                 that meets local site needs and wishes more fully.
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573377"></a>Debugging NSS_LDAP</h5></div></div></div><p>
+                </p></div><div class="sect4" title="Debugging NSS_LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id2579436"></a>Debugging NSS_LDAP</h5></div></div></div><p>
                 The basic mechanism for diagnosing problems with the nss_ldap utility involves adding to the
                 <code class="filename">/etc/ldap.conf</code> file the following parameters:
@@ -703 +703 @@
                 </p><p>
                 The diagnostic process should follow these steps:
-                </p><div class="procedure"><a name="id2573421"></a><p class="title"><b>Procedure 5.1. NSS_LDAP Diagnostic Steps</b></p><ol type="1"><li><p>
+                </p><div class="procedure" title="Procedure 5.1. NSS_LDAP Diagnostic Steps"><a name="id2579479"></a><p class="title"><b>Procedure 5.1. NSS_LDAP Diagnostic Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Verify the <code class="constant">nss_base_passwd, nss_base_shadow, nss_base_group</code> entries
                         in the <code class="filename">/etc/ldap.conf</code> file and compare them closely with the directory
@@ -740 +740 @@
                         has been implemented:
                         </p><p>
-                        </p><div class="itemizedlist"><ul type="disc"><li><p>User accounts are stored under the DIT: ou=Users, dc=abmas, dc=biz</p></li><li><p>User login accounts are under the DIT: ou=People, ou-Users, dc=abmas, dc=biz</p></li><li><p>Computer accounts are under the DIT: ou=Computers, ou=Users, dc=abmas, dc=biz</p></li></ul></div><p>
+                        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>User accounts are stored under the DIT: ou=Users, dc=abmas, dc=biz</p></li><li class="listitem"><p>User login accounts are under the DIT: ou=People, ou-Users, dc=abmas, dc=biz</p></li><li class="listitem"><p>Computer accounts are under the DIT: ou=Computers, ou=Users, dc=abmas, dc=biz</p></li></ul></div><p>
                         </p><p>
                         The appropriate multiple entry for the <code class="constant">nss_base_passwd</code> directive
@@ -748 +748 @@
 nss_base_passwd ou=Computers,ou=Users,dc=abmas,dc=org?one
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Perform lookups such as:
 </p><pre class="screen">
@@ -756 +756 @@
                         for each such process executed. The contents of each file created in this directory
                         may provide a hint as to the cause of the a problem that is under investigation. 
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         For additional diagnostic information, check the contents of the <code class="filename">/var/log/messages</code>
                         to see what error messages are being generated as a result of the LDAP lookups. Here is an example of
@@ -789 +789 @@
 
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         Check that the bindpw entry in the <code class="filename">/etc/ldap.conf</code> or in the
                         <code class="filename">/etc/ldap.secrets</code> file is correct, as specified in the
                         <code class="filename">/etc/openldap/slapd.conf</code> file.
-                        </p></li></ol></div></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573672"></a>Debugging Samba</h5></div></div></div><p>
+                        </p></li></ol></div></div><div class="sect4" title="Debugging Samba"><div class="titlepage"><div><div><h5 class="title"><a name="id2579730"></a>Debugging Samba</h5></div></div></div><p>
                 The following parameters in the <code class="filename">smb.conf</code> file can be useful in tracking down Samba-related problems:
 </p><pre class="screen">
@@ -823 +823 @@
                 Search for hints of what may have failed by looking for the words <span class="emphasis"><em>fail</em></span>
                 and <span class="emphasis"><em>error</em></span>.
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573743"></a>Debugging on the Windows Client</h5></div></div></div><p>
+                </p></div><div class="sect4" title="Debugging on the Windows Client"><div class="titlepage"><div><div><h5 class="title"><a name="id2579801"></a>Debugging on the Windows Client</h5></div></div></div><p>
                 MS Windows 2000 Professional and Windows  XP Professional clients can be configured
                 to create a netlogon.log file that can be very helpful in diagnosing network logon problems. Search
                 the Microsoft knowledge base for detailed instructions. The techniques vary a little with each
                 version of MS Windows.
-                </p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2573760"></a>Political Issues</h3></div></div></div><p>
+                </p></div></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2579819"></a>Political Issues</h3></div></div></div><p>
                 MS Windows network users are generally very sensitive to limits that may be imposed when 
                 confronted with locked-down workstation configurations. The challenge you face must 
                 be promoted as a choice between reliable, fast network operation and a constant flux    
                 of problems that result in user irritation.
-                </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2573776"></a>Installation Checklist</h3></div></div></div><p>
+                </p></div><div class="sect2" title="Installation Checklist"><div class="titlepage"><div><div><h3 class="title"><a name="id2579834"></a>Installation Checklist</h3></div></div></div><p>
         You are starting a complex project. Even though you went through the installation of a complex
         network in <a class="link" href="Big500users.html" title="Chapter 4. The 500-User Office">&#8220;The 500-User Office&#8221;</a>, this network is a bigger challenge because of the
@@ -841 +841 @@
         been completed. The following task list may help you to keep track of the task items
         that are covered:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Samba-3 PDC Server Configuration</p><div class="orderedlist"><ol type="1"><li><p>DHCP and DNS servers</p></li><li><p>OpenLDAP server</p></li><li><p>PAM and NSS client tools</p></li><li><p>Samba-3 PDC</p></li><li><p>Idealx smbldap scripts</p></li><li><p>LDAP initialization</p></li><li><p>Create user and group accounts</p></li><li><p>Printers</p></li><li><p>Share point directory roots</p></li><li><p>Profile directories</p></li><li><p>Logon scripts</p></li><li><p>Configuration of user rights and privileges</p></li></ol></div></li><li><p>Samba-3 BDC Server Configuration</p><div class="orderedlist"><ol type="1"><li><p>DHCP and DNS servers</p></li><li><p>PAM and NSS client tools</p></li><li><p>Printers</p></li><li><p>Share point directory roots</p></li><li><p>Profiles directories</p></li></ol></div></li><li><p>Windows XP Client Configuration</p><div class="orderedlist"><ol type="1"><li><p>Default profile folder redirection</p></li><li><p>MS Outlook PST file relocation</p></li><li><p>Delete roaming profile on logout</p></li><li><p>Upload printer drivers to Samba servers</p></li><li><p>Install software</p></li><li><p>Creation of roll-out images</p></li></ol></div></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2573956"></a>Samba Server Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id2573964"></a>
-        <a class="indexterm" name="id2573971"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Samba-3 PDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>OpenLDAP server</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Samba-3 PDC</p></li><li class="listitem"><p>Idealx smbldap scripts</p></li><li class="listitem"><p>LDAP initialization</p></li><li class="listitem"><p>Create user and group accounts</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profile directories</p></li><li class="listitem"><p>Logon scripts</p></li><li class="listitem"><p>Configuration of user rights and privileges</p></li></ol></div></li><li class="listitem"><p>Samba-3 BDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profiles directories</p></li></ol></div></li><li class="listitem"><p>Windows XP Client Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Default profile folder redirection</p></li><li class="listitem"><p>MS Outlook PST file relocation</p></li><li class="listitem"><p>Delete roaming profile on logout</p></li><li class="listitem"><p>Upload printer drivers to Samba servers</p></li><li class="listitem"><p>Install software</p></li><li class="listitem"><p>Creation of roll-out images</p></li></ol></div></li></ul></div></div></div><div class="sect1" title="Samba Server Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2580015"></a>Samba Server Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id2580023"></a>
+        <a class="indexterm" name="id2580030"></a>
         The network design shown in <a class="link" href="happy.html#chap6net" title="Figure 5.2. Network Topology 500 User Network Using ldapsam passdb backend">&#8220;Network Topology  500 User Network Using ldapsam passdb backend&#8221;</a> is not comprehensive. It is assumed
         that you will install additional file servers and possibly additional BDCs.
         </p><div class="figure"><a name="chap6net"></a><p class="title"><b>Figure 5.2. Network Topology  500 User Network Using ldapsam passdb backend</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap6-net.png" width="270" alt="Network Topology 500 User Network Using ldapsam passdb backend"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2574034"></a>
-        <a class="indexterm" name="id2574041"></a>
+        <a class="indexterm" name="id2580092"></a>
+        <a class="indexterm" name="id2580099"></a>
         All configuration files and locations are shown for SUSE Linux 9.2 and are equally valid for SUSE
         Linux Enterprise Server 9. The file locations for Red Hat Linux are similar. You may need to
         adjust the locations for your particular Linux system distribution/implementation.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
 The following information applies to Samba-3.0.20 when used with the Idealx smbldap-tools
 scripts version 0.9.1. If using a different version of Samba or of the smbldap-tools tarball,
@@ -868 +868 @@
         with newly installed Linux servers, you must complete the steps shown in
         <a class="link" href="Big500users.html#ch5-dnshcp-setup" title="Installation of DHCP, DNS, and Samba Control Files">&#8220;Installation of DHCP, DNS, and Samba Control Files&#8221;</a> before commencing at <a class="link" href="happy.html#ldapsetup" title="OpenLDAP Server Configuration">&#8220;OpenLDAP Server Configuration&#8221;</a>.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ldapsetup"></a>OpenLDAP Server Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2574122"></a>
-        <a class="indexterm" name="id2574129"></a>
-        <a class="indexterm" name="id2574136"></a>
+        </p><div class="sect2" title="OpenLDAP Server Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ldapsetup"></a>OpenLDAP Server Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id2580181"></a>
+        <a class="indexterm" name="id2580187"></a>
+        <a class="indexterm" name="id2580194"></a>
         Confirm that the packages shown in <a class="link" href="happy.html#oldapreq" title="Table 5.2. Required OpenLDAP Linux Packages">&#8220;Required OpenLDAP Linux Packages&#8221;</a> are installed on your system.
         </p><div class="table"><a name="oldapreq"></a><p class="title"><b>Table 5.2. Required OpenLDAP Linux Packages</b></p><div class="table-contents"><table summary="Required OpenLDAP Linux Packages" border="1"><colgroup><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">SUSE Linux 8.x</th><th align="center">SUSE Linux 9.x</th><th align="center">Red Hat Linux</th></tr></thead><tbody><tr><td align="left">nss_ldap</td><td align="left">nss_ldap</td><td align="left">nss_ldap</td></tr><tr><td align="left">pam_ldap</td><td align="left">pam_ldap</td><td align="left">pam_ldap</td></tr><tr><td align="left">openldap2</td><td align="left">openldap2</td><td align="left">openldap</td></tr><tr><td align="left">openldap2-client</td><td align="left">openldap2-client</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><p>
@@ -877 +877 @@
         for bootstrapping the LDAP and Samba-3 configuration is relatively straightforward. If you
         follow these guidelines, the resulting system should work fine.
-        </p><div class="procedure"><a name="id2574268"></a><p class="title"><b>Procedure 5.2. OpenLDAP Server Configuration Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2574279"></a>
+        </p><div class="procedure" title="Procedure 5.2. OpenLDAP Server Configuration Steps"><a name="id2580326"></a><p class="title"><b>Procedure 5.2. OpenLDAP Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id2580338"></a>
                 Install the file shown in <a class="link" href="happy.html#sbehap-slapdconf" title="Example 5.2. LDAP Master Configuration File /etc/openldap/slapd.conf Part A">&#8220;LDAP Master Configuration File  /etc/openldap/slapd.conf Part A&#8221;</a> in the directory
                 <code class="filename">/etc/openldap</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574307"></a>
-                <a class="indexterm" name="id2574314"></a>
-                <a class="indexterm" name="id2574321"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id2580366"></a>
+                <a class="indexterm" name="id2580373"></a>
+                <a class="indexterm" name="id2580380"></a>
                 Remove all files from the directory <code class="filename">/data/ldap</code>, making certain that
                 the directory exists with permissions:
@@ -892 +892 @@
 </pre><p>
                 This may require you to add a user and a group account for LDAP if they do not exist.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574357"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id2580415"></a>
                 Install the file shown in <a class="link" href="happy.html#sbehap-dbconf" title="Example 5.1. LDAP DB_CONFIG File">&#8220;LDAP DB_CONFIG File&#8221;</a> in the directory
                 <code class="filename">/data/ldap</code>. In the event that this file is added after <code class="constant">ldap</code>
@@ -899 +899 @@
                 the <code class="constant">LDAP</code> server, executing the <code class="literal">db_recover</code> command inside the
                 <code class="filename">/data/ldap</code> directory, and then restarting the <code class="constant">LDAP</code> server.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574410"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id2580468"></a>
                 Performance logging can be enabled and should preferably be sent to a file on
                 a file system that is large enough to handle significantly sized logs. To enable
                 the logging at a verbose level to permit detailed analysis, uncomment the entry in
-                the <code class="filename">/etc/openldap/slapd.conf</code> shown as &#8220;<span class="quote">loglevel 256</span>&#8221;.
+                the <code class="filename">/etc/openldap/slapd.conf</code> shown as <span class="quote">&#8220;<span class="quote">loglevel 256</span>&#8221;</span>.
                 </p><p>
                 Edit the <code class="filename">/etc/syslog.conf</code> file to add the following at the end
@@ -975 +975 @@
 index sambaDomainName       eq
 index default               sub
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-PAM-NSS"></a>PAM and NSS Client Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2574568"></a>
-        <a class="indexterm" name="id2574575"></a>
-        <a class="indexterm" name="id2574582"></a>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="PAM and NSS Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-PAM-NSS"></a>PAM and NSS Client Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id2580627"></a>
+        <a class="indexterm" name="id2580634"></a>
+        <a class="indexterm" name="id2580640"></a>
         The steps that follow involve configuration of LDAP, NSS LDAP-based resolution of users and
         groups. Also, so that LDAP-based accounts can log onto the system, the steps ahead configure
         the Pluggable Authentication Modules (PAM) to permit LDAP-based authentication.
         </p><p>
-        <a class="indexterm" name="id2574596"></a>
-        <a class="indexterm" name="id2574606"></a>
+        <a class="indexterm" name="id2580655"></a>
+        <a class="indexterm" name="id2580664"></a>
         Since you have chosen to put UNIX user and group accounts into the LDAP database, it is likely
         that you may want to use them for UNIX system (Linux) local machine logons. This necessitates
@@ -991 +991 @@
         module also has the ability to redirect authentication requests through LDAP.
         </p><p>
-        <a class="indexterm" name="id2574634"></a>
-        <a class="indexterm" name="id2574641"></a>
-        <a class="indexterm" name="id2574648"></a>
-        <a class="indexterm" name="id2574655"></a>
+        <a class="indexterm" name="id2580693"></a>
+        <a class="indexterm" name="id2580699"></a>
+        <a class="indexterm" name="id2580706"></a>
+        <a class="indexterm" name="id2580713"></a>
         You have chosen to configure these services by directly editing the system files, but of course, you
         know that this configuration can be done using system tools provided by the Linux system vendor.
@@ -1000 +1000 @@
         configuration of SUSE Linux as an LDAP client. Red Hat Linux provides the <code class="literal">authconfig</code>
         tool for this.
-        </p><div class="procedure"><a name="id2574694"></a><p class="title"><b>Procedure 5.3. PAM and NSS Client Configuration Steps</b></p><div class="example"><a name="sbehap-nss01"></a><p class="title"><b>Example 5.4. Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></b></p><div class="example-contents"><pre class="screen">
+        </p><div class="procedure" title="Procedure 5.3. PAM and NSS Client Configuration Steps"><a name="id2580753"></a><p class="title"><b>Procedure 5.3. PAM and NSS Client Configuration Steps</b></p><div class="example"><a name="sbehap-nss01"></a><p class="title"><b>Example 5.4. Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></b></p><div class="example-contents"><pre class="screen">
 host 127.0.0.1
 
@@ -1042 +1042 @@
 
 ssl off
-</pre></div></div><br class="example-break"><ol type="1"><li><p>
-                <a class="indexterm" name="id2574706"></a>
-                <a class="indexterm" name="id2574713"></a>
-                <a class="indexterm" name="id2574720"></a>
+</pre></div></div><br class="example-break"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id2580764"></a>
+                <a class="indexterm" name="id2580772"></a>
+                <a class="indexterm" name="id2580778"></a>
                 Execute the following command to find where the <code class="filename">nss_ldap</code> module
                 expects to find its control file:
@@ -1052 +1052 @@
 </pre><p>
                 The preferred and usual location is <code class="filename">/etc/ldap.conf</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 On the server <code class="constant">MASSIVE</code>, install the file shown in 
                 <a class="link" href="happy.html#sbehap-nss01" title="Example 5.4. Configuration File for NSS LDAP Support /etc/ldap.conf">&#8220;Configuration File for NSS LDAP Support  /etc/ldap.conf&#8221;</a> into the path that was obtained from the step above.
                 On the servers called <code class="constant">BLDG1</code> and <code class="constant">BLDG2</code>, install the file shown in
                 <a class="link" href="happy.html#sbehap-nss02" title="Example 5.5. Configuration File for NSS LDAP Clients Support /etc/ldap.conf">&#8220;Configuration File for NSS LDAP Clients Support  /etc/ldap.conf&#8221;</a> into the path that was obtained from the step above.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574854"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id2580912"></a>
                 Edit the NSS control file (<code class="filename">/etc/nsswitch.conf</code>) so that the lines that
                 control user and group resolution will obtain information from the normal system files as
@@ -1072 +1072 @@
                 WINS-based hostname resolution is deliberate so that all MS Windows client hostnames can be 
                 resolved to their IP addresses, whether or not they are DHCP clients.
-                </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 Some Linux systems (Novell SUSE Linux in particular) add entries to the <code class="filename">nsswitch.conf</code>
                 file that may cause operational problems with the configuration methods adopted in this book. It is
@@ -1080 +1080 @@
                 Even at the risk of overstating the issue, incorrect and inappropriate configuration of the
                 <code class="filename">nsswitch.conf</code> file is a significant cause of operational problems with LDAP.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574929"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id2580988"></a>
                 For PAM LDAP configuration on this SUSE Linux 9.0 system, the simplest solution is to edit the following
                 files in the <code class="filename">/etc/pam.d</code> directory: <code class="literal">login</code>, <code class="literal">password</code>,
@@ -1103 +1103 @@
 </pre><p>
                 </p><p>
-                <a class="indexterm" name="id2575008"></a>
+                <a class="indexterm" name="id2581067"></a>
                 On other Linux systems that do not have an LDAP-enabled <code class="literal">pam_unix2.so</code> module,
                 you must edit these files by adding the <code class="literal">pam_ldap.so</code> modules as shown here:
@@ -1126 +1126 @@
                 implementation, but if the <code class="literal">pam_unix2.so</code> on your system supports
                 LDAP, you probably want to use it rather than add an additional module.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-massive"></a>Samba-3 PDC Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2575091"></a>
+                </p></li></ol></div></div><div class="sect2" title="Samba-3 PDC Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-massive"></a>Samba-3 PDC Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id2581150"></a>
         Verify that the Samba-3.0.20 (or later) packages are installed on each SUSE Linux server 
         before following the steps below. If Samba-3.0.20 (or later) is not installed, you have the
@@ -1134 +1134 @@
         Red Hat Fedora Core and Red Hat Enterprise Linux Server 3 and 4, are included on the CD-ROM that
         is included with this book.
-        </p><div class="procedure"><a name="id2575107"></a><p class="title"><b>Procedure 5.4. Configuration of PDC Called <code class="constant">MASSIVE</code></b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.4. Configuration of PDC Called MASSIVE"><a name="id2581166"></a><p class="title"><b>Procedure 5.4. Configuration of PDC Called <code class="constant">MASSIVE</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-massive-smbconfa" title="Example 5.6. LDAP Based smb.conf File, Server: MASSIVE global Section: Part A">&#8220;LDAP Based smb.conf File, Server: MASSIVE  global Section: Part A&#8221;</a>, 
                 <a class="link" href="happy.html#sbehap-massive-smbconfb" title="Example 5.7. LDAP Based smb.conf File, Server: MASSIVE global Section: Part B">&#8220;LDAP Based smb.conf File, Server: MASSIVE  global Section: Part B&#8221;</a>, <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, 
@@ -1143 +1143 @@
                 on the master file. The operational <code class="filename">smb.conf</code> is then generated as shown in
                 the next step.
-                </p></li><li><p>
-                <a class="indexterm" name="id2575184"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id2581242"></a>
                 Create and verify the contents of the <code class="filename">smb.conf</code> file that is generated by:
 </p><pre class="screen">
@@ -1171 +1171 @@
 Press enter to see a dump of your service definitions
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Delete all runtime files from prior Samba operation by executing (for SUSE
                 Linux):
@@ -1180 +1180 @@
 <code class="prompt">root# </code> rm /var/log/samba/*
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2575283"></a>
-                <a class="indexterm" name="id2575290"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id2581342"></a>
+                <a class="indexterm" name="id2581348"></a>
                 Samba-3 communicates with the LDAP server. The password that it uses to
                 authenticate to the LDAP server must be stored in the <code class="filename">secrets.tdb</code>
@@ -1194 +1194 @@
 Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2575339"></a>
-                <a class="indexterm" name="id2575345"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id2581397"></a>
+                <a class="indexterm" name="id2581404"></a>
                 Samba-3 generates a Windows Security Identifier (SID) only when <code class="literal">smbd</code>
                 has been started. For this reason, you start Samba. After a few seconds delay,
@@ -1227 +1227 @@
                 errors (the most common problem).  The use of the <code class="literal">testparm</code> is highly 
                 recommended to validate the contents of this file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 When a positive domain SID has been reported, stop Samba.
-                </p></li><li><p>
-                <a class="indexterm" name="id2575457"></a>
-                <a class="indexterm" name="id2575464"></a>
-                <a class="indexterm" name="id2575471"></a>
-                <a class="indexterm" name="id2575478"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id2581516"></a>
+                <a class="indexterm" name="id2581523"></a>
+                <a class="indexterm" name="id2581530"></a>
+                <a class="indexterm" name="id2581536"></a>
                 Configure the NFS server for your Linux system. So you can complete the steps that
                 follow, enter into the <code class="filename">/etc/exports</code> the following entry:
@@ -1251 +1251 @@
         Your Samba-3 PDC is now ready to communicate with the LDAP password backend. Let's get on with
         configuration of the LDAP server.
-        </p><div class="example"><a name="sbehap-massive-smbconfa"></a><p class="title"><b>Example 5.6. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2575564"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2575576"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2575588"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2575600"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2575611"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575623"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2575636"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575648"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2575660"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2575671"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2575683"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2575694"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2575706"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2575718"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2575730"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575742"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2575753"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2575766"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2575778"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2575790"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575803"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575815"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575828"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575841"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2575854"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-massive-smbconfb"></a><p class="title"><b>Example 5.7. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td><a class="indexterm" name="id2575892"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2575904"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2575916"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2575927"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575939"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575951"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575962"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2575974"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2575986"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2575998"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2576010"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2576022"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2576034"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2576047"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2576058"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2576070"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2576082"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2576094"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbeidealx"></a>Install and Configure Idealx smbldap-tools Scripts</h3></div></div></div><p>
-        <a class="indexterm" name="id2576120"></a>
+        </p><div class="example"><a name="sbehap-massive-smbconfa"></a><p class="title"><b>Example 5.6. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2581623"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2581635"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2581646"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2581658"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2581670"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2581682"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2581694"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2581706"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2581718"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2581730"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2581741"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2581753"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2581765"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2581776"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2581788"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2581800"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2581812"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2581824"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2581836"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2581849"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2581861"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2581874"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2581887"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2581900"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2581913"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-massive-smbconfb"></a><p class="title"><b>Example 5.7. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td><a class="indexterm" name="id2581950"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2581962"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2581974"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2581986"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2581997"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2582009"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2582021"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2582033"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2582045"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2582057"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2582069"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2582081"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2582093"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2582105"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2582117"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2582129"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2582141"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2582152"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Install and Configure Idealx smbldap-tools Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="sbeidealx"></a>Install and Configure Idealx smbldap-tools Scripts</h3></div></div></div><p>
+        <a class="indexterm" name="id2582178"></a>
         The Idealx scripts, or equivalent, are necessary to permit Samba-3 to manage accounts
         on the LDAP server. You have chosen the Idealx scripts because they are the best-known
@@ -1262 +1262 @@
         <a class="ulink" href="http://samba.idealx.org/dist/smbldap-tools-0.9.1-1.src.rpm" target="_top">smbldap-tools-0.9.1-1.src.rpm</a>
         file that may be used to build an installable RPM package for your Linux system.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
 The smbldap-tools scripts can be installed in any convenient directory of your choice, in which case you must
 change the path to them in your <code class="filename">smb.conf</code> file on the PDC (<code class="constant">MASSIVE</code>).
@@ -1269 +1269 @@
         The scripts are not needed on BDC machines because all LDAP updates are handled by
         the PDC alone.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2576187"></a>Installation of smbldap-tools from the Tarball</h4></div></div></div><p>
+        </p><div class="sect3" title="Installation of smbldap-tools from the Tarball"><div class="titlepage"><div><div><h4 class="title"><a name="id2582245"></a>Installation of smbldap-tools from the Tarball</h4></div></div></div><p>
         To perform a manual installation of the smbldap-tools scripts, the following procedure may be used:
-        </p><div class="procedure"><a name="idealxscript"></a><p class="title"><b>Procedure 5.5. Unpacking and Installation Steps for the <code class="constant">smbldap-tools</code> Tarball</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.5. Unpacking and Installation Steps for the smbldap-tools Tarball"><a name="idealxscript"></a><p class="title"><b>Procedure 5.5. Unpacking and Installation Steps for the <code class="constant">smbldap-tools</code> Tarball</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Create the <code class="filename">/opt/IDEALX/sbin</code> directory, and set its permissions
                 and ownership as shown here:
@@ -1282 +1282 @@
 <code class="prompt">root# </code> chmod 755 /etc/smbldap-tools
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 If you wish to use the downloaded tarball, unpack the smbldap-tools in a suitable temporary location.
                 Change into either the directory extracted from the tarball or the smbldap-tools
                 directory in your <code class="filename">/usr/share/doc/packages</code> directory tree.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Copy all the <code class="filename">smbldap-*</code> and the <code class="filename">configure.pl</code> files into the 
                 <code class="filename">/opt/IDEALX/sbin</code> directory, as shown here:
@@ -1298 +1298 @@
 <code class="prompt">root# </code> chmod 600 /etc/smbldap-tools/smbldap_bind.conf
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 The smbldap-tools scripts master control file must now be configured.
                 Change to the <code class="filename">/opt/IDEALX/sbin</code> directory, then edit the
@@ -1311 +1311 @@
 ...
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 To complete the configuration of the smbldap-tools, set the permissions and ownership
                 by executing the following commands:
@@ -1321 +1321 @@
                 The smbldap-tools scripts are now ready for the configuration step outlined in
                 <a class="link" href="happy.html#smbldap-init" title="Configuration of smbldap-tools">&#8220;Configuration of smbldap-tools&#8221;</a>.
-                </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2576439"></a>Installing smbldap-tools from the RPM Package</h4></div></div></div><p>
+                </p></li></ol></div></div><div class="sect3" title="Installing smbldap-tools from the RPM Package"><div class="titlepage"><div><div><h4 class="title"><a name="id2582498"></a>Installing smbldap-tools from the RPM Package</h4></div></div></div><p>
         In the event that you have elected to use the RPM package provided by Idealx, download the
         source RPM <code class="filename">smbldap-tools-0.9.1-1.src.rpm</code>, then follow this procedure:
-        </p><div class="procedure"><a name="id2576457"></a><p class="title"><b>Procedure 5.6. Installation Steps for <code class="constant">smbldap-tools</code> RPM's</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.6. Installation Steps for smbldap-tools RPM's"><a name="id2582516"></a><p class="title"><b>Procedure 5.6. Installation Steps for <code class="constant">smbldap-tools</code> RPM's</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the source RPM that has been downloaded as follows:
 </p><pre class="screen">
 <code class="prompt">root# </code> rpm -i smbldap-tools-0.9.1-1.src.rpm
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Change into the directory in which the SPEC files are located. On SUSE Linux:
 </p><pre class="screen">
@@ -1338 +1338 @@
 <code class="prompt">root# </code> cd /usr/src/redhat/SPECS
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Edit the <code class="filename">smbldap-tools.spec</code> file to change the value of the
                 <code class="constant">_sysconfig</code> macro as shown here:
@@ -1346 +1346 @@
 </pre><p>
                 Note: Any suitable directory can be specified.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Build the package by executing:
 </p><pre class="screen">
@@ -1353 +1353 @@
                 A build process that has completed without error will place the installable binary
                 files in the directory <code class="filename">../RPMS/noarch</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Install the binary package by executing:
 </p><pre class="screen">
@@ -1361 +1361 @@
         The Idealx scripts should now be ready for configuration using the steps outlined in
         <a class="link" href="happy.html#smbldap-init" title="Configuration of smbldap-tools">Configuration of smbldap-tools</a>.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="smbldap-init"></a>Configuration of smbldap-tools</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Configuration of smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="smbldap-init"></a>Configuration of smbldap-tools</h4></div></div></div><p>
         Prior to use, the smbldap-tools must be configured to match the settings in the <code class="filename">smb.conf</code> file
         and to match the settings in the <code class="filename">/etc/openldap/slapd.conf</code> file. The assumption
@@ -1369 +1369 @@
         The smbldap-tools require that the NetBIOS name (machine name) of the Samba server be included
         in the <code class="filename">smb.conf</code> file.
-        </p><div class="procedure"><a name="id2576652"></a><p class="title"><b>Procedure 5.7. Configuration Steps for <code class="constant">smbldap-tools</code> to Enable Use</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.7. Configuration Steps for smbldap-tools to Enable Use"><a name="id2582711"></a><p class="title"><b>Procedure 5.7. Configuration Steps for <code class="constant">smbldap-tools</code> to Enable Use</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Change into the directory that contains the <code class="filename">configure.pl</code> script.
 </p><pre class="screen">
 <code class="prompt">root# </code> cd /opt/IDEALX/sbin
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Execute the <code class="filename">configure.pl</code> script as follows:
 </p><pre class="screen">
@@ -1470 +1470 @@
                 address of the master LDAP server for both the master and the slave configuration
                 prompts.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Change to the directory that contains the <code class="filename">smbldap.conf</code> file,
                 then verify its contents.
                 </p></li></ol></div><p>
         The smbldap-tools are now ready for use.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2576854"></a>LDAP Initialization and Creation of User and Group Accounts</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="LDAP Initialization and Creation of User and Group Accounts"><div class="titlepage"><div><div><h3 class="title"><a name="id2582912"></a>LDAP Initialization and Creation of User and Group Accounts</h3></div></div></div><p>
         The LDAP database must be populated with well-known Windows domain user accounts and domain group 
         accounts before Samba can be used. The following procedures step you through the process.
@@ -1487 +1487 @@
         </p><p>
         Addition of an account to the LDAP backend can be done in two ways:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2576888"></a>
-                <a class="indexterm" name="id2576894"></a>
-                <a class="indexterm" name="id2576901"></a>
-                <a class="indexterm" name="id2576908"></a>
-                <a class="indexterm" name="id2576915"></a>
-                <a class="indexterm" name="id2576922"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id2582946"></a>
+                <a class="indexterm" name="id2582953"></a>
+                <a class="indexterm" name="id2582960"></a>
+                <a class="indexterm" name="id2582966"></a>
+                <a class="indexterm" name="id2582973"></a>
+                <a class="indexterm" name="id2582980"></a>
                 If you always have a user account in the <code class="filename">/etc/passwd</code> on every 
                 server or in a NIS(+) backend, it is not necessary to add POSIX accounts for them in 
@@ -1504 +1504 @@
                 migration tool to migrate all system accounts from either the <code class="filename">/etc/passwd</code>
                 files, or from NIS, to LDAP.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 If you decide that it is probably a good idea to add both the PosixAccount attributes
                 as well as the SambaSamAccount attributes for each user, then a suitable script is needed.
@@ -1511 +1511 @@
                 is included on the enclosed CD-ROM under <code class="filename">Chap06/Tools.</code>
                 </p></li></ul></div><p>
-        <a class="indexterm" name="id2576982"></a>
+        <a class="indexterm" name="id2583040"></a>
         If you wish to have more control over how the LDAP database is initialized or 
         if you don't want to use the Idealx smbldap-tools, you should refer to 
         <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#altldapcfg" title="Alternative LDAP Database Initialization">&#8220;Alternative LDAP Database Initialization&#8221;</a>.
         </p><p>
-        <a class="indexterm" name="id2577009"></a>
+        <a class="indexterm" name="id2583067"></a>
         The following steps initialize the LDAP database, and then you can add user and group
         accounts that Samba can use. You use the <code class="literal">smbldap-populate</code> to
         seed the LDAP database. You then manually add the accounts shown in <a class="link" href="happy.html#sbehap-bigacct" title="Table 5.3. Abmas Network Users and Groups">&#8220;Abmas Network Users and Groups&#8221;</a>. 
         The list of users does not cover all 500 network users; it provides examples only.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2577038"></a>
-        <a class="indexterm" name="id2577047"></a>
-        <a class="indexterm" name="id2577056"></a>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id2583097"></a>
+        <a class="indexterm" name="id2583106"></a>
+        <a class="indexterm" name="id2583115"></a>
         In the following examples, as the LDAP database is initialized, we do create a container
         for Computer (machine) accounts. In the Samba-3 <code class="filename">smb.conf</code> files, specific use is made
@@ -1541 +1541 @@
         are able to sidestep this limitation. This is the simpler solution that has been adopted
         in this chapter.
-        </p></div><div class="table"><a name="sbehap-bigacct"></a><p class="title"><b>Table 5.3. Abmas Network Users and Groups</b></p><div class="table-contents"><table summary="Abmas Network Users and Groups" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">Account Name</th><th align="center">Type</th><th align="center">ID</th><th align="center">Password</th></tr></thead><tbody><tr><td align="left">Robert Jordan</td><td align="left">User</td><td align="left">bobj</td><td align="left">n3v3r2l8</td></tr><tr><td align="left">Stanley Soroka</td><td align="left">User</td><td align="left">stans</td><td align="left">impl13dst4r</td></tr><tr><td align="left">Christine Roberson</td><td align="left">User</td><td align="left">chrisr</td><td align="left">S9n0nw4ll</td></tr><tr><td align="left">Mary Vortexis</td><td align="left">User</td><td align="left">maryv</td><td align="left">kw13t0n3</td></tr><tr><td align="left">Accounts</td><td align="left">Group</td><td align="left">Accounts</td><td align="left"> </td></tr><tr><td align="left">Finances</td><td align="left">Group</td><td align="left">Finances</td><td align="left"> </td></tr><tr><td align="left">Insurance</td><td align="left">Group</td><td align="left">PIOps</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><div class="procedure"><a name="creatacc"></a><p class="title"><b>Procedure 5.8. LDAP Directory Initialization Steps</b></p><ol type="1"><li><p>
+        </p></div><div class="table"><a name="sbehap-bigacct"></a><p class="title"><b>Table 5.3. Abmas Network Users and Groups</b></p><div class="table-contents"><table summary="Abmas Network Users and Groups" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">Account Name</th><th align="center">Type</th><th align="center">ID</th><th align="center">Password</th></tr></thead><tbody><tr><td align="left">Robert Jordan</td><td align="left">User</td><td align="left">bobj</td><td align="left">n3v3r2l8</td></tr><tr><td align="left">Stanley Soroka</td><td align="left">User</td><td align="left">stans</td><td align="left">impl13dst4r</td></tr><tr><td align="left">Christine Roberson</td><td align="left">User</td><td align="left">chrisr</td><td align="left">S9n0nw4ll</td></tr><tr><td align="left">Mary Vortexis</td><td align="left">User</td><td align="left">maryv</td><td align="left">kw13t0n3</td></tr><tr><td align="left">Accounts</td><td align="left">Group</td><td align="left">Accounts</td><td align="left"> </td></tr><tr><td align="left">Finances</td><td align="left">Group</td><td align="left">Finances</td><td align="left"> </td></tr><tr><td align="left">Insurance</td><td align="left">Group</td><td align="left">PIOps</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><div class="procedure" title="Procedure 5.8. LDAP Directory Initialization Steps"><a name="creatacc"></a><p class="title"><b>Procedure 5.8. LDAP Directory Initialization Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Start the LDAP server by executing:
 </p><pre class="screen">
@@ -1547 +1547 @@
 Starting ldap-server                           done
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Change to the <code class="filename">/opt/IDEALX/sbin</code> directory.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Execute the script that will populate the LDAP database as shown here:
 </p><pre class="screen">
@@ -1580 +1580 @@
 adding new entry: cn=Replicators,ou=Groups,dc=abmas,dc=biz
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Edit the <code class="filename">/etc/smbldap-tools/smbldap.conf</code> file so that the following
                 information is changed from:
@@ -1593 +1593 @@
 sambaUnixIdPooldn="sambaDomainName=MEGANET2,dc=abmas,dc=biz"
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 It is necessary to restart the LDAP server as shown here:
 </p><pre class="screen">
@@ -1600 +1600 @@
 Starting ldap-server                                 done
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2577476"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id2583535"></a>
                 So that we can use a global IDMAP repository, the LDAP directory must have a container object for IDMAP data. 
                 There are several ways you can check that your LDAP database is able to receive IDMAP information. One of 
@@ -1610 +1610 @@
 ou: idmap
 </pre><p>
-                <a class="indexterm" name="id2577500"></a>
+                <a class="indexterm" name="id2583558"></a>
                 If the execution of this command does not return IDMAP entries, you need to create an LDIF
                 template file (see <a class="link" href="happy.html#sbehap-ldifadd" title="Example 5.12. LDIF IDMAP Add-On Load File File: /etc/openldap/idmap.LDIF">&#8220;LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF&#8221;</a>). You can add the required entries using 
@@ -1619 +1619 @@
 </pre><p>
                 Samba automatically populates this LDAP directory container when it needs to.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577540"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id2583598"></a>
                 It looks like all has gone well, as expected. Let's confirm that this is the case
                 by running a few tests. First we check the contents of the database directly
@@ -1657 +1657 @@
 </pre><p>
                 This looks good so far.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577591"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id2583649"></a>
                 The next step is to prove that the LDAP server is running and responds to a
                 search request. Execute the following as shown (output has been cut to save space):
@@ -1702 +1702 @@
 </pre><p>
                 Good. It is all working just fine.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577648"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id2583706"></a>
                 You must now make certain that the NSS resolver can interrogate LDAP also.
                 Execute the following commands:
@@ -1716 +1716 @@
 Domain Computers:x:553:
 </pre><p>
-                <a class="indexterm" name="id2577677"></a>
+                <a class="indexterm" name="id2583736"></a>
                 This demonstrates that the <code class="literal">nss_ldap</code> library is functioning
                 as it should. If these two steps fail to produce this information, refer to
@@ -1722 +1722 @@
                 isolate the cause of the problem. Proceed to the next step only when the previous steps
                 have been successfully completed.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577708"></a>
-                <a class="indexterm" name="id2577715"></a>
-                <a class="indexterm" name="id2577722"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id2583766"></a>
+                <a class="indexterm" name="id2583773"></a>
+                <a class="indexterm" name="id2583780"></a>
                 Our database is now ready for the addition of network users. For each user for
                 whom an account must be created, execute the following:
@@ -1740 +1740 @@
 </pre><p>
                 where <code class="constant">username</code> is the login ID for each user.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577783"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id2583841"></a>
                 Now verify that the UNIX (POSIX) accounts can be resolved via NSS by executing the
                 following:
@@ -1757 +1757 @@
 </pre><p>
                 This demonstrates that user account resolution via LDAP is working.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 This step will determine whether or not identity resolution is working correctly.
                 Do not procede is this step fails, rather find the cause of the failure. The
@@ -1768 +1768 @@
                 This confirms that the UNIX (POSIX) user account information can be resolved from LDAP
                 by system tools that make a getentpw() system call.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577849"></a>
+                </p></li><li class="step" title="Step 13"><p>
+                <a class="indexterm" name="id2583907"></a>
                 The root account must have UID=0; if not, this means that operations conducted from
                 a Windows client using tools such as the Domain User Manager fails under UNIX because
@@ -1780 +1780 @@
 <code class="prompt">root# </code> ./smbldap-usermod -u 0 -d /root -s /bin/bash root
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 14"><p>
                 Verify that the changes just made to the <code class="constant">root</code> account were
                 accepted by executing:
@@ -1789 +1789 @@
 </pre><p>
                 This demonstrates that the changes were accepted.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 15"><p>
                 Make certain that a home directory has been created for every user by listing the
                 directories in <code class="filename">/home</code> as follows:
@@ -1802 +1802 @@
 </pre><p>
                 This is precisely what we want to see.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577948"></a>
-                <a class="indexterm" name="id2577955"></a>
+                </p></li><li class="step" title="Step 16"><p>
+                <a class="indexterm" name="id2584006"></a>
+                <a class="indexterm" name="id2584013"></a>
                 The final validation step involves making certain that Samba-3 can obtain the user
                 accounts from the LDAP ldapsam passwd backend. Execute the following command as shown:
@@ -1834 +1834 @@
 </pre><p>
                 This looks good. Of course, you fully expected that it would all work, didn't you?
-                </p></li><li><p>
-                <a class="indexterm" name="id2578000"></a>
+                </p></li><li class="step" title="Step 17"><p>
+                <a class="indexterm" name="id2584058"></a>
                 Now you add the group accounts that are used on the Abmas network. Execute
                 the following exactly as shown:
@@ -1845 +1845 @@
                 The addition of groups does not involve keyboard interaction, so the lack of console
                 output is of no concern.
-                </p></li><li><p>
-                <a class="indexterm" name="id2578042"></a>
+                </p></li><li class="step" title="Step 18"><p>
+                <a class="indexterm" name="id2584100"></a>
                 You really do want to confirm that UNIX group resolution from LDAP is functioning 
                 as it should. Let's do this as shown here:
@@ -1862 +1862 @@
                 The well-known special accounts (Domain Admins, Domain Users, Domain Guests), as well
                 as our own site-specific group accounts, are correctly listed. This is looking good.
-                </p></li><li><p>
-                <a class="indexterm" name="id2578075"></a>
+                </p></li><li class="step" title="Step 19"><p>
+                <a class="indexterm" name="id2584133"></a>
                 The final step we need to validate is that Samba can see all the Windows domain groups
                 and that they are correctly mapped to the respective UNIX group account. To do this,
@@ -1880 +1880 @@
                 the lines were shortened by replacing the middle value (1010554828) of the SID with the 
                 ellipsis (...).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 20"><p>
                 The server you have so carefully built is now ready for another important step. You 
                 start the Samba-3 server and validate its operation. Execute the following to render all 
@@ -1896 +1896 @@
 <code class="prompt">root# </code> rcwinbind start
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 21"><p>
                 The next step might seem a little odd at this point, but take note that you are about to
                 start <code class="literal">winbindd</code>, which must be able to authenticate to the PDC via the
@@ -1911 +1911 @@
 </pre><p>
                 This indicates that the domain security account for the PDC has been correctly created.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 22"><p>
                 At this time it is necessary to restart <code class="literal">winbindd</code> so that it can
                 correctly authenticate to the PDC. The following command achieves that:
@@ -1917 +1917 @@
 <code class="prompt">root# </code> rcwinbind restart
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2578290"></a>
+                </p></li><li class="step" title="Step 23"><p>
+                <a class="indexterm" name="id2584348"></a>
                 You may now check Samba-3 operation as follows:
 </p><pre class="screen">
@@ -1944 +1944 @@
 </pre><p>
         This shows that an anonymous connection is working.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 24"><p>
                 For your finale, let's try an authenticated connection:
 </p><pre class="screen">
@@ -1963 +1963 @@
                 </p></li></ol></div><p>
         The server <code class="constant">MASSIVE</code> is now configured, and it is time to move onto the next task.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2578401"></a>
+        </p></div><div class="sect2" title="Printer Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id2584459"></a>
         The configuration for Samba-3 to enable CUPS raw-print-through printing has already been
         taken care of in the <code class="filename">smb.conf</code> file. The only preparation needed for <code class="constant">smart</code>
         printing to be possible involves creation of the directories in which Samba-3 stores
         Windows printing driver files.
-        </p><div class="procedure"><a name="id2578423"></a><p class="title"><b>Procedure 5.9. Printer Configuration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.9. Printer Configuration Steps"><a name="id2584481"></a><p class="title"><b>Procedure 5.9. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure all network-attached printers to have a fixed IP address.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Create an entry in the DNS database on the server <code class="constant">MASSIVE</code>
                 in both the forward lookup database for the zone <code class="constant">abmas.biz.hosts</code>
@@ -1977 +1977 @@
                 be located in. Example configuration files for similar zones were presented in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a>,
                 <a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">&#8220;DNS Abmas.biz Forward Zone File&#8221;</a> and in <a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">&#8220;DNS 192.168.2 Reverse Zone File&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Follow the instructions in the printer manufacturers' manuals to permit printing
                 to port 9100.  Use any other port the manufacturer specifies for direct mode,
                 raw printing.  This allows the CUPS spooler to print using raw mode protocols.
-                <a class="indexterm" name="id2578484"></a>
-                <a class="indexterm" name="id2578491"></a>
-                </p></li><li><p>
-                <a class="indexterm" name="id2578504"></a>
-                <a class="indexterm" name="id2578511"></a>
+                <a class="indexterm" name="id2584542"></a>
+                <a class="indexterm" name="id2584549"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id2584563"></a>
+                <a class="indexterm" name="id2584569"></a>
                 Only on the server to which the printer is attached, configure the CUPS Print
                 Queues as follows:
@@ -1992 +1992 @@
          -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E
 </pre><p>
-                <a class="indexterm" name="id2578546"></a>
+                <a class="indexterm" name="id2584605"></a>
                 This step creates the necessary print queue to use no assigned print filter. This
                 is ideal for raw printing, that is, printing without use of filters.
                 The name <em class="parameter"><code>printque</code></em> is the name you have assigned for
                 the particular printer.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Print queues may not be enabled at creation. Make certain that the queues
                 you have just created are enabled by executing the following:
@@ -2003 +2003 @@
 <code class="prompt">root# </code> /usr/bin/enable <em class="parameter"><code>printque</code></em>
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Even though your print queue may be enabled, it is still possible that it
                 may not accept print jobs. A print queue will service incoming printing
@@ -2011 +2011 @@
 <code class="prompt">root# </code> /usr/bin/accept <em class="parameter"><code>printque</code></em>
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2578628"></a>
-                <a class="indexterm" name="id2578635"></a>
-                <a class="indexterm" name="id2578642"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id2584686"></a>
+                <a class="indexterm" name="id2584693"></a>
+                <a class="indexterm" name="id2584700"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                </p></li><li><p>
-                 <a class="indexterm" name="id2578670"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                 <a class="indexterm" name="id2584729"></a>
                  Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Refer to the CUPS printing manual for instructions regarding how to configure
                 CUPS so that print queues that reside on CUPS servers on remote networks
@@ -2031 +2031 @@
                 on your CUPS server may automatically discover remotely installed printers and
                 may permit this functionality without requiring specific configuration.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 The following action creates the necessary directory subsystem. Follow these 
                 steps to printing heaven:
@@ -2039 +2039 @@
 <code class="prompt">root# </code> chmod -R ug=rwx,o=rx /var/lib/samba/drivers
 </pre><p>
-                </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sbehap-bldg1"></a>Samba-3 BDC Configuration</h2></div></div></div><div class="procedure"><a name="id2578754"></a><p class="title"><b>Procedure 5.10. Configuration of BDC Called: <code class="constant">BLDG1</code></b></p><ol type="1"><li><p>
+                </p></li></ol></div></div></div><div class="sect1" title="Samba-3 BDC Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sbehap-bldg1"></a>Samba-3 BDC Configuration</h2></div></div></div><div class="procedure" title="Procedure 5.10. Configuration of BDC Called: BLDG1"><a name="id2584812"></a><p class="title"><b>Procedure 5.10. Configuration of BDC Called: <code class="constant">BLDG1</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-bldg1-smbconf" title="Example 5.8. LDAP Based smb.conf File, Server: BLDG1">&#8220;LDAP Based smb.conf File, Server: BLDG1&#8221;</a>,
                 <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, and <a class="link" href="happy.html#sbehap-shareconfb" title="Example 5.11. LDAP Based smb.conf File, Shares Section Part B">&#8220;LDAP Based smb.conf File, Shares Section  Part B&#8221;</a>
                 into the <code class="filename">/etc/samba/</code> directory. The three files
                 should be added together to form the <code class="filename">smb.conf</code> file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Verify the <code class="filename">smb.conf</code> file as in step 2 of <a class="link" href="happy.html#sbehap-massive" title="Samba-3 PDC Configuration">&#8220;Samba-3 PDC Configuration&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Carefully follow the steps outlined in <a class="link" href="happy.html#sbehap-PAM-NSS" title="PAM and NSS Client Configuration">&#8220;PAM and NSS Client Configuration&#8221;</a>, taking
                 particular note to install the correct <code class="filename">ldap.conf</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Verify that the NSS resolver is working. You may need to cycle the run level
                 to 1 and back to 5 before the NSS LDAP resolver functions. Follow these
@@ -2081 +2081 @@
 </pre><p>
                 This is the correct output. If the accounts that have UIDs above 512 are not shown, there is a problem.
-                </p></li><li><p>
-                <a class="indexterm" name="id2578914"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id2584972"></a>
                 The next step in the verification process involves testing the operation of UNIX group
                 resolution via the NSS LDAP resolver. Execute these commands:
@@ -2111 +2111 @@
                 This is also the correct and desired output, because it demonstrates that the LDAP client
                 is able to communicate correctly with the LDAP server (<code class="constant">MASSIVE</code>).
-                </p></li><li><p>
-                <a class="indexterm" name="id2578955"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id2585013"></a>
                 You must now set the LDAP administrative password into the Samba-3 <code class="filename">secrets.tdb</code>
                 file by executing this command:
@@ -2119 +2119 @@
 Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now you must obtain the domain SID from the PDC and store it into the
                 <code class="filename">secrets.tdb</code> file also. This step is not necessary with an LDAP
@@ -2136 +2136 @@
                 thus requiring that the BDC should be joined to the domain. The process of joining
                 the domain creates the necessary authentication accounts.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 To join the Samba BDC to the domain, execute the following:
 </p><pre class="screen">
@@ -2143 +2143 @@
 </pre><p>
                 This indicates that the domain security account for the BDC has been correctly created.
-                </p></li><li><p>
-                <a class="indexterm" name="id2579056"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id2585114"></a>
                 Verify that user and group account resolution works via Samba-3 tools as follows:
 </p><pre class="screen">
@@ -2170 +2170 @@
 </pre><p>
                 These results show that all things are in order.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 The server you have so carefully built is now ready for another important step. Now
                 start the Samba-3 server and validate its operation. Execute the following to render all
@@ -2186 +2186 @@
 </pre><p>
                 Samba-3 should now be running and is ready for a quick test. But not quite yet!
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 Your new <code class="constant">BLDG1, BLDG2</code> servers do not have home directories for users.
                 To rectify this using the SUSE yast2 utility or by manually editing the <code class="filename">/etc/fstab</code>
@@ -2206 +2206 @@
 massive:/home         29532988    283388  29249600   1% /home
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 Implement a quick check using one of the users that is in the LDAP database. Here you go:
 </p><pre class="screen">
@@ -2225 +2225 @@
         Now that the first BDC (<code class="constant">BDLG1</code>) has been configured it is time to build 
         and configure the second BDC server (<code class="constant">BLDG2</code>) as follows:
-        </p><div class="procedure"><a name="sbehap-bldg2"></a><p class="title"><b>Procedure 5.11. Configuration of BDC Called <code class="constant">BLDG2</code></b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.11. Configuration of BDC Called BLDG2"><a name="sbehap-bldg2"></a><p class="title"><b>Procedure 5.11. Configuration of BDC Called <code class="constant">BLDG2</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-bldg2-smbconf" title="Example 5.9. LDAP Based smb.conf File, Server: BLDG2">&#8220;LDAP Based smb.conf File, Server: BLDG2&#8221;</a>,
                 <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, and <a class="link" href="happy.html#sbehap-shareconfb" title="Example 5.11. LDAP Based smb.conf File, Shares Section Part B">&#8220;LDAP Based smb.conf File, Shares Section  Part B&#8221;</a>
                 into the <code class="filename">/etc/samba/</code> directory. The three files
                 should be added together to form the <code class="filename">smb.conf</code> file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Follow carefully the steps shown in <a class="link" href="happy.html#sbehap-bldg1" title="Samba-3 BDC Configuration">&#8220;Samba-3 BDC Configuration&#8221;</a>, starting at step 2.
-                </p></li></ol></div><div class="example"><a name="sbehap-bldg1-smbconf"></a><p class="title"><b>Example 5.8. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2579402"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2579413"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2579425"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2579437"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579449"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579461"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2579473"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2579485"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2579496"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2579508"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2579520"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2579531"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2579544"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2579555"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579568"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2579580"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2579591"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2579603"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579615"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579626"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2579638"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579650"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2579662"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2579674"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2579686"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2579698"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579710"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579722"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2579734"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2579746"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2579758"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-bldg2-smbconf"></a><p class="title"><b>Example 5.9. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2579804"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2579816"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2579828"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2579840"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579852"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579864"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2579876"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2579887"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2579899"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2579911"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2579922"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2579934"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2579946"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2579958"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579970"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2579982"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2579994"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2580006"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580017"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580029"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2580041"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2580053"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2580065"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2580077"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2580089"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2580101"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2580113"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2580125"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2580137"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2580148"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2580160"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfa"></a><p class="title"><b>Example 5.10. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2580206"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580218"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2580230"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2580250"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580262"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2580274"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2580294"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580306"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2580318"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2580338"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2580350"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2580362"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580373"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2580394"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2580405"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2580417"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580429"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580440"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfb"></a><p class="title"><b>Example 5.11. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2580486"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580498"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2580509"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2580521"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2580542"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2580553"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2580565"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580577"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2580597"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2580609"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2580621"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580633"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2580653"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2580665"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2580677"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580689"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2580709"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2580721"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2580733"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580744"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id2580756"></a><em class="parameter"><code>read only = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580768"></a><em class="parameter"><code>write list = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-ldifadd"></a><p class="title"><b>Example 5.12. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
+                </p></li></ol></div><div class="example"><a name="sbehap-bldg1-smbconf"></a><p class="title"><b>Example 5.8. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2585460"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2585472"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2585484"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2585496"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2585508"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2585520"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2585532"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2585543"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2585555"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2585567"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2585578"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2585590"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2585602"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2585614"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2585626"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2585638"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2585650"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2585662"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2585673"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2585685"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2585697"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2585709"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2585721"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2585733"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2585745"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2585757"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2585769"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2585781"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2585793"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2585804"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2585816"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-bldg2-smbconf"></a><p class="title"><b>Example 5.9. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2585863"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2585874"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2585886"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2585898"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2585910"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2585922"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2585934"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2585946"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2585957"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2585969"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2585981"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2585992"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2586005"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2586016"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586029"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2586041"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2586052"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2586064"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586076"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586088"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2586099"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586111"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2586123"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2586135"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2586147"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2586159"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586171"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586184"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2586195"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2586207"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2586219"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfa"></a><p class="title"><b>Example 5.10. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2586265"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586277"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2586288"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2586309"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586320"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2586332"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2586353"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586365"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2586376"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2586397"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2586408"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2586420"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586432"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2586452"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2586464"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2586476"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586487"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586499"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfb"></a><p class="title"><b>Example 5.11. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2586545"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586557"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2586568"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2586580"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2586600"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2586612"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2586624"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586635"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2586656"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2586668"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2586680"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586691"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2586712"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2586724"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2586736"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586747"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2586768"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2586780"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2586791"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586803"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id2586815"></a><em class="parameter"><code>read only = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586826"></a><em class="parameter"><code>write list = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-ldifadd"></a><p class="title"><b>Example 5.12. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
 dn: ou=Idmap,dc=abmas,dc=biz
 objectClass: organizationalUnit
 ou: idmap
 structuralObjectClass: organizationalUnit
-</pre></div></div><br class="example-break"></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2580803"></a>Miscellaneous Server Preparation Tasks</h2></div></div></div><p>
-        My father would say, &#8220;<span class="quote">Dinner is not over until the dishes have been done.</span>&#8221;
+</pre></div></div><br class="example-break"></div><div class="sect1" title="Miscellaneous Server Preparation Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2586862"></a>Miscellaneous Server Preparation Tasks</h2></div></div></div><p>
+        My father would say, <span class="quote">&#8220;<span class="quote">Dinner is not over until the dishes have been done.</span>&#8221;</span>
         The makings of a great network environment take a lot of effort and attention to detail.
         So far, you have completed most of the complex (and to many administrators, the interesting
@@ -2244 +2244 @@
         a few more steps that must be completed so that your network runs like a well-rehearsed
         orchestra.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2580823"></a>Configuring Directory Share Point Roots</h3></div></div></div><p>
+        </p><div class="sect2" title="Configuring Directory Share Point Roots"><div class="titlepage"><div><div><h3 class="title"><a name="id2586882"></a>Configuring Directory Share Point Roots</h3></div></div></div><p>
         In your <code class="filename">smb.conf</code> file, you have specified Windows shares. Each has a <em class="parameter"><code>path</code></em>
         parameter. Even though it is obvious to all, one of the common Samba networking problems is
@@ -2262 +2262 @@
 <code class="prompt">root# </code> chmod -R ug+rwx,o+rx-w /apps
 </pre><p>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2580918"></a>Configuring Profile Directories</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Configuring Profile Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id2586977"></a>Configuring Profile Directories</h3></div></div></div><p>
         You made a conscious decision to do everything it would take to improve network client
         performance. One of your decisions was to implement folder redirection. This means that Windows
@@ -2287 +2287 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2581034"></a>
-        <a class="indexterm" name="id2581041"></a>
+        <a class="indexterm" name="id2587093"></a>
+        <a class="indexterm" name="id2587100"></a>
         You have three options insofar as the dynamically loaded portion of the roaming profile
         is concerned: 
-        </p><div class="itemizedlist"><ul type="disc"><li><p>You may permit the user to obtain a default profile.</p></li><li><p>You can create a mandatory profile.</p></li><li><p>You can create a group profile (which is almost always a mandatory profile).</p></li></ul></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may permit the user to obtain a default profile.</p></li><li class="listitem"><p>You can create a mandatory profile.</p></li><li class="listitem"><p>You can create a group profile (which is almost always a mandatory profile).</p></li></ul></div><p>
         Mandatory profiles cannot be overwritten by a user. The change from a user profile to a mandatory
         profile is effected by renaming the <code class="filename">NTUSER.DAT</code> to <code class="filename">NTUSER.MAN</code>,
         that is, just by changing the filename extension.
         </p><p>
-        <a class="indexterm" name="id2581091"></a>
-        <a class="indexterm" name="id2581098"></a>
+        <a class="indexterm" name="id2587150"></a>
+        <a class="indexterm" name="id2587156"></a>
         The location of the profile that a user can obtain is set in the user's account in the LDAP passdb backend.
         You can manage this using the Idealx smbldap-tools or using the 
@@ -2310 +2310 @@
 <code class="prompt">root# </code> chmod 700  /var/lib/samba/profiles/<span class="emphasis"><em>username</em></span>
 </pre><p>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2581163"></a>Preparation of Logon Scripts</h3></div></div></div><p>
-        <a class="indexterm" name="id2581171"></a>
+        </p></div><div class="sect2" title="Preparation of Logon Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="id2587221"></a>Preparation of Logon Scripts</h3></div></div></div><p>
+        <a class="indexterm" name="id2587229"></a>
         The use of a logon script with Windows XP Professional is an option that every site should consider.
         Unless you have locked down the desktop so the user cannot change anything, there is risk that
@@ -2336 +2336 @@
         Section 24.4. A quick Web search will bring up a host of options. One of the most popular logon
         facilities in use today is called <a class="ulink" href="http://www.kixtart.org" target="_top">KiXtart</a>.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2581274"></a>Assigning User Rights and Privileges</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Assigning User Rights and Privileges"><div class="titlepage"><div><div><h3 class="title"><a name="id2587332"></a>Assigning User Rights and Privileges</h3></div></div></div><p>
         The ability to perform tasks such as joining Windows clients to the domain can be assigned to
         normal user accounts. By default, only the domain administrator account (<code class="constant">root</code> on UNIX
@@ -2348 +2348 @@
         are granted rights can be restricted to particular machines. It is left to the network administrator
         to determine which rights should be provided and to whom.
-        </p><div class="procedure"><a name="id2581309"></a><p class="title"><b>Procedure 5.12. Steps for Assignment of User Rights and Privileges</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.12. Steps for Assignment of User Rights and Privileges"><a name="id2587368"></a><p class="title"><b>Procedure 5.12. Steps for Assignment of User Rights and Privileges</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Log onto the PDC as the <code class="constant">root</code> account.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Execute the following command to grant the <code class="constant">Domain Admins</code> group all
                 rights and privileges:
@@ -2362 +2362 @@
                 Repeat this step on each domain controller, in each case substituting the name of the server
                 (e.g., BLDG1, BLDG2) in place of the PDC called MASSIVE.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 In this step the privilege will be granted to Bob Jordan (bobj) to add Windows workstations
                 to the domain. Execute the following only on the PDC. It is not necessary to do this on
@@ -2371 +2371 @@
 Successfully granted rights.
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Verify that privilege assignments have been correctly applied by executing:
 </p><pre class="screen">
@@ -2406 +2406 @@
 SeDiskOperatorPrivilege
 </pre><p>
-                </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2581407"></a>Windows Client Configuration</h2></div></div></div><p>
-        <a class="indexterm" name="id2581416"></a>
+                </p></li></ol></div></div></div><div class="sect1" title="Windows Client Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2587466"></a>Windows Client Configuration</h2></div></div></div><p>
+        <a class="indexterm" name="id2587474"></a>
         In the next few sections, you can configure a new Windows XP Professional disk image on a staging
         machine. You will configure all software, printer settings, profile and policy handling, and desktop
@@ -2419 +2419 @@
         Base Profile for All Users."</a>
 
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="redirfold"></a>Configuration of Default Profile with Folder Redirection</h3></div></div></div><p>
-        <a class="indexterm" name="id2581466"></a>
+        </p><div class="sect2" title="Configuration of Default Profile with Folder Redirection"><div class="titlepage"><div><div><h3 class="title"><a name="redirfold"></a>Configuration of Default Profile with Folder Redirection</h3></div></div></div><p>
+        <a class="indexterm" name="id2587524"></a>
         Log onto the Windows XP Professional workstation as the local <code class="constant">Administrator</code>.
         It is necessary to expose folders that are generally hidden to provide access to the
         <code class="constant">Default User</code> folder.
-        </p><div class="procedure"><a name="id2581484"></a><p class="title"><b>Procedure 5.13. Expose Hidden Folders</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.13. Expose Hidden Folders"><a name="id2587542"></a><p class="title"><b>Procedure 5.13. Expose Hidden Folders</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Launch the Windows Explorer by clicking
                         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">My Computer</span> &#8594; <span class="guimenuitem">Tools</span> &#8594; <span class="guimenuitem">Folder Options</span> &#8594; <span class="guimenuitem">View Tab</span>.
                 Select <span class="guilabel">Show hidden files and folders</span>,
                 and click <span class="guibutton">OK</span>.  Exit Windows Explorer.
-                </p></li><li><p>
-                <a class="indexterm" name="id2581550"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id2587609"></a>
                 Launch the Registry Editor. Click 
                 <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Run</span>. Key in <code class="literal">regedt32</code>, and click
                 <span class="guibutton">OK</span>.
                 </p></li></ol></div><p>
-        </p><div class="procedure"><a name="sbehap-rdrfldr"></a><p class="title"><b>Procedure 5.14. Redirect Folders in Default System User Profile</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2581608"></a>
-                <a class="indexterm" name="id2581615"></a>
+        </p><div class="procedure" title="Procedure 5.14. Redirect Folders in Default System User Profile"><a name="sbehap-rdrfldr"></a><p class="title"><b>Procedure 5.14. Redirect Folders in Default System User Profile</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id2587667"></a>
+                <a class="indexterm" name="id2587673"></a>
                 Give focus to <code class="constant">HKEY_LOCAL_MACHINE</code> hive entry in the left panel.
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Load Hive...</span> &#8594; <span class="guimenuitem">Documents and Settings</span> &#8594; <span class="guimenuitem">Default User</span> &#8594; <span class="guimenuitem">NTUSER</span> &#8594; <span class="guimenuitem">Open</span>. In the dialog box that opens, enter the key name
                 <code class="constant">Default</code> and click <span class="guibutton">OK</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Browse inside the newly loaded Default folder to:
 </p><pre class="screen">
@@ -2448 +2448 @@
 </pre><p>
                 The right panel reveals the contents as shown in <a class="link" href="happy.html#XP-screen001" title="Figure 5.3. Windows XP Professional User Shared Folders">&#8220;Windows XP Professional  User Shared Folders&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2581708"></a>
-                <a class="indexterm" name="id2581714"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id2587766"></a>
+                <a class="indexterm" name="id2587773"></a>
                 You edit hive keys. Acceptable values to replace the 
                 <code class="constant">%USERPROFILE%</code> variable includes:
 
-                </p><div class="itemizedlist"><ul type="disc"><li><p>A drive letter such as <code class="constant">U:</code></p></li><li><p>A direct network path such as
-                                <code class="constant">\\MASSIVE\profdata</code></p></li><li><p>A network redirection (UNC name) that contains a macro such as </p><p><code class="constant">%LOGONSERVER%\profdata\</code></p></li></ul></div><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2581761"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A drive letter such as <code class="constant">U:</code></p></li><li class="listitem"><p>A direct network path such as
+                                <code class="constant">\\MASSIVE\profdata</code></p></li><li class="listitem"><p>A network redirection (UNC name) that contains a macro such as </p><p><code class="constant">%LOGONSERVER%\profdata\</code></p></li></ul></div><p>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id2587820"></a>
                 Set the registry keys as shown in <a class="link" href="happy.html#proffold" title="Table 5.4. Default Profile Redirections">&#8220;Default Profile Redirections&#8221;</a>. Your implementation makes the assumption
                 that users have statically located machines. Notebook computers (mobile users) need to be
                 accommodated using local profiles. This is not an uncommon assumption.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Click back to the root of the loaded hive <code class="constant">Default</code>.
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Unload Hive...</span> &#8594; <span class="guimenuitem">Yes</span>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2581816"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id2587875"></a>
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Exit</span>. This exits the
                 Registry Editor.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now follow the procedure given in <a class="link" href="happy.html#sbehap-locgrppol" title="The Local Group Policy">&#8220;The Local Group Policy&#8221;</a>. Make sure that each folder you
                 have redirected is in the exclusion list.
-                </p></li><li><p>
-                You are now ready to copy<sup>[<a name="id2581860" href="#ftn.id2581860" class="footnote">11</a>]</sup> 
+                </p></li><li class="step" title="Step 8"><p>
+                You are now ready to copy<sup>[<a name="id2587919" href="#ftn.id2587919" class="footnote">11</a>]</sup> 
                 the Default User profile to the Samba domain controllers. Launch Microsoft Windows Explorer,
                 and use it to copy the full contents of the directory <code class="filename">Default User</code> that
@@ -2483 +2483 @@
         desktop behavior should be returned to the original Microsoft settings. The following steps achieve
         that ojective:
-        </p><div class="procedure"><a name="id2581927"></a><p class="title"><b>Procedure 5.15. Reset Folder Display to Original Behavior</b></p><ul><li><p>
+        </p><div class="procedure" title="Procedure 5.15. Reset Folder Display to Original Behavior"><a name="id2587986"></a><p class="title"><b>Procedure 5.15. Reset Folder Display to Original Behavior</b></p><ul class="procedure"><li class="step" title="Step 1"><p>
                 To launch the Windows Explorer, click
                         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">My Computer</span> &#8594; <span class="guimenuitem">Tools</span> &#8594; <span class="guimenuitem">Folder Options</span> &#8594; <span class="guimenuitem">View Tab</span>.
                 Deselect <span class="guilabel">Show hidden files and folders</span>, and click <span class="guibutton">OK</span>.
                 Exit Windows Explorer.
-                </p></li></ul></div><div class="figure"><a name="XP-screen001"></a><p class="title"><b>Figure 5.3. Windows XP Professional  User Shared Folders</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/XP-screen001.png" width="351" alt="Windows XP Professional User Shared Folders"></div></div></div><br class="figure-break"><div class="table"><a name="proffold"></a><p class="title"><b>Table 5.4. Default Profile Redirections</b></p><div class="table-contents"><table summary="Default Profile Redirections" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Registry Key</th><th align="left">Redirected Value</th></tr></thead><tbody><tr><td align="left">Cache</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\InternetFiles</td></tr><tr><td align="left">Cookies</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Cookies</td></tr><tr><td align="left">History</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\History</td></tr><tr><td align="left">Local AppData</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\AppData</td></tr><tr><td align="left">Local Settings</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\LocalSettings</td></tr><tr><td align="left">My Pictures</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyPictures</td></tr><tr><td align="left">Personal</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyDocuments</td></tr><tr><td align="left">Recent</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Recent</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2582162"></a>Configuration of MS Outlook to Relocate PST File</h3></div></div></div><p>
-        <a class="indexterm" name="id2582170"></a>
-        <a class="indexterm" name="id2582180"></a>
+                </p></li></ul></div><div class="figure"><a name="XP-screen001"></a><p class="title"><b>Figure 5.3. Windows XP Professional  User Shared Folders</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/XP-screen001.png" width="351" alt="Windows XP Professional User Shared Folders"></div></div></div><br class="figure-break"><div class="table"><a name="proffold"></a><p class="title"><b>Table 5.4. Default Profile Redirections</b></p><div class="table-contents"><table summary="Default Profile Redirections" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Registry Key</th><th align="left">Redirected Value</th></tr></thead><tbody><tr><td align="left">Cache</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\InternetFiles</td></tr><tr><td align="left">Cookies</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Cookies</td></tr><tr><td align="left">History</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\History</td></tr><tr><td align="left">Local AppData</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\AppData</td></tr><tr><td align="left">Local Settings</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\LocalSettings</td></tr><tr><td align="left">My Pictures</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyPictures</td></tr><tr><td align="left">Personal</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyDocuments</td></tr><tr><td align="left">Recent</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Recent</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Configuration of MS Outlook to Relocate PST File"><div class="titlepage"><div><div><h3 class="title"><a name="id2588220"></a>Configuration of MS Outlook to Relocate PST File</h3></div></div></div><p>
+        <a class="indexterm" name="id2588229"></a>
+        <a class="indexterm" name="id2588238"></a>
         Microsoft Outlook can store a Personal Storage file, generally known as a PST file.
         It is the nature of email storage that this file grows, at times quite rapidly.
@@ -2499 +2499 @@
         To redirect the Outlook PST file in Outlook 2003 (older versions of Outlook behave
         slightly differently), follow these steps:
-        </p><div class="procedure"><a name="id2582202"></a><p class="title"><b>Procedure 5.16. Outlook PST File Relocation</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.16. Outlook PST File Relocation"><a name="id2588260"></a><p class="title"><b>Procedure 5.16. Outlook PST File Relocation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Close Outlook if it is open.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 From the <span class="guimenu">Control Panel</span>, launch the Mail icon.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Click <span class="guimenu">Email Accounts.</span>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Make a note of the location of the PST file(s). From this location, move
                 the files to the desired new target location. The most desired new target location 
                 may well be the users' home directory.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Add a new data file, selecting the PST file in the new desired target location.
-                Give this entry (not the filename) a new name such as &#8220;<span class="quote">Personal Mail Folders.</span>&#8221;
+                Give this entry (not the filename) a new name such as <span class="quote">&#8220;<span class="quote">Personal Mail Folders.</span>&#8221;</span>
                 </p><p>
                 Note: If MS Outlook has been configured to use an IMAP account configuration there may be problems
@@ -2519 +2519 @@
                 used please email <code class="literal">jht@samba.org</code> with useful tips and suggestions so that
                 this warning can be removed or modified.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Close the <span class="guimenu">Date Files</span> windows, then click <span class="guimenu">Email Accounts</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Select <span class="guimenu">View of Change</span> exiting email accounts, click <span class="guibutton">Next.</span>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Change the <span class="guimenu">Mail Delivery Location</span> so as to use the data file in the new
                 target location.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Go back to the <span class="guimenu">Data Files</span> window, then delete the old data file entry.
-                </p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2582352"></a>
+                </p></li></ol></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id2588410"></a>
         You may have to remove and reinstall the Outlook Address Book (Contacts) entries, otherwise 
         the user may be not be able to retrieve contacts when addressing a new email message.
-        </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2582366"></a>
+        </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id2588425"></a>
         Outlook Express is not at all like MS OutLook. It stores file very differently also. Outlook
         Express storage files can not be redirected to network shares. The options panel will not permit
@@ -2542 +2542 @@
         registry, experience has shown that data corruption and loss of email messages will result.
         </p><p>
-        <a class="indexterm" name="id2582389"></a>
-        <a class="indexterm" name="id2582396"></a>
+        <a class="indexterm" name="id2588448"></a>
+        <a class="indexterm" name="id2588454"></a>
         In the same vane as MS Outlook, Outlook Express data stores can become very large. When used with
         roaming profiles this can result in excruciatingly long login and logout behavior will files are
@@ -2549 +2549 @@
         profiles are used.
         </p></div><p>
-        <a class="indexterm" name="id2582412"></a>
+        <a class="indexterm" name="id2588470"></a>
         Microsoft does not support storing PST files on network shares, although the practice does appear
         to be rather popular. Anyone who does relocation the PST file to a network resource should refer
@@ -2555 +2555 @@
         understand the issues.
         </p><p>
-        <a class="indexterm" name="id2582432"></a>
+        <a class="indexterm" name="id2588491"></a>
         Apart from manually moving PST files to a network share, it is possible to set the default PST
         location for new accounts by following the instructions at the WindowsITPro <a class="ulink" href="http://www.windowsitpro.com/Windows/Article/ArticleID/48228/48228.html" target="_top">web</a> site.
         </p><p>
-        <a class="indexterm" name="id2582452"></a>
+        <a class="indexterm" name="id2588511"></a>
         User feedback suggests that disabling of oplocks on PST files will significantly improve
         network performance by reducing locking overheads. One way this can be done is to add to the
@@ -2566 +2566 @@
 veto oplock files = /*.pdf/*.PST/
 </pre><p>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2582477"></a>Configure Delete Cached Profiles on Logout</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Configure Delete Cached Profiles on Logout"><div class="titlepage"><div><div><h3 class="title"><a name="id2588536"></a>Configure Delete Cached Profiles on Logout</h3></div></div></div><p>
         Configure the Windows XP Professional client to auto-delete roaming profiles on logout:
         </p><p>
-        <a class="indexterm" name="id2582490"></a>
+        <a class="indexterm" name="id2588549"></a>
         Click 
         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Run</span>. In the dialog box, enter <code class="literal">MMC</code> and click <span class="guibutton">OK</span>.
@@ -2577 +2577 @@
         <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Add/Remove Snap-in</span> &#8594; <span class="guimenuitem">Add</span> &#8594; <span class="guimenuitem">Group Policy</span> &#8594; <span class="guimenuitem">Add</span> &#8594; <span class="guimenuitem">Finish</span> &#8594; <span class="guimenuitem">Close</span> &#8594; <span class="guimenuitem">OK</span>. 
         </p><p>
-        <a class="indexterm" name="id2582586"></a>
+        <a class="indexterm" name="id2588645"></a>
         The Microsoft Management Console now shows the <span class="guimenu">Group Policy</span>
         utility that enables you to set the policies needed. In the left panel, click
         <span class="guimenuitem">Local Computer Policy</span> &#8594; <span class="guimenuitem">Administrative Templates</span> &#8594; <span class="guimenuitem">System</span> &#8594; <span class="guimenuitem">User Profiles</span>. In the right panel, set the properties shown here by double-clicking on each
         item as shown:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Do not check for user ownership of Roaming Profile Folders = Enabled</p></li><li><p>Delete cached copies of roaming profiles = Enabled</p></li></ul></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Do not check for user ownership of Roaming Profile Folders = Enabled</p></li><li class="listitem"><p>Delete cached copies of roaming profiles = Enabled</p></li></ul></div><p>
         Close the Microsoft Management Console. The settings take immediate effect and persist onto all image copies
         made of this system to deploy the new standard desktop system.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2582657"></a>Uploading Printer Drivers to Samba Servers</h3></div></div></div><p>
-        <a class="indexterm" name="id2582665"></a>
+        </p></div><div class="sect2" title="Uploading Printer Drivers to Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id2588716"></a>Uploading Printer Drivers to Samba Servers</h3></div></div></div><p>
+        <a class="indexterm" name="id2588724"></a>
         Users want to be able to use network printers. You have a vested interest in making
         it easy for them to print. You have chosen to install the printer drivers onto the Samba
@@ -2593 +2593 @@
         print to the printer chosen. The following procedure must be followed for every network
         printer:
-        </p><div class="procedure"><a name="id2582684"></a><p class="title"><b>Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers"><a name="id2588742"></a><p class="title"><b>Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Join your Windows XP Professional workstation (the staging machine) to the 
                 <code class="constant">MEGANET2</code> domain. If you are not sure of the procedure, 
                 follow the guidance given in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">&#8220;Joining a Domain: Windows 200x/XP Professional&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 After the machine has rebooted, log onto the workstation as the domain
                 <code class="constant">root</code> (this is the Administrator account for the 
                 operating system that is the host platform for this implementation of Samba.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Launch MS Windows Explorer. Navigate in the left panel. Click
                 <span class="guimenu">My Network Places</span> &#8594; <span class="guimenuitem">Entire Network</span> &#8594; <span class="guimenuitem">Microsoft Windows Network</span> &#8594; <span class="guimenuitem">Meganet2</span> &#8594; <span class="guimenuitem">Massive</span>. Click on <span class="guimenu">Massive</span>
                         <span class="guimenu">Printers and Faxes</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Identify a printer that is shown in the right panel. Let us assume the printer is called 
                 <code class="constant">ps01-color</code>. Right-click on the <span class="guimenu">ps01-color</span> icon
                 and select the <span class="guimenu">Properties</span> entry. This opens a dialog box that indicates
-                that &#8220;<span class="quote">The printer driver is not installed on this computer. Some printer properties
+                that <span class="quote">&#8220;<span class="quote">The printer driver is not installed on this computer. Some printer properties
                 will not be accessible unless you install the printer driver. Do you want to install the
-                driver now?</span>&#8221; It is important at this point you answer <span class="guimenu">No</span>.
-                </p></li><li><p>
+                driver now?</span>&#8221;</span> It is important at this point you answer <span class="guimenu">No</span>.
+                </p></li><li class="step" title="Step 5"><p>
                 The printer properties panel for the <span class="guimenu">ps01-color</span> printer on the server 
                 <code class="constant">MASSIVE</code> is displayed. Click the <span class="guimenu">Advanced</span> tab.
                 Note that the box labeled <span class="guimenu">Driver</span> is empty. Click the <span class="guimenu">New Driver</span>
-                button that is next to the <span class="guimenu">Driver</span> box. This launches the &#8220;<span class="quote">Add Printer Wizard</span>&#8221;.
-                </p></li><li><p>
-                <a class="indexterm" name="id2582873"></a>
-                <a class="indexterm" name="id2582882"></a>
-                The &#8220;<span class="quote">Add Printer Driver Wizard on <code class="constant">MASSIVE</code></span>&#8221; panel 
+                button that is next to the <span class="guimenu">Driver</span> box. This launches the <span class="quote">&#8220;<span class="quote">Add Printer Wizard</span>&#8221;</span>.
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id2588931"></a>
+                <a class="indexterm" name="id2588940"></a>
+                The <span class="quote">&#8220;<span class="quote">Add Printer Driver Wizard on <code class="constant">MASSIVE</code></span>&#8221;</span> panel 
                 is now presented. Click <span class="guimenu">Next</span> to continue. From the left panel, select the 
                 printer manufacturer. In your case, you are adding a driver for a printer manufactured by 
@@ -2627 +2627 @@
                 progress bar appears and instructs you as each file is being uploaded and that it is being 
                 directed at the network server <code class="constant">\\massive\ps01-color</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2582930"></a>
-                <a class="indexterm" name="id2582939"></a>
-                <a class="indexterm" name="id2582949"></a>
-                <a class="indexterm" name="id2582958"></a>
-                <a class="indexterm" name="id2582967"></a>
-                <a class="indexterm" name="id2582976"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id2588989"></a>
+                <a class="indexterm" name="id2588998"></a>
+                <a class="indexterm" name="id2589007"></a>
+                <a class="indexterm" name="id2589016"></a>
+                <a class="indexterm" name="id2589025"></a>
+                <a class="indexterm" name="id2589035"></a>
                 The driver upload completes in anywhere from a few seconds to a few minutes. When it completes,
                 you are returned to the <span class="guimenu">Advanced</span> tab in the <span class="guimenu">Properties</span> panel. 
                 You can set the Location (under the <span class="guimenu">General</span> tab) and Security settings (under 
                 the <span class="guimenu">Security</span> tab). Under the <span class="guimenu">Sharing</span> tab it is possible to
-                load additional printer drivers; there is also a check-box in this tab called &#8220;<span class="quote">List in the
-                directory</span>&#8221;. When this box is checked, the printer will be published in Active Directory
+                load additional printer drivers; there is also a check-box in this tab called <span class="quote">&#8220;<span class="quote">List in the
+                directory</span>&#8221;</span>. When this box is checked, the printer will be published in Active Directory
                 (Applicable to Active Directory use only.)
-                </p></li><li><p>
-                <a class="indexterm" name="id2583031"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id2589090"></a>
                 Click <span class="guimenu">OK</span>. It will take a minute or so to upload the settings to the server. 
                 You are now returned to the <span class="guimenu">Printers and Faxes on Massive</span> monitor.
@@ -2648 +2648 @@
                 your requirements. BE CERTAIN TO CHANGE AT LEAST ONE SETTING and apply the changes even if 
                 you need to reverse the changes back to their original settings. 
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 This is necessary so that the printer settings are initialized in the Samba printers
                 database. Click <span class="guimenu">Apply</span> to commit your settings. Revert any settings you changed
                 just to initialize the Samba printers database entry for this printer. If you need to revert a setting,
                 click <span class="guimenu">Apply</span> again.
-                </p></li><li><p>
-                <a class="indexterm" name="id2583104"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id2589163"></a>
                 Verify that all printer settings are at the desired configuration. When you are satisfied that they are,
                 click the <span class="guimenu">General</span> tab. Now click the <span class="guimenu">Print Test Page</span> button.
@@ -2660 +2660 @@
                 in the panel that is newly presented. Click <span class="guimenu">OK</span> on the <span class="guimenu">ps01-color on 
                 massive Properties</span> panel.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 You must repeat this process for all network printers (i.e., for every printer on each server).
                 When you have finished uploading drivers to all printers, close all applications. The next task
                 is to install software your users require to do their work.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2583160"></a>Software Installation</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Software Installation"><div class="titlepage"><div><div><h3 class="title"><a name="id2589218"></a>Software Installation</h3></div></div></div><p>
         Your network has both fixed desktop workstations as well as notebook computers. As a general rule, it is
         a good idea to not tamper with the operating system that is provided by the notebook computer manufacturer.
@@ -2679 +2679 @@
         and migrate that to the Samba server for later reuse when creating custom mandatory profiles, just in
         case a user may have specific needs you had not anticipated.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2583195"></a>Roll-out Image Creation</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Roll-out Image Creation"><div class="titlepage"><div><div><h3 class="title"><a name="id2589254"></a>Roll-out Image Creation</h3></div></div></div><p>
         The final steps before preparing the distribution Norton Ghost image file you might follow are:
         </p><div class="blockquote"><blockquote class="blockquote"><p>
@@ -2688 +2688 @@
         in better performance and often significantly reduces the size of the compressed disk image. That
         also means it will take less time to deploy the image onto 500 workstations.
-        </p></blockquote></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583229"></a>Key Points Learned</h2></div></div></div><p>
+        </p></blockquote></div></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2589288"></a>Key Points Learned</h2></div></div></div><p>
         This chapter introduced many new concepts. Is it a sad fact that the example presented deliberately
         avoided any consideration of security. Security does not just happen; you must design it into your total
@@ -2697 +2697 @@
         of compromise.
         </p><p>
-        <a class="indexterm" name="id2583251"></a>
-        <a class="indexterm" name="id2583260"></a>
+        <a class="indexterm" name="id2589309"></a>
+        <a class="indexterm" name="id2589319"></a>
         As a minimum, the LDAP server must be protected by way of Access Control Lists (ACLs), and it must be
         configured to use secure protocols for all communications over the network. Of course, secure networking
@@ -2709 +2709 @@
         </p><p>
         The substance of this chapter that has been deserving of particular attention includes:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Implementation of an OpenLDAP-based passwd backend, necessary to support distributed
                 domain control.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Implementation of Samba primary and secondary domain controllers with a common LDAP backend
                 for user and group accounts that is shared with the UNIX system through the PADL nss_ldap and
                 pam_ldap tool-sets.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Use of the Idealx smbldap-tools scripts for UNIX (POSIX) account management as well as
                 to manage Samba Windows user and group accounts.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The basics of implementation of Group Policy controls for Windows network clients.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Control over roaming profiles, with particular focus on folder redirection to network drives.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Use of the CUPS printing system together with Samba-based printer driver auto-download.
-                </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583345"></a>Questions and Answers</h2></div></div></div><p>
+                </p></li></ul></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2589403"></a>Questions and Answers</h2></div></div></div><p>
         Well, here we are at the end of this chapter and we have only ten questions to help you to
         remember so much. There are bound to be some sticky issues here.
-        </p><div class="qandaset"><dl><dt> <a href="happy.html#id2583363">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id2589415"></a><dl><dt> <a href="happy.html#id2589422">
                 Why did you not cover secure practices? Isn't it rather irresponsible to instruct
                 network administrators to implement insecure solutions?
-                </a></dt><dt> <a href="happy.html#id2583407">
+                </a></dt><dt> <a href="happy.html#id2589466">
                 You have focused much on SUSE Linux and little on the market leader, Red Hat. Do
                 you have a problem with Red Hat Linux? Doesn't that make your guidance irrelevant
                 to the Linux I might be using?
-                </a></dt><dt> <a href="happy.html#id2583468">
+                </a></dt><dt> <a href="happy.html#id2589527">
                 You did not use SWAT to configure Samba. Is there something wrong with it?
-                </a></dt><dt> <a href="happy.html#id2583508">
+                </a></dt><dt> <a href="happy.html#id2589566">
                 You have exposed a well-used password not24get. Is that
                 not irresponsible? 
-                </a></dt><dt> <a href="happy.html#id2583533">
+                </a></dt><dt> <a href="happy.html#id2589591">
                 The Idealx smbldap-tools create many domain group accounts that are not used. Is that
                 a good thing?
-                </a></dt><dt> <a href="happy.html#id2583559">
+                </a></dt><dt> <a href="happy.html#id2589618">
                 Can I use LDAP just for Samba accounts and not for UNIX system accounts?
-                </a></dt><dt> <a href="happy.html#id2583584">
+                </a></dt><dt> <a href="happy.html#id2589643">
                 Why are the Windows domain RID portions not the same as the UNIX UID?
-                </a></dt><dt> <a href="happy.html#id2583620">
+                </a></dt><dt> <a href="happy.html#id2589678">
                 Printer configuration examples all show printing to the HP port 9100. Does this
                 mean that I must have HP printers for these solutions to work?
-                </a></dt><dt> <a href="happy.html#id2583649">
+                </a></dt><dt> <a href="happy.html#id2589708">
                 Is folder redirection dangerous? I've heard that you can lose your data that way.
-                </a></dt><dt> <a href="happy.html#id2583677">
+                </a></dt><dt> <a href="happy.html#id2589735">
                 Is it really necessary to set a local Group Policy to exclude the redirected
                 folders from the roaming profile?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2583363"></a><a name="id2583366"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id2589422"></a><a name="id2589424"></a></td><td align="left" valign="top"><p>
                 Why did you not cover secure practices? Isn't it rather irresponsible to instruct
                 network administrators to implement insecure solutions?
@@ -2774 +2774 @@
                 that you should implement a network without provision for data recovery and for disaster
                 management? Back to our focus: The deployment of Samba has been clearly demonstrated.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583407"></a><a name="id2583409"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589466"></a><a name="id2589468"></a></td><td align="left" valign="top"><p>
                 You have focused much on SUSE Linux and little on the market leader, Red Hat. Do
                 you have a problem with Red Hat Linux? Doesn't that make your guidance irrelevant
@@ -2801 +2801 @@
                 features of both products (companies also). No bias in presentation is intended.
                 Oh, before I forget, I particularly like Debian Linux; that is my favorite playground.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583468"></a><a name="id2583470"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589527"></a><a name="id2589529"></a></td><td align="left" valign="top"><p>
                 You did not use SWAT to configure Samba. Is there something wrong with it?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2812 +2812 @@
                 and insecure. Many will not touch it with a barge-pole. By not introducing SWAT, I
                 hope to have brought their interests on board. SWAT is well covered is <span class="emphasis"><em>TOSHARG2</em></span>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583508"></a><a name="id2583510"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589566"></a><a name="id2589568"></a></td><td align="left" valign="top"><p>
                 You have exposed a well-used password <span class="emphasis"><em>not24get</em></span>. Is that
                 not irresponsible? 
@@ -2819 +2819 @@
                 used throughout. I guess you can figure out that in a real deployment it would make 
                 sense to use a more secure and original password.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583533"></a><a name="id2583535"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589591"></a><a name="id2589593"></a></td><td align="left" valign="top"><p>
                 The Idealx smbldap-tools create many domain group accounts that are not used. Is that
                 a good thing?
@@ -2827 +2827 @@
                 and, besides, it does no harm to create accounts that are not now used  at some time 
                 Samba may well use them.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583559"></a><a name="id2583561"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589618"></a><a name="id2589620"></a></td><td align="left" valign="top"><p>
                 Can I use LDAP just for Samba accounts and not for UNIX system accounts?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2835 +2835 @@
                 password files in sync? I think that having everything in LDAP makes a lot of sense
                 for the UNIX administrator who is still learning the craft and is migrating from MS Windows.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583584"></a><a name="id2583586"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589643"></a><a name="id2589645"></a></td><td align="left" valign="top"><p>
                 Why are the Windows domain RID portions not the same as the UNIX UID?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2844 +2844 @@
                 permit you to override that to some extent. See the <code class="filename">smb.conf</code> man page entry
                 for <em class="parameter"><code>algorithmic rid base</code></em>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583620"></a><a name="id2583622"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589678"></a><a name="id2589681"></a></td><td align="left" valign="top"><p>
                 Printer configuration examples all show printing to the HP port 9100. Does this
                 mean that I must have HP printers for these solutions to work?
@@ -2854 +2854 @@
                 argument to the <code class="constant">lpadmin -v</code> option that is right for your
                 printer.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583649"></a><a name="id2583651"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589708"></a><a name="id2589710"></a></td><td align="left" valign="top"><p>
                 Is folder redirection dangerous? I've heard that you can lose your data that way.
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2864 +2864 @@
                 folder. That was not the case, so by declining to move the data back, he wiped out
                 the data. You cannot hold the tool responsible for that. Caveat emptor still applies.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583677"></a><a name="id2583679"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589735"></a><a name="id2589737"></a></td><td align="left" valign="top"><p>
                 Is it really necessary to set a local Group Policy to exclude the redirected
                 folders from the roaming profile?
@@ -2870 +2870 @@
                 Yes. If you do not do this, the data will still be copied from the network folder
                 (share) to the local cached copy of the profile.
-                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2581860" href="#id2581860" class="para">11</a>] </sup>
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2587919" href="#id2587919" class="para">11</a>] </sup>
                         There is an alternate method by which a default user profile can be added to the
                         <code class="constant">NETLOGON</code> share. This facility in the Windows System tool