Changeset 599 for trunk/server/docs/htmldocs/Samba3-ByExample

Timestamp:

Jul 6, 2011, 8:21:13 PM (14 years ago)

Author:

Herwig Bauernfeind

Message:

Samba 3.5: Update trunk to 3.5.9

Location:

trunk/server/docs/htmldocs/Samba3-ByExample

Files:

• Big500users.html (modified) (54 diffs)
• DMSMig.html (modified) (2 diffs)
• DomApps.html (modified) (34 diffs)
• ExNetworks.html (modified) (2 diffs)
• HA.html (modified) (26 diffs)
• RefSection.html (modified) (1 diff)
• apa.html (modified) (27 diffs)
• appendix.html (modified) (37 diffs)
• ch14.html (modified) (7 diffs)
• go01.html (modified) (4 diffs)
• happy.html (modified) (167 diffs)
• index.html (modified) (1 diff)
• ix01.html (modified) (1 diff)
• kerberos.html (modified) (67 diffs)
• net2000users.html (modified) (61 diffs)
• ntmigration.html (modified) (51 diffs)
• nw4migration.html (modified) (30 diffs)
• pr01.html (modified) (1 diff)
• pr02.html (modified) (1 diff)
• pr03.html (modified) (1 diff)
• preface.html (modified) (11 diffs)
• primer.html (modified) (30 diffs)
• secure.html (modified) (80 diffs)
• simple.html (modified) (50 diffs)
• small.html (modified) (42 diffs)
• unixclients.html (modified) (89 diffs)
• upgrades.html (modified) (52 diffs)

trunk/server/docs/htmldocs/Samba3-ByExample/Big500users.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id2565229">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565274">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565373">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565409">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2565612">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565635">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566362">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566927">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2570125">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2570184">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 4. The 500-User Office"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></div><p>
         The Samba-3 networking you explored in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> covers the finer points of 
         configuration of peripheral services such as DHCP and DNS, and WINS. You experienced
@@ -7 +7 @@
         An analysis of the history of postings to the Samba mailing list easily demonstrates 
         that the two most prevalent Samba problem areas are
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Defective resolution of a NetBIOS name to its IP address
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Printing problems
                 </p></li></ul></div><p>
@@ -18 +18 @@
         to make printing more complex for the administrator while making it easier for the user.
         </p><p>
-        <a class="indexterm" name="id2565165"></a>
-        <a class="indexterm" name="id2565172"></a>
-        <a class="indexterm" name="id2565178"></a>
+        <a class="indexterm" name="id335954"></a>
+        <a class="indexterm" name="id335961"></a>
+        <a class="indexterm" name="id335967"></a>
         <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> demonstrates operation of a DHCP server and a DNS server 
         as well as a central WINS server. You validated the operation of these services and
@@ -42 +42 @@
         You should take the opportunity to innovate and expand on the methods presented 
         here and explore them to the fullest.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565229"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336007"></a>Introduction</h2></div></div></div><p>
         Business continues to go well for Abmas. Mr. Meany is driving your success and the
         network continues to grow thanks to the hard work Christine has done. You recently
@@ -67 +67 @@
         it is rolled out. Your strategy is to complete the new network so that it
         is ready for operation when the old office moves into the new premises.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565274"></a>Assignment Tasks</h3></div></div></div><p>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id336038"></a>Assignment Tasks</h3></div></div></div><p>
                 The acquired business had 280 network users. The old Abmas building housed
                 220 network users in unbelievably cramped conditions. The network that
@@ -108 +108 @@
                 every four months. They automatically roll that out to each desktop system.
                 You must keep DirectPointe informed of all changes.
-                </p><p><a class="indexterm" name="id2565345"></a>
+                </p><p><a class="indexterm" name="id336088"></a>
                 The new network has a single Samba Primary Domain Controller (PDC) located in the
                 Network Operation Center (NOC). Buildings 1 and 2 each have a local server
@@ -116 +116 @@
                 Printing is based on raw pass-through facilities just as it has been used so far.
                 All printer drivers are installed on the desktop and notebook computers.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565373"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2565381"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336113"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id336121"></a>
         The example you are building in this chapter is of a network design that works, but this
         does not make it a design that is recommended. As a general rule, there should be at least
@@ -128 +128 @@
         controller. This is not a good omen for user satisfaction. You, of course, address this
         very soon (see <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>).
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565409"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id336141"></a>Technical Issues</h3></div></div></div><p>
                 Stan has talked you into a horrible compromise, but it is addressed. Just make
                 certain that the performance of this network is well validated before going live.
                 </p><p>
                 Design decisions made in this design include the following:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id2565430"></a>
-                        <a class="indexterm" name="id2565437"></a>
-                        <a class="indexterm" name="id2565444"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id336161"></a>
+                        <a class="indexterm" name="id336168"></a>
+                        <a class="indexterm" name="id336174"></a>
                         A single PDC is being implemented. This limitation is based on the choice not to
                         use LDAP. Many network administrators fear using LDAP because of the perceived
                         complexity of implementation and management of an LDAP-based backend for all user
                         identity management as well as to store network access credentials.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2565461"></a>
-                        <a class="indexterm" name="id2565468"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id336188"></a>
+                        <a class="indexterm" name="id336195"></a>
                         Because of the refusal to use an LDAP (ldapsam) passdb backend at this time, the
                         only choice that makes sense with 500 users is to use the tdbsam passwd backend. 
@@ -152 +152 @@
                         machines periodically change the secret machine password. When this happens, there
                         is no mechanism to return the changed password to the PDC.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         All domain user, group, and machine accounts are managed on the PDC. This makes
                         for a simple mode of operation but has to be balanced with network performance and
                         integrity of operations considerations.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2565508"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id336229"></a>
                         A single central WINS server is being used. The PDC is also the WINS server.
                         Any attempt to operate a routed network without a WINS server while using NetBIOS
@@ -164 +164 @@
                         normally located on the Windows XP Professional client in the 
                         <code class="filename">C:\WINDOWS\SYSTEM32\ETC\DRIVERS</code> directory.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         At this time the Samba WINS database cannot be replicated. That is
                         why a single WINS server is being implemented. This should work without a problem.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2565545"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id336261"></a>
                         BDCs make use of <code class="literal">winbindd</code> to provide
                         access to domain security credentials for file system access and object storage.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2565564"></a>
-                        <a class="indexterm" name="id2565574"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id336279"></a>
+                        <a class="indexterm" name="id336288"></a>
                         Configuration of Windows XP Professional clients is achieved using DHCP. Each
                         subnet has its own DHCP server. Backup DHCP serving is provided by one
@@ -179 +179 @@
                         all routers. The DHCP Relay agent must be programmed to pass DHCP Requests from the
                         network directed at the backup DHCP server.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         All network users are granted the ability to print to any printer that is
                         network-attached. All printers are available from each server. Print jobs that
@@ -185 +185 @@
                         routed to the print spooler that is in control of that printer. The specific details
                         of how this might be done are demonstrated for one example only.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The network address and subnetmask chosen provide 1022 usable IP addresses in
                         each subnet. If in the future more addresses are required, it would make sense
                         to add further subnets rather than change addressing.
-                        </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565612"></a>Political Issues</h3></div></div></div><p>
+                        </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id336318"></a>Political Issues</h3></div></div></div><p>
                 This case gets close to the real world. You and I know the right way to implement
                 domain control. Politically, we have to navigate a minefield. In this case, the need is to
@@ -195 +195 @@
                 by having the real solution ready before it is needed. That real solution is presented in
                 <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565635"></a>Implementation</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336338"></a>Implementation</h2></div></div></div><p>
         The following configuration process begins following installation of Red Hat Fedora Core2 on the
         three servers shown in the network topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">&#8220;Network Topology  500 User Network Using tdbsam passdb backend.&#8221;</a>. You have
         selected hardware that is appropriate to the task.
-        </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology  500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p>
+        </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology  500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" title="Installation of DHCP, DNS, and Samba Control Files"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p>
         Carefully install the configuration files into the correct locations as shown in 
         <a class="link" href="Big500users.html#ch5-filelocations" title="Table 4.1. Domain: MEGANET, File Locations for Servers">&#8220;Domain: MEGANET, File Locations for Servers&#8221;</a>. You should validate that the full file path is
@@ -206 +206 @@
         The abbreviation shown in this table as <code class="constant">{VLN}</code> refers to
         the directory location beginning with <code class="filename">/var/lib/named</code>.
-        </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">&#8220;Common Samba Configuration File: /etc/samba/common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">&#8220;Server: BLDG1 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">&#8220;Server: BLDG2 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">&#8220;Common Domain Member Include File: dom-mem.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">&#8220;Server: MASSIVE, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">&#8220;Server: BLDG1, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">&#8220;Server: BLDG2, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">&#8220;Server: MASSIVE, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">&#8220;Server: MASSIVE, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">&#8220;Server: MASSIVE, File: named.conf, Part: C&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566362"></a>Server Preparation: All Servers</h3></div></div></div><p>
+        </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">&#8220;Common Samba Configuration File: /etc/samba/common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">&#8220;Server: BLDG1 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">&#8220;Server: BLDG2 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">&#8220;Common Domain Member Include File: dom-mem.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">&#8220;Server: MASSIVE, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">&#8220;Server: BLDG1, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">&#8220;Server: BLDG2, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">&#8220;Server: MASSIVE, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">&#8220;Server: MASSIVE, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">&#8220;Server: MASSIVE, File: named.conf, Part: C&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Server Preparation: All Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id337052"></a>Server Preparation: All Servers</h3></div></div></div><p>
         The following steps apply to all servers. Follow each step carefully.
-        </p><div class="procedure"><a name="id2566373"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 4.1. Server Preparation Steps"><a name="id337062"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Using the UNIX/Linux system tools, set the name of the server as shown in the network
                         topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">&#8220;Network Topology  500 User Network Using tdbsam passdb backend.&#8221;</a>. For SUSE Linux products, the tool
@@ -221 +221 @@
 <code class="prompt">root# </code> hostname -f
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566437"></a>
-                        <a class="indexterm" name="id2566444"></a>
+                        </p></li><li class="step" title="Step 2"><p>
+                        <a class="indexterm" name="id337123"></a>
+                        <a class="indexterm" name="id337130"></a>
                         Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses
                         of all network interfaces that are on the host server. This is necessary so that during
@@ -230 +230 @@
                         CUPS print server is started before the DNS server (<code class="literal">named</code>), you 
                         should also include an entry for the printers in the <code class="filename">/etc/hosts</code> file.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566483"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id337165"></a>
                         All DNS name resolution should be handled locally. To ensure that the server is configured
                         correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> so it has the following
@@ -241 +241 @@
                         This instructs the name resolver function (when configured correctly) to ask the DNS server
                         that is running locally to resolve names to addresses.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566514"></a>
-                        <a class="indexterm" name="id2566521"></a>
+                        </p></li><li class="step" title="Step 4"><p>
+                        <a class="indexterm" name="id337193"></a>
+                        <a class="indexterm" name="id337200"></a>
                         Add the <code class="constant">root</code> user to the password backend:
 </p><pre class="screen">
@@ -255 +255 @@
                         deleted. If for any reason the account is deleted, you may not be able to recreate this account
                         without considerable trouble.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566567"></a>
-                        <a class="indexterm" name="id2566574"></a>
+                        </p></li><li class="step" title="Step 5"><p>
+                        <a class="indexterm" name="id337241"></a>
+                        <a class="indexterm" name="id337248"></a>
                         Create the username map file to permit the <code class="constant">root</code> account to be called
                         <code class="constant">Administrator</code> from the Windows network environment. To do this, create
@@ -283 +283 @@
 ####
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 6"><p>
                         Configure all network-attached printers to have a fixed IP address.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 7"><p>
                         Create an entry in the DNS database on the server <code class="constant">MASSIVE</code>
                         in both the forward lookup database for the zone <code class="constant">abmas.biz.hosts</code>
@@ -291 +291 @@
                         located in. Example configuration files for similar zones were presented in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a>,
                         <a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">&#8220;DNS Abmas.biz Forward Zone File&#8221;</a> and <a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">&#8220;DNS 192.168.2 Reverse Zone File&#8221;</a>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 8"><p>
                         Follow the instructions in the printer manufacturer's manuals to permit printing 
                         to port 9100.  Use any other port the manufacturer specifies for direct mode, 
                         raw printing.  This allows the CUPS spooler to print using raw mode protocols.
-                        <a class="indexterm" name="id2566665"></a>
-                        <a class="indexterm" name="id2566672"></a>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566685"></a>
+                        <a class="indexterm" name="id337328"></a>
+                        <a class="indexterm" name="id337335"></a>
+                        </p></li><li class="step" title="Step 9"><p>
+                        <a class="indexterm" name="id337348"></a>
                         Only on the server to which the printer is attached configure the CUPS Print 
                         Queues as follows:
@@ -304 +304 @@
 <code class="prompt">root# </code> lpadmin -p <em class="parameter"><code>printque</code></em> -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E
 </pre><p>
-                        <a class="indexterm" name="id2566720"></a>
+                        <a class="indexterm" name="id337382"></a>
                         This step creates the necessary print queue to use no assigned print filter. This
                         is ideal for raw printing, that is, printing without use of filters.
                         The name <em class="parameter"><code>printque</code></em> is the name you have assigned for
                         the particular printer.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 10"><p>
                         Print queues may not be enabled at creation. Make certain that the queues
                         you have just created are enabled by executing the following:
@@ -315 +315 @@
 <code class="prompt">root# </code> /usr/bin/enable <em class="parameter"><code>printque</code></em>
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 11"><p>
                         Even though your print queue may be enabled, it is still possible that it
                         does not accept print jobs. A print queue services incoming printing
@@ -323 +323 @@
 <code class="prompt">root# </code> /usr/bin/accept <em class="parameter"><code>printque</code></em>
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566799"></a>
-                        <a class="indexterm" name="id2566806"></a>
-                        <a class="indexterm" name="id2566813"></a>
+                        </p></li><li class="step" title="Step 12"><p>
+                        <a class="indexterm" name="id337455"></a>
+                        <a class="indexterm" name="id337461"></a>
+                        <a class="indexterm" name="id337468"></a>
                         This step, as well as the next one, may be omitted where CUPS version 1.1.18
                         or later is in use.  Although it does no harm to follow it anyway, and may
@@ -336 +336 @@
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2566849"></a>
+                        </p></li><li class="step" title="Step 13"><p>
+                        <a class="indexterm" name="id337500"></a>
                         Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 14"><p>
                         Refer to the CUPS printing manual for instructions regarding how to configure
                         CUPS so that print queues that reside on CUPS servers on remote networks
@@ -348 +348 @@
                         on your CUPS server may automatically discover remotely installed printers and
                         may permit this functionality without requiring specific configuration.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 15"><p>
                         As part of the roll-out program, you need to configure the application's
                         server shares. This can be done once on the central server and may then be
@@ -355 +355 @@
                         <a class="link" href="secure.html#ch4appscfg" title="Application Share Configuration">&#8220;Application Share Configuration&#8221;</a> may help in your decisions to use an application
                         server facility.
-                        </p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                        </p></li></ol></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         Logon scripts that are run from a domain controller (PDC or BDC) are capable of using semi-intelligent
         processes to automap Windows client drives to an application server that is nearest to the client. This
         is considerably more difficult when a single PDC is used on a routed network. It can be done, but not
         as elegantly as you see in the next chapter.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566927"></a>Server-Specific Preparation</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Server-Specific Preparation"><div class="titlepage"><div><div><h3 class="title"><a name="id337568"></a>Server-Specific Preparation</h3></div></div></div><p>
         There are some steps that apply to particular server functionality only. Each step is critical
         to correct server operation. The following step-by-step installation guidance will assist you 
         in working through the process of configuring the PDC and then both BDC's.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2566940"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>
+        </p><div class="sect3" title="Configuration for Server: MASSIVE"><div class="titlepage"><div><div><h4 class="title"><a name="id337579"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>
                 The steps presented here attempt to implement Samba installation in a generic manner. While
                 some steps are clearly specific to Linux, it should not be too difficult to apply them to
                 your platform of choice.
-                </p><div class="procedure"><a name="id2566955"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol type="1"><li><p>
-                        <a class="indexterm" name="id2566967"></a>
-                        <a class="indexterm" name="id2566974"></a>
+                </p><div class="procedure" title="Procedure 4.2. Primary Domain Controller Preparation"><a name="id337592"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id337603"></a>
+                        <a class="indexterm" name="id337610"></a>
                         The host server acts as a router between the two internal network segments as well
                         as for all Internet access. This necessitates that IP forwarding be enabled. This can be
@@ -379 +379 @@
                         To ensure that your kernel is capable of IP forwarding during configuration, you may wish to execute
                         that command manually also. This setting permits the Linux system to act as a router.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         This server is dual hosted (i.e., has two network interfaces)  one goes to the Internet
                         and the other to a local network that has a router that is the gateway to the remote networks.
@@ -397 +397 @@
                         startup files as follows: (SUSE) <code class="filename">/etc/rc.d/boot.local</code>, (Red Hat)
                         <code class="filename">/etc/rc.d/init.d/rc.local</code>.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2567068"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id337688"></a>
                         The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file.
                         This file controls the operation of the various resolver libraries that are part of the Linux
@@ -405 +405 @@
 hosts:      files dns wins
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2567098"></a>
+                        </p></li><li class="step" title="Step 4"><p>
+                        <a class="indexterm" name="id337715"></a>
                         Create and map Windows domain groups to UNIX groups. A sample script is provided in
                         <a class="link" href="Big500users.html#ch5-initgrps" title="Example 4.17. Initialize Groups Script, File: /etc/samba/initGrps.sh">&#8220;Initialize Groups Script, File: /etc/samba/initGrps.sh&#8221;</a>. Create a file containing this script. You called yours
@@ -412 +412 @@
                         and then execute the script. An example of the execution of this script as well as its
                         validation are shown in Section 4.3.2, Step 5.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2567129"></a>
-                        <a class="indexterm" name="id2567136"></a>
-                        <a class="indexterm" name="id2567145"></a>
+                        </p></li><li class="step" title="Step 5"><p>
+                        <a class="indexterm" name="id337743"></a>
+                        <a class="indexterm" name="id337750"></a>
+                        <a class="indexterm" name="id337759"></a>
                         For each user who needs to be given a Windows domain account, make an entry in the
                         <code class="filename">/etc/passwd</code> file as well as in the Samba password backend.
@@ -421 +421 @@
                         <code class="literal">smbpasswd</code> to create a domain user account.
                         </p><p>
-                        <a class="indexterm" name="id2567172"></a>
-                        <a class="indexterm" name="id2567179"></a>
-                        <a class="indexterm" name="id2567185"></a>
+                        <a class="indexterm" name="id337784"></a>
+                        <a class="indexterm" name="id337790"></a>
+                        <a class="indexterm" name="id337797"></a>
                         There are a number of tools for user management under UNIX, such as
                         <code class="literal">useradd</code>, <code class="literal">adduser</code>, as well as a plethora of custom
                         tools. With the tool of your choice, create a home directory for each user.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 6"><p>
                         Using the preferred tool for your UNIX system, add each user to the UNIX groups created
                         previously as necessary. File system access control is based on UNIX group membership.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 7"><p>
                         Create the directory mount point for the disk subsystem that is to be mounted to provide
                         data storage for company files, in this case, the mount point indicated in the <code class="filename">smb.conf</code>
                         file is <code class="filename">/data</code>. Format the file system as required and mount the formatted
                         file system partition using appropriate system tools.
-                        </p></li><li><p>
-                <a class="indexterm" name="id2567249"></a>
+                        </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id337856"></a>
                         Create the top-level file storage directories for data and applications as follows:
 </p><pre class="screen">
@@ -454 +454 @@
                         The <code class="filename">/apps</code> directory is the root of the <code class="constant">apps</code> share
                         that provides the application server infrastructure.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 9"><p>
                         The <code class="filename">smb.conf</code> file specifies an infrastructure to support roaming profiles and network
                         logon services. You can now create the file system infrastructure to provide the
@@ -475 +475 @@
 <code class="prompt">root# </code> chmod ug+wrx,o+rx,-w /var/lib/samba/profiles/'username'
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2567455"></a>
-                        <a class="indexterm" name="id2567462"></a>
+                        </p></li><li class="step" title="Step 10"><p>
+                        <a class="indexterm" name="id338048"></a>
+                        <a class="indexterm" name="id338055"></a>
                         Create a logon script. It is important that each line is correctly terminated with
                         a carriage return and line-feed combination (i.e., DOS encoding). The following procedure
@@ -492 +492 @@
         &gt; /var/lib/samba/netlogon/scripts/logon.bat
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 11"><p>
                         There is one preparatory step without which you cannot have a working Samba network
                         environment. You must add an account for each network user. You can do this by executing
@@ -509 +509 @@
 </pre><p>
                         You do, of course, use a valid user login ID in place of <em class="parameter"><code>username</code></em>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 12"><p>
                         Follow the processes shown in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">&#8220;Process Startup Configuration&#8221;</a> to start all services.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 13"><p>
                         Your server is ready for validation testing. Do not proceed with the steps in
                         <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">&#8220;Configuration Specific to Domain Member Servers: BLDG1, BLDG2&#8221;</a> until after the operation of the server has been
                         validated following the same methods as outlined in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a>, <a class="link" href="secure.html#ch4valid" title="Validation">&#8220;Validation&#8221;</a>.
-                        </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p>
+                        </p></li></ol></div></div><div class="sect3" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p>
                 The following steps will guide you through the nuances of implementing BDCs for the broadcast
                 isolated network segments. Remember that if the target installation platform is not Linux, it may
                 be necessary to adapt some commands to the equivalent on the target platform.
-                </p><div class="procedure"><a name="id2567648"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol type="1"><li><p>
-                        <a class="indexterm" name="id2567660"></a>
+                </p><div class="procedure" title="Procedure 4.3. Backup Domain Controller Configuration Steps"><a name="id338227"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id338238"></a>
                         The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file.
                         This file controls the operation of the various resolver libraries that are part of the Linux
@@ -529 +529 @@
 hosts:      files dns wins
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Follow the steps outlined in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">&#8220;Process Startup Configuration&#8221;</a> to start all services. Do not
                         start Samba at this time. Samba is controlled by the process called <code class="literal">smb</code>.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2567712"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id338286"></a>
                         You must now attempt to join the domain member servers to the domain. The following
                         instructions should be executed to effect this:
@@ -539 +539 @@
 <code class="prompt">root# </code> net rpc join 
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2567744"></a>
+                        </p></li><li class="step" title="Step 4"><p>
+                        <a class="indexterm" name="id338316"></a>
                         You now start the Samba services by executing:
 </p><pre class="screen">
 <code class="prompt">root# </code> service smb start
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 5"><p>
                         Your server is ready for validation testing. Do not proceed with the steps in
                         <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">&#8220;Configuration Specific to Domain Member Servers: BLDG1, BLDG2&#8221;</a> until after the operation of the server has been
                         validated following the same methods as outlined in <a class="link" href="secure.html#ch4valid" title="Validation">&#8220;Validation&#8221;</a>.
-                        </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2567829"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2567841"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2567853"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2567865"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567877"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2567888"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2567900"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567912"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567924"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2567937"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2567949"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567961"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567974"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567986"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567998"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2568019"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568030"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2568042"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2568063"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568074"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2568086"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2568107"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568119"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2568130"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568178"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2568190"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2568202"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2568214"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2568226"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2568238"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2568250"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568261"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568273"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2568294"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2568306"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2568317"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568329"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2568349"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2568361"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2568373"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568385"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2568405"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2568417"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2568429"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568440"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568485"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2568497"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2568508"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2568520"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2568532"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2568543"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2568555"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2568567"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568579"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2568590"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568603"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2568615"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2568627"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568639"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568651"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2568662"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2568674"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id2568686"></a><em class="parameter"><code>include =  </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2568711"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2568723"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2568734"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568746"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568758"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568769"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568781"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2568802"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568814"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2568825"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2568837"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568880"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2568891"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2568903"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568946"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2568958"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2568970"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2569013"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2569025"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2569038"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2569049"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2569061"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2569073"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2569085"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">
+                        </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338398"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id338409"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id338421"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id338432"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338444"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id338455"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id338467"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338478"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338490"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id338502"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id338514"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338526"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338538"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338549"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338560"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id338581"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id338593"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id338604"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id338624"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id338636"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id338648"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id338668"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id338680"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id338691"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338738"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id338749"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id338761"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id338773"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id338784"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id338796"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id338807"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338819"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338830"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id338851"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id338862"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id338874"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id338885"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id338906"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id338917"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id338929"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338940"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id338961"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id338972"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id338984"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id338995"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339038"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id339050"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id339061"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id339073"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id339084"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id339096"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id339107"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id339119"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339130"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id339142"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id339154"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id339165"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id339177"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339188"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339200"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id339211"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id339223"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id339235"></a><em class="parameter"><code>include =  </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id339259"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id339270"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id339282"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339293"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339305"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339316"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339328"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id339348"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id339360"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id339371"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id339383"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339425"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id339436"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id339448"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339490"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id339501"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id339512"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339555"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id339566"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id339578"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339590"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id339601"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id339613"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id339624"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">
 # Abmas Accounting Inc.
 
@@ -898 +898 @@
 net groupmap add ntgroup="Financial Services"  unixgroup=finsrvcs type=d
 net groupmap add ntgroup="Insurance Group"     unixgroup=piops type=d
-</pre></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p>
-                <a class="indexterm" name="id2569434"></a>
-                <a class="indexterm" name="id2569441"></a>
+</pre></div></div><br class="example-break"><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p>
+                <a class="indexterm" name="id339909"></a>
+                <a class="indexterm" name="id339916"></a>
         There are two essential steps to process startup configuration. A process
         must be configured so that it is automatically restarted each time the server
@@ -909 +909 @@
         necessary start or kill script is run.
         </p><p>
-        <a class="indexterm" name="id2569477"></a>
+        <a class="indexterm" name="id339948"></a>
         In the event that a service is provided not as a daemon but via the internetworking
         super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code>
@@ -919 +919 @@
                 are for a Red Hat Linux system, please adapt them to suit the target OS platform on which you 
                 are installing Samba.
-        </p><div class="procedure"><a name="id2569521"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 4.4. Process Startup Configuration Steps"><a name="id339987"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Use the standard system tool to configure each service to restart
                 automatically at every system reboot. For example,
-                <a class="indexterm" name="id2569535"></a>
+                <a class="indexterm" name="id340000"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhpc on
@@ -930 +930 @@
 <code class="prompt">root# </code> chkconfig swat on
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2569585"></a>
-                <a class="indexterm" name="id2569592"></a>
-                <a class="indexterm" name="id2569599"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id340049"></a>
+                <a class="indexterm" name="id340056"></a>
+                <a class="indexterm" name="id340062"></a>
                 Now start each service to permit the system to be validated.
                 Execute each of the following in the sequence shown:
@@ -944 +944 @@
 <code class="prompt">root# </code> service swat restart
 </pre><p>
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5wincfg"></a>Windows Client Configuration</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Windows Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5wincfg"></a>Windows Client Configuration</h3></div></div></div><p>
         The procedure for desktop client configuration for the network in this chapter is similar to
         that used for the previous one. There are a few subtle changes that should be noted.
-        </p><div class="procedure"><a name="id2569665"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 4.5. Windows Client Configuration Steps"><a name="id340124"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 
                 TCP/IP protocol configuration.
-                <a class="indexterm" name="id2569678"></a>
-                <a class="indexterm" name="id2569685"></a>
+                <a class="indexterm" name="id340136"></a>
+                <a class="indexterm" name="id340142"></a>
                 DHCP configures all Windows clients to use the WINS Server address that has been defined
                 for the local subnet.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Join the Windows domain <code class="constant">MEGANET</code>. Use the domain administrator
                 username <code class="constant">root</code> and the SMB password you assigned to this account.
@@ -961 +961 @@
                 Reboot the machine as prompted and then log on using the domain administrator account
                 (<code class="constant">root</code>).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Verify that the server called <code class="constant">MEGANET</code> is visible in <span class="guimenu">My Network Places</span>, 
                 that it is possible to connect to it and see the shares <span class="guimenuitem">accounts</span>,
                 <span class="guimenuitem">apps</span>, and <span class="guimenuitem">finsvcs</span>,
                 and that it is possible to open each share to reveal its contents.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Create a drive mapping to the <code class="constant">apps</code> share on a server. At this time, it does
                 not particularly matter which application server is used. It is necessary to manually
@@ -972 +972 @@
                 installation. This step is avoided by the improvements to the design of the network configuration
                 in the next chapter.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Perform an administrative installation of each application to be used. Select the options
                 that you wish to use. Of course, you choose to run applications over the network, correct?
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Now install all applications to be installed locally. Typical tools include Adobe Acrobat,
                 NTP-based time synchronization software, drivers for specific local devices such as fingerprint
                 scanners, and the like. Probably the most significant application to be locally installed
                 is antivirus software.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now install all four printers onto the staging system. The printers you install
                 include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers, and you
                 also configure use of the identical printers that are located in the financial services department.
                 Install printers on each machine using the following steps:
-        </p><div class="procedure"><a name="id2569817"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 4.6. Steps to Install Printer Drivers on Windows Clients"><a name="id340259"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol class="procedure" type="1"><li class="step" title="Step 7.1"><p>
                                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>.
                                         Ensure that <span class="guimenuitem">Local printer</span> is selected.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 7.2"><p>
                                 Click <span class="guibutton">Next</span>. In the
                                 <span class="guimenuitem">Manufacturer:</span> panel, select <code class="constant">HP</code>.
                                 In the <span class="guimenuitem">Printers:</span> panel, select the printer called
                                 <code class="constant">HP LaserJet 6</code>. Click <span class="guibutton">Next</span>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 7.3"><p>
                                 In the <span class="guimenuitem">Available ports:</span> panel, select
                                 <code class="constant">FILE:</code>. Accept the default printer name by clicking
-                                <span class="guibutton">Next</span>. When asked, &#8220;<span class="quote">Would you like to print a
-                                test page?</span>&#8221;, click <span class="guimenuitem">No</span>. Click
+                                <span class="guibutton">Next</span>. When asked, <span class="quote">&#8220;<span class="quote">Would you like to print a
+                                test page?</span>&#8221;</span>, click <span class="guimenuitem">No</span>. Click
                                 <span class="guibutton">Finish</span>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 7.4"><p>
                                 You may be prompted for the name of a file to print to. If so, close the
                                 dialog panel. Right-click <span class="guiicon">HP LaserJet 6</span> &#8594; <span class="guimenuitem">Properties</span> &#8594; <span class="guisubmenu">Details (Tab)</span>+<span class="guibutton">Add Port</span>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 7.5"><p>
                                 In the <span class="guimenuitem">Network</span> panel, enter the name of
                                 the print queue on the Samba server as follows: <code class="constant">\\BLDG1\hplj6a</code>.
                                 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 7.6"><p>
                                 Repeat the printer installation steps above for both HP LaserJet 6 printers
                                 as well as for both QMS Magicolor laser printers. Remember to install all
@@ -1017 +1017 @@
                                 configuration (as well as the applications server drive mapping) to the
                                 server on the network segment on which the workstation is to be located.
-                                </p></li></ol></div></li><li><p>
+                                </p></li></ol></div></li><li class="step" title="Step 8"><p>
                 When you are satisfied that the staging systems are complete, use the appropriate procedure to
                 remove the client from the domain. Reboot the system, and then log on as the local administrator
                 and clean out all temporary files stored on the system. Before shutting down, use the disk
                 defragmentation tool so that the file system is in optimal condition before replication.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Boot the workstation using the Norton (Symantec) Ghosting disk (or CD-ROM) and image the
                 machine to a network share on the server.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 You may now replicate the image using the appropriate Norton Ghost procedure to the target
                 machines. Make sure to use the procedure that ensures each machine has a unique
                 Windows security identifier (SID). When the installation of the disk image is complete, boot the PC. 
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 Log onto the machine as the local Administrator (the only option), and join the machine to
                 the domain following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">&#8220;Joining a Domain: Windows 200x/XP Professional&#8221;</a>. You must now set the 
@@ -1035 +1035 @@
                 ready for the user to log on, provided you have created a network logon account for that 
                 user, of course.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 Instruct all users to log onto the workstation using their assigned username and password.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2570125"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id340544"></a>Key Points Learned</h3></div></div></div><p>
                 The network you have just deployed has been a valuable exercise in forced constraint.
                 You have deployed a network that works well, although you may soon start to see
                 performance problems, at which time the modifications demonstrated in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>
                 bring the network to life. The following key learning points were experienced:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         The power of using <code class="filename">smb.conf</code> include files
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Use of a single PDC over a routed network
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Joining a Samba-3 domain member server to a Samba-3 domain
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Configuration of winbind to use domain users and groups for Samba access
                         to resources on the domain member servers
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The introduction of roaming profiles
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2570184"></a>Questions and Answers</h2></div></div></div><p>
-        </p><div class="qandaset"><dl><dt> <a href="Big500users.html#id2570200">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id340597"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id340606"></a><dl><dt> <a href="Big500users.html#id340612">
                 The example smb.conf files in this chapter make use of the include facility.
                 How may I get to see what the actual working smb.conf settings are?
-                </a></dt><dt> <a href="Big500users.html#id2570249">
+                </a></dt><dt> <a href="Big500users.html#id340660">
                 Why does the include file common.conf have an empty include statement?
-                </a></dt><dt> <a href="Big500users.html#id2570311">
+                </a></dt><dt> <a href="Big500users.html#id340716">
                 I accept that the simplest configuration necessary to do the job is the best. The use of tdbsam
                 passdb backend is much simpler than having to manage an LDAP-based ldapsam passdb backend.
                 I tried using rsync to replicate the passdb.tdb, and it seems to work fine!
                 So what is the problem?
-                </a></dt><dt> <a href="Big500users.html#id2570366">
+                </a></dt><dt> <a href="Big500users.html#id340766">
                 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash?
-                </a></dt><dt> <a href="Big500users.html#id2570396">
+                </a></dt><dt> <a href="Big500users.html#id340791">
                 How does the Windows client find the PDC?
-                </a></dt><dt> <a href="Big500users.html#id2570419">
+                </a></dt><dt> <a href="Big500users.html#id340811">
                 Why did you enable IP forwarding (routing) only on the server called MASSIVE?
-                </a></dt><dt> <a href="Big500users.html#id2570450">
+                </a></dt><dt> <a href="Big500users.html#id340838">
                 You did nothing special to implement roaming profiles. Why?
-                </a></dt><dt> <a href="Big500users.html#id2570469">
+                </a></dt><dt> <a href="Big500users.html#id340856">
                 On the domain member computers, you configured winbind in the /etc/nsswitch.conf file.
                 You did not configure any PAM settings. Is this an omission?
-                </a></dt><dt> <a href="Big500users.html#id2570501">
+                </a></dt><dt> <a href="Big500users.html#id340883">
                 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this?
-                </a></dt><dt> <a href="Big500users.html#id2570543">
+                </a></dt><dt> <a href="Big500users.html#id340920">
                 The domain controller has an auto-shutdown script. Isn't that dangerous?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2570200"></a><a name="id2570202"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id340612"></a><a name="id340615"></a></td><td align="left" valign="top"><p>
                 The example <code class="filename">smb.conf</code> files in this chapter make use of the <em class="parameter"><code>include</code></em> facility.
                 How may I get to see what the actual working <code class="filename">smb.conf</code> settings are?
@@ -1087 +1087 @@
 <code class="prompt">root# </code> testparm -s | less
 </pre><p>
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570249"></a><a name="id2570251"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340660"></a><a name="id340662"></a></td><td align="left" valign="top"><p>
                 Why does the include file <code class="filename">common.conf</code> have an empty include statement?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1100 +1100 @@
                 the include in place, even though the file it points to has already been included. This is a bug
                 that will be fixed at a future date.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570311"></a><a name="id2570313"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340716"></a><a name="id340718"></a></td><td align="left" valign="top"><p>
                 I accept that the simplest configuration necessary to do the job is the best. The use of <em class="parameter"><code>tdbsam</code></em>
                 passdb backend is much simpler than having to manage an LDAP-based <em class="parameter"><code>ldapsam</code></em> passdb backend.
@@ -1110 +1110 @@
                 to log onto the network following a reboot and may have to rejoin the domain to recover network
                 access capability.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570366"></a><a name="id2570368"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340766"></a><a name="id340769"></a></td><td align="left" valign="top"><p>
                 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1119 +1119 @@
                 The only exception to this rule is when the client makes a directed request from a specific DHCP server
                 for renewal of the lease it has. This means that under normal circumstances there is no risk of a clash.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570396"></a><a name="id2570398"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340791"></a><a name="id340794"></a></td><td align="left" valign="top"><p>
                 How does the Windows client find the PDC?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1126 +1126 @@
                 to register itself with the WINS server and to obtain enumeration of vital network information to 
                 enable it to operate successfully.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570419"></a><a name="id2570421"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340811"></a><a name="id340813"></a></td><td align="left" valign="top"><p>
                 Why did you enable IP forwarding (routing) only on the server called <code class="constant">MASSIVE</code>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1133 +1133 @@
                 Route table entries are needed to direct MASSIVE to send all traffic intended for the remote network
                 segments to the router that is its gateway to them.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570450"></a><a name="id2570452"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340838"></a><a name="id340840"></a></td><td align="left" valign="top"><p>
                 You did nothing special to implement roaming profiles. Why?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 Unless configured to do otherwise, the default behavior with Samba-3 and Windows XP Professional
                 clients is to use roaming profiles.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570469"></a><a name="id2570471"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340856"></a><a name="id340858"></a></td><td align="left" valign="top"><p>
                 On the domain member computers, you configured winbind in the <code class="filename">/etc/nsswitch.conf</code> file.
                 You did not configure any PAM settings. Is this an omission?
@@ -1147 +1147 @@
                 to enable the use of winbind. Samba makes use only of the identity resolution facilities of the name
                 service switch (NSS).
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570501"></a><a name="id2570503"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340883"></a><a name="id340885"></a></td><td align="left" valign="top"><p>
                 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1156 +1156 @@
                 file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to 
                 handle this functionality gracefully.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570543"></a><a name="id2570545"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340920"></a><a name="id340922"></a></td><td align="left" valign="top"><p>
                 The domain controller has an auto-shutdown script. Isn't that dangerous?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>

trunk/server/docs/htmldocs/Samba3-ByExample/DMSMig.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Domain Members, Updating Samba and Migration</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"><link rel="next" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Domain Members, Updating Samba and Migration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="DMSMig"></a>Part II. Domain Members, Updating Samba and Migration</h1></div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2589087"></a>Domain Members, Updating Samba and Migration</h1></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Domain Members, Updating Samba and Migration</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"><link rel="next" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Domain Members, Updating Samba and Migration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr></table><hr></div><div class="part" title="Part II. Domain Members, Updating Samba and Migration"><div class="titlepage"><div><div><h1 class="title"><a name="DMSMig"></a>Part II. Domain Members, Updating Samba and Migration</h1></div></div></div><div class="partintro" title="Domain Members, Updating Samba and Migration"><div><div><div><h1 class="title"><a name="id357819"></a>Domain Members, Updating Samba and Migration</h1></div></div></div><p>
 This section <span class="emphasis"><em>Samba-3 by Example</em></span> covers two main topics: How to add
 Samba Domain Member Servers and Samba Domain Member Clients to a Samba domain, the other
@@ -8 +8 @@
 to a Samba or a Windows networking domain may also benefit by referring to the book
 <span class="emphasis"><em>The Official Samba-3 HOWTO and Reference Guide.</em></span>
-</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id2589228">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id2589282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2589317">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id2589345">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2589994">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2590094">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2596918">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2596972">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id2598125">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2598221">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2599550">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600245">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2600542">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600746">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2601160">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id2601332">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2601417">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2601472">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2601658">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2601981">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2602007">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2605013">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2605051">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id2606026">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606137">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606228">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606305">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606495">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606504">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 6. A Distributed 2000-User Network </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Adding Domain Member Servers and Clients</td></tr></table></div></body></html>
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id357946">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id357994">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358022">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id358046">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id358646">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358731">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id365002">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id365047">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id366117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id368988">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369064">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369115">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369276">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id369580">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369600">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id372263">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id372297">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id373183">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373359">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373431">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373599">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373608">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 6. A Distributed 2000-User Network </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Adding Domain Member Servers and Clients</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/DomApps.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Integrating Additional Services</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"><link rel="next" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Integrating Additional Services</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="kerberos.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="HA.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="DomApps"></a>Chapter 12. Integrating Additional Services</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DomApps.html#id2616020">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id2616051">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2616160">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id2616193">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id2616349">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2616373">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id2618225">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2618286">Questions and Answers</a></span></dt></dl></div><p>
-        <a class="indexterm" name="id2615971"></a>
-        <a class="indexterm" name="id2615977"></a>
-        <a class="indexterm" name="id2615984"></a>
-        <a class="indexterm" name="id2615991"></a>
-        <a class="indexterm" name="id2615998"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Integrating Additional Services</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"><link rel="next" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Integrating Additional Services</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="kerberos.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="HA.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 12. Integrating Additional Services"><div class="titlepage"><div><div><h2 class="title"><a name="DomApps"></a>Chapter 12. Integrating Additional Services</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DomApps.html#id382225">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382248">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382338">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382367">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382513">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382530">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id384281">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id384336">Questions and Answers</a></span></dt></dl></div><p>
+        <a class="indexterm" name="id382181"></a>
+        <a class="indexterm" name="id382187"></a>
+        <a class="indexterm" name="id382194"></a>
+        <a class="indexterm" name="id382201"></a>
+        <a class="indexterm" name="id382208"></a>
         You've come a long way now. You have pretty much mastered Samba-3 for 
         most uses it can be put to. Up until now, you have cast Samba-3 in the leading 
@@ -15 +15 @@
         the latest Windows authentication technologies. Let's get started  this is 
         leading edge.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2616020"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382225"></a>Introduction</h2></div></div></div><p>
         Abmas has continued its miraculous growth; indeed, nothing seems to be able 
         to stop its diversification into multiple (and seemingly unrelated) fields. 
@@ -31 +31 @@
         gradually, taking over key services and easing the way to a full migration and, 
         therefore, integration into Abmas's existing business later.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2616051"></a>Assignment Tasks</h3></div></div></div><p>
-                <a class="indexterm" name="id2616059"></a>
-                <a class="indexterm" name="id2616068"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id382248"></a>Assignment Tasks</h3></div></div></div><p>
+                <a class="indexterm" name="id382256"></a>
+                <a class="indexterm" name="id382264"></a>
                 You've promised the skeptical Abmas Snack Foods management team 
                 that you can show them how Samba can ease itself and other Open Source 
@@ -40 +40 @@
                 acquisition). You have chosen Web proxying and caching as your proving ground.
                 </p><p>
-                <a class="indexterm" name="id2616086"></a>
-                <a class="indexterm" name="id2616093"></a>
+                <a class="indexterm" name="id382279"></a>
+                <a class="indexterm" name="id382286"></a>
                 Abmas Snack Foods has several thousand users housed at its head office 
                 and multiple regional offices, plants, and warehouses. A high proportion of 
@@ -51 +51 @@
                 the earliest commercial users of Microsoft ISA.
                 </p><p>
-                <a class="indexterm" name="id2616114"></a>
-                <a class="indexterm" name="id2616121"></a>
-                <a class="indexterm" name="id2616128"></a>
+                <a class="indexterm" name="id382301"></a>
+                <a class="indexterm" name="id382308"></a>
+                <a class="indexterm" name="id382315"></a>
                 The team is not happy with ISA. Because it never lived up to its marketing promises, 
                 it underperformed and had reliability problems. You have pounced on the opportunity 
@@ -64 +64 @@
                 This is a hands-on exercise. You build software applications so
                 that you obtain the functionality Abmas needs.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2616160"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382338"></a>Dissection and Discussion</h2></div></div></div><p>
         The key requirements in this business example are straightforward. You are not required 
         to do anything new, just to replicate an existing system, not lose any existing features, 
         and improve performance. The key points are:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Internet access for most employees
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Distributed system to accommodate load and geographical distribution of users
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Seamless and transparent interoperability with the existing Active Directory domain
-                </p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2616193"></a>Technical Issues</h3></div></div></div><p>
-                <a class="indexterm" name="id2616201"></a>
-                <a class="indexterm" name="id2616208"></a>
-                <a class="indexterm" name="id2616215"></a>
-                <a class="indexterm" name="id2616221"></a>
-                <a class="indexterm" name="id2616228"></a>
-                <a class="indexterm" name="id2616235"></a>
-                <a class="indexterm" name="id2616242"></a>
-                <a class="indexterm" name="id2616249"></a>
-                <a class="indexterm" name="id2616256"></a>
-                <a class="indexterm" name="id2616263"></a>
-                <a class="indexterm" name="id2616270"></a>
-                <a class="indexterm" name="id2616277"></a>
-                <a class="indexterm" name="id2616286"></a><a class="indexterm" name="id2616292"></a>
+                </p></li></ul></div><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id382367"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id382375"></a>
+                <a class="indexterm" name="id382381"></a>
+                <a class="indexterm" name="id382388"></a>
+                <a class="indexterm" name="id382395"></a>
+                <a class="indexterm" name="id382402"></a>
+                <a class="indexterm" name="id382409"></a>
+                <a class="indexterm" name="id382415"></a>
+                <a class="indexterm" name="id382422"></a>
+                <a class="indexterm" name="id382429"></a>
+                <a class="indexterm" name="id382436"></a>
+                <a class="indexterm" name="id382443"></a>
+                <a class="indexterm" name="id382450"></a>
+                <a class="indexterm" name="id382459"></a><a class="indexterm" name="id382464"></a>
                 Functionally, the user's Internet Explorer requests a browsing session with the 
                 Squid proxy, for which it offers its AD authentication token. Squid hands off 
@@ -100 +100 @@
                 </p><p>
                 Enabling this consists of:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         Preparing the necessary environment using preconfigured packages
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Setting up raw Kerberos authentication against the Active Directory domain
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Configuring, compiling, and then installing the supporting Samba-3 components
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Tying it all together
-                        </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2616349"></a>Political Issues</h3></div></div></div><p>
+                        </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id382513"></a>Political Issues</h3></div></div></div><p>
                 You are a stranger in a strange land, and all eyes are upon you. Some would even like to see 
                 you fail. For you to gain the trust of your newly acquired IT people, it is essential that your 
@@ -114 +114 @@
                 will the entrenched positions consider taking up your new way of doing things on a 
                 wider scale.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2616373"></a>Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id2616381"></a>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382530"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id382538"></a>
         First, your system needs to be prepared and in a known good state to proceed. This consists 
         of making sure that everything the system depends on is present and that everything that could 
@@ -122 +122 @@
         they must be removed.
         </p><p>
-        <a class="indexterm" name="id2616398"></a>
+        <a class="indexterm" name="id382552"></a>
         The following packages should be available on your Red Hat Linux system:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2616413"></a>
-                <a class="indexterm" name="id2616420"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id382566"></a>
+                <a class="indexterm" name="id382572"></a>
                 krb5-libs
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 krb5-devel
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 krb5-workstation
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 krb5-server
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 pam_krb5
                 </p></li></ul></div><p>
-        <a class="indexterm" name="id2616450"></a>
+        <a class="indexterm" name="id382602"></a>
         In the case of SUSE Linux, these packages are called:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 heimdal-lib
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 heimdal-devel
-                </p></li><li><p>
-                <a class="indexterm" name="id2616475"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id382625"></a>
                 heimdal
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 pam_krb5
                 </p></li></ul></div><p>
@@ -152 +152 @@
         them from the vendor's installation media. Follow the administrative guide
         for your Linux system to ensure that the packages are correctly updated.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2616500"></a>
-        <a class="indexterm" name="id2616507"></a>
-        <a class="indexterm" name="id2616514"></a>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id382648"></a>
+        <a class="indexterm" name="id382655"></a>
+        <a class="indexterm" name="id382662"></a>
         If the requirement is for interoperation with MS Windows Server 2003, it
         will be necessary to ensure that you are using MIT Kerberos version 1.3.1
@@ -161 +161 @@
         updating.
         </p><p>
-        <a class="indexterm" name="id2616528"></a>
-        <a class="indexterm" name="id2616534"></a>
+        <a class="indexterm" name="id382673"></a>
+        <a class="indexterm" name="id382680"></a>
         Heimdal 0.6 or later is required in the case of SUSE Linux. SUSE Enterprise
         Linux Server 8 ships with Heimdal 0.4. SUSE 9 ships with the necessary version.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch10-one"></a>Removal of Pre-Existing Conflicting RPMs</h3></div></div></div><p>
-        <a class="indexterm" name="id2616557"></a>
+        </p></div><div class="sect2" title="Removal of Pre-Existing Conflicting RPMs"><div class="titlepage"><div><div><h3 class="title"><a name="ch10-one"></a>Removal of Pre-Existing Conflicting RPMs</h3></div></div></div><p>
+        <a class="indexterm" name="id382701"></a>
         If Samba and/or Squid RPMs are installed, they should be updated. You can 
         build both from source.
         </p><p>
-        <a class="indexterm" name="id2616569"></a>
-        <a class="indexterm" name="id2616576"></a>
-        <a class="indexterm" name="id2616582"></a>
+        <a class="indexterm" name="id382712"></a>
+        <a class="indexterm" name="id382719"></a>
+        <a class="indexterm" name="id382725"></a>
         Locating the packages to be un-installed can be achieved by running:
 </p><pre class="screen">
@@ -182 +182 @@
 <code class="prompt">root# </code> rpm -e samba-common
 </pre><p>
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2616622"></a>Kerberos Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2616630"></a>
-        <a class="indexterm" name="id2616637"></a>
-        <a class="indexterm" name="id2616647"></a>
-        <a class="indexterm" name="id2616653"></a>
+        </p><div class="sect2" title="Kerberos Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id382764"></a>Kerberos Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id382771"></a>
+        <a class="indexterm" name="id382778"></a>
+        <a class="indexterm" name="id382787"></a>
+        <a class="indexterm" name="id382794"></a>
         The systems Kerberos installation must be configured to communicate with 
         your primary Active Directory server (ADS KDC).
@@ -194 +194 @@
         unless you are using Windows 2003 servers.
         </p><p>
-        <a class="indexterm" name="id2616672"></a>
-        <a class="indexterm" name="id2616679"></a>
-        <a class="indexterm" name="id2616686"></a>
-        <a class="indexterm" name="id2616692"></a>
-        <a class="indexterm" name="id2616699"></a>
-        <a class="indexterm" name="id2616708"></a>
-        <a class="indexterm" name="id2616715"></a>
+        <a class="indexterm" name="id382810"></a>
+        <a class="indexterm" name="id382817"></a>
+        <a class="indexterm" name="id382824"></a>
+        <a class="indexterm" name="id382830"></a>
+        <a class="indexterm" name="id382837"></a>
+        <a class="indexterm" name="id382846"></a>
+        <a class="indexterm" name="id382853"></a>
         Officially, neither MIT (1.3.4) nor Heimdal (0.63) Kerberos needs an <code class="filename">/etc/krb5.conf</code> 
         file in order to work correctly. All ADS domains automatically create SRV records in the 
@@ -208 +208 @@
         specifying only a single KDC, even if there is more than one. Using the DNS lookup 
         allows the KRB5 libraries to use whichever KDCs are available.
-        </p><div class="procedure"><a name="id2616749"></a><p class="title"><b>Procedure 12.1. Kerberos Configuration Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2616760"></a>
+        </p><div class="procedure" title="Procedure 12.1. Kerberos Configuration Steps"><a name="id382882"></a><p class="title"><b>Procedure 12.1. Kerberos Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id382893"></a>
                 If you find the need to manually configure the <code class="filename">krb5.conf</code>, you should edit it
                 to have the contents shown in <a class="link" href="DomApps.html#ch10-krb5conf" title="Example 12.1. Kerberos Configuration File: /etc/krb5.conf">&#8220;Kerberos Configuration  File: /etc/krb5.conf&#8221;</a>. The final fully qualified path for this file 
                 should be <code class="filename">/etc/krb5.conf</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2616795"></a>
-                <a class="indexterm" name="id2616802"></a>
-                <a class="indexterm" name="id2616809"></a>
-                <a class="indexterm" name="id2616816"></a>
-                <a class="indexterm" name="id2616822"></a>
-                <a class="indexterm" name="id2616829"></a>
-                <a class="indexterm" name="id2616836"></a>
-                <a class="indexterm" name="id2616843"></a>
-                <a class="indexterm" name="id2616850"></a>
-                <a class="indexterm" name="id2616859"></a>
-                <a class="indexterm" name="id2616866"></a>
-                <a class="indexterm" name="id2616873"></a>
-                <a class="indexterm" name="id2616880"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id382926"></a>
+                <a class="indexterm" name="id382933"></a>
+                <a class="indexterm" name="id382940"></a>
+                <a class="indexterm" name="id382947"></a>
+                <a class="indexterm" name="id382953"></a>
+                <a class="indexterm" name="id382960"></a>
+                <a class="indexterm" name="id382967"></a>
+                <a class="indexterm" name="id382974"></a>
+                <a class="indexterm" name="id382981"></a>
+                <a class="indexterm" name="id382990"></a>
+                <a class="indexterm" name="id382996"></a>
+                <a class="indexterm" name="id383003"></a>
+                <a class="indexterm" name="id383010"></a>
                 The following gotchas often catch people out. Kerberos is case sensitive. Your realm must
-                be in UPPERCASE, or you will get an error: &#8220;<span class="quote">Cannot find KDC for requested realm while getting
-                initial credentials</span>&#8221;.  Kerberos is picky about time synchronization. The time
+                be in UPPERCASE, or you will get an error: <span class="quote">&#8220;<span class="quote">Cannot find KDC for requested realm while getting
+                initial credentials</span>&#8221;</span>.  Kerberos is picky about time synchronization. The time
                 according to your participating servers must be within 5 minutes or you get an error:
-                &#8220;<span class="quote">kinit(v5): Clock skew too great while getting initial credentials</span>&#8221;.
+                <span class="quote">&#8220;<span class="quote">kinit(v5): Clock skew too great while getting initial credentials</span>&#8221;</span>.
                 Clock skew limits are, in fact, configurable in the Kerberos protocols (the default is
                 5 minutes). A better solution is to implement NTP throughout your server network.
@@ -241 +241 @@
                 NetBIOS name. If Kerberos cannot do this reverse lookup, you will get a local error
                 when you try to join the realm.
-                </p></li><li><p>
-                <a class="indexterm" name="id2616924"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id383045"></a>
                 You are now ready to test your installation by issuing the command:
 </p><pre class="screen">
@@ -262 +262 @@
         kdc = w2k3s.london.abmas.biz
         }
-</pre></div></div><br class="example-break"><p><a class="indexterm" name="id2616989"></a>
+</pre></div></div><br class="example-break"><p><a class="indexterm" name="id383105"></a>
         The command
 </p><pre class="screen">
@@ -268 +268 @@
 </pre><p>
         shows the Kerberos tickets cached by the system.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2617012"></a>Samba Configuration</h4></div></div></div><p>
-        <a class="indexterm" name="id2617020"></a>
+        </p><div class="sect3" title="Samba Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id383127"></a>Samba Configuration</h4></div></div></div><p>
+        <a class="indexterm" name="id383135"></a>
         Samba must be configured to correctly use Active Directory. Samba-3 must be used, since it 
         has the necessary components to interface with Active Directory.
-        </p><div class="procedure"><a name="id2617030"></a><p class="title"><b>Procedure 12.2. Securing Samba-3 With ADS Support Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2617042"></a>
-                <a class="indexterm" name="id2617049"></a>
-                <a class="indexterm" name="id2617056"></a>
-                <a class="indexterm" name="id2617063"></a>
-                <a class="indexterm" name="id2617070"></a>
+        </p><div class="procedure" title="Procedure 12.2. Securing Samba-3 With ADS Support Steps"><a name="id383144"></a><p class="title"><b>Procedure 12.2. Securing Samba-3 With ADS Support Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id383156"></a>
+                <a class="indexterm" name="id383162"></a>
+                <a class="indexterm" name="id383169"></a>
+                <a class="indexterm" name="id383176"></a>
+                <a class="indexterm" name="id383183"></a>
                 Download the latest stable Samba-3 for Red Hat Linux from the official Samba Team
                 <a class="ulink" href="http://ftp.samba.org" target="_top">FTP site.</a> The official Samba Team
@@ -283 +283 @@
                 needed, and are linked against MIT KRB5 version 1.3.1 and therefore are ready for use.
                 </p><p>
-                <a class="indexterm" name="id2617096"></a>
-                <a class="indexterm" name="id2617103"></a>
+                <a class="indexterm" name="id383207"></a>
+                <a class="indexterm" name="id383213"></a>
                 The necessary, validated RPM packages for SUSE Linux may be obtained from
                 the <a class="ulink" href="ftp://ftp.sernet.de/pub/samba" target="_top">SerNet</a> FTP site that
@@ -290 +290 @@
                 <code class="literal">ntlm_auth</code> tool, and are statically linked 
                 against suitably patched Heimdal 0.6 libraries.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Using your favorite editor, change the <code class="filename">/etc/samba/smb.conf</code>
                 file so it has contents similar to the example shown in <a class="link" href="DomApps.html#ch10-smbconf" title="Example 12.2. Samba Configuration File: /etc/samba/smb.conf">&#8220;Samba Configuration  File: /etc/samba/smb.conf&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2617154"></a>
-                <a class="indexterm" name="id2617161"></a>
-                <a class="indexterm" name="id2617168"></a>i
-                <a class="indexterm" name="id2617179"></a>
-                <a class="indexterm" name="id2617186"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id383261"></a>
+                <a class="indexterm" name="id383268"></a>
+                <a class="indexterm" name="id383274"></a>i
+                <a class="indexterm" name="id383286"></a>
+                <a class="indexterm" name="id383293"></a>
                 Next you need to create a computer account in the Active Directory. 
                 This sets up the trust relationship needed for other clients to 
                 authenticate to the Samba server with an Active Directory Kerberos ticket. 
-                This is done with the &#8220;<span class="quote">net ads join -U [Administrator%Password]</span>&#8221;
+                This is done with the <span class="quote">&#8220;<span class="quote">net ads join -U [Administrator%Password]</span>&#8221;</span>
                 command, as follows:
 </p><pre class="screen">
 <code class="prompt">root# </code> net ads join -U administrator%vulcon
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2617220"></a>
-                <a class="indexterm" name="id2617227"></a>
-                <a class="indexterm" name="id2617234"></a>
-                <a class="indexterm" name="id2617240"></a>
-                <a class="indexterm" name="id2617247"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id383324"></a>
+                <a class="indexterm" name="id383331"></a>
+                <a class="indexterm" name="id383337"></a>
+                <a class="indexterm" name="id383344"></a>
+                <a class="indexterm" name="id383351"></a>
                 Your new Samba binaries must be started in the standard manner as is applicable
                 to the platform you are running on. Alternatively, start your Active Directory-enabled Samba with the following commands:
@@ -320 +320 @@
 <code class="prompt">root# </code> winbindd -D
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2617288"></a>
-                <a class="indexterm" name="id2617295"></a>
-                <a class="indexterm" name="id2617304"></a>
-                <a class="indexterm" name="id2617311"></a>
-                <a class="indexterm" name="id2617318"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id383390"></a>
+                <a class="indexterm" name="id383396"></a>
+                <a class="indexterm" name="id383406"></a>
+                <a class="indexterm" name="id383412"></a>
+                <a class="indexterm" name="id383419"></a>
                 We now need to test that Samba is communicating with the Active 
                 Directory domain; most specifically, we want to see whether winbind 
@@ -357 +357 @@
 </pre><p>
                 This enumerates all the groups in your Active Directory tree.
-                </p></li><li><p>
-                <a class="indexterm" name="id2617382"></a>
-                <a class="indexterm" name="id2617389"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id383476"></a>
+                <a class="indexterm" name="id383483"></a>
                 Squid uses the <code class="literal">ntlm_auth</code> helper build with Samba-3.
                 You may test <code class="literal">ntlm_auth</code> with the command:
@@ -370 +370 @@
 <code class="prompt">root# </code> NT_STATUS_OK: Success (0x0)
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2617441"></a>
-                <a class="indexterm" name="id2617448"></a>
-                <a class="indexterm" name="id2617455"></a>
-                <a class="indexterm" name="id2617462"></a>
-                <a class="indexterm" name="id2617468"></a>
-                <a class="indexterm" name="id2617475"></a>
-                <a class="indexterm" name="id2617482"></a>
-                <a class="indexterm" name="id2617489"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id383533"></a>
+                <a class="indexterm" name="id383540"></a>
+                <a class="indexterm" name="id383547"></a>
+                <a class="indexterm" name="id383553"></a>
+                <a class="indexterm" name="id383560"></a>
+                <a class="indexterm" name="id383567"></a>
+                <a class="indexterm" name="id383574"></a>
+                <a class="indexterm" name="id383581"></a>
                 The <code class="literal">ntlm_auth</code> helper, when run from a command line as the user 
-                &#8220;<span class="quote">root</span>&#8221;, authenticates against your Active Directory domain (with 
+                <span class="quote">&#8220;<span class="quote">root</span>&#8221;</span>, authenticates against your Active Directory domain (with 
                 the aid of winbind). It manages this by reading from the winbind privileged pipe. 
-                Squid is running with the permissions of user &#8220;<span class="quote">squid</span>&#8221; and group 
-                &#8220;<span class="quote">squid</span>&#8221; and is not able to do this unless we make a vital change. 
+                Squid is running with the permissions of user <span class="quote">&#8220;<span class="quote">squid</span>&#8221;</span> and group 
+                <span class="quote">&#8220;<span class="quote">squid</span>&#8221;</span> and is not able to do this unless we make a vital change. 
                 Squid cannot read from the winbind privilege pipe unless you change the 
                 permissions of its directory. This is the single biggest cause of failure in the 
@@ -396 +396 @@
 <code class="prompt">root# </code> chmod 750 /var/lib/samba/winbindd_privileged
 </pre><p>
-                </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2617564"></a>NSS Configuration</h4></div></div></div><p>
-        <a class="indexterm" name="id2617572"></a>
-        <a class="indexterm" name="id2617578"></a>
-        <a class="indexterm" name="id2617585"></a>
+                </p></li></ol></div></div><div class="sect3" title="NSS Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id383649"></a>NSS Configuration</h4></div></div></div><p>
+        <a class="indexterm" name="id383656"></a>
+        <a class="indexterm" name="id383663"></a>
+        <a class="indexterm" name="id383670"></a>
         For Squid to benefit from Samba-3, NSS must be updated to allow winbind as a valid route to user authentication.
         </p><p>
         Edit your <code class="filename">/etc/nsswitch.conf</code> file so it has the parameters shown
         in <a class="link" href="DomApps.html#ch10-etcnsscfg" title="Example 12.3. NSS Configuration File Extract File: /etc/nsswitch.conf">&#8220;NSS Configuration File Extract  File: /etc/nsswitch.conf&#8221;</a>.
-        </p><div class="example"><a name="ch10-smbconf"></a><p class="title"><b>Example 12.2. Samba Configuration  File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2617643"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id2617655"></a><em class="parameter"><code>netbios name = W2K3S</code></em></td></tr><tr><td><a class="indexterm" name="id2617667"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id2617679"></a><em class="parameter"><code>security = ads</code></em></td></tr><tr><td><a class="indexterm" name="id2617690"></a><em class="parameter"><code>encrypt passwords = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2617702"></a><em class="parameter"><code>password server = w2k3s.london.abmas.biz</code></em></td></tr><tr><td># separate domain and username with '/', like DOMAIN/username</td></tr><tr><td><a class="indexterm" name="id2617719"></a><em class="parameter"><code>winbind separator = /</code></em></td></tr><tr><td># use UIDs from 10000 to 20000 for domain users</td></tr><tr><td><a class="indexterm" name="id2617735"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td># use GIDs from 10000 to 20000 for domain groups</td></tr><tr><td><a class="indexterm" name="id2617750"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td># allow enumeration of winbind users and groups</td></tr><tr><td><a class="indexterm" name="id2617766"></a><em class="parameter"><code>winbind enum users = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2617778"></a><em class="parameter"><code>winbind enum groups = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2617790"></a><em class="parameter"><code>winbind user default domain = yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch10-etcnsscfg"></a><p class="title"><b>Example 12.3. NSS Configuration File Extract  File: <code class="filename">/etc/nsswitch.conf</code></b></p><div class="example-contents"><pre class="screen">
+        </p><div class="example"><a name="ch10-smbconf"></a><p class="title"><b>Example 12.2. Samba Configuration  File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id383726"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id383737"></a><em class="parameter"><code>netbios name = W2K3S</code></em></td></tr><tr><td><a class="indexterm" name="id383749"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id383760"></a><em class="parameter"><code>security = ads</code></em></td></tr><tr><td><a class="indexterm" name="id383772"></a><em class="parameter"><code>encrypt passwords = yes</code></em></td></tr><tr><td><a class="indexterm" name="id383783"></a><em class="parameter"><code>password server = w2k3s.london.abmas.biz</code></em></td></tr><tr><td># separate domain and username with '/', like DOMAIN/username</td></tr><tr><td><a class="indexterm" name="id383799"></a><em class="parameter"><code>winbind separator = /</code></em></td></tr><tr><td># use UIDs from 10000 to 20000 for domain users</td></tr><tr><td><a class="indexterm" name="id383814"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td># use GIDs from 10000 to 20000 for domain groups</td></tr><tr><td><a class="indexterm" name="id383829"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td># allow enumeration of winbind users and groups</td></tr><tr><td><a class="indexterm" name="id383844"></a><em class="parameter"><code>winbind enum users = yes</code></em></td></tr><tr><td><a class="indexterm" name="id383856"></a><em class="parameter"><code>winbind enum groups = yes</code></em></td></tr><tr><td><a class="indexterm" name="id383868"></a><em class="parameter"><code>winbind user default domain = yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch10-etcnsscfg"></a><p class="title"><b>Example 12.3. NSS Configuration File Extract  File: <code class="filename">/etc/nsswitch.conf</code></b></p><div class="example-contents"><pre class="screen">
 passwd: files winbind
 shadow: files
 group: files winbind
-</pre></div></div><br class="example-break"></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2617829"></a>Squid Configuration</h4></div></div></div><p>
-        <a class="indexterm" name="id2617837"></a>
-        <a class="indexterm" name="id2617844"></a>
+</pre></div></div><br class="example-break"></div><div class="sect3" title="Squid Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id383905"></a>Squid Configuration</h4></div></div></div><p>
+        <a class="indexterm" name="id383913"></a>
+        <a class="indexterm" name="id383920"></a>
         Squid must be configured correctly to interact with the Samba-3 
         components that handle Active Directory authentication.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2617859"></a>Configuration</h3></div></div></div></div><div class="procedure"><a name="id2617864"></a><p class="title"><b>Procedure 12.3. Squid Configuration Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2617876"></a>
-                <a class="indexterm" name="id2617882"></a>
-                <a class="indexterm" name="id2617890"></a>
+        </p></div></div><div class="sect2" title="Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id383934"></a>Configuration</h3></div></div></div></div><div class="procedure" title="Procedure 12.3. Squid Configuration Steps"><a name="id383939"></a><p class="title"><b>Procedure 12.3. Squid Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id383950"></a>
+                <a class="indexterm" name="id383957"></a>
+                <a class="indexterm" name="id383965"></a>
                 If your Linux distribution is SUSE Linux 9, the version of Squid 
                 supplied is already enabled to use the winbind helper agent. You
                 can therefore omit the steps that would build the Squid binary
                 programs.
-                </p></li><li><p>
-                <a class="indexterm" name="id2617908"></a>
-                <a class="indexterm" name="id2617914"></a>
-                <a class="indexterm" name="id2617921"></a>
-                <a class="indexterm" name="id2617928"></a>
-                <a class="indexterm" name="id2617935"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id383980"></a>
+                <a class="indexterm" name="id383987"></a>
+                <a class="indexterm" name="id383994"></a>
+                <a class="indexterm" name="id384001"></a>
+                <a class="indexterm" name="id384007"></a>
                 Squid, by default, runs as the user <code class="constant">nobody</code>. You need to 
                 add a system user <code class="constant">squid</code> and a system group 
@@ -433 +433 @@
                 <code class="constant">squid</code> user in <code class="filename">/etc/passwd</code> 
                 and a <code class="constant">squid</code> group in <code class="filename">/etc/group</code> if these aren't there already.
-                </p></li><li><p>
-                <a class="indexterm" name="id2617982"></a>
-                <a class="indexterm" name="id2617989"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id384053"></a>
+                <a class="indexterm" name="id384060"></a>
                 You now need to change the permissions on Squid's <code class="constant">var</code>
                 directory.  Enter the following command:
@@ -441 +441 @@
 <code class="prompt">root# </code> chown -R squid /var/cache/squid
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2618020"></a>
-                <a class="indexterm" name="id2618027"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id384089"></a>
+                <a class="indexterm" name="id384096"></a>
                 Squid must also have control over its logging. Enter the following commands:
 </p><pre class="screen">
@@ -449 +449 @@
 <code class="prompt">root# </code> chmod 770 /var/log/squid
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Finally, Squid must be able to write to its disk cache!
                 Enter the following commands:
@@ -456 +456 @@
 <code class="prompt">root# </code> chmod 770 /var/cache/squid
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2618087"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id384153"></a>
                 The <code class="filename">/etc/squid/squid.conf</code> file must be edited to include the lines from 
                 <a class="link" href="DomApps.html#etcsquidcfg" title="Example 12.4. Squid Configuration File Extract /etc/squid.conf [ADMINISTRATIVE PARAMETERS Section]">&#8220;Squid Configuration File Extract  /etc/squid.conf [ADMINISTRATIVE PARAMETERS Section]&#8221;</a> and <a class="link" href="DomApps.html#etcsquid2" title="Example 12.5. Squid Configuration File extract File: /etc/squid.conf [AUTHENTICATION PARAMETERS Section]">&#8220;Squid Configuration File extract  File: /etc/squid.conf [AUTHENTICATION PARAMETERS Section]&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2618121"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id384186"></a>
                 You must create Squid's cache directories before it may be run.  Enter the following command: 
 </p><pre class="screen">
 <code class="prompt">root# </code> squid -z
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Finally, start Squid and enjoy transparent Active Directory authentication.
                 Enter the following command:
@@ -488 +488 @@
         acl AuthorizedUsers proxy_auth REQUIRED
         http_access allow all AuthorizedUsers
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2618225"></a>Key Points Learned</h3></div></div></div><p>
-                <a class="indexterm" name="id2618233"></a>
-                <a class="indexterm" name="id2618240"></a>
-                <a class="indexterm" name="id2618247"></a>
-                <a class="indexterm" name="id2618254"></a>
-                <a class="indexterm" name="id2618266"></a>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id384281"></a>Key Points Learned</h3></div></div></div><p>
+                <a class="indexterm" name="id384289"></a>
+                <a class="indexterm" name="id384296"></a>
+                <a class="indexterm" name="id384303"></a>
+                <a class="indexterm" name="id384310"></a>
+                <a class="indexterm" name="id384321"></a>
                 Microsoft Windows networking protocols permeate the spectrum of technologies that Microsoft
                 Windows clients use, even when accessing traditional services such as Web browsers. Depending 
@@ -500 +500 @@
                 the cookie-based authentication regime used by all competing browsers. It is Samba's implementation
                 of NTLMSSP that makes it attractive to implement the solution that has been demonstrated in this chapter.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2618286"></a>Questions and Answers</h2></div></div></div><p>
-        <a class="indexterm" name="id2618294"></a>
-        <a class="indexterm" name="id2618301"></a>
-        <a class="indexterm" name="id2618308"></a>
-        <a class="indexterm" name="id2618314"></a>
+                </p></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384336"></a>Questions and Answers</h2></div></div></div><p>
+        <a class="indexterm" name="id384344"></a>
+        <a class="indexterm" name="id384351"></a>
+        <a class="indexterm" name="id384358"></a>
+        <a class="indexterm" name="id384365"></a>
         The development of the <code class="literal">ntlm_auth</code> module was first discussed in many Open Source circles
         in 2002. At the SambaXP conference in Goettingen, Germany, Mr. Francesco Chemolli demonstrated the use of 
@@ -516 +516 @@
         comments were made with respect to questions regarding the performance of this installation:
         </p><div class="blockquote"><blockquote class="blockquote"><p>
-        [In our] EXTREMELY optimized environment . . . [the] performance impact is almost [nothing]. The &#8220;<span class="quote">almost</span>&#8221; 
+        [In our] EXTREMELY optimized environment . . . [the] performance impact is almost [nothing]. The <span class="quote">&#8220;<span class="quote">almost</span>&#8221;</span> 
         part is due to the brain damage of the ntlm-over-http protocol definition. Suffice to say that its worst-case 
         scenario triples the number of hits needed to perform the same transactions versus basic or digest auth[entication].
@@ -523 +523 @@
         Make certain that your Squid proxy server is equipped with sufficient memory to permit all proxy operations to run 
         out of memory without invoking the overheads involved in the use of memory that has to be swapped to disk.
-        </p><div class="qandaset"><dl><dt> <a href="DomApps.html#id2618392">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id384423"></a><dl><dt> <a href="DomApps.html#id384430">
                 What does Samba have to do with Web proxy serving?
-                </a></dt><dt> <a href="DomApps.html#id2618558">
+                </a></dt><dt> <a href="DomApps.html#id384585">
                 What other services does Samba provide?
-                </a></dt><dt> <a href="DomApps.html#id2618701">
+                </a></dt><dt> <a href="DomApps.html#id384721">
                 Does use of Samba (ntlm_auth) improve the performance of Squid?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2618392"></a><a name="id2618394"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id384430"></a><a name="id384432"></a></td><td align="left" valign="top"><p>
                 What does Samba have to do with Web proxy serving?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2618406"></a>
-                <a class="indexterm" name="id2618413"></a>
-                <a class="indexterm" name="id2618420"></a>
-                <a class="indexterm" name="id2618429"></a>
-                <a class="indexterm" name="id2618436"></a>
+                <a class="indexterm" name="id384443"></a>
+                <a class="indexterm" name="id384450"></a>
+                <a class="indexterm" name="id384457"></a>
+                <a class="indexterm" name="id384466"></a>
+                <a class="indexterm" name="id384473"></a>
                 To provide transparent interoperability between Windows clients and the network services
                 that are used from them, Samba had to develop tools and facilities that deliver that feature. The benefit
@@ -542 +542 @@
                 module is basically a wrapper around authentication code from the core of the Samba project.
                 </p><p>
-                <a class="indexterm" name="id2618458"></a>
-                <a class="indexterm" name="id2618465"></a>
-                <a class="indexterm" name="id2618474"></a>
-                <a class="indexterm" name="id2618483"></a>
-                <a class="indexterm" name="id2618492"></a>
-                <a class="indexterm" name="id2618499"></a>
-                <a class="indexterm" name="id2618506"></a>
-                <a class="indexterm" name="id2618513"></a>
-                <a class="indexterm" name="id2618520"></a>
+                <a class="indexterm" name="id384492"></a>
+                <a class="indexterm" name="id384499"></a>
+                <a class="indexterm" name="id384508"></a>
+                <a class="indexterm" name="id384517"></a>
+                <a class="indexterm" name="id384526"></a>
+                <a class="indexterm" name="id384533"></a>
+                <a class="indexterm" name="id384540"></a>
+                <a class="indexterm" name="id384546"></a>
+                <a class="indexterm" name="id384553"></a>
                 The <code class="literal">ntlm_auth</code> module supports basic plain-text authentication and NTLMSSP 
                 protocols. This module makes it possible for Web and FTP proxy requests to be authenticated without
@@ -558 +558 @@
                 also.
                 </p><p>
-                <a class="indexterm" name="id2618544"></a>
+                <a class="indexterm" name="id384574"></a>
                 The short answer is that by adding a wrapper around key authentication components of Samba, other
                 projects (like Squid) can benefit from the labors expended in meeting user interoperability needs.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2618558"></a><a name="id2618560"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id384585"></a><a name="id384588"></a></td><td align="left" valign="top"><p>
                 What other services does Samba provide?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2618572"></a>
-                <a class="indexterm" name="id2618579"></a>
-                <a class="indexterm" name="id2618586"></a>
-                <a class="indexterm" name="id2618592"></a>
-                <a class="indexterm" name="id2618599"></a>
+                <a class="indexterm" name="id384599"></a>
+                <a class="indexterm" name="id384606"></a>
+                <a class="indexterm" name="id384612"></a>
+                <a class="indexterm" name="id384619"></a>
+                <a class="indexterm" name="id384626"></a>
                 Samba-3 is a file and print server. The core components that provide this functionality are <code class="literal">smbd</code>,
                 <code class="literal">nmbd</code>, and the identity resolver daemon, <code class="literal">winbindd</code>.
                 </p><p>
-                <a class="indexterm" name="id2618630"></a>
-                <a class="indexterm" name="id2618636"></a>
+                <a class="indexterm" name="id384655"></a>
+                <a class="indexterm" name="id384662"></a>
                 Samba-3 is an SMB/CIFS client. The core component that provides this is called <code class="literal">smbclient</code>.
                 </p><p>
-                <a class="indexterm" name="id2618654"></a>
-                <a class="indexterm" name="id2618661"></a>
-                <a class="indexterm" name="id2618668"></a>
-                <a class="indexterm" name="id2618674"></a>
-                <a class="indexterm" name="id2618681"></a>
+                <a class="indexterm" name="id384679"></a>
+                <a class="indexterm" name="id384685"></a>
+                <a class="indexterm" name="id384692"></a>
+                <a class="indexterm" name="id384699"></a>
+                <a class="indexterm" name="id384706"></a>
                 Samba-3 includes a number of helper tools, plug-in modules, utilities, and test and validation facilities.
                 Samba-3 includes glue modules that help provide interoperability between MS Windows clients and UNIX/Linux
@@ -587 +587 @@
                 to permit identity resolution via SMB/CIFS servers (Windows NT4/200x, Samba, and a host of other commercial
                 server products).
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2618701"></a><a name="id2618703"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id384721"></a><a name="id384723"></a></td><td align="left" valign="top"><p>
                 Does use of Samba (<code class="literal">ntlm_auth</code>) improve the performance of Squid?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>

trunk/server/docs/htmldocs/Samba3-ByExample/ExNetworks.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. Example Network Configurations</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="preface.html" title="Preface"><link rel="next" href="simple.html" title="Chapter 1. No-Frills Samba Servers"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. Example Network Configurations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="ExNetworks"></a>Part I. Example Network Configurations</h1></div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2550769"></a>Example Network Configurations</h1></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. Example Network Configurations</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="preface.html" title="Preface"><link rel="next" href="simple.html" title="Chapter 1. No-Frills Samba Servers"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. Example Network Configurations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr></table><hr></div><div class="part" title="Part I. Example Network Configurations"><div class="titlepage"><div><div><h1 class="title"><a name="ExNetworks"></a>Part I. Example Network Configurations</h1></div></div></div><div class="partintro" title="Example Network Configurations"><div><div><div><h1 class="title"><a name="id323031"></a>Example Network Configurations</h1></div></div></div><p>
 This section of <span class="emphasis"><em>Samba-3 by Example</em></span> provides example network
 configurations that can be copied, or modified as needed, and deployed as-is.
@@ -21 +21 @@
 <a class="ulink" href="http://www.samba.org/samba/support/" target="_top">support</a> pages from 
 the Samba web site.
-</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id2550843">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id2550883">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id2550925">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id2551634">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id2554969">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id2555439">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2555462">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2555522">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2555570">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id2555768">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2555790">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2557337">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id2557985">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id2558010">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2558084">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id2558563">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558614">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2558848">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558863">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2559289">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2559329">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2560183">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2564645">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2564707">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id2565229">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565274">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565373">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565409">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2565612">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565635">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566362">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566927">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2570125">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2570184">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id2571164">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571262">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2571399">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571856">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573730">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573745">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2573925">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id2580771">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2580791">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id2580886">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581130">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581241">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2581375">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582445">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583127">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583163">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2583197">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id2583303">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id2583726">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2583756">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2583824">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2584098">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id2585046">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2585064">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2588223">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2588370">Questions and Answers</a></span></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Preface </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. No-Frills Samba Servers</td></tr></table></div></body></html>
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id323089">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id323120">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id323158">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id323803">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id326925">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id327308">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327326">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327416">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id327588">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327606">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id329058">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id329633">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id329652">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id329716">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id330143">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330177">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330386">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330398">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id330742">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330776">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id331530">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id335513">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id335566">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id341463">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id341540">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id341668">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id342070">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343725">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343737">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id343908">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id350178">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id350194">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id350283">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id350512">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id350609">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350723">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id352365">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id352391">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id352420">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id352508">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id352846">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id352871">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352928">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id353175">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id353997">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id354011">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id357027">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id357166">Questions and Answers</a></span></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Preface </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. No-Frills Samba Servers</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/HA.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 13. Performance, Reliability, and Availability</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="DomApps.html" title="Chapter 12. Integrating Additional Services"><link rel="next" href="ch14.html" title="Chapter 14. Samba Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 13. Performance, Reliability, and Availability</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DomApps.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="ch14.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="HA"></a>Chapter 13. Performance, Reliability, and Availability</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="HA.html#id2618805">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id2618892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id2619366">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id2619393">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id2619868">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620205">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620281">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620352">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620407">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620452">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620600">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id2620704">Key Points Learned</a></span></dt></dl></div><p>
-        <a class="indexterm" name="id2618767"></a>
-        <a class="indexterm" name="id2618774"></a>
-        <a class="indexterm" name="id2618780"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 13. Performance, Reliability, and Availability</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="DomApps.html" title="Chapter 12. Integrating Additional Services"><link rel="next" href="ch14.html" title="Chapter 14. Samba Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 13. Performance, Reliability, and Availability</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DomApps.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="ch14.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 13. Performance, Reliability, and Availability"><div class="titlepage"><div><div><h2 class="title"><a name="HA"></a>Chapter 13. Performance, Reliability, and Availability</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="HA.html#id384815">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id384892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id385369">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id385810">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id386110">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id386178">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id386240">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id386332">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id386465">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id386548">Key Points Learned</a></span></dt></dl></div><p>
+        <a class="indexterm" name="id384782"></a>
+        <a class="indexterm" name="id384788"></a>
+        <a class="indexterm" name="id384795"></a>
         Well, you have reached one of the last chapters of this book. It is customary to attempt
         to wrap up the theme and contents of a book in what is generally regarded as the
@@ -11 +11 @@
         </p><div class="blockquote"><table border="0" width="100%" cellspacing="0" cellpadding="0" class="blockquote" summary="Block quote"><tr><td width="10%" valign="top"> </td><td width="80%" valign="top"><p>
         In a world so full of noise, how can the sparrow be heard?
-        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Anonymous</span></td></tr></table></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2618805"></a>Introduction</h2></div></div></div><p>
-        <a class="indexterm" name="id2618813"></a>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Anonymous</span></td></tr></table></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384815"></a>Introduction</h2></div></div></div><p>
+        <a class="indexterm" name="id384822"></a>
         The sparrow is a small bird whose sounds are drowned out by the noise of the busy
         world it lives in. Likewise, the simple steps that can be taken to improve the
@@ -21 +21 @@
         custom tools and methods. Only passing comments are offered concerning these methods.
         </p><p>
-        <a class="indexterm" name="id2618833"></a>
-        <a class="indexterm" name="id2618840"></a>
-        <a class="indexterm" name="id2618847"></a>
+        <a class="indexterm" name="id384837"></a>
+        <a class="indexterm" name="id384844"></a>
+        <a class="indexterm" name="id384851"></a>
 <a class="ulink" href="http://www.google.com/search?hl=en&amp;lr=&amp;ie=ISO-8859-1&amp;q=samba+cluster&amp;btnG=Google+Search" target="_top">A search</a> 
-        for &#8220;<span class="quote">samba cluster</span>&#8221; produced 71,600 hits. And a search for &#8220;<span class="quote">highly available samba</span>&#8221;
-        and &#8220;<span class="quote">highly available windows</span>&#8221; produced an amazing number of references.
+        for <span class="quote">&#8220;<span class="quote">samba cluster</span>&#8221;</span> produced 71,600 hits. And a search for <span class="quote">&#8220;<span class="quote">highly available samba</span>&#8221;</span>
+        and <span class="quote">&#8220;<span class="quote">highly available windows</span>&#8221;</span> produced an amazing number of references.
         It is clear from the resources on the Internet that Windows file and print services 
         availability, reliability, and scalability are of vital interest to corporate network users.
         </p><p>
-        <a class="indexterm" name="id2618880"></a>
+        <a class="indexterm" name="id384882"></a>
         So without further background, you can review a checklist of simple steps that
         can be taken to ensure acceptable network performance while keeping costs of ownership
         well under control.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2618892"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2618900"></a>
-        <a class="indexterm" name="id2618907"></a>
+        </p></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384892"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id384899"></a>
+        <a class="indexterm" name="id384906"></a>
         If it is your purpose to get the best mileage out of your Samba servers, there is one rule that
         must be obeyed. If you want the best, keep your implementation as simple as possible. You may
@@ -45 +45 @@
         complex ones. 
         </p><p>
-        <a class="indexterm" name="id2618929"></a>
-        <a class="indexterm" name="id2618936"></a>
+        <a class="indexterm" name="id384924"></a>
+        <a class="indexterm" name="id384931"></a>
         Problems reported by users fall into three categories: configurations that do not work, those 
         that have broken behavior, and poor performance. The term <span class="emphasis"><em>broken behavior</em></span>
@@ -55 +55 @@
         and at other times not listing them even though the machines are in use on the network.
         </p><p>
-        <a class="indexterm" name="id2618964"></a>
-        <a class="indexterm" name="id2618970"></a>
-        <a class="indexterm" name="id2618977"></a>
-        <a class="indexterm" name="id2618984"></a>
-        <a class="indexterm" name="id2618991"></a>
-        <a class="indexterm" name="id2618998"></a>
+        <a class="indexterm" name="id384953"></a>
+        <a class="indexterm" name="id384960"></a>
+        <a class="indexterm" name="id384966"></a>
+        <a class="indexterm" name="id384973"></a>
+        <a class="indexterm" name="id384980"></a>
+        <a class="indexterm" name="id384987"></a>
         A significant number of reports concern problems with the <code class="literal">smbfs</code> file system
         driver that is part of the Linux kernel, not part of Samba. Users continue to interpret that
@@ -71 +71 @@
         Samba and are really foreign to it.
         </p><p>
-        <a class="indexterm" name="id2619058"></a>
+        <a class="indexterm" name="id385043"></a>
         The new project, <code class="literal">cifsfs</code>, is destined to replace <code class="literal">smbfs</code>.
         It, too, is not part of Samba, even though one of the Samba Team members is a prime mover in
@@ -77 +77 @@
         </p><p>
         Table 13.1 lists typical causes of:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Not Working (NW)</p></li><li><p>Broken Behavior (BB)</p></li><li><p>Poor Performance (PP)</p></li></ul></div><div class="table"><a name="ProbList"></a><p class="title"><b>Table 13.1. Effect of Common Problems</b></p><div class="table-contents"><table summary="Effect of Common Problems" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th align="left"><p>Problem</p></th><th align="center"><p>NW</p></th><th align="center"><p>BB</p></th><th align="center"><p>PP</p></th></tr></thead><tbody><tr><td align="left"><p>File locking</p></td><td align="center"><p>-</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Hardware problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Incorrect authentication</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Incorrect configuration</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>LDAP problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Name resolution</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Printing problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Slow file transfer</p></td><td align="center"><p>-</p></td><td align="center"><p>-</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Winbind problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr></tbody></table></div></div><br class="table-break"><p>
-        <a class="indexterm" name="id2619352"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Not Working (NW)</p></li><li class="listitem"><p>Broken Behavior (BB)</p></li><li class="listitem"><p>Poor Performance (PP)</p></li></ul></div><div class="table"><a name="ProbList"></a><p class="title"><b>Table 13.1. Effect of Common Problems</b></p><div class="table-contents"><table summary="Effect of Common Problems" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th align="left"><p>Problem</p></th><th align="center"><p>NW</p></th><th align="center"><p>BB</p></th><th align="center"><p>PP</p></th></tr></thead><tbody><tr><td align="left"><p>File locking</p></td><td align="center"><p>-</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Hardware problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Incorrect authentication</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Incorrect configuration</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>LDAP problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Name resolution</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Printing problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Slow file transfer</p></td><td align="center"><p>-</p></td><td align="center"><p>-</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Winbind problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr></tbody></table></div></div><br class="table-break"><p>
+        <a class="indexterm" name="id385333"></a>
         It is obvious to all that the first requirement (as a matter of network hygiene) is to eliminate
         problems that affect basic network operation. This book has provided sufficient working examples
         to help you to avoid all these problems.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2619366"></a>Guidelines for Reliable Samba Operation</h2></div></div></div><p>
-        <a class="indexterm" name="id2619374"></a>
-        <a class="indexterm" name="id2619381"></a>
+        </p></div><div class="sect1" title="Guidelines for Reliable Samba Operation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id385344"></a>Guidelines for Reliable Samba Operation</h2></div></div></div><p>
+        <a class="indexterm" name="id385352"></a>
+        <a class="indexterm" name="id385359"></a>
         Your objective is to provide a network that works correctly, can grow at all times, is resilient
         at times of extreme demand, and can scale to meet future needs. The following subject areas provide
         pointers that can help you today.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2619393"></a>Name Resolution</h3></div></div></div><p>
+        </p><div class="sect2" title="Name Resolution"><div class="titlepage"><div><div><h3 class="title"><a name="id385369"></a>Name Resolution</h3></div></div></div><p>
         There are three basic current problem areas: bad hostnames, routed networks, and network collisions.
         These are covered in the following discussion.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2619404"></a>Bad Hostnames</h4></div></div></div><p>
-                <a class="indexterm" name="id2619412"></a>
-                <a class="indexterm" name="id2619421"></a>
-                <a class="indexterm" name="id2619428"></a>
-                <a class="indexterm" name="id2619435"></a>
-                <a class="indexterm" name="id2619442"></a>
+        </p><div class="sect3" title="Bad Hostnames"><div class="titlepage"><div><div><h4 class="title"><a name="id385379"></a>Bad Hostnames</h4></div></div></div><p>
+                <a class="indexterm" name="id385387"></a>
+                <a class="indexterm" name="id385396"></a>
+                <a class="indexterm" name="id385403"></a>
+                <a class="indexterm" name="id385409"></a>
+                <a class="indexterm" name="id385416"></a>
                 When configured as a DHCP client, a number of Linux distributions set the system hostname
                 to <code class="constant">localhost</code>. If the parameter <em class="parameter"><code>netbios name</code></em> is not
@@ -108 +108 @@
                 correctly.
                 </p><p>
-                <a class="indexterm" name="id2619497"></a>
+                <a class="indexterm" name="id385465"></a>
                 A few sites have tried to name Windows clients and Samba servers with a name that begins
                 with the digits 1-9. This does not work either because it may result in the client or
                 server attempting to use that name as an IP address.
                 </p><p>
-                <a class="indexterm" name="id2619511"></a>
-                <a class="indexterm" name="id2619520"></a>
+                <a class="indexterm" name="id385477"></a>
+                <a class="indexterm" name="id385486"></a>
                 A Samba server called <code class="constant">FRED</code> in a NetBIOS domain called <code class="constant">COLLISION</code>
                 in a network environment that is part of the fully-qualified Internet domain namespace known
@@ -122 +122 @@
                 attempts to resolve <code class="constant">fred.parrots.com.parrots.com</code>, which most likely
                 fails given that you probably do not have this in your DNS namespace.
-                </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-                <a class="indexterm" name="id2619564"></a>
-                <a class="indexterm" name="id2619573"></a>
-                <a class="indexterm" name="id2619580"></a>
+                </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                <a class="indexterm" name="id385526"></a>
+                <a class="indexterm" name="id385536"></a>
+                <a class="indexterm" name="id385542"></a>
                 An Active Directory realm called <code class="constant">collision.parrots.com</code> is perfectly okay,
                 although it too must be capable of being resolved via DNS, something that functions correctly
                 if Windows 200x ADS has been properly installed and configured.
-                </p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2619596"></a>Routed Networks</h4></div></div></div><p>
-                <a class="indexterm" name="id2619604"></a>
-                <a class="indexterm" name="id2619611"></a>
-                <a class="indexterm" name="id2619620"></a>
+                </p></div></div><div class="sect3" title="Routed Networks"><div class="titlepage"><div><div><h4 class="title"><a name="id385556"></a>Routed Networks</h4></div></div></div><p>
+                <a class="indexterm" name="id385564"></a>
+                <a class="indexterm" name="id385571"></a>
+                <a class="indexterm" name="id385580"></a>
                 NetBIOS networks (Windows networking with NetBIOS over TCP/IP enabled) makes extensive use
                 of UDP-based broadcast traffic, as you saw during the exercises in <a class="link" href="primer.html" title="Chapter 16. Networking Primer">&#8220;Networking Primer&#8221;</a>.
                 </p><p>
-                <a class="indexterm" name="id2619640"></a>
-                <a class="indexterm" name="id2619647"></a>
-                <a class="indexterm" name="id2619653"></a>
+                <a class="indexterm" name="id385598"></a>
+                <a class="indexterm" name="id385605"></a>
+                <a class="indexterm" name="id385612"></a>
                 UDP broadcast traffic is not forwarded by routers. This means that NetBIOS broadcast-based
                 networking cannot function across routed networks (i.e., multi-subnet networks) unless
                 special provisions are made:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id2619670"></a>
-                        <a class="indexterm" name="id2619677"></a>
-                        <a class="indexterm" name="id2619684"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id385627"></a>
+                        <a class="indexterm" name="id385634"></a>
+                        <a class="indexterm" name="id385641"></a>
                         Either install on every Windows client an LMHOSTS file (located in the directory
                         <code class="filename">C:\windows\system32\drivers\etc</code>). It is also necessary to
@@ -151 +151 @@
                         and <em class="parameter"><code>remote browse sync</code></em>. For more information, refer to the online
                         manual page for the <code class="filename">smb.conf</code> file.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2619730"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id385684"></a>
                         Or configure Samba as a WINS server, and configure all network clients to use that
                         WINS server in their TCP/IP configuration.
-                        </p></li></ul></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-                <a class="indexterm" name="id2619747"></a>
-                <a class="indexterm" name="id2619756"></a>
+                        </p></li></ul></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                <a class="indexterm" name="id385700"></a>
+                <a class="indexterm" name="id385709"></a>
                 The use of DNS is not an acceptable substitute for WINS. DNS does not store specific
                 information regarding NetBIOS networking particulars that get stored in the WINS
                 name resolution database and that Windows clients require and depend on.
-                </p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2619769"></a>Network Collisions</h4></div></div></div><p>
-                <a class="indexterm" name="id2619777"></a>
-                <a class="indexterm" name="id2619786"></a>
-                <a class="indexterm" name="id2619795"></a>
-                <a class="indexterm" name="id2619802"></a>
+                </p></div></div><div class="sect3" title="Network Collisions"><div class="titlepage"><div><div><h4 class="title"><a name="id385720"></a>Network Collisions</h4></div></div></div><p>
+                <a class="indexterm" name="id385727"></a>
+                <a class="indexterm" name="id385737"></a>
+                <a class="indexterm" name="id385746"></a>
+                <a class="indexterm" name="id385753"></a>
                 Excessive network activity causes NetBIOS network timeouts. Timeouts may result in
                 blue screen of death (BSOD) experiences. High collision rates may be caused by excessive
@@ -174 +174 @@
                 in <a class="link" href="primer.html" title="Chapter 16. Networking Primer">&#8220;Networking Primer&#8221;</a>.
                 </p><p>
-                <a class="indexterm" name="id2619831"></a>
-                <a class="indexterm" name="id2619838"></a>
-                <a class="indexterm" name="id2619845"></a>
+                <a class="indexterm" name="id385778"></a>
+                <a class="indexterm" name="id385784"></a>
+                <a class="indexterm" name="id385791"></a>
                 Under no circumstances should the facility be supported by many routers, known as <code class="constant">NetBIOS
                 forwarding</code>, unless you know exactly what you are doing. Inappropriate use of this
@@ -184 +184 @@
                 less than 15 KB/sec. After the NetBIOS forwarding was turned off, file transfer performance
                 immediately returned to 11 MB/sec.
-                </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2619868"></a>Samba Configuration</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id385810"></a>Samba Configuration</h3></div></div></div><p>
         As a general rule, the contents of the <code class="filename">smb.conf</code> file should be kept as simple as possible.
         No parameter should be specified unless you know it is essential to operation.
         </p><p>
-        <a class="indexterm" name="id2619888"></a>
-        <a class="indexterm" name="id2619895"></a>
-        <a class="indexterm" name="id2619902"></a>
+        <a class="indexterm" name="id385828"></a>
+        <a class="indexterm" name="id385835"></a>
+        <a class="indexterm" name="id385842"></a>
         Many UNIX administrators like to fully document the settings in the <code class="filename">smb.conf</code> file. This is a
         bad idea because it adds content to the file. The <code class="filename">smb.conf</code> file is re-read by every <code class="literal">smbd</code>
@@ -198 +198 @@
         It is recommended to keep a fully documented <code class="filename">smb.conf</code> file on hand, and then to operate Samba only
         with an optimized file.
-        </p><p><a class="indexterm" name="id2619952"></a>
+        </p><p><a class="indexterm" name="id385888"></a>
         The preferred way to maintain a documented file is to call it something like <code class="filename">smb.conf.master</code>.
         You can generate the optimized file by executing:
@@ -224 +224 @@
 Press enter to see a dump of your service definitions
 </pre><p>
-        <a class="indexterm" name="id2620011"></a>
+        <a class="indexterm" name="id385939"></a>
         You now, of course, press the enter key to complete the command, or else abort it by pressing Ctrl-C.
         The important thing to note is the noted Server role, as well as warning messages. Noted configuration
@@ -234 +234 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2620039"></a>
-        <a class="indexterm" name="id2620046"></a>
-        <a class="indexterm" name="id2620053"></a>
+        <a class="indexterm" name="id385960"></a>
+        <a class="indexterm" name="id385967"></a>
+        <a class="indexterm" name="id385974"></a>
         There are two parameters that can cause severe network performance degradation: <em class="parameter"><code>socket options</code></em>
         and <em class="parameter"><code>socket address</code></em>. The <em class="parameter"><code>socket options</code></em> parameter was often necessary
@@ -242 +242 @@
         this parameter being set. Do not use either parameter unless it has been proven necessary to use them.
         </p><p>
-        <a class="indexterm" name="id2620087"></a>
-        <a class="indexterm" name="id2620094"></a>
-        <a class="indexterm" name="id2620101"></a>
-        <a class="indexterm" name="id2620108"></a>
+        <a class="indexterm" name="id386005"></a>
+        <a class="indexterm" name="id386012"></a>
+        <a class="indexterm" name="id386018"></a>
+        <a class="indexterm" name="id386025"></a>
         Another <code class="filename">smb.conf</code> parameter that may cause severe network performance degradation is the 
         <em class="parameter"><code>strict sync</code></em> parameter. Do not use this at all. There is no good reason
@@ -252 +252 @@
         degrade network performance, so do not set it; if you must, do so with caution.
         </p><p>
-        <a class="indexterm" name="id2620149"></a>
-        <a class="indexterm" name="id2620156"></a>
-        <a class="indexterm" name="id2620163"></a>
-        <a class="indexterm" name="id2620170"></a>
+        <a class="indexterm" name="id386064"></a>
+        <a class="indexterm" name="id386071"></a>
+        <a class="indexterm" name="id386078"></a>
+        <a class="indexterm" name="id386085"></a>
         Finally, many network administrators deliberately disable opportunistic locking support. While this
         does not degrade Samba performance, it significantly degrades Windows client performance because
@@ -263 +263 @@
         oplock support for operations that are tolerant of it. See <a class="link" href="appendix.html#ch12dblck" title="Shared Data Integrity">&#8220;Shared Data Integrity&#8221;</a> for more
         information.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620205"></a>Use and Location of BDCs</h3></div></div></div><p>
-        <a class="indexterm" name="id2620213"></a>
-        <a class="indexterm" name="id2620220"></a>
-        <a class="indexterm" name="id2620226"></a>
-        <a class="indexterm" name="id2620233"></a>
-        <a class="indexterm" name="id2620240"></a>
+        </p></div><div class="sect2" title="Use and Location of BDCs"><div class="titlepage"><div><div><h3 class="title"><a name="id386110"></a>Use and Location of BDCs</h3></div></div></div><p>
+        <a class="indexterm" name="id386118"></a>
+        <a class="indexterm" name="id386125"></a>
+        <a class="indexterm" name="id386131"></a>
+        <a class="indexterm" name="id386138"></a>
+        <a class="indexterm" name="id386145"></a>
         On a network segment where there is a PDC and a BDC, the BDC carries the bulk of the network logon
         processing. If the BDC is a heavily loaded server, the PDC carries a greater proportion of
@@ -276 +276 @@
         and is undesirable.
         </p><p>
-        <a class="indexterm" name="id2620258"></a>
-        <a class="indexterm" name="id2620265"></a>
+        <a class="indexterm" name="id386159"></a>
+        <a class="indexterm" name="id386166"></a>
         As a general guide, instead of adding domain member servers to a network, you would be better advised
         to add BDCs until there are fewer than 30 Windows clients per BDC. Beyond that ratio, you should add
         domain member servers. This practice ensures that there are always sufficient domain controllers
         to handle logon requests and authentication traffic.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620281"></a>Use One Consistent Version of MS Windows Client</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Use One Consistent Version of MS Windows Client"><div class="titlepage"><div><div><h3 class="title"><a name="id386178"></a>Use One Consistent Version of MS Windows Client</h3></div></div></div><p>
         Every network client has its own peculiarities. From a management perspective, it is easier to deal
         with one version of MS Windows that is maintained to a consistent update level than it is to deal
@@ -290 +290 @@
         have necessitated special handling from the Samba server end. If you want to remain sane, keep you
         client workstation configurations consistent.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620303"></a>For Scalability, Use SAN-Based Storage on Samba Servers</h3></div></div></div><p>
-        <a class="indexterm" name="id2620311"></a>
-        <a class="indexterm" name="id2620318"></a>
+        </p></div><div class="sect2" title="For Scalability, Use SAN-Based Storage on Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id386195"></a>For Scalability, Use SAN-Based Storage on Samba Servers</h3></div></div></div><p>
+        <a class="indexterm" name="id386203"></a>
+        <a class="indexterm" name="id386210"></a>
         Many SAN-based storage systems permit more than one server to share a common data store.
         Use of a shared SAN data store means that you do not need to use time- and resource-hungry data 
         synchronization techniques.
         </p><p>
-        <a class="indexterm" name="id2620332"></a>
-        <a class="indexterm" name="id2620339"></a>
+        <a class="indexterm" name="id386222"></a>
+        <a class="indexterm" name="id386229"></a>
         The use of a collection of relatively low-cost front-end Samba servers that are coupled to
         a shared backend SAN data store permits load distribution while containing costs below that
         of installing and managing a complex clustering facility.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620352"></a>Distribute Network Load with MSDFS</h3></div></div></div><p>
-        <a class="indexterm" name="id2620360"></a>
-        <a class="indexterm" name="id2620367"></a>
+        </p></div><div class="sect2" title="Distribute Network Load with MSDFS"><div class="titlepage"><div><div><h3 class="title"><a name="id386240"></a>Distribute Network Load with MSDFS</h3></div></div></div><p>
+        <a class="indexterm" name="id386248"></a>
+        <a class="indexterm" name="id386255"></a>
         Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits
         data to be accessed from a single share and yet to actually be distributed across multiple actual
@@ -310 +310 @@
         implementation of an MSDFS installation.
         </p><p>
-        <a class="indexterm" name="id2620386"></a>
-        <a class="indexterm" name="id2620395"></a>
+        <a class="indexterm" name="id386271"></a>
+        <a class="indexterm" name="id386280"></a>
         The combination of multiple backend servers together with a front-end server and use of MSDFS
         can achieve almost the same as you would obtain with a clustered Samba server.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620407"></a>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</h3></div></div></div><p>
-        <a class="indexterm" name="id2620415"></a>
-        <a class="indexterm" name="id2620422"></a>
-        <a class="indexterm" name="id2620429"></a>
+        </p></div><div class="sect2" title="Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth"><div class="titlepage"><div><div><h3 class="title"><a name="id386291"></a>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</h3></div></div></div><p>
+        <a class="indexterm" name="id386299"></a>
+        <a class="indexterm" name="id386306"></a>
+        <a class="indexterm" name="id386313"></a>
         Consider using <code class="literal">rsync</code> to replicate data across the WAN during times
         of low utilization. Users can then access the replicated data store rather than needing to do so
@@ -324 +324 @@
         implementation if you choose to permit modification and return replication of the modified file;
         otherwise, you may inadvertently overwrite important data.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620452"></a>Hardware Problems</h3></div></div></div><p>
-        <a class="indexterm" name="id2620460"></a>
-        <a class="indexterm" name="id2620467"></a>
-        <a class="indexterm" name="id2620474"></a>
-        <a class="indexterm" name="id2620481"></a>
-        <a class="indexterm" name="id2620490"></a>
-        <a class="indexterm" name="id2620499"></a>
+        </p></div><div class="sect2" title="Hardware Problems"><div class="titlepage"><div><div><h3 class="title"><a name="id386332"></a>Hardware Problems</h3></div></div></div><p>
+        <a class="indexterm" name="id386340"></a>
+        <a class="indexterm" name="id386346"></a>
+        <a class="indexterm" name="id386353"></a>
+        <a class="indexterm" name="id386360"></a>
+        <a class="indexterm" name="id386369"></a>
+        <a class="indexterm" name="id386378"></a>
         Networking hardware prices have fallen sharply over the past 5 years. A surprising number
         of Samba networking problems over this time have been traced to defective network interface
         cards (NICs) or defective HUBs, switches, and cables.
         </p><p>
-        <a class="indexterm" name="id2620516"></a>
+        <a class="indexterm" name="id386393"></a>
         Not surprising is the fact that network administrators do not like to be shown to have made
         a bad decision. Money saved in buying low-cost hardware may result in high costs incurred
         in corrective action.
         </p><p>
-        <a class="indexterm" name="id2620530"></a>
-        <a class="indexterm" name="id2620537"></a>
-        <a class="indexterm" name="id2620544"></a>
-        <a class="indexterm" name="id2620550"></a>
-        <a class="indexterm" name="id2620557"></a>
+        <a class="indexterm" name="id386405"></a>
+        <a class="indexterm" name="id386412"></a>
+        <a class="indexterm" name="id386418"></a>
+        <a class="indexterm" name="id386425"></a>
+        <a class="indexterm" name="id386432"></a>
         Defective NICs, HUBs, and switches may appear as intermittent network access problems, intermittent
         or persistent data corruption, slow network throughput, low performance, or even as BSOD
@@ -353 +353 @@
         Defective hardware problems may take patience and persistence before the real cause can be discovered.
         </p><p>
-        <a class="indexterm" name="id2620581"></a>
+        <a class="indexterm" name="id386450"></a>
         Networking hardware defects can significantly impact perceived Samba performance, but defective
         RAID controllers as well as SCSI and IDE hard disk controllers have also been known to impair Samba server
@@ -360 +360 @@
         administrator until the entire server was replaced. While you may well think that this would never
         happen to you, experience shows that given the right (unfortunate) circumstances, this can happen to anyone.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2620600"></a>Large Directories</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Large Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id386465"></a>Large Directories</h3></div></div></div><p>
         There exist applications that create or manage directories containing many thousands of files. Such
         applications typically generate many small files (less than 100 KB). At the best of times, under UNIX,
@@ -400 +400 @@
         as specified in the <code class="filename">smb.conf</code> stanza. This means that smbd will not be able to find lower case 
         filenames with these settings.  Note, this is done on a per-share basis.
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2620704"></a>Key Points Learned</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386548"></a>Key Points Learned</h2></div></div></div><p>
         This chapter has touched in broad sweeps on a number of simple steps that can be taken
         to ensure that your Samba network is resilient, scalable, and reliable, and that it
@@ -409 +409 @@
         her an even break.
         </p><p>
-        <a class="indexterm" name="id2620725"></a>
+        <a class="indexterm" name="id386565"></a>
         Last, but not least, you should not only keep the network design simple, but also be sure it is
         well documented. This book may serve as your pattern for documenting every

trunk/server/docs/htmldocs/Samba3-ByExample/RefSection.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part III. Reference Section</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"><link rel="next" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part III. Reference Section</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="nw4migration.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="kerberos.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="RefSection"></a>Part III. Reference Section</h1></div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2610399"></a>Reference Section</h1></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part III. Reference Section</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"><link rel="next" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part III. Reference Section</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="nw4migration.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="kerberos.html">Next</a></td></tr></table><hr></div><div class="part" title="Part III. Reference Section"><div class="titlepage"><div><div><h1 class="title"><a name="RefSection"></a>Part III. Reference Section</h1></div></div></div><div class="partintro" title="Reference Section"><div><div><div><h1 class="title"><a name="id377046"></a>Reference Section</h1></div></div></div><p>
 This section <span class="emphasis"><em>Samba-3 by Example</em></span> provides important reference material
 that may help you to solve network performance issues, to answer some of the critiques
 published regarding Samba, or just to gain a more broad understanding of how Samba can
 play in a Windows networking world.
-</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id2610496">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2611138">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id2611154">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2611545">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2613169">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2613518">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2615257">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id2615391">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id2616020">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id2616051">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2616160">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id2616193">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id2616349">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2616373">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id2618225">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2618286">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id2618805">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id2618892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id2619366">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id2619393">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id2619868">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620205">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620281">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620352">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620407">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620452">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620600">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id2620704">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id2620874">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id2621092">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2621811">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2622232">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2622592">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2622604">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2622652">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2622792">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2622851">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id2623411">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2624406">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2624881">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2625028">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2625113">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id2625280">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id2625441">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2625502">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id2625618">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2625744">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id2627962">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2628077">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A. 
-    GNU General Public License version 3
-  </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id2628743">A. 
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id377126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id377710">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id377723">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378089">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id379573">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379908">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380465">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380830">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id381514">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id381636">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id382225">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382248">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382338">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382367">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382513">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382530">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id384281">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id384336">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id384815">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id384892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id385369">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id385810">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id386110">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id386178">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id386240">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id386332">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id386465">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id386548">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id386696">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id386894">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387559">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387952">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388254">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388264">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388308">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388408">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388463">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id388919">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id389839">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id390270">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390409">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390484">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id390627">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id390763">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id390813">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id390920">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391033">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id393121">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id393223">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A. 
+    <acronym class="acronym">GNU</acronym> General Public License version 3
+  </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id393828">A. 
     Preamble
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628888">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393937">A. 
     TERMS AND CONDITIONS
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628892">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393940">A. 
     0. Definitions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628984">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394004">A. 
     1. Source Code.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629082">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394066">A. 
     2. Basic Permissions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629122">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394094">A. 
     3. Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629154">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394116">A. 
     4. Conveying Verbatim Copies.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629181">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394135">A. 
     5. Conveying Modified Source Versions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629277">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394207">A. 
     6. Conveying Non-Source Forms.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629466">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394339">A. 
      7. Additional Terms.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629602">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394444">A. 
      8. Termination.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629646">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394476">A. 
      9. Acceptance Not Required for Having Copies.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629675">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394495">A. 
      10. Automatic Licensing of Downstream Recipients.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629727">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394529">A. 
     11. Patents.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629872">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394618">A. 
     12. No Surrender of Others&#8217; Freedom.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629894">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394633">A. 
     13. Use with the ???TITLE??? Affero General Public License.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629923">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394657">A. 
     14. Revised Versions of this License.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629986">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394704">A. 
     15. Disclaimer of Warranty.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630012">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394722">A. 
     16. Limitation of Liability.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630032">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394736">A. 
     17. Interpretation of Sections 15 and 16.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630049">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394749">A. 
     END OF TERMS AND CONDITIONS
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630052">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394752">A. 
     How to Apply These Terms to Your New Programs
   </a></span></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="nw4migration.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="kerberos.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 10. Migrating NetWare Server to Samba-3 </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Active Directory, Kerberos, and Security</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/apa.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Appendix A.  GNU General Public License version 3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="primer.html" title="Chapter 16. Networking Primer"><link rel="next" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Appendix A. 
-    GNU General Public License version 3
-  </th></tr><tr><td width="20%" align="left"><a accesskey="p" href="primer.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="go01.html">Next</a></td></tr></table><hr></div><div class="appendix" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="id2628713"></a>Appendix A. 
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Appendix A.  GNU General Public License version 3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="primer.html" title="Chapter 16. Networking Primer"><link rel="next" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Appendix A. 
     <acronym class="acronym">GNU</acronym> General Public License version 3
-  </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="bridgehead"><a href="apa.html#id2628743">A. 
+  </th></tr><tr><td width="20%" align="left"><a accesskey="p" href="primer.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="go01.html">Next</a></td></tr></table><hr></div><div class="appendix" title="Appendix A.  GNU General Public License version 3"><div class="titlepage"><div><div><h2 class="title"><a name="id393802"></a>Appendix A. 
+    <acronym class="acronym">GNU</acronym> General Public License version 3
+  </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="bridgehead"><a href="apa.html#id393828">A. 
     Preamble
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628888">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393937">A. 
     TERMS AND CONDITIONS
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628892">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393940">A. 
     0. Definitions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628984">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394004">A. 
     1. Source Code.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629082">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394066">A. 
     2. Basic Permissions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629122">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394094">A. 
     3. Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629154">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394116">A. 
     4. Conveying Verbatim Copies.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629181">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394135">A. 
     5. Conveying Modified Source Versions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629277">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394207">A. 
     6. Conveying Non-Source Forms.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629466">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394339">A. 
      7. Additional Terms.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629602">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394444">A. 
      8. Termination.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629646">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394476">A. 
      9. Acceptance Not Required for Having Copies.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629675">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394495">A. 
      10. Automatic Licensing of Downstream Recipients.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629727">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394529">A. 
     11. Patents.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629872">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394618">A. 
     12. No Surrender of Others&#8217; Freedom.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629894">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394633">A. 
     13. Use with the ???TITLE??? Affero General Public License.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629923">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394657">A. 
     14. Revised Versions of this License.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629986">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394704">A. 
     15. Disclaimer of Warranty.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630012">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394722">A. 
     16. Limitation of Liability.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630032">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394736">A. 
     17. Interpretation of Sections 15 and 16.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630049">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394749">A. 
     END OF TERMS AND CONDITIONS
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630052">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394752">A. 
     How to Apply These Terms to Your New Programs
   </a></span></dt></dl></div><p>
@@ -55 +55 @@
     Everyone is permitted to copy and distribute verbatim copies of this license
     document, but changing it is not allowed.
-  </p><h2><a name="id2628743"></a>
+  </p><h2><a name="id393828"></a>
     Preamble
   </h2><p>
@@ -119 +119 @@
     The precise terms and conditions for copying, distribution and modification
     follow.
-  </p><h2><a name="id2628888"></a>
+  </p><h2><a name="id393937"></a>
     TERMS AND CONDITIONS
-  </h2><h2><a name="id2628892"></a>
+  </h2><h2><a name="id393940"></a>
     0. Definitions.
   </h2><p>
@@ -163 +163 @@
     a list of user commands or options, such as a menu, a prominent item in the
     list meets this criterion.
-  </p><h2><a name="id2628984"></a>
+  </p><h2><a name="id394004"></a>
     1. Source Code.
   </h2><p>
@@ -203 +203 @@
   </p><p>
     The Corresponding Source for a work in source code form is that same work.
-  </p><h2><a name="id2629082"></a>
+  </p><h2><a name="id394066"></a>
     2. Basic Permissions.
   </h2><p>
@@ -228 +228 @@
     conditions stated below.  Sublicensing is not allowed; section 10 makes it
     unnecessary.
-  </p><h2><a name="id2629122"></a>
+  </p><h2><a name="id394094"></a>
     3. Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
   </h2><p>
@@ -243 +243 @@
     third parties&#8217; legal rights to forbid circumvention of technological
     measures.
-  </p><h2><a name="id2629154"></a>
+  </p><h2><a name="id394116"></a>
     4. Conveying Verbatim Copies.
   </h2><p>
@@ -256 +256 @@
     You may charge any price or no price for each copy that you convey, and you
     may offer support or warranty protection for a fee.
-  </p><h2><a name="id2629181"></a>
+  </p><h2><a name="id394135"></a>
     5. Conveying Modified Source Versions.
   </h2><p>
@@ -262 +262 @@
     it from the Program, in the form of source code under the terms of section
     4, provided that you also meet all of these conditions:
-  </p><div class="orderedlist"><ol type="a"><li><p>
+  </p><div class="orderedlist"><ol class="orderedlist" type="a"><li class="listitem"><p>
         The work must carry prominent notices stating that you modified it, and
         giving a relevant date.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         The work must carry prominent notices stating that it is released under
         this License and any conditions added under section 7.  This requirement
         modifies the requirement in section 4 to &#8220;keep intact all
         notices&#8221;.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         You must license the entire work, as a whole, under this License to
         anyone who comes into possession of a copy.  This License will therefore
@@ -278 +278 @@
         other way, but it does not invalidate such permission if you have
         separately received it.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         If the work has interactive user interfaces, each must display
         Appropriate Legal Notices; however, if the Program has interactive
@@ -292 +292 @@
     permit.  Inclusion of a covered work in an aggregate does not cause
     this License to apply to the other parts of the aggregate.
-  </p><h2><a name="id2629277"></a>
+  </p><h2><a name="id394207"></a>
     6. Conveying Non-Source Forms.
   </h2><p>
@@ -298 +298 @@
     sections 4 and 5, provided that you also convey the machine-readable
     Corresponding Source under the terms of this License, in one of these ways:
-  </p><div class="orderedlist"><ol type="a"><li><p>
+  </p><div class="orderedlist"><ol class="orderedlist" type="a"><li class="listitem"><p>
         Convey the object code in, or embodied in, a physical product (including
         a physical distribution medium), accompanied by the Corresponding Source
         fixed on a durable physical medium customarily used for software
         interchange.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         Convey the object code in, or embodied in, a physical product (including
         a physical distribution medium), accompanied by a written offer, valid
@@ -314 +314 @@
         conveying of source, or (2) access to copy the Corresponding Source from
         a network server at no charge.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         Convey individual copies of the object code with a copy of the written
         offer to provide the Corresponding Source.  This alternative is allowed
         only occasionally and noncommercially, and only if you received the
         object code with such an offer, in accord with subsection 6b.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         Convey the object code by offering access from a designated place
         (gratis or for a charge), and offer equivalent access to the
@@ -332 +332 @@
         obligated to ensure that it is available for as long as needed to
         satisfy these requirements.
-      </p></li><li><p>
+      </p></li><li class="listitem"><p>
         Convey the object code using peer-to-peer transmission, provided you
         inform other peers where the object code and Corresponding Source of the
@@ -387 +387 @@
     and must require no special password or key for unpacking, reading or
     copying.
-  </p><h2><a name="id2629466"></a>
+  </p><h2><a name="id394339"></a>
      7. Additional Terms.
    </h2><p>
@@ -409 +409 @@
      to a covered work, you may (if authorized by the copyright holders of that
      material) supplement the terms of this License with terms:
-   </p><div class="orderedlist"><ol type="a"><li><p>
+   </p><div class="orderedlist"><ol class="orderedlist" type="a"><li class="listitem"><p>
          Disclaiming warranty or limiting liability differently from the terms
          of sections 15 and 16 of this License; or
-       </p></li><li><p>
+       </p></li><li class="listitem"><p>
          Requiring preservation of specified reasonable legal notices or author
          attributions in that material or in the Appropriate Legal Notices
          displayed by works containing it; or
-       </p></li><li><p>
+       </p></li><li class="listitem"><p>
          Prohibiting misrepresentation of the origin of that material, or
          requiring that modified versions of such material be marked in
          reasonable ways as different from the original version; or
-       </p></li><li><p>
+       </p></li><li class="listitem"><p>
          Limiting the use for publicity purposes of names of licensors or
          authors of the material; or
-       </p></li><li><p>
+       </p></li><li class="listitem"><p>
          Declining to grant rights under trademark law for use of some trade
          names, trademarks, or service marks; or
-       </p></li><li><p>
+       </p></li><li class="listitem"><p>
          Requiring indemnification of licensors and authors of that material by
          anyone who conveys the material (or modified versions of it) with
@@ -451 +451 @@
      of a separately written license, or stated as exceptions; the above
      requirements apply either way.
-   </p><h2><a name="id2629602"></a>
+   </p><h2><a name="id394444"></a>
      8. Termination.
    </h2><p>
@@ -477 +477 @@
      reinstated, you do not qualify to receive new licenses for the same
      material under section 10.
-   </p><h2><a name="id2629646"></a>
+   </p><h2><a name="id394476"></a>
      9. Acceptance Not Required for Having Copies.
    </h2><p>
@@ -488 +488 @@
      Therefore, by modifying or propagating a covered work, you indicate your
      acceptance of this License to do so.
-   </p><h2><a name="id2629675"></a>
+   </p><h2><a name="id394495"></a>
      10. Automatic Licensing of Downstream Recipients.
    </h2><p>
@@ -513 +513 @@
      by making, using, selling, offering for sale, or importing the Program or
      any portion of it.
-   </p><h2><a name="id2629727"></a>
+   </p><h2><a name="id394529"></a>
     11. Patents.
   </h2><p>
@@ -580 +580 @@
     implied license or other defenses to infringement that may otherwise be
     available to you under applicable patent law.
-  </p><h2><a name="id2629872"></a>
+  </p><h2><a name="id394618"></a>
     12. No Surrender of Others&#8217; Freedom.
   </h2><p>
@@ -592 +592 @@
     Program, the only way you could satisfy both those terms and this License
     would be to refrain entirely from conveying the Program.
-  </p><h2><a name="id2629894"></a>
+  </p><h2><a name="id394633"></a>
     13. Use with the <acronym class="acronym">GNU</acronym> Affero General Public License.
   </h2><p>
@@ -603 +603 @@
     section 13, concerning interaction through a network will apply to the
     combination as such.
-  </p><h2><a name="id2629923"></a>
+  </p><h2><a name="id394657"></a>
     14. Revised Versions of this License.
   </h2><p>
@@ -628 +628 @@
     However, no additional obligations are imposed on any author or copyright
     holder as a result of your choosing to follow a later version.
-  </p><h2><a name="id2629986"></a>
+  </p><h2><a name="id394704"></a>
     15. Disclaimer of Warranty.
   </h2><p>
@@ -639 +639 @@
     YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
     NECESSARY SERVICING, REPAIR OR CORRECTION.
-  </p><h2><a name="id2630012"></a>
+  </p><h2><a name="id394722"></a>
     16. Limitation of Liability.
   </h2><p>
@@ -651 +651 @@
     EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGES.
-  </p><h2><a name="id2630032"></a>
+  </p><h2><a name="id394736"></a>
     17. Interpretation of Sections 15 and 16.
   </h2><p>
@@ -660 +660 @@
     warranty or assumption of liability accompanies a copy of the Program in
     return for a fee.
-  </p><h2><a name="id2630049"></a>
+  </p><h2><a name="id394749"></a>
     END OF TERMS AND CONDITIONS
-  </h2><h2><a name="id2630052"></a>
+  </h2><h2><a name="id394752"></a>
     How to Apply These Terms to Your New Programs
   </h2><p>

trunk/server/docs/htmldocs/Samba3-ByExample/appendix.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 15. A Collection of Useful Tidbits</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="ch14.html" title="Chapter 14. Samba Support"><link rel="next" href="primer.html" title="Chapter 16. Networking Primer"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 15. A Collection of Useful Tidbits</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch14.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="primer.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="appendix"></a>Chapter 15. A Collection of Useful Tidbits</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2621811">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2622232">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2622592">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2622604">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2622652">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2622792">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2622851">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id2623411">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2624406">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2624881">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2625028">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2625113">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></div><p>
-        <a class="indexterm" name="id2621228"></a>
-        <a class="indexterm" name="id2621234"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 15. A Collection of Useful Tidbits</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="ch14.html" title="Chapter 14. Samba Support"><link rel="next" href="primer.html" title="Chapter 16. Networking Primer"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 15. A Collection of Useful Tidbits</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch14.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="primer.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 15. A Collection of Useful Tidbits"><div class="titlepage"><div><div><h2 class="title"><a name="appendix"></a>Chapter 15. A Collection of Useful Tidbits</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387559">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387952">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388254">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388264">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388308">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388408">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388463">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id388919">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id389839">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id390270">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390409">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390484">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></div><p>
+        <a class="indexterm" name="id387011"></a>
+        <a class="indexterm" name="id387018"></a>
         Information presented here is considered to be either basic or well-known material that is informative
         yet helpful. Over the years, I have observed an interesting behavior. There is an expectation that
@@ -7 +7 @@
         different from doing so with Windows NT4 or a Windows ADS domain. Be assured that the steps are identical,
         as shown in the example given below.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="domjoin"></a>Joining a Domain: Windows 200x/XP Professional</h2></div></div></div><p>
-        <a class="indexterm" name="id2621264"></a>
+        </p><div class="sect1" title="Joining a Domain: Windows 200x/XP Professional"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="domjoin"></a>Joining a Domain: Windows 200x/XP Professional</h2></div></div></div><p>
+        <a class="indexterm" name="id387044"></a>
         Microsoft Windows NT/200x/XP Professional platforms can participate in Domain Security.
         This section steps through the process for making a Windows 200x/XP Professional machine a
         member of a Domain Security environment. It should be noted that this process is identical
         when joining a domain that is controlled by Windows NT4/200x as well as a Samba PDC.
-        </p><div class="procedure"><a name="id2621278"></a><p class="title"><b>Procedure 15.1. Steps to Join a Domain</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 15.1. Steps to Join a Domain"><a name="id387055"></a><p class="title"><b>Procedure 15.1. Steps to Join a Domain</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Click <span class="guimenu">Start</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Right-click <span class="guimenu">My Computer</span>, and then select <span class="guimenuitem">Properties</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 The opening panel is the same one that can be reached by clicking <span class="guimenu">System</span> on the Control Panel.
                 See <a class="link" href="appendix.html#swxpp001" title="Figure 15.1. The General Panel.">&#8220;The General Panel.&#8221;</a>.
                 </p><div class="figure"><a name="swxpp001"></a><p class="title"><b>Figure 15.1. The General Panel.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/wxpp001.png" alt="The General Panel."></div></div></div><p><br class="figure-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Click the <span class="guimenu">Computer Name</span> tab.
                 This panel shows the <span class="guimenuitem">Computer Description</span>, the <span class="guimenuitem">Full computer name</span>,
@@ -30 +30 @@
                 See <a class="link" href="appendix.html#swxpp004" title="Figure 15.2. The Computer Name Panel.">&#8220;The Computer Name Panel.&#8221;</a>.
                 </p><div class="figure"><a name="swxpp004"></a><p class="title"><b>Figure 15.2. The Computer Name Panel.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/wxpp004.png" alt="The Computer Name Panel."></div></div></div><p><br class="figure-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Click on <span class="guimenu">Change</span>. This panel shows that our example machine (TEMPTATION) is in a workgroup called WORKGROUP.
                 We join the domain called MIDEARTH. See <a class="link" href="appendix.html#swxpp006" title="Figure 15.3. The Computer Name Changes Panel">&#8220;The Computer Name Changes Panel&#8221;</a>.
                 </p><div class="figure"><a name="swxpp006"></a><p class="title"><b>Figure 15.3. The Computer Name Changes Panel</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/wxpp006.png" alt="The Computer Name Changes Panel"></div></div></div><p><br class="figure-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Enter the name <span class="guimenu">MIDEARTH</span> in the field below the Domain radio button.
                 </p><p>
                 This panel shows that our example machine (TEMPTATION) is set to join the domain called MIDEARTH. See <a class="link" href="appendix.html#swxpp007" title="Figure 15.4. The Computer Name Changes Panel Domain MIDEARTH">&#8220;The Computer Name Changes Panel  Domain MIDEARTH&#8221;</a>.
                 </p><div class="figure"><a name="swxpp007"></a><p class="title"><b>Figure 15.4. The Computer Name Changes Panel  Domain MIDEARTH</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/wxpp007.png" alt="The Computer Name Changes Panel Domain MIDEARTH"></div></div></div><p><br class="figure-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now click the <span class="guimenu">OK</span> button. A dialog box should appear to allow you to provide the credentials (username and password)
                 of a domain administrative account that has the rights to add machines to the domain.
                 </p><p>
-                Enter the name &#8220;<span class="quote">root</span>&#8221; and the root password from your Samba-3 server. See <a class="link" href="appendix.html#swxpp008" title="Figure 15.5. Computer Name Changes User name and Password Panel">&#8220;Computer Name Changes  User name and Password Panel&#8221;</a>.
+                Enter the name <span class="quote">&#8220;<span class="quote">root</span>&#8221;</span> and the root password from your Samba-3 server. See <a class="link" href="appendix.html#swxpp008" title="Figure 15.5. Computer Name Changes User name and Password Panel">&#8220;Computer Name Changes  User name and Password Panel&#8221;</a>.
                 </p><div class="figure"><a name="swxpp008"></a><p class="title"><b>Figure 15.5. Computer Name Changes  User name and Password Panel</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/wxpp008.png" alt="Computer Name Changes User name and Password Panel"></div></div></div><p><br class="figure-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Click <span class="guimenu">OK</span>.
                 </p><p>
-                The &#8220;<span class="quote">Welcome to the MIDEARTH domain</span>&#8221; dialog box should appear. At this point, the machine must be rebooted.
+                The <span class="quote">&#8220;<span class="quote">Welcome to the MIDEARTH domain</span>&#8221;</span> dialog box should appear. At this point, the machine must be rebooted.
                 Joining the domain is now complete.
                 </p></li></ol></div><p>
-        <a class="indexterm" name="id2621696"></a>
-        <a class="indexterm" name="id2621703"></a>
+        <a class="indexterm" name="id387460"></a>
+        <a class="indexterm" name="id387466"></a>
         The screen capture shown in <a class="link" href="appendix.html#swxpp007" title="Figure 15.4. The Computer Name Changes Panel Domain MIDEARTH">&#8220;The Computer Name Changes Panel  Domain MIDEARTH&#8221;</a> has a button labeled <span class="guimenu">More...</span>. This button opens a
         panel in which you can set (or change) the Primary DNS suffix of the computer. This is a parameter that mainly affects members
         of Microsoft Active Directory. Active Directory is heavily oriented around the DNS namespace.
         </p><p>
-        <a class="indexterm" name="id2621730"></a>
-        <a class="indexterm" name="id2621736"></a>
+        <a class="indexterm" name="id387490"></a>
+        <a class="indexterm" name="id387497"></a>
         Where NetBIOS technology uses WINS as well as UDP broadcast as key mechanisms for name resolution, Active Directory servers
         register their services with the Microsoft Dynamic DNS server. Windows clients must be able to query the correct DNS server
         to find the services (like which machines are domain controllers or which machines have the Netlogon service running).
         </p><p>
-        <a class="indexterm" name="id2621755"></a>
+        <a class="indexterm" name="id387512"></a>
         The default setting of the Primary DNS suffix is the Active Directory domain name. When you change the Primary DNS suffix,
         this does not affect domain membership, but it can break network browsing and the ability to resolve your computer name to
@@ -71 +71 @@
         Where the client is a member of a Samba domain, it is preferable to leave this field blank.
         </p><p>
-        <a class="indexterm" name="id2621783"></a>
-        According to Microsoft documentation, &#8220;<span class="quote">If this computer belongs to a group with <code class="constant">Group Policy</code>
+        <a class="indexterm" name="id387534"></a>
+        According to Microsoft documentation, <span class="quote">&#8220;<span class="quote">If this computer belongs to a group with <code class="constant">Group Policy</code>
         enabled on <code class="literal">Primary DNS suffice of this computer</code>, the string specified in the Group Policy is used
         as the primary DNS suffix and you might need to restart your computer to view the correct setting. The local setting is
-        used only if Group Policy is disabled or unspecified.</span>&#8221;
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2621811"></a>Samba System File Location</h2></div></div></div><p><a class="indexterm" name="id2621818"></a><a class="indexterm" name="id2621826"></a><a class="indexterm" name="id2621834"></a>
+        used only if Group Policy is disabled or unspecified.</span>&#8221;</span>
+        </p></div><div class="sect1" title="Samba System File Location"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387559"></a>Samba System File Location</h2></div></div></div><p><a class="indexterm" name="id387566"></a><a class="indexterm" name="id387574"></a><a class="indexterm" name="id387581"></a>
         One of the frustrations expressed by subscribers to the Samba mailing lists revolves around the choice of where the default Samba Team
         build and installation process locates its Samba files. The location, chosen in the early 1990s, for the default installation is
@@ -84 +84 @@
         Several UNIX vendors, and Linux vendors in particular, elected to locate the Samba files in a location other than the Samba Team
         default. 
-        </p><p><a class="indexterm" name="id2621870"></a><a class="indexterm" name="id2621882"></a><a class="indexterm" name="id2621889"></a><a class="indexterm" name="id2621901"></a><a class="indexterm" name="id2621909"></a><a class="indexterm" name="id2621920"></a><a class="indexterm" name="id2621928"></a><a class="indexterm" name="id2621936"></a><a class="indexterm" name="id2621944"></a><a class="indexterm" name="id2621952"></a><a class="indexterm" name="id2621960"></a><a class="indexterm" name="id2621968"></a><a class="indexterm" name="id2621976"></a><a class="indexterm" name="id2621984"></a><a class="indexterm" name="id2621992"></a><a class="indexterm" name="id2622000"></a>
+        </p><p><a class="indexterm" name="id387612"></a><a class="indexterm" name="id387624"></a><a class="indexterm" name="id387631"></a><a class="indexterm" name="id387643"></a><a class="indexterm" name="id387650"></a><a class="indexterm" name="id387662"></a><a class="indexterm" name="id387670"></a><a class="indexterm" name="id387677"></a><a class="indexterm" name="id387685"></a><a class="indexterm" name="id387693"></a><a class="indexterm" name="id387701"></a><a class="indexterm" name="id387709"></a><a class="indexterm" name="id387717"></a><a class="indexterm" name="id387725"></a><a class="indexterm" name="id387732"></a><a class="indexterm" name="id387740"></a>
         Linux vendors, working in conjunction with the Free Standards Group (FSG), Linux Standards Base (LSB), and File Hierarchy       
         System (FHS), have elected to locate the configuration files under the <code class="filename">/etc/samba</code> directory, common binary
@@ -93 +93 @@
         <code class="filename">/usr/lib/samba</code> directory tree. The files located there include the dynamically loadable modules for the
         passdb backend as well as for the VFS modules.
-        </p><p><a class="indexterm" name="id2622069"></a><a class="indexterm" name="id2622077"></a><a class="indexterm" name="id2622085"></a>
+        </p><p><a class="indexterm" name="id387804"></a><a class="indexterm" name="id387812"></a><a class="indexterm" name="id387820"></a>
         Samba creates runtime control files and generates log files. The runtime control files (tdb and dat files) are stored in
         the <code class="filename">/var/lib/samba</code> directory. Log files are created in <code class="filename">/var/log/samba.</code>
@@ -99 +99 @@
         When Samba is built and installed using the default Samba Team process, all files are located under the 
         <code class="filename">/usr/local/samba</code> directory tree. This makes it simple to find the files that Samba owns.
-        </p><p><a class="indexterm" name="id2622123"></a>
+        </p><p><a class="indexterm" name="id387854"></a>
         One way to find the Samba files that are installed on your UNIX/Linux system is to search for the location
         of all files called <code class="literal">smbd</code>. Here is an example:
@@ -132 +132 @@
         Many people have been caught by installation of Samba using the default Samba Team process when it was already installed
         by the platform vendor's method. If your platform uses RPM format packages, you can check to see if Samba is installed by
-        executing:<a class="indexterm" name="id2622196"></a>
+        executing:<a class="indexterm" name="id387919"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> rpm -qa | grep samba
@@ -144 +144 @@
 samba3-client-3.0.20-1
 samba3-cifsmount-3.0.20-1
-        </pre><p><a class="indexterm" name="id2622219"></a>
+        </pre><p><a class="indexterm" name="id387940"></a>
         The package names, of course, vary according to how the vendor, or the binary package builder, prepared them.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2622232"></a>Starting Samba</h2></div></div></div><p><a class="indexterm" name="id2622239"></a>
+        </p></div><div class="sect1" title="Starting Samba"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387952"></a>Starting Samba</h2></div></div></div><p><a class="indexterm" name="id387958"></a>
         Samba essentially consists of two or three daemons. A daemon is a UNIX application that runs in the background and provides services.
         An example of a service is the Apache Web server for which the daemon is called <code class="literal">httpd</code>. In the case of Samba, there
@@ -187 +187 @@
 exit 0
 </pre></div></div><br class="example-break"><div class="variablelist"><dl><dt><span class="term">nmbd</span></dt><dd><p>
-                        <a class="indexterm" name="id2622312"></a>
-                        <a class="indexterm" name="id2622319"></a>
+                        <a class="indexterm" name="id388017"></a>
+                        <a class="indexterm" name="id388024"></a>
                         This daemon handles all name registration and resolution requests. It is the primary vehicle involved
                         in network browsing. It handles all UDP-based protocols. The <code class="literal">nmbd</code> daemon should
                         be the first command started as part of the Samba startup process.
                         </p></dd><dt><span class="term">smbd</span></dt><dd><p>
-                        <a class="indexterm" name="id2622349"></a>
-                        <a class="indexterm" name="id2622355"></a>
+                        <a class="indexterm" name="id388051"></a>
+                        <a class="indexterm" name="id388058"></a>
                         This daemon handles all TCP/IP-based connection services for file- and print-based operations. It also
                         manages local authentication. It should be started immediately following the startup of <code class="literal">nmbd</code>.
                         </p></dd><dt><span class="term">winbindd</span></dt><dd><p>
-                        <a class="indexterm" name="id2622384"></a>
-                        <a class="indexterm" name="id2622391"></a>
+                        <a class="indexterm" name="id388085"></a>
+                        <a class="indexterm" name="id388092"></a>
                         This daemon should be started when Samba is a member of a Windows NT4 or ADS domain. It is also needed when
                         Samba has trust relationships with another domain. The <code class="literal">winbindd</code> daemon will check the
@@ -253 +253 @@
         exit 1
 esac
-</pre></div></div><br class="example-break"><p><a class="indexterm" name="id2622513"></a>
+</pre></div></div><br class="example-break"><p><a class="indexterm" name="id388184"></a>
         SUSE Linux implements individual control over each Samba daemon. A Samba control script that can be conveniently
         executed from the command line is shown in <a class="link" href="appendix.html#ch12SL" title="Example 15.1. A Useful Samba Control Script for SUSE Linux">&#8220;A Useful Samba Control Script for SUSE Linux&#8221;</a>. This can be located in the directory
         <code class="filename">/sbin</code> in a file called <code class="filename">samba</code>. This type of control script should be
         owned by user root and group root, and set so that only root can execute it.
-        </p><p><a class="indexterm" name="id2622549"></a>
+        </p><p><a class="indexterm" name="id388216"></a>
         A sample startup script for a Red Hat Linux system is shown in <a class="link" href="appendix.html#ch12RHscript" title="Example 15.2. A Sample Samba Control Script for Red Hat Linux">&#8220;A Sample Samba Control Script for Red Hat Linux&#8221;</a>.
         This file could be located in the directory <code class="filename">/etc/rc.d</code> and can be called
@@ -265 +265 @@
         the Samba source code distribution tarball. The packaging files for each platform include a
         startup control file.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2622592"></a>DNS Configuration Files</h2></div></div></div><p>
+        </p></div><div class="sect1" title="DNS Configuration Files"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id388254"></a>DNS Configuration Files</h2></div></div></div><p>
         The following files are common to all DNS server configurations. Rather than repeat them multiple times, they
         are presented here for general reference.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2622604"></a>The Forward Zone File for the Loopback Adaptor</h3></div></div></div><p>
+        </p><div class="sect2" title="The Forward Zone File for the Loopback Adaptor"><div class="titlepage"><div><div><h3 class="title"><a name="id388264"></a>The Forward Zone File for the Loopback Adaptor</h3></div></div></div><p>
         The forward zone file for the loopback address never changes. An example file is shown
         in <a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a>. All traffic destined for an IP address that is hosted on a
@@ -285 +285 @@
                 IN NS           @
                 IN A            127.0.0.1
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2622652"></a>The Reverse Zone File for the Loopback Adaptor</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="The Reverse Zone File for the Loopback Adaptor"><div class="titlepage"><div><div><h3 class="title"><a name="id388308"></a>The Reverse Zone File for the Loopback Adaptor</h3></div></div></div><p>
         The reverse zone file for the loopback address as shown in <a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a>
         is necessary so that references to the address <code class="constant">127.0.0.1</code> can be
@@ -345 +345 @@
 M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
 ; End of File
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2622792"></a>DNS Root Server Hint File</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="DNS Root Server Hint File"><div class="titlepage"><div><div><h3 class="title"><a name="id388408"></a>DNS Root Server Hint File</h3></div></div></div><p>
         The content of the root hints file as shown in <a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a>  changes slowly over time. 
         Periodically this file should be updated from the source shown. Because
           of its size, this file is located at the end of this chapter.
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="altldapcfg"></a>Alternative LDAP Database Initialization</h2></div></div></div><p><a class="indexterm" name="id2622823"></a><a class="indexterm" name="id2622834"></a>
+        </p></div></div><div class="sect1" title="Alternative LDAP Database Initialization"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="altldapcfg"></a>Alternative LDAP Database Initialization</h2></div></div></div><p><a class="indexterm" name="id388437"></a><a class="indexterm" name="id388448"></a>
         The following procedure may be used as an alternative means of configuring
         the initial LDAP database. Many administrators prefer to have greater control
         over how system files get configured.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2622851"></a>Initialization of the LDAP Database</h3></div></div></div><p><a class="indexterm" name="id2622858"></a><a class="indexterm" name="id2622866"></a><a class="indexterm" name="id2622878"></a>
+        </p><div class="sect2" title="Initialization of the LDAP Database"><div class="titlepage"><div><div><h3 class="title"><a name="id388463"></a>Initialization of the LDAP Database</h3></div></div></div><p><a class="indexterm" name="id388470"></a><a class="indexterm" name="id388478"></a><a class="indexterm" name="id388489"></a>
         The first step to get the LDAP server ready for action is to create the LDIF file from
         which the LDAP database will be preloaded. This is necessary to create the containers
@@ -359 +359 @@
         preload the well-known Windows NT Domain Groups, as they must have the correct SID so
         that they can be recognized as special NT Groups by the MS Windows clients.
-        </p><div class="procedure"><a name="ldapinit"></a><p class="title"><b>Procedure 15.2. LDAP Directory Pre-Load Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 15.2. LDAP Directory Pre-Load Steps"><a name="ldapinit"></a><p class="title"><b>Procedure 15.2. LDAP Directory Pre-Load Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Create a directory in which to store the files you use to generate
                 the LDAP LDIF file for your system. Execute the following:
@@ -367 +367 @@
 <code class="prompt">root# </code> chmod 700 /etc/openldap/SambaInit
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Install the files shown in <a class="link" href="appendix.html#sbehap-ldapreconfa" title="Example 15.6. LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh Part A">&#8220;LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh  Part A&#8221;</a>, <a class="link" href="appendix.html#sbehap-ldapreconfb" title="Example 15.7. LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh Part B">&#8220;LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh  Part B&#8221;</a>,
                 and <a class="link" href="appendix.html#sbehap-ldapreconfc" title="Example 15.8. LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh Part C">&#8220;LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh  Part C&#8221;</a> into the directory 
                 <code class="filename">/etc/openldap/SambaInit/SMBLDAP-ldif-preconfig.sh.</code> These three files are,
                 respectively, parts A, B, and C of the <code class="filename">SMBLDAP-ldif-preconfig.sh</code> file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Install the files shown in <a class="link" href="appendix.html#sbehap-ldifpata" title="Example 15.9. LDIF Pattern File Used to Pre-configure LDAP Part A">&#8220;LDIF Pattern File Used to Pre-configure LDAP  Part A&#8221;</a> and <a class="link" href="appendix.html#sbehap-ldifpatb" title="Example 15.10. LDIF Pattern File Used to Pre-configure LDAP Part B">&#8220;LDIF Pattern File Used to Pre-configure LDAP  Part B&#8221;</a> into the directory
                 <code class="filename">/etc/openldap/SambaInit/.</code> These two files are
                 parts A and B, respectively, of the <code class="filename">init-ldif.pat</code> file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Change to the <code class="filename">/etc/openldap/SambaInit</code> directory. Execute the following:
 </p><pre class="screen">
@@ -416 +416 @@
 </pre><p>
                 This creates a file called <code class="filename">MEGANET2.ldif</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 It is now time to preload the LDAP database with the following
                 command:
@@ -467 +467 @@
 entryCSN: 2003121705:57:47Z#0x000a#0#0000
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Your LDAP database is ready for testing. You can now start the LDAP server
                 using the system tool for your Linux operating system. For SUSE Linux, you can
@@ -474 +474 @@
 <code class="prompt">root# </code> rcldap start
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 It is now a good idea to validate that the LDAP server is running correctly.
                 Execute the following:
@@ -706 +706 @@
 displayName: Domain Users
 description: Domain Users
-</pre></div></div><br class="example-break"></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2623411"></a>The LDAP Account Manager</h2></div></div></div><p>
-<a class="indexterm" name="id2623419"></a>
-<a class="indexterm" name="id2623426"></a>
-<a class="indexterm" name="id2623435"></a>
-<a class="indexterm" name="id2623442"></a>
-<a class="indexterm" name="id2623448"></a>
-<a class="indexterm" name="id2623455"></a>
-<a class="indexterm" name="id2623462"></a>
+</pre></div></div><br class="example-break"></div><div class="sect1" title="The LDAP Account Manager"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id388919"></a>The LDAP Account Manager</h2></div></div></div><p>
+<a class="indexterm" name="id388927"></a>
+<a class="indexterm" name="id388934"></a>
+<a class="indexterm" name="id388943"></a>
+<a class="indexterm" name="id388949"></a>
+<a class="indexterm" name="id388956"></a>
+<a class="indexterm" name="id388963"></a>
+<a class="indexterm" name="id388970"></a>
 The LDAP Account Manager (LAM) is an application suite that has been written in PHP.
 LAM can be used with any Web server that has PHP4 support. It connects to the LDAP
@@ -725 +725 @@
 of 2005.
 </p><p>
-<a class="indexterm" name="id2623493"></a>
-<a class="indexterm" name="id2623500"></a>
-<a class="indexterm" name="id2623507"></a>
+<a class="indexterm" name="id388996"></a>
+<a class="indexterm" name="id389003"></a>
+<a class="indexterm" name="id389010"></a>
 Requirements:
-</p><div class="itemizedlist"><ul type="disc"><li><p>A web server that will work with PHP4.</p></li><li><p>PHP4 (available from the <a class="ulink" href="http://www.php.net/" target="_top">PHP</a> home page.)</p></li><li><p>OpenLDAP 2.0 or later.</p></li><li><p>A Web browser that supports CSS.</p></li><li><p>Perl.</p></li><li><p>The gettext package.</p></li><li><p>mcrypt + mhash (optional).</p></li><li><p>It is also a good idea to install SSL support.</p></li></ul></div><p>
+</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A web server that will work with PHP4.</p></li><li class="listitem"><p>PHP4 (available from the <a class="ulink" href="http://www.php.net/" target="_top">PHP</a> home page.)</p></li><li class="listitem"><p>OpenLDAP 2.0 or later.</p></li><li class="listitem"><p>A Web browser that supports CSS.</p></li><li class="listitem"><p>Perl.</p></li><li class="listitem"><p>The gettext package.</p></li><li class="listitem"><p>mcrypt + mhash (optional).</p></li><li class="listitem"><p>It is also a good idea to install SSL support.</p></li></ul></div><p>
 LAM is a useful tool that provides a simple Web-based device that can be used to
 manage the contents of the LDAP directory to:
-<a class="indexterm" name="id2623568"></a>
-<a class="indexterm" name="id2623575"></a>
-<a class="indexterm" name="id2623582"></a>
-</p><div class="itemizedlist"><ul type="disc"><li><p>Display user/group/host and Domain entries.</p></li><li><p>Manage entries (Add/Delete/Edit).</p></li><li><p>Filter and sort entries.</p></li><li><p>Store and use multiple operating profiles.</p></li><li><p>Edit organizational units (OUs).</p></li><li><p>Upload accounts from a file.</p></li><li><p>Is compatible with Samba-2.2.x and Samba-3.</p></li></ul></div><p>
+<a class="indexterm" name="id389067"></a>
+<a class="indexterm" name="id389074"></a>
+<a class="indexterm" name="id389081"></a>
+</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Display user/group/host and Domain entries.</p></li><li class="listitem"><p>Manage entries (Add/Delete/Edit).</p></li><li class="listitem"><p>Filter and sort entries.</p></li><li class="listitem"><p>Store and use multiple operating profiles.</p></li><li class="listitem"><p>Edit organizational units (OUs).</p></li><li class="listitem"><p>Upload accounts from a file.</p></li><li class="listitem"><p>Is compatible with Samba-2.2.x and Samba-3.</p></li></ul></div><p>
 When correctly configured, LAM allows convenient management of UNIX (Posix) and Samba
 user, group, and windows domain member machine accounts.
 </p><p>
-<a class="indexterm" name="id2623636"></a>
-<a class="indexterm" name="id2623643"></a>
-<a class="indexterm" name="id2623650"></a>
-<a class="indexterm" name="id2623656"></a>
-The default password is &#8220;<span class="quote">lam.</span>&#8221; It is highly recommended that you use only 
+<a class="indexterm" name="id389132"></a>
+<a class="indexterm" name="id389139"></a>
+<a class="indexterm" name="id389145"></a>
+<a class="indexterm" name="id389152"></a>
+The default password is <span class="quote">&#8220;<span class="quote">lam.</span>&#8221;</span> It is highly recommended that you use only 
 an SSL connection to your Web server for all remote operations involving LAM. If you 
 want secure connections, you must configure your Apache Web server to permit connections 
 to LAM using only SSL.
-</p><div class="procedure"><a name="sbehap-laminst"></a><p class="title"><b>Procedure 15.3. Apache Configuration Steps for LAM</b></p><ol type="1"><li><p>
+</p><div class="procedure" title="Procedure 15.3. Apache Configuration Steps for LAM"><a name="sbehap-laminst"></a><p class="title"><b>Procedure 15.3. Apache Configuration Steps for LAM</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
         Extract the LAM package by untarring it as shown here:
 </p><pre class="screen">
@@ -756 +756 @@
 <code class="prompt">root# </code> dpkg -i ldap-account-manager_0.4.9.all.deb
 </pre><p>
-        </p></li><li><p>
+        </p></li><li class="step" title="Step 2"><p>
         Copy the extracted files to the document root directory of your Web server.
         For example, on SUSE Linux Enterprise Server 9, copy to the 
         <code class="filename">/srv/www/htdocs</code> directory.
-        </p></li><li><p>
-        <a class="indexterm" name="id2623736"></a>
+        </p></li><li class="step" title="Step 3"><p>
+        <a class="indexterm" name="id389226"></a>
         Set file permissions using the following commands:
 </p><pre class="screen">
@@ -770 +770 @@
 <code class="prompt">root# </code> chmod 755 /srv/www/htdocs/lam/lib/*pl
 </pre><p>
-        </p></li><li><p>
-        <a class="indexterm" name="id2623789"></a>
+        </p></li><li class="step" title="Step 4"><p>
+        <a class="indexterm" name="id389276"></a>
        Using your favorite editor create the following <code class="filename">config.cfg</code>
        LAM configuration file:
@@ -779 +779 @@
 <code class="prompt">root# </code> vi config.cfg
 </pre><p>
-        <a class="indexterm" name="id2623830"></a>
-        <a class="indexterm" name="id2623839"></a>
+        <a class="indexterm" name="id389315"></a>
+        <a class="indexterm" name="id389324"></a>
         An example file is shown in <a class="link" href="appendix.html#lamcfg" title="Example 15.11. Example LAM Configuration File config.cfg">&#8220;Example LAM Configuration File  config.cfg&#8221;</a>.
         This is the minimum configuration that must be completed. The LAM profile
         file can be created using a convenient wizard that is part of the LAM
         configuration suite.
-        </p></li><li><p>
+        </p></li><li class="step" title="Step 5"><p>
         Start your Web server then, using your Web browser, connect to 
         <a class="ulink" href="http://localhost/lam" target="_top">LAM</a> URL. Click on the
@@ -795 +795 @@
         change the settings to match local site needs.
         </p></li></ol></div><p>
-        <a class="indexterm" name="id2623898"></a>
+        <a class="indexterm" name="id389379"></a>
         An example of a working file is shown here in <a class="link" href="appendix.html#lamconf" title="Example 15.12. LAM Profile Control File lam.conf">&#8220;LAM Profile Control File  lam.conf&#8221;</a>.
         This file has been stripped of comments to keep the size small. The comments
@@ -803 +803 @@
         are preferred at your site.
         </p><p>
-        <a class="indexterm" name="id2623921"></a>
+        <a class="indexterm" name="id389399"></a>
         It is important that your LDAP server is running at the time that LAM is 
         being configured. This permits you to validate correct operation.
         An example of the LAM login screen is provided in <a class="link" href="appendix.html#lam-login" title="Figure 15.6. The LDAP Account Manager Login Screen">&#8220;The LDAP Account Manager Login Screen&#8221;</a>.
         </p><div class="figure"><a name="lam-login"></a><p class="title"><b>Figure 15.6. The LDAP Account Manager Login Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-login.png" width="270" alt="The LDAP Account Manager Login Screen"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2623984"></a>
+        <a class="indexterm" name="id389458"></a>
         The LAM configuration editor has a number of options that must be managed correctly.
         An example of use of the LAM configuration editor is shown in <a class="link" href="appendix.html#lam-config" title="Figure 15.7. The LDAP Account Manager Configuration Screen">&#8220;The LDAP Account Manager Configuration Screen&#8221;</a>.
@@ -818 +818 @@
         using LAM to add additional users and groups.
         </p><div class="figure"><a name="lam-config"></a><p class="title"><b>Figure 15.7. The LDAP Account Manager Configuration Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-config.png" width="270" alt="The LDAP Account Manager Configuration Screen"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2624056"></a>
+        <a class="indexterm" name="id389523"></a>
         LAM has some nice, but unusual features. For example, one unexpected feature in most application
         screens permits the generation of a PDF file that lists configuration information. This is a well
@@ -824 +824 @@
         space.
         </p><p>
-        <a class="indexterm" name="id2624071"></a>
+        <a class="indexterm" name="id389536"></a>
         When you log onto LAM the opening screen drops you right into the user manager as shown in
         <a class="link" href="appendix.html#lam-user" title="Figure 15.8. The LDAP Account Manager User Edit Screen">&#8220;The LDAP Account Manager User Edit Screen&#8221;</a>. This is a logical action as it permits the most-needed facility
@@ -838 +838 @@
         memberships. 
         </p><div class="figure"><a name="lam-group"></a><p class="title"><b>Figure 15.9. The LDAP Account Manager Group Edit Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-groups.png" width="270" alt="The LDAP Account Manager Group Edit Screen"></div></div></div><br class="figure-break"><div class="figure"><a name="lam-group-mem"></a><p class="title"><b>Figure 15.10. The LDAP Account Manager Group Membership Edit Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-group-members.png" width="270" alt="The LDAP Account Manager Group Membership Edit Screen"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2624251"></a><a class="indexterm" name="id2624256"></a>
+        <a class="indexterm" name="id389704"></a><a class="indexterm" name="id389710"></a>
         The final screen presented here is one that you should not normally need to use. Host accounts will
         be automatically managed using the smbldap-tools scripts. This means that the screen <a class="link" href="appendix.html#lam-host" title="Figure 15.11. The LDAP Account Manager Host Edit Screen">&#8220;The LDAP Account Manager Host Edit Screen&#8221;</a>
@@ -884 +884 @@
 cachetimeout: 5
 pwdhash: SSHA
-</pre></div></div><br class="example-break"></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2624406"></a>IDEALX Management Console</h2></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect1" title="IDEALX Management Console"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id389839"></a>IDEALX Management Console</h2></div></div></div><p>
         IMC (the IDEALX Mamagement Console) is a tool that can be used as the basis for a comprehensive
         web-based management interface for UNIX and Linux systems.
@@ -898 +898 @@
         For further information regarding IMC refer to the web <a class="ulink" href="http://imc.sourceforge.net/" target="_top">site.</a>
         Prebuilt RPM packages are also <a class="ulink" href="http://imc.sourceforge.net/download.html" target="_top">available.</a>
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12-SUIDSGID"></a>Effect of Setting File and Directory SUID/SGID Permissions Explained</h2></div></div></div><a class="indexterm" name="id2624512"></a><a class="indexterm" name="id2624519"></a><p>
+        </p></div><div class="sect1" title="Effect of Setting File and Directory SUID/SGID Permissions Explained"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12-SUIDSGID"></a>Effect of Setting File and Directory SUID/SGID Permissions Explained</h2></div></div></div><a class="indexterm" name="id389935"></a><a class="indexterm" name="id389942"></a><p>
         The setting of the SUID/SGID bits on the file or directory permissions flag has particular
         consequences. If the file is executable and the SUID bit is set, it executes with the privilege
@@ -968 +968 @@
 drw-rw-r--    2 bobj     Domain Users  12346 Dec 18 18:11 maryvfile.txt
 </pre><p>
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12dblck"></a>Shared Data Integrity</h2></div></div></div><p><a class="indexterm" name="id2624750"></a><a class="indexterm" name="id2624757"></a>
+        </p></div><div class="sect1" title="Shared Data Integrity"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12dblck"></a>Shared Data Integrity</h2></div></div></div><p><a class="indexterm" name="id390147"></a><a class="indexterm" name="id390155"></a>
         The integrity of shared data is often viewed as a particularly emotional issue, especially where
         there are concurrent problems with multiuser data access. Contrary to the assertions of some who have
@@ -974 +974 @@
         </p><p>
         The solution to concurrent multiuser data access problems must consider three separate areas
-        from which the problem may stem:<a class="indexterm" name="id2624781"></a><a class="indexterm" name="id2624792"></a><a class="indexterm" name="id2624803"></a>
-        </p><div class="itemizedlist"><ul type="disc"><li><p>application-level locking controls</p></li><li><p>client-side locking controls</p></li><li><p>server-side locking controls</p></li></ul></div><p><a class="indexterm" name="id2624836"></a><a class="indexterm" name="id2624844"></a>
+        from which the problem may stem:<a class="indexterm" name="id390175"></a><a class="indexterm" name="id390186"></a><a class="indexterm" name="id390197"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>application-level locking controls</p></li><li class="listitem"><p>client-side locking controls</p></li><li class="listitem"><p>server-side locking controls</p></li></ul></div><p><a class="indexterm" name="id390229"></a><a class="indexterm" name="id390237"></a>
         Many database applications use some form of application-level access control. An example of one
         well-known application that uses application-level locking is Microsoft Access. Detailed guidance
         is provided here because this is the most common application for which problems have been reported.
-        </p><p><a class="indexterm" name="id2624860"></a><a class="indexterm" name="id2624868"></a>
+        </p><p><a class="indexterm" name="id390251"></a><a class="indexterm" name="id390259"></a>
         Common applications that are affected by client- and server-side locking controls include MS
         Excel and Act!. Important locking guidance is provided here.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2624881"></a>Microsoft Access</h3></div></div></div><p>
+        </p><div class="sect2" title="Microsoft Access"><div class="titlepage"><div><div><h3 class="title"><a name="id390270"></a>Microsoft Access</h3></div></div></div><p>
         The best advice that can be given is to carefully read the Microsoft knowledgebase articles that
         cover this area. Examples of relevant documents include:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;208778</p></li><li><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;299373</p></li></ul></div><p><a class="indexterm" name="id2624908"></a><a class="indexterm" name="id2624919"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;208778</p></li><li class="listitem"><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;299373</p></li></ul></div><p><a class="indexterm" name="id390294"></a><a class="indexterm" name="id390306"></a>
         Make sure that your MS Access database file is configured for multiuser access (not set for 
         exclusive open). Open MS Access on each client workstation, then set the following: <span class="guimenu">(Menu bar) Tools</span>+<span class="guimenu">Options</span>+<span class="guimenu">[tab] General</span>.  Set network path to Default database folder: <code class="filename">\\server\share\folder</code>.
         </p><p>
         You can configure MS Access file sharing behavior as follows: click <span class="guimenu">[tab] Advanced</span>.
-          Set:<a class="indexterm" name="id2624970"></a>
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Default open mode: Shared</p></li><li><p>Default Record Locking: Edited Record</p></li><li><p>Open databases using record_level locking</p></li></ul></div><p><a class="indexterm" name="id2625000"></a>
+          Set:<a class="indexterm" name="id390353"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Default open mode: Shared</p></li><li class="listitem"><p>Default Record Locking: Edited Record</p></li><li class="listitem"><p>Open databases using record_level locking</p></li></ul></div><p><a class="indexterm" name="id390382"></a>
         You must now commit the changes so that they will take effect. To do so, click 
         <span class="guimenu">Apply</span><span class="guimenu">Ok</span>. At this point, you should exit MS Access, restart 
         it, and then validate that these settings have not changed.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2625028"></a>Act! Database Sharing</h3></div></div></div><p><a class="indexterm" name="id2625035"></a><a class="indexterm" name="id2625043"></a>
+        </p></div><div class="sect2" title="Act! Database Sharing"><div class="titlepage"><div><div><h3 class="title"><a name="id390409"></a>Act! Database Sharing</h3></div></div></div><p><a class="indexterm" name="id390415"></a><a class="indexterm" name="id390423"></a>
         Where the server sharing the ACT! database(s) is running Samba,or Windows NT, 200x, or XP, you 
         must disable opportunistic locking on the server and all workstations. Failure to do so
@@ -1003 +1003 @@
         as well as from article
         <a class="ulink" href="http://itdomino.saleslogix.com/act.nsf/docid/200110485036" target="_top">200110485036</a>.
-        </p><p><a class="indexterm" name="id2625073"></a><a class="indexterm" name="id2625081"></a>
+        </p><p><a class="indexterm" name="id390449"></a><a class="indexterm" name="id390457"></a>
         These documents clearly state that opportunistic locking must be disabled on both
         the server (Samba in the case we are interested in here), as well as on every workstation
@@ -1011 +1011 @@
         Registered Act! users may download this utility from the Act! Web 
         <a class="ulink" href="http://www.act.com/support/updates/index.cfm" target="_top">site.</a>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2625113"></a>Opportunistic Locking Controls</h3></div></div></div><p><a class="indexterm" name="id2625120"></a>
+        </p></div><div class="sect2" title="Opportunistic Locking Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id390484"></a>Opportunistic Locking Controls</h3></div></div></div><p><a class="indexterm" name="id390491"></a>
         Third-party Windows applications may not be compatible with the use of opportunistic file
-        and record locking. For applications that are known not to be compatible,<sup>[<a name="id2625132" href="#ftn.id2625132" class="footnote">14</a>]</sup> oplock
+        and record locking. For applications that are known not to be compatible,<sup>[<a name="id390501" href="#ftn.id390501" class="footnote">14</a>]</sup> oplock
         support may need to be disabled both on the Samba server and on the Windows workstations.
-        </p><p><a class="indexterm" name="id2625147"></a><a class="indexterm" name="id2625155"></a><a class="indexterm" name="id2625163"></a>
+        </p><p><a class="indexterm" name="id390512"></a><a class="indexterm" name="id390520"></a><a class="indexterm" name="id390528"></a>
         Oplocks enable a Windows client to cache parts of a file that are being
         edited. Another windows client may then request to open the file with the
@@ -1022 +1022 @@
         doing so, that workstation must flush the file from cache memory to the
         disk or network drive.
-        </p><p><a class="indexterm" name="id2625184"></a>
+        </p><p><a class="indexterm" name="id390546"></a>
         Disabling of Oplocks usage may require server and client changes.
         Oplocks may be disabled by file, by file pattern, on the share, or on the
@@ -1058 +1058 @@
         Comprehensive coverage of file and record-locking controls is provided in TOSHARG2, Chapter 13.
         The information in that chapter was obtained from a wide variety of sources.
-        </p></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2625132" href="#id2625132" class="para">14</a>] </sup>Refer to
+        </p></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id390501" href="#id390501" class="para">14</a>] </sup>Refer to
         the application manufacturer's installation guidelines and knowledge base for specific
         information regarding compatibility. It is often safe to assume that if the software

trunk/server/docs/htmldocs/Samba3-ByExample/ch14.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. Samba Support</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"><link rel="next" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. Samba Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="HA.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="appendix.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title"><a name="id2620743"></a>Chapter 14. Samba Support</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ch14.html#id2620874">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id2621092">Commercial Support</a></span></dt></dl></div><p>
-<a class="indexterm" name="id2620752"></a>
-One of the most difficult to answer questions in the information technology industry is, &#8220;<span class="quote">What is
-support?</span>&#8221;. That question irritates some folks, as much as common answers may annoy others.
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. Samba Support</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"><link rel="next" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. Samba Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="HA.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="appendix.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="chapter" title="Chapter 14. Samba Support"><div class="titlepage"><div><div><h2 class="title"><a name="id386581"></a>Chapter 14. Samba Support</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ch14.html#id386696">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id386894">Commercial Support</a></span></dt></dl></div><p>
+<a class="indexterm" name="id386590"></a>
+One of the most difficult to answer questions in the information technology industry is, <span class="quote">&#8220;<span class="quote">What is
+support?</span>&#8221;</span>. That question irritates some folks, as much as common answers may annoy others.
 </p><p>
-<a class="indexterm" name="id2620769"></a>
+<a class="indexterm" name="id386604"></a>
 The most aggravating situation pertaining to support is typified when, as a Linux user, a call is made to
 an Internet service provider who, instead of listening to the problem to find a solution, blandly replies:
-&#8220;<span class="quote">Oh, Linux? We do not support Linux!</span>&#8221;. It has happened to me, and similar situations happen
+<span class="quote">&#8220;<span class="quote">Oh, Linux? We do not support Linux!</span>&#8221;</span>. It has happened to me, and similar situations happen
 through-out the IT industry. Answers like that are designed to inform us that there are some customers
 that a business just does not want to deal with, and well may we feel the anguish of the rejection that 
@@ -16 +16 @@
 inconvenience, loss of productivity, disorientation, uncertainty, and real or perceived risk.
 </p><p>
-<a class="indexterm" name="id2620800"></a>
-<a class="indexterm" name="id2620807"></a>
-<a class="indexterm" name="id2620814"></a>
+<a class="indexterm" name="id386628"></a>
+<a class="indexterm" name="id386635"></a>
+<a class="indexterm" name="id386642"></a>
 One of the forces that has become a driving force for the adoption of open source software is the fact that
 many IT businesses have provided services that have perhaps failed to deliver what the customer expected, or
 that have been found wanting for other reasons.
 </p><p>
-<a class="indexterm" name="id2620828"></a>
-<a class="indexterm" name="id2620835"></a>
+<a class="indexterm" name="id386654"></a>
+<a class="indexterm" name="id386661"></a>
 In recognition of the need for needs satisfaction as the primary experience an information technology user or
 consumer expects, the information provided in this chapter may help someone to avoid an unpleasant experience
 in respect of problem resolution.
 </p><p>
-<a class="indexterm" name="id2620850"></a>
-<a class="indexterm" name="id2620857"></a>
-<a class="indexterm" name="id2620864"></a>
+<a class="indexterm" name="id386673"></a>
+<a class="indexterm" name="id386680"></a>
+<a class="indexterm" name="id386687"></a>
 In the open source software arena there are two support options: free support and paid-for (commercial)
 support.
-</p><div class="sect1" lang="en-US"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2620874"></a>Free Support</h2></div></div></div><p>
-<a class="indexterm" name="id2620881"></a>
-<a class="indexterm" name="id2620888"></a>
-<a class="indexterm" name="id2620895"></a>
-<a class="indexterm" name="id2620902"></a>
-<a class="indexterm" name="id2620909"></a>
-<a class="indexterm" name="id2620916"></a>
+</p><div class="sect1" title="Free Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386696"></a>Free Support</h2></div></div></div><p>
+<a class="indexterm" name="id386704"></a>
+<a class="indexterm" name="id386710"></a>
+<a class="indexterm" name="id386717"></a>
+<a class="indexterm" name="id386724"></a>
+<a class="indexterm" name="id386731"></a>
+<a class="indexterm" name="id386738"></a>
         Free support may be obtained from friends, colleagues, user groups, mailing lists, and interactive help
         facilities. An example of an interactive dacility is the Internet relay chat (IRC) channels that host user
         supported mutual assistance.
         </p><p>
-<a class="indexterm" name="id2620930"></a>
-<a class="indexterm" name="id2620937"></a>
-<a class="indexterm" name="id2620944"></a>
-<a class="indexterm" name="id2620951"></a>
-<a class="indexterm" name="id2620958"></a>
+<a class="indexterm" name="id386750"></a>
+<a class="indexterm" name="id386756"></a>
+<a class="indexterm" name="id386763"></a>
+<a class="indexterm" name="id386770"></a>
+<a class="indexterm" name="id386777"></a>
         The Samba project maintains a mailing list that is commonly used to discuss solutions to Samba deployments.
         Information regarding subscription to the Samba mailing list can be found on the Samba <a class="ulink" href="https://lists.samba.org/mailman/" target="_top">web</a> site. The public mailing list that can be used to obtain
@@ -56 +56 @@
         the Samba <a class="ulink" href="http://www.samba.org/samba.irc.html" target="_top">IRC</a> web page.
         </p><p>
-<a class="indexterm" name="id2620999"></a>
-<a class="indexterm" name="id2621006"></a>
-<a class="indexterm" name="id2621013"></a>
-<a class="indexterm" name="id2621020"></a>
+<a class="indexterm" name="id386814"></a>
+<a class="indexterm" name="id386821"></a>
+<a class="indexterm" name="id386828"></a>
+<a class="indexterm" name="id386834"></a>
         As a general rule, it is considered poor net behavior to contact a Samba Team member directly
         for free support. Most active members of the Samba Team work exceptionally long hours to assist
@@ -67 +67 @@
         to show appropriate discretion and reservation in all direct contact.
         </p><p>
-<a class="indexterm" name="id2621040"></a>
-<a class="indexterm" name="id2621046"></a>
-<a class="indexterm" name="id2621053"></a>
+<a class="indexterm" name="id386849"></a>
+<a class="indexterm" name="id386856"></a>
+<a class="indexterm" name="id386863"></a>
         When you stumble across a Samba bug, often the quickest way to get it resolved is by posting
         a bug <a class="ulink" href="https://bugzilla.samba.org/" target="_top">report</a>. All such reports are mailed to
@@ -77 +77 @@
         that will permit the problem to be reproduced.
         </p><p>
-<a class="indexterm" name="id2621078"></a>
+<a class="indexterm" name="id386883"></a>
         We all recognize that sometimes free support does not provide the answer that is sought within
         the time-frame required. At other times the problem is elusive and you may lack the experience
         necessary to isolate the problem and thus to resolve it. This is a situation where is may be
         prudent to purchase paid-for support.
-        </p></div><div class="sect1" lang="en-US"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2621092"></a>Commercial Support</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Commercial Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386894"></a>Commercial Support</h2></div></div></div><p>
         There are six basic support oriented services that are most commonly sought by Samba sites:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Assistance with network design</p></li><li><p>Staff Training</p></li><li><p>Assistance with Samba network deployment and installation</p></li><li><p>Priority telephone or email Samba configuration assistance</p></li><li><p>Trouble-shooting and diagnostic assistance</p></li><li><p>Provision of quality assured ready-to-install Samba binary packages</p></li></ul></div><p>
-<a class="indexterm" name="id2621139"></a>
-<a class="indexterm" name="id2621146"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Assistance with network design</p></li><li class="listitem"><p>Staff Training</p></li><li class="listitem"><p>Assistance with Samba network deployment and installation</p></li><li class="listitem"><p>Priority telephone or email Samba configuration assistance</p></li><li class="listitem"><p>Trouble-shooting and diagnostic assistance</p></li><li class="listitem"><p>Provision of quality assured ready-to-install Samba binary packages</p></li></ul></div><p>
+<a class="indexterm" name="id386938"></a>
+<a class="indexterm" name="id386945"></a>
         Information regarding companies that provide professional Samba support can be obtained by performing a Google
         search, as well as by reference to the Samba <a class="ulink" href="http://www.samba.org/samba/support.html" target="_top">Support</a> web page. Companies who notify the Samba Team
@@ -94 +94 @@
         them.
         </p><p>
-<a class="indexterm" name="id2621172"></a>
+<a class="indexterm" name="id386966"></a>
         The policy within the Samba Team is to treat all commercial support providers equally and to show no
         preference. As a result, Samba Team members who provide commercial support are lumped in with everyone else.
@@ -100 +100 @@
         is pro-community; so do what you can to help a local business to prosper.
         </p><p>
-<a class="indexterm" name="id2621195"></a>
+<a class="indexterm" name="id386982"></a>
         Open source software support can be found in any quality, at any price and in any place you can
         to obtain it. Over 180 companies around the world provide Samba support, there is no excuse for

trunk/server/docs/htmldocs/Samba3-ByExample/go01.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Glossary</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="apa.html" title="Appendix A.  GNU General Public License version 3"><link rel="next" href="ix01.html" title="Index"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Glossary</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apa.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr></table><hr></div><div class="glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id2630241"></a>Glossary</h2></div></div></div><dl><dt>Access Control List</dt><dd><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Glossary</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="apa.html" title="Appendix A.  GNU General Public License version 3"><link rel="next" href="ix01.html" title="Index"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Glossary</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apa.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr></table><hr></div><div class="glossary" title="Glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id394912"></a>Glossary</h2></div></div></div><dl><dt>Access Control List</dt><dd><p>
                 A detailed list of permissions granted to users or groups with respect to file and network
                 resource access.
@@ -12 +12 @@
                 to CIFS, an additional dialect of the SMB protocol was in development. The need for the
                 deployment of the NetBIOS layer was also removed, thus paving the way for use of the SMB
-                protocol natively over TCP/IP (known as NetBIOS-less SMB or &#8220;<span class="quote">naked</span>&#8221; TCP
+                protocol natively over TCP/IP (known as NetBIOS-less SMB or <span class="quote">&#8220;<span class="quote">naked</span>&#8221;</span> TCP
                 transport).
                 </p></dd><dt>Common UNIX Printing System</dt><dd><p>
@@ -97 +97 @@
                 binary encodings in a platform-independent manner. Samba has support for SPNEGO.
                 </p></dd><dt>The Official Samba-3 HOWTO and Reference Guide, Second Edition</dt><dd><p>
-                This book makes repeated reference to &#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide, Second
-                Edition</span>&#8221; by John H. Terpstra and Jelmer R. Vernooij. This publication is available from
+                This book makes repeated reference to <span class="quote">&#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide, Second
+                Edition</span>&#8221;</span> by John H. Terpstra and Jelmer R. Vernooij. This publication is available from
                 Amazon.com. Publisher: Prentice Hall PTR (August 2005),
                 ISBN: 013122282.
@@ -112 +112 @@
                 <a class="ulink" href="http://www.wireshark.org" target="_top">the Wireshark Web site</a>.
                 </p></dd></dl></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="apa.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Appendix A. 
-    GNU General Public License version 3
+    <acronym class="acronym">GNU</acronym> General Public License version 3
    </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Index</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/happy.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Making Happy Users</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="Big500users.html" title="Chapter 4. The 500-User Office"><link rel="next" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Making Happy Users</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Big500users.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="net2000users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="happy"></a>Chapter 5. Making Happy Users</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id2571164">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571262">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2571399">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571856">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573730">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573745">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2573925">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id2580771">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2580791">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id2580886">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581130">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581241">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2581375">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582445">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583127">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583163">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2583197">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id2583303">Questions and Answers</a></span></dt></dl></div><p>
-        It is said that &#8220;<span class="quote">a day that is without troubles is not fulfilling.  Rather, give 
-        me a day of troubles well handled so that I can be content with my achievements.</span>&#8221;
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Making Happy Users</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="Big500users.html" title="Chapter 4. The 500-User Office"><link rel="next" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Making Happy Users</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Big500users.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="net2000users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 5. Making Happy Users"><div class="titlepage"><div><div><h2 class="title"><a name="happy"></a>Chapter 5. Making Happy Users</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id341463">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id341540">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id341668">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id342070">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343725">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343737">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id343908">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id350178">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id350194">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id350283">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id350512">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id350609">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350723">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id352365">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id352391">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id352420">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id352508">Questions and Answers</a></span></dt></dl></div><p>
+        It is said that <span class="quote">&#8220;<span class="quote">a day that is without troubles is not fulfilling.  Rather, give 
+        me a day of troubles well handled so that I can be content with my achievements.</span>&#8221;</span>
         </p><p>
         In the world of computer networks, problems are as varied as the people who create them
@@ -7 +7 @@
         may create problems for some network users. The following lists some of the problems that
         may occur:
-        </p><a class="indexterm" name="id2570600"></a><a class="indexterm" name="id2570606"></a><a class="indexterm" name="id2570616"></a><a class="indexterm" name="id2570622"></a><a class="indexterm" name="id2570629"></a><div class="caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p>
+        </p><a class="indexterm" name="id340972"></a><a class="indexterm" name="id340978"></a><a class="indexterm" name="id340987"></a><a class="indexterm" name="id340994"></a><a class="indexterm" name="id341000"></a><div class="caution" title="Caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p>
 A significant number of network administrators have responded to the guidance given
 here. It should be noted that there are sites that have a single PDC for many hundreds of
@@ -20 +20 @@
 clients is conservative and if followed will minimize problems  but it is not absolute.
 </p></div><div class="variablelist"><dl><dt><span class="term">Users experiencing difficulty logging onto the network</span></dt><dd><p>
-                <a class="indexterm" name="id2570674"></a>
-                <a class="indexterm" name="id2570684"></a>
+                <a class="indexterm" name="id341038"></a>
+                <a class="indexterm" name="id341046"></a>
                 When a Windows client logs onto the network, many data packets are exchanged
                 between the client and the server that is providing the network logon services.
@@ -31 +31 @@
                 characteristics. 
                 </p><p>
-                <a class="indexterm" name="id2570704"></a>
-                <a class="indexterm" name="id2570710"></a>
-                <a class="indexterm" name="id2570717"></a>
+                <a class="indexterm" name="id341061"></a>
+                <a class="indexterm" name="id341068"></a>
+                <a class="indexterm" name="id341074"></a>
                 If the domain controller provides only network logon services
                 and all file and print activity is handled by domain member servers, one domain 
@@ -47 +47 @@
                 the Samba server as well as network bandwidth utilization.
                 </p></dd><dt><span class="term">Slow logons and log-offs</span></dt><dd><p>
-                <a class="indexterm" name="id2570750"></a>
+                <a class="indexterm" name="id341100"></a>
                 Slow logons and log-offs may be caused by many factors that include:
 
-                        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                                <a class="indexterm" name="id2570764"></a>
-                                <a class="indexterm" name="id2570776"></a>
+                        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                                <a class="indexterm" name="id341113"></a>
+                                <a class="indexterm" name="id341125"></a>
                                 Excessive delays in the resolution of a NetBIOS name to its IP
                                 address. This may be observed when an overloaded domain controller 
                                 is also the WINS server. Another cause may be the failure to use
                                 a WINS server (this assumes that there is a single network segment).
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570794"></a>
-                                <a class="indexterm" name="id2570801"></a>
-                                <a class="indexterm" name="id2570808"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id341141"></a>
+                                <a class="indexterm" name="id341147"></a>
+                                <a class="indexterm" name="id341154"></a>
                                 Network traffic collisions due to overloading of the network
                                 segment. One short-term workaround to this may be to replace
                                 network HUBs with Ethernet switches.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570822"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id341167"></a>
                                 Defective networking hardware. Over the past few years, we have seen
                                 on the Samba mailing list a significant increase in the number of
@@ -72 +72 @@
                                 it was the erratic nature of the problem that ultimately pointed to
                                 the cause of the problem.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570843"></a>
-                                <a class="indexterm" name="id2570852"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id341184"></a>
+                                <a class="indexterm" name="id341193"></a>
                                 Excessively large roaming profiles. This type of problem is typically
                                 the result of poor user education as well as poor network management.
@@ -81 +81 @@
                                 These are old bad habits that require much discipline and vigilance
                                 on the part of network management.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570872"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id341210"></a>
                                 You should verify that the Windows XP WebClient service is not running.
                                 The use of the WebClient service has been implicated in many Windows
@@ -90 +90 @@
                 Loss of access to network resources during client operation may be caused by a number
                 of factors, including:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                                <a class="indexterm" name="id2570905"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                                <a class="indexterm" name="id341240"></a>
                                 Network overload (typically indicated by a high network collision rate)
-                                </p></li><li><p>
+                                </p></li><li class="listitem"><p>
                                 Server overload
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570924"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id341258"></a>
                                 Timeout causing the client to close a connection that is in use but has
                                 been latent (no traffic) for some time (5 minutes or more)
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2570940"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id341273"></a>
                                 Defective networking hardware
                                 </p></li></ul></div><p>
-                <a class="indexterm" name="id2570955"></a>
+                <a class="indexterm" name="id341287"></a>
                 No matter what the cause, a sudden loss of access to network resources can
                 result in BSOD (blue screen of death) situations that necessitate rebooting of the client
@@ -110 +110 @@
                 problem, data corruption.
                 </p></dd><dt><span class="term">Potential data corruption</span></dt><dd><p>
-                <a class="indexterm" name="id2570988"></a>
+                <a class="indexterm" name="id341314"></a>
                 Data corruption is one of the most serious problems. It leads to uncertainty, anger, and 
                 frustration, and generally precipitates immediate corrective demands. Management response
@@ -124 +124 @@
         methods to improve the reliability of your network environment, but be warned that all such steps
         demand the price of complexity.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571022"></a>Regarding LDAP Directories and Windows Computer Accounts</h2></div></div></div><p>
-        <a class="indexterm" name="id2571030"></a>
+        </p><div class="sect1" title="Regarding LDAP Directories and Windows Computer Accounts"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id341339"></a>Regarding LDAP Directories and Windows Computer Accounts</h2></div></div></div><p>
+        <a class="indexterm" name="id341347"></a>
         Computer (machine) accounts can be placed wherever you like in an LDAP directory subject to some 
         constraints that are described in this section.
         </p><p>
-        <a class="indexterm" name="id2571045"></a>
-        <a class="indexterm" name="id2571052"></a>
-        <a class="indexterm" name="id2571059"></a>
-        <a class="indexterm" name="id2571066"></a>
+        <a class="indexterm" name="id341361"></a>
+        <a class="indexterm" name="id341367"></a>
+        <a class="indexterm" name="id341374"></a>
+        <a class="indexterm" name="id341381"></a>
         The POSIX and SambaSAMAccount components of computer (machine) accounts are both used by Samba. 
         That is, machine  accounts are treated inside Samba in the same way that Windows NT4/200X treats 
@@ -138 +138 @@
         the machine account ends in a $ character, as do trust accounts.
         </p><p>
-        <a class="indexterm" name="id2571082"></a>
-        <a class="indexterm" name="id2571089"></a>
+        <a class="indexterm" name="id341394"></a>
+        <a class="indexterm" name="id341401"></a>
         The need for Windows user, group, machine, trust, and other such accounts to be tied to a valid UNIX UID
         is a design decision that was made a long way back in the history of Samba development. It is 
@@ -145 +145 @@
         Samba-3.x series. 
         </p><p>
-        <a class="indexterm" name="id2571104"></a>
-        <a class="indexterm" name="id2571110"></a>
+        <a class="indexterm" name="id341414"></a>
+        <a class="indexterm" name="id341420"></a>
         The resolution of a UID from the Windows SID is achieved within Samba through a mechanism that
         must refer back to the host operating system on which Samba is running. The name service
@@ -152 +152 @@
         need to know everything about every host OS it runs on.
         </p><p>
-        Samba asks the host OS to provide a UID via the &#8220;<span class="quote">passwd</span>&#8221;, &#8220;<span class="quote">shadow</span>&#8221;
-        and &#8220;<span class="quote">group</span>&#8221; facilities in the NSS control (configuration) file. The best tool
+        Samba asks the host OS to provide a UID via the <span class="quote">&#8220;<span class="quote">passwd</span>&#8221;</span>, <span class="quote">&#8220;<span class="quote">shadow</span>&#8221;</span>
+        and <span class="quote">&#8220;<span class="quote">group</span>&#8221;</span> facilities in the NSS control (configuration) file. The best tool
         for achieving this is left up to the UNIX administrator to determine. It is not imposed by
         Samba. Samba provides winbindd together with its support libraries as one method. It is
@@ -159 +159 @@
         all account entities can be located in an LDAP directory.
         </p><p>
-        <a class="indexterm" name="id2571148"></a>
+        <a class="indexterm" name="id341451"></a>
         For many the weapon of choice is to use the PADL nss_ldap utility. This utility must
         be configured so that computer accounts can be resolved to a POSIX/UNIX account UID. That
@@ -165 +165 @@
         in the documentation is directed at providing working examples only. The design
         of an LDAP directory is a complex subject that is beyond the scope of this documentation.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571164"></a>Introduction</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id341463"></a>Introduction</h2></div></div></div><p>
         You just opened an email from Christine that reads:
         </p><p>
@@ -194 +194 @@
         </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Christine</span></td></tr></table></div><p>
         </p><p>
-        <a class="indexterm" name="id2571226"></a>      
-        <a class="indexterm" name="id2571233"></a>
+        <a class="indexterm" name="id341510"></a>       
+        <a class="indexterm" name="id341517"></a>
         Every compromise has consequences. Having a large routed (i.e., multisegment) network with only a
         single domain controller is a poor design that has obvious operational effects that may
@@ -205 +205 @@
         Please let Stan know what the estimated cost will be so I can approve the expense. Do not wait
         for approval; I appreciate the urgency.
-        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Bob</span></td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2571262"></a>Assignment Tasks</h3></div></div></div><p>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Bob</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id341540"></a>Assignment Tasks</h3></div></div></div><p>
                 The priority of assigned tasks in this chapter is:
-                </p><div class="orderedlist"><ol type="1"><li><p>
-                        <a class="indexterm" name="id2571282"></a>
-                        <a class="indexterm" name="id2571291"></a>
-                        <a class="indexterm" name="id2571297"></a>
-                        <a class="indexterm" name="id2571304"></a><a class="indexterm" name="id2571310"></a>
+                </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
+                        <a class="indexterm" name="id341559"></a>
+                        <a class="indexterm" name="id341568"></a>
+                        <a class="indexterm" name="id341575"></a>
+                        <a class="indexterm" name="id341582"></a><a class="indexterm" name="id341587"></a>
                         Implement Backup Domain Controllers (BDCs) in each building. This involves
                         a change from a <span class="emphasis"><em>tdbsam</em></span> backend that was used in the previous
@@ -217 +217 @@
                         </p><p>
                         You can implement a single central LDAP server for this purpose.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2571332"></a>
-                        <a class="indexterm" name="id2571339"></a>
-                        <a class="indexterm" name="id2571346"></a>
-                        <a class="indexterm" name="id2571353"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id341608"></a>
+                        <a class="indexterm" name="id341614"></a>
+                        <a class="indexterm" name="id341621"></a>
+                        <a class="indexterm" name="id341628"></a>
                         Rectify the problem of excessive logon times. This involves redirection of
                         folders to network shares as well as modification of all user desktops to
@@ -227 +227 @@
                         create a new default profile that can be used for all new users.
                         </p></li></ol></div><p>
-                <a class="indexterm" name="id2571372"></a>
+                <a class="indexterm" name="id341644"></a>
                 You configure a new MS Windows XP Professional workstation disk image that you roll out
                 to all desktop users. The instructions you have created are followed on a staging machine
                 from which all changes can be carefully tested before inflicting them on your network users.
                 </p><p>
-                <a class="indexterm" name="id2571386"></a>
+                <a class="indexterm" name="id341657"></a>
                 This is the last network example in which specific mention of printing is made. The example
                 again makes use of the CUPS printing system.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571399"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2571407"></a>
-        <a class="indexterm" name="id2571413"></a>
-        <a class="indexterm" name="id2571420"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id341668"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id341676"></a>
+        <a class="indexterm" name="id341682"></a>
+        <a class="indexterm" name="id341689"></a>
         The implementation of Samba BDCs necessitates the installation and configuration of LDAP.
         For this site, you use OpenLDAP, the open source software LDAP server platform. Commercial
         LDAP servers in current use with Samba-3 include:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2571438"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id341704"></a>
                 Novell <a class="ulink" href="http://www.novell.com/products/edirectory/" target="_top">eDirectory</a>
                 is being successfully used by some sites. Information on how to use eDirectory can be
                 obtained from the Samba mailing lists or from Novell.
-                </p></li><li><p>
-                <a class="indexterm" name="id2571458"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id341723"></a>
                 IBM <a class="ulink" href="http://www-306.ibm.com/software/tivoli/products/directory-server/" target="_top">Tivoli 
                 Directory Server</a> can be used to provide the Samba LDAP backend. Example schema 
                 files are provided in the Samba source code tarball under the directory 
                 <code class="filename">~samba/example/LDAP.</code>
-                </p></li><li><p>
-                <a class="indexterm" name="id2571485"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id341748"></a>
                 Sun <a class="ulink" href="http://www.sun.com/software/software/products/identity_srvr/home_identity.xml" target="_top">ONE Identity 
                 Server product suite</a> provides an LDAP server that can be used for Samba.
@@ -265 +265 @@
         help you to get OpenLDAP and Samba-3 running as required, albeit with some learning curve challenges.
         </p><p>
-        <a class="indexterm" name="id2571522"></a>
+        <a class="indexterm" name="id341780"></a>
         For most sites, the deployment of Microsoft Active Directory from the shrink-wrapped installation is quite
         adequate. If you are migrating from Microsoft Active Directory, be warned that OpenLDAP does not include
@@ -271 +271 @@
         requires an understanding of what you are doing, why you are doing it, and the tools that you must use.
         </p><p>
-        <a class="indexterm" name="id2571540"></a>
-        <a class="indexterm" name="id2571547"></a>
-        <a class="indexterm" name="id2571554"></a>
-        <a class="indexterm" name="id2571563"></a>
-        <a class="indexterm" name="id2571572"></a>
-        <a class="indexterm" name="id2571579"></a>
-        <a class="indexterm" name="id2571588"></a>
+        <a class="indexterm" name="id341793"></a>
+        <a class="indexterm" name="id341800"></a>
+        <a class="indexterm" name="id341807"></a>
+        <a class="indexterm" name="id341816"></a>
+        <a class="indexterm" name="id341825"></a>
+        <a class="indexterm" name="id341832"></a>
+        <a class="indexterm" name="id341841"></a>
         When installed and configured, an OpenLDAP Identity Management backend for Samba functions well. 
         High availability operation may be obtained through directory replication/synchronization and 
@@ -287 +287 @@
         with Microsoft Active Directory.
         </p><p>
-        <a class="indexterm" name="id2571613"></a>
-        <a class="indexterm" name="id2571623"></a>
-        <a class="indexterm" name="id2571630"></a>
-        <a class="indexterm" name="id2571637"></a>
+        <a class="indexterm" name="id341860"></a>
+        <a class="indexterm" name="id341869"></a>
+        <a class="indexterm" name="id341876"></a>
+        <a class="indexterm" name="id341883"></a>
         A comparison of OpenLDAP with Microsoft Active Directory does not do justice to either. OpenLDAP is an LDAP directory
         tool-set. Microsoft Active Directory Server is an implementation of an LDAP server that is largely preconfigured
@@ -301 +301 @@
         of OpenLDAP.
         </p><p>
-        <a class="indexterm" name="id2571666"></a>
-        <a class="indexterm" name="id2571675"></a>
+        <a class="indexterm" name="id341906"></a>
+        <a class="indexterm" name="id341915"></a>
         You may wish to consider outsourcing the development of your OpenLDAP directory to an expert, particularly
         if you find the challenge of learning about LDAP directories, schemas, configuration, and management
@@ -310 +310 @@
         that is required for use as a passdb backend.
         </p><p>
-        <a class="indexterm" name="id2571693"></a>
+        <a class="indexterm" name="id341929"></a>
         For those who are willing to brave the process of installing and configuring LDAP and Samba-3 interoperability,
         there are a few nice Web-based tools that may help you to manage your users and groups more effectively.
@@ -324 +324 @@
         <a class="ulink" href="http://www.jxplorer.org/" target="_top">; JXplorer</a> (by Computer Associates);
         and <a class="ulink" href="http://phpldapadmin.sourceforge.net/" target="_top">phpLDAPadmin</a>.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         The following prescriptive guidance is not an LDAP tutorial. The LDAP implementation expressly uses minimal
         security controls. No form of secure LDAP communications is attempted. The LDAP configuration information provided
@@ -335 +335 @@
         by Jerry Carter quite useful.
         </p><p>
-        <a class="indexterm" name="id2571791"></a>
-        <a class="indexterm" name="id2571798"></a>
-        <a class="indexterm" name="id2571807"></a>
-        <a class="indexterm" name="id2571814"></a>
+        <a class="indexterm" name="id342015"></a>
+        <a class="indexterm" name="id342022"></a>
+        <a class="indexterm" name="id342031"></a>
+        <a class="indexterm" name="id342038"></a>
         Mary's problems are due to two factors. First, the absence of a domain controller on the local network is the
         main cause of the errors that result in blue screen crashes. Second, Mary has a large profile that must
@@ -346 +346 @@
         staff morale. The following procedures solve this problem.
         </p><p>
-        <a class="indexterm" name="id2571836"></a>
+        <a class="indexterm" name="id342055"></a>
         There is also an opportunity to implement smart printing features. You add this to the Samba configuration
         so that future printer changes can be managed without need to change desktop configurations.
@@ -353 +353 @@
         in the default desktop profile. Only one example of printing configuration is given. It is assumed that
         you can extrapolate the principles and use them to install all printers that may be needed.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2571856"></a>Technical Issues</h3></div></div></div><p>
-        <a class="indexterm" name="id2571864"></a>
-        <a class="indexterm" name="id2571873"></a>
-        <a class="indexterm" name="id2571882"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id342070"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id342078"></a>
+        <a class="indexterm" name="id342087"></a>
+        <a class="indexterm" name="id342097"></a>
         The solution provided is a minimal approach to getting OpenLDAP running as an identity management directory
         server for UNIX system accounts as well as for Samba. From the OpenLDAP perspective, UNIX system
         accounts are stored POSIX schema extensions. Samba provides its own schema to permit storage of account 
         attributes Samba needs. Samba-3 can use the LDAP backend to store:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Windows Networking User Accounts</p></li><li><p>Windows NT Group Accounts</p></li><li><p>Mapping Information between UNIX Groups and Windows NT Groups</p></li><li><p>ID Mappings for SIDs to UIDs (also for foreign Domain SIDs)</p></li></ul></div><p>
-        <a class="indexterm" name="id2571923"></a>
-        <a class="indexterm" name="id2571930"></a>
-        <a class="indexterm" name="id2571937"></a>
-        <a class="indexterm" name="id2571944"></a>
-        <a class="indexterm" name="id2571951"></a>
-        <a class="indexterm" name="id2571958"></a>
-        <a class="indexterm" name="id2571967"></a>
-        <a class="indexterm" name="id2571973"></a>
-        <a class="indexterm" name="id2571980"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Windows Networking User Accounts</p></li><li class="listitem"><p>Windows NT Group Accounts</p></li><li class="listitem"><p>Mapping Information between UNIX Groups and Windows NT Groups</p></li><li class="listitem"><p>ID Mappings for SIDs to UIDs (also for foreign Domain SIDs)</p></li></ul></div><p>
+        <a class="indexterm" name="id342133"></a>
+        <a class="indexterm" name="id342140"></a>
+        <a class="indexterm" name="id342146"></a>
+        <a class="indexterm" name="id342153"></a>
+        <a class="indexterm" name="id342160"></a>
+        <a class="indexterm" name="id342167"></a>
+        <a class="indexterm" name="id342176"></a>
+        <a class="indexterm" name="id342182"></a>
+        <a class="indexterm" name="id342189"></a>
         The use of LDAP with Samba-3 makes it necessary to store UNIX accounts as well as Windows Networking
         accounts in the LDAP backend. This implies the need to use the 
@@ -379 +379 @@
         of the UNIX username to the UID. The relationships are demonstrated in <a class="link" href="happy.html#sbehap-LDAPdiag" title="Figure 5.1. The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts">&#8220;The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts&#8221;</a>.
         </p><div class="figure"><a name="sbehap-LDAPdiag"></a><p class="title"><b>Figure 5.1. The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UNIX-Samba-and-LDAP.png" width="270" alt="The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2572065"></a>
-        <a class="indexterm" name="id2572072"></a>
+        <a class="indexterm" name="id342269"></a>
+        <a class="indexterm" name="id342275"></a>
         You configure OpenLDAP so that it is operational. Before deploying the OpenLDAP, you really
         ought to learn how to configure secure communications over LDAP so that site security is not
         at risk. This is not covered in the following guidance.
         </p><p>
-        <a class="indexterm" name="id2572089"></a>
-        <a class="indexterm" name="id2572095"></a>
-        <a class="indexterm" name="id2572105"></a>
-        <a class="indexterm" name="id2572112"></a>
+        <a class="indexterm" name="id342290"></a>
+        <a class="indexterm" name="id342296"></a>
+        <a class="indexterm" name="id342306"></a>
+        <a class="indexterm" name="id342312"></a>
         When OpenLDAP has been made operative, you configure the PDC called <code class="constant">MASSIVE</code>.
         You initialize the Samba <code class="filename">secrets.tdb<sub></sub></code> file. Then you
@@ -396 +396 @@
         that help to manage user and group configuration.
         </p><p>
-        <a class="indexterm" name="id2572146"></a>
-        <a class="indexterm" name="id2572152"></a>
-        <a class="indexterm" name="id2572159"></a>
+        <a class="indexterm" name="id342343"></a>
+        <a class="indexterm" name="id342350"></a>
+        <a class="indexterm" name="id342356"></a>
         In order to effect folder redirection and to add robustness to the implementation,
         create a network default profile. All network users workstations are configured to use
@@ -404 +404 @@
         when the user logs off.
         </p><p>
-        <a class="indexterm" name="id2572174"></a>
+        <a class="indexterm" name="id342369"></a>
         The profile is configured so that users cannot change the appearance
         of their desktop. This is known as a mandatory profile. You make certain that users
         are able to use their computers efficiently.
         </p><p>
-        <a class="indexterm" name="id2572188"></a>
+        <a class="indexterm" name="id342381"></a>
         A network logon script is used to deliver flexible but consistent network drive
         connections.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-ppc"></a>Addition of Machines to the Domain</h4></div></div></div><p>
-                <a class="indexterm" name="id2572209"></a>
-                <a class="indexterm" name="id2572215"></a>
-                <a class="indexterm" name="id2572220"></a>
-                <a class="indexterm" name="id2572226"></a>
+        </p><div class="sect3" title="Addition of Machines to the Domain"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-ppc"></a>Addition of Machines to the Domain</h4></div></div></div><p>
+                <a class="indexterm" name="id342401"></a>
+                <a class="indexterm" name="id342406"></a>
+                <a class="indexterm" name="id342412"></a>
+                <a class="indexterm" name="id342417"></a>
                 Samba versions prior to 3.0.11 necessitated the use of a domain administrator account
                 that maps to the UNIX UID=0. The UNIX operating system permits only the <code class="constant">root</code>
@@ -426 +426 @@
                 how any user can now be given the ability to add machines to the domain using a normal user account
                 that has been given the appropriate privileges.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572363"></a>Roaming Profile Background</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Roaming Profile Background"><div class="titlepage"><div><div><h4 class="title"><a name="id342548"></a>Roaming Profile Background</h4></div></div></div><p>
                 As XP roaming profiles grow, so does the amount of time it takes to log in and out.
                 </p><p>
-                <a class="indexterm" name="id2572376"></a>
-                <a class="indexterm" name="id2572383"></a>
-                <a class="indexterm" name="id2572390"></a>
-                <a class="indexterm" name="id2572397"></a>
+                <a class="indexterm" name="id342560"></a>
+                <a class="indexterm" name="id342566"></a>
+                <a class="indexterm" name="id342573"></a>
+                <a class="indexterm" name="id342580"></a>
                 An XP roaming profile consists of the <code class="constant">HKEY_CURRENT_USER</code> hive file
                 <code class="filename">NTUSER.DAT</code> and a number of folders (My Documents, Application Data,
@@ -454 +454 @@
                 instead of the <code class="filename">My Documents</code> folder for saving documents.
                 </p><p>
-                <a class="indexterm" name="id2572476"></a>
+                <a class="indexterm" name="id342644"></a>
                 Using a folder other than <code class="filename">My Documents</code> is a nuisance for 
                 some users, since many applications use it by default.
                 </p><p>
-                <a class="indexterm" name="id2572494"></a>
-                <a class="indexterm" name="id2572501"></a>
-                <a class="indexterm" name="id2572508"></a>
+                <a class="indexterm" name="id342661"></a>
+                <a class="indexterm" name="id342668"></a>
+                <a class="indexterm" name="id342675"></a>
                 The secret to rapid loading of roaming profiles is to prevent unnecessary data from 
                 being copied back and forth, without losing any functionality. This is not difficult; 
@@ -466 +466 @@
                 as changing some paths in each user's <code class="filename">NTUSER.DAT</code> hive.
                 </p><p>
-                <a class="indexterm" name="id2572529"></a>
-                <a class="indexterm" name="id2572536"></a>
+                <a class="indexterm" name="id342693"></a>
+                <a class="indexterm" name="id342700"></a>
                 Every user profile has its own <code class="filename">NTUSER.DAT</code> file. This means
                 you need to edit every user's profile, unless a better method can be
@@ -475 +475 @@
                 necessary to copy all files from redirected folders to the network share to which
                 they are redirected.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-locgrppol"></a>The Local Group Policy</h4></div></div></div><p>
-                <a class="indexterm" name="id2572576"></a>
-                <a class="indexterm" name="id2572583"></a>
-                <a class="indexterm" name="id2572590"></a>
-                <a class="indexterm" name="id2572596"></a>
+                </p></div><div class="sect3" title="The Local Group Policy"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-locgrppol"></a>The Local Group Policy</h4></div></div></div><p>
+                <a class="indexterm" name="id342736"></a>
+                <a class="indexterm" name="id342742"></a>
+                <a class="indexterm" name="id342749"></a>
+                <a class="indexterm" name="id342756"></a>
                 Without an Active Directory PDC, you cannot take full advantage of Group Policy 
                 Objects. However, you can still make changes to the Local Group Policy by using 
@@ -488 +488 @@
                 <span class="guimenu">User Configuration</span> &#8594; <span class="guimenuitem">Administrative Templates</span> &#8594; <span class="guimenuitem">System</span> &#8594; <span class="guimenuitem">User Profiles</span>. 
                 By default this setting contains
-                &#8220;<span class="quote">Local Settings; Temporary Internet Files; History; Temp</span>&#8221;.
+                <span class="quote">&#8220;<span class="quote">Local Settings; Temporary Internet Files; History; Temp</span>&#8221;</span>.
                 </p><p>
                 Simply add the folders you do not wish to be copied back and forth to this 
                 semicolon-separated list. Note that this change must be made on all clients 
                 that are using roaming profiles.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572664"></a>Profile Changes</h4></div></div></div><p>
-                <a class="indexterm" name="id2572672"></a>
-                <a class="indexterm" name="id2572678"></a>
+                </p></div><div class="sect3" title="Profile Changes"><div class="titlepage"><div><div><h4 class="title"><a name="id342818"></a>Profile Changes</h4></div></div></div><p>
+                <a class="indexterm" name="id342826"></a>
+                <a class="indexterm" name="id342832"></a>
                 There are two changes that should be done to each user's profile. Move each of 
                 the directories that you have excluded from being copied back and forth out of 
@@ -502 +502 @@
                 path (<code class="filename">C:\Documents and Settings\%USERNAME%</code>).
                 </p><p>
-                <a class="indexterm" name="id2572706"></a>
-                <a class="indexterm" name="id2572713"></a>
+                <a class="indexterm" name="id342857"></a>
+                <a class="indexterm" name="id342864"></a>
                 The above modifies existing user profiles. So that newly created profiles have 
                 these settings, you need to modify the <code class="filename">NTUSER.DAT</code> in 
@@ -510 +510 @@
                 <code class="filename">NTUSER.DAT</code> to a Linux box and using <code class="literal">regedt32</code>.
                 The basic method is described under <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572758"></a>Using a Network Default User Profile</h4></div></div></div><p>
-                <a class="indexterm" name="id2572766"></a>
-                <a class="indexterm" name="id2572773"></a>
+                </p></div><div class="sect3" title="Using a Network Default User Profile"><div class="titlepage"><div><div><h4 class="title"><a name="id342906"></a>Using a Network Default User Profile</h4></div></div></div><p>
+                <a class="indexterm" name="id342914"></a>
+                <a class="indexterm" name="id342921"></a>
                 If you are using Samba as your PDC, you should create a file share called 
                 <code class="constant">NETLOGON</code> and within that create a directory called 
@@ -521 +521 @@
                 See also <a class="ulink" href="http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html" target="_top">
                 the Real Men Don't Click</a> Web site.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2572816"></a>Installation of Printer Driver Auto-Download</h4></div></div></div><p>
-                <a class="indexterm" name="id2572825"></a>
-                <a class="indexterm" name="id2572834"></a>
-                <a class="indexterm" name="id2572841"></a>
+                </p></div><div class="sect3" title="Installation of Printer Driver Auto-Download"><div class="titlepage"><div><div><h4 class="title"><a name="id342960"></a>Installation of Printer Driver Auto-Download</h4></div></div></div><p>
+                <a class="indexterm" name="id342968"></a>
+                <a class="indexterm" name="id342977"></a>
+                <a class="indexterm" name="id342984"></a>
                 The subject of printing is quite topical. Printing problems run second place to name
                 resolution issues today. So far in this book, you have experienced only what is generally
-                known as &#8220;<span class="quote">dumb</span>&#8221; printing. Dumb printing is the arrangement by which all drivers
+                known as <span class="quote">&#8220;<span class="quote">dumb</span>&#8221;</span> printing. Dumb printing is the arrangement by which all drivers
                 are manually installed on each client and the printing subsystems perform no filtering
                 or intelligent processing. Dumb printing is easily understood. It usually works without
@@ -533 +533 @@
                 <code class="literal">Raw-Print-Through</code> printing.
                 </p><p>
-                <a class="indexterm" name="id2572870"></a>
-                <a class="indexterm" name="id2572879"></a>
+                <a class="indexterm" name="id343008"></a>
+                <a class="indexterm" name="id343017"></a>
                 Samba permits the configuration of <code class="literal">smart</code> printing using the Microsoft
                 Windows point-and-click (also called drag-and-drop) printing. What this provides is
@@ -548 +548 @@
                 suited to the printer to which the job is dispatched.
                 </p><p>
-                <a class="indexterm" name="id2572926"></a>
-                <a class="indexterm" name="id2572933"></a>
-                <a class="indexterm" name="id2572940"></a>
+                <a class="indexterm" name="id343057"></a>
+                <a class="indexterm" name="id343064"></a>
+                <a class="indexterm" name="id343071"></a>
                 The CUPS printing subsystem is capable of intelligent printing. It has the capacity to
                 detect the data format and apply a print filter. This means that it is feasible to install
@@ -567 +567 @@
                 style of installation. Those interested in further information regarding intelligent
                 printing should review documentation on the Easy Software Products Web site.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbeavoid"></a>Avoiding Failures: Solving Problems Before They Happen</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Avoiding Failures: Solving Problems Before They Happen"><div class="titlepage"><div><div><h4 class="title"><a name="sbeavoid"></a>Avoiding Failures: Solving Problems Before They Happen</h4></div></div></div><p>
                 It has often been said that there are three types of people in the world: those who
                 have sharp minds and those who forget things. Please do not ask what the third group
@@ -575 +575 @@
                 </p><p>
                 Here are some diagnostic guidelines that can be referred to when things go wrong:
-                </p><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573007"></a>Preliminary Advice: Dangers Can Be Avoided</h5></div></div></div><p>
-                The best advice regarding how to mend a broken leg is &#8220;<span class="quote">Never break a leg!</span>&#8221;
-                </p><p>
-                <a class="indexterm" name="id2573023"></a>
+                </p><div class="sect4" title="Preliminary Advice: Dangers Can Be Avoided"><div class="titlepage"><div><div><h5 class="title"><a name="id343123"></a>Preliminary Advice: Dangers Can Be Avoided</h5></div></div></div><p>
+                The best advice regarding how to mend a broken leg is <span class="quote">&#8220;<span class="quote">Never break a leg!</span>&#8221;</span>
+                </p><p>
+                <a class="indexterm" name="id343138"></a>
                 Newcomers to Samba and LDAP seem to struggle a great deal at first.  If you want advice
-                regarding the best way to remedy LDAP and Samba problems: &#8220;<span class="quote">Avoid them like the plague!</span>&#8221;
+                regarding the best way to remedy LDAP and Samba problems: <span class="quote">&#8220;<span class="quote">Avoid them like the plague!</span>&#8221;</span>
                 </p><p>
                 If you are now asking yourself how problems can be avoided, the best advice is to start
@@ -590 +590 @@
                 that they could serve as the kick-off point for your journey through fields of knowledge.
                 Use this resource carefully; we hope it serves you well.
-                </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+                </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
                 Do not be lulled into thinking that you can easily adopt the examples in this
                 book and adapt them without first working through the examples provided. A little
                 thing overlooked can cause untold pain and may permanently tarnish your experience.
-                </p></div></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573067"></a>The Name Service Caching Daemon</h5></div></div></div><p>
+                </p></div></div><div class="sect4" title="The Name Service Caching Daemon"><div class="titlepage"><div><div><h5 class="title"><a name="id343173"></a>The Name Service Caching Daemon</h5></div></div></div><p>
                 The name service caching daemon (nscd) is a primary cause of difficulties with name
                 resolution, particularly where <code class="literal">winbind</code> is used. Winbind does its
@@ -661 +661 @@
 <code class="prompt">root# </code> rcnscd off
 </pre><p>
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573240"></a>Debugging LDAP</h5></div></div></div><p>
-                <a class="indexterm" name="id2573248"></a>
-                <a class="indexterm" name="id2573255"></a>
-                <a class="indexterm" name="id2573262"></a>
+                </p></div><div class="sect4" title="Debugging LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id343291"></a>Debugging LDAP</h5></div></div></div><p>
+                <a class="indexterm" name="id343298"></a>
+                <a class="indexterm" name="id343305"></a>
+                <a class="indexterm" name="id343312"></a>
                 In the example <code class="filename">/etc/openldap/slapd.conf</code> control file
                 (see <a class="link" href="happy.html#sbehap-dbconf" title="Example 5.1. LDAP DB_CONFIG File">&#8220;LDAP DB_CONFIG File&#8221;</a>) there is an entry for <code class="constant">loglevel      256</code>.
@@ -670 +670 @@
                 and restart <code class="literal">slapd</code>.
                 </p><p>
-                <a class="indexterm" name="id2573298"></a>
-                <a class="indexterm" name="id2573305"></a>
+                <a class="indexterm" name="id343346"></a>
+                <a class="indexterm" name="id343352"></a>
                 LDAP log information can be directed into a file that is separate from the normal system
                 log files by changing the <code class="filename">/etc/syslog.conf</code> file so it has the following
@@ -690 +690 @@
                 customization with the intent that LDAP log files will be stored at a location
                 that meets local site needs and wishes more fully.
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573347"></a>Debugging NSS_LDAP</h5></div></div></div><p>
+                </p></div><div class="sect4" title="Debugging NSS_LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id343386"></a>Debugging NSS_LDAP</h5></div></div></div><p>
                 The basic mechanism for diagnosing problems with the nss_ldap utility involves adding to the
                 <code class="filename">/etc/ldap.conf</code> file the following parameters:
@@ -703 +703 @@
                 </p><p>
                 The diagnostic process should follow these steps:
-                </p><div class="procedure"><a name="id2573390"></a><p class="title"><b>Procedure 5.1. NSS_LDAP Diagnostic Steps</b></p><ol type="1"><li><p>
+                </p><div class="procedure" title="Procedure 5.1. NSS_LDAP Diagnostic Steps"><a name="id343427"></a><p class="title"><b>Procedure 5.1. NSS_LDAP Diagnostic Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Verify the <code class="constant">nss_base_passwd, nss_base_shadow, nss_base_group</code> entries
                         in the <code class="filename">/etc/ldap.conf</code> file and compare them closely with the directory
@@ -740 +740 @@
                         has been implemented:
                         </p><p>
-                        </p><div class="itemizedlist"><ul type="disc"><li><p>User accounts are stored under the DIT: ou=Users, dc=abmas, dc=biz</p></li><li><p>User login accounts are under the DIT: ou=People, ou-Users, dc=abmas, dc=biz</p></li><li><p>Computer accounts are under the DIT: ou=Computers, ou=Users, dc=abmas, dc=biz</p></li></ul></div><p>
+                        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>User accounts are stored under the DIT: ou=Users, dc=abmas, dc=biz</p></li><li class="listitem"><p>User login accounts are under the DIT: ou=People, ou-Users, dc=abmas, dc=biz</p></li><li class="listitem"><p>Computer accounts are under the DIT: ou=Computers, ou=Users, dc=abmas, dc=biz</p></li></ul></div><p>
                         </p><p>
                         The appropriate multiple entry for the <code class="constant">nss_base_passwd</code> directive
@@ -748 +748 @@
 nss_base_passwd ou=Computers,ou=Users,dc=abmas,dc=org?one
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Perform lookups such as:
 </p><pre class="screen">
@@ -756 +756 @@
                         for each such process executed. The contents of each file created in this directory
                         may provide a hint as to the cause of the a problem that is under investigation. 
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         For additional diagnostic information, check the contents of the <code class="filename">/var/log/messages</code>
                         to see what error messages are being generated as a result of the LDAP lookups. Here is an example of
@@ -789 +789 @@
 
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         Check that the bindpw entry in the <code class="filename">/etc/ldap.conf</code> or in the
                         <code class="filename">/etc/ldap.secrets</code> file is correct, as specified in the
                         <code class="filename">/etc/openldap/slapd.conf</code> file.
-                        </p></li></ol></div></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573641"></a>Debugging Samba</h5></div></div></div><p>
+                        </p></li></ol></div></div><div class="sect4" title="Debugging Samba"><div class="titlepage"><div><div><h5 class="title"><a name="id343646"></a>Debugging Samba</h5></div></div></div><p>
                 The following parameters in the <code class="filename">smb.conf</code> file can be useful in tracking down Samba-related problems:
 </p><pre class="screen">
@@ -823 +823 @@
                 Search for hints of what may have failed by looking for the words <span class="emphasis"><em>fail</em></span>
                 and <span class="emphasis"><em>error</em></span>.
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2573712"></a>Debugging on the Windows Client</h5></div></div></div><p>
+                </p></div><div class="sect4" title="Debugging on the Windows Client"><div class="titlepage"><div><div><h5 class="title"><a name="id343710"></a>Debugging on the Windows Client</h5></div></div></div><p>
                 MS Windows 2000 Professional and Windows  XP Professional clients can be configured
                 to create a netlogon.log file that can be very helpful in diagnosing network logon problems. Search
                 the Microsoft knowledge base for detailed instructions. The techniques vary a little with each
                 version of MS Windows.
-                </p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2573730"></a>Political Issues</h3></div></div></div><p>
+                </p></div></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id343725"></a>Political Issues</h3></div></div></div><p>
                 MS Windows network users are generally very sensitive to limits that may be imposed when 
                 confronted with locked-down workstation configurations. The challenge you face must 
                 be promoted as a choice between reliable, fast network operation and a constant flux    
                 of problems that result in user irritation.
-                </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2573745"></a>Installation Checklist</h3></div></div></div><p>
+                </p></div><div class="sect2" title="Installation Checklist"><div class="titlepage"><div><div><h3 class="title"><a name="id343737"></a>Installation Checklist</h3></div></div></div><p>
         You are starting a complex project. Even though you went through the installation of a complex
         network in <a class="link" href="Big500users.html" title="Chapter 4. The 500-User Office">&#8220;The 500-User Office&#8221;</a>, this network is a bigger challenge because of the
@@ -841 +841 @@
         been completed. The following task list may help you to keep track of the task items
         that are covered:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Samba-3 PDC Server Configuration</p><div class="orderedlist"><ol type="1"><li><p>DHCP and DNS servers</p></li><li><p>OpenLDAP server</p></li><li><p>PAM and NSS client tools</p></li><li><p>Samba-3 PDC</p></li><li><p>Idealx smbldap scripts</p></li><li><p>LDAP initialization</p></li><li><p>Create user and group accounts</p></li><li><p>Printers</p></li><li><p>Share point directory roots</p></li><li><p>Profile directories</p></li><li><p>Logon scripts</p></li><li><p>Configuration of user rights and privileges</p></li></ol></div></li><li><p>Samba-3 BDC Server Configuration</p><div class="orderedlist"><ol type="1"><li><p>DHCP and DNS servers</p></li><li><p>PAM and NSS client tools</p></li><li><p>Printers</p></li><li><p>Share point directory roots</p></li><li><p>Profiles directories</p></li></ol></div></li><li><p>Windows XP Client Configuration</p><div class="orderedlist"><ol type="1"><li><p>Default profile folder redirection</p></li><li><p>MS Outlook PST file relocation</p></li><li><p>Delete roaming profile on logout</p></li><li><p>Upload printer drivers to Samba servers</p></li><li><p>Install software</p></li><li><p>Creation of roll-out images</p></li></ol></div></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2573925"></a>Samba Server Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id2573933"></a>
-        <a class="indexterm" name="id2573940"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Samba-3 PDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>OpenLDAP server</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Samba-3 PDC</p></li><li class="listitem"><p>Idealx smbldap scripts</p></li><li class="listitem"><p>LDAP initialization</p></li><li class="listitem"><p>Create user and group accounts</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profile directories</p></li><li class="listitem"><p>Logon scripts</p></li><li class="listitem"><p>Configuration of user rights and privileges</p></li></ol></div></li><li class="listitem"><p>Samba-3 BDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profiles directories</p></li></ol></div></li><li class="listitem"><p>Windows XP Client Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Default profile folder redirection</p></li><li class="listitem"><p>MS Outlook PST file relocation</p></li><li class="listitem"><p>Delete roaming profile on logout</p></li><li class="listitem"><p>Upload printer drivers to Samba servers</p></li><li class="listitem"><p>Install software</p></li><li class="listitem"><p>Creation of roll-out images</p></li></ol></div></li></ul></div></div></div><div class="sect1" title="Samba Server Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id343908"></a>Samba Server Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id343916"></a>
+        <a class="indexterm" name="id343923"></a>
         The network design shown in <a class="link" href="happy.html#chap6net" title="Figure 5.2. Network Topology 500 User Network Using ldapsam passdb backend">&#8220;Network Topology  500 User Network Using ldapsam passdb backend&#8221;</a> is not comprehensive. It is assumed
         that you will install additional file servers and possibly additional BDCs.
         </p><div class="figure"><a name="chap6net"></a><p class="title"><b>Figure 5.2. Network Topology  500 User Network Using ldapsam passdb backend</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap6-net.png" width="270" alt="Network Topology 500 User Network Using ldapsam passdb backend"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2574003"></a>
-        <a class="indexterm" name="id2574010"></a>
+        <a class="indexterm" name="id343983"></a>
+        <a class="indexterm" name="id343990"></a>
         All configuration files and locations are shown for SUSE Linux 9.2 and are equally valid for SUSE
         Linux Enterprise Server 9. The file locations for Red Hat Linux are similar. You may need to
         adjust the locations for your particular Linux system distribution/implementation.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
 The following information applies to Samba-3.0.20 when used with the Idealx smbldap-tools
 scripts version 0.9.1. If using a different version of Samba or of the smbldap-tools tarball,
@@ -868 +868 @@
         with newly installed Linux servers, you must complete the steps shown in
         <a class="link" href="Big500users.html#ch5-dnshcp-setup" title="Installation of DHCP, DNS, and Samba Control Files">&#8220;Installation of DHCP, DNS, and Samba Control Files&#8221;</a> before commencing at <a class="link" href="happy.html#ldapsetup" title="OpenLDAP Server Configuration">&#8220;OpenLDAP Server Configuration&#8221;</a>.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ldapsetup"></a>OpenLDAP Server Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2574092"></a>
-        <a class="indexterm" name="id2574098"></a>
-        <a class="indexterm" name="id2574105"></a>
+        </p><div class="sect2" title="OpenLDAP Server Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ldapsetup"></a>OpenLDAP Server Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id344059"></a>
+        <a class="indexterm" name="id344066"></a>
+        <a class="indexterm" name="id344073"></a>
         Confirm that the packages shown in <a class="link" href="happy.html#oldapreq" title="Table 5.2. Required OpenLDAP Linux Packages">&#8220;Required OpenLDAP Linux Packages&#8221;</a> are installed on your system.
         </p><div class="table"><a name="oldapreq"></a><p class="title"><b>Table 5.2. Required OpenLDAP Linux Packages</b></p><div class="table-contents"><table summary="Required OpenLDAP Linux Packages" border="1"><colgroup><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">SUSE Linux 8.x</th><th align="center">SUSE Linux 9.x</th><th align="center">Red Hat Linux</th></tr></thead><tbody><tr><td align="left">nss_ldap</td><td align="left">nss_ldap</td><td align="left">nss_ldap</td></tr><tr><td align="left">pam_ldap</td><td align="left">pam_ldap</td><td align="left">pam_ldap</td></tr><tr><td align="left">openldap2</td><td align="left">openldap2</td><td align="left">openldap</td></tr><tr><td align="left">openldap2-client</td><td align="left">openldap2-client</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><p>
@@ -877 +877 @@
         for bootstrapping the LDAP and Samba-3 configuration is relatively straightforward. If you
         follow these guidelines, the resulting system should work fine.
-        </p><div class="procedure"><a name="id2574237"></a><p class="title"><b>Procedure 5.2. OpenLDAP Server Configuration Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2574249"></a>
+        </p><div class="procedure" title="Procedure 5.2. OpenLDAP Server Configuration Steps"><a name="id344202"></a><p class="title"><b>Procedure 5.2. OpenLDAP Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id344213"></a>
                 Install the file shown in <a class="link" href="happy.html#sbehap-slapdconf" title="Example 5.2. LDAP Master Configuration File /etc/openldap/slapd.conf Part A">&#8220;LDAP Master Configuration File  /etc/openldap/slapd.conf Part A&#8221;</a> in the directory
                 <code class="filename">/etc/openldap</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574277"></a>
-                <a class="indexterm" name="id2574283"></a>
-                <a class="indexterm" name="id2574290"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id344240"></a>
+                <a class="indexterm" name="id344247"></a>
+                <a class="indexterm" name="id344253"></a>
                 Remove all files from the directory <code class="filename">/data/ldap</code>, making certain that
                 the directory exists with permissions:
@@ -892 +892 @@
 </pre><p>
                 This may require you to add a user and a group account for LDAP if they do not exist.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574326"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id344286"></a>
                 Install the file shown in <a class="link" href="happy.html#sbehap-dbconf" title="Example 5.1. LDAP DB_CONFIG File">&#8220;LDAP DB_CONFIG File&#8221;</a> in the directory
                 <code class="filename">/data/ldap</code>. In the event that this file is added after <code class="constant">ldap</code>
@@ -899 +899 @@
                 the <code class="constant">LDAP</code> server, executing the <code class="literal">db_recover</code> command inside the
                 <code class="filename">/data/ldap</code> directory, and then restarting the <code class="constant">LDAP</code> server.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574379"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id344336"></a>
                 Performance logging can be enabled and should preferably be sent to a file on
                 a file system that is large enough to handle significantly sized logs. To enable
                 the logging at a verbose level to permit detailed analysis, uncomment the entry in
-                the <code class="filename">/etc/openldap/slapd.conf</code> shown as &#8220;<span class="quote">loglevel 256</span>&#8221;.
+                the <code class="filename">/etc/openldap/slapd.conf</code> shown as <span class="quote">&#8220;<span class="quote">loglevel 256</span>&#8221;</span>.
                 </p><p>
                 Edit the <code class="filename">/etc/syslog.conf</code> file to add the following at the end
@@ -975 +975 @@
 index sambaDomainName       eq
 index default               sub
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-PAM-NSS"></a>PAM and NSS Client Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2574531"></a>
-        <a class="indexterm" name="id2574537"></a>
-        <a class="indexterm" name="id2574544"></a>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="PAM and NSS Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-PAM-NSS"></a>PAM and NSS Client Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id344468"></a>
+        <a class="indexterm" name="id344474"></a>
+        <a class="indexterm" name="id344481"></a>
         The steps that follow involve configuration of LDAP, NSS LDAP-based resolution of users and
         groups. Also, so that LDAP-based accounts can log onto the system, the steps ahead configure
         the Pluggable Authentication Modules (PAM) to permit LDAP-based authentication.
         </p><p>
-        <a class="indexterm" name="id2574558"></a>
-        <a class="indexterm" name="id2574568"></a>
+        <a class="indexterm" name="id344493"></a>
+        <a class="indexterm" name="id344502"></a>
         Since you have chosen to put UNIX user and group accounts into the LDAP database, it is likely
         that you may want to use them for UNIX system (Linux) local machine logons. This necessitates
@@ -991 +991 @@
         module also has the ability to redirect authentication requests through LDAP.
         </p><p>
-        <a class="indexterm" name="id2574596"></a>
-        <a class="indexterm" name="id2574603"></a>
-        <a class="indexterm" name="id2574610"></a>
-        <a class="indexterm" name="id2574617"></a>
+        <a class="indexterm" name="id344527"></a>
+        <a class="indexterm" name="id344534"></a>
+        <a class="indexterm" name="id344541"></a>
+        <a class="indexterm" name="id344548"></a>
         You have chosen to configure these services by directly editing the system files, but of course, you
         know that this configuration can be done using system tools provided by the Linux system vendor.
@@ -1000 +1000 @@
         configuration of SUSE Linux as an LDAP client. Red Hat Linux provides the <code class="literal">authconfig</code>
         tool for this.
-        </p><div class="procedure"><a name="id2574656"></a><p class="title"><b>Procedure 5.3. PAM and NSS Client Configuration Steps</b></p><div class="example"><a name="sbehap-nss01"></a><p class="title"><b>Example 5.4. Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></b></p><div class="example-contents"><pre class="screen">
+        </p><div class="procedure" title="Procedure 5.3. PAM and NSS Client Configuration Steps"><a name="id344584"></a><p class="title"><b>Procedure 5.3. PAM and NSS Client Configuration Steps</b></p><div class="example"><a name="sbehap-nss01"></a><p class="title"><b>Example 5.4. Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></b></p><div class="example-contents"><pre class="screen">
 host 127.0.0.1
 
@@ -1042 +1042 @@
 
 ssl off
-</pre></div></div><br class="example-break"><ol type="1"><li><p>
-                <a class="indexterm" name="id2574668"></a>
-                <a class="indexterm" name="id2574675"></a>
-                <a class="indexterm" name="id2574682"></a>
+</pre></div></div><br class="example-break"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id344595"></a>
+                <a class="indexterm" name="id344602"></a>
+                <a class="indexterm" name="id344609"></a>
                 Execute the following command to find where the <code class="filename">nss_ldap</code> module
                 expects to find its control file:
@@ -1052 +1052 @@
 </pre><p>
                 The preferred and usual location is <code class="filename">/etc/ldap.conf</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 On the server <code class="constant">MASSIVE</code>, install the file shown in 
                 <a class="link" href="happy.html#sbehap-nss01" title="Example 5.4. Configuration File for NSS LDAP Support /etc/ldap.conf">&#8220;Configuration File for NSS LDAP Support  /etc/ldap.conf&#8221;</a> into the path that was obtained from the step above.
                 On the servers called <code class="constant">BLDG1</code> and <code class="constant">BLDG2</code>, install the file shown in
                 <a class="link" href="happy.html#sbehap-nss02" title="Example 5.5. Configuration File for NSS LDAP Clients Support /etc/ldap.conf">&#8220;Configuration File for NSS LDAP Clients Support  /etc/ldap.conf&#8221;</a> into the path that was obtained from the step above.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574821"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id344734"></a>
                 Edit the NSS control file (<code class="filename">/etc/nsswitch.conf</code>) so that the lines that
                 control user and group resolution will obtain information from the normal system files as
@@ -1072 +1072 @@
                 WINS-based hostname resolution is deliberate so that all MS Windows client hostnames can be 
                 resolved to their IP addresses, whether or not they are DHCP clients.
-                </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 Some Linux systems (Novell SUSE Linux in particular) add entries to the <code class="filename">nsswitch.conf</code>
                 file that may cause operational problems with the configuration methods adopted in this book. It is
@@ -1080 +1080 @@
                 Even at the risk of overstating the issue, incorrect and inappropriate configuration of the
                 <code class="filename">nsswitch.conf</code> file is a significant cause of operational problems with LDAP.
-                </p></li><li><p>
-                <a class="indexterm" name="id2574897"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id344800"></a>
                 For PAM LDAP configuration on this SUSE Linux 9.0 system, the simplest solution is to edit the following
                 files in the <code class="filename">/etc/pam.d</code> directory: <code class="literal">login</code>, <code class="literal">password</code>,
@@ -1103 +1103 @@
 </pre><p>
                 </p><p>
-                <a class="indexterm" name="id2574976"></a>
+                <a class="indexterm" name="id344872"></a>
                 On other Linux systems that do not have an LDAP-enabled <code class="literal">pam_unix2.so</code> module,
                 you must edit these files by adding the <code class="literal">pam_ldap.so</code> modules as shown here:
@@ -1126 +1126 @@
                 implementation, but if the <code class="literal">pam_unix2.so</code> on your system supports
                 LDAP, you probably want to use it rather than add an additional module.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-massive"></a>Samba-3 PDC Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2575059"></a>
+                </p></li></ol></div></div><div class="sect2" title="Samba-3 PDC Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-massive"></a>Samba-3 PDC Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id344942"></a>
         Verify that the Samba-3.0.20 (or later) packages are installed on each SUSE Linux server 
         before following the steps below. If Samba-3.0.20 (or later) is not installed, you have the
@@ -1134 +1134 @@
         Red Hat Fedora Core and Red Hat Enterprise Linux Server 3 and 4, are included on the CD-ROM that
         is included with this book.
-        </p><div class="procedure"><a name="id2575075"></a><p class="title"><b>Procedure 5.4. Configuration of PDC Called <code class="constant">MASSIVE</code></b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.4. Configuration of PDC Called MASSIVE"><a name="id344954"></a><p class="title"><b>Procedure 5.4. Configuration of PDC Called <code class="constant">MASSIVE</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-massive-smbconfa" title="Example 5.6. LDAP Based smb.conf File, Server: MASSIVE global Section: Part A">&#8220;LDAP Based smb.conf File, Server: MASSIVE  global Section: Part A&#8221;</a>, 
                 <a class="link" href="happy.html#sbehap-massive-smbconfb" title="Example 5.7. LDAP Based smb.conf File, Server: MASSIVE global Section: Part B">&#8220;LDAP Based smb.conf File, Server: MASSIVE  global Section: Part B&#8221;</a>, <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, 
@@ -1143 +1143 @@
                 on the master file. The operational <code class="filename">smb.conf</code> is then generated as shown in
                 the next step.
-                </p></li><li><p>
-                <a class="indexterm" name="id2575151"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id345025"></a>
                 Create and verify the contents of the <code class="filename">smb.conf</code> file that is generated by:
 </p><pre class="screen">
@@ -1171 +1171 @@
 Press enter to see a dump of your service definitions
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Delete all runtime files from prior Samba operation by executing (for SUSE
                 Linux):
@@ -1180 +1180 @@
 <code class="prompt">root# </code> rm /var/log/samba/*
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2575251"></a>
-                <a class="indexterm" name="id2575257"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id345117"></a>
+                <a class="indexterm" name="id345124"></a>
                 Samba-3 communicates with the LDAP server. The password that it uses to
                 authenticate to the LDAP server must be stored in the <code class="filename">secrets.tdb</code>
@@ -1194 +1194 @@
 Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2575306"></a>
-                <a class="indexterm" name="id2575313"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id345169"></a>
+                <a class="indexterm" name="id345176"></a>
                 Samba-3 generates a Windows Security Identifier (SID) only when <code class="literal">smbd</code>
                 has been started. For this reason, you start Samba. After a few seconds delay,
@@ -1227 +1227 @@
                 errors (the most common problem).  The use of the <code class="literal">testparm</code> is highly 
                 recommended to validate the contents of this file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 When a positive domain SID has been reported, stop Samba.
-                </p></li><li><p>
-                <a class="indexterm" name="id2575425"></a>
-                <a class="indexterm" name="id2575432"></a>
-                <a class="indexterm" name="id2575439"></a>
-                <a class="indexterm" name="id2575445"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id345275"></a>
+                <a class="indexterm" name="id345281"></a>
+                <a class="indexterm" name="id345288"></a>
+                <a class="indexterm" name="id345295"></a>
                 Configure the NFS server for your Linux system. So you can complete the steps that
                 follow, enter into the <code class="filename">/etc/exports</code> the following entry:
@@ -1251 +1251 @@
         Your Samba-3 PDC is now ready to communicate with the LDAP password backend. Let's get on with
         configuration of the LDAP server.
-        </p><div class="example"><a name="sbehap-massive-smbconfa"></a><p class="title"><b>Example 5.6. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2575532"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2575544"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2575555"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2575567"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2575579"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575591"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2575603"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575615"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2575627"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2575639"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2575650"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2575662"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2575674"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2575685"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2575698"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575709"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2575721"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2575733"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2575746"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2575758"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575770"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575783"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575796"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2575809"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2575822"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-massive-smbconfb"></a><p class="title"><b>Example 5.7. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td><a class="indexterm" name="id2575859"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2575871"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2575883"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2575895"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575906"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575918"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575930"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2575942"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2575954"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2575966"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2575978"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2575990"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2576002"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2576014"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2576026"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2576038"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2576050"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2576061"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbeidealx"></a>Install and Configure Idealx smbldap-tools Scripts</h3></div></div></div><p>
-        <a class="indexterm" name="id2576087"></a>
+        </p><div class="example"><a name="sbehap-massive-smbconfa"></a><p class="title"><b>Example 5.6. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id345373"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id345384"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id345396"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id345407"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id345418"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345430"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id345442"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345453"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id345465"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id345476"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id345488"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id345499"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id345511"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id345522"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id345534"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345545"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id345557"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id345568"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id345580"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id345592"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345604"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345616"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345628"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345640"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id345652"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-massive-smbconfb"></a><p class="title"><b>Example 5.7. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td><a class="indexterm" name="id345688"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id345700"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id345711"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id345723"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345734"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345746"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345757"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id345769"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id345780"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id345792"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id345804"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id345815"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id345827"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id345839"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id345850"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id345862"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345873"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id345884"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Install and Configure Idealx smbldap-tools Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="sbeidealx"></a>Install and Configure Idealx smbldap-tools Scripts</h3></div></div></div><p>
+        <a class="indexterm" name="id345910"></a>
         The Idealx scripts, or equivalent, are necessary to permit Samba-3 to manage accounts
         on the LDAP server. You have chosen the Idealx scripts because they are the best-known
@@ -1262 +1262 @@
         <a class="ulink" href="http://samba.idealx.org/dist/smbldap-tools-0.9.1-1.src.rpm" target="_top">smbldap-tools-0.9.1-1.src.rpm</a>
         file that may be used to build an installable RPM package for your Linux system.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
 The smbldap-tools scripts can be installed in any convenient directory of your choice, in which case you must
 change the path to them in your <code class="filename">smb.conf</code> file on the PDC (<code class="constant">MASSIVE</code>).
@@ -1269 +1269 @@
         The scripts are not needed on BDC machines because all LDAP updates are handled by
         the PDC alone.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2576154"></a>Installation of smbldap-tools from the Tarball</h4></div></div></div><p>
+        </p><div class="sect3" title="Installation of smbldap-tools from the Tarball"><div class="titlepage"><div><div><h4 class="title"><a name="id345968"></a>Installation of smbldap-tools from the Tarball</h4></div></div></div><p>
         To perform a manual installation of the smbldap-tools scripts, the following procedure may be used:
-        </p><div class="procedure"><a name="idealxscript"></a><p class="title"><b>Procedure 5.5. Unpacking and Installation Steps for the <code class="constant">smbldap-tools</code> Tarball</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.5. Unpacking and Installation Steps for the smbldap-tools Tarball"><a name="idealxscript"></a><p class="title"><b>Procedure 5.5. Unpacking and Installation Steps for the <code class="constant">smbldap-tools</code> Tarball</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Create the <code class="filename">/opt/IDEALX/sbin</code> directory, and set its permissions
                 and ownership as shown here:
@@ -1282 +1282 @@
 <code class="prompt">root# </code> chmod 755 /etc/smbldap-tools
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 If you wish to use the downloaded tarball, unpack the smbldap-tools in a suitable temporary location.
                 Change into either the directory extracted from the tarball or the smbldap-tools
                 directory in your <code class="filename">/usr/share/doc/packages</code> directory tree.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Copy all the <code class="filename">smbldap-*</code> and the <code class="filename">configure.pl</code> files into the 
                 <code class="filename">/opt/IDEALX/sbin</code> directory, as shown here:
@@ -1298 +1298 @@
 <code class="prompt">root# </code> chmod 600 /etc/smbldap-tools/smbldap_bind.conf
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 The smbldap-tools scripts master control file must now be configured.
                 Change to the <code class="filename">/opt/IDEALX/sbin</code> directory, then edit the
@@ -1311 +1311 @@
 ...
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 To complete the configuration of the smbldap-tools, set the permissions and ownership
                 by executing the following commands:
@@ -1321 +1321 @@
                 The smbldap-tools scripts are now ready for the configuration step outlined in
                 <a class="link" href="happy.html#smbldap-init" title="Configuration of smbldap-tools">&#8220;Configuration of smbldap-tools&#8221;</a>.
-                </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2576407"></a>Installing smbldap-tools from the RPM Package</h4></div></div></div><p>
+                </p></li></ol></div></div><div class="sect3" title="Installing smbldap-tools from the RPM Package"><div class="titlepage"><div><div><h4 class="title"><a name="id346204"></a>Installing smbldap-tools from the RPM Package</h4></div></div></div><p>
         In the event that you have elected to use the RPM package provided by Idealx, download the
         source RPM <code class="filename">smbldap-tools-0.9.1-1.src.rpm</code>, then follow this procedure:
-        </p><div class="procedure"><a name="id2576425"></a><p class="title"><b>Procedure 5.6. Installation Steps for <code class="constant">smbldap-tools</code> RPM's</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.6. Installation Steps for smbldap-tools RPM's"><a name="id346220"></a><p class="title"><b>Procedure 5.6. Installation Steps for <code class="constant">smbldap-tools</code> RPM's</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the source RPM that has been downloaded as follows:
 </p><pre class="screen">
 <code class="prompt">root# </code> rpm -i smbldap-tools-0.9.1-1.src.rpm
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Change into the directory in which the SPEC files are located. On SUSE Linux:
 </p><pre class="screen">
@@ -1338 +1338 @@
 <code class="prompt">root# </code> cd /usr/src/redhat/SPECS
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Edit the <code class="filename">smbldap-tools.spec</code> file to change the value of the
                 <code class="constant">_sysconfig</code> macro as shown here:
@@ -1346 +1346 @@
 </pre><p>
                 Note: Any suitable directory can be specified.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Build the package by executing:
 </p><pre class="screen">
@@ -1353 +1353 @@
                 A build process that has completed without error will place the installable binary
                 files in the directory <code class="filename">../RPMS/noarch</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Install the binary package by executing:
 </p><pre class="screen">
@@ -1361 +1361 @@
         The Idealx scripts should now be ready for configuration using the steps outlined in
         <a class="link" href="happy.html#smbldap-init" title="Configuration of smbldap-tools">Configuration of smbldap-tools</a>.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="smbldap-init"></a>Configuration of smbldap-tools</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Configuration of smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="smbldap-init"></a>Configuration of smbldap-tools</h4></div></div></div><p>
         Prior to use, the smbldap-tools must be configured to match the settings in the <code class="filename">smb.conf</code> file
         and to match the settings in the <code class="filename">/etc/openldap/slapd.conf</code> file. The assumption
@@ -1369 +1369 @@
         The smbldap-tools require that the NetBIOS name (machine name) of the Samba server be included
         in the <code class="filename">smb.conf</code> file.
-        </p><div class="procedure"><a name="id2576620"></a><p class="title"><b>Procedure 5.7. Configuration Steps for <code class="constant">smbldap-tools</code> to Enable Use</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.7. Configuration Steps for smbldap-tools to Enable Use"><a name="id346402"></a><p class="title"><b>Procedure 5.7. Configuration Steps for <code class="constant">smbldap-tools</code> to Enable Use</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Change into the directory that contains the <code class="filename">configure.pl</code> script.
 </p><pre class="screen">
 <code class="prompt">root# </code> cd /opt/IDEALX/sbin
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Execute the <code class="filename">configure.pl</code> script as follows:
 </p><pre class="screen">
@@ -1470 +1470 @@
                 address of the master LDAP server for both the master and the slave configuration
                 prompts.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Change to the directory that contains the <code class="filename">smbldap.conf</code> file,
                 then verify its contents.
                 </p></li></ol></div><p>
         The smbldap-tools are now ready for use.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2576821"></a>LDAP Initialization and Creation of User and Group Accounts</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="LDAP Initialization and Creation of User and Group Accounts"><div class="titlepage"><div><div><h3 class="title"><a name="id346546"></a>LDAP Initialization and Creation of User and Group Accounts</h3></div></div></div><p>
         The LDAP database must be populated with well-known Windows domain user accounts and domain group 
         accounts before Samba can be used. The following procedures step you through the process.
@@ -1487 +1487 @@
         </p><p>
         Addition of an account to the LDAP backend can be done in two ways:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2576855"></a>
-                <a class="indexterm" name="id2576862"></a>
-                <a class="indexterm" name="id2576869"></a>
-                <a class="indexterm" name="id2576876"></a>
-                <a class="indexterm" name="id2576882"></a>
-                <a class="indexterm" name="id2576889"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id346574"></a>
+                <a class="indexterm" name="id346580"></a>
+                <a class="indexterm" name="id346587"></a>
+                <a class="indexterm" name="id346594"></a>
+                <a class="indexterm" name="id346601"></a>
+                <a class="indexterm" name="id346608"></a>
                 If you always have a user account in the <code class="filename">/etc/passwd</code> on every 
                 server or in a NIS(+) backend, it is not necessary to add POSIX accounts for them in 
@@ -1504 +1504 @@
                 migration tool to migrate all system accounts from either the <code class="filename">/etc/passwd</code>
                 files, or from NIS, to LDAP.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 If you decide that it is probably a good idea to add both the PosixAccount attributes
                 as well as the SambaSamAccount attributes for each user, then a suitable script is needed.
@@ -1511 +1511 @@
                 is included on the enclosed CD-ROM under <code class="filename">Chap06/Tools.</code>
                 </p></li></ul></div><p>
-        <a class="indexterm" name="id2576949"></a>
+        <a class="indexterm" name="id346659"></a>
         If you wish to have more control over how the LDAP database is initialized or 
         if you don't want to use the Idealx smbldap-tools, you should refer to 
         <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#altldapcfg" title="Alternative LDAP Database Initialization">&#8220;Alternative LDAP Database Initialization&#8221;</a>.
         </p><p>
-        <a class="indexterm" name="id2576976"></a>
+        <a class="indexterm" name="id346685"></a>
         The following steps initialize the LDAP database, and then you can add user and group
         accounts that Samba can use. You use the <code class="literal">smbldap-populate</code> to
         seed the LDAP database. You then manually add the accounts shown in <a class="link" href="happy.html#sbehap-bigacct" title="Table 5.3. Abmas Network Users and Groups">&#8220;Abmas Network Users and Groups&#8221;</a>. 
         The list of users does not cover all 500 network users; it provides examples only.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2577006"></a>
-        <a class="indexterm" name="id2577015"></a>
-        <a class="indexterm" name="id2577024"></a>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id346712"></a>
+        <a class="indexterm" name="id346720"></a>
+        <a class="indexterm" name="id346730"></a>
         In the following examples, as the LDAP database is initialized, we do create a container
         for Computer (machine) accounts. In the Samba-3 <code class="filename">smb.conf</code> files, specific use is made
@@ -1541 +1541 @@
         are able to sidestep this limitation. This is the simpler solution that has been adopted
         in this chapter.
-        </p></div><div class="table"><a name="sbehap-bigacct"></a><p class="title"><b>Table 5.3. Abmas Network Users and Groups</b></p><div class="table-contents"><table summary="Abmas Network Users and Groups" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">Account Name</th><th align="center">Type</th><th align="center">ID</th><th align="center">Password</th></tr></thead><tbody><tr><td align="left">Robert Jordan</td><td align="left">User</td><td align="left">bobj</td><td align="left">n3v3r2l8</td></tr><tr><td align="left">Stanley Soroka</td><td align="left">User</td><td align="left">stans</td><td align="left">impl13dst4r</td></tr><tr><td align="left">Christine Roberson</td><td align="left">User</td><td align="left">chrisr</td><td align="left">S9n0nw4ll</td></tr><tr><td align="left">Mary Vortexis</td><td align="left">User</td><td align="left">maryv</td><td align="left">kw13t0n3</td></tr><tr><td align="left">Accounts</td><td align="left">Group</td><td align="left">Accounts</td><td align="left"> </td></tr><tr><td align="left">Finances</td><td align="left">Group</td><td align="left">Finances</td><td align="left"> </td></tr><tr><td align="left">Insurance</td><td align="left">Group</td><td align="left">PIOps</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><div class="procedure"><a name="creatacc"></a><p class="title"><b>Procedure 5.8. LDAP Directory Initialization Steps</b></p><ol type="1"><li><p>
+        </p></div><div class="table"><a name="sbehap-bigacct"></a><p class="title"><b>Table 5.3. Abmas Network Users and Groups</b></p><div class="table-contents"><table summary="Abmas Network Users and Groups" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">Account Name</th><th align="center">Type</th><th align="center">ID</th><th align="center">Password</th></tr></thead><tbody><tr><td align="left">Robert Jordan</td><td align="left">User</td><td align="left">bobj</td><td align="left">n3v3r2l8</td></tr><tr><td align="left">Stanley Soroka</td><td align="left">User</td><td align="left">stans</td><td align="left">impl13dst4r</td></tr><tr><td align="left">Christine Roberson</td><td align="left">User</td><td align="left">chrisr</td><td align="left">S9n0nw4ll</td></tr><tr><td align="left">Mary Vortexis</td><td align="left">User</td><td align="left">maryv</td><td align="left">kw13t0n3</td></tr><tr><td align="left">Accounts</td><td align="left">Group</td><td align="left">Accounts</td><td align="left"> </td></tr><tr><td align="left">Finances</td><td align="left">Group</td><td align="left">Finances</td><td align="left"> </td></tr><tr><td align="left">Insurance</td><td align="left">Group</td><td align="left">PIOps</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><div class="procedure" title="Procedure 5.8. LDAP Directory Initialization Steps"><a name="creatacc"></a><p class="title"><b>Procedure 5.8. LDAP Directory Initialization Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Start the LDAP server by executing:
 </p><pre class="screen">
@@ -1547 +1547 @@
 Starting ldap-server                           done
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Change to the <code class="filename">/opt/IDEALX/sbin</code> directory.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Execute the script that will populate the LDAP database as shown here:
 </p><pre class="screen">
@@ -1580 +1580 @@
 adding new entry: cn=Replicators,ou=Groups,dc=abmas,dc=biz
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Edit the <code class="filename">/etc/smbldap-tools/smbldap.conf</code> file so that the following
                 information is changed from:
@@ -1593 +1593 @@
 sambaUnixIdPooldn="sambaDomainName=MEGANET2,dc=abmas,dc=biz"
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 It is necessary to restart the LDAP server as shown here:
 </p><pre class="screen">
@@ -1600 +1600 @@
 Starting ldap-server                                 done
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2577444"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id347108"></a>
                 So that we can use a global IDMAP repository, the LDAP directory must have a container object for IDMAP data. 
                 There are several ways you can check that your LDAP database is able to receive IDMAP information. One of 
@@ -1610 +1610 @@
 ou: idmap
 </pre><p>
-                <a class="indexterm" name="id2577468"></a>
+                <a class="indexterm" name="id347129"></a>
                 If the execution of this command does not return IDMAP entries, you need to create an LDIF
                 template file (see <a class="link" href="happy.html#sbehap-ldifadd" title="Example 5.12. LDIF IDMAP Add-On Load File File: /etc/openldap/idmap.LDIF">&#8220;LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF&#8221;</a>). You can add the required entries using 
@@ -1619 +1619 @@
 </pre><p>
                 Samba automatically populates this LDAP directory container when it needs to.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577507"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id347164"></a>
                 It looks like all has gone well, as expected. Let's confirm that this is the case
                 by running a few tests. First we check the contents of the database directly
@@ -1657 +1657 @@
 </pre><p>
                 This looks good so far.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577558"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id347205"></a>
                 The next step is to prove that the LDAP server is running and responds to a
                 search request. Execute the following as shown (output has been cut to save space):
@@ -1702 +1702 @@
 </pre><p>
                 Good. It is all working just fine.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577615"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id347246"></a>
                 You must now make certain that the NSS resolver can interrogate LDAP also.
                 Execute the following commands:
@@ -1716 +1716 @@
 Domain Computers:x:553:
 </pre><p>
-                <a class="indexterm" name="id2577645"></a>
+                <a class="indexterm" name="id347273"></a>
                 This demonstrates that the <code class="literal">nss_ldap</code> library is functioning
                 as it should. If these two steps fail to produce this information, refer to
@@ -1722 +1722 @@
                 isolate the cause of the problem. Proceed to the next step only when the previous steps
                 have been successfully completed.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577675"></a>
-                <a class="indexterm" name="id2577682"></a>
-                <a class="indexterm" name="id2577689"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id347301"></a>
+                <a class="indexterm" name="id347308"></a>
+                <a class="indexterm" name="id347314"></a>
                 Our database is now ready for the addition of network users. For each user for
                 whom an account must be created, execute the following:
@@ -1740 +1740 @@
 </pre><p>
                 where <code class="constant">username</code> is the login ID for each user.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577750"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id347372"></a>
                 Now verify that the UNIX (POSIX) accounts can be resolved via NSS by executing the
                 following:
@@ -1757 +1757 @@
 </pre><p>
                 This demonstrates that user account resolution via LDAP is working.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 This step will determine whether or not identity resolution is working correctly.
                 Do not procede is this step fails, rather find the cause of the failure. The
@@ -1768 +1768 @@
                 This confirms that the UNIX (POSIX) user account information can be resolved from LDAP
                 by system tools that make a getentpw() system call.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577816"></a>
+                </p></li><li class="step" title="Step 13"><p>
+                <a class="indexterm" name="id347429"></a>
                 The root account must have UID=0; if not, this means that operations conducted from
                 a Windows client using tools such as the Domain User Manager fails under UNIX because
@@ -1780 +1780 @@
 <code class="prompt">root# </code> ./smbldap-usermod -u 0 -d /root -s /bin/bash root
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 14"><p>
                 Verify that the changes just made to the <code class="constant">root</code> account were
                 accepted by executing:
@@ -1789 +1789 @@
 </pre><p>
                 This demonstrates that the changes were accepted.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 15"><p>
                 Make certain that a home directory has been created for every user by listing the
                 directories in <code class="filename">/home</code> as follows:
@@ -1802 +1802 @@
 </pre><p>
                 This is precisely what we want to see.
-                </p></li><li><p>
-                <a class="indexterm" name="id2577915"></a>
-                <a class="indexterm" name="id2577922"></a>
+                </p></li><li class="step" title="Step 16"><p>
+                <a class="indexterm" name="id347517"></a>
+                <a class="indexterm" name="id347524"></a>
                 The final validation step involves making certain that Samba-3 can obtain the user
                 accounts from the LDAP ldapsam passwd backend. Execute the following command as shown:
@@ -1834 +1834 @@
 </pre><p>
                 This looks good. Of course, you fully expected that it would all work, didn't you?
-                </p></li><li><p>
-                <a class="indexterm" name="id2577967"></a>
+                </p></li><li class="step" title="Step 17"><p>
+                <a class="indexterm" name="id347558"></a>
                 Now you add the group accounts that are used on the Abmas network. Execute
                 the following exactly as shown:
@@ -1845 +1845 @@
                 The addition of groups does not involve keyboard interaction, so the lack of console
                 output is of no concern.
-                </p></li><li><p>
-                <a class="indexterm" name="id2578010"></a>
+                </p></li><li class="step" title="Step 18"><p>
+                <a class="indexterm" name="id347598"></a>
                 You really do want to confirm that UNIX group resolution from LDAP is functioning 
                 as it should. Let's do this as shown here:
@@ -1862 +1862 @@
                 The well-known special accounts (Domain Admins, Domain Users, Domain Guests), as well
                 as our own site-specific group accounts, are correctly listed. This is looking good.
-                </p></li><li><p>
-                <a class="indexterm" name="id2578042"></a>
+                </p></li><li class="step" title="Step 19"><p>
+                <a class="indexterm" name="id347627"></a>
                 The final step we need to validate is that Samba can see all the Windows domain groups
                 and that they are correctly mapped to the respective UNIX group account. To do this,
@@ -1880 +1880 @@
                 the lines were shortened by replacing the middle value (1010554828) of the SID with the 
                 ellipsis (...).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 20"><p>
                 The server you have so carefully built is now ready for another important step. You 
                 start the Samba-3 server and validate its operation. Execute the following to render all 
@@ -1896 +1896 @@
 <code class="prompt">root# </code> rcwinbind start
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 21"><p>
                 The next step might seem a little odd at this point, but take note that you are about to
                 start <code class="literal">winbindd</code>, which must be able to authenticate to the PDC via the
@@ -1911 +1911 @@
 </pre><p>
                 This indicates that the domain security account for the PDC has been correctly created.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 22"><p>
                 At this time it is necessary to restart <code class="literal">winbindd</code> so that it can
                 correctly authenticate to the PDC. The following command achieves that:
@@ -1917 +1917 @@
 <code class="prompt">root# </code> rcwinbind restart
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2578257"></a>
+                </p></li><li class="step" title="Step 23"><p>
+                <a class="indexterm" name="id347824"></a>
                 You may now check Samba-3 operation as follows:
 </p><pre class="screen">
@@ -1944 +1944 @@
 </pre><p>
         This shows that an anonymous connection is working.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 24"><p>
                 For your finale, let's try an authenticated connection:
 </p><pre class="screen">
@@ -1963 +1963 @@
                 </p></li></ol></div><p>
         The server <code class="constant">MASSIVE</code> is now configured, and it is time to move onto the next task.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2578368"></a>
+        </p></div><div class="sect2" title="Printer Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id347908"></a>
         The configuration for Samba-3 to enable CUPS raw-print-through printing has already been
         taken care of in the <code class="filename">smb.conf</code> file. The only preparation needed for <code class="constant">smart</code>
         printing to be possible involves creation of the directories in which Samba-3 stores
         Windows printing driver files.
-        </p><div class="procedure"><a name="id2578390"></a><p class="title"><b>Procedure 5.9. Printer Configuration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.9. Printer Configuration Steps"><a name="id347927"></a><p class="title"><b>Procedure 5.9. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure all network-attached printers to have a fixed IP address.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Create an entry in the DNS database on the server <code class="constant">MASSIVE</code>
                 in both the forward lookup database for the zone <code class="constant">abmas.biz.hosts</code>
@@ -1977 +1977 @@
                 be located in. Example configuration files for similar zones were presented in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a>,
                 <a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">&#8220;DNS Abmas.biz Forward Zone File&#8221;</a> and in <a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">&#8220;DNS 192.168.2 Reverse Zone File&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Follow the instructions in the printer manufacturers' manuals to permit printing
                 to port 9100.  Use any other port the manufacturer specifies for direct mode,
                 raw printing.  This allows the CUPS spooler to print using raw mode protocols.
-                <a class="indexterm" name="id2578451"></a>
-                <a class="indexterm" name="id2578458"></a>
-                </p></li><li><p>
-                <a class="indexterm" name="id2578472"></a>
-                <a class="indexterm" name="id2578478"></a>
+                <a class="indexterm" name="id347982"></a>
+                <a class="indexterm" name="id347989"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id348002"></a>
+                <a class="indexterm" name="id348009"></a>
                 Only on the server to which the printer is attached, configure the CUPS Print
                 Queues as follows:
@@ -1992 +1992 @@
          -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E
 </pre><p>
-                <a class="indexterm" name="id2578514"></a>
+                <a class="indexterm" name="id348043"></a>
                 This step creates the necessary print queue to use no assigned print filter. This
                 is ideal for raw printing, that is, printing without use of filters.
                 The name <em class="parameter"><code>printque</code></em> is the name you have assigned for
                 the particular printer.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Print queues may not be enabled at creation. Make certain that the queues
                 you have just created are enabled by executing the following:
@@ -2003 +2003 @@
 <code class="prompt">root# </code> /usr/bin/enable <em class="parameter"><code>printque</code></em>
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Even though your print queue may be enabled, it is still possible that it
                 may not accept print jobs. A print queue will service incoming printing
@@ -2011 +2011 @@
 <code class="prompt">root# </code> /usr/bin/accept <em class="parameter"><code>printque</code></em>
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2578595"></a>
-                <a class="indexterm" name="id2578602"></a>
-                <a class="indexterm" name="id2578609"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id348117"></a>
+                <a class="indexterm" name="id348124"></a>
+                <a class="indexterm" name="id348130"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                </p></li><li><p>
-                 <a class="indexterm" name="id2578638"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                 <a class="indexterm" name="id348157"></a>
                  Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Refer to the CUPS printing manual for instructions regarding how to configure
                 CUPS so that print queues that reside on CUPS servers on remote networks
@@ -2031 +2031 @@
                 on your CUPS server may automatically discover remotely installed printers and
                 may permit this functionality without requiring specific configuration.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 The following action creates the necessary directory subsystem. Follow these 
                 steps to printing heaven:
@@ -2039 +2039 @@
 <code class="prompt">root# </code> chmod -R ug=rwx,o=rx /var/lib/samba/drivers
 </pre><p>
-                </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sbehap-bldg1"></a>Samba-3 BDC Configuration</h2></div></div></div><div class="procedure"><a name="id2578721"></a><p class="title"><b>Procedure 5.10. Configuration of BDC Called: <code class="constant">BLDG1</code></b></p><ol type="1"><li><p>
+                </p></li></ol></div></div></div><div class="sect1" title="Samba-3 BDC Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sbehap-bldg1"></a>Samba-3 BDC Configuration</h2></div></div></div><div class="procedure" title="Procedure 5.10. Configuration of BDC Called: BLDG1"><a name="id348233"></a><p class="title"><b>Procedure 5.10. Configuration of BDC Called: <code class="constant">BLDG1</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-bldg1-smbconf" title="Example 5.8. LDAP Based smb.conf File, Server: BLDG1">&#8220;LDAP Based smb.conf File, Server: BLDG1&#8221;</a>,
                 <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, and <a class="link" href="happy.html#sbehap-shareconfb" title="Example 5.11. LDAP Based smb.conf File, Shares Section Part B">&#8220;LDAP Based smb.conf File, Shares Section  Part B&#8221;</a>
                 into the <code class="filename">/etc/samba/</code> directory. The three files
                 should be added together to form the <code class="filename">smb.conf</code> file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Verify the <code class="filename">smb.conf</code> file as in step 2 of <a class="link" href="happy.html#sbehap-massive" title="Samba-3 PDC Configuration">&#8220;Samba-3 PDC Configuration&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Carefully follow the steps outlined in <a class="link" href="happy.html#sbehap-PAM-NSS" title="PAM and NSS Client Configuration">&#8220;PAM and NSS Client Configuration&#8221;</a>, taking
                 particular note to install the correct <code class="filename">ldap.conf</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Verify that the NSS resolver is working. You may need to cycle the run level
                 to 1 and back to 5 before the NSS LDAP resolver functions. Follow these
@@ -2081 +2081 @@
 </pre><p>
                 This is the correct output. If the accounts that have UIDs above 512 are not shown, there is a problem.
-                </p></li><li><p>
-                <a class="indexterm" name="id2578881"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id348380"></a>
                 The next step in the verification process involves testing the operation of UNIX group
                 resolution via the NSS LDAP resolver. Execute these commands:
@@ -2111 +2111 @@
                 This is also the correct and desired output, because it demonstrates that the LDAP client
                 is able to communicate correctly with the LDAP server (<code class="constant">MASSIVE</code>).
-                </p></li><li><p>
-                <a class="indexterm" name="id2578922"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id348415"></a>
                 You must now set the LDAP administrative password into the Samba-3 <code class="filename">secrets.tdb</code>
                 file by executing this command:
@@ -2119 +2119 @@
 Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now you must obtain the domain SID from the PDC and store it into the
                 <code class="filename">secrets.tdb</code> file also. This step is not necessary with an LDAP
@@ -2136 +2136 @@
                 thus requiring that the BDC should be joined to the domain. The process of joining
                 the domain creates the necessary authentication accounts.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 To join the Samba BDC to the domain, execute the following:
 </p><pre class="screen">
@@ -2143 +2143 @@
 </pre><p>
                 This indicates that the domain security account for the BDC has been correctly created.
-                </p></li><li><p>
-                <a class="indexterm" name="id2579023"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id348504"></a>
                 Verify that user and group account resolution works via Samba-3 tools as follows:
 </p><pre class="screen">
@@ -2170 +2170 @@
 </pre><p>
                 These results show that all things are in order.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 The server you have so carefully built is now ready for another important step. Now
                 start the Samba-3 server and validate its operation. Execute the following to render all
@@ -2186 +2186 @@
 </pre><p>
                 Samba-3 should now be running and is ready for a quick test. But not quite yet!
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 Your new <code class="constant">BLDG1, BLDG2</code> servers do not have home directories for users.
                 To rectify this using the SUSE yast2 utility or by manually editing the <code class="filename">/etc/fstab</code>
@@ -2206 +2206 @@
 massive:/home         29532988    283388  29249600   1% /home
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 Implement a quick check using one of the users that is in the LDAP database. Here you go:
 </p><pre class="screen">
@@ -2225 +2225 @@
         Now that the first BDC (<code class="constant">BDLG1</code>) has been configured it is time to build 
         and configure the second BDC server (<code class="constant">BLDG2</code>) as follows:
-        </p><div class="procedure"><a name="sbehap-bldg2"></a><p class="title"><b>Procedure 5.11. Configuration of BDC Called <code class="constant">BLDG2</code></b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.11. Configuration of BDC Called BLDG2"><a name="sbehap-bldg2"></a><p class="title"><b>Procedure 5.11. Configuration of BDC Called <code class="constant">BLDG2</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-bldg2-smbconf" title="Example 5.9. LDAP Based smb.conf File, Server: BLDG2">&#8220;LDAP Based smb.conf File, Server: BLDG2&#8221;</a>,
                 <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, and <a class="link" href="happy.html#sbehap-shareconfb" title="Example 5.11. LDAP Based smb.conf File, Shares Section Part B">&#8220;LDAP Based smb.conf File, Shares Section  Part B&#8221;</a>
                 into the <code class="filename">/etc/samba/</code> directory. The three files
                 should be added together to form the <code class="filename">smb.conf</code> file.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Follow carefully the steps shown in <a class="link" href="happy.html#sbehap-bldg1" title="Samba-3 BDC Configuration">&#8220;Samba-3 BDC Configuration&#8221;</a>, starting at step 2.
-                </p></li></ol></div><div class="example"><a name="sbehap-bldg1-smbconf"></a><p class="title"><b>Example 5.8. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2579369"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2579381"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2579393"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2579405"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579417"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579429"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2579441"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2579452"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2579464"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2579476"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2579487"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2579499"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2579511"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2579523"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579535"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2579547"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2579559"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2579571"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579582"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579594"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2579606"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579618"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2579630"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2579642"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2579654"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2579666"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579678"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579690"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2579702"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2579714"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2579725"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-bldg2-smbconf"></a><p class="title"><b>Example 5.9. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2579772"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2579784"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2579795"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2579807"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2579819"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579831"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2579843"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2579855"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2579866"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2579878"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2579890"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2579902"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2579914"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2579926"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579938"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2579950"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2579962"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2579973"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2579985"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2579997"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2580008"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2580020"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2580032"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2580044"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2580056"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2580068"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2580080"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2580093"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2580104"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2580116"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2580128"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfa"></a><p class="title"><b>Example 5.10. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2580174"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580186"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2580198"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2580218"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580230"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2580241"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2580262"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580274"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2580285"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2580306"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2580318"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2580329"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580341"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2580361"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2580373"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2580385"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580396"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580408"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfb"></a><p class="title"><b>Example 5.11. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2580454"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2580466"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2580477"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2580489"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2580509"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2580521"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2580533"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580544"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2580565"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2580577"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2580589"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580600"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2580621"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2580633"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2580645"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2580656"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2580677"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2580689"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2580700"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580712"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id2580724"></a><em class="parameter"><code>read only = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2580735"></a><em class="parameter"><code>write list = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-ldifadd"></a><p class="title"><b>Example 5.12. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
+                </p></li></ol></div><div class="example"><a name="sbehap-bldg1-smbconf"></a><p class="title"><b>Example 5.8. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id348810"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id348821"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id348832"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id348844"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id348856"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id348867"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id348879"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id348890"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id348902"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id348913"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id348925"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id348936"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id348948"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id348959"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id348971"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id348982"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id348994"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id349006"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349017"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id349028"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id349040"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349052"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349063"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349075"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id349086"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id349098"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349110"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id349122"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349133"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349144"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id349156"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-bldg2-smbconf"></a><p class="title"><b>Example 5.9. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id349201"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id349213"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id349224"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id349236"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id349247"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349259"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id349270"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id349282"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id349293"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id349305"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id349316"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id349328"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id349339"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id349351"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id349362"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id349374"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id349386"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id349397"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349409"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id349420"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id349432"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349443"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349455"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349466"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id349478"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id349490"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349501"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id349513"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349525"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349536"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id349548"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfa"></a><p class="title"><b>Example 5.10. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id349592"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id349604"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id349615"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id349635"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id349647"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id349658"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id349679"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id349690"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id349702"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id349722"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id349734"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id349745"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id349757"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id349777"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id349789"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id349800"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349812"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349823"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfb"></a><p class="title"><b>Example 5.11. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id349868"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id349879"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id349891"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id349902"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id349922"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id349934"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id349946"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349957"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id349978"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id349989"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id350001"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id350012"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id350032"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id350044"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id350056"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id350067"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id350088"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id350099"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id350111"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id350122"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id350134"></a><em class="parameter"><code>read only = yes</code></em></td></tr><tr><td><a class="indexterm" name="id350145"></a><em class="parameter"><code>write list = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-ldifadd"></a><p class="title"><b>Example 5.12. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
 dn: ou=Idmap,dc=abmas,dc=biz
 objectClass: organizationalUnit
 ou: idmap
 structuralObjectClass: organizationalUnit
-</pre></div></div><br class="example-break"></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2580771"></a>Miscellaneous Server Preparation Tasks</h2></div></div></div><p>
-        My father would say, &#8220;<span class="quote">Dinner is not over until the dishes have been done.</span>&#8221;
+</pre></div></div><br class="example-break"></div><div class="sect1" title="Miscellaneous Server Preparation Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id350178"></a>Miscellaneous Server Preparation Tasks</h2></div></div></div><p>
+        My father would say, <span class="quote">&#8220;<span class="quote">Dinner is not over until the dishes have been done.</span>&#8221;</span>
         The makings of a great network environment take a lot of effort and attention to detail.
         So far, you have completed most of the complex (and to many administrators, the interesting
@@ -2244 +2244 @@
         a few more steps that must be completed so that your network runs like a well-rehearsed
         orchestra.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2580791"></a>Configuring Directory Share Point Roots</h3></div></div></div><p>
+        </p><div class="sect2" title="Configuring Directory Share Point Roots"><div class="titlepage"><div><div><h3 class="title"><a name="id350194"></a>Configuring Directory Share Point Roots</h3></div></div></div><p>
         In your <code class="filename">smb.conf</code> file, you have specified Windows shares. Each has a <em class="parameter"><code>path</code></em>
         parameter. Even though it is obvious to all, one of the common Samba networking problems is
@@ -2262 +2262 @@
 <code class="prompt">root# </code> chmod -R ug+rwx,o+rx-w /apps
 </pre><p>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2580886"></a>Configuring Profile Directories</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Configuring Profile Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id350283"></a>Configuring Profile Directories</h3></div></div></div><p>
         You made a conscious decision to do everything it would take to improve network client
         performance. One of your decisions was to implement folder redirection. This means that Windows
@@ -2287 +2287 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2581002"></a>
-        <a class="indexterm" name="id2581009"></a>
+        <a class="indexterm" name="id350393"></a>
+        <a class="indexterm" name="id350399"></a>
         You have three options insofar as the dynamically loaded portion of the roaming profile
         is concerned: 
-        </p><div class="itemizedlist"><ul type="disc"><li><p>You may permit the user to obtain a default profile.</p></li><li><p>You can create a mandatory profile.</p></li><li><p>You can create a group profile (which is almost always a mandatory profile).</p></li></ul></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>You may permit the user to obtain a default profile.</p></li><li class="listitem"><p>You can create a mandatory profile.</p></li><li class="listitem"><p>You can create a group profile (which is almost always a mandatory profile).</p></li></ul></div><p>
         Mandatory profiles cannot be overwritten by a user. The change from a user profile to a mandatory
         profile is effected by renaming the <code class="filename">NTUSER.DAT</code> to <code class="filename">NTUSER.MAN</code>,
         that is, just by changing the filename extension.
         </p><p>
-        <a class="indexterm" name="id2581059"></a>
-        <a class="indexterm" name="id2581066"></a>
+        <a class="indexterm" name="id350445"></a>
+        <a class="indexterm" name="id350452"></a>
         The location of the profile that a user can obtain is set in the user's account in the LDAP passdb backend.
         You can manage this using the Idealx smbldap-tools or using the 
@@ -2310 +2310 @@
 <code class="prompt">root# </code> chmod 700  /var/lib/samba/profiles/<span class="emphasis"><em>username</em></span>
 </pre><p>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2581130"></a>Preparation of Logon Scripts</h3></div></div></div><p>
-        <a class="indexterm" name="id2581138"></a>
+        </p></div><div class="sect2" title="Preparation of Logon Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="id350512"></a>Preparation of Logon Scripts</h3></div></div></div><p>
+        <a class="indexterm" name="id350519"></a>
         The use of a logon script with Windows XP Professional is an option that every site should consider.
         Unless you have locked down the desktop so the user cannot change anything, there is risk that
@@ -2336 +2336 @@
         Section 24.4. A quick Web search will bring up a host of options. One of the most popular logon
         facilities in use today is called <a class="ulink" href="http://www.kixtart.org" target="_top">KiXtart</a>.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2581241"></a>Assigning User Rights and Privileges</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Assigning User Rights and Privileges"><div class="titlepage"><div><div><h3 class="title"><a name="id350609"></a>Assigning User Rights and Privileges</h3></div></div></div><p>
         The ability to perform tasks such as joining Windows clients to the domain can be assigned to
         normal user accounts. By default, only the domain administrator account (<code class="constant">root</code> on UNIX
@@ -2348 +2348 @@
         are granted rights can be restricted to particular machines. It is left to the network administrator
         to determine which rights should be provided and to whom.
-        </p><div class="procedure"><a name="id2581277"></a><p class="title"><b>Procedure 5.12. Steps for Assignment of User Rights and Privileges</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.12. Steps for Assignment of User Rights and Privileges"><a name="id350638"></a><p class="title"><b>Procedure 5.12. Steps for Assignment of User Rights and Privileges</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Log onto the PDC as the <code class="constant">root</code> account.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Execute the following command to grant the <code class="constant">Domain Admins</code> group all
                 rights and privileges:
@@ -2362 +2362 @@
                 Repeat this step on each domain controller, in each case substituting the name of the server
                 (e.g., BLDG1, BLDG2) in place of the PDC called MASSIVE.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 In this step the privilege will be granted to Bob Jordan (bobj) to add Windows workstations
                 to the domain. Execute the following only on the PDC. It is not necessary to do this on
@@ -2371 +2371 @@
 Successfully granted rights.
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Verify that privilege assignments have been correctly applied by executing:
 </p><pre class="screen">
@@ -2406 +2406 @@
 SeDiskOperatorPrivilege
 </pre><p>
-                </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2581375"></a>Windows Client Configuration</h2></div></div></div><p>
-        <a class="indexterm" name="id2581383"></a>
+                </p></li></ol></div></div></div><div class="sect1" title="Windows Client Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id350723"></a>Windows Client Configuration</h2></div></div></div><p>
+        <a class="indexterm" name="id350731"></a>
         In the next few sections, you can configure a new Windows XP Professional disk image on a staging
         machine. You will configure all software, printer settings, profile and policy handling, and desktop
@@ -2419 +2419 @@
         Base Profile for All Users."</a>
 
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="redirfold"></a>Configuration of Default Profile with Folder Redirection</h3></div></div></div><p>
-        <a class="indexterm" name="id2581433"></a>
+        </p><div class="sect2" title="Configuration of Default Profile with Folder Redirection"><div class="titlepage"><div><div><h3 class="title"><a name="redirfold"></a>Configuration of Default Profile with Folder Redirection</h3></div></div></div><p>
+        <a class="indexterm" name="id350774"></a>
         Log onto the Windows XP Professional workstation as the local <code class="constant">Administrator</code>.
         It is necessary to expose folders that are generally hidden to provide access to the
         <code class="constant">Default User</code> folder.
-        </p><div class="procedure"><a name="id2581451"></a><p class="title"><b>Procedure 5.13. Expose Hidden Folders</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.13. Expose Hidden Folders"><a name="id350791"></a><p class="title"><b>Procedure 5.13. Expose Hidden Folders</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Launch the Windows Explorer by clicking
                         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">My Computer</span> &#8594; <span class="guimenuitem">Tools</span> &#8594; <span class="guimenuitem">Folder Options</span> &#8594; <span class="guimenuitem">View Tab</span>.
                 Select <span class="guilabel">Show hidden files and folders</span>,
                 and click <span class="guibutton">OK</span>.  Exit Windows Explorer.
-                </p></li><li><p>
-                <a class="indexterm" name="id2581518"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id350856"></a>
                 Launch the Registry Editor. Click 
                 <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Run</span>. Key in <code class="literal">regedt32</code>, and click
                 <span class="guibutton">OK</span>.
                 </p></li></ol></div><p>
-        </p><div class="procedure"><a name="sbehap-rdrfldr"></a><p class="title"><b>Procedure 5.14. Redirect Folders in Default System User Profile</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2581576"></a>
-                <a class="indexterm" name="id2581582"></a>
+        </p><div class="procedure" title="Procedure 5.14. Redirect Folders in Default System User Profile"><a name="sbehap-rdrfldr"></a><p class="title"><b>Procedure 5.14. Redirect Folders in Default System User Profile</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id350912"></a>
+                <a class="indexterm" name="id350919"></a>
                 Give focus to <code class="constant">HKEY_LOCAL_MACHINE</code> hive entry in the left panel.
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Load Hive...</span> &#8594; <span class="guimenuitem">Documents and Settings</span> &#8594; <span class="guimenuitem">Default User</span> &#8594; <span class="guimenuitem">NTUSER</span> &#8594; <span class="guimenuitem">Open</span>. In the dialog box that opens, enter the key name
                 <code class="constant">Default</code> and click <span class="guibutton">OK</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Browse inside the newly loaded Default folder to:
 </p><pre class="screen">
@@ -2448 +2448 @@
 </pre><p>
                 The right panel reveals the contents as shown in <a class="link" href="happy.html#XP-screen001" title="Figure 5.3. Windows XP Professional User Shared Folders">&#8220;Windows XP Professional  User Shared Folders&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2581675"></a>
-                <a class="indexterm" name="id2581682"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id351008"></a>
+                <a class="indexterm" name="id351015"></a>
                 You edit hive keys. Acceptable values to replace the 
                 <code class="constant">%USERPROFILE%</code> variable includes:
 
-                </p><div class="itemizedlist"><ul type="disc"><li><p>A drive letter such as <code class="constant">U:</code></p></li><li><p>A direct network path such as
-                                <code class="constant">\\MASSIVE\profdata</code></p></li><li><p>A network redirection (UNC name) that contains a macro such as </p><p><code class="constant">%LOGONSERVER%\profdata\</code></p></li></ul></div><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2581729"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A drive letter such as <code class="constant">U:</code></p></li><li class="listitem"><p>A direct network path such as
+                                <code class="constant">\\MASSIVE\profdata</code></p></li><li class="listitem"><p>A network redirection (UNC name) that contains a macro such as </p><p><code class="constant">%LOGONSERVER%\profdata\</code></p></li></ul></div><p>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id351059"></a>
                 Set the registry keys as shown in <a class="link" href="happy.html#proffold" title="Table 5.4. Default Profile Redirections">&#8220;Default Profile Redirections&#8221;</a>. Your implementation makes the assumption
                 that users have statically located machines. Notebook computers (mobile users) need to be
                 accommodated using local profiles. This is not an uncommon assumption.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Click back to the root of the loaded hive <code class="constant">Default</code>.
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Unload Hive...</span> &#8594; <span class="guimenuitem">Yes</span>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2581784"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id351112"></a>
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Exit</span>. This exits the
                 Registry Editor.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now follow the procedure given in <a class="link" href="happy.html#sbehap-locgrppol" title="The Local Group Policy">&#8220;The Local Group Policy&#8221;</a>. Make sure that each folder you
                 have redirected is in the exclusion list.
-                </p></li><li><p>
-                You are now ready to copy<sup>[<a name="id2581828" href="#ftn.id2581828" class="footnote">11</a>]</sup> 
+                </p></li><li class="step" title="Step 8"><p>
+                You are now ready to copy<sup>[<a name="id351153" href="#ftn.id351153" class="footnote">11</a>]</sup> 
                 the Default User profile to the Samba domain controllers. Launch Microsoft Windows Explorer,
                 and use it to copy the full contents of the directory <code class="filename">Default User</code> that
@@ -2483 +2483 @@
         desktop behavior should be returned to the original Microsoft settings. The following steps achieve
         that ojective:
-        </p><div class="procedure"><a name="id2581895"></a><p class="title"><b>Procedure 5.15. Reset Folder Display to Original Behavior</b></p><ul><li><p>
+        </p><div class="procedure" title="Procedure 5.15. Reset Folder Display to Original Behavior"><a name="id351213"></a><p class="title"><b>Procedure 5.15. Reset Folder Display to Original Behavior</b></p><ul class="procedure"><li class="step" title="Step 1"><p>
                 To launch the Windows Explorer, click
                         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">My Computer</span> &#8594; <span class="guimenuitem">Tools</span> &#8594; <span class="guimenuitem">Folder Options</span> &#8594; <span class="guimenuitem">View Tab</span>.
                 Deselect <span class="guilabel">Show hidden files and folders</span>, and click <span class="guibutton">OK</span>.
                 Exit Windows Explorer.
-                </p></li></ul></div><div class="figure"><a name="XP-screen001"></a><p class="title"><b>Figure 5.3. Windows XP Professional  User Shared Folders</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/XP-screen001.png" width="351" alt="Windows XP Professional User Shared Folders"></div></div></div><br class="figure-break"><div class="table"><a name="proffold"></a><p class="title"><b>Table 5.4. Default Profile Redirections</b></p><div class="table-contents"><table summary="Default Profile Redirections" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Registry Key</th><th align="left">Redirected Value</th></tr></thead><tbody><tr><td align="left">Cache</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\InternetFiles</td></tr><tr><td align="left">Cookies</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Cookies</td></tr><tr><td align="left">History</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\History</td></tr><tr><td align="left">Local AppData</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\AppData</td></tr><tr><td align="left">Local Settings</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\LocalSettings</td></tr><tr><td align="left">My Pictures</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyPictures</td></tr><tr><td align="left">Personal</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyDocuments</td></tr><tr><td align="left">Recent</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Recent</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2582129"></a>Configuration of MS Outlook to Relocate PST File</h3></div></div></div><p>
-        <a class="indexterm" name="id2582138"></a>
-        <a class="indexterm" name="id2582147"></a>
+                </p></li></ul></div><div class="figure"><a name="XP-screen001"></a><p class="title"><b>Figure 5.3. Windows XP Professional  User Shared Folders</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/XP-screen001.png" width="351" alt="Windows XP Professional User Shared Folders"></div></div></div><br class="figure-break"><div class="table"><a name="proffold"></a><p class="title"><b>Table 5.4. Default Profile Redirections</b></p><div class="table-contents"><table summary="Default Profile Redirections" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Registry Key</th><th align="left">Redirected Value</th></tr></thead><tbody><tr><td align="left">Cache</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\InternetFiles</td></tr><tr><td align="left">Cookies</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Cookies</td></tr><tr><td align="left">History</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\History</td></tr><tr><td align="left">Local AppData</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\AppData</td></tr><tr><td align="left">Local Settings</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\LocalSettings</td></tr><tr><td align="left">My Pictures</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyPictures</td></tr><tr><td align="left">Personal</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyDocuments</td></tr><tr><td align="left">Recent</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Recent</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Configuration of MS Outlook to Relocate PST File"><div class="titlepage"><div><div><h3 class="title"><a name="id351441"></a>Configuration of MS Outlook to Relocate PST File</h3></div></div></div><p>
+        <a class="indexterm" name="id351449"></a>
+        <a class="indexterm" name="id351458"></a>
         Microsoft Outlook can store a Personal Storage file, generally known as a PST file.
         It is the nature of email storage that this file grows, at times quite rapidly.
@@ -2499 +2499 @@
         To redirect the Outlook PST file in Outlook 2003 (older versions of Outlook behave
         slightly differently), follow these steps:
-        </p><div class="procedure"><a name="id2582170"></a><p class="title"><b>Procedure 5.16. Outlook PST File Relocation</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.16. Outlook PST File Relocation"><a name="id351476"></a><p class="title"><b>Procedure 5.16. Outlook PST File Relocation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Close Outlook if it is open.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 From the <span class="guimenu">Control Panel</span>, launch the Mail icon.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Click <span class="guimenu">Email Accounts.</span>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Make a note of the location of the PST file(s). From this location, move
                 the files to the desired new target location. The most desired new target location 
                 may well be the users' home directory.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Add a new data file, selecting the PST file in the new desired target location.
-                Give this entry (not the filename) a new name such as &#8220;<span class="quote">Personal Mail Folders.</span>&#8221;
+                Give this entry (not the filename) a new name such as <span class="quote">&#8220;<span class="quote">Personal Mail Folders.</span>&#8221;</span>
                 </p><p>
                 Note: If MS Outlook has been configured to use an IMAP account configuration there may be problems
@@ -2519 +2519 @@
                 used please email <code class="literal">jht@samba.org</code> with useful tips and suggestions so that
                 this warning can be removed or modified.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Close the <span class="guimenu">Date Files</span> windows, then click <span class="guimenu">Email Accounts</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Select <span class="guimenu">View of Change</span> exiting email accounts, click <span class="guibutton">Next.</span>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Change the <span class="guimenu">Mail Delivery Location</span> so as to use the data file in the new
                 target location.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Go back to the <span class="guimenu">Data Files</span> window, then delete the old data file entry.
-                </p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2582319"></a>
+                </p></li></ol></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id351615"></a>
         You may have to remove and reinstall the Outlook Address Book (Contacts) entries, otherwise 
         the user may be not be able to retrieve contacts when addressing a new email message.
-        </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2582334"></a>
+        </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id351628"></a>
         Outlook Express is not at all like MS OutLook. It stores file very differently also. Outlook
         Express storage files can not be redirected to network shares. The options panel will not permit
@@ -2542 +2542 @@
         registry, experience has shown that data corruption and loss of email messages will result.
         </p><p>
-        <a class="indexterm" name="id2582357"></a>
-        <a class="indexterm" name="id2582364"></a>
+        <a class="indexterm" name="id351646"></a>
+        <a class="indexterm" name="id351653"></a>
         In the same vane as MS Outlook, Outlook Express data stores can become very large. When used with
         roaming profiles this can result in excruciatingly long login and logout behavior will files are
@@ -2549 +2549 @@
         profiles are used.
         </p></div><p>
-        <a class="indexterm" name="id2582379"></a>
+        <a class="indexterm" name="id351665"></a>
         Microsoft does not support storing PST files on network shares, although the practice does appear
         to be rather popular. Anyone who does relocation the PST file to a network resource should refer
@@ -2555 +2555 @@
         understand the issues.
         </p><p>
-        <a class="indexterm" name="id2582400"></a>
+        <a class="indexterm" name="id351684"></a>
         Apart from manually moving PST files to a network share, it is possible to set the default PST
         location for new accounts by following the instructions at the WindowsITPro <a class="ulink" href="http://www.windowsitpro.com/Windows/Article/ArticleID/48228/48228.html" target="_top">web</a> site.
         </p><p>
-        <a class="indexterm" name="id2582420"></a>
+        <a class="indexterm" name="id351701"></a>
         User feedback suggests that disabling of oplocks on PST files will significantly improve
         network performance by reducing locking overheads. One way this can be done is to add to the
@@ -2566 +2566 @@
 veto oplock files = /*.pdf/*.PST/
 </pre><p>
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2582445"></a>Configure Delete Cached Profiles on Logout</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Configure Delete Cached Profiles on Logout"><div class="titlepage"><div><div><h3 class="title"><a name="id351724"></a>Configure Delete Cached Profiles on Logout</h3></div></div></div><p>
         Configure the Windows XP Professional client to auto-delete roaming profiles on logout:
         </p><p>
-        <a class="indexterm" name="id2582458"></a>
+        <a class="indexterm" name="id351736"></a>
         Click 
         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Run</span>. In the dialog box, enter <code class="literal">MMC</code> and click <span class="guibutton">OK</span>.
@@ -2577 +2577 @@
         <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Add/Remove Snap-in</span> &#8594; <span class="guimenuitem">Add</span> &#8594; <span class="guimenuitem">Group Policy</span> &#8594; <span class="guimenuitem">Add</span> &#8594; <span class="guimenuitem">Finish</span> &#8594; <span class="guimenuitem">Close</span> &#8594; <span class="guimenuitem">OK</span>. 
         </p><p>
-        <a class="indexterm" name="id2582554"></a>
+        <a class="indexterm" name="id351830"></a>
         The Microsoft Management Console now shows the <span class="guimenu">Group Policy</span>
         utility that enables you to set the policies needed. In the left panel, click
         <span class="guimenuitem">Local Computer Policy</span> &#8594; <span class="guimenuitem">Administrative Templates</span> &#8594; <span class="guimenuitem">System</span> &#8594; <span class="guimenuitem">User Profiles</span>. In the right panel, set the properties shown here by double-clicking on each
         item as shown:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Do not check for user ownership of Roaming Profile Folders = Enabled</p></li><li><p>Delete cached copies of roaming profiles = Enabled</p></li></ul></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Do not check for user ownership of Roaming Profile Folders = Enabled</p></li><li class="listitem"><p>Delete cached copies of roaming profiles = Enabled</p></li></ul></div><p>
         Close the Microsoft Management Console. The settings take immediate effect and persist onto all image copies
         made of this system to deploy the new standard desktop system.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2582625"></a>Uploading Printer Drivers to Samba Servers</h3></div></div></div><p>
-        <a class="indexterm" name="id2582633"></a>
+        </p></div><div class="sect2" title="Uploading Printer Drivers to Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id351896"></a>Uploading Printer Drivers to Samba Servers</h3></div></div></div><p>
+        <a class="indexterm" name="id351904"></a>
         Users want to be able to use network printers. You have a vested interest in making
         it easy for them to print. You have chosen to install the printer drivers onto the Samba
@@ -2593 +2593 @@
         print to the printer chosen. The following procedure must be followed for every network
         printer:
-        </p><div class="procedure"><a name="id2582651"></a><p class="title"><b>Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers"><a name="id351918"></a><p class="title"><b>Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Join your Windows XP Professional workstation (the staging machine) to the 
                 <code class="constant">MEGANET2</code> domain. If you are not sure of the procedure, 
                 follow the guidance given in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">&#8220;Joining a Domain: Windows 200x/XP Professional&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 After the machine has rebooted, log onto the workstation as the domain
                 <code class="constant">root</code> (this is the Administrator account for the 
                 operating system that is the host platform for this implementation of Samba.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Launch MS Windows Explorer. Navigate in the left panel. Click
                 <span class="guimenu">My Network Places</span> &#8594; <span class="guimenuitem">Entire Network</span> &#8594; <span class="guimenuitem">Microsoft Windows Network</span> &#8594; <span class="guimenuitem">Meganet2</span> &#8594; <span class="guimenuitem">Massive</span>. Click on <span class="guimenu">Massive</span>
                         <span class="guimenu">Printers and Faxes</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Identify a printer that is shown in the right panel. Let us assume the printer is called 
                 <code class="constant">ps01-color</code>. Right-click on the <span class="guimenu">ps01-color</span> icon
                 and select the <span class="guimenu">Properties</span> entry. This opens a dialog box that indicates
-                that &#8220;<span class="quote">The printer driver is not installed on this computer. Some printer properties
+                that <span class="quote">&#8220;<span class="quote">The printer driver is not installed on this computer. Some printer properties
                 will not be accessible unless you install the printer driver. Do you want to install the
-                driver now?</span>&#8221; It is important at this point you answer <span class="guimenu">No</span>.
-                </p></li><li><p>
+                driver now?</span>&#8221;</span> It is important at this point you answer <span class="guimenu">No</span>.
+                </p></li><li class="step" title="Step 5"><p>
                 The printer properties panel for the <span class="guimenu">ps01-color</span> printer on the server 
                 <code class="constant">MASSIVE</code> is displayed. Click the <span class="guimenu">Advanced</span> tab.
                 Note that the box labeled <span class="guimenu">Driver</span> is empty. Click the <span class="guimenu">New Driver</span>
-                button that is next to the <span class="guimenu">Driver</span> box. This launches the &#8220;<span class="quote">Add Printer Wizard</span>&#8221;.
-                </p></li><li><p>
-                <a class="indexterm" name="id2582840"></a>
-                <a class="indexterm" name="id2582849"></a>
-                The &#8220;<span class="quote">Add Printer Driver Wizard on <code class="constant">MASSIVE</code></span>&#8221; panel 
+                button that is next to the <span class="guimenu">Driver</span> box. This launches the <span class="quote">&#8220;<span class="quote">Add Printer Wizard</span>&#8221;</span>.
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id352097"></a>
+                <a class="indexterm" name="id352106"></a>
+                The <span class="quote">&#8220;<span class="quote">Add Printer Driver Wizard on <code class="constant">MASSIVE</code></span>&#8221;</span> panel 
                 is now presented. Click <span class="guimenu">Next</span> to continue. From the left panel, select the 
                 printer manufacturer. In your case, you are adding a driver for a printer manufactured by 
@@ -2627 +2627 @@
                 progress bar appears and instructs you as each file is being uploaded and that it is being 
                 directed at the network server <code class="constant">\\massive\ps01-color</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2582898"></a>
-                <a class="indexterm" name="id2582907"></a>
-                <a class="indexterm" name="id2582916"></a>
-                <a class="indexterm" name="id2582925"></a>
-                <a class="indexterm" name="id2582934"></a>
-                <a class="indexterm" name="id2582944"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id352150"></a>
+                <a class="indexterm" name="id352160"></a>
+                <a class="indexterm" name="id352169"></a>
+                <a class="indexterm" name="id352178"></a>
+                <a class="indexterm" name="id352187"></a>
+                <a class="indexterm" name="id352196"></a>
                 The driver upload completes in anywhere from a few seconds to a few minutes. When it completes,
                 you are returned to the <span class="guimenu">Advanced</span> tab in the <span class="guimenu">Properties</span> panel. 
                 You can set the Location (under the <span class="guimenu">General</span> tab) and Security settings (under 
                 the <span class="guimenu">Security</span> tab). Under the <span class="guimenu">Sharing</span> tab it is possible to
-                load additional printer drivers; there is also a check-box in this tab called &#8220;<span class="quote">List in the
-                directory</span>&#8221;. When this box is checked, the printer will be published in Active Directory
+                load additional printer drivers; there is also a check-box in this tab called <span class="quote">&#8220;<span class="quote">List in the
+                directory</span>&#8221;</span>. When this box is checked, the printer will be published in Active Directory
                 (Applicable to Active Directory use only.)
-                </p></li><li><p>
-                <a class="indexterm" name="id2582999"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id352247"></a>
                 Click <span class="guimenu">OK</span>. It will take a minute or so to upload the settings to the server. 
                 You are now returned to the <span class="guimenu">Printers and Faxes on Massive</span> monitor.
@@ -2648 +2648 @@
                 your requirements. BE CERTAIN TO CHANGE AT LEAST ONE SETTING and apply the changes even if 
                 you need to reverse the changes back to their original settings. 
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 This is necessary so that the printer settings are initialized in the Samba printers
                 database. Click <span class="guimenu">Apply</span> to commit your settings. Revert any settings you changed
                 just to initialize the Samba printers database entry for this printer. If you need to revert a setting,
                 click <span class="guimenu">Apply</span> again.
-                </p></li><li><p>
-                <a class="indexterm" name="id2583072"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id352314"></a>
                 Verify that all printer settings are at the desired configuration. When you are satisfied that they are,
                 click the <span class="guimenu">General</span> tab. Now click the <span class="guimenu">Print Test Page</span> button.
@@ -2660 +2660 @@
                 in the panel that is newly presented. Click <span class="guimenu">OK</span> on the <span class="guimenu">ps01-color on 
                 massive Properties</span> panel.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 You must repeat this process for all network printers (i.e., for every printer on each server).
                 When you have finished uploading drivers to all printers, close all applications. The next task
                 is to install software your users require to do their work.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2583127"></a>Software Installation</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Software Installation"><div class="titlepage"><div><div><h3 class="title"><a name="id352365"></a>Software Installation</h3></div></div></div><p>
         Your network has both fixed desktop workstations as well as notebook computers. As a general rule, it is
         a good idea to not tamper with the operating system that is provided by the notebook computer manufacturer.
@@ -2679 +2679 @@
         and migrate that to the Samba server for later reuse when creating custom mandatory profiles, just in
         case a user may have specific needs you had not anticipated.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2583163"></a>Roll-out Image Creation</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Roll-out Image Creation"><div class="titlepage"><div><div><h3 class="title"><a name="id352391"></a>Roll-out Image Creation</h3></div></div></div><p>
         The final steps before preparing the distribution Norton Ghost image file you might follow are:
         </p><div class="blockquote"><blockquote class="blockquote"><p>
@@ -2688 +2688 @@
         in better performance and often significantly reduces the size of the compressed disk image. That
         also means it will take less time to deploy the image onto 500 workstations.
-        </p></blockquote></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583197"></a>Key Points Learned</h2></div></div></div><p>
+        </p></blockquote></div></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352420"></a>Key Points Learned</h2></div></div></div><p>
         This chapter introduced many new concepts. Is it a sad fact that the example presented deliberately
         avoided any consideration of security. Security does not just happen; you must design it into your total
@@ -2697 +2697 @@
         of compromise.
         </p><p>
-        <a class="indexterm" name="id2583218"></a>
-        <a class="indexterm" name="id2583228"></a>
+        <a class="indexterm" name="id352437"></a>
+        <a class="indexterm" name="id352445"></a>
         As a minimum, the LDAP server must be protected by way of Access Control Lists (ACLs), and it must be
         configured to use secure protocols for all communications over the network. Of course, secure networking
@@ -2709 +2709 @@
         </p><p>
         The substance of this chapter that has been deserving of particular attention includes:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Implementation of an OpenLDAP-based passwd backend, necessary to support distributed
                 domain control.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Implementation of Samba primary and secondary domain controllers with a common LDAP backend
                 for user and group accounts that is shared with the UNIX system through the PADL nss_ldap and
                 pam_ldap tool-sets.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Use of the Idealx smbldap-tools scripts for UNIX (POSIX) account management as well as
                 to manage Samba Windows user and group accounts.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The basics of implementation of Group Policy controls for Windows network clients.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Control over roaming profiles, with particular focus on folder redirection to network drives.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Use of the CUPS printing system together with Samba-based printer driver auto-download.
-                </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583303"></a>Questions and Answers</h2></div></div></div><p>
+                </p></li></ul></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352508"></a>Questions and Answers</h2></div></div></div><p>
         Well, here we are at the end of this chapter and we have only ten questions to help you to
         remember so much. There are bound to be some sticky issues here.
-        </p><div class="qandaset"><dl><dt> <a href="happy.html#id2583322">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id352518"></a><dl><dt> <a href="happy.html#id352525">
                 Why did you not cover secure practices? Isn't it rather irresponsible to instruct
                 network administrators to implement insecure solutions?
-                </a></dt><dt> <a href="happy.html#id2583366">
+                </a></dt><dt> <a href="happy.html#id352558">
                 You have focused much on SUSE Linux and little on the market leader, Red Hat. Do
                 you have a problem with Red Hat Linux? Doesn't that make your guidance irrelevant
                 to the Linux I might be using?
-                </a></dt><dt> <a href="happy.html#id2583427">
+                </a></dt><dt> <a href="happy.html#id352600">
                 You did not use SWAT to configure Samba. Is there something wrong with it?
-                </a></dt><dt> <a href="happy.html#id2583466">
+                </a></dt><dt> <a href="happy.html#id352635">
                 You have exposed a well-used password not24get. Is that
                 not irresponsible? 
-                </a></dt><dt> <a href="happy.html#id2583491">
+                </a></dt><dt> <a href="happy.html#id352657">
                 The Idealx smbldap-tools create many domain group accounts that are not used. Is that
                 a good thing?
-                </a></dt><dt> <a href="happy.html#id2583518">
+                </a></dt><dt> <a href="happy.html#id352681">
                 Can I use LDAP just for Samba accounts and not for UNIX system accounts?
-                </a></dt><dt> <a href="happy.html#id2583543">
+                </a></dt><dt> <a href="happy.html#id352701">
                 Why are the Windows domain RID portions not the same as the UNIX UID?
-                </a></dt><dt> <a href="happy.html#id2583579">
+                </a></dt><dt> <a href="happy.html#id352732">
                 Printer configuration examples all show printing to the HP port 9100. Does this
                 mean that I must have HP printers for these solutions to work?
-                </a></dt><dt> <a href="happy.html#id2583608">
+                </a></dt><dt> <a href="happy.html#id352757">
                 Is folder redirection dangerous? I've heard that you can lose your data that way.
-                </a></dt><dt> <a href="happy.html#id2583635">
+                </a></dt><dt> <a href="happy.html#id352779">
                 Is it really necessary to set a local Group Policy to exclude the redirected
                 folders from the roaming profile?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2583322"></a><a name="id2583324"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id352525"></a><a name="id352527"></a></td><td align="left" valign="top"><p>
                 Why did you not cover secure practices? Isn't it rather irresponsible to instruct
                 network administrators to implement insecure solutions?
@@ -2774 +2774 @@
                 that you should implement a network without provision for data recovery and for disaster
                 management? Back to our focus: The deployment of Samba has been clearly demonstrated.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583366"></a><a name="id2583368"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352558"></a><a name="id352561"></a></td><td align="left" valign="top"><p>
                 You have focused much on SUSE Linux and little on the market leader, Red Hat. Do
                 you have a problem with Red Hat Linux? Doesn't that make your guidance irrelevant
@@ -2801 +2801 @@
                 features of both products (companies also). No bias in presentation is intended.
                 Oh, before I forget, I particularly like Debian Linux; that is my favorite playground.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583427"></a><a name="id2583429"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352600"></a><a name="id352603"></a></td><td align="left" valign="top"><p>
                 You did not use SWAT to configure Samba. Is there something wrong with it?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2812 +2812 @@
                 and insecure. Many will not touch it with a barge-pole. By not introducing SWAT, I
                 hope to have brought their interests on board. SWAT is well covered is <span class="emphasis"><em>TOSHARG2</em></span>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583466"></a><a name="id2583468"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352635"></a><a name="id352637"></a></td><td align="left" valign="top"><p>
                 You have exposed a well-used password <span class="emphasis"><em>not24get</em></span>. Is that
                 not irresponsible? 
@@ -2819 +2819 @@
                 used throughout. I guess you can figure out that in a real deployment it would make 
                 sense to use a more secure and original password.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583491"></a><a name="id2583493"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352657"></a><a name="id352660"></a></td><td align="left" valign="top"><p>
                 The Idealx smbldap-tools create many domain group accounts that are not used. Is that
                 a good thing?
@@ -2827 +2827 @@
                 and, besides, it does no harm to create accounts that are not now used  at some time 
                 Samba may well use them.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583518"></a><a name="id2583520"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352681"></a><a name="id352683"></a></td><td align="left" valign="top"><p>
                 Can I use LDAP just for Samba accounts and not for UNIX system accounts?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2835 +2835 @@
                 password files in sync? I think that having everything in LDAP makes a lot of sense
                 for the UNIX administrator who is still learning the craft and is migrating from MS Windows.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583543"></a><a name="id2583545"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352701"></a><a name="id352703"></a></td><td align="left" valign="top"><p>
                 Why are the Windows domain RID portions not the same as the UNIX UID?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2844 +2844 @@
                 permit you to override that to some extent. See the <code class="filename">smb.conf</code> man page entry
                 for <em class="parameter"><code>algorithmic rid base</code></em>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583579"></a><a name="id2583581"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352732"></a><a name="id352735"></a></td><td align="left" valign="top"><p>
                 Printer configuration examples all show printing to the HP port 9100. Does this
                 mean that I must have HP printers for these solutions to work?
@@ -2854 +2854 @@
                 argument to the <code class="constant">lpadmin -v</code> option that is right for your
                 printer.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583608"></a><a name="id2583610"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352757"></a><a name="id352759"></a></td><td align="left" valign="top"><p>
                 Is folder redirection dangerous? I've heard that you can lose your data that way.
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -2864 +2864 @@
                 folder. That was not the case, so by declining to move the data back, he wiped out
                 the data. You cannot hold the tool responsible for that. Caveat emptor still applies.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2583635"></a><a name="id2583637"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352779"></a><a name="id352781"></a></td><td align="left" valign="top"><p>
                 Is it really necessary to set a local Group Policy to exclude the redirected
                 folders from the roaming profile?
@@ -2870 +2870 @@
                 Yes. If you do not do this, the data will still be copied from the network folder
                 (share) to the local cached copy of the profile.
-                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2581828" href="#id2581828" class="para">11</a>] </sup>
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id351153" href="#id351153" class="para">11</a>] </sup>
                         There is an alternate method by which a default user profile can be added to the
                         <code class="constant">NETLOGON</code> share. This facility in the Windows System tool 

trunk/server/docs/htmldocs/Samba3-ByExample/index.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Samba-3 by Example</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr01.html" title="About the Cover Artwork"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Samba-3 by Example</th></tr><tr><td width="20%" align="left"> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="S3bE"></a>Samba-3 by Example</h1></div><div><h2 class="subtitle">Practical Exercises in Successful Samba Deployment</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div><div><p class="pubdate">July, 2006</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="preface"><a href="pr01.html">About the Cover Artwork</a></span></dt><dt><span class="preface"><a href="pr02.html">Acknowledgments</a></span></dt><dt><span class="preface"><a href="pr03.html">Foreword</a></span></dt><dd><dl><dt><span class="sect1"><a href="pr03.html#id2501062">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></dd><dt><span class="preface"><a href="preface.html">Preface</a></span></dt><dd><dl><dt><span class="sect1"><a href="preface.html#id2501251">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id2498970">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id2498857">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id2498889">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id2498954">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id2550647">Conventions Used</a></span></dt></dl></dd><dt><span class="part"><a href="ExNetworks.html">I. Example Network Configurations</a></span></dt><dd><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id2550843">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id2550883">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id2550925">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id2551634">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id2554969">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id2555439">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2555462">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2555522">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2555570">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id2555768">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2555790">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2557337">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id2557985">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id2558010">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2558084">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id2558563">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558614">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2558848">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558863">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2559289">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2559329">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2560183">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2564645">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2564707">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id2565229">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565274">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565373">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565409">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2565612">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565635">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566362">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566927">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2570125">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2570184">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id2571164">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571262">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2571399">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2571856">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573730">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id2573745">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2573925">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id2580771">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id2580791">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id2580886">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581130">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id2581241">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2581375">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582445">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583127">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id2583163">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id2583197">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id2583303">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id2583726">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2583756">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2583824">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2584098">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id2585046">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2585064">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2588223">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2588370">Questions and Answers</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="DMSMig.html">II. Domain Members, Updating Samba and Migration</a></span></dt><dd><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id2589228">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id2589282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2589317">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id2589345">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2589994">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2590094">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2596918">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2596972">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id2598125">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2598221">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2599550">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600245">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2600542">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600746">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2601160">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id2601332">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2601417">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2601472">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2601658">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2601981">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2602007">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2605013">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2605051">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id2606026">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606137">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606228">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606305">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606495">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606504">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="part"><a href="RefSection.html">III. Reference Section</a></span></dt><dd><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id2610496">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2611138">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id2611154">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2611545">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2613169">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2613518">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2615257">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id2615391">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id2616020">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id2616051">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2616160">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id2616193">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id2616349">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2616373">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id2618225">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id2618286">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id2618805">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id2618892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id2619366">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id2619393">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id2619868">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620205">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620281">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620352">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620407">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620452">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id2620600">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id2620704">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id2620874">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id2621092">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2621811">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2622232">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2622592">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2622604">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2622652">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2622792">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2622851">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id2623411">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id2624406">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id2624881">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2625028">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id2625113">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id2625280">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id2625441">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2625502">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id2625618">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2625744">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id2627962">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2628077">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A. 
-    GNU General Public License version 3
-  </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id2628743">A. 
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Samba-3 by Example</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr01.html" title="About the Cover Artwork"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Samba-3 by Example</th></tr><tr><td width="20%" align="left"> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr></table><hr></div><div class="book" title="Samba-3 by Example"><div class="titlepage"><div><div><h1 class="title"><a name="S3bE"></a>Samba-3 by Example</h1></div><div><h2 class="subtitle">Practical Exercises in Successful Samba Deployment</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div><div><p class="pubdate">July, 2006</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="preface"><a href="pr01.html">About the Cover Artwork</a></span></dt><dt><span class="preface"><a href="pr02.html">Acknowledgments</a></span></dt><dt><span class="preface"><a href="pr03.html">Foreword</a></span></dt><dd><dl><dt><span class="sect1"><a href="pr03.html#id280658">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></dd><dt><span class="preface"><a href="preface.html">Preface</a></span></dt><dd><dl><dt><span class="sect1"><a href="preface.html#id280788">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id280825">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id280643">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id322292">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id322341">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id322920">Conventions Used</a></span></dt></dl></dd><dt><span class="part"><a href="ExNetworks.html">I. Example Network Configurations</a></span></dt><dd><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id323089">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id323120">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id323158">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id323803">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id326925">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id327308">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327326">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327416">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id327588">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327606">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id329058">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id329633">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id329652">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id329716">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id330143">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330177">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330386">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330398">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id330742">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330776">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id331530">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id335513">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id335566">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id341463">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id341540">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id341668">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id342070">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343725">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343737">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id343908">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id350178">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id350194">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id350283">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id350512">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id350609">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350723">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id352365">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id352391">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id352420">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id352508">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id352846">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id352871">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352928">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id353175">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id353997">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id354011">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id357027">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id357166">Questions and Answers</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="DMSMig.html">II. Domain Members, Updating Samba and Migration</a></span></dt><dd><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id357946">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id357994">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358022">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id358046">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id358646">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358731">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id365002">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id365047">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id366117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id368988">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369064">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369115">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369276">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id369580">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369600">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id372263">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id372297">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id373183">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373359">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373431">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373599">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373608">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="part"><a href="RefSection.html">III. Reference Section</a></span></dt><dd><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id377126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id377710">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id377723">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378089">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id379573">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379908">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380465">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380830">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id381514">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id381636">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id382225">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382248">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382338">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382367">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382513">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382530">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id384281">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id384336">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id384815">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id384892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id385369">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id385810">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id386110">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id386178">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id386240">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id386332">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id386465">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id386548">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id386696">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id386894">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387559">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387952">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388254">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388264">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388308">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388408">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388463">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id388919">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id389839">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id390270">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390409">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390484">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id390627">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id390763">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id390813">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id390920">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391033">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id393121">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id393223">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A. 
+    <acronym class="acronym">GNU</acronym> General Public License version 3
+  </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id393828">A. 
     Preamble
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628888">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393937">A. 
     TERMS AND CONDITIONS
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628892">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393940">A. 
     0. Definitions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2628984">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394004">A. 
     1. Source Code.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629082">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394066">A. 
     2. Basic Permissions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629122">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394094">A. 
     3. Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629154">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394116">A. 
     4. Conveying Verbatim Copies.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629181">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394135">A. 
     5. Conveying Modified Source Versions.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629277">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394207">A. 
     6. Conveying Non-Source Forms.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629466">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394339">A. 
      7. Additional Terms.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629602">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394444">A. 
      8. Termination.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629646">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394476">A. 
      9. Acceptance Not Required for Having Copies.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629675">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394495">A. 
      10. Automatic Licensing of Downstream Recipients.
-   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629727">A. 
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394529">A. 
     11. Patents.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629872">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394618">A. 
     12. No Surrender of Others&#8217; Freedom.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629894">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394633">A. 
     13. Use with the ???TITLE??? Affero General Public License.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629923">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394657">A. 
     14. Revised Versions of this License.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2629986">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394704">A. 
     15. Disclaimer of Warranty.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630012">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394722">A. 
     16. Limitation of Liability.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630032">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394736">A. 
     17. Interpretation of Sections 15 and 16.
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630049">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394749">A. 
     END OF TERMS AND CONDITIONS
-  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id2630052">A. 
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394752">A. 
     How to Apply These Terms to Your New Programs
-  </a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="go01.html">Glossary</a></span></dt><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div><div class="list-of-figures"><p><b>List of Figures</b></p><dl><dt>1.1. <a href="simple.html#charitynet">Charity Administration Office Network</a></dt><dt>1.2. <a href="simple.html#acctingnet2">Accounting Office Network Topology</a></dt><dt>2.1. <a href="small.html#acct2net">Abmas Accounting  52-User Network Topology</a></dt><dt>3.1. <a href="secure.html#ch04net">Abmas Network Topology  130 Users</a></dt><dt>4.1. <a href="Big500users.html#chap05net">Network Topology  500 User Network Using tdbsam passdb backend.</a></dt><dt>5.1. <a href="happy.html#sbehap-LDAPdiag">The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</a></dt><dt>5.2. <a href="happy.html#chap6net">Network Topology  500 User Network Using ldapsam passdb backend</a></dt><dt>5.3. <a href="happy.html#XP-screen001">Windows XP Professional  User Shared Folders</a></dt><dt>6.1. <a href="net2000users.html#chap7idres">Samba and Authentication Backend Search Pathways</a></dt><dt>6.2. <a href="net2000users.html#ch7singleLDAP">Samba Configuration to Use a Single LDAP Server</a></dt><dt>6.3. <a href="net2000users.html#ch7dualLDAP">Samba Configuration to Use a Dual (Fail-over) LDAP Server</a></dt><dt>6.4. <a href="net2000users.html#ch7dualadd">Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</a></dt><dt>6.5. <a href="net2000users.html#ch7dualok">Samba Configuration to Use Two LDAP Databases - The result is additive.</a></dt><dt>6.6. <a href="net2000users.html#chap7net">Network Topology  2000 User Complex Design A</a></dt><dt>6.7. <a href="net2000users.html#chap7net2">Network Topology  2000 User Complex Design B</a></dt><dt>7.1. <a href="unixclients.html#ch09openmag">Open Magazine Samba Survey</a></dt><dt>7.2. <a href="unixclients.html#ch9-sambadc">Samba Domain: Samba Member Server</a></dt><dt>7.3. <a href="unixclients.html#ch9-adsdc">Active Directory Domain: Samba Member Server</a></dt><dt>9.1. <a href="ntmigration.html#ch8-migration">Schematic Explaining the net rpc vampire Process</a></dt><dt>9.2. <a href="ntmigration.html#NT4DUM">View of Accounts in NT4 Domain User Manager</a></dt><dt>15.1. <a href="appendix.html#swxpp001">The General Panel.</a></dt><dt>15.2. <a href="appendix.html#swxpp004">The Computer Name Panel.</a></dt><dt>15.3. <a href="appendix.html#swxpp006">The Computer Name Changes Panel</a></dt><dt>15.4. <a href="appendix.html#swxpp007">The Computer Name Changes Panel  Domain MIDEARTH</a></dt><dt>15.5. <a href="appendix.html#swxpp008">Computer Name Changes  User name and Password Panel</a></dt><dt>15.6. <a href="appendix.html#lam-login">The LDAP Account Manager Login Screen</a></dt><dt>15.7. <a href="appendix.html#lam-config">The LDAP Account Manager Configuration Screen</a></dt><dt>15.8. <a href="appendix.html#lam-user">The LDAP Account Manager User Edit Screen</a></dt><dt>15.9. <a href="appendix.html#lam-group">The LDAP Account Manager Group Edit Screen</a></dt><dt>15.10. <a href="appendix.html#lam-group-mem">The LDAP Account Manager Group Membership Edit Screen</a></dt><dt>15.11. <a href="appendix.html#lam-host">The LDAP Account Manager Host Edit Screen</a></dt><dt>15.12. <a href="appendix.html#imcidealx">The IMC Samba User Account Screen</a></dt><dt>16.1. <a href="primer.html#pktcap01">Windows Me  Broadcasts  The First 10 Minutes</a></dt><dt>16.2. <a href="primer.html#pktcap02">Windows Me  Later Broadcast Sample</a></dt><dt>16.3. <a href="primer.html#hostannounce">Typical Windows 9x/Me Host Announcement</a></dt><dt>16.4. <a href="primer.html#nullconnect">Typical Windows 9x/Me NULL SessionSetUp AndX Request</a></dt><dt>16.5. <a href="primer.html#userconnect">Typical Windows 9x/Me User SessionSetUp AndX Request</a></dt><dt>16.6. <a href="primer.html#XPCap01">Typical Windows XP NULL Session Setup AndX Request</a></dt><dt>16.7. <a href="primer.html#XPCap02">Typical Windows XP User Session Setup AndX Request</a></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>1. <a href="preface.html#pref-new">Samba Changes  3.0.2 to 3.0.20</a></dt><dt>1.1. <a href="simple.html#acctingnet">Accounting Office Network Information</a></dt><dt>3.1. <a href="secure.html#chap4netid">Abmas.US ISP Information</a></dt><dt>3.2. <a href="secure.html#namedrscfiles">DNS (named) Resource Files</a></dt><dt>4.1. <a href="Big500users.html#ch5-filelocations">Domain: MEGANET, File Locations for Servers</a></dt><dt>5.1. <a href="happy.html#sbehap-privs">Current Privilege Capabilities</a></dt><dt>5.2. <a href="happy.html#oldapreq">Required OpenLDAP Linux Packages</a></dt><dt>5.3. <a href="happy.html#sbehap-bigacct">Abmas Network Users and Groups</a></dt><dt>5.4. <a href="happy.html#proffold">Default Profile Redirections</a></dt><dt>9.1. <a href="ntmigration.html#ch8-vampire">Samba smb.conf Scripts Essential to Samba Operation</a></dt><dt>13.1. <a href="HA.html#ProbList">Effect of Common Problems</a></dt><dt>16.1. <a href="primer.html#capsstats01">Windows Me  Startup Broadcast Capture Statistics</a></dt><dt>16.2. <a href="primer.html#capsstats02">Second Machine (Windows 98)  Capture Statistics</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>1.1. <a href="simple.html#draft-smbconf">Drafting Office smb.conf File</a></dt><dt>1.2. <a href="simple.html#charity-smbconfnew">Charity Administration Office smb.conf New-style File</a></dt><dt>1.3. <a href="simple.html#charity-smbconf">Charity Administration Office smb.conf Old-style File</a></dt><dt>1.4. <a href="simple.html#MEreg">Windows Me  Registry Edit File: Disable Password Caching</a></dt><dt>1.5. <a href="simple.html#acctconf">Accounting Office Network smb.conf Old Style Configuration File</a></dt><dt>2.1. <a href="small.html#initGrps">Script to Map Windows NT Groups to UNIX Groups</a></dt><dt>2.2. <a href="small.html#dhcp01">Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf</a></dt><dt>2.3. <a href="small.html#acct2conf">Accounting Office Network smb.conf File  [globals] Section</a></dt><dt>2.4. <a href="small.html#acct3conf">Accounting Office Network smb.conf File  Services and Shares Section</a></dt><dt>3.1. <a href="secure.html#ch4memoryest">Estimation of Memory Requirements</a></dt><dt>3.2. <a href="secure.html#ch4diskest">Estimation of Disk Storage Requirements</a></dt><dt>3.3. <a href="secure.html#ch4natfw">NAT Firewall Configuration Script</a></dt><dt>3.4. <a href="secure.html#promisnet">130 User Network with tdbsam  [globals] Section</a></dt><dt>3.5. <a href="secure.html#promisnetsvca">130 User Network with tdbsam  Services Section Part A</a></dt><dt>3.6. <a href="secure.html#promisnetsvcb">130 User Network with tdbsam  Services Section Part B</a></dt><dt>3.7. <a href="secure.html#ch4initGrps">Script to Map Windows NT Groups to UNIX Groups</a></dt><dt>3.8. <a href="secure.html#prom-dhcp">DHCP Server Configuration File  /etc/dhcpd.conf</a></dt><dt>3.9. <a href="secure.html#ch4namedcfg">DNS Master Configuration File  /etc/named.conf Master Section</a></dt><dt>3.10. <a href="secure.html#ch4namedvarfwd">DNS Master Configuration File  /etc/named.conf Forward Lookup Definition Section</a></dt><dt>3.11. <a href="secure.html#ch4namedvarrev">DNS Master Configuration File  /etc/named.conf Reverse Lookup Definition Section</a></dt><dt>3.12. <a href="secure.html#eth1zone">DNS 192.168.1 Reverse Zone File</a></dt><dt>3.13. <a href="secure.html#eth2zone">DNS 192.168.2 Reverse Zone File</a></dt><dt>3.14. <a href="secure.html#abmasbiz">DNS Abmas.biz Forward Zone File</a></dt><dt>3.15. <a href="secure.html#abmasus">DNS Abmas.us Forward Zone File</a></dt><dt>4.1. <a href="Big500users.html#ch5-massivesmb">Server: MASSIVE (PDC), File: /etc/samba/smb.conf</a></dt><dt>4.2. <a href="Big500users.html#ch5-dc-common">Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf</a></dt><dt>4.3. <a href="Big500users.html#ch5-commonsmb">Common Samba Configuration File: /etc/samba/common.conf</a></dt><dt>4.4. <a href="Big500users.html#ch5-bldg1-smb">Server: BLDG1 (Member), File: smb.conf</a></dt><dt>4.5. <a href="Big500users.html#ch5-bldg2-smb">Server: BLDG2 (Member), File: smb.conf</a></dt><dt>4.6. <a href="Big500users.html#ch5-dommem-smb">Common Domain Member Include File: dom-mem.conf</a></dt><dt>4.7. <a href="Big500users.html#massive-dhcp">Server: MASSIVE, File: dhcpd.conf</a></dt><dt>4.8. <a href="Big500users.html#bldg1dhcp">Server: BLDG1, File: dhcpd.conf</a></dt><dt>4.9. <a href="Big500users.html#bldg2dhcp">Server: BLDG2, File: dhcpd.conf</a></dt><dt>4.10. <a href="Big500users.html#massive-nameda">Server: MASSIVE, File: named.conf, Part: A</a></dt><dt>4.11. <a href="Big500users.html#massive-namedb">Server: MASSIVE, File: named.conf, Part: B</a></dt><dt>4.12. <a href="Big500users.html#massive-namedc">Server: MASSIVE, File: named.conf, Part: C</a></dt><dt>4.13. <a href="Big500users.html#abmasbizdns">Forward Zone File: abmas.biz.hosts</a></dt><dt>4.14. <a href="Big500users.html#abmasusdns">Forward Zone File: abmas.biz.hosts</a></dt><dt>4.15. <a href="Big500users.html#bldg12nameda">Servers: BLDG1/BLDG2, File: named.conf, Part: A</a></dt><dt>4.16. <a href="Big500users.html#bldg12namedb">Servers: BLDG1/BLDG2, File: named.conf, Part: B</a></dt><dt>4.17. <a href="Big500users.html#ch5-initgrps">Initialize Groups Script, File: /etc/samba/initGrps.sh</a></dt><dt>5.1. <a href="happy.html#sbehap-dbconf">LDAP DB_CONFIG File</a></dt><dt>5.2. <a href="happy.html#sbehap-slapdconf">LDAP Master Configuration File  /etc/openldap/slapd.conf Part A</a></dt><dt>5.3. <a href="happy.html#sbehap-slapdconf2">LDAP Master Configuration File  /etc/openldap/slapd.conf Part B</a></dt><dt>5.4. <a href="happy.html#sbehap-nss01">Configuration File for NSS LDAP Support  /etc/ldap.conf</a></dt><dt>5.5. <a href="happy.html#sbehap-nss02">Configuration File for NSS LDAP Clients Support  /etc/ldap.conf</a></dt><dt>5.6. <a href="happy.html#sbehap-massive-smbconfa">LDAP Based smb.conf File, Server: MASSIVE  global Section: Part A</a></dt><dt>5.7. <a href="happy.html#sbehap-massive-smbconfb">LDAP Based smb.conf File, Server: MASSIVE  global Section: Part B</a></dt><dt>5.8. <a href="happy.html#sbehap-bldg1-smbconf">LDAP Based smb.conf File, Server: BLDG1</a></dt><dt>5.9. <a href="happy.html#sbehap-bldg2-smbconf">LDAP Based smb.conf File, Server: BLDG2</a></dt><dt>5.10. <a href="happy.html#sbehap-shareconfa">LDAP Based smb.conf File, Shares Section  Part A</a></dt><dt>5.11. <a href="happy.html#sbehap-shareconfb">LDAP Based smb.conf File, Shares Section  Part B</a></dt><dt>5.12. <a href="happy.html#sbehap-ldifadd">LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</a></dt><dt>6.1. <a href="net2000users.html#ch7-LDAP-master">LDAP Master Server Configuration File  /etc/openldap/slapd.conf</a></dt><dt>6.2. <a href="net2000users.html#ch7-LDAP-slave">LDAP Slave Configuration File  /etc/openldap/slapd.conf</a></dt><dt>6.3. <a href="net2000users.html#ch7-massmbconfA">Primary Domain Controller smb.conf File  Part A</a></dt><dt>6.4. <a href="net2000users.html#ch7-massmbconfB">Primary Domain Controller smb.conf File  Part B</a></dt><dt>6.5. <a href="net2000users.html#ch7-massmbconfC">Primary Domain Controller smb.conf File  Part C</a></dt><dt>6.6. <a href="net2000users.html#ch7-slvsmbocnfA">Backup Domain Controller smb.conf File  Part A</a></dt><dt>6.7. <a href="net2000users.html#ch7-slvsmbocnfB">Backup Domain Controller smb.conf File  Part B</a></dt><dt>7.1. <a href="unixclients.html#ch9-sdmsdc">Samba Domain Member in Samba Domain Using LDAP  smb.conf File</a></dt><dt>7.2. <a href="unixclients.html#ch9-ldifadd">LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</a></dt><dt>7.3. <a href="unixclients.html#ch9-sdmlcnf">Configuration File for NSS LDAP Support  /etc/ldap.conf</a></dt><dt>7.4. <a href="unixclients.html#ch9-sdmnss">NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf</a></dt><dt>7.5. <a href="unixclients.html#ch0-NT4DSDM">Samba Domain Member Server Using Winbind smb.conf File for NT4 Domain</a></dt><dt>7.6. <a href="unixclients.html#ch0-NT4DSCM">Samba Domain Member Server Using Local Accounts smb.conf File for NT4 Domain</a></dt><dt>7.7. <a href="unixclients.html#ch9-adssdm">Samba Domain Member smb.conf File for Active Directory Membership</a></dt><dt>7.8. <a href="unixclients.html#sbe-idmapridex">Example smb.conf File Using idmap_rid</a></dt><dt>7.9. <a href="unixclients.html#sbeunxa">Typical ADS Style Domain smb.conf File</a></dt><dt>7.10. <a href="unixclients.html#sbewinbindex">ADS Membership Using RFC2307bis Identity Resolution smb.conf File</a></dt><dt>7.11. <a href="unixclients.html#ch9-pamwnbdlogin">SUSE: PAM login Module Using Winbind</a></dt><dt>7.12. <a href="unixclients.html#ch9-pamwbndxdm">SUSE: PAM xdm Module Using Winbind</a></dt><dt>7.13. <a href="unixclients.html#ch9-rhsysauth">Red Hat 9: PAM System Authentication File: /etc/pam.d/system-auth Module Using Winbind</a></dt><dt>9.1. <a href="ntmigration.html#sbent4smb">NT4 Migration Samba-3 Server smb.conf  Part: A</a></dt><dt>9.2. <a href="ntmigration.html#sbent4smb2">NT4 Migration Samba-3 Server smb.conf  Part: B</a></dt><dt>9.3. <a href="ntmigration.html#sbentslapd">NT4 Migration LDAP Server Configuration File: /etc/openldap/slapd.conf  Part A</a></dt><dt>9.4. <a href="ntmigration.html#sbentslapd2">NT4 Migration LDAP Server Configuration File: /etc/openldap/slapd.conf  Part B</a></dt><dt>9.5. <a href="ntmigration.html#sbrntldapconf">NT4 Migration NSS LDAP File: /etc/ldap.conf</a></dt><dt>9.6. <a href="ntmigration.html#sbentnss">NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:1)</a></dt><dt>9.7. <a href="ntmigration.html#sbentnss2">NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:2)</a></dt><dt>10.1. <a href="nw4migration.html#sbeamg">A Rough Tool to Create an LDIF File from the System Account Files</a></dt><dt>10.2. <a href="nw4migration.html#ch8ldap">NSS LDAP Control File  /etc/ldap.conf</a></dt><dt>10.3. <a href="nw4migration.html#sbepu2">The PAM Control File /etc/security/pam_unix2.conf</a></dt><dt>10.4. <a href="nw4migration.html#ch8smbconf">Samba Configuration File  smb.conf Part A</a></dt><dt>10.5. <a href="nw4migration.html#ch8smbconf2">Samba Configuration File  smb.conf Part B</a></dt><dt>10.6. <a href="nw4migration.html#ch8smbconf3">Samba Configuration File  smb.conf Part C</a></dt><dt>10.7. <a href="nw4migration.html#ch8smbconf4">Samba Configuration File  smb.conf Part D</a></dt><dt>10.8. <a href="nw4migration.html#ch8smbconf5">Samba Configuration File  smb.conf Part E</a></dt><dt>10.9. <a href="nw4migration.html#sbersync">Rsync Script</a></dt><dt>10.10. <a href="nw4migration.html#sbexcld">Rsync Files Exclusion List  /root/excludes.txt</a></dt><dt>10.11. <a href="nw4migration.html#ch8ideal">Idealx smbldap-tools Control File  Part A</a></dt><dt>10.12. <a href="nw4migration.html#ch8ideal2">Idealx smbldap-tools Control File  Part B</a></dt><dt>10.13. <a href="nw4migration.html#ch8ideal3">Idealx smbldap-tools Control File  Part C</a></dt><dt>10.14. <a href="nw4migration.html#ch8ideal4">Idealx smbldap-tools Control File  Part D</a></dt><dt>10.15. <a href="nw4migration.html#ch8kix">Kixtart Control File  File: logon.kix</a></dt><dt>10.16. <a href="nw4migration.html#ch8kix2">Kixtart Control File  File: main.kix</a></dt><dt>10.17. <a href="nw4migration.html#ch8kix3">Kixtart Control File  File: setup.kix, Part A</a></dt><dt>10.18. <a href="nw4migration.html#ch8kix3b">Kixtart Control File  File: setup.kix, Part B</a></dt><dt>10.19. <a href="nw4migration.html#ch8kix4">Kixtart Control File  File: acct.kix</a></dt><dt>12.1. <a href="DomApps.html#ch10-krb5conf">Kerberos Configuration  File: /etc/krb5.conf</a></dt><dt>12.2. <a href="DomApps.html#ch10-smbconf">Samba Configuration  File: /etc/samba/smb.conf</a></dt><dt>12.3. <a href="DomApps.html#ch10-etcnsscfg">NSS Configuration File Extract  File: /etc/nsswitch.conf</a></dt><dt>12.4. <a href="DomApps.html#etcsquidcfg">Squid Configuration File Extract  /etc/squid.conf [ADMINISTRATIVE PARAMETERS Section]</a></dt><dt>12.5. <a href="DomApps.html#etcsquid2">Squid Configuration File extract  File: /etc/squid.conf [AUTHENTICATION PARAMETERS Section]</a></dt><dt>15.1. <a href="appendix.html#ch12SL">A Useful Samba Control Script for SUSE Linux</a></dt><dt>15.2. <a href="appendix.html#ch12RHscript">A Sample Samba Control Script for Red Hat Linux</a></dt><dt>15.3. <a href="appendix.html#loopback">DNS Localhost Forward Zone File: /var/lib/named/localhost.zone</a></dt><dt>15.4. <a href="appendix.html#dnsloopy">DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone</a></dt><dt>15.5. <a href="appendix.html#roothint">DNS Root Name Server Hint File: /var/lib/named/root.hint</a></dt><dt>15.6. <a href="appendix.html#sbehap-ldapreconfa">LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh  Part A</a></dt><dt>15.7. <a href="appendix.html#sbehap-ldapreconfb">LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh  Part B</a></dt><dt>15.8. <a href="appendix.html#sbehap-ldapreconfc">LDAP Pre-configuration Script: SMBLDAP-ldif-preconfig.sh  Part C</a></dt><dt>15.9. <a href="appendix.html#sbehap-ldifpata">LDIF Pattern File Used to Pre-configure LDAP  Part A</a></dt><dt>15.10. <a href="appendix.html#sbehap-ldifpatb">LDIF Pattern File Used to Pre-configure LDAP  Part B</a></dt><dt>15.11. <a href="appendix.html#lamcfg">Example LAM Configuration File  config.cfg</a></dt><dt>15.12. <a href="appendix.html#lamconf">LAM Profile Control File  lam.conf</a></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> About the Cover Artwork</td></tr></table></div></body></html>
+  </a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="go01.html">Glossary</a></span></dt><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div><div class="list-of-figures"><p><b>List of Figures</b></p><dl><dt>1.1. <a href="simple.html#charitynet">Charity Administration Office Network</a></dt><dt>1.2. <a href="simple.html#acctingnet2">Accounting Office Network Topology</a></dt><dt>2.1. <a href="small.html#acct2net">Abmas Accounting  52-User Network Topology</a></dt><dt>3.1. <a href="secure.html#ch04net">Abmas Network Topology  130 Users</a></dt><dt>4.1. <a href="Big500users.html#chap05net">Network Topology  500 User Network Using tdbsam passdb backend.</a></dt><dt>5.1. <a href="happy.html#sbehap-LDAPdiag">The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</a></dt><dt>5.2. <a href="happy.html#chap6net">Network Topology  500 User Network Using ldapsam passdb backend</a></dt><dt>5.3. <a href="happy.html#XP-screen001">Windows XP Professional  User Shared Folders</a></dt><dt>6.1. <a href="net2000users.html#chap7idres">Samba and Authentication Backend Search Pathways</a></dt><dt>6.2. <a href="net2000users.html#ch7singleLDAP">Samba Configuration to Use a Single LDAP Server</a></dt><dt>6.3. <a href="net2000users.html#ch7dualLDAP">Samba Configuration to Use a Dual (Fail-over) LDAP Server</a></dt><dt>6.4. <a href="net2000users.html#ch7dualadd">Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</a></dt><dt>6.5. <a href="net2000users.html#ch7dualok">Samba Configuration to Use Two LDAP Databases - The result is additive.</a></dt><dt>6.6. <a href="net2000users.html#chap7net">Network Topology  2000 User Complex Design A</a></dt><dt>6.7. <a href="net2000users.html#chap7net2">Network Topology  2000 User Complex Design B</a></dt><dt>7.1. <a href="unixclients.html#ch09openmag">Open Magazine Samba Survey</a></dt><dt>7.2. <a href="unixclients.html#ch9-sambadc">Samba Domain: Samba Member Server</a></dt><dt>7.3. <a href="unixclients.html#ch9-adsdc">Active Directory Domain: Samba Member Server</a></dt><dt>9.1. <a href="ntmigration.html#ch8-migration">Schematic Explaining the <code class="literal">net rpc vampire</code> Process</a></dt><dt>9.2. <a href="ntmigration.html#NT4DUM">View of Accounts in NT4 Domain User Manager</a></dt><dt>15.1. <a href="appendix.html#swxpp001">The General Panel.</a></dt><dt>15.2. <a href="appendix.html#swxpp004">The Computer Name Panel.</a></dt><dt>15.3. <a href="appendix.html#swxpp006">The Computer Name Changes Panel</a></dt><dt>15.4. <a href="appendix.html#swxpp007">The Computer Name Changes Panel  Domain MIDEARTH</a></dt><dt>15.5. <a href="appendix.html#swxpp008">Computer Name Changes  User name and Password Panel</a></dt><dt>15.6. <a href="appendix.html#lam-login">The LDAP Account Manager Login Screen</a></dt><dt>15.7. <a href="appendix.html#lam-config">The LDAP Account Manager Configuration Screen</a></dt><dt>15.8. <a href="appendix.html#lam-user">The LDAP Account Manager User Edit Screen</a></dt><dt>15.9. <a href="appendix.html#lam-group">The LDAP Account Manager Group Edit Screen</a></dt><dt>15.10. <a href="appendix.html#lam-group-mem">The LDAP Account Manager Group Membership Edit Screen</a></dt><dt>15.11. <a href="appendix.html#lam-host">The LDAP Account Manager Host Edit Screen</a></dt><dt>15.12. <a href="appendix.html#imcidealx">The IMC Samba User Account Screen</a></dt><dt>16.1. <a href="primer.html#pktcap01">Windows Me  Broadcasts  The First 10 Minutes</a></dt><dt>16.2. <a href="primer.html#pktcap02">Windows Me  Later Broadcast Sample</a></dt><dt>16.3. <a href="primer.html#hostannounce">Typical Windows 9x/Me Host Announcement</a></dt><dt>16.4. <a href="primer.html#nullconnect">Typical Windows 9x/Me NULL SessionSetUp AndX Request</a></dt><dt>16.5. <a href="primer.html#userconnect">Typical Windows 9x/Me User SessionSetUp AndX Request</a></dt><dt>16.6. <a href="primer.html#XPCap01">Typical Windows XP NULL Session Setup AndX Request</a></dt><dt>16.7. <a href="primer.html#XPCap02">Typical Windows XP User Session Setup AndX Request</a></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>1. <a href="preface.html#pref-new">Samba Changes  3.0.2 to 3.0.20</a></dt><dt>1.1. <a href="simple.html#acctingnet">Accounting Office Network Information</a></dt><dt>3.1. <a href="secure.html#chap4netid">Abmas.US ISP Information</a></dt><dt>3.2. <a href="secure.html#namedrscfiles">DNS (named) Resource Files</a></dt><dt>4.1. <a href="Big500users.html#ch5-filelocations">Domain: <code class="constant">MEGANET</code>, File Locations for Servers</a></dt><dt>5.1. <a href="happy.html#sbehap-privs">Current Privilege Capabilities</a></dt><dt>5.2. <a href="happy.html#oldapreq">Required OpenLDAP Linux Packages</a></dt><dt>5.3. <a href="happy.html#sbehap-bigacct">Abmas Network Users and Groups</a></dt><dt>5.4. <a href="happy.html#proffold">Default Profile Redirections</a></dt><dt>9.1. <a href="ntmigration.html#ch8-vampire">Samba <code class="filename">smb.conf</code> Scripts Essential to Samba Operation</a></dt><dt>13.1. <a href="HA.html#ProbList">Effect of Common Problems</a></dt><dt>16.1. <a href="primer.html#capsstats01">Windows Me  Startup Broadcast Capture Statistics</a></dt><dt>16.2. <a href="primer.html#capsstats02">Second Machine (Windows 98)  Capture Statistics</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>1.1. <a href="simple.html#draft-smbconf">Drafting Office <code class="filename">smb.conf</code> File</a></dt><dt>1.2. <a href="simple.html#charity-smbconfnew">Charity Administration Office <code class="filename">smb.conf</code> New-style File</a></dt><dt>1.3. <a href="simple.html#charity-smbconf">Charity Administration Office <code class="filename">smb.conf</code> Old-style File</a></dt><dt>1.4. <a href="simple.html#MEreg">Windows Me  Registry Edit File: Disable Password Caching</a></dt><dt>1.5. <a href="simple.html#acctconf">Accounting Office Network <code class="filename">smb.conf</code> Old Style Configuration File</a></dt><dt>2.1. <a href="small.html#initGrps">Script to Map Windows NT Groups to UNIX Groups</a></dt><dt>2.2. <a href="small.html#dhcp01">Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></a></dt><dt>2.3. <a href="small.html#acct2conf">Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</a></dt><dt>2.4. <a href="small.html#acct3conf">Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</a></dt><dt>3.1. <a href="secure.html#ch4memoryest">Estimation of Memory Requirements</a></dt><dt>3.2. <a href="secure.html#ch4diskest">Estimation of Disk Storage Requirements</a></dt><dt>3.3. <a href="secure.html#ch4natfw">NAT Firewall Configuration Script</a></dt><dt>3.4. <a href="secure.html#promisnet">130 User Network with <span class="emphasis"><em>tdbsam</em></span>  [globals] Section</a></dt><dt>3.5. <a href="secure.html#promisnetsvca">130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part A</a></dt><dt>3.6. <a href="secure.html#promisnetsvcb">130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part B</a></dt><dt>3.7. <a href="secure.html#ch4initGrps">Script to Map Windows NT Groups to UNIX Groups</a></dt><dt>3.8. <a href="secure.html#prom-dhcp">DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></a></dt><dt>3.9. <a href="secure.html#ch4namedcfg">DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Master Section</a></dt><dt>3.10. <a href="secure.html#ch4namedvarfwd">DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Forward Lookup Definition Section</a></dt><dt>3.11. <a href="secure.html#ch4namedvarrev">DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Reverse Lookup Definition Section</a></dt><dt>3.12. <a href="secure.html#eth1zone">DNS 192.168.1 Reverse Zone File</a></dt><dt>3.13. <a href="secure.html#eth2zone">DNS 192.168.2 Reverse Zone File</a></dt><dt>3.14. <a href="secure.html#abmasbiz">DNS Abmas.biz Forward Zone File</a></dt><dt>3.15. <a href="secure.html#abmasus">DNS Abmas.us Forward Zone File</a></dt><dt>4.1. <a href="Big500users.html#ch5-massivesmb">Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></a></dt><dt>4.2. <a href="Big500users.html#ch5-dc-common">Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></a></dt><dt>4.3. <a href="Big500users.html#ch5-commonsmb">Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></a></dt><dt>4.4. <a href="Big500users.html#ch5-bldg1-smb">Server: BLDG1 (Member), File: smb.conf</a></dt><dt>4.5. <a href="Big500users.html#ch5-bldg2-smb">Server: BLDG2 (Member), File: smb.conf</a></dt><dt>4.6. <a href="Big500users.html#ch5-dommem-smb">Common Domain Member Include File: dom-mem.conf</a></dt><dt>4.7. <a href="Big500users.html#massive-dhcp">Server: MASSIVE, File: dhcpd.conf</a></dt><dt>4.8. <a href="Big500users.html#bldg1dhcp">Server: BLDG1, File: dhcpd.conf</a></dt><dt>4.9. <a href="Big500users.html#bldg2dhcp">Server: BLDG2, File: dhcpd.conf</a></dt><dt>4.10. <a href="Big500users.html#massive-nameda">Server: MASSIVE, File: named.conf, Part: A</a></dt><dt>4.11. <a href="Big500users.html#massive-namedb">Server: MASSIVE, File: named.conf, Part: B</a></dt><dt>4.12. <a href="Big500users.html#massive-namedc">Server: MASSIVE, File: named.conf, Part: C</a></dt><dt>4.13. <a href="Big500users.html#abmasbizdns">Forward Zone File: abmas.biz.hosts</a></dt><dt>4.14. <a href="Big500users.html#abmasusdns">Forward Zone File: abmas.biz.hosts</a></dt><dt>4.15. <a href="Big500users.html#bldg12nameda">Servers: BLDG1/BLDG2, File: named.conf, Part: A</a></dt><dt>4.16. <a href="Big500users.html#bldg12namedb">Servers: BLDG1/BLDG2, File: named.conf, Part: B</a></dt><dt>4.17. <a href="Big500users.html#ch5-initgrps">Initialize Groups Script, File: /etc/samba/initGrps.sh</a></dt><dt>5.1. <a href="happy.html#sbehap-dbconf">LDAP DB_CONFIG File</a></dt><dt>5.2. <a href="happy.html#sbehap-slapdconf">LDAP Master Configuration File  <code class="filename">/etc/openldap/slapd.conf</code> Part A</a></dt><dt>5.3. <a href="happy.html#sbehap-slapdconf2">LDAP Master Configuration File  <code class="filename">/etc/openldap/slapd.conf</code> Part B</a></dt><dt>5.4. <a href="happy.html#sbehap-nss01">Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></a></dt><dt>5.5. <a href="happy.html#sbehap-nss02">Configuration File for NSS LDAP Clients Support  <code class="filename">/etc/ldap.conf</code></a></dt><dt>5.6. <a href="happy.html#sbehap-massive-smbconfa">LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</a></dt><dt>5.7. <a href="happy.html#sbehap-massive-smbconfb">LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</a></dt><dt>5.8. <a href="happy.html#sbehap-bldg1-smbconf">LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</a></dt><dt>5.9. <a href="happy.html#sbehap-bldg2-smbconf">LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</a></dt><dt>5.10. <a href="happy.html#sbehap-shareconfa">LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</a></dt><dt>5.11. <a href="happy.html#sbehap-shareconfb">LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</a></dt><dt>5.12. <a href="happy.html#sbehap-ldifadd">LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</a></dt><dt>6.1. <a href="net2000users.html#ch7-LDAP-master">LDAP Master Server Configuration File  <code class="filename">/etc/openldap/slapd.conf</code></a></dt><dt>6.2. <a href="net2000users.html#ch7-LDAP-slave">LDAP Slave Configuration File  <code class="filename">/etc/openldap/slapd.conf</code></a></dt><dt>6.3. <a href="net2000users.html#ch7-massmbconfA">Primary Domain Controller <code class="filename">smb.conf</code> File  Part A</a></dt><dt>6.4. <a href="net2000users.html#ch7-massmbconfB">Primary Domain Controller <code class="filename">smb.conf</code> File  Part B</a></dt><dt>6.5. <a href="net2000users.html#ch7-massmbconfC">Primary Domain Controller <code class="filename">smb.conf</code> File  Part C</a></dt><dt>6.6. <a href="net2000users.html#ch7-slvsmbocnfA">Backup Domain Controller <code class="filename">smb.conf</code> File  Part A</a></dt><dt>6.7. <a href="net2000users.html#ch7-slvsmbocnfB">Backup Domain Controller <code class="filename">smb.conf</code> File  Part B</a></dt><dt>7.1. <a href="unixclients.html#ch9-sdmsdc">Samba Domain Member in Samba Domain Using LDAP  <code class="filename">smb.conf</code> File</a></dt><dt>7.2. <a href="unixclients.html#ch9-ldifadd">LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</a></dt><dt>7.3. <a href="unixclients.html#ch9-sdmlcnf">Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></a></dt><dt>7.4. <a href="unixclients.html#ch9-sdmnss">NSS using LDAP for Identity Resolution  File: <code class="filename">/etc/nsswitch.conf</code></a></dt><dt>7.5. <a href="unixclients.html#ch0-NT4DSDM">Samba Domain Member Server Using Winbind <code class="filename">smb.conf</code> File for NT4 Domain</a></dt><dt>7.6. <a href="unixclients.html#ch0-NT4DSCM">Samba Domain Member Server Using Local Accounts <code class="filename">smb.conf</code> File for NT4 Domain</a></dt><dt>7.7. <a href="unixclients.html#ch9-adssdm">Samba Domain Member <code class="filename">smb.conf</code> File for Active Directory Membership</a></dt><dt>7.8. <a href="unixclients.html#sbe-idmapridex">Example <code class="filename">smb.conf</code> File Using <code class="constant">idmap_rid</code></a></dt><dt>7.9. <a href="unixclients.html#sbeunxa">Typical ADS Style Domain <code class="filename">smb.conf</code> File</a></dt><dt>7.10. <a href="unixclients.html#sbewinbindex">ADS Membership Using RFC2307bis Identity Resolution <code class="filename">smb.conf</code> File</a></dt><dt>7.11. <a href="unixclients.html#ch9-pamwnbdlogin">SUSE: PAM <code class="filename">login</code> Module Using Winbind</a></dt><dt>7.12. <a href="unixclients.html#ch9-pamwbndxdm">SUSE: PAM <code class="filename">xdm</code> Module Using Winbind</a></dt><dt>7.13. <a href="unixclients.html#ch9-rhsysauth">Red Hat 9: PAM System Authentication File: <code class="filename">/etc/pam.d/system-auth</code> Module Using Winbind</a></dt><dt>9.1. <a href="ntmigration.html#sbent4smb">NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: A</a></dt><dt>9.2. <a href="ntmigration.html#sbent4smb2">NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: B</a></dt><dt>9.3. <a href="ntmigration.html#sbentslapd">NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part A</a></dt><dt>9.4. <a href="ntmigration.html#sbentslapd2">NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part B</a></dt><dt>9.5. <a href="ntmigration.html#sbrntldapconf">NT4 Migration NSS LDAP File: <code class="filename">/etc/ldap.conf</code></a></dt><dt>9.6. <a href="ntmigration.html#sbentnss">NT4 Migration NSS Control File: <code class="filename">/etc/nsswitch.conf</code> (Stage:1)</a></dt><dt>9.7. <a href="ntmigration.html#sbentnss2">NT4 Migration NSS Control File: <code class="filename">/etc/nsswitch.conf</code> (Stage:2)</a></dt><dt>10.1. <a href="nw4migration.html#sbeamg">A Rough Tool to Create an LDIF File from the System Account Files</a></dt><dt>10.2. <a href="nw4migration.html#ch8ldap">NSS LDAP Control File  /etc/ldap.conf</a></dt><dt>10.3. <a href="nw4migration.html#sbepu2">The PAM Control File <code class="filename">/etc/security/pam_unix2.conf</code></a></dt><dt>10.4. <a href="nw4migration.html#ch8smbconf">Samba Configuration File  smb.conf Part A</a></dt><dt>10.5. <a href="nw4migration.html#ch8smbconf2">Samba Configuration File  smb.conf Part B</a></dt><dt>10.6. <a href="nw4migration.html#ch8smbconf3">Samba Configuration File  smb.conf Part C</a></dt><dt>10.7. <a href="nw4migration.html#ch8smbconf4">Samba Configuration File  smb.conf Part D</a></dt><dt>10.8. <a href="nw4migration.html#ch8smbconf5">Samba Configuration File  smb.conf Part E</a></dt><dt>10.9. <a href="nw4migration.html#sbersync">Rsync Script</a></dt><dt>10.10. <a href="nw4migration.html#sbexcld">Rsync Files Exclusion List  <code class="filename">/root/excludes.txt</code></a></dt><dt>10.11. <a href="nw4migration.html#ch8ideal">Idealx smbldap-tools Control File  Part A</a></dt><dt>10.12. <a href="nw4migration.html#ch8ideal2">Idealx smbldap-tools Control File  Part B</a></dt><dt>10.13. <a href="nw4migration.html#ch8ideal3">Idealx smbldap-tools Control File  Part C</a></dt><dt>10.14. <a href="nw4migration.html#ch8ideal4">Idealx smbldap-tools Control File  Part D</a></dt><dt>10.15. <a href="nw4migration.html#ch8kix">Kixtart Control File  File: logon.kix</a></dt><dt>10.16. <a href="nw4migration.html#ch8kix2">Kixtart Control File  File: main.kix</a></dt><dt>10.17. <a href="nw4migration.html#ch8kix3">Kixtart Control File  File: setup.kix, Part A</a></dt><dt>10.18. <a href="nw4migration.html#ch8kix3b">Kixtart Control File  File: setup.kix, Part B</a></dt><dt>10.19. <a href="nw4migration.html#ch8kix4">Kixtart Control File  File: acct.kix</a></dt><dt>12.1. <a href="DomApps.html#ch10-krb5conf">Kerberos Configuration  File: <code class="filename">/etc/krb5.conf</code></a></dt><dt>12.2. <a href="DomApps.html#ch10-smbconf">Samba Configuration  File: <code class="filename">/etc/samba/smb.conf</code></a></dt><dt>12.3. <a href="DomApps.html#ch10-etcnsscfg">NSS Configuration File Extract  File: <code class="filename">/etc/nsswitch.conf</code></a></dt><dt>12.4. <a href="DomApps.html#etcsquidcfg">Squid Configuration File Extract  <code class="filename">/etc/squid.conf</code> [ADMINISTRATIVE PARAMETERS Section]</a></dt><dt>12.5. <a href="DomApps.html#etcsquid2">Squid Configuration File extract  File: <code class="filename">/etc/squid.conf</code> [AUTHENTICATION PARAMETERS Section]</a></dt><dt>15.1. <a href="appendix.html#ch12SL">A Useful Samba Control Script for SUSE Linux</a></dt><dt>15.2. <a href="appendix.html#ch12RHscript">A Sample Samba Control Script for Red Hat Linux</a></dt><dt>15.3. <a href="appendix.html#loopback">DNS Localhost Forward Zone File: <code class="filename">/var/lib/named/localhost.zone</code></a></dt><dt>15.4. <a href="appendix.html#dnsloopy">DNS Localhost Reverse Zone File: <code class="filename">/var/lib/named/127.0.0.zone</code></a></dt><dt>15.5. <a href="appendix.html#roothint">DNS Root Name Server Hint File: <code class="filename">/var/lib/named/root.hint</code></a></dt><dt>15.6. <a href="appendix.html#sbehap-ldapreconfa">LDAP Pre-configuration Script: <code class="filename">SMBLDAP-ldif-preconfig.sh</code>  Part A</a></dt><dt>15.7. <a href="appendix.html#sbehap-ldapreconfb">LDAP Pre-configuration Script: <code class="filename">SMBLDAP-ldif-preconfig.sh</code>  Part B</a></dt><dt>15.8. <a href="appendix.html#sbehap-ldapreconfc">LDAP Pre-configuration Script: <code class="filename">SMBLDAP-ldif-preconfig.sh</code>  Part C</a></dt><dt>15.9. <a href="appendix.html#sbehap-ldifpata">LDIF Pattern File Used to Pre-configure LDAP  Part A</a></dt><dt>15.10. <a href="appendix.html#sbehap-ldifpatb">LDIF Pattern File Used to Pre-configure LDAP  Part B</a></dt><dt>15.11. <a href="appendix.html#lamcfg">Example LAM Configuration File  <code class="filename">config.cfg</code></a></dt><dt>15.12. <a href="appendix.html#lamconf">LAM Profile Control File  <code class="filename">lam.conf</code></a></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> About the Cover Artwork</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/ix01.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Index</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Index</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="index"><div class="titlepage"><div><div><h2 class="title"><a name="id2630726"></a>Index</h2></div></div></div><div class="index"><div class="indexdiv"><h3>Symbols</h3><dl><dt>%LOGONSERVER%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>%USERNAME%, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id2572664">Profile Changes</a></dt><dt>%USERPROFILE%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>/data/ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>/etc/cups/mime.convs, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/cups/mime.types, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/dhcpd.conf, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>/etc/exports, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>/etc/group, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/hosts, <a class="indexterm" href="simple.html#id2551061">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>/etc/krb5.conf, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>/etc/ldap.conf, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id2596006">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>/etc/mime.convs, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/mime.types, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/named.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>/etc/nsswitch.conf, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id2596006">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>/etc/openldap/slapd.conf, <a class="indexterm" href="happy.html#id2573240">Debugging LDAP</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>/etc/passwd, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a></dt><dt>/etc/rc.d/boot.local, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt><dt>/etc/rc.d/rc.local, <a class="indexterm" href="small.html#id2555790">Implementation</a></dt><dt>/etc/resolv.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a></dt><dt>/etc/samba, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/etc/samba/secrets.tdb, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>/etc/samba/smbusers, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a></dt><dt>/etc/shadow, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a></dt><dt>/etc/squid/squid.conf, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/syslog.conf, <a class="indexterm" href="happy.html#id2573240">Debugging LDAP</a></dt><dt>/etc/xinetd.d, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>/lib/libnss_ldap.so.2, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>/opt/IDEALX/sbin, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>/proc/sys/net/ipv4/ip_forward, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>/usr/bin, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/lib/samba, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/local, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/local/samba, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/local/samba/var/locks, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/usr/sbin, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/share, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/share/samba/swat, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/usr/share/swat, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/var/cache/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/var/lib/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>/var/log/ldaplogs, <a class="indexterm" href="happy.html#id2573240">Debugging LDAP</a></dt><dt>/var/log/samba, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>8-bit, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt></dl></div><div class="indexdiv"><h3></h3><dl><dt>, <a class="indexterm" href="simple.html#id2551061">Implementation</a>, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="Big500users.html#id2565635">Implementation</a>, <a class="indexterm" href="happy.html#sbehap-ppc">Addition of Machines to the Domain</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id2596006">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id2617564">NSS Configuration</a></dt><dd><dl><dt>Domain account, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>liability, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>logon, <a class="indexterm" href="simple.html#id2551953">Implementation</a></dt><dt>problem, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>transparent inter-operability, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>A</h3><dl><dt>abmas-netfw.sh, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>accept, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>accepts liability, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>access, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>access control, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a>, <a class="indexterm" href="kerberos.html#id2614585">Using the MMC Computer Management Interface</a></dt><dt>Access Control Lists (see ACLs)</dt><dt>access control settings, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>access controls, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>accessible, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>account, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dd><dl><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></dd><dt>account credentials, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a></dt><dt>account information, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>account names, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>account policies, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>accountable, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>accounts</dt><dd><dl><dt>authoritative, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>Domain, <a class="indexterm" href="ntmigration.html#id2601332">Introduction</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id2601332">Introduction</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>machine, <a class="indexterm" href="ntmigration.html#id2601332">Introduction</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>manage, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>user, <a class="indexterm" href="ntmigration.html#id2601332">Introduction</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt></dl></dd><dt>ACL, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>ACLs, <a class="indexterm" href="happy.html#id2583197">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>acquisitions, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Act!, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>ACT! database, <a class="indexterm" href="appendix.html#id2625028">Act! Database Sharing</a></dt><dt>Act!Diag, <a class="indexterm" href="appendix.html#id2625028">Act! Database Sharing</a></dt><dt>Active Directory, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id2589282">Assignment Tasks</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>authentication, <a class="indexterm" href="DomApps.html#id2617829">Squid Configuration</a></dt><dt>domain, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>management tools, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>realm, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>Replacement, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>Server, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>tree, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt></dl></dd><dt>active directory, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>AD printer publishing, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>ADAM, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a></dt><dt>add group script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add machine script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>Add Printer Wizard</dt><dd><dl><dt>APW, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>add user script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add user to group script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>adduser, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt><dt>adequate precautions, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a></dt><dt>administrative installation, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>administrative rights, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>administrator, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a></dt><dt>ADMT, <a class="indexterm" href="upgrades.html#id2601160">Migration of Samba Accounts to Active Directory</a></dt><dt>ADS, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></dd><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>affordability, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>alarm, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>algorithm, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>allow trusted domains, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>alternative, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>analysis, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>anonymous connection, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>Apache Web server, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>appliance mode, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>application server, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>application servers, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>application/octet-stream, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>APW, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>arp, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>assessment, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>assistance, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>assumptions, <a class="indexterm" href="HA.html#id2620704">Key Points Learned</a></dt><dt>authconfig, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>authenticate, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>authenticated, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a></dt><dt>authenticated connection, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>authentication, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2617564">NSS Configuration</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dd><dl><dt>plain-text, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt></dl></dd><dt>authentication process, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a></dt><dt>authentication protocols, <a class="indexterm" href="DomApps.html#id2618225">Key Points Learned</a></dt><dt>authoritative, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>authorized location, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>auto-generated SID, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>automatically allocate, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>availability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt></dl></div><div class="indexdiv"><h3>B</h3><dl><dt>backends, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>background communication, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>Backup, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Backup Domain Controller (see BDC)</dt><dt>bandwidth, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a></dt><dd><dl><dt>requirements, <a class="indexterm" href="net2000users.html#id2584137">User Needs</a></dt></dl></dd><dt>bandwidth calculations, <a class="indexterm" href="secure.html#id2559135">Hardware Requirements</a></dt><dt>BDC, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id2573925">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id2588223">Key Points Learned</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a></dt><dt>benefit, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>best practices, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>bias, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>binary database, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>binary files, <a class="indexterm" href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></dt><dt>binary package, <a class="indexterm" href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></dt><dt>bind interfaces only, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>broadcast, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>directed, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>mailslot, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>broadcast messages, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>broadcast storms, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>broken, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>broken behavior, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>browse, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>browse master, <a class="indexterm" href="primer.html#id2625878">Findings</a></dt><dt>Browse Master, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browse.dat, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a></dt><dt>Browser Election Service, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browsing, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a>, <a class="indexterm" href="primer.html#id2625502">Assignment Tasks</a></dt><dt>budgetted, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>bug fixes, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>bug report, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt></dl></div><div class="indexdiv"><h3>C</h3><dl><dt>cache, <a class="indexterm" href="appendix.html#id2625113">Opportunistic Locking Controls</a></dt><dt>cache directories, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>caching, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>case-sensitive, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>centralized storage, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>character set, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt><dt>check samba daemons, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>check-point, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>check-point controls, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>Checkpoint Controls, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>chgrp, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>chkconfig, <a class="indexterm" href="simple.html#id2551061">Implementation</a>, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>chmod, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>choice, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>chown, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>CIFS, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="primer.html#id2625878">Findings</a></dt><dt>cifsfs, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>clean database, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>clients per DC, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Clock skew, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>cluster, <a class="indexterm" href="HA.html#id2618805">Introduction</a></dt><dt>clustering, <a class="indexterm" href="HA.html#id2618805">Introduction</a>, <a class="indexterm" href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>code maintainer, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>codepage, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt><dt>collision rates, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>commercial, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>commercial software, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>commercial support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id2621092">Commercial Support</a></dt><dt>Common Internet File System (see CIFS)</dt><dt>comparison</dt><dd><dl><dt>Active Directory &amp; OpenLDAP, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt></dl></dd><dt>compat, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>compatible, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>compile-time, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>complexities, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>compromise, <a class="indexterm" href="happy.html#id2571164">Introduction</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>computer account, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>Computer Management, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>computer name, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>condemns, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>conferences, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>configuration files, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a></dt><dt>configure.pl, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>connection, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>connectivity, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>consequential risk, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>consultant, <a class="indexterm" href="simple.html#id2550925">Drafting Office</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>consumer, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>consumer expects, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>contiguous directory, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>contributions, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>control files, <a class="indexterm" href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></dt><dt>convmv, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt><dt>copy, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>corrective action, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>cost, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>cost-benefit, <a class="indexterm" href="nw4migration.html#id2606137">Assignment Tasks</a></dt><dt>country of origin, <a class="indexterm" href="ch14.html#id2621092">Commercial Support</a></dt><dt>Courier-IMAP, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>credential, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>credentials, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>crippled, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>criticism, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Critics, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>Cryptographic, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>CUPS, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="small.html#id2555570">Technical Issues</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="small.html#id2558010">Key Points Learned</a>, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dd><dl><dt>queue, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt></dl></dd><dt>cupsd, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>customer expected, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>customers, <a class="indexterm" href="ch14.html">Samba Support</a></dt></dl></div><div class="indexdiv"><h3>D</h3><dl><dt>daemon, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>daemon control, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>data</dt><dd><dl><dt>corruption, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>integrity, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt></dl></dd><dt>data corruption, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a>, <a class="indexterm" href="appendix.html#id2625028">Act! Database Sharing</a></dt><dt>data integrity, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a>, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>data storage, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>database, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a></dt><dt>database applications, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>DB_CONFIG, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>DCE, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>DDNS (see dynamic DNS)</dt><dt>Debian, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>default installation, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>default password, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>default profile, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt><dt>Default User, <a class="indexterm" href="happy.html#id2572664">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>defective</dt><dd><dl><dt>cables, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>HUBs, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>switches, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt></dl></dd><dt>defects, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>defensible standards, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>defragmentation, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a></dt><dt>delete group script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delete user from group script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delimiter, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>dependability, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>deployment, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>desired security setting, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>development, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>DHCP, <a class="indexterm" href="small.html#id2555570">Technical Issues</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="small.html#id2558010">Key Points Learned</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dd><dl><dt>client, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>relay, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a></dt><dt>Relay Agent, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>request, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>requests, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a></dt><dt>servers, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>traffic, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt></dl></dd><dt>dhcp client validation, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>DHCP Server, <a class="indexterm" href="small.html#id2555790">Implementation</a></dt><dt>DHCP server, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a></dt><dt>diagnostic, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a></dt><dt>diffusion, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>digital rights, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>digital sign'n'seal, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>digits, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>diligence, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>directory, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id2589994">Political Issues</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dd><dl><dt>Computers container, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>management, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>People container, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>replication, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>schema, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>server, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt><dt>synchronization, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt></dl></dd><dt>directory tree, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>disable, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>disaster recovery, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>disk image, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a></dt><dt>disruptive, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>distributed, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="HA.html#id2620352">Distribute Network Load with MSDFS</a></dt><dt>distributed domain, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>DMB, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>DMS, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a></dt><dt>DNS, <a class="indexterm" href="small.html#id2555570">Technical Issues</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>configuration, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>Dynamic, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>dynamic, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>lookup, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>name lookup, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>SRV records, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>suffix, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></dd><dt>DNS server, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>document the settings, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>documentation, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>documented, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>Domain, <a class="indexterm" href="small.html#id2555570">Technical Issues</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id2555570">Technical Issues</a></dt></dl></dd><dt>domain</dt><dd><dl><dt>Active Directory, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>controller, <a class="indexterm" href="upgrades.html#id2600960">Replacing a Domain Controller</a></dt><dt>joining, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>trusted, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt></dl></dd><dt>Domain accounts, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>Domain Administrator, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>Domain Controller, <a class="indexterm" href="small.html#id2558010">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a>, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a></dt><dd><dl><dt>closest, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>domain controller, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>domain controllers, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>Domain Controllers, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>Domain Groups</dt><dd><dl><dt>well-known, <a class="indexterm" href="appendix.html#id2622851">Initialization of the LDAP Database</a></dt></dl></dd><dt>Domain join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>domain master, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></dt><dt>Domain Master Browser (see DMB)</dt><dt>Domain Member, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a></dt><dd><dl><dt>authoritative</dt><dd><dl><dt>local accounts, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt></dl></dd><dt>client, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a></dt><dt>desktop, <a class="indexterm" href="unixclients.html#id2589228">Introduction</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id2589228">Introduction</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>servers, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>workstations, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a></dt></dl></dd><dt>domain member</dt><dd><dl><dt>servers, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt></dl></dd><dt>Domain Member server, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>Domain Member servers, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>domain members, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>domain name space, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>domain replication, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>domain SID, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>Domain SID, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>domain tree, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>Domain User Manager, <a class="indexterm" href="happy.html#id2580886">Configuring Profile Directories</a></dt><dt>Domain users, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>DOS, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>dos2unix, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt><dt>down-grade, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a></dt><dt>drive letters, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>drive mapping, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>dumb printing, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a></dt><dt>dump, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>duplicate accounts, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>dynamic DNS, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>E</h3><dl><dt>e-Directory, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a></dt><dt>Easy Software Products, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a></dt><dt>economically sustainable, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>eDirectory, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>education, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>election, <a class="indexterm" href="primer.html#id2625878">Findings</a></dt><dt>employment, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>enable, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>encrypted, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a></dt><dt>encrypted password, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>encrypted passwords, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>End User License Agreement (see EULA)</dt><dt>enumerating, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>essential, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>ethereal, <a class="indexterm" href="primer.html#id2625618">Exercises</a></dt><dt>Ethernet switch, <a class="indexterm" href="small.html#id2555570">Technical Issues</a></dt><dt>ethernet switch, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>EULA, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>Everyone, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>Excel, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>exclusive open, <a class="indexterm" href="appendix.html#id2624881">Microsoft Access</a></dt><dt>experiment, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>export, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>extent, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>External Domains, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>extreme demand, <a class="indexterm" href="HA.html#id2619366">Guidelines for Reliable Samba Operation</a></dt></dl></div><div class="indexdiv"><h3>F</h3><dl><dt>fail, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>failed, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>failed join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>failure, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>familiar, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>fatal problem, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>fear, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>fears, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>Fedora, <a class="indexterm" href="simple.html#id2550925">Drafting Office</a></dt><dt>FHS, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>file and print server, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>file and print service, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>file caching, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id2625113">Opportunistic Locking Controls</a></dt><dt>File Hierarchy System (see FHS)</dt><dt>file locations, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>file permissions, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>file server</dt><dd><dl><dt>read-only, <a class="indexterm" href="simple.html#id2551005">Dissection and Discussion</a></dt></dl></dd><dt>file servers, <a class="indexterm" href="happy.html#id2573925">Samba Server Implementation</a></dt><dt>file system, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dd><dl><dt>access control, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a></dt><dt>Ext3, <a class="indexterm" href="simple.html#id2551061">Implementation</a></dt><dt>permissions, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>file system security, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>filter, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>financial responsibility, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>firewall, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>fix, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>flaws, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>flexibility, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>flush</dt><dd><dl><dt>cache memory, <a class="indexterm" href="appendix.html#id2625113">Opportunistic Locking Controls</a></dt></dl></dd><dt>folder redirection, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>force group, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>force user, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>forced settings, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a></dt><dt>foreign, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>foreign SID, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>forwarded, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>foundation members, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>Free Standards Group (see FSG)</dt><dt>free support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>front-end, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dd><dl><dt>server, <a class="indexterm" href="HA.html#id2620352">Distribute Network Load with MSDFS</a></dt></dl></dd><dt>frustration, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a></dt><dt>FSG, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>FTP</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt></dl></dd><dt>full control, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id2614876">Using MS Windows Explorer (File Manager)</a></dt><dt>fully qualified, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>functional differences, <a class="indexterm" href="upgrades.html#id2598221">Cautions and Notes</a></dt></dl></div><div class="indexdiv"><h3>G</h3><dl><dt>generation, <a class="indexterm" href="upgrades.html#id2598221">Cautions and Notes</a></dt><dt>Gentoo, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>getent, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>getfacl, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>getgrnam, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>getpwnam, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>getpwnam(), <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>GID, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>Goettingen, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>government, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>GPL, <a class="indexterm" href="secure.html#id2564093">Comments Regarding Software Terms of Use</a></dt><dt>group account, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>group management, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>group mapping, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>group membership, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>group names, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>group policies, <a class="indexterm" href="ntmigration.html#id2601332">Introduction</a></dt><dt>Group Policy, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>Group Policy editor, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>Group Policy Objects, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>groupadd, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>groupdel, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>groupmem, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>groupmod, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>GSS-API, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>guest account, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a>, <a class="indexterm" href="primer.html#chap01conc">Dissection and Discussion</a>, <a class="indexterm" href="primer.html#id2628077">Technical Issues</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>H</h3><dl><dt>hackers, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>hardware prices, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>hardware problems, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>Heimdal, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>Heimdal Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>Heimdal kerberos, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a></dt><dt>help, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>helper agent, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>hesiod, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>hierarchy of control, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>high availability, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>hire, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>HKEY_CURRENT_USER, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a></dt><dt>HKEY_LOCAL_MACHINE, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>HKEY_LOCAL_USER, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>host announcement, <a class="indexterm" href="primer.html#id2625502">Assignment Tasks</a>, <a class="indexterm" href="primer.html#id2626531">Findings</a></dt><dt>hostname, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>hosts, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>HUB, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Hybrid, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>hypothetical, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt></dl></div><div class="indexdiv"><h3>I</h3><dl><dt>Idealx, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dd><dl><dt>smbldap-tools, <a class="indexterm" href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a>, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt></dl></dd><dt>identifiers, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>identity, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dd><dl><dt>management, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt></dl></dd><dt>identity management, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id2589994">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a></dt><dt>Identity Management, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>Identity management, <a class="indexterm" href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a></dt><dt>Identity resolution, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>Identity resolver, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>IDMAP, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>idmap backend, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>IDMAP backend, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>idmap gid, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>idmap uid, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>idmap_rid, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>IMAP, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a></dt><dt>import, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>income, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>independent expert, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>inetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>inetOrgPerson, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a></dt><dt>inheritance, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>initGrps.sh, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt><dt>initial credentials, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>inoperative, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>install, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>installation, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>integrate, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>integrity, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>inter-domain, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>inter-operability, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>interactive help, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>interdomain trusts, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>interfaces, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>intermittent, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>internationalization, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt><dt>Internet Explorer, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>Internet Information Server, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>interoperability, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>IP forwarding, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt><dt>IPC$, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a></dt><dt>iptables, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a></dt><dt>IRC, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>isolated, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Italian, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>J</h3><dl><dt>jobs, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>joining a domain, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></div><div class="indexdiv"><h3>K</h3><dl><dt>KDC, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dd><dl><dt>Heimdal, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>interoperability, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>libraries, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>MIT, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>unspecified fields, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt></dl></dd><dt>kerberos, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt></dl></dd><dt>Kerberos ticket, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>kinit, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>Kixtart, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>klist, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>krb5, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a></dt><dt>krb5.conf, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt></dl></div><div class="indexdiv"><h3>L</h3><dl><dt>LAM, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dd><dl><dt>configuration editor, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>configuration file, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>login screen, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>opening screen, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>profile, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>wizard, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt></dl></dd><dt>large domain, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>LDAP, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a>, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#id2573007">Preliminary Advice: Dangers Can Be Avoided</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id2583726">Introduction</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="net2000users.html#id2588223">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2601417">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dd><dl><dt>backend, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>database, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>directory, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>initial configuration, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>master/slave</dt><dd><dl><dt>background communication, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt></dl></dd><dt>preload, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>schema, <a class="indexterm" href="upgrades.html#id2600576">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>secure, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>updates, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt></dl></dd><dt>ldap, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>LDAP Account Manager (see LAM)</dt><dt>LDAP backend, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>LDAP database, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>LDAP Interchange Format (see LDIF)</dt><dt>LDAP server, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>LDAP-transfer-LDIF.txt, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>ldap.conf, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>ldapadd, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>ldapsam, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="upgrades.html#id2600576">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id2601417">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>ldapsam backend, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>ldapsearch, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>LDIF, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id2622851">Initialization of the LDAP Database</a></dt><dt>leadership, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>Lightweight Directory Access Protocol (see LDAP)</dt><dt>limit, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>Linux desktop, <a class="indexterm" href="unixclients.html#id2589228">Introduction</a></dt><dt>Linux Standards Base (see LSB)</dt><dt>LMB, <a class="indexterm" href="primer.html#id2625878">Findings</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>LMHOSTS, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>load distribution, <a class="indexterm" href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>local accounts, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>Local Group Policy, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a></dt><dt>Local Master Announcement, <a class="indexterm" href="primer.html#id2626531">Findings</a></dt><dt>Local Master Browser (see LMB)</dt><dt>localhost, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>lock directory, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>locking</dt><dd><dl><dt>Application level, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Client side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Server side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>logging, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>login, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a></dt><dt>loglevel, <a class="indexterm" href="happy.html#id2573240">Debugging LDAP</a></dt><dt>logon credentials, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>logon hours, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a></dt><dt>logon machines, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>logon path, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>logon process, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a></dt><dt>logon scrip, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a></dt><dt>logon script, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#id2581130">Preparation of Logon Scripts</a>, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>logon server, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>logon services, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>logon time, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a></dt><dt>logon traffic, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>logon.kix, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>loopback, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>low performance, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>lower-case, <a class="indexterm" href="ntmigration.html#id2602007">Implementation</a></dt><dt>lpadmin, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>LSB, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>M</h3><dl><dt>machine, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>machine account, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>machine accounts, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>machine secret password, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a></dt><dt>MACHINE.SID, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>mailing list, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>mailing lists, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>managed, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>management, <a class="indexterm" href="unixclients.html#id2589994">Political Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dd><dl><dt>group, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>User, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></dd><dt>mandatory profile, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#id2580886">Configuring Profile Directories</a></dt><dt>Mandrake, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>mapped drives, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>mapping, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dd><dl><dt>consistent, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt></dl></dd><dt>Mars_NWE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a></dt><dt>material, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>memberUID, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>memory requirements, <a class="indexterm" href="secure.html#id2559135">Hardware Requirements</a></dt><dt>merge, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>merged, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>meta-directory, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>meta-service, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>Microsoft Access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft Excel, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft ISA, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a></dt><dt>Microsoft Management Console (see MMC)</dt><dt>Microsoft Office, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>Microsoft Outlook</dt><dd><dl><dt>PST files, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt></dl></dd><dt>migrate, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>migration, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id2601332">Introduction</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dd><dl><dt>objectives, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt></dl></dd><dt>Migration speed, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>mime type, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>mime types, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>missing RPC's, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>MIT, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>MIT Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>MIT kerberos, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a></dt><dt>MIT KRB5, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>mixed mode, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>mixed-mode, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>MMC, <a class="indexterm" href="happy.html#id2582445">Configure Delete Cached Profiles on Logout</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>mobile computing, <a class="indexterm" href="small.html#id2555522">Dissection and Discussion</a></dt><dt>mobility, <a class="indexterm" href="net2000users.html#id2584098">Technical Issues</a></dt><dt>modularization, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>modules, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>MS Access</dt><dd><dl><dt>validate, <a class="indexterm" href="appendix.html#id2624881">Microsoft Access</a></dt></dl></dd><dt>MS Outlook, <a class="indexterm" href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></dt><dt>PST file, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>MS Windows Server 2003, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a></dt><dt>MS Word, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>MSDFS, <a class="indexterm" href="HA.html#id2620352">Distribute Network Load with MSDFS</a></dt><dt>multi-subnet, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>multi-user</dt><dd><dl><dt>access, <a class="indexterm" href="appendix.html#id2624881">Microsoft Access</a></dt><dt>data access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>multiple directories, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>multiple domain controllers, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>multiple group mappings, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>mutual assistance, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>My Documents, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a></dt><dt>My Network Places, <a class="indexterm" href="simple.html#id2551953">Implementation</a></dt><dt>mysqlsam, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt></dl></div><div class="indexdiv"><h3>N</h3><dl><dt>name resolution, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="primer.html#id2625502">Assignment Tasks</a></dt><dd><dl><dt>Defective, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>name resolve order, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>name service switch, <a class="indexterm" href="small.html#id2555790">Implementation</a> (see NSS)</dt><dt>named, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a></dt><dt>NAT, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a></dt><dt>native, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>net</dt><dd><dl><dt>ads</dt><dd><dl><dt>info, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>status, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>getlocalsid, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></dt><dt>groupmap</dt><dd><dl><dt>add, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a></dt><dt>list, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>modify, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a></dt></dl></dd><dt>rpc</dt><dd><dl><dt>info, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>join, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></dt><dt>vampire, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></dt></dl></dd><dt>setlocalsid, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt></dl></dd><dt>NetBIOS, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>name cache, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>name resolution</dt><dd><dl><dt>delays, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Node Type, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></dd><dt>netbios</dt><dd><dl><dt>machine  name, <a class="indexterm" href="upgrades.html#id2599053">Change of hostname</a></dt></dl></dd><dt>netbios forwarding, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>NetBIOS name, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dd><dl><dt>aliases, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt></dl></dd><dt>netbios name, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599053">Change of hostname</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>NETLOGON, <a class="indexterm" href="happy.html#id2572758">Using a Network Default User Profile</a>, <a class="indexterm" href="happy.html#id2581375">Windows Client Configuration</a></dt><dt>netlogon, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>Netlogon, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>netmask, <a class="indexterm" href="simple.html#id2551061">Implementation</a></dt><dt>Netware, <a class="indexterm" href="small.html">Small Office Networking</a></dt><dt>NetWare, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>network</dt><dd><dl><dt>administrators, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>analyzer, <a class="indexterm" href="primer.html#id2625502">Assignment Tasks</a></dt><dt>bandwidth, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>broadcast, <a class="indexterm" href="primer.html#id2625441">Introduction</a></dt><dt>captures, <a class="indexterm" href="primer.html#id2625280">Requirements and Notes</a></dt><dt>collisions, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>load, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>logon scripts, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>management, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>multi-segment, <a class="indexterm" href="happy.html#id2571164">Introduction</a></dt><dt>overload, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>performance, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>routed, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>segment, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>sniffer, <a class="indexterm" href="primer.html#id2625280">Requirements and Notes</a></dt><dt>timeout, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>timeouts, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>trace, <a class="indexterm" href="primer.html#id2625502">Assignment Tasks</a></dt><dt>traffic</dt><dd><dl><dt>observation, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></dd><dt>wide-area, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt></dl></dd><dt>Network Address Translation (see NAT)</dt><dt>network administrators, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>network attached storage (see NAS)</dt><dt>network bandwidth</dt><dd><dl><dt>utilization, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Network Default Profile, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a></dt><dt>network hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>network hygiene, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>network Identities, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>network load factors, <a class="indexterm" href="Big500users.html#id2565373">Dissection and Discussion</a></dt><dt>Network Neighborhood, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>network segment, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a></dt><dt>network segments, <a class="indexterm" href="secure.html#id2559135">Hardware Requirements</a></dt><dt>network share, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a></dt><dt>networking</dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt></dl></dd><dt>networking hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>networking protocols, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>next generation, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>NextFreeUnixId, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>NFS server, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>NICs, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>NIS, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2589994">Political Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>nis, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>NIS schema, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>NIS server, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>NIS+, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>nisplus, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>NLM, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>nmap, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>nmbd, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>nobody, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a></dt><dt>Novell, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id2606026">Introduction</a></dt><dt>Novell SUSE SLES 9, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>NSS, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id2617564">NSS Configuration</a> (see same service switch)</dt><dt>nss_ldap, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id2596006">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>nt acl support, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a></dt><dt>NT4 registry, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>NTLM, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>NTLM authentication daemon, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>NTLMSSP, <a class="indexterm" href="DomApps.html#id2618225">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a>, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>NTLMSSP_AUTH, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>ntlm_auth, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>NTP, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>NTUSER.DAT, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id2572664">Profile Changes</a>, <a class="indexterm" href="happy.html#id2572758">Using a Network Default User Profile</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>NULL connection, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>NULL session, <a class="indexterm" href="primer.html#id2627129">Findings and Comments</a></dt><dt>NULL-Session, <a class="indexterm" href="primer.html#id2627931">Discussion</a></dt></dl></div><div class="indexdiv"><h3>O</h3><dl><dt>objectClass, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>off-site storage, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Open Magazine, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>Open Source, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>OpenLDAP, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id2589994">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a>, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>openldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>OpenOffice, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>operating profiles, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>oplock break, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a></dt><dt>oplocks, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>Oplocks</dt><dd><dl><dt>disabled, <a class="indexterm" href="appendix.html#id2625113">Opportunistic Locking Controls</a></dt></dl></dd><dt>opportunistic</dt><dd><dl><dt>locking, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a></dt></dl></dd><dt>opportunistic locking, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id2625028">Act! Database Sharing</a></dt><dt>optimized, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>organizational units, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>OS/2, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>Outlook</dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></dt></dl></dd><dt>Outlook Address Book, <a class="indexterm" href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></dt><dt>Outlook Express, <a class="indexterm" href="secure.html#id2559289">Political Issues</a>, <a class="indexterm" href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></dt><dt>over-ride, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>over-ride controls, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a></dt><dt>over-rule, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id2614876">Using MS Windows Explorer (File Manager)</a></dt><dt>overheads, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a></dt><dt>ownership, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt></dl></div><div class="indexdiv"><h3>P</h3><dl><dt>package, <a class="indexterm" href="simple.html#id2551061">Implementation</a></dt><dt>package names, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>packages, <a class="indexterm" href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></dt><dt>PADL, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a></dt><dt>PADL LDAP tools, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt><dt>PADL Software, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>paid-for support, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>PAM, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>pam_ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>pam_ldap.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>pam_unix2.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dd><dl><dt>use_ldap, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt></dl></dd><dt>parameters, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>passdb backend, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id2600576">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id2601417">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>passdb.tdb, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>passwd, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a></dt><dt>password</dt><dd><dl><dt>backend, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>password caching, <a class="indexterm" href="simple.html#id2551953">Implementation</a></dt><dt>password change, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a></dt><dt>password length, <a class="indexterm" href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>payroll, <a class="indexterm" href="nw4migration.html#id2606026">Introduction</a></dt><dt>pdbedit, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>PDC, <a class="indexterm" href="Big500users.html#id2565274">Assignment Tasks</a>, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2602007">Implementation</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a></dt><dt>PDC/BDC ratio, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>PDF, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>performance, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a>, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a>, <a class="indexterm" href="HA.html#id2618805">Introduction</a>, <a class="indexterm" href="HA.html#id2619769">Network Collisions</a></dt><dt>performance degradation, <a class="indexterm" href="kerberos.html#id2613970">Override Controls</a>, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>Perl, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>permission, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>permissions, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>excessive, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>group, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>user, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt></dl></dd><dt>Permissions, <a class="indexterm" href="kerberos.html#id2614585">Using the MMC Computer Management Interface</a></dt><dt>permits, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>permitted group, <a class="indexterm" href="kerberos.html#id2614585">Using the MMC Computer Management Interface</a></dt><dt>PHP, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>PHP4, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>pile-driver, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>ping, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>pitfalls, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>plain-text, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>Pluggable Authentication Modules (see PAM)</dt><dt>policy, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>poor performance, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>POP3, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a></dt><dt>Posix, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id2602007">Implementation</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>POSIX, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>Posix accounts, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>Posix ACLs, <a class="indexterm" href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></dt><dt>PosixAccount, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>posixAccount, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>Postfix, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>Postscript, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a></dt><dt>powers, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>practices, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>precaution, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a></dt><dt>presence and leadership, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>price paid, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>primary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>principals, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>print filter, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>print queue, <a class="indexterm" href="simple.html#id2551634">Charity Administration Office</a>, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a></dt><dt>print spooler, <a class="indexterm" href="simple.html#id2551634">Charity Administration Office</a></dt><dt>Print Test Page, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>printcap name, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>printer validation, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>printers</dt><dd><dl><dt>Advanced, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>Default Settings, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>General, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>Properties, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>Security, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>Sharing, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>printing, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dd><dl><dt>drag-and-drop, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#id2582625">Uploading Printer Drivers to Samba Servers</a></dt><dt>dumb, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a></dt><dt>point-n-click, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a></dt><dt>raw, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a></dt></dl></dd><dt>privacy, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>Privilege Attribute Certificates (see PAC)</dt><dt>privilege controls, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>privileged pipe, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>privileges, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id2600654">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt><dt>problem report, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>problem resolution, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>product defects, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>professional support, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>profile</dt><dd><dl><dt>default, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a></dt><dt>mandatory, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>roaming, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>profile path, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>profile share, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>profiles, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>profiles share, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>programmer, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>project, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>project maintainers, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>Properties, <a class="indexterm" href="kerberos.html#id2614585">Using the MMC Computer Management Interface</a></dt><dt>proprietary, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>protected, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>protection, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>protocol</dt><dd><dl><dt>negotiation, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>protocol analysis, <a class="indexterm" href="primer.html#id2625280">Requirements and Notes</a></dt><dt>protocols, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>provided services, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>proxy, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>PST file, <a class="indexterm" href="happy.html#id2582129">Configuration of MS Outlook to Relocate PST File</a></dt><dt>public specifications, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>purchase support, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt></dl></div><div class="indexdiv"><h3>Q</h3><dl><dt>Qbasic, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>qualified problem, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt></dl></div><div class="indexdiv"><h3>R</h3><dl><dt>RAID, <a class="indexterm" href="secure.html#id2559135">Hardware Requirements</a></dt><dt>RAID controllers, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>Raw Print Through, <a class="indexterm" href="happy.html#id2572816">Installation of Printer Driver Auto-Download</a></dt><dt>raw printing, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>Rbase, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>rcldap, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>realm, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id2595411">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>recognize, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>record locking, <a class="indexterm" href="appendix.html#id2624881">Microsoft Access</a></dt><dt>recursively, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Red Hat, <a class="indexterm" href="simple.html#id2550925">Drafting Office</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>Red Hat Fedora Linux, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>Red Hat Linux, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="simple.html#AccountingOffice">Accounting Office</a>, <a class="indexterm" href="happy.html#id2573925">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>redirected folders, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>refereed standards, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>regedit, <a class="indexterm" href="simple.html#id2551953">Implementation</a></dt><dt>regedt32, <a class="indexterm" href="happy.html#id2572664">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dd><dl><dt>keys</dt><dd><dl><dt>SAM, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>SECURITY, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt></dl></dd></dl></dd><dt>registry change, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>Registry Editor, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry hacks, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>registry keys, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>reimburse, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>rejected, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>rejoin, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>reliability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt><dt>remote announce, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>remote browse sync, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>remote procedure call (see RPC)</dt><dt>replicate, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="HA.html#id2620407">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>replicated, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a></dt><dt>requesting payment, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>resilient, <a class="indexterm" href="HA.html#id2619366">Guidelines for Reliable Samba Operation</a></dt><dt>resolution, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a></dt><dt>resolve, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="HA.html#id2619404">Bad Hostnames</a></dt><dt>response, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a></dt><dt>responsibility, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>responsible, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>restrict anonymous, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>restricted export, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>Restrictive security, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>reverse DNS, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a></dt><dt>rfc2307bis, <a class="indexterm" href="unixclients.html#id2596006">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a></dt><dt>RID, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>risk, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>road-map, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dd><dl><dt>published, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></dd><dt>roaming profile, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id2580886">Configuring Profile Directories</a>, <a class="indexterm" href="net2000users.html#id2584137">User Needs</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>roaming profiles, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="happy.html#id2572363">Roaming Profile Background</a></dt><dt>routed network, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a></dt><dt>router, <a class="indexterm" href="small.html#id2555790">Implementation</a></dt><dt>routers, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>RPC, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>rpc, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>rpcclient, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>RPM, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a></dt><dd><dl><dt>install, <a class="indexterm" href="simple.html#id2551061">Implementation</a></dt></dl></dd><dt>rpm, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>RPMs, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>rpms, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>rsync, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id2620407">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>rsyncd.conf, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>run-time control files, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>S</h3><dl><dt>safe-guards, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>SAM, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>samba, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>starting samba, <a class="indexterm" href="simple.html#id2551061">Implementation</a></dt></dl></dd><dt>Samba, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>Samba accounts, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>samba cluster, <a class="indexterm" href="HA.html#id2618805">Introduction</a></dt><dt>samba control script, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>Samba Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>Samba Domain server, <a class="indexterm" href="kerberos.html#id2614585">Using the MMC Computer Management Interface</a></dt><dt>Samba RPM Packages, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>Samba Tea, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>sambaDomainName, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>sambaGroupMapping, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>SambaSAMAccount, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>SambaSamAccount, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>sambaSamAccount, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>SambaXP conference, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>SAN, <a class="indexterm" href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>SAS, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>scalability, <a class="indexterm" href="HA.html#id2618805">Introduction</a></dt><dt>scalable, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>schannel, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>schema, <a class="indexterm" href="unixclients.html#id2596006">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2600245">Samba-2.x with LDAP Support</a>, <a class="indexterm" href="upgrades.html#id2600576">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>scripts, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>secondary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>secret, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>secrets.tdb, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>secure account password, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>secure connections, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>secure networking, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>secure networking protocols, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>security, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dd><dl><dt>identifier, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>share mode, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a></dt><dt>user mode, <a class="indexterm" href="simple.html#id2553799">Dissection and Discussion</a></dt></dl></dd><dt>Security, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2614585">Using the MMC Computer Management Interface</a></dt><dt>Security Account Manager (see SAM)</dt><dt>security controls, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>security descriptors, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>security fixes, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>security updates, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>SerNet, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>server</dt><dd><dl><dt>domain member, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>stand-alone, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt></dl></dd><dt>service, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dd><dl><dt>smb</dt><dd><dl><dt>start, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a></dt></dl></dd></dl></dd><dt>Service Packs, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id2618225">Key Points Learned</a></dt><dt>services provided, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>session setup, <a class="indexterm" href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>Session Setup, <a class="indexterm" href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a></dt><dt>SessionSetUpAndX, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>set primary group script, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>setfacl, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>severely degrade, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>SFU, <a class="indexterm" href="unixclients.html#id2596292">IDMAP, Active Directory, and MS Services for UNIX 3.5</a></dt><dt>SGID, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>shadow-utils, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>Share Access Controls, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>share ACLs, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>share definition, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>Share Definition</dt><dd><dl><dt>Controls, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a></dt></dl></dd><dt>share definition controls, <a class="indexterm" href="kerberos.html#id2613518">Share Definition Controls</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>share level access controls, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>share level ACL, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>Share Permissions, <a class="indexterm" href="kerberos.html#id2613169">Share Access Controls</a></dt><dt>shared resource, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>shares, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>SID, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2594807">IDMAP_RID with Winbind</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599119">Change of Workgroup (Domain) Name</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id2622851">Initialization of the LDAP Database</a></dt><dt>side effects, <a class="indexterm" href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></dt><dt>Sign'n'seal, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>silent return, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>simple, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>Single Sign-On (see SSO)</dt><dt>slapcat, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>slapd, <a class="indexterm" href="happy.html#id2573240">Debugging LDAP</a></dt><dt>slapd.conf, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a></dt><dt>slow logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>slow network, <a class="indexterm" href="HA.html#id2620452">Hardware Problems</a></dt><dt>slurpd, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>smart printing, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>SMB, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>SMB passwords, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>SMB/CIFS, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>smbclient, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>smbd, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dd><dl><dt>location of files, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt></dl></dd><dt>smbfs, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>smbldap-groupadd, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>smbldap-groupmod, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>smbldap-passwd, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-populate, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-tools, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>smbldap-tools updating, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>smbldap-useradd, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt><dt>smbldap-usermod, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>smbmnt, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>smbmount, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>smbpasswd, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555570">Technical Issues</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#id2576821">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>smbumnt, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>smbumount, <a class="indexterm" href="HA.html#id2618892">Dissection and Discussion</a></dt><dt>SMTP, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a></dt><dt>snap-shot, <a class="indexterm" href="ntmigration.html#id2601472">Dissection and Discussion</a></dt><dt>socket address, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>socket options, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>software, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>solve, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>source code, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>SPNEGO, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>SQL, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>Squid, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id2617829">Squid Configuration</a></dt><dt>squid, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>Squid proxy, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>SRVTOOLS.EXE, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="happy.html#id2580886">Configuring Profile Directories</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>SSL, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>stand-alone server, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>starting CUPS, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting dhcpd, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting samba, <a class="indexterm" href="simple.html#id2551061">Implementation</a>, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dd><dl><dt>nmbd, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>smbd, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>winbindd, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt></dl></dd><dt>startingCUPS, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>startup script, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>sticky bit, <a class="indexterm" href="small.html#id2555790">Implementation</a></dt><dt>storage capacity, <a class="indexterm" href="secure.html#id2559135">Hardware Requirements</a></dt><dt>strategic, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a></dt><dt>strategy, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>straw-man, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>strict sync, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>stripped, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>strong cryptography, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>subscription, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>SUID, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>Sun ONE Identity Server, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>super daemon, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>support, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a>, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>survey, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>SUSE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>SUSE Enterprise Linux Server, <a class="indexterm" href="simple.html#id2551634">Charity Administration Office</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a></dt><dt>SUSE Linux, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id2573925">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2616373">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>SWAT, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>sync always, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>synchronization, <a class="indexterm" href="DomApps.html#id2616622">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id2620303">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>synchronize, <a class="indexterm" href="net2000users.html#id2584137">User Needs</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>synchronized, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>syslog, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>system level logins, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>system security, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>T</h3><dl><dt>tattooing, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>TCP/IP, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>tdbdump, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>tdbsam, <a class="indexterm" href="secure.html#id2558863">Technical Issues</a>, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id2571262">Assignment Tasks</a>, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id2600576">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id2601658">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>testparm, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="HA.html#id2619868">Samba Configuration</a></dt><dt>ticket, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>time server, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>Tivoli Directory Server, <a class="indexterm" href="happy.html#id2571399">Dissection and Discussion</a></dt><dt>TLS, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>token, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a></dt><dt>tool, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>TOSHARG2, <a class="indexterm" href="simple.html#id2551953">Implementation</a></dt><dt>track record, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>traffic collisions, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>transaction processing, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a></dt><dt>transactional, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>transfer, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>translate, <a class="indexterm" href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></dt><dt>traverse, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>tree, <a class="indexterm" href="nw4migration.html#id2606228">Dissection and Discussion</a></dt><dt>Tree Connect, <a class="indexterm" href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a></dt><dt>trust account, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>trusted computing, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Trusted Domains, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>trusted domains, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>trusted third-party, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>trusting, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>turn-around time, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>U</h3><dl><dt>UDP</dt><dd><dl><dt>broadcast, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt></dl></dd><dt>UID, <a class="indexterm" href="simple.html#id2551758">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id2571022">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>un-join, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>unauthorized activities, <a class="indexterm" href="kerberos.html#id2612822">Kerberos Exposed</a></dt><dt>UNC name, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>unencrypted, <a class="indexterm" href="appendix.html#id2623411">The LDAP Account Manager</a></dt><dt>Unicast, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a></dt><dt>unicode, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt><dt>Universal Naming Convention (see UNC name)</dt><dt>UNIX, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id2555570">Technical Issues</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a></dt></dl></dd><dt>UNIX accounts, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt><dt>UNIX/Linux server, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>unix2dos, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt><dt>unknown, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>unsupported software, <a class="indexterm" href="ch14.html#id2621092">Commercial Support</a></dt><dt>update, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a>, <a class="indexterm" href="upgrades.html#id2598221">Cautions and Notes</a></dt><dt>updates, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>updating smbldap-tools, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>upgrade, <a class="indexterm" href="upgrades.html#id2598125">Introduction</a>, <a class="indexterm" href="upgrades.html#id2598221">Cautions and Notes</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>uppercase, <a class="indexterm" href="ntmigration.html#id2602007">Implementation</a></dt><dt>user</dt><dd><dl><dt>management, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>user account, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>User and Group Controls, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>user credentials, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a></dt><dt>user errors, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>user groups, <a class="indexterm" href="ch14.html#id2620874">Free Support</a></dt><dt>user identities, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a></dt><dt>user logins, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>user management, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>User Manager, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>User Mode, <a class="indexterm" href="secure.html#id2559329">Implementation</a>, <a class="indexterm" href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>useradd, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566940">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>userdel, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>usermod, <a class="indexterm" href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></dt><dt>username, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>username map, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#id2560183">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id2566362">Server Preparation: All Servers</a></dt><dt>UTF-8, <a class="indexterm" href="upgrades.html#id2599385">International Language Support</a></dt><dt>utilities, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>V</h3><dl><dt>valid users, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>validate, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>validated, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>validation, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>vampire, <a class="indexterm" href="ntmigration.html#id2605051">Questions and Answers</a></dt><dt>vendor, <a class="indexterm" href="kerberos.html#id2611154">Dissection and Discussion</a></dt><dt>vendors, <a class="indexterm" href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></dt><dt>VFS modules, <a class="indexterm" href="appendix.html#id2621811">Samba System File Location</a></dt><dt>virus, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>VPN, <a class="indexterm" href="net2000users.html#id2583756">Assignment Tasks</a></dt><dt>vulnerabilities, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt></dl></div><div class="indexdiv"><h3>W</h3><dl><dt>wbinfo, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a></dt><dt>weakness, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a></dt><dt>web</dt><dd><dl><dt>caching, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a></dt><dt>proxying, <a class="indexterm" href="DomApps.html#id2616051">Assignment Tasks</a></dt></dl></dd><dt>Web</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dd><dl><dt>access, <a class="indexterm" href="DomApps.html#id2618225">Key Points Learned</a></dt></dl></dd></dl></dd><dt>Web browsers, <a class="indexterm" href="DomApps.html#id2618225">Key Points Learned</a></dt><dt>WebClient, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>WHATSNEW.txt, <a class="indexterm" href="upgrades.html#id2600245">Samba-2.x with LDAP Support</a></dt><dt>white-pages, <a class="indexterm" href="nw4migration.html#id2606305">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>wide-area, <a class="indexterm" href="net2000users.html#id2584137">User Needs</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2588223">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>wide-area network, <a class="indexterm" href="HA.html#id2620205">Use and Location of BDCs</a>, <a class="indexterm" href="HA.html#id2620407">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>winbind, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a>, <a class="indexterm" href="unixclients.html#id2589317">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2616193">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id2617564">NSS Configuration</a></dt><dt>Winbind, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id2611545">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id2615257">Key Points Learned</a></dt><dt>winbind trusted domains only, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>winbind use default domain, <a class="indexterm" href="kerberos.html#id2613658">Checkpoint Controls</a></dt><dt>winbindd, <a class="indexterm" href="small.html#id2557337">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id2600654">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id2617012">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id2622232">Starting Samba</a></dt><dt>winbindd_cache.tdb, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>winbindd_idmap.tdb, <a class="indexterm" href="unixclients.html#id2589345">Technical Issues</a></dt><dt>Windows, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt><dt>NT, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a></dt></dl></dd><dt>Windows 2000 ACLs, <a class="indexterm" href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></dt><dt>Windows 2003 Serve, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Windows 200x ACLs, <a class="indexterm" href="kerberos.html#id2615391">Questions and Answers</a></dt><dt>Windows accounts, <a class="indexterm" href="happy.html#id2571856">Technical Issues</a></dt><dt>Windows ACLs, <a class="indexterm" href="kerberos.html#id2615047">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Windows Address Book, <a class="indexterm" href="nw4migration.html#id2606568">LDAP Server Configuration</a></dt><dt>Windows ADS Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>Windows clients, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>Windows Explorer, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>Windows explorer, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>Windows security identifier (see SID)</dt><dt>Windows Servers, <a class="indexterm" href="kerberos.html#id2610496">Introduction</a></dt><dt>Windows Services for UNIX (see SUS)</dt><dt>Windows XP, <a class="indexterm" href="small.html#id2555462">Assignment Tasks</a></dt><dt>WINS, <a class="indexterm" href="simple.html#id2551953">Implementation</a>, <a class="indexterm" href="small.html#id2555570">Technical Issues</a>, <a class="indexterm" href="small.html#id2555790">Implementation</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#id2565409">Technical Issues</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id2584231">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>lookup, <a class="indexterm" href="unixclients.html#id2596972">Questions and Answers</a></dt><dt>name resolution, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt><dt>server, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="HA.html#id2619596">Routed Networks</a></dt></dl></dd><dt>WINS server, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="net2000users.html#id2588370">Questions and Answers</a></dt><dt>WINS serving, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>wins support, <a class="indexterm" href="secure.html#id2559329">Implementation</a></dt><dt>wins.dat, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id2600758">Replacing a Domain Member Server</a></dt><dt>Wireshark, <a class="indexterm" href="primer.html#id2625280">Requirements and Notes</a></dt><dt>wireshark, <a class="indexterm" href="primer.html#id2625618">Exercises</a></dt><dt>Word, <a class="indexterm" href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></dt><dt>workgroup, <a class="indexterm" href="simple.html#id2551061">Implementation</a>, <a class="indexterm" href="upgrades.html#id2598325">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id2599119">Change of Workgroup (Domain) Name</a></dt><dt>Workgroup Announcement, <a class="indexterm" href="primer.html#id2626531">Findings</a></dt><dt>workstation, <a class="indexterm" href="unixclients.html#id2590094">Implementation</a></dt><dt>wrapper, <a class="indexterm" href="DomApps.html#id2618286">Questions and Answers</a></dt><dt>write lock, <a class="indexterm" href="appendix.html#id2625113">Opportunistic Locking Controls</a></dt></dl></div><div class="indexdiv"><h3>X</h3><dl><dt>xinetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>XML, <a class="indexterm" href="net2000users.html#id2583824">Dissection and Discussion</a></dt><dt>xmlsam, <a class="indexterm" href="net2000users.html#id2585064">Implementation</a></dt></dl></div><div class="indexdiv"><h3>Y</h3><dl><dt>YaST, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>Yellow Pages, <a class="indexterm" href="net2000users.html#id2584570">Identity Management Needs</a></dt><dt>yellow pages (see NIS)</dt></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Glossary </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Index</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Index</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="index" title="Index"><div class="titlepage"><div><div><h2 class="title"><a name="id395334"></a>Index</h2></div></div></div><div class="index"><div class="indexdiv"><h3>Symbols</h3><dl><dt>%LOGONSERVER%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>%USERNAME%, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id342818">Profile Changes</a></dt><dt>%USERPROFILE%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>/data/ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>/etc/cups/mime.convs, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/cups/mime.types, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/dhcpd.conf, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>/etc/exports, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>/etc/group, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/hosts, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>/etc/krb5.conf, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>/etc/ldap.conf, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>/etc/mime.convs, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/mime.types, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/named.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>/etc/nsswitch.conf, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>/etc/openldap/slapd.conf, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>/etc/passwd, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>/etc/rc.d/boot.local, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>/etc/rc.d/rc.local, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>/etc/resolv.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>/etc/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/etc/samba/secrets.tdb, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>/etc/samba/smbusers, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>/etc/shadow, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>/etc/squid/squid.conf, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/syslog.conf, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>/etc/xinetd.d, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>/lib/libnss_ldap.so.2, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>/opt/IDEALX/sbin, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>/proc/sys/net/ipv4/ip_forward, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>/usr/bin, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/lib/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/local, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/local/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/local/samba/var/locks, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/usr/sbin, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/share, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/share/samba/swat, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/share/swat, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/var/cache/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/var/lib/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/var/log/ldaplogs, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>/var/log/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>8-bit, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt></dl></div><div class="indexdiv"><h3></h3><dl><dt>, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="Big500users.html#id336338">Implementation</a>, <a class="indexterm" href="happy.html#sbehap-ppc">Addition of Machines to the Domain</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a></dt><dd><dl><dt>Domain account, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>liability, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>logon, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>problem, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>transparent inter-operability, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>A</h3><dl><dt>abmas-netfw.sh, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>accept, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>accepts liability, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>access, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>access control, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a>, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>Access Control Lists (see ACLs)</dt><dt>access control settings, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>access controls, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>accessible, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>account, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dd><dl><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>account credentials, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>account information, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>account names, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>account policies, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>accountable, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>accounts</dt><dd><dl><dt>authoritative, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Domain, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>machine, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>manage, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>user, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt></dl></dd><dt>ACL, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>ACLs, <a class="indexterm" href="happy.html#id352420">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>acquisitions, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Act!, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>ACT! database, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>Act!Diag, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>Active Directory, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id357994">Assignment Tasks</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>authentication, <a class="indexterm" href="DomApps.html#id383905">Squid Configuration</a></dt><dt>domain, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>management tools, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>realm, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>Replacement, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>tree, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt></dl></dd><dt>active directory, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>AD printer publishing, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>ADAM, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>add group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add machine script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>Add Printer Wizard</dt><dd><dl><dt>APW, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>add user script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add user to group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>adduser, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>adequate precautions, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>administrative installation, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>administrative rights, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>administrator, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>ADMT, <a class="indexterm" href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></dt><dt>ADS, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>affordability, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>alarm, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>algorithm, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>allow trusted domains, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>alternative, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>analysis, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>anonymous connection, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>Apache Web server, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>appliance mode, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>application server, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>application servers, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>application/octet-stream, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>APW, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>arp, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>assessment, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>assistance, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>assumptions, <a class="indexterm" href="HA.html#id386548">Key Points Learned</a></dt><dt>authconfig, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>authenticate, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>authenticated, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dt>authenticated connection, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>authentication, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dd><dl><dt>plain-text, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></dd><dt>authentication process, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>authentication protocols, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt><dt>authoritative, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>authorized location, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>auto-generated SID, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>automatically allocate, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>availability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt></dl></div><div class="indexdiv"><h3>B</h3><dl><dt>backends, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>background communication, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>Backup, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Backup Domain Controller (see BDC)</dt><dt>bandwidth, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dd><dl><dt>requirements, <a class="indexterm" href="net2000users.html#id353212">User Needs</a></dt></dl></dd><dt>bandwidth calculations, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>BDC, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id357027">Key Points Learned</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>benefit, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>best practices, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>bias, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>binary database, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>binary files, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>binary package, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>bind interfaces only, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>broadcast, <a class="indexterm" href="HA.html#id385556">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>directed, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>mailslot, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>broadcast messages, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>broadcast storms, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>broken, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>broken behavior, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>browse, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>browse master, <a class="indexterm" href="primer.html#id391158">Findings</a></dt><dt>Browse Master, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browse.dat, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>Browser Election Service, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browsing, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dt>budgetted, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>bug fixes, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>bug report, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt></dl></div><div class="indexdiv"><h3>C</h3><dl><dt>cache, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt><dt>cache directories, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>caching, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>case-sensitive, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>centralized storage, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>character set, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>check samba daemons, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>check-point, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>check-point controls, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>Checkpoint Controls, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>chgrp, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>chkconfig, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>chmod, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>choice, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>chown, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>CIFS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="primer.html#id391158">Findings</a></dt><dt>cifsfs, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>clean database, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>clients per DC, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Clock skew, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>cluster, <a class="indexterm" href="HA.html#id384815">Introduction</a></dt><dt>clustering, <a class="indexterm" href="HA.html#id384815">Introduction</a>, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>code maintainer, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>codepage, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>collision rates, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>commercial, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>commercial software, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>commercial support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id386894">Commercial Support</a></dt><dt>Common Internet File System (see CIFS)</dt><dt>comparison</dt><dd><dl><dt>Active Directory &amp; OpenLDAP, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt></dl></dd><dt>compat, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>compatible, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>compile-time, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>complexities, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>compromise, <a class="indexterm" href="happy.html#id341463">Introduction</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>computer account, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Computer Management, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>computer name, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>condemns, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>conferences, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>configuration files, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>configure.pl, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>connection, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>connectivity, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>consequential risk, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>consultant, <a class="indexterm" href="simple.html#id323158">Drafting Office</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>consumer, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>consumer expects, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>contiguous directory, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>contributions, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>control files, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>convmv, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>copy, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>corrective action, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>cost, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>cost-benefit, <a class="indexterm" href="nw4migration.html#id373282">Assignment Tasks</a></dt><dt>country of origin, <a class="indexterm" href="ch14.html#id386894">Commercial Support</a></dt><dt>Courier-IMAP, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>credential, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>credentials, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>crippled, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>criticism, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Critics, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Cryptographic, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>CUPS, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="small.html#id329652">Key Points Learned</a>, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dd><dl><dt>queue, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt></dl></dd><dt>cupsd, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>customer expected, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>customers, <a class="indexterm" href="ch14.html">Samba Support</a></dt></dl></div><div class="indexdiv"><h3>D</h3><dl><dt>daemon, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>daemon control, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>data</dt><dd><dl><dt>corruption, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>integrity, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt></dl></dd><dt>data corruption, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a>, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>data integrity, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a>, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>data storage, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>database, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>database applications, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>DB_CONFIG, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>DCE, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>DDNS (see dynamic DNS)</dt><dt>Debian, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>default installation, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>default password, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>default profile, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>Default User, <a class="indexterm" href="happy.html#id342818">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>defective</dt><dd><dl><dt>cables, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>HUBs, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>switches, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt></dl></dd><dt>defects, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>defensible standards, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>defragmentation, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a></dt><dt>delete group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delete user from group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delimiter, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>dependability, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>deployment, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>desired security setting, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>development, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>DHCP, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="small.html#id329652">Key Points Learned</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dd><dl><dt>client, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>relay, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a></dt><dt>Relay Agent, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>request, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>requests, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a></dt><dt>servers, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>traffic, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt></dl></dd><dt>dhcp client validation, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>DHCP Server, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>DHCP server, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>diagnostic, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>diffusion, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>digital rights, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>digital sign'n'seal, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>digits, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>diligence, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>directory, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dd><dl><dt>Computers container, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>management, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>People container, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>replication, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>schema, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>server, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>synchronization, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt></dl></dd><dt>directory tree, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>disable, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>disaster recovery, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>disk image, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>disruptive, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>distributed, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="HA.html#id386240">Distribute Network Load with MSDFS</a></dt><dt>distributed domain, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>DMB, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>DMS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>DNS, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>configuration, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>Dynamic, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>dynamic, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>lookup, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>name lookup, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>SRV records, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>suffix, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></dd><dt>DNS server, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>document the settings, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>documentation, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>documented, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>Domain, <a class="indexterm" href="small.html#id327416">Technical Issues</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id327416">Technical Issues</a></dt></dl></dd><dt>domain</dt><dd><dl><dt>Active Directory, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>controller, <a class="indexterm" href="upgrades.html#id368664">Replacing a Domain Controller</a></dt><dt>joining, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>trusted, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt></dl></dd><dt>Domain accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Domain Administrator, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>Domain Controller, <a class="indexterm" href="small.html#id329652">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358731">Implementation</a>, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dd><dl><dt>closest, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>domain controller, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>domain controllers, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Domain Controllers, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>Domain Groups</dt><dd><dl><dt>well-known, <a class="indexterm" href="appendix.html#id388463">Initialization of the LDAP Database</a></dt></dl></dd><dt>Domain join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>domain master, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt><dt>Domain Master Browser (see DMB)</dt><dt>Domain Member, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dd><dl><dt>authoritative</dt><dd><dl><dt>local accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt></dl></dd><dt>client, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>desktop, <a class="indexterm" href="unixclients.html#id357946">Introduction</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id357946">Introduction</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358731">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>servers, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>workstations, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt></dl></dd><dt>domain member</dt><dd><dl><dt>servers, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt></dl></dd><dt>Domain Member server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Domain Member servers, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>domain members, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>domain name space, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>domain replication, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>domain SID, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>Domain SID, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>domain tree, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>Domain User Manager, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a></dt><dt>Domain users, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>DOS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>dos2unix, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>down-grade, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>drive letters, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>drive mapping, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>dumb printing, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>dump, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>duplicate accounts, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>dynamic DNS, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>E</h3><dl><dt>e-Directory, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>Easy Software Products, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>economically sustainable, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>eDirectory, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>education, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>election, <a class="indexterm" href="primer.html#id391158">Findings</a></dt><dt>employment, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>enable, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>encrypted, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>encrypted password, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>encrypted passwords, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>End User License Agreement (see EULA)</dt><dt>enumerating, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>essential, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>ethereal, <a class="indexterm" href="primer.html#id390920">Exercises</a></dt><dt>Ethernet switch, <a class="indexterm" href="small.html#id327416">Technical Issues</a></dt><dt>ethernet switch, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>EULA, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>Everyone, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>Excel, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>exclusive open, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt><dt>experiment, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>export, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>extent, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>External Domains, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>extreme demand, <a class="indexterm" href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></dt></dl></div><div class="indexdiv"><h3>F</h3><dl><dt>fail, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>failed, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>failed join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>failure, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>familiar, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>fatal problem, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>fear, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>fears, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Fedora, <a class="indexterm" href="simple.html#id323158">Drafting Office</a></dt><dt>FHS, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>file and print server, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>file and print service, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>file caching, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt><dt>File Hierarchy System (see FHS)</dt><dt>file locations, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>file permissions, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>file server</dt><dd><dl><dt>read-only, <a class="indexterm" href="simple.html#id323219">Dissection and Discussion</a></dt></dl></dd><dt>file servers, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a></dt><dt>file system, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dd><dl><dt>access control, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>Ext3, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt><dt>permissions, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>file system security, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>filter, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>financial responsibility, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>firewall, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>fix, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>flaws, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>flexibility, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>flush</dt><dd><dl><dt>cache memory, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt></dl></dd><dt>folder redirection, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>force group, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>force user, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>forced settings, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>foreign, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>foreign SID, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>forwarded, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>foundation members, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Free Standards Group (see FSG)</dt><dt>free support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>front-end, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dd><dl><dt>server, <a class="indexterm" href="HA.html#id386240">Distribute Network Load with MSDFS</a></dt></dl></dd><dt>frustration, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>FSG, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>FTP</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></dd><dt>full control, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id381156">Using MS Windows Explorer (File Manager)</a></dt><dt>fully qualified, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>functional differences, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a></dt></dl></div><div class="indexdiv"><h3>G</h3><dl><dt>generation, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a></dt><dt>Gentoo, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>getent, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>getfacl, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>getgrnam, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>getpwnam, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>getpwnam(), <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>GID, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Goettingen, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>government, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>GPL, <a class="indexterm" href="secure.html#id335012">Comments Regarding Software Terms of Use</a></dt><dt>group account, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>group management, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>group mapping, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>group membership, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>group names, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>group policies, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a></dt><dt>Group Policy, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>Group Policy editor, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>Group Policy Objects, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>groupadd, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>groupdel, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>groupmem, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>groupmod, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>GSS-API, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>guest account, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a>, <a class="indexterm" href="primer.html#chap01conc">Dissection and Discussion</a>, <a class="indexterm" href="primer.html#id393223">Technical Issues</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>H</h3><dl><dt>hackers, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>hardware prices, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>hardware problems, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>Heimdal, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Heimdal Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>Heimdal kerberos, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>help, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>helper agent, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>hesiod, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>hierarchy of control, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>high availability, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>hire, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>HKEY_CURRENT_USER, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>HKEY_LOCAL_MACHINE, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>HKEY_LOCAL_USER, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>host announcement, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a>, <a class="indexterm" href="primer.html#id391782">Findings</a></dt><dt>hostname, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>hosts, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>HUB, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Hybrid, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>hypothetical, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt></dl></div><div class="indexdiv"><h3>I</h3><dl><dt>Idealx, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dd><dl><dt>smbldap-tools, <a class="indexterm" href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt></dl></dd><dt>identifiers, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>identity, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dd><dl><dt>management, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt></dl></dd><dt>identity management, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>Identity Management, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>Identity management, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></dt><dt>Identity resolution, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>Identity resolver, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>IDMAP, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>idmap backend, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>IDMAP backend, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>idmap gid, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>idmap uid, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>idmap_rid, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>IMAP, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>import, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>income, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>independent expert, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>inetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>inetOrgPerson, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>inheritance, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>initGrps.sh, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>initial credentials, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>inoperative, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>install, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>installation, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>integrate, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>integrity, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>inter-domain, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>inter-operability, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>interactive help, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>interdomain trusts, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>interfaces, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>intermittent, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>internationalization, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>Internet Explorer, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>Internet Information Server, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>interoperability, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>IP forwarding, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>IPC$, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>iptables, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>IRC, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>isolated, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Italian, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>J</h3><dl><dt>jobs, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>joining a domain, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></div><div class="indexdiv"><h3>K</h3><dl><dt>KDC, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dd><dl><dt>Heimdal, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>interoperability, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>libraries, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>MIT, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>unspecified fields, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt></dl></dd><dt>kerberos, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt></dl></dd><dt>Kerberos ticket, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>kinit, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Kixtart, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>klist, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>krb5, <a class="indexterm" href="DomApps.html#id382530">Implementation</a></dt><dt>krb5.conf, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt></dl></div><div class="indexdiv"><h3>L</h3><dl><dt>LAM, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dd><dl><dt>configuration editor, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>configuration file, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>login screen, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>opening screen, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>profile, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>wizard, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt></dl></dd><dt>large domain, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>LDAP, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id343123">Preliminary Advice: Dangers Can Be Avoided</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id352846">Introduction</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="net2000users.html#id357027">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369064">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dd><dl><dt>backend, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>database, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>directory, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>initial configuration, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>master/slave</dt><dd><dl><dt>background communication, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt></dl></dd><dt>preload, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>schema, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>secure, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>updates, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt></dl></dd><dt>ldap, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>LDAP Account Manager (see LAM)</dt><dt>LDAP backend, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>LDAP database, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>LDAP Interchange Format (see LDIF)</dt><dt>LDAP server, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>LDAP-transfer-LDIF.txt, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>ldap.conf, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>ldapadd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>ldapsam, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id369064">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>ldapsam backend, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>ldapsearch, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>LDIF, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id388463">Initialization of the LDAP Database</a></dt><dt>leadership, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Lightweight Directory Access Protocol (see LDAP)</dt><dt>limit, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Linux desktop, <a class="indexterm" href="unixclients.html#id357946">Introduction</a></dt><dt>Linux Standards Base (see LSB)</dt><dt>LMB, <a class="indexterm" href="primer.html#id391158">Findings</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>LMHOSTS, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>load distribution, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>local accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Local Group Policy, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>Local Master Announcement, <a class="indexterm" href="primer.html#id391782">Findings</a></dt><dt>Local Master Browser (see LMB)</dt><dt>localhost, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>lock directory, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>locking</dt><dd><dl><dt>Application level, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Client side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Server side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>logging, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>login, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>loglevel, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>logon credentials, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>logon hours, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a></dt><dt>logon machines, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>logon path, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>logon process, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>logon scrip, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>logon script, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id350512">Preparation of Logon Scripts</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>logon server, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>logon services, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>logon time, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>logon traffic, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>logon.kix, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>loopback, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>low performance, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>lower-case, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a></dt><dt>lpadmin, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>LSB, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>M</h3><dl><dt>machine, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>machine account, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>machine accounts, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>machine secret password, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a></dt><dt>MACHINE.SID, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>mailing list, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>mailing lists, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>managed, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>management, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dd><dl><dt>group, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>User, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>mandatory profile, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a></dt><dt>Mandrake, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>mapped drives, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>mapping, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dd><dl><dt>consistent, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt></dl></dd><dt>Mars_NWE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>material, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>memberUID, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>memory requirements, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>merge, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>merged, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>meta-directory, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>meta-service, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Microsoft Access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft Excel, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft ISA, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dt>Microsoft Management Console (see MMC)</dt><dt>Microsoft Office, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>Microsoft Outlook</dt><dd><dl><dt>PST files, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt></dl></dd><dt>migrate, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>migration, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dd><dl><dt>objectives, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt></dl></dd><dt>Migration speed, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>mime type, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>mime types, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>missing RPC's, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>MIT, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>MIT Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>MIT kerberos, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>MIT KRB5, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>mixed mode, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>mixed-mode, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>MMC, <a class="indexterm" href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>mobile computing, <a class="indexterm" href="small.html#id327371">Dissection and Discussion</a></dt><dt>mobility, <a class="indexterm" href="net2000users.html#id353175">Technical Issues</a></dt><dt>modularization, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>modules, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>MS Access</dt><dd><dl><dt>validate, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt></dl></dd><dt>MS Outlook, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>PST file, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>MS Windows Server 2003, <a class="indexterm" href="DomApps.html#id382530">Implementation</a></dt><dt>MS Word, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>MSDFS, <a class="indexterm" href="HA.html#id386240">Distribute Network Load with MSDFS</a></dt><dt>multi-subnet, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>multi-user</dt><dd><dl><dt>access, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt><dt>data access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>multiple directories, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>multiple domain controllers, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>multiple group mappings, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>mutual assistance, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>My Documents, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>My Network Places, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>mysqlsam, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt></dl></div><div class="indexdiv"><h3>N</h3><dl><dt>name resolution, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dd><dl><dt>Defective, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>name resolve order, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>name service switch, <a class="indexterm" href="small.html#id327606">Implementation</a> (see NSS)</dt><dt>named, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>NAT, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>native, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>net</dt><dd><dl><dt>ads</dt><dd><dl><dt>info, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>status, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>getlocalsid, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt><dt>groupmap</dt><dd><dl><dt>add, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>list, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>modify, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt></dl></dd><dt>rpc</dt><dd><dl><dt>info, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>join, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt><dt>vampire, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt></dl></dd><dt>setlocalsid, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>NetBIOS, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>name cache, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>name resolution</dt><dd><dl><dt>delays, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Node Type, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></dd><dt>netbios</dt><dd><dl><dt>machine  name, <a class="indexterm" href="upgrades.html#id366964">Change of hostname</a></dt></dl></dd><dt>netbios forwarding, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>NetBIOS name, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dd><dl><dt>aliases, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt></dl></dd><dt>netbios name, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366964">Change of hostname</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>NETLOGON, <a class="indexterm" href="happy.html#id342906">Using a Network Default User Profile</a>, <a class="indexterm" href="happy.html#id350723">Windows Client Configuration</a></dt><dt>netlogon, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Netlogon, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>netmask, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt><dt>Netware, <a class="indexterm" href="small.html">Small Office Networking</a></dt><dt>NetWare, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>network</dt><dd><dl><dt>administrators, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>analyzer, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dt>bandwidth, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>broadcast, <a class="indexterm" href="primer.html#id390763">Introduction</a></dt><dt>captures, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>collisions, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>load, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>logon scripts, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>management, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>multi-segment, <a class="indexterm" href="happy.html#id341463">Introduction</a></dt><dt>overload, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>performance, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>routed, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>segment, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>sniffer, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>timeout, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>timeouts, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>trace, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dt>traffic</dt><dd><dl><dt>observation, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>wide-area, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt></dl></dd><dt>Network Address Translation (see NAT)</dt><dt>network administrators, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>network attached storage (see NAS)</dt><dt>network bandwidth</dt><dd><dl><dt>utilization, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Network Default Profile, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>network hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>network hygiene, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>network Identities, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>network load factors, <a class="indexterm" href="Big500users.html#id336113">Dissection and Discussion</a></dt><dt>Network Neighborhood, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>network segment, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>network segments, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>network share, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>networking</dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>networking hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>networking protocols, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>next generation, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>NextFreeUnixId, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>NFS server, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>NICs, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>NIS, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>nis, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>NIS schema, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>NIS server, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>NIS+, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>nisplus, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>NLM, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>nmap, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>nmbd, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>nobody, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>Novell, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id373183">Introduction</a></dt><dt>Novell SUSE SLES 9, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>NSS, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a> (see same service switch)</dt><dt>nss_ldap, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>nt acl support, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt><dt>NT4 registry, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>NTLM, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>NTLM authentication daemon, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>NTLMSSP, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>NTLMSSP_AUTH, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>ntlm_auth, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>NTP, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>NTUSER.DAT, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id342818">Profile Changes</a>, <a class="indexterm" href="happy.html#id342906">Using a Network Default User Profile</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>NULL connection, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>NULL session, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>NULL-Session, <a class="indexterm" href="primer.html#id393094">Discussion</a></dt></dl></div><div class="indexdiv"><h3>O</h3><dl><dt>objectClass, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>off-site storage, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Open Magazine, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>Open Source, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>OpenLDAP, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>openldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>OpenOffice, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>operating profiles, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>oplock break, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>oplocks, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>Oplocks</dt><dd><dl><dt>disabled, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt></dl></dd><dt>opportunistic</dt><dd><dl><dt>locking, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt></dl></dd><dt>opportunistic locking, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>optimized, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>organizational units, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>OS/2, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>Outlook</dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt></dl></dd><dt>Outlook Address Book, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>Outlook Express, <a class="indexterm" href="secure.html#id330742">Political Issues</a>, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>over-ride, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>over-ride controls, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>over-rule, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id381156">Using MS Windows Explorer (File Manager)</a></dt><dt>overheads, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>ownership, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt></dl></div><div class="indexdiv"><h3>P</h3><dl><dt>package, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt><dt>package names, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>packages, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>PADL, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>PADL LDAP tools, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>PADL Software, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>paid-for support, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>PAM, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>pam_ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>pam_ldap.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>pam_unix2.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dd><dl><dt>use_ldap, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt></dl></dd><dt>parameters, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>passdb backend, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id369064">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>passdb.tdb, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>passwd, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>password</dt><dd><dl><dt>backend, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>password caching, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>password change, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a></dt><dt>password length, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>payroll, <a class="indexterm" href="nw4migration.html#id373183">Introduction</a></dt><dt>pdbedit, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>PDC, <a class="indexterm" href="Big500users.html#id336038">Assignment Tasks</a>, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>PDC/BDC ratio, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>PDF, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>performance, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a>, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a>, <a class="indexterm" href="HA.html#id384815">Introduction</a>, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>performance degradation, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a>, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>Perl, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>permission, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>permissions, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>excessive, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>group, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>user, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt></dl></dd><dt>Permissions, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>permits, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>permitted group, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>PHP, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>PHP4, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>pile-driver, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>ping, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>pitfalls, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>plain-text, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>Pluggable Authentication Modules (see PAM)</dt><dt>policy, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>poor performance, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>POP3, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>Posix, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>POSIX, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Posix accounts, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Posix ACLs, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>PosixAccount, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>posixAccount, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Postfix, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Postscript, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>powers, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>practices, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>precaution, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>presence and leadership, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>price paid, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>primary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>principals, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>print filter, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>print queue, <a class="indexterm" href="simple.html#id323803">Charity Administration Office</a>, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt><dt>print spooler, <a class="indexterm" href="simple.html#id323803">Charity Administration Office</a></dt><dt>Print Test Page, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>printcap name, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>printer validation, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>printers</dt><dd><dl><dt>Advanced, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Default Settings, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>General, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Properties, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Security, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Sharing, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>printing, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dd><dl><dt>drag-and-drop, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>dumb, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>point-n-click, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>raw, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt></dl></dd><dt>privacy, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>Privilege Attribute Certificates (see PAC)</dt><dt>privilege controls, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>privileged pipe, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>privileges, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id368384">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>problem report, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>problem resolution, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>product defects, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>professional support, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>profile</dt><dd><dl><dt>default, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>mandatory, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>roaming, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>profile path, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>profile share, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>profiles, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>profiles share, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>programmer, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>project, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>project maintainers, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Properties, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>proprietary, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>protected, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>protection, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>protocol</dt><dd><dl><dt>negotiation, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>protocol analysis, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>protocols, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>provided services, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>proxy, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>PST file, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>public specifications, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>purchase support, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt></dl></div><div class="indexdiv"><h3>Q</h3><dl><dt>Qbasic, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>qualified problem, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt></dl></div><div class="indexdiv"><h3>R</h3><dl><dt>RAID, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>RAID controllers, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>Raw Print Through, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>raw printing, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>Rbase, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>rcldap, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>realm, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>recognize, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>record locking, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt><dt>recursively, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Red Hat, <a class="indexterm" href="simple.html#id323158">Drafting Office</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>Red Hat Fedora Linux, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Red Hat Linux, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="simple.html#AccountingOffice">Accounting Office</a>, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>redirected folders, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>refereed standards, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>regedit, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>regedt32, <a class="indexterm" href="happy.html#id342818">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dd><dl><dt>keys</dt><dd><dl><dt>SAM, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>SECURITY, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt></dl></dd></dl></dd><dt>registry change, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Registry Editor, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry hacks, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>registry keys, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>reimburse, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>rejected, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>rejoin, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>reliability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt><dt>remote announce, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>remote browse sync, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>remote procedure call (see RPC)</dt><dt>replicate, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>replicated, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>requesting payment, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>resilient, <a class="indexterm" href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></dt><dt>resolution, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>resolve, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>response, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>responsibility, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>responsible, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>restrict anonymous, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>restricted export, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>Restrictive security, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>reverse DNS, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>rfc2307bis, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a></dt><dt>RID, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>risk, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>road-map, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dd><dl><dt>published, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>roaming profile, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a>, <a class="indexterm" href="net2000users.html#id353212">User Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>roaming profiles, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>routed network, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>router, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>routers, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>RPC, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>rpc, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>rpcclient, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>RPM, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dd><dl><dt>install, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt></dl></dd><dt>rpm, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>RPMs, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>rpms, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>rsync, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>rsyncd.conf, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>run-time control files, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>S</h3><dl><dt>safe-guards, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>SAM, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>samba, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>starting samba, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt></dl></dd><dt>Samba, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Samba accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>samba cluster, <a class="indexterm" href="HA.html#id384815">Introduction</a></dt><dt>samba control script, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>Samba Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Samba Domain server, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>Samba RPM Packages, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>Samba Tea, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>sambaDomainName, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>sambaGroupMapping, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>SambaSAMAccount, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>SambaSamAccount, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>sambaSamAccount, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>SambaXP conference, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>SAN, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>SAS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>scalability, <a class="indexterm" href="HA.html#id384815">Introduction</a></dt><dt>scalable, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>schannel, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>schema, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id368069">Samba-2.x with LDAP Support</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>scripts, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>secondary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></dt><dt>secret, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>secrets.tdb, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>secure account password, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>secure connections, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>secure networking, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>secure networking protocols, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>security, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dd><dl><dt>identifier, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>share mode, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt><dt>user mode, <a class="indexterm" href="simple.html#id325807">Dissection and Discussion</a></dt></dl></dd><dt>Security, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>Security Account Manager (see SAM)</dt><dt>security controls, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>security descriptors, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>security fixes, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>security updates, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>SerNet, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>server</dt><dd><dl><dt>domain member, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>stand-alone, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>service, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dd><dl><dt>smb</dt><dd><dl><dt>start, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a></dt></dl></dd></dl></dd><dt>Service Packs, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt><dt>services provided, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>session setup, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>Session Setup, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></dt><dt>SessionSetUpAndX, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>set primary group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>setfacl, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>severely degrade, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>SFU, <a class="indexterm" href="unixclients.html#id364460">IDMAP, Active Directory, and MS Services for UNIX 3.5</a></dt><dt>SGID, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>shadow-utils, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Share Access Controls, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>share ACLs, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>share definition, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Share Definition</dt><dd><dl><dt>Controls, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt></dl></dd><dt>share definition controls, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>share level access controls, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>share level ACL, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Share Permissions, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>shared resource, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>shares, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>SID, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367023">Change of Workgroup (Domain) Name</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id388463">Initialization of the LDAP Database</a></dt><dt>side effects, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>Sign'n'seal, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>silent return, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>simple, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>Single Sign-On (see SSO)</dt><dt>slapcat, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>slapd, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>slapd.conf, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>slow logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>slow network, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>slurpd, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>smart printing, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>SMB, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>SMB passwords, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>SMB/CIFS, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>smbclient, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>smbd, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dd><dl><dt>location of files, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt></dl></dd><dt>smbfs, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbldap-groupadd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>smbldap-groupmod, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>smbldap-passwd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-populate, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-tools, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>smbldap-tools updating, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>smbldap-useradd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>smbldap-usermod, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>smbmnt, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbmount, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbpasswd, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>smbumnt, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbumount, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>SMTP, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>snap-shot, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>socket address, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>socket options, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>software, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>solve, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>source code, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>SPNEGO, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>SQL, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>Squid, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id383905">Squid Configuration</a></dt><dt>squid, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Squid proxy, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>SRVTOOLS.EXE, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>SSL, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>stand-alone server, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>starting CUPS, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting dhcpd, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting samba, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dd><dl><dt>nmbd, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>smbd, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>winbindd, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt></dl></dd><dt>startingCUPS, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>startup script, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>sticky bit, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>storage capacity, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>strategic, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>strategy, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>straw-man, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>strict sync, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>stripped, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>strong cryptography, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>subscription, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>SUID, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>Sun ONE Identity Server, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>super daemon, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>support, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>survey, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>SUSE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>SUSE Enterprise Linux Server, <a class="indexterm" href="simple.html#id323803">Charity Administration Office</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a></dt><dt>SUSE Linux, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>SWAT, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>sync always, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>synchronization, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>synchronize, <a class="indexterm" href="net2000users.html#id353212">User Needs</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>synchronized, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>syslog, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>system level logins, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>system security, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>T</h3><dl><dt>tattooing, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>TCP/IP, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>tdbdump, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>tdbsam, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>testparm, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>ticket, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>time server, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>Tivoli Directory Server, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>TLS, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>token, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>tool, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>TOSHARG2, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>track record, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>traffic collisions, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>transaction processing, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>transactional, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>transfer, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>translate, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>traverse, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>tree, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>Tree Connect, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></dt><dt>trust account, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>trusted computing, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Trusted Domains, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>trusted domains, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>trusted third-party, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>trusting, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>turn-around time, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>U</h3><dl><dt>UDP</dt><dd><dl><dt>broadcast, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt></dl></dd><dt>UID, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>un-join, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>unauthorized activities, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>UNC name, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>unencrypted, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>Unicast, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>unicode, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>Universal Naming Convention (see UNC name)</dt><dt>UNIX, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a></dt></dl></dd><dt>UNIX accounts, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>UNIX/Linux server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>unix2dos, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>unknown, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>unsupported software, <a class="indexterm" href="ch14.html#id386894">Commercial Support</a></dt><dt>update, <a class="indexterm" href="upgrades.html#id366117">Introduction</a>, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a></dt><dt>updates, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>updating smbldap-tools, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>upgrade, <a class="indexterm" href="upgrades.html#id366117">Introduction</a>, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>uppercase, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a></dt><dt>user</dt><dd><dl><dt>management, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>user account, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>User and Group Controls, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>user credentials, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></dt><dt>user errors, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>user groups, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>user identities, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>user logins, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>user management, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>User Manager, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>User Mode, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>useradd, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>userdel, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>usermod, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>username, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>username map, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>UTF-8, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>utilities, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>V</h3><dl><dt>valid users, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>validate, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>validated, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>validation, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>vampire, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>vendor, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>vendors, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>VFS modules, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>virus, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>VPN, <a class="indexterm" href="net2000users.html#id352871">Assignment Tasks</a></dt><dt>vulnerabilities, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt></dl></div><div class="indexdiv"><h3>W</h3><dl><dt>wbinfo, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>weakness, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>web</dt><dd><dl><dt>caching, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dt>proxying, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt></dl></dd><dt>Web</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dd><dl><dt>access, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt></dl></dd></dl></dd><dt>Web browsers, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt><dt>WebClient, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>WHATSNEW.txt, <a class="indexterm" href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></dt><dt>white-pages, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>wide-area, <a class="indexterm" href="net2000users.html#id353212">User Needs</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357027">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>wide-area network, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a>, <a class="indexterm" href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>winbind, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id358022">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a></dt><dt>Winbind, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a></dt><dt>winbind trusted domains only, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>winbind use default domain, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>winbindd, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id368384">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>winbindd_cache.tdb, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>winbindd_idmap.tdb, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Windows, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>NT, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>Windows 2000 ACLs, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>Windows 2003 Serve, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Windows 200x ACLs, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Windows accounts, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>Windows ACLs, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Windows Address Book, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Windows ADS Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>Windows clients, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>Windows Explorer, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>Windows explorer, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>Windows security identifier (see SID)</dt><dt>Windows Servers, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Windows Services for UNIX (see SUS)</dt><dt>Windows XP, <a class="indexterm" href="small.html#id327326">Assignment Tasks</a></dt><dt>WINS, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>lookup, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>name resolution, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>server, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt></dl></dd><dt>WINS server, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>WINS serving, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>wins support, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>wins.dat, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>Wireshark, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>wireshark, <a class="indexterm" href="primer.html#id390920">Exercises</a></dt><dt>Word, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>workgroup, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367023">Change of Workgroup (Domain) Name</a></dt><dt>Workgroup Announcement, <a class="indexterm" href="primer.html#id391782">Findings</a></dt><dt>workstation, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>wrapper, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>write lock, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt></dl></div><div class="indexdiv"><h3>X</h3><dl><dt>xinetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>XML, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>xmlsam, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt></dl></div><div class="indexdiv"><h3>Y</h3><dl><dt>YaST, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>Yellow Pages, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>yellow pages (see NIS)</dt></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Glossary </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/kerberos.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 11. Active Directory, Kerberos, and Security</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="RefSection.html" title="Part III. Reference Section"><link rel="next" href="DomApps.html" title="Chapter 12. Integrating Additional Services"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 11. Active Directory, Kerberos, and Security</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="RefSection.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="DomApps.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="kerberos"></a>Chapter 11. Active Directory, Kerberos, and Security</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="kerberos.html#id2610496">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2611138">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id2611154">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2611545">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id2613169">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2613518">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2614131">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2614530">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id2615257">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id2615391">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id2610431"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 11. Active Directory, Kerberos, and Security</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="RefSection.html" title="Part III. Reference Section"><link rel="next" href="DomApps.html" title="Chapter 12. Integrating Additional Services"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 11. Active Directory, Kerberos, and Security</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="RefSection.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="DomApps.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 11. Active Directory, Kerberos, and Security"><div class="titlepage"><div><div><h2 class="title"><a name="kerberos"></a>Chapter 11. Active Directory, Kerberos, and Security</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="kerberos.html#id377126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id377710">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id377723">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378089">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id379573">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379908">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380465">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380830">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id381514">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id381636">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id377075"></a>
         By this point in the book, you have been exposed to many Samba-3 features and capabilities.
         More importantly, if you have implemented the examples given, you are well on your way to becoming 
@@ -5 +5 @@
         practice, you likely have thought of improvements and scenarios with which you can experiment. You 
         are rather well plugged in to the many flexible ways Samba can be used.
-        </p><p><a class="indexterm" name="id2610450"></a>
+        </p><p><a class="indexterm" name="id377090"></a>
         This is a book about Samba-3. Understandably, its intent is to present it in a positive light. 
         The casual observer might conclude that this book is one-eyed about Samba. It is  what 
@@ -14 +14 @@
         decision. Criticism can be expected from the outside. Let's see how the interesting dynamic of 
         criticism develops with respect to Abmas.
-        </p><p><a class="indexterm" name="id2610478"></a>
+        </p><p><a class="indexterm" name="id377113"></a>
         This chapter provides a shameless self-promotion of Samba-3. The objections raised were not pulled
         out of thin air. They were drawn from comments made by Samba users and from criticism during 
@@ -20 +20 @@
         as possible that of the original. The case presented is a straw-man example that is designed to 
         permit each objection to be answered as it might occur in real life.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2610496"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id2610502"></a><a class="indexterm" name="id2610510"></a><a class="indexterm" name="id2610518"></a><a class="indexterm" name="id2610526"></a><a class="indexterm" name="id2610534"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id377126"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id377133"></a><a class="indexterm" name="id377141"></a><a class="indexterm" name="id377148"></a><a class="indexterm" name="id377156"></a><a class="indexterm" name="id377164"></a>
         Abmas is continuing its meteoric growth with yet further acquisitions. The investment community took
         note of the spectacular projection of Abmas onto the global business stage. Abmas is building an
@@ -29 +29 @@
         During the time that the acquisition was closing, the Video Rentals business upgraded its Windows 
         NT4-based network to Windows 2003 Server and Active Directory.
-        </p><p><a class="indexterm" name="id2610558"></a>
+        </p><p><a class="indexterm" name="id377182"></a>
         You have accepted the fact that Abmas Video Rentals will use Microsoft Active Directory.
         The IT team, led by Stan Soroka, is committed to Samba-3 and to maintaining a uniform technology platform. 
         Stan Soroka's team voiced its disapproval over the decision to permit this business to continue to 
-        operate with a solution that is viewed by Christine and her group as &#8220;<span class="quote">an island of broken 
-        technologies.</span>&#8221; This comment was made by one of Christine's staff as they were installing a new 
+        operate with a solution that is viewed by Christine and her group as <span class="quote">&#8220;<span class="quote">an island of broken 
+        technologies.</span>&#8221;</span> This comment was made by one of Christine's staff as they were installing a new 
         Samba-3 server at the new business.
-        </p><p><a class="indexterm" name="id2610581"></a><a class="indexterm" name="id2610589"></a>
+        </p><p><a class="indexterm" name="id377201"></a><a class="indexterm" name="id377209"></a>
         Abmas Video Rentals' head of IT heard of this criticism. He was offended that a junior engineer
         should make such a comment. He felt that he had to prepare in case he might be criticized for his 
         decision to use Active Directory. He decided he would defend his decision by hiring the services 
-        of an outside security systems consultant to report<sup>[<a name="id2610604" href="#ftn.id2610604" class="footnote">12</a>]</sup> on his unit's operations 
+        of an outside security systems consultant to report<sup>[<a name="id377221" href="#ftn.id377221" class="footnote">12</a>]</sup> on his unit's operations 
         and to investigate the role of Samba at his site. Here are key extracts from this hypothetical 
         report:
-        </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id2610616"></a><a class="indexterm" name="id2610624"></a><a class="indexterm" name="id2610632"></a><a class="indexterm" name="id2610640"></a>
+        </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id377230"></a><a class="indexterm" name="id377238"></a><a class="indexterm" name="id377246"></a><a class="indexterm" name="id377254"></a>
         ... the implementation of Microsoft Active Directory at the Abmas Video Rentals, Bamingsham site,
          has been examined. We find no evidence to support a notion that vulnerabilities exist at your site.  
@@ -50 +50 @@
         </p><p>
         ...
-        </p><p><a class="indexterm" name="id2610661"></a><a class="indexterm" name="id2610672"></a><a class="indexterm" name="id2610683"></a><a class="indexterm" name="id2610691"></a><a class="indexterm" name="id2610699"></a><a class="indexterm" name="id2610707"></a>
+        </p><p><a class="indexterm" name="id377272"></a><a class="indexterm" name="id377283"></a><a class="indexterm" name="id377294"></a><a class="indexterm" name="id377302"></a><a class="indexterm" name="id377310"></a><a class="indexterm" name="id377318"></a>
         User and group accounts, and respective privileges, have been well thought out. File system shares are
         appropriately secured. Backup and disaster recovery plans are well managed and validated regularly, and
         effective off-site storage practices are considered to exceed industry norms.
-        </p><p><a class="indexterm" name="id2610723"></a><a class="indexterm" name="id2610731"></a><a class="indexterm" name="id2610739"></a>
+        </p><p><a class="indexterm" name="id377332"></a><a class="indexterm" name="id377340"></a><a class="indexterm" name="id377347"></a>
         Your staff are justifiably concerned that the use of Samba may compromise their good efforts to maintain
         a secure network. 
-        </p><p><a class="indexterm" name="id2610756"></a><a class="indexterm" name="id2610764"></a><a class="indexterm" name="id2610772"></a><a class="indexterm" name="id2610779"></a>
+        </p><p><a class="indexterm" name="id377363"></a><a class="indexterm" name="id377371"></a><a class="indexterm" name="id377379"></a><a class="indexterm" name="id377387"></a>
         The recently installed Linux file and application server uses a tool called <code class="literal">winbind</code> 
         that is indiscriminate about security. All user accounts in Active Directory can be used to access data 
@@ -64 +64 @@
         to great lengths to set fine-grained controls that limit information access to those who need access. 
         It seems incongruous to us that Samba winbind should be permitted to be used considering that it voids this fine work.
-        </p><p><a class="indexterm" name="id2610810"></a><a class="indexterm" name="id2610818"></a><a class="indexterm" name="id2610826"></a>
+        </p><p><a class="indexterm" name="id377412"></a><a class="indexterm" name="id377420"></a><a class="indexterm" name="id377428"></a>
         Graham Judd [head of network administration] has locked down the security of all systems and is following 
         the latest Microsoft guidelines. ... null session connections have been disabled ... the internal network 
@@ -73 +73 @@
         </p><p>
         ...
-        </p><p><a class="indexterm" name="id2610851"></a><a class="indexterm" name="id2610859"></a><a class="indexterm" name="id2610866"></a><a class="indexterm" name="id2610874"></a>
+        </p><p><a class="indexterm" name="id377448"></a><a class="indexterm" name="id377456"></a><a class="indexterm" name="id377464"></a><a class="indexterm" name="id377471"></a>
         Regarding the use of Samba, we offer the following comments: Samba is in use in nearly half of
         all sites we have surveyed. ... It is our opinion that Samba offers no better security than Microsoft
@@ -81 +81 @@
         Samba is not at the full capabilities of Microsoft Windows NT4 server. Microsoft has moved well beyond that
         with trusted computing initiatives that the Samba developers do not participate in.
-        </p><p><a class="indexterm" name="id2610898"></a><a class="indexterm" name="id2610906"></a><a class="indexterm" name="id2610913"></a><a class="indexterm" name="id2610921"></a><a class="indexterm" name="id2610929"></a><a class="indexterm" name="id2610937"></a><a class="indexterm" name="id2610945"></a>
+        </p><p><a class="indexterm" name="id377489"></a><a class="indexterm" name="id377496"></a><a class="indexterm" name="id377504"></a><a class="indexterm" name="id377512"></a><a class="indexterm" name="id377520"></a><a class="indexterm" name="id377528"></a><a class="indexterm" name="id377536"></a>
         One wonders about the integrity of an open source program that is developed by a team of hackers 
         who cannot be held accountable for the flaws in their code. The sheer number of updates and bug
         fixes they have released should ring alarm bells in any business.
-        </p><p><a class="indexterm" name="id2610960"></a><a class="indexterm" name="id2610968"></a><a class="indexterm" name="id2610976"></a>
+        </p><p><a class="indexterm" name="id377549"></a><a class="indexterm" name="id377557"></a><a class="indexterm" name="id377565"></a>
         Another factor that should be considered is that buying Microsoft products and services helps to 
         provide employment in the IT industry. Samba and Open Source software place those jobs at risk.
-        </p></blockquote></div><p><a class="indexterm" name="id2610991"></a><a class="indexterm" name="id2610999"></a>
+        </p></blockquote></div><p><a class="indexterm" name="id377578"></a><a class="indexterm" name="id377586"></a>
         This is also a challenge to rise above the trouble spot. You call Stan's team together for a simple 
         discussion, but it gets further out of hand.  When you return to your office, you find the following 
@@ -101 +101 @@
         across all systems. I concur with the desire to improve security. One of the new guys who is championing
         the move to Kerberos was responsible for the comment that caused the embarrassment.
-        </p><p><a class="indexterm" name="id2611036"></a><a class="indexterm" name="id2611043"></a><a class="indexterm" name="id2611051"></a><a class="indexterm" name="id2611059"></a>
+        </p><p><a class="indexterm" name="id377616"></a><a class="indexterm" name="id377624"></a><a class="indexterm" name="id377632"></a><a class="indexterm" name="id377640"></a>
         I am experiencing difficulty in handling the sharp push for Kerberos. He claims that Kerberos, OpenLDAP, 
         plus Samba-3 will seamlessly replace Microsoft Active Directory. I am a little out of my depth with respect 
         to the feasibility of such a move, but have taken steps to pull both of them into line. With your consent, 
         I would like to hire the services of a well-known Samba consultant to set the record straight.
-        </p><p><a class="indexterm" name="id2611078"></a><a class="indexterm" name="id2611085"></a><a class="indexterm" name="id2611093"></a><a class="indexterm" name="id2611101"></a><a class="indexterm" name="id2611109"></a><a class="indexterm" name="id2611117"></a>
+        </p><p><a class="indexterm" name="id377655"></a><a class="indexterm" name="id377662"></a><a class="indexterm" name="id377670"></a><a class="indexterm" name="id377678"></a><a class="indexterm" name="id377686"></a><a class="indexterm" name="id377694"></a>
         I intend to use this report to answer the criticism raised and would like to establish a policy that we
         will approve the use of Microsoft Windows Servers (and Active Directory) subject to all costs being covered 
@@ -113 +113 @@
         use of any centrally proposed standards, but make all noncompliance the financial responsibility of the 
         out-of-step division. Hopefully, this will encourage all divisions to walk with us and not alone.
-        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Stan</span></td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2611138"></a>Assignment Tasks</h3></div></div></div><p>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Stan</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id377710"></a>Assignment Tasks</h3></div></div></div><p>
                 You agreed with Stan's recommendations and hired a consultant to help defuse the powder
                 keg. The consultant's task is to provide a tractable answer to each of the issues raised. The consultant must be able
                 to support his or her claims, keep emotions to the side, and answer technically.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2611154"></a>Dissection and Discussion</h2></div></div></div><p><a class="indexterm" name="id2611161"></a><a class="indexterm" name="id2611169"></a><a class="indexterm" name="id2611177"></a><a class="indexterm" name="id2611185"></a><a class="indexterm" name="id2611193"></a><a class="indexterm" name="id2611201"></a><a class="indexterm" name="id2611209"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id377723"></a>Dissection and Discussion</h2></div></div></div><p><a class="indexterm" name="id377730"></a><a class="indexterm" name="id377738"></a><a class="indexterm" name="id377746"></a><a class="indexterm" name="id377754"></a><a class="indexterm" name="id377761"></a><a class="indexterm" name="id377769"></a><a class="indexterm" name="id377777"></a>
         Samba-3 is a tool. No one is pounding your door to make you use Samba. That is a choice that you are free to 
         make or reject. It is likely that your decision to use Samba can greatly benefit your company. 
@@ -125 +125 @@
         money saved by not spending in the IT area can be spent elsewhere in the business. All money saved 
         or spent creates employment.
-        </p><p><a class="indexterm" name="id2611230"></a><a class="indexterm" name="id2611238"></a><a class="indexterm" name="id2611246"></a><a class="indexterm" name="id2611254"></a><a class="indexterm" name="id2611262"></a>
+        </p><p><a class="indexterm" name="id377794"></a><a class="indexterm" name="id377802"></a><a class="indexterm" name="id377809"></a><a class="indexterm" name="id377817"></a><a class="indexterm" name="id377825"></a>
         In the long term, the use of Samba must be economically sustainable. In some situations, Samba is adopted
         purely to provide file and print service interoperability on platforms that otherwise cannot provide 
@@ -131 +131 @@
         effect a reduction in the cost of providing IT services. Obviously, it is also used by some as an 
         alternative to the use of a Microsoft file and print serving platforms with no consideration of costs.
-        </p><p><a class="indexterm" name="id2611282"></a><a class="indexterm" name="id2611290"></a><a class="indexterm" name="id2611298"></a><a class="indexterm" name="id2611306"></a>
+        </p><p><a class="indexterm" name="id377841"></a><a class="indexterm" name="id377848"></a><a class="indexterm" name="id377856"></a><a class="indexterm" name="id377864"></a>
         It would be foolish to adopt a technology that might put any data or users at risk. Security affects 
         everyone. The Samba-Team is fully cognizant of the responsibility they have to their users. 
         The Samba documentation clearly reveals that full responsibility is accepted to fix anything 
         that is broken.
-        </p><p><a class="indexterm" name="id2611322"></a><a class="indexterm" name="id2611330"></a><a class="indexterm" name="id2611338"></a><a class="indexterm" name="id2611346"></a><a class="indexterm" name="id2611358"></a><a class="indexterm" name="id2611366"></a><a class="indexterm" name="id2611374"></a><a class="indexterm" name="id2611382"></a><a class="indexterm" name="id2611389"></a><a class="indexterm" name="id2611397"></a><a class="indexterm" name="id2611405"></a>
+        </p><p><a class="indexterm" name="id377878"></a><a class="indexterm" name="id377886"></a><a class="indexterm" name="id377894"></a><a class="indexterm" name="id377902"></a><a class="indexterm" name="id377913"></a><a class="indexterm" name="id377921"></a><a class="indexterm" name="id377929"></a><a class="indexterm" name="id377937"></a><a class="indexterm" name="id377945"></a><a class="indexterm" name="id377952"></a><a class="indexterm" name="id377960"></a>
         There is a mistaken perception in the IT industry that commercial software providers are fully 
         accountable for the defects in products. Open Source software comes with no warranty, so it is 
@@ -144 +144 @@
         commercial software vendors are willingly accountable for product defects. In many cases, the
         commercial vendor accepts liability only to reimburse the price paid for the software. 
-        </p><p><a class="indexterm" name="id2611428"></a><a class="indexterm" name="id2611435"></a><a class="indexterm" name="id2611443"></a><a class="indexterm" name="id2611451"></a><a class="indexterm" name="id2611459"></a><a class="indexterm" name="id2611467"></a>
+        </p><p><a class="indexterm" name="id377977"></a><a class="indexterm" name="id377985"></a><a class="indexterm" name="id377993"></a><a class="indexterm" name="id378001"></a><a class="indexterm" name="id378009"></a><a class="indexterm" name="id378016"></a>
         The real issues that a consumer (like you) needs answered are What is the way of escape from technical 
         problems, and how long will it take? The average problem turnaround time in the Open Source community is 
         approximately 48 hours. What does the EULA offer? What is the track record in the commercial software 
         industry? What happens when your commercial vendor decides to cease providing support?
-        </p><p><a class="indexterm" name="id2611485"></a><a class="indexterm" name="id2611493"></a><a class="indexterm" name="id2611501"></a><a class="indexterm" name="id2611509"></a><a class="indexterm" name="id2611517"></a><a class="indexterm" name="id2611524"></a><a class="indexterm" name="id2611532"></a>
+        </p><p><a class="indexterm" name="id378031"></a><a class="indexterm" name="id378039"></a><a class="indexterm" name="id378047"></a><a class="indexterm" name="id378055"></a><a class="indexterm" name="id378062"></a><a class="indexterm" name="id378070"></a><a class="indexterm" name="id378078"></a>
         Open Source software at least puts you in possession of the source code. This means that when
         all else fails, you can hire a programmer to solve the problem.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2611545"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id378089"></a>Technical Issues</h3></div></div></div><p>
                 Each issue is now discussed and, where appropriate, example implementation steps are
                 provided.
-                </p><div class="variablelist"><dl><dt><span class="term">Winbind and Security</span></dt><dd><p><a class="indexterm" name="id2611566"></a><a class="indexterm" name="id2611574"></a><a class="indexterm" name="id2611582"></a><a class="indexterm" name="id2611593"></a><a class="indexterm" name="id2611601"></a><a class="indexterm" name="id2611609"></a><a class="indexterm" name="id2611617"></a><a class="indexterm" name="id2611625"></a><a class="indexterm" name="id2611633"></a><a class="indexterm" name="id2611641"></a>
+                </p><div class="variablelist"><dl><dt><span class="term">Winbind and Security</span></dt><dd><p><a class="indexterm" name="id378109"></a><a class="indexterm" name="id378117"></a><a class="indexterm" name="id378125"></a><a class="indexterm" name="id378136"></a><a class="indexterm" name="id378144"></a><a class="indexterm" name="id378152"></a><a class="indexterm" name="id378160"></a><a class="indexterm" name="id378168"></a><a class="indexterm" name="id378175"></a><a class="indexterm" name="id378183"></a>
                                 Windows network administrators may be dismayed to find that <code class="literal">winbind</code> 
                                 exposes all domain users so that they may use their domain account credentials to 
@@ -161 +161 @@
                                 UNIX/Linux server in their Network Neighborhood and can browse the shares on the 
                                 server seems to excite them further.
-                                </p><p><a class="indexterm" name="id2611664"></a><a class="indexterm" name="id2611673"></a><a class="indexterm" name="id2611680"></a><a class="indexterm" name="id2611688"></a>
+                                </p><p><a class="indexterm" name="id378204"></a><a class="indexterm" name="id378212"></a><a class="indexterm" name="id378220"></a><a class="indexterm" name="id378227"></a>
                                 <code class="literal">winbind</code> provides for the UNIX/Linux domain member server or 
                                 client, the same as one would obtain by adding a Microsoft Windows server or 
@@ -167 +167 @@
                                 and therefore requires handling a little differently from the familiar Windows systems.
                                 One must recognize fear of the unknown.
-                                </p><p><a class="indexterm" name="id2611711"></a><a class="indexterm" name="id2611719"></a><a class="indexterm" name="id2611727"></a><a class="indexterm" name="id2611735"></a><a class="indexterm" name="id2611743"></a><a class="indexterm" name="id2611755"></a>
+                                </p><p><a class="indexterm" name="id378247"></a><a class="indexterm" name="id378255"></a><a class="indexterm" name="id378263"></a><a class="indexterm" name="id378271"></a><a class="indexterm" name="id378279"></a><a class="indexterm" name="id378290"></a>
                                 Windows network administrators need to recognize that <code class="literal">winbind</code> does
                                 not, and cannot, override account controls set using the Active Directory management
                                 tools. The control is the same. Have no fear.
-                                </p><p><a class="indexterm" name="id2611775"></a><a class="indexterm" name="id2611783"></a><a class="indexterm" name="id2611794"></a><a class="indexterm" name="id2611802"></a><a class="indexterm" name="id2611810"></a><a class="indexterm" name="id2611818"></a><a class="indexterm" name="id2611826"></a><a class="indexterm" name="id2611834"></a><a class="indexterm" name="id2611842"></a><a class="indexterm" name="id2611850"></a>
+                                </p><p><a class="indexterm" name="id378309"></a><a class="indexterm" name="id378317"></a><a class="indexterm" name="id378328"></a><a class="indexterm" name="id378336"></a><a class="indexterm" name="id378344"></a><a class="indexterm" name="id378352"></a><a class="indexterm" name="id378360"></a><a class="indexterm" name="id378368"></a><a class="indexterm" name="id378375"></a><a class="indexterm" name="id378383"></a>
                                 Where Samba and the ADS domain account information obtained through the use of
                                 <code class="literal">winbind</code> permits access, by browsing or by the drive mapping to
@@ -177 +177 @@
                                 controls have not been properly implemented. Samba permits access controls to be set
                                 on:
-                                </p><div class="itemizedlist"><ul type="disc"><li><p>Shares themselves (i.e., the logical share itself)</p></li><li><p>The share definition in <code class="filename">smb.conf</code></p></li><li><p>The shared directories and files using UNIX permissions</p></li><li><p>Using Windows 2000 ACLs  if the file system is POSIX enabled</p></li></ul></div><p>
+                                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Shares themselves (i.e., the logical share itself)</p></li><li class="listitem"><p>The share definition in <code class="filename">smb.conf</code></p></li><li class="listitem"><p>The shared directories and files using UNIX permissions</p></li><li class="listitem"><p>Using Windows 2000 ACLs  if the file system is POSIX enabled</p></li></ul></div><p>
                                 Examples of each are given in <a class="link" href="kerberos.html#ch10expl" title="Implementation">&#8220;Implementation&#8221;</a>.
-                                </p></dd><dt><span class="term">User and Group Controls</span></dt><dd><p><a class="indexterm" name="id2611924"></a><a class="indexterm" name="id2611932"></a><a class="indexterm" name="id2611943"></a><a class="indexterm" name="id2611954"></a><a class="indexterm" name="id2611962"></a><a class="indexterm" name="id2611970"></a><a class="indexterm" name="id2611978"></a><a class="indexterm" name="id2611986"></a><a class="indexterm" name="id2611994"></a>
+                                </p></dd><dt><span class="term">User and Group Controls</span></dt><dd><p><a class="indexterm" name="id378452"></a><a class="indexterm" name="id378460"></a><a class="indexterm" name="id378471"></a><a class="indexterm" name="id378483"></a><a class="indexterm" name="id378490"></a><a class="indexterm" name="id378498"></a><a class="indexterm" name="id378506"></a><a class="indexterm" name="id378514"></a><a class="indexterm" name="id378522"></a>
                                 User and group management facilities as known in the Windows ADS environment may be
                                 used to provide equivalent access control constraints or to provide equivalent
@@ -186 +186 @@
                                 Windows 200x/XP. For example, access controls on a Samba server may be set within
                                 the share definition in a manner for which Windows has no equivalent.
-                                </p><p><a class="indexterm" name="id2612014"></a><a class="indexterm" name="id2612022"></a><a class="indexterm" name="id2612030"></a><a class="indexterm" name="id2612037"></a><a class="indexterm" name="id2612049"></a><a class="indexterm" name="id2612057"></a><a class="indexterm" name="id2612065"></a>
+                                </p><p><a class="indexterm" name="id378537"></a><a class="indexterm" name="id378545"></a><a class="indexterm" name="id378553"></a><a class="indexterm" name="id378561"></a><a class="indexterm" name="id378572"></a><a class="indexterm" name="id378580"></a><a class="indexterm" name="id378588"></a>
                                 In any serious analysis of system security, it is important to examine the safeguards
                                 that remain when all other protective measures fail. An administrator may inadvertently
@@ -194 +194 @@
                                 possible to guard against that by enforcing controls on the share definition itself. You
                                 see a practical example of this a little later in this chapter.
-                                </p><p><a class="indexterm" name="id2612097"></a><a class="indexterm" name="id2612105"></a>
+                                </p><p><a class="indexterm" name="id378610"></a><a class="indexterm" name="id378618"></a>
                                 The report that is critical of Samba really ought to have exercised greater due
                                 diligence: the real weakness is on the side of a Microsoft Windows environment.
-                                </p></dd><dt><span class="term">Security Overall</span></dt><dd><p><a class="indexterm" name="id2612127"></a>
+                                </p></dd><dt><span class="term">Security Overall</span></dt><dd><p><a class="indexterm" name="id378638"></a>
                                 Samba is designed in such a manner that weaknesses inherent in the design of
                                 Microsoft Windows networking ought not to expose the underlying UNIX/Linux file
                                 system in any way. All software has potential defects, and Samba is no exception.
                                 What matters more is how defects that are discovered get dealt with.
-                                </p><p><a class="indexterm" name="id2612144"></a><a class="indexterm" name="id2612151"></a><a class="indexterm" name="id2612159"></a><a class="indexterm" name="id2612167"></a>
+                                </p><p><a class="indexterm" name="id378652"></a><a class="indexterm" name="id378660"></a><a class="indexterm" name="id378668"></a><a class="indexterm" name="id378676"></a>
                                 The Samba Team totally agrees with the necessity to observe and fully implement
                                 every security facility to provide a level of protection and security that is necessary
@@ -209 +209 @@
                                 security be publicly condoned; yet this is the practice by many Windows network
                                 administrators just to make happy users who have no notion of consequential risk.
-                                </p><p><a class="indexterm" name="id2612187"></a><a class="indexterm" name="id2612195"></a><a class="indexterm" name="id2612203"></a><a class="indexterm" name="id2612211"></a><a class="indexterm" name="id2612219"></a><a class="indexterm" name="id2612227"></a><a class="indexterm" name="id2612235"></a>
+                                </p><p><a class="indexterm" name="id378691"></a><a class="indexterm" name="id378699"></a><a class="indexterm" name="id378707"></a><a class="indexterm" name="id378715"></a><a class="indexterm" name="id378723"></a><a class="indexterm" name="id378730"></a><a class="indexterm" name="id378738"></a>
                                 The report condemns Samba for releasing updates and security fixes, yet Microsoft
                                 online updates need to be applied almost weekly. The answer to the criticism 
@@ -215 +215 @@
                                 user needs are being increasingly met or exceeded, and security updates are issued 
                                 with a short turnaround time.
-                                </p><p><a class="indexterm" name="id2612252"></a><a class="indexterm" name="id2612260"></a><a class="indexterm" name="id2612268"></a><a class="indexterm" name="id2612276"></a><a class="indexterm" name="id2612284"></a>
+                                </p><p><a class="indexterm" name="id378753"></a><a class="indexterm" name="id378761"></a><a class="indexterm" name="id378768"></a><a class="indexterm" name="id378776"></a><a class="indexterm" name="id378784"></a>
                                 The release of Samba-4 is expected around late 2004 to early 2005 and involves a near 
                                 complete rewrite to permit extensive modularization and to prepare Samba for new 
@@ -222 +222 @@
                                 degree of dependability and on charter development consistent with published 
                                 roadmap projections.
-                                </p><p><a class="indexterm" name="id2612307"></a><a class="indexterm" name="id2612315"></a><a class="indexterm" name="id2612326"></a><a class="indexterm" name="id2612338"></a><a class="indexterm" name="id2612346"></a><a class="indexterm" name="id2612354"></a><a class="indexterm" name="id2612362"></a>
+                                </p><p><a class="indexterm" name="id378803"></a><a class="indexterm" name="id378811"></a><a class="indexterm" name="id378822"></a><a class="indexterm" name="id378833"></a><a class="indexterm" name="id378841"></a><a class="indexterm" name="id378849"></a><a class="indexterm" name="id378857"></a>
                                 Not well published is the fact that Microsoft was a foundation member of
                                 the Common Internet File System (CIFS) initiative, together with the participation 
@@ -231 +231 @@
                                 CIFS conferences and at the interoperability laboratories run concurrently with
                                 them.
-                                </p></dd><dt><span class="term">Cryptographic Controls (schannel, sign'n'seal)</span></dt><dd><p><a class="indexterm" name="id2612391"></a><a class="indexterm" name="id2612399"></a><a class="indexterm" name="id2612407"></a>
+                                </p></dd><dt><span class="term">Cryptographic Controls (schannel, sign'n'seal)</span></dt><dd><p><a class="indexterm" name="id378881"></a><a class="indexterm" name="id378889"></a><a class="indexterm" name="id378897"></a>
                                 The report correctly mentions that Samba did not support the most recent
                                 <code class="constant">schannel</code> and <code class="constant">digital sign'n'seal</code> features
@@ -239 +239 @@
                                 pathology report  they reflect accurately (at best) status at a snapshot in time.
                                 Meanwhile, the world moves on.
-                                </p><p><a class="indexterm" name="id2612437"></a><a class="indexterm" name="id2612445"></a><a class="indexterm" name="id2612453"></a><a class="indexterm" name="id2612460"></a><a class="indexterm" name="id2612468"></a><a class="indexterm" name="id2612483"></a><a class="indexterm" name="id2612491"></a>
+                                </p><p><a class="indexterm" name="id378923"></a><a class="indexterm" name="id378930"></a><a class="indexterm" name="id378938"></a><a class="indexterm" name="id378946"></a><a class="indexterm" name="id378953"></a><a class="indexterm" name="id378968"></a><a class="indexterm" name="id378976"></a>
                                 It should be pointed out that had clear public specifications for the protocols
                                 been published, it would have been much easier to implement these features and would have
@@ -247 +247 @@
                                 and defensible standards is obvious to all and would have enabled more secure networking
                                 for everyone.
-                                </p><p><a class="indexterm" name="id2612512"></a><a class="indexterm" name="id2612520"></a>
+                                </p><p><a class="indexterm" name="id378992"></a><a class="indexterm" name="id379000"></a>
                                 Critics of Samba often ignore fundamental problems that may plague (or may have plagued)
                                 the users of Microsoft's products also. Those who are first to criticize Samba
@@ -259 +259 @@
                                 Windows networking sites. From notes such as this it is clear that there are benefits
                                 from not rushing new technology out of the door too soon.
-                                </p><p><a class="indexterm" name="id2612560"></a><a class="indexterm" name="id2612568"></a><a class="indexterm" name="id2612576"></a><a class="indexterm" name="id2612584"></a><a class="indexterm" name="id2612592"></a><a class="indexterm" name="id2612600"></a><a class="indexterm" name="id2612608"></a><a class="indexterm" name="id2612616"></a><a class="indexterm" name="id2612624"></a>
+                                </p><p><a class="indexterm" name="id379032"></a><a class="indexterm" name="id379040"></a><a class="indexterm" name="id379048"></a><a class="indexterm" name="id379056"></a><a class="indexterm" name="id379064"></a><a class="indexterm" name="id379072"></a><a class="indexterm" name="id379080"></a><a class="indexterm" name="id379088"></a><a class="indexterm" name="id379096"></a>
                                 One final comment is warranted. If companies want more secure networking protocols,
                                 the most effective method by which this can be achieved is by users seeking
@@ -268 +268 @@
                                 help the consumer to make a better choice.
                                 </p></dd><dt><span class="term">Active Directory Replacement with Kerberos, LDAP, and Samba
-                                        <a class="indexterm" name="id2612649"></a><a class="indexterm" name="id2612661"></a><a class="indexterm" name="id2612669"></a><a class="indexterm" name="id2612677"></a>
+                                        <a class="indexterm" name="id379116"></a><a class="indexterm" name="id379128"></a><a class="indexterm" name="id379136"></a><a class="indexterm" name="id379143"></a>
 
                         </span></dt><dd><p>
@@ -278 +278 @@
                                 and yet by which they are made to interoperate in ways that the components do not
                                 support.
-                                </p><p><a class="indexterm" name="id2612711"></a><a class="indexterm" name="id2612723"></a><a class="indexterm" name="id2612731"></a><a class="indexterm" name="id2612739"></a><a class="indexterm" name="id2612747"></a>
+                                </p><p><a class="indexterm" name="id379174"></a><a class="indexterm" name="id379185"></a><a class="indexterm" name="id379193"></a><a class="indexterm" name="id379201"></a><a class="indexterm" name="id379209"></a>
                                 In order to make the popular request for Samba to be an Active Directory Server a
                                 reality, it is necessary to add to OpenLDAP, Kerberos, as well as Samba, RPC calls
@@ -286 +286 @@
                                 the Samba Team does not make it a priority to absorb Kerberos and LDAP functionality
                                 into the Samba project, this dream request cannot become a reality.
-                                </p><p><a class="indexterm" name="id2612768"></a><a class="indexterm" name="id2612776"></a><a class="indexterm" name="id2612784"></a><a class="indexterm" name="id2612795"></a><a class="indexterm" name="id2612802"></a>
+                                </p><p><a class="indexterm" name="id379225"></a><a class="indexterm" name="id379233"></a><a class="indexterm" name="id379241"></a><a class="indexterm" name="id379252"></a><a class="indexterm" name="id379260"></a>
                                 At this time, the integration of LDAP, Kerberos, and the missing RPCs is not on the
                                 Samba development roadmap. If it is not on the published roadmap, it cannot be delivered
@@ -292 +292 @@
                                 The Samba Team is most committed to permitting Samba to be a full ADS domain member
                                 that is increasingly capable of being managed using Microsoft Windows MMC tools.
-                                </p></dd></dl></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2612822"></a>Kerberos Exposed</h4></div></div></div><p><a class="indexterm" name="id2612829"></a><a class="indexterm" name="id2612837"></a><a class="indexterm" name="id2612845"></a>
+                                </p></dd></dl></div><div class="sect3" title="Kerberos Exposed"><div class="titlepage"><div><div><h4 class="title"><a name="id379276"></a>Kerberos Exposed</h4></div></div></div><p><a class="indexterm" name="id379282"></a><a class="indexterm" name="id379290"></a><a class="indexterm" name="id379298"></a>
         Kerberos is a network authentication protocol that provides secure authentication for 
         client-server applications by using secret-key cryptography. Firewalls are an insufficient 
@@ -298 +298 @@
         traffic but cannot prevent network traffic that comes from authorized locations from 
         performing unauthorized activities.
-        </p><p><a class="indexterm" name="id2612863"></a><a class="indexterm" name="id2612871"></a><a class="indexterm" name="id2612879"></a>
+        </p><p><a class="indexterm" name="id379312"></a><a class="indexterm" name="id379320"></a><a class="indexterm" name="id379328"></a>
         Kerberos was created by MIT as a solution to network security problems. The Kerberos protocol uses 
         strong cryptography so that a client can prove its identity to a server (and vice versa) across an 
@@ -304 +304 @@
         they can also encrypt all of their communications to assure privacy and data integrity as they go 
         about their business.
-        </p><p><a class="indexterm" name="id2612897"></a><a class="indexterm" name="id2612905"></a><a class="indexterm" name="id2612913"></a><a class="indexterm" name="id2612921"></a><a class="indexterm" name="id2612932"></a>
+        </p><p><a class="indexterm" name="id379343"></a><a class="indexterm" name="id379351"></a><a class="indexterm" name="id379359"></a><a class="indexterm" name="id379367"></a><a class="indexterm" name="id379378"></a>
         Kerberos is a trusted third-party service. That means that there is a third party (the kerberos 
         server) that is trusted by all the entities on the network (users and services, usually called 
@@ -311 +311 @@
         trusting the kerberos server, users and services can authenticate each other.
         </p><p>
-        <a class="indexterm" name="id2612952"></a>
-        <a class="indexterm" name="id2612959"></a>
-        <a class="indexterm" name="id2612966"></a>
+        <a class="indexterm" name="id379394"></a>
+        <a class="indexterm" name="id379401"></a>
+        <a class="indexterm" name="id379408"></a>
         Kerberos was, until recently, a technology that was restricted from being exported from the United States.
         For many years that hindered global adoption of more secure networking technologies both within the United States
@@ -323 +323 @@
         and use of Kerberos across the spectrum of the information technology industry.
         </p><p>
-        <a class="indexterm" name="id2612995"></a>
+        <a class="indexterm" name="id379430"></a>
         A storm has broken out concerning interoperability between MIT Kerberos and Microsofts' implementation
         of it. For example, a 2002
         <a class="ulink" href="http://www.idg.com.sg/idgwww.nsf/0/5DDA8D153A7505A748256BAB000D992A?OpenDocument" target="_top">IDG</a>
-        report<sup>[<a name="id2613014" href="#ftn.id2613014" class="footnote">13</a>]</sup> by
+        report<sup>[<a name="id379447" href="#ftn.id379447" class="footnote">13</a>]</sup> by
         states:
         </p><div class="blockquote"><blockquote class="blockquote"><p>
@@ -335 +335 @@
         use of the Kerberos authentication specification, not everyone agrees.
         </p><p>
-        <a class="indexterm" name="id2613041"></a>
+        <a class="indexterm" name="id379470"></a>
         Robert Short, vice president of Windows core technology at Microsoft, wrote in his direct testimony prepared 
         before his appearance that non-Microsoft operating systems can disregard the portion of the Kerberos version 
@@ -343 +343 @@
         that software developers could add their own authorization information, he said.
         </p></blockquote></div><p>
-        <a class="indexterm" name="id2613065"></a>
-        <a class="indexterm" name="id2613071"></a>
+        <a class="indexterm" name="id379488"></a>
+        <a class="indexterm" name="id379494"></a>
         It so happens that Microsoft Windows clients depend on and expect the contents of the <span class="emphasis"><em>unspecified
         fields</em></span> in the Kerberos 5 communications data stream for their Windows interoperability,
@@ -356 +356 @@
         <a class="ulink" href="http://www.microsoft.com/technet/itsolutions/interop/mgmt/kerberos.asp" target="_top">
         technet</a> article:
-        </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id2613106"></a><a class="indexterm" name="id2613118"></a>
+        </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id379523"></a><a class="indexterm" name="id379535"></a>
         The DCE Security Services are also layered on the Kerberos protocol. DCE authentication services use RPC 
         representation of Kerberos protocol messages. In addition, DCE uses the authorization data field in Kerberos 
@@ -364 +364 @@
         is not an issue with Kerberos interoperability, but rather an issue of interoperability between DCE and 
         Windows NT access control information.
-        </p></blockquote></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch10expl"></a>Implementation</h2></div></div></div><p>
+        </p></blockquote></div></div></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch10expl"></a>Implementation</h2></div></div></div><p>
         The following procedures outline the implementation of the security measures discussed so far.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2613169"></a>Share Access Controls</h3></div></div></div><p><a class="indexterm" name="id2613176"></a><a class="indexterm" name="id2613184"></a><a class="indexterm" name="id2613192"></a>
+        </p><div class="sect2" title="Share Access Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id379573"></a>Share Access Controls</h3></div></div></div><p><a class="indexterm" name="id379580"></a><a class="indexterm" name="id379588"></a><a class="indexterm" name="id379596"></a>
         Access control entries placed on the share itself act as a filter at the time a when CIFS/SMB client (such as
         Windows XP Pro) attempts to make a connection to the Samba server.
-        </p><div class="procedure"><a name="id2613205"></a><p class="title"><b>Procedure 11.1. Create/Edit/Delete Share ACLs</b></p><ol type="1"><li><p><a class="indexterm" name="id2613216"></a><a class="indexterm" name="id2613224"></a>
+        </p><div class="procedure" title="Procedure 11.1. Create/Edit/Delete Share ACLs"><a name="id379607"></a><p class="title"><b>Procedure 11.1. Create/Edit/Delete Share ACLs</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id379617"></a><a class="indexterm" name="id379625"></a>
                 From a Windows 200x/XP Professional workstation, log on to the domain using the Domain Administrator 
                 account (on Samba domains, this is usually the account called <code class="constant">root</code>).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Click 
                 <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Control Panel</span> &#8594; <span class="guimenuitem">Administrative Tools</span> &#8594; <span class="guimenuitem">Computer Management</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 In the left panel,
                 <span class="guimenu">[Right mouse menu item] Computer Management (Local)</span> &#8594; <span class="guimenuitem">Connect to another computer ...</span> &#8594; <span class="guimenuitem">Browse...</span> &#8594; <span class="guimenuitem">Advanced</span> &#8594; <span class="guimenuitem">Find Now</span>. In the lower panel, click on the name of the server you wish to
-                administer. Click <span class="guimenu">OK</span> &#8594; <span class="guimenuitem">OK</span> &#8594; <span class="guimenuitem">OK</span>.<a class="indexterm" name="id2613347"></a>
+                administer. Click <span class="guimenu">OK</span> &#8594; <span class="guimenuitem">OK</span> &#8594; <span class="guimenuitem">OK</span>.<a class="indexterm" name="id379745"></a>
                 In the left panel, the entry <span class="guimenu">Computer Management (Local)</span> should now reflect
                 the change made. For example, if the server you are administering is called <code class="constant">FRODO</code>,
                 the Computer Management entry should now say <span class="guimenu">Computer Management (FRODO)</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 In the left panel, click <span class="guimenu">Computer Management (FRODO)</span> &#8594; <span class="guimenuitem">[+] Shared Folders</span> &#8594; <span class="guimenuitem">Shares</span>.
-                </p></li><li><p><a class="indexterm" name="id2613411"></a><a class="indexterm" name="id2613419"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id379806"></a><a class="indexterm" name="id379814"></a>
                 In the right panel, double-click on the share on which you wish to set/edit ACLs. This
                 will bring up the Properties panel. Click the <span class="guimenu">Share Permissions</span> tab.
-                </p></li><li><p><a class="indexterm" name="id2613442"></a><a class="indexterm" name="id2613450"></a><a class="indexterm" name="id2613458"></a><a class="indexterm" name="id2613466"></a><a class="indexterm" name="id2613474"></a><a class="indexterm" name="id2613482"></a>
+                </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id379836"></a><a class="indexterm" name="id379844"></a><a class="indexterm" name="id379852"></a><a class="indexterm" name="id379860"></a><a class="indexterm" name="id379868"></a><a class="indexterm" name="id379875"></a>
                 You may now edit/add/remove access control settings. Be very careful. Many problems have been
                 created by people who decided that everyone should be rejected but one particular group should
@@ -393 +393 @@
                 belong to the group <code class="constant">Everyone</code>, which therefore overrules any permissions
                 set for the permitted group.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 When you are done with editing, close all panels by clicking through the <span class="guimenu">OK</span>
                 buttons.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2613518"></a>Share Definition Controls</h3></div></div></div><p><a class="indexterm" name="id2613525"></a><a class="indexterm" name="id2613536"></a><a class="indexterm" name="id2613544"></a><a class="indexterm" name="id2613552"></a><a class="indexterm" name="id2613560"></a><a class="indexterm" name="id2613568"></a>
+                </p></li></ol></div></div><div class="sect2" title="Share Definition Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id379908"></a>Share Definition Controls</h3></div></div></div><p><a class="indexterm" name="id379914"></a><a class="indexterm" name="id379926"></a><a class="indexterm" name="id379934"></a><a class="indexterm" name="id379942"></a><a class="indexterm" name="id379949"></a><a class="indexterm" name="id379957"></a>
         Share-definition-based access controls can be used like a checkpoint or like a pile-driver. Just as a
         checkpoint can be used to require someone who wants to get through to meet certain requirements, so
@@ -403 +403 @@
         credential-related objectives, the user can be granted powers and privileges that would not normally be 
         available under default settings.
-        </p><p><a class="indexterm" name="id2613588"></a><a class="indexterm" name="id2613596"></a><a class="indexterm" name="id2613604"></a><a class="indexterm" name="id2613612"></a>
+        </p><p><a class="indexterm" name="id379973"></a><a class="indexterm" name="id379981"></a><a class="indexterm" name="id379989"></a><a class="indexterm" name="id379997"></a>
         It must be emphasized that the controls discussed here can act as a filter or give rights of passage
         that act as a superstructure over normal directory and file access controls. However, share-level
@@ -409 +409 @@
         share-level controls to get to the share-definition controls. The proper hierarchy of controls implemented
         by Samba and Windows networking consists of:
-        </p><div class="orderedlist"><ol type="1"><li><p>Share-level ACLs</p></li><li><p>Share-definition controls</p></li><li><p>Directory and file permissions</p></li><li><p>Directory and file POSIX ACLs</p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2613658"></a>Checkpoint Controls</h4></div></div></div><p><a class="indexterm" name="id2613664"></a>
+        </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Share-level ACLs</p></li><li class="listitem"><p>Share-definition controls</p></li><li class="listitem"><p>Directory and file permissions</p></li><li class="listitem"><p>Directory and file POSIX ACLs</p></li></ol></div><div class="sect3" title="Checkpoint Controls"><div class="titlepage"><div><div><h4 class="title"><a name="id380037"></a>Checkpoint Controls</h4></div></div></div><p><a class="indexterm" name="id380044"></a>
         Consider the following extract from a <code class="filename">smb.conf</code> file defining the share called <code class="constant">Apps</code>:
 </p><pre class="screen">
@@ -420 +420 @@
         This definition permits only those who are members of the group called <code class="constant">Employees</code> to 
         access the share.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p><a class="indexterm" name="id2613700"></a><a class="indexterm" name="id2613711"></a><a class="indexterm" name="id2613720"></a><a class="indexterm" name="id2613728"></a><a class="indexterm" name="id2613735"></a>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p><a class="indexterm" name="id380077"></a><a class="indexterm" name="id380088"></a><a class="indexterm" name="id380096"></a><a class="indexterm" name="id380104"></a><a class="indexterm" name="id380112"></a>
         On domain member servers and clients, even when the <em class="parameter"><code>winbind use default domain</code></em> has
         been specified, the use of domain accounts in security controls requires fully qualified domain specification,
@@ -426 +426 @@
         Note the necessity to use the double quotes to avoid having the space in the Windows group name interpreted as a
         delimiter. 
-        </p></div><p><a class="indexterm" name="id2613771"></a><a class="indexterm" name="id2613778"></a><a class="indexterm" name="id2613786"></a>
+        </p></div><p><a class="indexterm" name="id380145"></a><a class="indexterm" name="id380152"></a><a class="indexterm" name="id380160"></a>
         If there is an ACL on the share itself to permit read/write access for all <code class="constant">Employees</code>
         as well as read/write for the group <code class="constant">Doctors</code>, both groups are permitted through
@@ -432 +432 @@
         the group <code class="constant">Doctors</code>, who is not also a member of the group <code class="constant">Employees</code>,
         would immediately fail to validate.
-        </p><p><a class="indexterm" name="id2613817"></a>
+        </p><p><a class="indexterm" name="id380188"></a>
         Consider another example. In this case, you want to permit all members of the group <code class="constant">Employees</code>
         except the user <code class="constant">patrickj</code> to access the <code class="constant">Apps</code> share. This can be
@@ -445 +445 @@
         invalid users = patrickj
 </pre><p>
-            <a class="indexterm" name="id2613858"></a>
+            <a class="indexterm" name="id380224"></a>
         Let us assume that you want to permit the user <code class="constant">gbshaw</code> to manage any file in the
         UNIX/Linux file system directory <code class="filename">/data/apps</code>, but you do not want to grant any write
@@ -457 +457 @@
         admin users = gbshaw
 </pre><p>
-            <a class="indexterm" name="id2613888"></a>
+            <a class="indexterm" name="id380251"></a>
         Now we have a set of controls that permits only <code class="constant">Employees</code> who are also members of
         the group <code class="constant">Doctors</code>, excluding the user <code class="constant">patrickj</code>, to have 
@@ -479 +479 @@
         write list = peters
 </pre><p>
-            <a class="indexterm" name="id2613948"></a>
+            <a class="indexterm" name="id380303"></a>
         This is a particularly complex example at this point, but it begins to demonstrate the possibilities.
         You should refer to the online manual page for the <code class="filename">smb.conf</code> file for more information regarding
         the checkpoint controls that Samba implements.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2613970"></a>Override Controls</h4></div></div></div><p><a class="indexterm" name="id2613977"></a>
+        </p></div><div class="sect3" title="Override Controls"><div class="titlepage"><div><div><h4 class="title"><a name="id380322"></a>Override Controls</h4></div></div></div><p><a class="indexterm" name="id380328"></a>
         Override controls implemented by Samba permit actions like the adoption of a different identity 
         during file system operations, the forced overwriting of normal file and directory permissions,
@@ -501 +501 @@
         force group = Mentors
 </pre><p>
-            <a class="indexterm" name="id2614020"></a><a class="indexterm" name="id2614028"></a>
+            <a class="indexterm" name="id380366"></a><a class="indexterm" name="id380374"></a>
         That is all there is to it. Well, it is almost that simple. The downside of this method is that
         users are logged onto the Windows client as themselves, and then immediately before accessing the
@@ -508 +508 @@
         This imposes significant overhead on Samba. The alternative way to effectively achieve the same result
         (but with lower system CPU overheads) is described next.
-        </p><p><a class="indexterm" name="id2614049"></a><a class="indexterm" name="id2614057"></a><a class="indexterm" name="id2614065"></a><a class="indexterm" name="id2614076"></a><a class="indexterm" name="id2614084"></a>
+        </p><p><a class="indexterm" name="id380389"></a><a class="indexterm" name="id380397"></a><a class="indexterm" name="id380405"></a><a class="indexterm" name="id380416"></a><a class="indexterm" name="id380424"></a>
         The use of the <em class="parameter"><code>force user</code></em> or the <em class="parameter"><code>force group</code></em> may
         also have a severe impact on system (particularly on Windows client) performance. If opportunistic
@@ -518 +518 @@
         apparent performance degradation as the client continually attempts to reconnect to overcome the
         effect of the lost <code class="constant">oplock break</code>, or time-out.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2614131"></a>Share Point Directory and File Permissions</h3></div></div></div><p><a class="indexterm" name="id2614138"></a><a class="indexterm" name="id2614146"></a><a class="indexterm" name="id2614154"></a><a class="indexterm" name="id2614162"></a>
+        </p></div></div><div class="sect2" title="Share Point Directory and File Permissions"><div class="titlepage"><div><div><h3 class="title"><a name="id380465"></a>Share Point Directory and File Permissions</h3></div></div></div><p><a class="indexterm" name="id380472"></a><a class="indexterm" name="id380480"></a><a class="indexterm" name="id380488"></a><a class="indexterm" name="id380496"></a>
         Samba has been designed and implemented so that it respects as far as is feasible the security and
         user privilege controls that are built into the UNIX/Linux operating system. Samba does nothing
@@ -526 +526 @@
         from a basic UNIX training guide. Instead, one common example of a typical problem is used
         to demonstrate the most effective solution referred to in the immediately preceding paragraph.
-        </p><p><a class="indexterm" name="id2614185"></a><a class="indexterm" name="id2614193"></a><a class="indexterm" name="id2614201"></a>
+        </p><p><a class="indexterm" name="id380512"></a><a class="indexterm" name="id380520"></a><a class="indexterm" name="id380528"></a>
         One of the common issues that repeatedly pops up on the Samba mailing lists involves the saving of
         Microsoft Office files (Word and Excel) to a network drive. Here is the typical sequence:
-        </p><div class="orderedlist"><ol type="1"><li><p>
+        </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
                 A user opens a Word document from a network drive. The file was owned by user <code class="constant">janetp</code>
                 and <code class="constant">users</code>, and was set read/write-enabled for everyone.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 File changes and edits are made.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The file is saved, and MS Word is closed.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The file is now owned by the user <code class="constant">billc</code> and group <code class="constant">doctors</code>,
                 and is set read/write by <code class="constant">billc</code>, read-only by <code class="constant">doctors</code>, and
                 no access by everyone.
-                </p></li><li><p>
-                The original owner cannot now access her own file and is &#8220;<span class="quote">justifiably</span>&#8221; upset.
+                </p></li><li class="listitem"><p>
+                The original owner cannot now access her own file and is <span class="quote">&#8220;<span class="quote">justifiably</span>&#8221;</span> upset.
                 </p></li></ol></div><p>
         There have been many postings over the years that report the same basic problem. Frequently Samba users
-        want to know when this &#8220;<span class="quote">bug</span>&#8221; will be fixed. The fact is, this is not a bug in Samba at all.
+        want to know when this <span class="quote">&#8220;<span class="quote">bug</span>&#8221;</span> will be fixed. The fact is, this is not a bug in Samba at all.
         Here is the real sequence of what happens in this case.
-        </p><p><a class="indexterm" name="id2614288"></a><a class="indexterm" name="id2614296"></a><a class="indexterm" name="id2614304"></a>
+        </p><p><a class="indexterm" name="id380609"></a><a class="indexterm" name="id380617"></a><a class="indexterm" name="id380624"></a>
         When the user saves a file, MS Word creates a new (temporary) file. This file is naturally owned
         by the user who creates the file (<code class="constant">billc</code>) and has the permissions that follow
@@ -559 +559 @@
         operations.
         </p><p>
-        The question is, &#8220;<span class="quote">How can we solve the problem?</span>&#8221;
+        The question is, <span class="quote">&#8220;<span class="quote">How can we solve the problem?</span>&#8221;</span>
         </p><p>
         The solution is simple. Use UNIX file system permissions and controls to your advantage. Follow these
         simple steps to create a share in which all files will consistently be owned by the same user and the
         same group:
-        </p><div class="procedure"><a name="id2614351"></a><p class="title"><b>Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership"><a name="id380661"></a><p class="title"><b>Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Change your share definition so that it matches this pattern:
 </p><pre class="screen">
@@ -572 +572 @@
         read only = No
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2614377"></a><a class="indexterm" name="id2614388"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id380685"></a><a class="indexterm" name="id380696"></a>
                 Set consistent user and group permissions recursively down the directory tree as shown here:
 </p><pre class="screen">
 <code class="prompt">root# </code> chown -R janetp.users /usr/data/finance
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2614420"></a>
+                </p></li><li class="step" title="Step 3"><p><a class="indexterm" name="id380727"></a>
                 Set the files and directory permissions to be read/write for owner and group, and not accessible
                 to others (everyone), using the following command:
@@ -583 +583 @@
 <code class="prompt">root# </code> chmod ug+rwx,o-rwx /usr/data/finance
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2614449"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id380754"></a>
                 Set the SGID (supergroup) bit on all directories from the top down. This means all files 
                 can be created with the permissions of the group set on the directory. It means all users 
@@ -593 +593 @@
 </pre><p>
 
-                </p></li><li><p><a class="indexterm" name="id2614489"></a><a class="indexterm" name="id2614497"></a><a class="indexterm" name="id2614505"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id380791"></a><a class="indexterm" name="id380799"></a><a class="indexterm" name="id380807"></a>
                 Make sure all users that must have read/write access to the directory have 
                 <code class="constant">finance</code> group membership as their primary group, 
                 for example, the group they belong to in <code class="filename">/etc/passwd</code>.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2614530"></a>Managing Windows 200x ACLs</h3></div></div></div><p><a class="indexterm" name="id2614537"></a><a class="indexterm" name="id2614545"></a><a class="indexterm" name="id2614553"></a><a class="indexterm" name="id2614561"></a>
+                </p></li></ol></div></div><div class="sect2" title="Managing Windows 200x ACLs"><div class="titlepage"><div><div><h3 class="title"><a name="id380830"></a>Managing Windows 200x ACLs</h3></div></div></div><p><a class="indexterm" name="id380837"></a><a class="indexterm" name="id380845"></a><a class="indexterm" name="id380853"></a><a class="indexterm" name="id380860"></a>
         Samba must translate Windows 2000 ACLs to UNIX POSIX ACLs. This has some interesting side effects because
         there is not a one-to-one equivalence between them. The as-close-as-possible ACLs match means
@@ -605 +605 @@
         There are two possible ways to set ACLs on UNIX/Linux file systems from a Windows network workstation,
         either via File Manager or via the Microsoft Management Console (MMC) Computer Management interface.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2614585"></a>Using the MMC Computer Management Interface</h4></div></div></div><div class="procedure"><ol type="1"><li><p>
+        </p><div class="sect3" title="Using the MMC Computer Management Interface"><div class="titlepage"><div><div><h4 class="title"><a name="id380879"></a>Using the MMC Computer Management Interface</h4></div></div></div><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 From a Windows 200x/XP Professional workstation, log on to the domain using the Domain Administrator 
                 account (on Samba domains, this is usually the account called <code class="constant">root</code>).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Click 
                 <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Control Panel</span> &#8594; <span class="guimenuitem">Administrative Tools</span> &#8594; <span class="guimenuitem">Computer Management</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 In the left panel,
                 <span class="guimenu">[Right mouse menu item] Computer Management (Local)</span> &#8594; <span class="guimenuitem">Connect to another computer ...</span> &#8594; <span class="guimenuitem">Browse...</span> &#8594; <span class="guimenuitem">Advanced</span> &#8594; <span class="guimenuitem">Find Now</span>. In the lower panel, click on the name of the server you wish to
@@ -618 +618 @@
                 the change made. For example, if the server you are administering is called <code class="constant">FRODO</code>,
                 the Computer Management entry should now say: <span class="guimenu">Computer Management (FRODO)</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 In the left panel, click <span class="guimenu">Computer Management (FRODO)</span> &#8594; <span class="guimenuitem">[+] Shared Folders</span> &#8594; <span class="guimenuitem">Shares</span>.
-                </p></li><li><p><a class="indexterm" name="id2614768"></a><a class="indexterm" name="id2614776"></a><a class="indexterm" name="id2614783"></a><a class="indexterm" name="id2614791"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id381056"></a><a class="indexterm" name="id381064"></a><a class="indexterm" name="id381072"></a><a class="indexterm" name="id381080"></a>
                 In the right panel, double-click on the share on which you wish to set/edit ACLs. This
                 brings up the Properties panel. Click the <span class="guimenu">Security</span> tab. It is best
@@ -627 +627 @@
                 functionality under the <code class="constant">Permissions</code> tab can be utilized with respect 
                 to a Samba domain server.
-                </p></li><li><p><a class="indexterm" name="id2614831"></a><a class="indexterm" name="id2614839"></a>
+                </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id381116"></a><a class="indexterm" name="id381124"></a>
                 You may now edit/add/remove access control settings. Be very careful. Many problems have been
                 created by people who decided that everyone should be rejected but one particular group should
@@ -633 +633 @@
                 belong to the group <code class="constant">Everyone</code>, which therefore overrules any permissions
                 set for the permitted group.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 When you are done with editing, close all panels by clicking through the <span class="guimenu">OK</span>
                 buttons until the last panel closes.
-                </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2614876"></a>Using MS Windows Explorer (File Manager)</h4></div></div></div><p>
+                </p></li></ol></div></div><div class="sect3" title="Using MS Windows Explorer (File Manager)"><div class="titlepage"><div><div><h4 class="title"><a name="id381156"></a>Using MS Windows Explorer (File Manager)</h4></div></div></div><p>
         The following alternative method may be used from a Windows workstation. In this example we work
         with a domain called <code class="constant">MEGANET</code>, a server called <code class="constant">MASSIVE</code>, and a
         share called <code class="constant">Apps</code>. The underlying UNIX/Linux share point for this share is
         <code class="filename">/data/apps</code>.
-        </p><div class="procedure"><ol type="1"><li><p>
+        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">[right-click] My Computer</span> &#8594; <span class="guimenuitem">Explore</span> &#8594; <span class="guimenuitem">[left panel] [+] My Network Places</span> &#8594; <span class="guimenuitem">[+] Entire Network</span> &#8594; <span class="guimenuitem">[+] Microsoft Windows Network</span> &#8594; <span class="guimenuitem">[+] Meganet</span> &#8594; <span class="guimenuitem">[+] Massive</span> &#8594; <span class="guimenuitem">[right-click] Apps</span> &#8594; <span class="guimenuitem">Properties</span> &#8594; <span class="guimenuitem">Security</span> &#8594; <span class="guimenuitem">Advanced</span>. This opens a panel that has four tabs. Only the functionality under the 
                 <code class="constant">Permissions</code> tab can be utilized for a Samba domain server.
-                </p></li><li><p><a class="indexterm" name="id2615000"></a><a class="indexterm" name="id2615008"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id381277"></a><a class="indexterm" name="id381285"></a>
                 You may now edit/add/remove access control settings. Be very careful. Many problems have been
                 created by people who decided that everyone should be rejected but one particular group should
@@ -650 +650 @@
                 belong to the group <code class="constant">Everyone</code>, which therefore overrules any permissions
                 set for the permitted group.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 When you are done with editing, close all panels by clicking through the <span class="guimenu">OK</span>
                 buttons until the last panel closes.
-                </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2615047"></a>Setting Posix ACLs in UNIX/Linux</h4></div></div></div><p><a class="indexterm" name="id2615054"></a><a class="indexterm" name="id2615062"></a>
+                </p></li></ol></div></div><div class="sect3" title="Setting Posix ACLs in UNIX/Linux"><div class="titlepage"><div><div><h4 class="title"><a name="id381318"></a>Setting Posix ACLs in UNIX/Linux</h4></div></div></div><p><a class="indexterm" name="id381325"></a><a class="indexterm" name="id381333"></a>
         Yet another alternative method for setting desired security settings on the shared resource files and
         directories can be achieved by logging into UNIX/Linux and setting POSIX ACLs directly using command-line
         tools. Here is an example session on the same resource as in the immediately preceding example on a SUSE 9
         Linux system:
-        </p><div class="procedure"><ol type="1"><li><p>
+        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Log into the Linux system as the user <code class="constant">root</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Change directory to the location of the exported (shared) Windows file share (Apps), which is in
                 the directory <code class="filename">/data</code>. Execute the following:
@@ -676 +676 @@
 other::r-x
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2615136"></a>
+                </p></li><li class="step" title="Step 3"><p><a class="indexterm" name="id381401"></a>
                 You want to add permission for <code class="constant">AppsMgrs</code> to enable them to
                 manage the applications (apps) share. It is important to set the ACL recursively
@@ -699 +699 @@
 </pre><p>
                 This confirms that the change of POSIX ACL permissions has been effective.
-                </p></li><li><p><a class="indexterm" name="id2615192"></a><a class="indexterm" name="id2615199"></a><a class="indexterm" name="id2615207"></a><a class="indexterm" name="id2615215"></a><a class="indexterm" name="id2615223"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id381451"></a><a class="indexterm" name="id381459"></a><a class="indexterm" name="id381467"></a><a class="indexterm" name="id381475"></a><a class="indexterm" name="id381483"></a>
                 It is highly recommended that you read the online manual page for the <code class="literal">setfacl</code>
                 and <code class="literal">getfacl</code> commands. This provides information regarding how to set/read the default
                 ACLs and how that may be propagated through the directory tree. In Windows ACLs terms, this is the equivalent
                 of setting <code class="constant">inheritance</code> properties.
-                </p></li></ol></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2615257"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id381514"></a>Key Points Learned</h3></div></div></div><p>
                 The mish-mash of issues were thrown together into one chapter because it seemed like a good idea.
                 Looking back, this chapter could be broken into two, but it's too late now. It has been done.
                 The highlights covered are as follows:
-                </p><div class="itemizedlist"><ul type="disc"><li><p><a class="indexterm" name="id2615274"></a><a class="indexterm" name="id2615282"></a><a class="indexterm" name="id2615290"></a><a class="indexterm" name="id2615298"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id381529"></a><a class="indexterm" name="id381537"></a><a class="indexterm" name="id381545"></a><a class="indexterm" name="id381553"></a>
                         Winbind honors and does not override account controls set in Active Directory.
                         This means that password change, logon hours, and so on, are (or soon will be) enforced
@@ -714 +714 @@
                         change is enforced. At this time, if logon hours expire, the user is not forcibly
                         logged off. That may be implemented at some later date.
-                        </p></li><li><p><a class="indexterm" name="id2615317"></a><a class="indexterm" name="id2615325"></a>
+                        </p></li><li class="listitem"><p><a class="indexterm" name="id381568"></a><a class="indexterm" name="id381576"></a>
                         Sign'n'seal (plus schannel support) has been implemented in Samba-3. Beware of potential
                         problems acknowledged by Microsoft as having been fixed but reported by some as still
                         possibly an open issue.
-                        </p></li><li><p><a class="indexterm" name="id2615341"></a><a class="indexterm" name="id2615349"></a><a class="indexterm" name="id2615356"></a><a class="indexterm" name="id2615364"></a>
+                        </p></li><li class="listitem"><p><a class="indexterm" name="id381590"></a><a class="indexterm" name="id381598"></a><a class="indexterm" name="id381606"></a><a class="indexterm" name="id381614"></a>
                         The combination of Kerberos 5, plus OpenLDAP, plus Samba, cannot replace Microsoft
                         Active Directory. The possibility to do this is not planned in the current Samba-3
                         roadmap. Samba-3 does aim to provide further improvements in interoperability so that
                         UNIX/Linux systems may be fully integrated into Active Directory domains.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         This chapter reviewed mechanisms by which Samba servers may be kept secure. Each of
                         the four key methodologies was reviewed with specific reference to example deployment
                         techniques.
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2615391"></a>Questions and Answers</h2></div></div></div><p>
-        </p><div class="qandaset"><dl><dt> <a href="kerberos.html#id2615407">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id381636"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id381645"></a><dl><dt> <a href="kerberos.html#id381651">
                 Does Samba-3 require the Sign'n'seal registry hacks needed by Samba-2?
-                </a></dt><dt> <a href="kerberos.html#id2615477">
+                </a></dt><dt> <a href="kerberos.html#id381720">
                 Does Samba-3 support Active Directory?
-                </a></dt><dt> <a href="kerberos.html#id2615508">
+                </a></dt><dt> <a href="kerberos.html#id381747">
                 When Samba-3 is used with Active Directory, is it necessary to run mixed-mode operation, as was
                 necessary with Samba-2?
-                </a></dt><dt> <a href="kerberos.html#id2615547">
+                </a></dt><dt> <a href="kerberos.html#id381782">
                 Is it safe to set share-level access controls in Samba?
-                </a></dt><dt> <a href="kerberos.html#id2615576">
+                </a></dt><dt> <a href="kerberos.html#id381809">
                 Is it mandatory to set share ACLs to get a secure Samba-3 server?
-                </a></dt><dt> <a href="kerberos.html#id2615653">
+                </a></dt><dt> <a href="kerberos.html#id381882">
                 The valid users did not work on the [homes].
                 Has this functionality been restored yet?
-                </a></dt><dt> <a href="kerberos.html#id2615719">
+                </a></dt><dt> <a href="kerberos.html#id381944">
                 Is the bias against use of the force user and force group
                 really warranted?
-                </a></dt><dt> <a href="kerberos.html#id2615782">
+                </a></dt><dt> <a href="kerberos.html#id382006">
                 The example given for file and directory access control forces all files to be owned by one
                 particular user. I do not like that. Is there any way I can see who created the file?
-                </a></dt><dt> <a href="kerberos.html#id2615830">
+                </a></dt><dt> <a href="kerberos.html#id382050">
                 In the book, &#8220;The Official Samba-3 HOWTO and Reference Guide&#8221;, you recommended use
                 of the Windows NT4 Server Manager (part of the SRVTOOLS.EXE) utility. Why
                 have you mentioned only the use of the Windows 200x/XP MMC Computer Management utility?
-                </a></dt><dt> <a href="kerberos.html#id2615896">
+                </a></dt><dt> <a href="kerberos.html#id382110">
                 I tried to set valid users = @Engineers, but it does not work. My Samba
                 server is an Active Directory domain member server. Has this been fixed now?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2615407"></a><a name="id2615409"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615412"></a><a class="indexterm" name="id2615420"></a>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id381651"></a><a name="id381654"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381657"></a><a class="indexterm" name="id381665"></a>
                 Does Samba-3 require the <code class="constant">Sign'n'seal</code> registry hacks needed by Samba-2?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615440"></a><a class="indexterm" name="id2615447"></a><a class="indexterm" name="id2615455"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381683"></a><a class="indexterm" name="id381691"></a><a class="indexterm" name="id381699"></a>
                 No. Samba-3 fully supports <code class="constant">Sign'n'seal</code> as well as <code class="constant">schannel</code>
                 operation. The registry change should not be applied when Samba-3 is used as a domain controller.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615477"></a><a name="id2615480"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381720"></a><a name="id381722"></a></td><td align="left" valign="top"><p>
                 Does Samba-3 support Active Directory?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615490"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381732"></a>
                 Yes. Samba-3 can be a fully participating native mode Active Directory client. Samba-3 does not
                 provide Active Directory services. It cannot be used to replace a Microsoft Active Directory
                 server implementation. Samba-3 can function as an Active Directory client (workstation) toolkit,
                 and it can function as an Active Directory domain member server.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615508"></a><a name="id2615511"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615514"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381747"></a><a name="id381749"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381752"></a>
                 When Samba-3 is used with Active Directory, is it necessary to run mixed-mode operation, as was
                 necessary with Samba-2?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615530"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381768"></a>
                 No. Samba-3 can be used with NetBIOS over TCP/IP disabled, just as can be done with Windows 200x
                 Server and 200x/XPPro client products. It is no longer necessary to run mixed-mode operation,
                 because Samba-3 can join a native Windows 2003 Server ADS domain.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615547"></a><a name="id2615549"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615552"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381782"></a><a name="id381785"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381788"></a>
                 Is it safe to set share-level access controls in Samba?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -780 +780 @@
                 very mature technology. Not enough sites make use of this powerful capability, neither on
                 Windows server or with Samba servers.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615576"></a><a name="id2615578"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615582"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381809"></a><a name="id381811"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381814"></a>
                 Is it mandatory to set share ACLs to get a secure Samba-3 server?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615597"></a><a class="indexterm" name="id2615605"></a><a class="indexterm" name="id2615613"></a><a class="indexterm" name="id2615622"></a><a class="indexterm" name="id2615630"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381829"></a><a class="indexterm" name="id381837"></a><a class="indexterm" name="id381845"></a><a class="indexterm" name="id381853"></a><a class="indexterm" name="id381861"></a>
                 No. Samba-3 honors UNIX/Linux file system security, supports Windows 200x ACLs, and provides 
                 means of securing shares through share definition controls in the <code class="filename">smb.conf</code> file. The additional
                 support for share-level ACLs is like frosting on the cake. It adds to security but is not essential
                 to it.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615653"></a><a name="id2615655"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615658"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381882"></a><a name="id381884"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381887"></a>
                 The <em class="parameter"><code>valid users</code></em> did not work on the <em class="parameter"><code>[homes]</code></em>.
                 Has this functionality been restored yet?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615686"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381914"></a>
                 Yes. This was fixed in Samba-3.0.2. The use of this parameter is strongly recommended as a safeguard
                 on the <em class="parameter"><code>[homes]</code></em> meta-service. The correct way to specify this is:
                 <a class="link" href="smb.conf.5.html#VALIDUSERS" target="_top">valid users = %S</a>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615719"></a><a name="id2615721"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615724"></a><a class="indexterm" name="id2615732"></a><a class="indexterm" name="id2615740"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381944"></a><a name="id381947"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381950"></a><a class="indexterm" name="id381958"></a><a class="indexterm" name="id381966"></a>
                 Is the bias against use of the <em class="parameter"><code>force user</code></em> and <em class="parameter"><code>force group</code></em>
                 really warranted?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615767"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381992"></a>
                 There is no bias. There is a determination to recommend the right tool for the task at hand.
                 After all, it is better than putting users through performance problems, isn't it?
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615782"></a><a name="id2615784"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id382006"></a><a name="id382008"></a></td><td align="left" valign="top"><p>
                 The example given for file and directory access control forces all files to be owned by one
                 particular user. I do not like that. Is there any way I can see who created the file?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615797"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id382019"></a>
                 Sure. You do not have to set the SUID bit on the directory. Simply execute the following command
                 to permit file ownership to be retained by the user who created it:
@@ -811 +811 @@
                 Note that this required no more than removing the <code class="constant">u</code> argument so that the
                 SUID bit is not set for the owner.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615830"></a><a name="id2615832"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615835"></a>
-                In the book, &#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide</span>&#8221;, you recommended use
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id382050"></a><a name="id382052"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id382055"></a>
+                In the book, <span class="quote">&#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide</span>&#8221;</span>, you recommended use
                 of the Windows NT4 Server Manager (part of the <code class="filename">SRVTOOLS.EXE</code>) utility. Why
                 have you mentioned only the use of the Windows 200x/XP MMC Computer Management utility?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2615863"></a><a class="indexterm" name="id2615870"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id382081"></a><a class="indexterm" name="id382088"></a>
                 Either tool can be used with equal effect. There is no benefit of one over the other, except that
                 the MMC utility is present on all Windows 200x/XP systems and does not require additional software
@@ -821 +821 @@
                 Samba-controlled domain, the only tool that permits that is the NT4 Domain User Manager, which
                 is provided as part of the <code class="filename">SRVTOOLS.EXE</code> utility.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2615896"></a><a name="id2615898"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2615902"></a><a class="indexterm" name="id2615909"></a><a class="indexterm" name="id2615917"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id382110"></a><a name="id382112"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id382116"></a><a class="indexterm" name="id382123"></a><a class="indexterm" name="id382130"></a>
                 I tried to set <em class="parameter"><code>valid users = @Engineers</code></em>, but it does not work. My Samba
                 server is an Active Directory domain member server. Has this been fixed now?
@@ -827 +827 @@
                 The use of this parameter has always required the full specification of the domain account, for
                 example, <em class="parameter"><code>valid users = @"MEGANET2\Domain Admins"</code></em>.
-                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2610604" href="#id2610604" class="para">12</a>] </sup>This report is entirely fictitious. 
-                        Any resemblance to a factual report is purely coincidental.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2613014" href="#id2613014" class="para">13</a>] </sup>Note: This link is no longer active. The same article is still
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id377221" href="#id377221" class="para">12</a>] </sup>This report is entirely fictitious. 
+                        Any resemblance to a factual report is purely coincidental.</p></div><div class="footnote"><p><sup>[<a name="ftn.id379447" href="#id379447" class="para">13</a>] </sup>Note: This link is no longer active. The same article is still
                         available from <a class="ulink" href="http://199.105.191.226/Man/2699/020430msdoj/" target="_top">ITWorld.com</a> (July 5, 2005)</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="RefSection.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="DomApps.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part III. Reference Section </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 12. Integrating Additional Services</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/net2000users.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. A Distributed 2000-User Network</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="happy.html" title="Chapter 5. Making Happy Users"><link rel="next" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. A Distributed 2000-User Network</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="happy.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="DMSMig.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="net2000users"></a>Chapter 6. A Distributed 2000-User Network</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="net2000users.html#id2583726">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2583756">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2583824">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2584098">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id2585046">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2585064">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id2588223">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id2588370">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. A Distributed 2000-User Network</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="happy.html" title="Chapter 5. Making Happy Users"><link rel="next" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. A Distributed 2000-User Network</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="happy.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="DMSMig.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 6. A Distributed 2000-User Network"><div class="titlepage"><div><div><h2 class="title"><a name="net2000users"></a>Chapter 6. A Distributed 2000-User Network</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="net2000users.html#id352846">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id352871">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352928">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id353175">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id353997">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id354011">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id357027">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id357166">Questions and Answers</a></span></dt></dl></div><p>
 There is something indeed mystical about things that are
 big. Large networks exhibit a certain magnetism and exude a sense of
@@ -31 +31 @@
 specifics of implementing LDAP changes, Samba changes, and approach and
 design of the solution and its deployment.
-</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583726"></a>Introduction</h2></div></div></div><p>
+</p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352846"></a>Introduction</h2></div></div></div><p>
 Abmas is a miracle company. Most businesses would have collapsed under
 the weight of rapid expansion that this company has experienced. Samba 
@@ -40 +40 @@
 Samba server just to change the way your network should function.
 </p><p>
-<a class="indexterm" name="id2583745"></a>
+<a class="indexterm" name="id352861"></a>
 Network growth is common to all organizations. In this exercise,
 your preoccupation is with the mechanics of implementing Samba and
 LDAP so that network users on each network segment can work
 without impediment.
-</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2583756"></a>Assignment Tasks</h3></div></div></div><p>
+</p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id352871"></a>Assignment Tasks</h3></div></div></div><p>
         Starting with the configuration files for the server called
         <code class="constant">MASSIVE</code> in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you now deal with the
@@ -52 +52 @@
         alternatives, and then design and implement a solution.
         </p><p>
-        <a class="indexterm" name="id2583784"></a>
+        <a class="indexterm" name="id352896"></a>
         Remember, you have users based in London (UK), Los Angeles,
         Washington. DC, and, three buildings in New York. A significant portion
@@ -73 +73 @@
         DirectPointe. Your concern is server maintenance and third-level
         support. Build a plan and show what must be done.
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583824"></a>Dissection and Discussion</h2></div></div></div><p>
-<a class="indexterm" name="id2583832"></a>
-<a class="indexterm" name="id2583839"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352928"></a>Dissection and Discussion</h2></div></div></div><p>
+<a class="indexterm" name="id352936"></a>
+<a class="indexterm" name="id352942"></a>
 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you implemented an LDAP server that provided the
 <em class="parameter"><code>passdb backend</code></em> for the Samba servers. You
@@ -81 +81 @@
 took control of network performance.
 </p><p>
-<a class="indexterm" name="id2583864"></a>
-<a class="indexterm" name="id2583871"></a>
-<a class="indexterm" name="id2583878"></a>
-<a class="indexterm" name="id2583884"></a>
+<a class="indexterm" name="id352966"></a>
+<a class="indexterm" name="id352972"></a>
+<a class="indexterm" name="id352979"></a>
+<a class="indexterm" name="id352986"></a>
 The implementation of an LDAP-based passdb backend (known as
 <span class="emphasis"><em>ldapsam</em></span> in Samba parlance), or some form of database
@@ -97 +97 @@
 managers.
 </p><p>
-<a class="indexterm" name="id2583924"></a>
-<a class="indexterm" name="id2583931"></a>
+<a class="indexterm" name="id353021"></a>
+<a class="indexterm" name="id353028"></a>
 The new <span class="emphasis"><em>tdbsam</em></span> facility supports functionality
 that is similar to an <span class="emphasis"><em>ldapsam</em></span>, but the lack of
@@ -106 +106 @@
 backend? Is support for these tools broken? Answers to these
 questions require a bit of background.</p><p>
-<a class="indexterm" name="id2583954"></a>
-<a class="indexterm" name="id2583961"></a>
-<a class="indexterm" name="id2583968"></a>
-<a class="indexterm" name="id2583975"></a>
+<a class="indexterm" name="id353049"></a>
+<a class="indexterm" name="id353055"></a>
+<a class="indexterm" name="id353062"></a>
+<a class="indexterm" name="id353069"></a>
 <span class="emphasis"><em>What is a directory?</em></span> A directory is a
 collection of information regarding objects that can be accessed to
@@ -117 +117 @@
 information is organized to facilitate read access rather than to
 support transaction processing.</p><p>
-<a class="indexterm" name="id2583995"></a>
-<a class="indexterm" name="id2584005"></a>
-<a class="indexterm" name="id2584012"></a>
-<a class="indexterm" name="id2584019"></a>
+<a class="indexterm" name="id353086"></a>
+<a class="indexterm" name="id353095"></a>
+<a class="indexterm" name="id353102"></a>
+<a class="indexterm" name="id353109"></a>
 The Lightweight Directory Access Protocol (LDAP) differs
 considerably from a traditional database. It has a simple search
@@ -127 +127 @@
 the data repository and for keeping all copies (slaves) in sync with
 the master repository.</p><p>
-<a class="indexterm" name="id2584035"></a>
-<a class="indexterm" name="id2584042"></a>
-<a class="indexterm" name="id2584049"></a>
+<a class="indexterm" name="id353122"></a>
+<a class="indexterm" name="id353129"></a>
+<a class="indexterm" name="id353135"></a>
 Samba is a flexible and powerful file and print sharing
 technology. It can use many external authentication sources and can be
@@ -137 +137 @@
 avoid the proprietary implications of Microsoft Active Directory
 naturally gravitate toward OpenLDAP.</p><p>
-<a class="indexterm" name="id2584066"></a>
+<a class="indexterm" name="id353149"></a>
 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you had to deal with a locally routed
 network. All deployment concerns focused around making users happy,
@@ -148 +148 @@
 access information globally. And you must make the network robust
 enough so that it can sustain partial breakdown without causing loss of
-productivity.</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2584098"></a>Technical Issues</h3></div></div></div><p>
+productivity.</p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id353175"></a>Technical Issues</h3></div></div></div><p>
         There are at least three areas that need to be addressed as you
         approach the challenge of designing a network solution for the newly
         expanded business:
-        </p><div class="itemizedlist"><ul type="disc"><li><p><a class="indexterm" name="id2584114"></a>
-                User needs such as mobility and data access</p></li><li><p>The nature of Windows networking protocols</p></li><li><p>Identity management infrastructure needs</p></li></ul></div><p>Let's look at each in turn.</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2584137"></a>User Needs</h4></div></div></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id353189"></a>
+                User needs such as mobility and data access</p></li><li class="listitem"><p>The nature of Windows networking protocols</p></li><li class="listitem"><p>Identity management infrastructure needs</p></li></ul></div><p>Let's look at each in turn.</p><div class="sect3" title="User Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id353212"></a>User Needs</h4></div></div></div><p>
         The new company has three divisions. Staff for each division are spread across
         the company. Some staff are office-bound and some are mobile users. Mobile
@@ -164 +164 @@
         off for reasons outside the scope of this discussion.
         </p><p>
-        <a class="indexterm" name="id2584162"></a>
+        <a class="indexterm" name="id353231"></a>
         Decisions must be made regarding where data is to be stored, how it will be
         replicated (if at all), and what the network bandwidth implications are. For
@@ -175 +175 @@
         to the network.
         </p><p>
-        <a class="indexterm" name="id2584188"></a>
-        <a class="indexterm" name="id2584198"></a>
+        <a class="indexterm" name="id353252"></a>
+        <a class="indexterm" name="id353262"></a>
         No matter which way you look at this, the bandwidth requirements
         for acceptable performance are substantial even if only 10 percent of
@@ -189 +189 @@
         server to and from the client.
         </p><p>
-        <a class="indexterm" name="id2584219"></a>
+        <a class="indexterm" name="id353277"></a>
         Obviously then, user needs and wide-area practicalities dictate the economic and
         technical aspects of your network design as well as for standard operating procedures.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2584231"></a>The Nature of Windows Networking Protocols</h4></div></div></div><p>
-        <a class="indexterm" name="id2584239"></a>
+        </p></div><div class="sect3" title="The Nature of Windows Networking Protocols"><div class="titlepage"><div><div><h4 class="title"><a name="id353288"></a>The Nature of Windows Networking Protocols</h4></div></div></div><p>
+        <a class="indexterm" name="id353296"></a>
         Network logons that include roaming profile handling requires from 140 KB to 2 MB.
         The inclusion of support for a minimal set of common desktop applications can push
@@ -201 +201 @@
         part of a total service-level assurance program that might be implemented.
         </p><p>
-        <a class="indexterm" name="id2584260"></a>
-        <a class="indexterm" name="id2584267"></a>
+        <a class="indexterm" name="id353312"></a>
+        <a class="indexterm" name="id353319"></a>
         One way to reduce the network bandwidth impact of user logon
         traffic is through folder redirection. In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you
@@ -211 +211 @@
         logon or logout. Redirected folders are analogous to network drive
         connections.
-        </p><p><a class="indexterm" name="id2584294"></a>
+        </p><p><a class="indexterm" name="id353343"></a>
         Of course, network applications should only be run off
         local application servers. As a general rule, even with 2 Mb/sec
@@ -218 +218 @@
         server that is located in New York.
         </p><p>
-        <a class="indexterm" name="id2584310"></a>
+        <a class="indexterm" name="id353356"></a>
         When network bandwidth becomes a precious commodity (that is most
         of the time), there is a significant demand to understand network
@@ -226 +226 @@
         When a Windows NT4/200x/XP Professional client user logs onto
         the network, several important things must happen.
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2584332"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id353375"></a>
                 The client obtains an IP address via DHCP. (DHCP is
                 necessary so that users can roam between offices.)
-                </p></li><li><p>
-                <a class="indexterm" name="id2584345"></a>
-                <a class="indexterm" name="id2584352"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id353387"></a>
+                <a class="indexterm" name="id353394"></a>
                 The client must register itself with the WINS and/or DNS server.
-                </p></li><li><p>
-                <a class="indexterm" name="id2584364"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id353406"></a>
                 The client must locate the closest domain controller.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The client must log onto a domain controller and obtain as part of
                 that process the location of the user's profile, load it, connect to
                 redirected folders, and establish all network drive and printer connections.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The domain controller must be able to resolve the user's
                 credentials before the logon process is fully implemented.
@@ -257 +257 @@
         at the WINS server.
         </p><p>
-        <a class="indexterm" name="id2584411"></a>
-        <a class="indexterm" name="id2584418"></a><a class="indexterm" name="id2584427"></a>
+        <a class="indexterm" name="id353444"></a>
+        <a class="indexterm" name="id353450"></a><a class="indexterm" name="id353460"></a>
         Given that the client is already a domain member, it then sends
         a directed (Unicast) request to the WINS server seeking the list of
         IP addresses for domain controllers (NetBIOS name type 0x1C). The
         WINS server replies with the information requested.</p><p>
-        <a class="indexterm" name="id2584442"></a>
-        <a class="indexterm" name="id2584451"></a>
-        <a class="indexterm" name="id2584458"></a>
+        <a class="indexterm" name="id353472"></a>
+        <a class="indexterm" name="id353481"></a>
+        <a class="indexterm" name="id353488"></a>
         The client sends two netlogon mailslot broadcast requests
         to the local network and to each of the IP addresses returned by
@@ -275 +275 @@
         domain controllers.
         </p><p>
-        <a class="indexterm" name="id2584476"></a>
-        <a class="indexterm" name="id2584485"></a>
-        <a class="indexterm" name="id2584492"></a>
+        <a class="indexterm" name="id353502"></a>
+        <a class="indexterm" name="id353511"></a>
+        <a class="indexterm" name="id353518"></a>
         The logon process begins with negotiation of the SMB/CIFS
         protocols that are to be used; this is followed by an exchange of
@@ -288 +288 @@
         local domain controllers fail or break?
         </p><p>
-        <a class="indexterm" name="id2584511"></a>
-        <a class="indexterm" name="id2584518"></a>
-        <a class="indexterm" name="id2584525"></a>
-        <a class="indexterm" name="id2584531"></a>
+        <a class="indexterm" name="id353533"></a>
+        <a class="indexterm" name="id353540"></a>
+        <a class="indexterm" name="id353546"></a>
+        <a class="indexterm" name="id353553"></a>
         Under most circumstances, the nearest domain controller
         responds to the netlogon mailslot broadcast. The exception to this
@@ -300 +300 @@
         domain controllers are by definition BDCs.
         </p><p>
-        <a class="indexterm" name="id2584549"></a>
-        <a class="indexterm" name="id2584556"></a>
+        <a class="indexterm" name="id353566"></a>
+        <a class="indexterm" name="id353573"></a>
         The provision of sufficient servers that are BDCs is an
         important design factor. The second important design factor
@@ -307 +307 @@
         data. That is the subject of the next section, which involves key
         decisions regarding Identity Management facilities.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2584570"></a>Identity Management Needs</h4></div></div></div><p>
-        <a class="indexterm" name="id2584578"></a>
-        <a class="indexterm" name="id2584584"></a>
-        <a class="indexterm" name="id2584591"></a>
-        <a class="indexterm" name="id2584598"></a>
+        </p></div><div class="sect3" title="Identity Management Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id353585"></a>Identity Management Needs</h4></div></div></div><p>
+        <a class="indexterm" name="id353593"></a>
+        <a class="indexterm" name="id353600"></a>
+        <a class="indexterm" name="id353606"></a>
+        <a class="indexterm" name="id353613"></a>
         Network managers recognize that in large organizations users
         generally need to be given resource access based on needs, while
@@ -320 +320 @@
         rights and privileges are allocated.
         </p><p>
-        <a class="indexterm" name="id2584616"></a>
-        <a class="indexterm" name="id2584622"></a>
-        <a class="indexterm" name="id2584629"></a>
+        <a class="indexterm" name="id353627"></a>
+        <a class="indexterm" name="id353634"></a>
+        <a class="indexterm" name="id353640"></a>
         Unfortunately, network resources tend to have their own Identity 
         Management facilities, the quality and manageability of which varies 
@@ -334 +334 @@
         as <code class="constant">Network Information System</code> (NIS).
         </p><p>
-        <a class="indexterm" name="id2584660"></a>
+        <a class="indexterm" name="id353666"></a>
         NIS gained a strong following throughout the UNIX/VMS space in a short
         period of time and retained that appeal and use for over a decade.
@@ -344 +344 @@
         other information systems is catching on.
         </p><p>
-        <a class="indexterm" name="id2584679"></a>
-        <a class="indexterm" name="id2584686"></a>
-        <a class="indexterm" name="id2584693"></a>
+        <a class="indexterm" name="id353681"></a>
+        <a class="indexterm" name="id353687"></a>
+        <a class="indexterm" name="id353694"></a>
         Nevertheless, both NIS and NIS+ continue to hold ground in
         business areas where UNIX still has major sway. Examples of
@@ -354 +354 @@
         focus.
         </p><p>
-        <a class="indexterm" name="id2584708"></a>
-        <a class="indexterm" name="id2584715"></a>
+        <a class="indexterm" name="id353707"></a>
+        <a class="indexterm" name="id353714"></a>
         Today's networking world needs a scalable, distributed Identity 
         Management infrastructure, commonly called a directory. The most 
@@ -361 +361 @@
         and a number of LDAP implementations.
         </p><p>
-        <a class="indexterm" name="id2584729"></a>
+        <a class="indexterm" name="id353726"></a>
         The problem of managing multiple directories has become a focal
         point over the past decade, creating a large market for
@@ -370 +370 @@
         having to remember and deal with fewer login identities and
         passwords.</p><p>
-        <a class="indexterm" name="id2584747"></a>
+        <a class="indexterm" name="id353740"></a>
         The challenge of every large network is to find the optimum
         balance of internal systems and facilities for Identity
@@ -376 +376 @@
         implemented has potentially significant impact on network bandwidth
         and systems response needs.</p><p>
-        <a class="indexterm" name="id2584764"></a>
-        <a class="indexterm" name="id2584771"></a>
-        <a class="indexterm" name="id2584780"></a>
+        <a class="indexterm" name="id353754"></a>
+        <a class="indexterm" name="id353761"></a>
+        <a class="indexterm" name="id353770"></a>
         In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you implemented a single LDAP server for the
         entire network. This may work for smaller networks, but almost
@@ -387 +387 @@
         servers within the context of a distributed 2,000-user network is a
         question that remains to be answered.</p><p>
-        <a class="indexterm" name="id2584809"></a>
-        <a class="indexterm" name="id2584816"></a>
+        <a class="indexterm" name="id353796"></a>
+        <a class="indexterm" name="id353803"></a>
         One possibility that has great appeal is to create a single,
         large distributed domain. The practical implications of this
@@ -399 +399 @@
         maintenance.
         </p><p>
-        <a class="indexterm" name="id2584847"></a>
+        <a class="indexterm" name="id353826"></a>
         The network design in <a class="link" href="net2000users.html#chap7net2" title="Figure 6.7. Network Topology 2000 User Complex Design B">&#8220;Network Topology  2000 User Complex Design B&#8221;</a> takes the approach
         that management of networks that are too remote to be managed
@@ -410 +410 @@
         in how they may access global resources.
         </p><p>
-        <a class="indexterm" name="id2584873"></a>
+        <a class="indexterm" name="id353848"></a>
         Desk-bound users need not be negatively affected by this design, since
         the use of interdomain trusts can be used to satisfy the need for global
         data sharing.
         </p><p>
-        <a class="indexterm" name="id2584886"></a>
-        <a class="indexterm" name="id2584892"></a>
-        <a class="indexterm" name="id2584902"></a>
+        <a class="indexterm" name="id353859"></a>
+        <a class="indexterm" name="id353866"></a>
+        <a class="indexterm" name="id353875"></a>
         When Samba-3 is configured to use an LDAP backend, it stores the domain
         account information in a directory entry. This account entry contains the
@@ -423 +423 @@
         possible to operate with more than one PDC on a distributed network.
         </p><p>
-        <a class="indexterm" name="id2584916"></a>
-        <a class="indexterm" name="id2584923"></a>
-        <a class="indexterm" name="id2584930"></a>
+        <a class="indexterm" name="id353887"></a>
+        <a class="indexterm" name="id353894"></a>
+        <a class="indexterm" name="id353901"></a>
         How might this peculiar feature be exploited? The answer is simple. It is
         imperative that each network segment have its own WINS server. Major
@@ -435 +435 @@
         single LDAP backend, users have unfettered ability to roam.
         </p><p>
-        <a class="indexterm" name="id2584955"></a>
-        <a class="indexterm" name="id2584964"></a>
+        <a class="indexterm" name="id353921"></a>
+        <a class="indexterm" name="id353930"></a>
         This concept has not been exhaustively validated, though we can see no reason
         why this should not work. The important facets are the following: The name of
@@ -447 +447 @@
         that are in fact slave LDAP servers on the local segments.
         </p><p>
-        <a class="indexterm" name="id2584986"></a>
-        <a class="indexterm" name="id2584995"></a>
-        <a class="indexterm" name="id2585002"></a>
-        <a class="indexterm" name="id2585011"></a>
+        <a class="indexterm" name="id353946"></a>
+        <a class="indexterm" name="id353956"></a>
+        <a class="indexterm" name="id353962"></a>
+        <a class="indexterm" name="id353972"></a>
         With a single master LDAP server, all network updates are effected on a single
         server. In the event that this should become excessively fragile or network
@@ -464 +464 @@
         procedures for managing the directory, because retroactive correction of
         inconsistent directory information can be exceedingly difficult.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2585046"></a>Political Issues</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id353997"></a>Political Issues</h3></div></div></div><p>
         As organizations grow, the number of points of control increases
         also. In a large distributed organization, it is important that the
@@ -472 +472 @@
         minutes rather than days (the old limitation of highly manual
         systems).
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2585064"></a>Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id2585071"></a>
-        <a class="indexterm" name="id2585078"></a>
-        <a class="indexterm" name="id2585085"></a>
-        <a class="indexterm" name="id2585092"></a>
+        </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id354011"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id354019"></a>
+        <a class="indexterm" name="id354026"></a>
+        <a class="indexterm" name="id354032"></a>
+        <a class="indexterm" name="id354039"></a>
         Samba-3 has the ability to use multiple password (authentication and
         identity resolution) backends. The diagram in <a class="link" href="net2000users.html#chap7idres" title="Figure 6.1. Samba and Authentication Backend Search Pathways">&#8220;Samba and Authentication Backend Search Pathways&#8221;</a>
@@ -484 +484 @@
         using the specific systems shown.
         </p><div class="figure"><a name="chap7idres"></a><p class="title"><b>Figure 6.1. Samba and Authentication Backend Search Pathways</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-idresol.png" width="297" alt="Samba and Authentication Backend Search Pathways"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2585156"></a>
-        <a class="indexterm" name="id2585163"></a>
-        <a class="indexterm" name="id2585170"></a>
-        <a class="indexterm" name="id2585177"></a>
-        <a class="indexterm" name="id2585183"></a>
-        <a class="indexterm" name="id2585190"></a>
-        <a class="indexterm" name="id2585197"></a>
+        <a class="indexterm" name="id354099"></a>
+        <a class="indexterm" name="id354106"></a>
+        <a class="indexterm" name="id354113"></a>
+        <a class="indexterm" name="id354120"></a>
+        <a class="indexterm" name="id354126"></a>
+        <a class="indexterm" name="id354133"></a>
+        <a class="indexterm" name="id354140"></a>
         Samba is capable of using the <code class="constant">smbpasswd</code>,
         <code class="constant">tdbsam</code>, <code class="constant">xmlsam</code>,
@@ -498 +498 @@
         operations.
         </p><p>
-        <a class="indexterm" name="id2585225"></a>
+        <a class="indexterm" name="id354166"></a>
         Additionally, it is possible to use multiple passdb backends
         concurrently as well as have multiple LDAP backends. As a result, you
@@ -510 +510 @@
         This configuration tells Samba to use a single LDAP server, as shown in <a class="link" href="net2000users.html#ch7singleLDAP" title="Figure 6.2. Samba Configuration to Use a Single LDAP Server">&#8220;Samba Configuration to Use a Single LDAP Server&#8221;</a>.
         </p><div class="figure"><a name="ch7singleLDAP"></a><p class="title"><b>Figure 6.2. Samba Configuration to Use a Single LDAP Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-singleLDAP.png" width="351" alt="Samba Configuration to Use a Single LDAP Server"></div></div></div><p><br class="figure-break">
-        <a class="indexterm" name="id2585298"></a>
-        <a class="indexterm" name="id2585308"></a>
+        <a class="indexterm" name="id354234"></a>
+        <a class="indexterm" name="id354244"></a>
         The addition of a failover LDAP server can simply be done by adding a
         second entry for the failover server to the single <em class="parameter"><code>ldapsam</code></em>
@@ -533 +533 @@
 ...
 </pre><p>
-        <a class="indexterm" name="id2585394"></a>
+        <a class="indexterm" name="id354323"></a>
         The effect of this style of entry is that Samba lists the users
         that are in both LDAP databases. If both contain the same information,
@@ -544 +544 @@
         into one seemingly contiguous directory. Only the first database will be updated.
         An example of this configuration is shown in <a class="link" href="net2000users.html#ch7dualok" title="Figure 6.5. Samba Configuration to Use Two LDAP Databases - The result is additive.">&#8220;Samba Configuration to Use Two LDAP Databases - The result is additive.&#8221;</a>.
-        </p><div class="figure"><a name="ch7dualok"></a><p class="title"><b>Figure 6.5. Samba Configuration to Use Two LDAP Databases - The result is additive.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-dual-additive-LDAP-Ok.png" width="297" alt="Samba Configuration to Use Two LDAP Databases - The result is additive."></div></div></div><br class="figure-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="figure"><a name="ch7dualok"></a><p class="title"><b>Figure 6.5. Samba Configuration to Use Two LDAP Databases - The result is additive.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-dual-additive-LDAP-Ok.png" width="297" alt="Samba Configuration to Use Two LDAP Databases - The result is additive."></div></div></div><br class="figure-break"><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         When the use of ldapsam is specified twice, as shown here, it is imperative
         that the two LDAP directories must be disjoint. If the entries are for a
@@ -554 +554 @@
         pattern similar to what was covered in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>. The following steps
     permit the operation of a master/slave OpenLDAP arrangement.
-        </p><div class="procedure"><a name="id2585536"></a><p class="title"><b>Procedure 6.1. Implementation Steps for an LDAP Slave Server</b></p><ol type="1"><li><p>
-            <a class="indexterm" name="id2585548"></a>
-                <a class="indexterm" name="id2585555"></a>
+        </p><div class="procedure" title="Procedure 6.1. Implementation Steps for an LDAP Slave Server"><a name="id354454"></a><p class="title"><b>Procedure 6.1. Implementation Steps for an LDAP Slave Server</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+            <a class="indexterm" name="id354465"></a>
+                <a class="indexterm" name="id354472"></a>
                 Log onto the master LDAP server as <code class="constant">root</code>.
                 You are about to change the configuration of the LDAP server, so it
@@ -568 +568 @@
 <code class="prompt">root# </code> service ldap stop
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2585600"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id354514"></a>
                 Edit the <code class="filename">/etc/openldap/slapd.conf</code> file so it
                 matches the content of <a class="link" href="net2000users.html#ch7-LDAP-master" title="Example 6.1. LDAP Master Server Configuration File /etc/openldap/slapd.conf">&#8220;LDAP Master Server Configuration File  /etc/openldap/slapd.conf&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Create a file called <code class="filename">admin-accts.ldif</code> with the following contents:
 </p><pre class="screen">
@@ -587 +587 @@
 userPassword: buttercup
 </pre><p>
-                </p></li><li><p>
-                Add an account called &#8220;<span class="quote">updateuser</span>&#8221; to the master LDAP server as shown here:
+                </p></li><li class="step" title="Step 4"><p>
+                Add an account called <span class="quote">&#8220;<span class="quote">updateuser</span>&#8221;</span> to the master LDAP server as shown here:
 </p><pre class="screen">
 <code class="prompt">root# </code> slapadd -v -l admin-accts.ldif
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2585673"></a>
-                <a class="indexterm" name="id2585680"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id354583"></a>
+                <a class="indexterm" name="id354590"></a>
                 Change directory to a suitable place to dump the contents of the
                 LDAP server. The dump file (and LDIF file) is used to preload
@@ -602 +602 @@
 </pre><p>
                 Each record is written to the file.     
-                </p></li><li><p>
-                <a class="indexterm" name="id2585712"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id354620"></a>
                 Copy the file <code class="filename">LDAP-transfer-LDIF.txt</code> to the intended
                 slave LDAP server. A good location could be in the directory 
                 <code class="filename">/etc/openldap/preload</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Log onto the slave LDAP server as <code class="constant">root</code>. You can
                 now configure this server so the <code class="filename">/etc/openldap/slapd.conf</code>
                 file matches the content of <a class="link" href="net2000users.html#ch7-LDAP-slave" title="Example 6.2. LDAP Slave Configuration File /etc/openldap/slapd.conf">&#8220;LDAP Slave Configuration File  /etc/openldap/slapd.conf&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Change directory to the location in which you stored the 
                 <code class="filename">LDAP-transfer-LDIF.txt</code> file (<code class="filename">/etc/openldap/preload</code>).
@@ -641 +641 @@
 added: "cn=PIOps,ou=Groups,dc=abmas,dc=biz" (00000013)
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Now start the LDAP server and set it to run automatically on system reboot by executing:
 </p><pre class="screen">
@@ -652 +652 @@
 <code class="prompt">root# </code> chkconfig ldap on
 </pre><p>
-                </p></li><li><p>
-            <a class="indexterm" name="id2585885"></a>
-                <a class="indexterm" name="id2585892"></a>
-                <a class="indexterm" name="id2585899"></a>
+                </p></li><li class="step" title="Step 10"><p>
+            <a class="indexterm" name="id354767"></a>
+                <a class="indexterm" name="id354774"></a>
+                <a class="indexterm" name="id354781"></a>
                 Go back to the master LDAP server. Execute the following to start LDAP as well
                 as <code class="literal">slurpd</code>, the synchronization daemon, as shown here:
@@ -664 +664 @@
 <code class="prompt">root# </code> chkconfig slurpd on
 </pre><p>
-            <a class="indexterm" name="id2585944"></a>
+            <a class="indexterm" name="id354824"></a>
                 On Red Hat Linux, check the equivalent command to start <code class="literal">slurpd</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2585965"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id354844"></a>
                 On the master LDAP server you may now add an account to validate that replication
                 is working. Assuming the configuration shown in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, execute:
@@ -673 +673 @@
 <code class="prompt">root# </code> /var/lib/samba/sbin/smbldap-useradd -a fruitloop
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 On the slave LDAP server, change to the directory <code class="filename">/var/lib/ldap</code>.
                 There should now be a file called <code class="filename">replogfile</code>. If replication worked
@@ -697 +697 @@
 -
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 13"><p>
                 Given that this first slave LDAP server is now working correctly, you may now
                 implement additional slave LDAP servers as required.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 14"><p>
                 On each machine (PDC and BDCs) after the respective <code class="filename">smb.conf</code> files have been created as shown in
                 <a class="link" href="net2000users.html#ch7-massmbconfA" title="Example 6.3. Primary Domain Controller smb.conf File Part A">Primary Domain Controller <code class="filename">smb.conf</code> File  Part A + B + C</a> and
@@ -792 +792 @@
 index sambaDomainName       eq
 index default               sub
-</pre></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfA"></a><p class="title"><b>Example 6.3. Primary Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2586228"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2586240"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2586252"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586264"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2586276"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2586288"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2586299"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2586311"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2586323"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2586335"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2586347"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586358"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2586370"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586383"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586395"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2586408"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2586420"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586433"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586446"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586459"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586471"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2586484"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2586496"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2586508"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2586520"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2586531"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586543"></a><em class="parameter"><code>domain master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586555"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586567"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586578"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2586590"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2586602"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2586614"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2586626"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586639"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586651"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2586663"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2586674"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id2586686"></a><em class="parameter"><code>printing = cups</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfB"></a><p class="title"><b>Example 6.4. Primary Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[IPC$]</code></em></td></tr><tr><td><a class="indexterm" name="id2586732"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2586752"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586764"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2586776"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2586796"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586808"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2586820"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2586840"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586852"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2586864"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2586884"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2586896"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2586908"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586919"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2586940"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2586951"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2586963"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586975"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586986"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfC"></a><p class="title"><b>Example 6.5. Primary Domain Controller <code class="filename">smb.conf</code> File  Part C</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2587032"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587044"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2587055"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id2587067"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2587087"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2587099"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2587111"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2587123"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587135"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2587155"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2587167"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2587179"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587190"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2587211"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2587223"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2587235"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587246"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2587267"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2587279"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2587291"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id2587302"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfA"></a><p class="title"><b>Example 6.6. Backup Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># # Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2587352"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2587363"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2587375"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2587387"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587399"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2587411"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2587423"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2587434"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2587446"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2587458"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2587469"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2587481"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2587493"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587505"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2587517"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2587529"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2587541"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587553"></a><em class="parameter"><code>os level = 63</code></em></td></tr><tr><td><a class="indexterm" name="id2587564"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587576"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id2587588"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587600"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2587612"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2587624"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2587636"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2587648"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587660"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587671"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587683"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2587695"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2587707"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2587727"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587739"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2587751"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2587771"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587783"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2587795"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfB"></a><p class="title"><b>Example 6.7. Backup Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2587841"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587853"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2587864"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2587884"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2587896"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2587908"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587919"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2587940"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2587952"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2587963"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587975"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587987"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2588007"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2588019"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2588030"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id2588042"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2588063"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2588075"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2588086"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2588098"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2588119"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2588130"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2588142"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2588154"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2588174"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2588186"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2588198"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2588210"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2588223"></a>Key Points Learned</h3></div></div></div><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id2588234"></a><a class="indexterm" name="id2588239"></a>
+</pre></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfA"></a><p class="title"><b>Example 6.3. Primary Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id355074"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id355085"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id355097"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id355108"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id355120"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id355131"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id355143"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id355154"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id355166"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id355177"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id355189"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355200"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id355212"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355224"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355236"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id355248"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id355259"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355272"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355284"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355296"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355308"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id355319"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id355331"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id355343"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id355354"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id355366"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355377"></a><em class="parameter"><code>domain master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355389"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355400"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id355412"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id355423"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id355435"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id355447"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id355458"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id355470"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id355482"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id355493"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id355505"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id355516"></a><em class="parameter"><code>printing = cups</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfB"></a><p class="title"><b>Example 6.4. Primary Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[IPC$]</code></em></td></tr><tr><td><a class="indexterm" name="id355561"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id355581"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id355593"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id355604"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id355625"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id355636"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id355648"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id355668"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id355680"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id355691"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id355712"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id355723"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id355735"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id355746"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id355767"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id355778"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id355790"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355801"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355813"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfC"></a><p class="title"><b>Example 6.5. Primary Domain Controller <code class="filename">smb.conf</code> File  Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id355857"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id355869"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id355880"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id355892"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id355912"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id355924"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id355936"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id355947"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355959"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id355979"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id355990"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id356002"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356014"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id356034"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id356046"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id356057"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356069"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id356089"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id356101"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id356112"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id356124"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfA"></a><p class="title"><b>Example 6.6. Backup Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># # Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id356172"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id356183"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id356195"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id356206"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id356218"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id356229"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id356241"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id356252"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id356264"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id356275"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id356287"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id356298"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id356310"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id356322"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id356333"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id356345"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id356356"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356368"></a><em class="parameter"><code>os level = 63</code></em></td></tr><tr><td><a class="indexterm" name="id356379"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id356391"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id356402"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id356414"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id356425"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id356437"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id356449"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id356460"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id356472"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356483"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id356495"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id356507"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id356518"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id356538"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id356550"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id356562"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id356582"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id356594"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id356605"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfB"></a><p class="title"><b>Example 6.7. Backup Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id356650"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id356661"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id356673"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id356693"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id356705"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id356716"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356728"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id356748"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id356760"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id356771"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356783"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356794"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id356815"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id356826"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id356838"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id356849"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id356870"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id356881"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id356893"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356904"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id356925"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id356936"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id356948"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356959"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id356980"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id356991"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id357003"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id357014"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id357027"></a>Key Points Learned</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id357038"></a><a class="indexterm" name="id357043"></a>
                         Where Samba-3 is used as a domain controller, the use of LDAP is an 
                         essential component to permit the use of BDCs.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2588252"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id357055"></a>
                         Replication of the LDAP master server to create a network of BDCs
                         is an important mechanism for limiting WAN traffic.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Network administration presents many complex challenges, most of which
                         can be satisfied by good design but that also require sound communication
                         and unification of management practices. This can be highly challenging in
                         a large, globally distributed network.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Roaming profiles must be contained to the local network segment. Any
                         departure from this may clog wide-area arteries and slow legitimate network
                         traffic to a crawl.
-                        </p></li></ul></div></div><div class="figure"><a name="chap7net"></a><p class="title"><b>Figure 6.6. Network Topology  2000 User Complex Design A</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net-Ar.png" width="432" alt="Network Topology 2000 User Complex Design A"></div></div></div><br class="figure-break"><div class="figure"><a name="chap7net2"></a><p class="title"><b>Figure 6.7. Network Topology  2000 User Complex Design B</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net2-Br.png" width="432" alt="Network Topology 2000 User Complex Design B"></div></div></div><br class="figure-break"></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2588370"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div><div class="figure"><a name="chap7net"></a><p class="title"><b>Figure 6.6. Network Topology  2000 User Complex Design A</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net-Ar.png" width="432" alt="Network Topology 2000 User Complex Design A"></div></div></div><br class="figure-break"><div class="figure"><a name="chap7net2"></a><p class="title"><b>Figure 6.7. Network Topology  2000 User Complex Design B</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net2-Br.png" width="432" alt="Network Topology 2000 User Complex Design B"></div></div></div><br class="figure-break"></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id357166"></a>Questions and Answers</h2></div></div></div><p>
         There is much rumor and misinformation regarding the use of MS Windows networking protocols.
         These questions are just a few of those frequently asked.
-        </p><div class="qandaset"><dl><dt> <a href="net2000users.html#id2588388">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id357176"></a><dl><dt> <a href="net2000users.html#id357182">
                 
                 
                 Is it true that DHCP uses lots of WAN bandwidth?
-                </a></dt><dt> <a href="net2000users.html#id2588523">
+                </a></dt><dt> <a href="net2000users.html#id357303">
                 
                 
                 How much background communication takes place between a master LDAP server and its slave LDAP servers?
-                </a></dt><dt> <a href="net2000users.html#id2588584">
+                </a></dt><dt> <a href="net2000users.html#id357360">
                 LDAP has a database. Is LDAP not just a fancy database front end?
-                </a></dt><dt> <a href="net2000users.html#id2588648">
+                </a></dt><dt> <a href="net2000users.html#id357417">
                 
                 Can Active Directory obtain account information from an OpenLDAP server?
-                </a></dt><dt> <a href="net2000users.html#id2588683">
+                </a></dt><dt> <a href="net2000users.html#id357449">
                 What are the parts of a roaming profile? How large is each part?
-                </a></dt><dt> <a href="net2000users.html#id2588832">
+                </a></dt><dt> <a href="net2000users.html#id357590">
                 Can the My Documents folder be stored on a network drive?
-                </a></dt><dt> <a href="net2000users.html#id2588880">
+                </a></dt><dt> <a href="net2000users.html#id357635">
                 
                 
                 
                 How much WAN bandwidth does WINS consume?
-                </a></dt><dt> <a href="net2000users.html#id2588964">
+                </a></dt><dt> <a href="net2000users.html#id357712">
                 How many BDCs should I have? What is the right number of Windows clients per server?
-                </a></dt><dt> <a href="net2000users.html#id2589000">
+                </a></dt><dt> <a href="net2000users.html#id357739">
                 
                 I've heard that you can store NIS accounts in LDAP. Is LDAP not just a smarter way to
                 run an NIS server?
-                </a></dt><dt> <a href="net2000users.html#id2589034">
+                </a></dt><dt> <a href="net2000users.html#id357770">
                 Can I use NIS in place of LDAP?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2588388"></a><a name="id2588390"></a></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588395"></a>
-                <a class="indexterm" name="id2588401"></a>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id357182"></a><a name="id357185"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id357189"></a>
+                <a class="indexterm" name="id357196"></a>
                 Is it true that DHCP uses lots of WAN bandwidth?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588418"></a>
-                <a class="indexterm" name="id2588427"></a>
-                <a class="indexterm" name="id2588434"></a>
+                <a class="indexterm" name="id357212"></a>
+                <a class="indexterm" name="id357221"></a>
+                <a class="indexterm" name="id357228"></a>
                 It is a smart practice to localize DHCP servers on each network segment. As a 
                 rule, there should be two DHCP servers per network segment. This means that if
@@ -856 +856 @@
                 routers. This makes it possible to run fewer DHCP servers.
                 </p><p>
-                <a class="indexterm" name="id2588453"></a>
-                <a class="indexterm" name="id2588462"></a>
+                <a class="indexterm" name="id357244"></a>
+                <a class="indexterm" name="id357253"></a>
                 A DHCP network address request and confirmation usually results in about six UDP packets.
                 The packets are from 60 to 568 bytes in length. Let us consider a site that has 300 DHCP
@@ -875 +875 @@
                 From this can be seen that the traffic impact would be minimal.
                 </p><p>
-                <a class="indexterm" name="id2588500"></a>
-                <a class="indexterm" name="id2588509"></a>
+                <a class="indexterm" name="id357282"></a>
+                <a class="indexterm" name="id357291"></a>
                 Even when DHCP is configured to do DNS update (dynamic DNS) over a wide-area link,
                 the impact of the update is no more than the DHCP IP address renewal traffic and thus
                 still insignificant for most practical purposes.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588523"></a><a name="id2588525"></a></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588529"></a>
-                <a class="indexterm" name="id2588536"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357303"></a><a name="id357305"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id357310"></a>
+                <a class="indexterm" name="id357317"></a>
                 How much background communication takes place between a master LDAP server and its slave LDAP servers?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588557"></a>
+                <a class="indexterm" name="id357336"></a>
                 The process that controls the replication of data from the master LDAP server to the slave LDAP
                 servers is called <code class="literal">slurpd</code>. The <code class="literal">slurpd</code> remains nascent (quiet)
                 until an update must be propagated. The propagation traffic per LDAP slave to update (add/modify/delete)
                 two user accounts requires less than 10KB traffic.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588584"></a><a name="id2588586"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357360"></a><a name="id357362"></a></td><td align="left" valign="top"><p>
                 LDAP has a database. Is LDAP not just a fancy database front end?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588598"></a>
-                <a class="indexterm" name="id2588605"></a>
-                <a class="indexterm" name="id2588614"></a>
-                <a class="indexterm" name="id2588620"></a>
+                <a class="indexterm" name="id357374"></a>
+                <a class="indexterm" name="id357381"></a>
+                <a class="indexterm" name="id357390"></a>
+                <a class="indexterm" name="id357396"></a>
                 LDAP does store its data in a database of sorts. In fact, the LDAP backend is an application-specific
                 data storage system. This type of database is indexed so that records can be rapidly located, but the
@@ -905 +905 @@
                 An LDAP front end is a purpose-built tool that has a search orientation that is designed around specific
                 simple queries. The term <code class="constant">database</code> is heavily overloaded and thus much misunderstood.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588648"></a><a name="id2588650"></a></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588654"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357417"></a><a name="id357419"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id357423"></a>
                 Can Active Directory obtain account information from an OpenLDAP server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588669"></a>
+                <a class="indexterm" name="id357437"></a>
                 No, at least not directly. It is possible to provision Active Directory from and/or to an OpenLDAP
                 database through use of a metadirectory server. Microsoft MMS (now called MIIS) can interface
                 to OpenLDAP using standard LDAP queries and updates. 
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588683"></a><a name="id2588685"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357449"></a><a name="id357452"></a></td><td align="left" valign="top"><p>
                 What are the parts of a roaming profile? How large is each part?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2588696"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id357462"></a>
                 A roaming profile consists of
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         Desktop folders such as <code class="constant">Desktop</code>, <code class="constant">My Documents</code>,
                         <code class="constant">My Pictures</code>, <code class="constant">My Music</code>, <code class="constant">Internet Files</code>,
@@ -923 +923 @@
                         <code class="constant">Local Settings,</code> and more. See <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, <a class="link" href="happy.html#XP-screen001" title="Figure 5.3. Windows XP Professional User Shared Folders">&#8220;Windows XP Professional  User Shared Folders&#8221;</a>.
                         </p><p>
-                        <a class="indexterm" name="id2588757"></a>
+                        <a class="indexterm" name="id357521"></a>
                         Each of these can be anywhere from a few bytes to gigabytes in capacity. Fortunately, all
                         such folders can be redirected to network drive resources. See <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>
                         for more information regarding folder redirection.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         A static or rewritable portion that is typically only a few files (2-5 KB of information).
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2588784"></a>
-                        <a class="indexterm" name="id2588790"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id357545"></a>
+                        <a class="indexterm" name="id357551"></a>
                         The registry load file that modifies the <code class="constant">HKEY_LOCAL_USER</code> hive. This is
                         the <code class="filename">NTUSER.DAT</code> file. It can be from 0.4 to 1.5 MB.
                         </p></li></ul></div><p>
-                <a class="indexterm" name="id2588813"></a>
+                <a class="indexterm" name="id357573"></a>
                 Microsoft Outlook PST files may be stored in the <code class="constant">Local Settings\Application Data</code>
                 folder. It can be up to 2 GB in size per PST file.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588832"></a><a name="id2588834"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357590"></a><a name="id357592"></a></td><td align="left" valign="top"><p>
                 Can the <code class="constant">My Documents</code> folder be stored on a network drive?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588849"></a>
-                <a class="indexterm" name="id2588856"></a>
+                <a class="indexterm" name="id357607"></a>
+                <a class="indexterm" name="id357614"></a>
                 Yes. More correctly, such folders can be redirected to network shares. No specific network drive
                 connection is required. Registry settings permit this to be redirected directly to a UNC (Universal
                 Naming Convention) resource, though it is possible to specify a network drive letter instead of a
                 UNC name. See <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588880"></a><a name="id2588882"></a></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588886"></a>
-                <a class="indexterm" name="id2588893"></a>
-                <a class="indexterm" name="id2588902"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357635"></a><a name="id357637"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id357641"></a>
+                <a class="indexterm" name="id357648"></a>
+                <a class="indexterm" name="id357657"></a>
                 How much WAN bandwidth does WINS consume?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2588916"></a>
-                <a class="indexterm" name="id2588925"></a>
-                <a class="indexterm" name="id2588932"></a>
+                <a class="indexterm" name="id357671"></a>
+                <a class="indexterm" name="id357680"></a>
+                <a class="indexterm" name="id357687"></a>
                 MS Windows clients cache information obtained from WINS lookups in a local NetBIOS name cache.
                 This keeps WINS lookups to a minimum. On a network with 3500 MS Windows clients and a central WINS
@@ -967 +967 @@
                 In conclusion, the total load afforded through WINS traffic is again marginal to total operational
                 usage  as it should be.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588964"></a><a name="id2588966"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357712"></a><a name="id357714"></a></td><td align="left" valign="top"><p>
                 How many BDCs should I have? What is the right number of Windows clients per server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -981 +981 @@
                 As unsatisfactory as the answer might sound, it all depends on network and server load
                 characteristics.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589000"></a><a name="id2589002"></a></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2589006"></a><a class="indexterm" name="id2589012"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357739"></a><a name="id357741"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id357745"></a><a class="indexterm" name="id357751"></a>
                 I've heard that you can store NIS accounts in LDAP. Is LDAP not just a smarter way to
                 run an NIS server?
@@ -989 +989 @@
                 a configurable schema that can store far more information for many more purposes than
                 just NIS.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589034"></a><a name="id2589036"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357770"></a><a name="id357772"></a></td><td align="left" valign="top"><p>
                 Can I use NIS in place of LDAP?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2589047"></a>
-                <a class="indexterm" name="id2589054"></a>
+                <a class="indexterm" name="id357783"></a>
+                <a class="indexterm" name="id357790"></a>
                 No. The NIS database does not have provision to store Microsoft encrypted passwords and does not deal
                 with the types of data necessary for interoperability with Microsoft Windows networking. The use

trunk/server/docs/htmldocs/Samba3-ByExample/ntmigration.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Migrating NT4 Domain to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="upgrades.html" title="Chapter 8. Updating Samba-3"><link rel="next" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Migrating NT4 Domain to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="upgrades.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="nw4migration.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="ntmigration"></a>Chapter 9. Migrating NT4 Domain to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ntmigration.html#id2601332">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2601417">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2601472">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2601658">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2601981">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2602007">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id2602148">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2604606">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id2605013">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id2605051">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Migrating NT4 Domain to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="upgrades.html" title="Chapter 8. Updating Samba-3"><link rel="next" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Migrating NT4 Domain to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="upgrades.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="nw4migration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 9. Migrating NT4 Domain to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="ntmigration"></a>Chapter 9. Migrating NT4 Domain to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ntmigration.html#id368988">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369064">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369115">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369276">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id369580">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369600">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id372263">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id372297">Questions and Answers</a></span></dt></dl></div><p>
         Ever since Microsoft announced that it was discontinuing support for Windows
         NT4, Samba users started to ask for detailed instructions on how to migrate
@@ -7 +7 @@
         One wonders how many NT4 systems will be left in service by the time you read this
         book though.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2601332"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id2601338"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id368988"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id368994"></a>
         Network administrators who want to migrate off a Windows NT4 environment know
         one thing with certainty. They feel that NT4 has been abandoned, and they want
@@ -14 +14 @@
         failure, and much more.
         </p><p>
-        <a class="indexterm" name="id2601356"></a>
-        <a class="indexterm" name="id2601363"></a>
-        <a class="indexterm" name="id2601373"></a>
-        <a class="indexterm" name="id2601382"></a>
+        <a class="indexterm" name="id369009"></a>
+        <a class="indexterm" name="id369016"></a>
+        <a class="indexterm" name="id369025"></a>
+        <a class="indexterm" name="id369035"></a>
         The migration from NT4 to Samba-3 can involve a number of factors, including
         migration of data to another server, migration of network environment controls
@@ -23 +23 @@
         accounts.
         </p><p>
-        <a class="indexterm" name="id2601398"></a>
+        <a class="indexterm" name="id369049"></a>
         It should be pointed out now that it is possible to migrate some systems from
         a Windows NT4 domain environment to a Samba-3 domain environment. This is certainly
@@ -31 +31 @@
         migration before an environment that is acceptable for immediate use
         is obtained.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2601417"></a>Assignment Tasks</h3></div></div></div><p>
-        <a class="indexterm" name="id2601425"></a>
-        <a class="indexterm" name="id2601432"></a>
-        <a class="indexterm" name="id2601438"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id369064"></a>Assignment Tasks</h3></div></div></div><p>
+        <a class="indexterm" name="id369071"></a>
+        <a class="indexterm" name="id369078"></a>
+        <a class="indexterm" name="id369085"></a>
         You are about to migrate an MS Windows NT4 domain accounts database to
         a Samba-3 server. The Samba-3 server is using a 
@@ -43 +43 @@
         Your objective is to document the process of migrating user and group accounts
         from several NT4 domains into a single Samba-3 LDAP backend database.
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2601472"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2601479"></a>
-        <a class="indexterm" name="id2601486"></a>
-        <a class="indexterm" name="id2601493"></a>
-        <a class="indexterm" name="id2601504"></a>
-        <a class="indexterm" name="id2601516"></a>
-        <a class="indexterm" name="id2601522"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id369115"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id369123"></a>
+        <a class="indexterm" name="id369129"></a>
+        <a class="indexterm" name="id369135"></a>
+        <a class="indexterm" name="id369147"></a>
+        <a class="indexterm" name="id369158"></a>
+        <a class="indexterm" name="id369165"></a>
         The migration process takes a snapshot of information that is stored in the
         Windows NT4 registry-based accounts database. That information resides in
         the Security Account Manager (SAM) portion of the NT4 registry under keys called
         <code class="constant">SAM</code> and <code class="constant">SECURITY</code>.
-        </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
-        <a class="indexterm" name="id2601547"></a>
-        <a class="indexterm" name="id2601554"></a>
+        </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+        <a class="indexterm" name="id369187"></a>
+        <a class="indexterm" name="id369194"></a>
         The Windows NT4 registry keys called <code class="constant">SAM</code> and <code class="constant">SECURITY</code>
         are protected so that you cannot view the contents. If you change the security setting
@@ -62 +62 @@
         do this unless you are willing to render your domain controller inoperative.
         </p></div><p>
-        <a class="indexterm" name="id2601576"></a>
-        <a class="indexterm" name="id2601585"></a>
+        <a class="indexterm" name="id369214"></a>
+        <a class="indexterm" name="id369223"></a>
         Before commencing an NT4 to Samba-3 migration, you should consider what your objectives are.
         While in some cases it is possible simply to migrate an NT4 domain to a single Samba-3 server,
@@ -71 +71 @@
         interact with the network environment.
         </p><p>
-        <a class="indexterm" name="id2601604"></a>
-        <a class="indexterm" name="id2601613"></a>
-        <a class="indexterm" name="id2601620"></a>
+        <a class="indexterm" name="id369237"></a>
+        <a class="indexterm" name="id369246"></a>
+        <a class="indexterm" name="id369253"></a>
         MS Windows NT4 was introduced some time around 1996. Many environments in which NT4 was deployed
         have done little to keep the NT4 server environment up to date with more recent Windows releases, 
@@ -84 +84 @@
         real disruption to users, but rather, with due diligence and care, should make their network experience
         a much happier one.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2601658"></a>Technical Issues</h3></div></div></div><p>
-        <a class="indexterm" name="id2601666"></a>
-        <a class="indexterm" name="id2601672"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id369276"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id369284"></a>
+        <a class="indexterm" name="id369291"></a>
         Migration of an NT4 domain user and group database to Samba-3 involves a certain strategic
         element. Many sites have asked for instructions regarding merging of multiple NT4
@@ -94 +94 @@
         from a Windows NT4 domain to a Samba domain.
         </p><div class="figure"><a name="ch8-migration"></a><p class="title"><b>Figure 9.1. Schematic Explaining the <code class="literal">net rpc vampire</code> Process</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch8-migration.png" width="297" alt="Schematic Explaining the net rpc vampire Process"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2601746"></a>
-        <a class="indexterm" name="id2601752"></a>
+        <a class="indexterm" name="id369358"></a>
+        <a class="indexterm" name="id369365"></a>
         If you want to merge multiple NT4 domain account databases into one Samba domain,
         you must now dump the contents of the first migration and edit it as appropriate. Now clean
@@ -101 +101 @@
         files. You must start each migration with a new database into which you merge your NT4 
         domains.
-        </p><p><a class="indexterm" name="id2601773"></a>
+        </p><p><a class="indexterm" name="id369383"></a>
         At this point, you are ready to perform the second migration, following the same steps as
         for the first. In other words, dump the database, edit it, and then you may merge the
         dump for the first and second migrations.
-        </p><p><a class="indexterm" name="id2601788"></a><a class="indexterm" name="id2601796"></a><a class="indexterm" name="id2601804"></a>
+        </p><p><a class="indexterm" name="id369396"></a><a class="indexterm" name="id369404"></a><a class="indexterm" name="id369412"></a>
         You must be careful. If you choose to migrate to an LDAP backend, your dump file
         now contains the full account information, including the domain SID. The domain SID for each 
@@ -111 +111 @@
         portion of the account SIDs so that all are the same.
         </p><p>
-        <a class="indexterm" name="id2601821"></a>
-        <a class="indexterm" name="id2601828"></a>
-        <a class="indexterm" name="id2601835"></a>
-        <a class="indexterm" name="id2601842"></a>
-        <a class="indexterm" name="id2601849"></a>
-        <a class="indexterm" name="id2601855"></a>
-        <a class="indexterm" name="id2601862"></a>
-        <a class="indexterm" name="id2601869"></a>
-        <a class="indexterm" name="id2601876"></a>
-        <a class="indexterm" name="id2601883"></a>
-        <a class="indexterm" name="id2601890"></a>
-        <a class="indexterm" name="id2601897"></a>
+        <a class="indexterm" name="id369427"></a>
+        <a class="indexterm" name="id369433"></a>
+        <a class="indexterm" name="id369440"></a>
+        <a class="indexterm" name="id369447"></a>
+        <a class="indexterm" name="id369454"></a>
+        <a class="indexterm" name="id369461"></a>
+        <a class="indexterm" name="id369467"></a>
+        <a class="indexterm" name="id369474"></a>
+        <a class="indexterm" name="id369481"></a>
+        <a class="indexterm" name="id369488"></a>
+        <a class="indexterm" name="id369495"></a>
+        <a class="indexterm" name="id369501"></a>
         If you choose to use a tdbsam (<code class="filename">passdb.tdb</code>) backend file, your best choice
         is to use <code class="literal">pdbedit</code> to export the contents of the tdbsam file into an
@@ -132 +132 @@
         may be exported or imported into either a tdbsam (<code class="filename">passdb.tdb</code>) or
         an LDAP backend.
-        </p><div class="figure"><a name="NT4DUM"></a><p class="title"><b>Figure 9.2. View of Accounts in NT4 Domain User Manager</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserMgrNT4.png" width="270" alt="View of Accounts in NT4 Domain User Manager"></div></div></div><br class="figure-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2601981"></a>Political Issues</h3></div></div></div><p>
+        </p><div class="figure"><a name="NT4DUM"></a><p class="title"><b>Figure 9.2. View of Accounts in NT4 Domain User Manager</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserMgrNT4.png" width="270" alt="View of Accounts in NT4 Domain User Manager"></div></div></div><br class="figure-break"></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id369580"></a>Political Issues</h3></div></div></div><p>
         The merging of multiple Windows NT4-style domains into a single LDAP-backend-based Samba-3
         domain may be seen by those who had power over them as a loss of prestige or a loss of
@@ -142 +142 @@
         Samba-3 domain is to promote (sell) the action as one that reduces costs and delivers
         greater network interoperability and manageability.
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2602007"></a>Implementation</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id369600"></a>Implementation</h2></div></div></div><p>
         From feedback on the Samba mailing lists, it seems that most Windows NT4 migrations
         to Samba-3 are being performed using a new server or a new installation of a Linux or UNIX
@@ -161 +161 @@
         </p><p>
         The migration process involves the following steps:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Prepare the target Samba-3 server. This involves configuring Samba-3 for
                 migration to either a tdbsam or an ldapsam backend.
-                </p></li><li><p>
-                <a class="indexterm" name="id2602094"></a>
-                <a class="indexterm" name="id2602100"></a>
-                <a class="indexterm" name="id2602107"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id369676"></a>
+                <a class="indexterm" name="id369682"></a>
+                <a class="indexterm" name="id369688"></a>
                 Clean up the source NT4 PDC. Delete all accounts that need not be migrated.
                 Delete all files that should not be migrated. Where possible, change NT group
@@ -173 +173 @@
                 the target UNIX host insists on POSIX-compliant all lowercase user and group
                 names.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Step through the migration process.
-                </p></li><li><p><a class="indexterm" name="id2602128"></a>
+                </p></li><li class="listitem"><p><a class="indexterm" name="id369706"></a>
                 Remove the NT4 PDC from the network.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Upgrade the Samba-3 server from a BDC to a PDC, and validate all account
                 information.
                 </p></li></ul></div><p>
         It may help to use the above outline as a pre-migration checklist.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2602148"></a>NT4 Migration Using LDAP Backend</h3></div></div></div><p>
+        </p><div class="sect2" title="NT4 Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id369724"></a>NT4 Migration Using LDAP Backend</h3></div></div></div><p>
         In this example, the migration is of an NT4 PDC to a Samba-3 PDC with an LDAP backend. The accounts about
         to be migrated are shown in <a class="link" href="ntmigration.html#NT4DUM" title="Figure 9.2. View of Accounts in NT4 Domain User Manager">&#8220;View of Accounts in NT4 Domain User Manager&#8221;</a>. In this example use is made of the
@@ -195 +195 @@
         that the deletion scripts must be commented out during migration. These should be uncommented
         following successful migration of the NT4 Domain accounts.
-        </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+        </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
         Under absolutely no circumstances should the Samba daemons be started until instructed to do so.
         Delete the <code class="filename">/etc/samba/secrets.tdb</code> file and all Samba control tdb files
         before commencing the following configuration steps.
-        </p></div><div class="table"><a name="ch8-vampire"></a><p class="title"><b>Table 9.1. Samba <code class="filename">smb.conf</code> Scripts Essential to Samba Operation</b></p><div class="table-contents"><table summary="Samba smb.conf Scripts Essential to Samba Operation" border="1"><colgroup><col align="left"><col align="center"><col align="center"></colgroup><thead><tr><th align="left">Entity</th><th align="center">ldapsam Script</th><th align="center">tdbsam Script</th></tr></thead><tbody><tr><td align="left">Add User Accounts</td><td align="center">smbldap-useradd</td><td align="center">useradd</td></tr><tr><td align="left">Delete User Accounts</td><td align="center">smbldap-userdel</td><td align="center">userdel</td></tr><tr><td align="left">Add Group Accounts</td><td align="center">smbldap-groupadd</td><td align="center">groupadd</td></tr><tr><td align="left">Delete Group Accounts</td><td align="center">smbldap-groupdel</td><td align="center">groupdel</td></tr><tr><td align="left">Add User to Group</td><td align="center">smbldap-groupmod</td><td align="center">usermod (See Note)</td></tr><tr><td align="left">Add Machine Accounts</td><td align="center">smbldap-useradd</td><td align="center">useradd</td></tr></tbody></table></div></div><br class="table-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2602350"></a>
-        <a class="indexterm" name="id2602357"></a>
-        <a class="indexterm" name="id2602364"></a>
+        </p></div><div class="table"><a name="ch8-vampire"></a><p class="title"><b>Table 9.1. Samba <code class="filename">smb.conf</code> Scripts Essential to Samba Operation</b></p><div class="table-contents"><table summary="Samba smb.conf Scripts Essential to Samba Operation" border="1"><colgroup><col align="left"><col align="center"><col align="center"></colgroup><thead><tr><th align="left">Entity</th><th align="center">ldapsam Script</th><th align="center">tdbsam Script</th></tr></thead><tbody><tr><td align="left">Add User Accounts</td><td align="center">smbldap-useradd</td><td align="center">useradd</td></tr><tr><td align="left">Delete User Accounts</td><td align="center">smbldap-userdel</td><td align="center">userdel</td></tr><tr><td align="left">Add Group Accounts</td><td align="center">smbldap-groupadd</td><td align="center">groupadd</td></tr><tr><td align="left">Delete Group Accounts</td><td align="center">smbldap-groupdel</td><td align="center">groupdel</td></tr><tr><td align="left">Add User to Group</td><td align="center">smbldap-groupmod</td><td align="center">usermod (See Note)</td></tr><tr><td align="left">Add Machine Accounts</td><td align="center">smbldap-useradd</td><td align="center">useradd</td></tr></tbody></table></div></div><br class="table-break"><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id369914"></a>
+        <a class="indexterm" name="id369921"></a>
+        <a class="indexterm" name="id369928"></a>
         The UNIX/Linux <code class="literal">usermod</code> utility does not permit simple user addition to (or deletion
         of users from) groups. This is a feature provided by the smbldap-tools scripts. If you want this
@@ -209 +209 @@
         The <code class="literal">groupmem</code> utility was contributed to the shadow package but has not surfaced
         in the formal commands provided by Linux distributions (March 2004).
-        </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2602401"></a>
+        </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id369961"></a>
         The <code class="literal">tdbdump</code> utility is a utility that you can build from the Samba source-code tree. Not all Linux binary distributions include this tool. If it is missing from your
         Linux distribution, you will need to build this yourself or else forgo its use.
         </p></div><p>
-        <a class="indexterm" name="id2602421"></a>
+        <a class="indexterm" name="id369979"></a>
         Before starting the migration, all dead accounts were removed from the NT4 domain using the User Manager for Domains.
-        </p><div class="procedure"><a name="id2602431"></a><p class="title"><b>Procedure 9.1. User Migration Steps</b></p><div class="example"><a name="sbent4smb"></a><p class="title"><b>Example 9.1. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2602491"></a><em class="parameter"><code>workgroup = DAMNATION</code></em></td></tr><tr><td><a class="indexterm" name="id2602503"></a><em class="parameter"><code>netbios name = MERLIN</code></em></td></tr><tr><td><a class="indexterm" name="id2602515"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id2602527"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2602539"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2602550"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2602562"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2602574"></a><em class="parameter"><code>smb ports = 139 445</code></em></td></tr><tr><td><a class="indexterm" name="id2602585"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2602598"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2602610"></a><em class="parameter"><code>#delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2602622"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2602635"></a><em class="parameter"><code>#delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2602647"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/ smbldap-groupmod -m '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2602660"></a><em class="parameter"><code>#delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2602673"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2602686"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2602699"></a><em class="parameter"><code>logon script = scripts\logon.cmd</code></em></td></tr><tr><td><a class="indexterm" name="id2602711"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2602722"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2602734"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2602746"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2602758"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2602769"></a><em class="parameter"><code>#wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2602781"></a><em class="parameter"><code>wins server = 192.168.123.124</code></em></td></tr><tr><td><a class="indexterm" name="id2602793"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id2602805"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2602817"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2602829"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2602841"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2602853"></a><em class="parameter"><code>ldap suffix = dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id2602865"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id2602877"></a><em class="parameter"><code>ldap timeout = 20</code></em></td></tr><tr><td><a class="indexterm" name="id2602888"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2602900"></a><em class="parameter"><code>idmap backend = ldap:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id2602912"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2602924"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2602936"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2602948"></a><em class="parameter"><code>ea support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2602960"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbent4smb2"></a><p class="title"><b>Example 9.2. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2603005"></a><em class="parameter"><code>comment = Application Data</code></em></td></tr><tr><td><a class="indexterm" name="id2603017"></a><em class="parameter"><code>path = /data/home/apps</code></em></td></tr><tr><td><a class="indexterm" name="id2603028"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2603049"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2603061"></a><em class="parameter"><code>path = /home/users/%U/Documents</code></em></td></tr><tr><td><a class="indexterm" name="id2603072"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2603084"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2603096"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2603116"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2603128"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2603140"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2603151"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2603163"></a><em class="parameter"><code>use client driver = No</code></em></td></tr><tr><td><a class="indexterm" name="id2603175"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2603195"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2603207"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2603219"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2603231"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2603251"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2603263"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2603275"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2603286"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2603307"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2603319"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2603331"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2603342"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2603363"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2603375"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbentslapd"></a><p class="title"><b>Example 9.3. NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part A</b></p><div class="example-contents"><pre class="screen">
+        </p><div class="procedure" title="Procedure 9.1. User Migration Steps"><a name="id369988"></a><p class="title"><b>Procedure 9.1. User Migration Steps</b></p><div class="example"><a name="sbent4smb"></a><p class="title"><b>Example 9.1. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id370046"></a><em class="parameter"><code>workgroup = DAMNATION</code></em></td></tr><tr><td><a class="indexterm" name="id370057"></a><em class="parameter"><code>netbios name = MERLIN</code></em></td></tr><tr><td><a class="indexterm" name="id370068"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id370080"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id370092"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id370103"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id370115"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id370126"></a><em class="parameter"><code>smb ports = 139 445</code></em></td></tr><tr><td><a class="indexterm" name="id370138"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id370149"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370161"></a><em class="parameter"><code>#delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370173"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370185"></a><em class="parameter"><code>#delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370197"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/ smbldap-groupmod -m '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370209"></a><em class="parameter"><code>#delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370221"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370233"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370245"></a><em class="parameter"><code>logon script = scripts\logon.cmd</code></em></td></tr><tr><td><a class="indexterm" name="id370257"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id370268"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id370280"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id370291"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370303"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id370314"></a><em class="parameter"><code>#wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370326"></a><em class="parameter"><code>wins server = 192.168.123.124</code></em></td></tr><tr><td><a class="indexterm" name="id370337"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id370349"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id370360"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id370372"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id370384"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370395"></a><em class="parameter"><code>ldap suffix = dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id370407"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id370418"></a><em class="parameter"><code>ldap timeout = 20</code></em></td></tr><tr><td><a class="indexterm" name="id370430"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id370441"></a><em class="parameter"><code>idmap backend = ldap:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id370453"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id370464"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id370476"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370487"></a><em class="parameter"><code>ea support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370499"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbent4smb2"></a><p class="title"><b>Example 9.2. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id370543"></a><em class="parameter"><code>comment = Application Data</code></em></td></tr><tr><td><a class="indexterm" name="id370555"></a><em class="parameter"><code>path = /data/home/apps</code></em></td></tr><tr><td><a class="indexterm" name="id370566"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id370587"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id370598"></a><em class="parameter"><code>path = /home/users/%U/Documents</code></em></td></tr><tr><td><a class="indexterm" name="id370610"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id370622"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id370633"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id370653"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id370665"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id370676"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370688"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370699"></a><em class="parameter"><code>use client driver = No</code></em></td></tr><tr><td><a class="indexterm" name="id370711"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id370731"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id370743"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id370754"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370766"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id370786"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id370798"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id370809"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id370821"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id370841"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id370853"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id370864"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id370876"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id370896"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id370908"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbentslapd"></a><p class="title"><b>Example 9.3. NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part A</b></p><div class="example-contents"><pre class="screen">
 include         /etc/openldap/schema/core.schema
 include         /etc/openldap/schema/cosine.schema
@@ -331 +331 @@
 #passwd_compat: ldap       #Not needed.
 #group_compat:  ldap      #Not needed.
-</pre></div></div><br class="example-break"><ol type="1"><li><p>
+</pre></div></div><br class="example-break"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure the Samba <code class="filename">smb.conf</code> file to create a BDC. An example configuration is
                 given in <a class="link" href="ntmigration.html#sbent4smb" title="Example 9.1. NT4 Migration Samba-3 Server smb.conf Part: A">&#8220;NT4 Migration Samba-3 Server smb.conf  Part: A&#8221;</a>.
                 The delete scripts are commented out so that during the process of migration
                 no account information can be deleted.
-                </p></li><li><p>
-                <a class="indexterm" name="id2603393"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id370926"></a>
                 Configure OpenLDAP in preparation for the migration. An example
                 <code class="filename">sladp.conf</code> file is shown in <a class="link" href="ntmigration.html#sbentslapd" title="Example 9.3. NT4 Migration LDAP Server Configuration File: /etc/openldap/slapd.conf Part A">&#8220;NT4 Migration LDAP Server Configuration File: /etc/openldap/slapd.conf  Part A&#8221;</a>.
                 The <code class="constant">rootpw</code> value is an encrypted password string that can
                 be obtained by executing the <code class="literal">slappasswd</code> command.
-                </p></li><li><p>
-                <a class="indexterm" name="id2603507"></a>
-                <a class="indexterm" name="id2603514"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id371025"></a>
+                <a class="indexterm" name="id371032"></a>
                 Install the PADL <code class="literal">nss_ldap</code> tool set, then configure the <code class="filename">/etc/ldap.conf</code>
                 as shown in <a class="link" href="ntmigration.html#sbrntldapconf" title="Example 9.5. NT4 Migration NSS LDAP File: /etc/ldap.conf">&#8220;NT4 Migration NSS LDAP File: /etc/ldap.conf&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2603574"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id371087"></a>
                 Edit the <code class="filename">/etc/nsswitch.conf</code> file so it has the entries shown
                 in <a class="link" href="ntmigration.html#sbentnss" title="Example 9.6. NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:1)">&#8220;NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:1)&#8221;</a>. Note that the LDAP entries have been commented out.
@@ -358 +358 @@
                 out, it is possible to avoid this gridlock situation and thus the overall
                 installation and configuration will progress more smoothly.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Validate the the target NT4 PDC name is being correctly resolved to its IP address by
                 executing the following:
@@ -374 +374 @@
                 Do not proceed to the next step if this step fails. It is imperative that the name of the PDC
                 can be resolved to its IP address. If this is broken, fix it.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Pull the domain SID from the NT4 domain that is being migrated as follows:
 </p><pre class="screen">
@@ -392 +392 @@
 <code class="prompt">root# </code> net setlocalsid S-1-5-21-1385457007-882775198-1210191635
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2603744"></a>
-                <a class="indexterm" name="id2603750"></a>
-                <a class="indexterm" name="id2603757"></a>
-                <a class="indexterm" name="id2603764"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id371235"></a>
+                <a class="indexterm" name="id371242"></a>
+                <a class="indexterm" name="id371249"></a>
+                <a class="indexterm" name="id371256"></a>
                 Install the Idealx <code class="literal">smbldap-tools</code> software package, following
                 the instructions given in <a class="link" href="happy.html#sbeidealx" title="Install and Configure Idealx smbldap-tools Scripts">&#8220;Install and Configure Idealx smbldap-tools Scripts&#8221;</a>. The resulting perl scripts
@@ -490 +490 @@
   /etc/smbldap-tools/smbldap_bind.conf done.
 </pre><p>
-                <a class="indexterm" name="id2603914"></a>
-                <a class="indexterm" name="id2603921"></a>
-                <a class="indexterm" name="id2603928"></a>
-                <a class="indexterm" name="id2603935"></a>
+                <a class="indexterm" name="id371351"></a>
+                <a class="indexterm" name="id371358"></a>
+                <a class="indexterm" name="id371365"></a>
+                <a class="indexterm" name="id371371"></a>
                 Note that the NT4 domain SID that was previously obtained was entered above. Also,
                 the sambaUnixIdPooldn object was specified as sambaDomainName=DAMNATION. This is
@@ -502 +502 @@
                 are being upgraded to version 0.9.1 it is appropriate to update this to the new location
                 only if the directory information is also relocated.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Start the LDAP server using the system interface script. On Novell SLES9
                 this is done as shown here:
@@ -508 +508 @@
 <code class="prompt">root# </code> rcldap start
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Edit the <code class="filename">/etc/nsswitch.conf</code> file so it has the entries shown in
                 <a class="link" href="ntmigration.html#sbentnss2" title="Example 9.7. NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:2)">&#8220;NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:2)&#8221;</a>. Note that the LDAP entries have now been uncommented.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 The LDAP management password must be installed into the <code class="filename">secrets.tdb</code>
                 file as follows:
@@ -519 +519 @@
             "cn=Manager,dc=terpstra-world,dc=org" in secrets.tdb
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 Populate the LDAP directory as shown here:
 </p><pre class="screen">
@@ -545 +545 @@
                 The script tries to add the ou=People container twice, hence the error message.
                 This is expected behavior.
-                </p></li><li><p>
-                <a class="indexterm" name="id2604099"></a>
+                </p></li><li class="step" title="Step 12"><p>
+                <a class="indexterm" name="id371510"></a>
                 Restart the LDAP server following initialization of the LDAP directory. Execute the
                 system control script provided on your system. The following steps can be used on
@@ -554 +554 @@
 <code class="prompt">root# </code> chkconfig ldap on
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 13"><p>
                 Verify that the new user accounts that have been added to the LDAP directory can be
                 resolved as follows:
@@ -585 +585 @@
 Replicators:x:552:
 </pre><p>
-                In both cases the LDAP accounts follow the &#8220;<span class="quote">+::0:</span>&#8221; entry.
-                </p></li><li><p>
+                In both cases the LDAP accounts follow the <span class="quote">&#8220;<span class="quote">+::0:</span>&#8221;</span> entry.
+                </p></li><li class="step" title="Step 14"><p>
                 Now it is time to join the Samba BDC to the target NT4 domain that is being
                 migrated to Samba-3 by executing the following:
@@ -595 +595 @@
 Joined domain DAMNATION.
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 15"><p>
                 Set the new domain administrator (root) password for both UNIX and Windows as shown here:
 </p><pre class="screen">
@@ -605 +605 @@
                 Note: During account migration, the Windows Administrator account will not be migrated
                 to the Samba server.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 16"><p>
                 Now validate that these accounts can be resolved using Samba's tools as
                 shown here for user accounts:
@@ -633 +633 @@
 </pre><p>
                 These are the expected results for a correctly configured system.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 17"><p>
                 Commence migration as shown here:
 </p><pre class="screen">
@@ -641 +641 @@
                 Check the vampire log to confirm that only expected errors have been
                 reported. See <a class="link" href="ntmigration.html#sbevam1" title="Migration Log Validation">&#8220;Migration Log Validation&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 18"><p>
                 The migration of user accounts can be quickly validated as follows:
 </p><pre class="screen">
@@ -676 +676 @@
 merlin$:27:820C50523F368C54AB9D85AE603AD09D:...
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 19"><p>
                 The mapping of UNIX and Windows groups can be validated as show here:
 </p><pre class="screen">
@@ -708 +708 @@
                 It is of vital importance that the domain SID portions of all group
                 accounts are identical.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 20"><p>
                 The final responsibility in the migration process is to create identical
                 shares and printing resources on the new Samba-3 server, copy all data
                 across, set up privileges, and set share and file/directory access controls.
-                </p></li><li><p>
-                <a class="indexterm" name="id2604414"></a>
-                <a class="indexterm" name="id2604420"></a>
+                </p></li><li class="step" title="Step 21"><p>
+                <a class="indexterm" name="id371765"></a>
+                <a class="indexterm" name="id371772"></a>
                 Edit the <code class="filename">smb.conf</code> file to  reset the parameter 
                 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = Yes</a> so that
@@ -737 +737 @@
 Press enter to see a dump of your service definitions
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 22"><p>
                 Now shut down the old NT4 PDC. Only when the old NT4 PDC and all
                 NT4 BDCs have been shut down can the Samba-3 PDC be started.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 23"><p>
                 All workstations should function as they did with the old NT4 PDC. All
                 interdomain trust accounts should remain in place and fully functional.
                 All machine accounts and user logon accounts should also function correctly.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 24"><p>
                 The configuration of Samba-3 BDC servers can be accomplished now or at any
                 convenient time in the future. Please refer to the carefully detailed process
                 for doing so is outlined in <a class="link" href="happy.html#sbehap-bldg1" title="Samba-3 BDC Configuration">&#8220;Samba-3 BDC Configuration&#8221;</a>.
-                </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbevam1"></a>Migration Log Validation</h4></div></div></div><p>
+                </p></li></ol></div><div class="sect3" title="Migration Log Validation"><div class="titlepage"><div><div><h4 class="title"><a name="sbevam1"></a>Migration Log Validation</h4></div></div></div><p>
         The following <code class="filename">vampire.log</code> file is typical of a valid migration.
 </p><pre class="screen">
@@ -842 +842 @@
 Creating unix group: 'Users'
 </pre><p>
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2604606"></a>NT4 Migration Using tdbsam Backend</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="NT4 Migration Using tdbsam Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id371918"></a>NT4 Migration Using tdbsam Backend</h3></div></div></div><p>
         In this example, we change the domain name of the NT4 server from
         <code class="constant">DRUGPREP</code> to <code class="constant">MEGANET</code> prior to the use
@@ -850 +850 @@
         databases. These entries must therefore be present, and correct options specified,
         in your <code class="filename">smb.conf</code> file, or else the migration does not work as it should.
-        </p><div class="procedure"><a name="id2604653"></a><p class="title"><b>Procedure 9.2. Migration Steps Using tdbsam</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 9.2. Migration Steps Using tdbsam"><a name="id371961"></a><p class="title"><b>Procedure 9.2. Migration Steps Using tdbsam</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Prepare a Samba-3 server precisely per the instructions shown in <a class="link" href="Big500users.html" title="Chapter 4. The 500-User Office">&#8220;The 500-User Office&#8221;</a>.
                 Set the workgroup name to <code class="constant">MEGANET</code>.
-                </p></li><li><p><a class="indexterm" name="id2604681"></a><a class="indexterm" name="id2604689"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id371988"></a><a class="indexterm" name="id371996"></a>
                 Edit the <code class="filename">smb.conf</code> file to temporarily change the parameter 
                 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = No</a> so
                 the Samba server functions as a BDC for the purpose of migration.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Start Samba as you have done previously.
-                </p></li><li><p><a class="indexterm" name="id2604732"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id372035"></a>
                 Join the NT4 Domain as a BDC, as shown here:
 </p><pre class="screen">
@@ -865 +865 @@
 Joined domain MEGANET.
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2604766"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id372068"></a>
                 You may vampire the accounts from the NT4 PDC by executing the command, as shown here:
 </p><pre class="screen">
@@ -905 +905 @@
 SAM_DELTA_DOMAIN_INFO not handled
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2604820"></a>
+                </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id372111"></a>
                 At this point, we can validate our migration. Let's look at the accounts
                 in the form in which they are seen in a smbpasswd file. This achieves that:
@@ -937 +937 @@
      CF271B744F7A55AFDA277FF88D80C527:[UX         ]:LCT-3E8B4270:
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2604897"></a>
+                </p></li><li class="step" title="Step 7"><p><a class="indexterm" name="id372163"></a>
                 An expanded view of a user account entry shows more of what was
                 obtained from the NT4 PDC:
@@ -963 +963 @@
 Password must change: Mon, 18 Jan 2038 20:14:07 GMT
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2604932"></a>
+                </p></li><li class="step" title="Step 8"><p><a class="indexterm" name="id372190"></a>
                 The following command lists the long names of the groups that have been
                 imported (vampired) from the NT4 PDC:
@@ -980 +980 @@
 </pre><p>
                 Everything looks well and in order.
-                </p></li><li><p><a class="indexterm" name="id2604972"></a><a class="indexterm" name="id2604980"></a>
+                </p></li><li class="step" title="Step 9"><p><a class="indexterm" name="id372225"></a><a class="indexterm" name="id372233"></a>
                 Edit the <code class="filename">smb.conf</code> file to  reset the parameter 
                 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = Yes</a> so
                 the Samba server functions as a PDC for the purpose of migration.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2605013"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id372263"></a>Key Points Learned</h3></div></div></div><p>
                 Migration of an NT4 PDC database to a Samba-3 PDC is possible.
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         An LDAP backend is a suitable vehicle for NT4 migrations.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         A tdbsam backend can be used to perform a migration.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Multiple NT4 domains can be merged into a single Samba-3
                         domain.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The net Samba-3 domain most likely requires some
                         administration and updating before going live.
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2605051"></a>Questions and Answers</h2></div></div></div><p>
-        </p><div class="qandaset"><dl><dt> <a href="ntmigration.html#id2605066">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id372297"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id372306"></a><dl><dt> <a href="ntmigration.html#id372313">
                 Why must I start each migration with a clean database?
-                </a></dt><dt> <a href="ntmigration.html#id2605107">
+                </a></dt><dt> <a href="ntmigration.html#id372349">
                 Is it possible to set my domain SID to anything I like?
-                </a></dt><dt> <a href="ntmigration.html#id2605164">
+                </a></dt><dt> <a href="ntmigration.html#id372401">
                 When using a tdbsam passdb backend, why must I have all domain user and group accounts
                 in /etc/passwd and /etc/group?
-                </a></dt><dt> <a href="ntmigration.html#id2605344">
+                </a></dt><dt> <a href="ntmigration.html#id372571">
                 Why did you validate connectivity before attempting migration?
-                </a></dt><dt> <a href="ntmigration.html#id2605389">
+                </a></dt><dt> <a href="ntmigration.html#id372613">
                 How would you merge 10 tdbsam-based domains into an LDAP database?
-                </a></dt><dt> <a href="ntmigration.html#id2605512">
+                </a></dt><dt> <a href="ntmigration.html#id372728">
                 I want to change my domain name after I migrate all accounts from an NT4 domain to a 
                 Samba-3 domain. Does it make any sense to migrate the machine accounts in that case?
-                </a></dt><dt> <a href="ntmigration.html#id2605588">
+                </a></dt><dt> <a href="ntmigration.html#id372800">
                 After merging multiple NT4 domains into a Samba-3 domain, I lost all multiple group mappings. Why?
-                </a></dt><dt> <a href="ntmigration.html#id2605652">
+                </a></dt><dt> <a href="ntmigration.html#id372858">
                 How can I reset group membership after loading the account information into the LDAP database?
-                </a></dt><dt> <a href="ntmigration.html#id2605687">
+                </a></dt><dt> <a href="ntmigration.html#id372890">
                 What are the limits or constraints that apply to group names?
-                </a></dt><dt> <a href="ntmigration.html#id2605791">
+                </a></dt><dt> <a href="ntmigration.html#id372987">
                 My Windows NT4 PDC has 323,000 user accounts. How long will it take to migrate them to a Samba-3
                 LDAP backend system using the vampire process?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2605066"></a><a name="id2605069"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605072"></a>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id372313"></a><a name="id372315"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372318"></a>
                 Why must I start each migration with a clean database?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605087"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372333"></a>
                 This is a recommendation that permits the data from each NT4 domain to
                 be kept separate until you are ready to merge them. Also, if you do not start with a clean database,
@@ -1029 +1029 @@
                 without undue errors and then to handle the merging of vampired data under
                 proper supervision.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605107"></a><a name="id2605109"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605112"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372349"></a><a name="id372351"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372354"></a>
                 Is it possible to set my domain SID to anything I like?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605128"></a><a class="indexterm" name="id2605136"></a><a class="indexterm" name="id2605143"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372369"></a><a class="indexterm" name="id372377"></a><a class="indexterm" name="id372384"></a>
                 Yes, so long as the SID you create has the same structure as an autogenerated SID.
                 The typical SID looks like this: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX, where
@@ -1038 +1038 @@
                 You may want to set the SID to one that is already in use somewhere on your network,
                 but that is a little different from straight out creating your own domain SID.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605164"></a><a name="id2605166"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605169"></a><a class="indexterm" name="id2605177"></a><a class="indexterm" name="id2605184"></a><a class="indexterm" name="id2605192"></a><a class="indexterm" name="id2605200"></a><a class="indexterm" name="id2605212"></a><a class="indexterm" name="id2605223"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372401"></a><a name="id372403"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372406"></a><a class="indexterm" name="id372414"></a><a class="indexterm" name="id372422"></a><a class="indexterm" name="id372430"></a><a class="indexterm" name="id372438"></a><a class="indexterm" name="id372449"></a><a class="indexterm" name="id372460"></a>
                 When using a tdbsam passdb backend, why must I have all domain user and group accounts
                 in <code class="filename">/etc/passwd</code> and <code class="filename">/etc/group</code>?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605254"></a><a class="indexterm" name="id2605262"></a><a class="indexterm" name="id2605270"></a><a class="indexterm" name="id2605277"></a><a class="indexterm" name="id2605285"></a><a class="indexterm" name="id2605293"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372491"></a><a class="indexterm" name="id372499"></a><a class="indexterm" name="id372506"></a><a class="indexterm" name="id372514"></a><a class="indexterm" name="id372522"></a><a class="indexterm" name="id372530"></a>
                 Samba-3 must be able to tie all user and group account SIDs to a UNIX UID or GID. Samba
                 does not fabricate the UNIX IDs from thin air, but rather requires them to be located
@@ -1056 +1056 @@
                 In short then, all UNIX and Windows networking accounts, both in tdbsam as well as in 
                 LDAP, require UIDs/GIDs.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605344"></a><a name="id2605346"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605349"></a><a class="indexterm" name="id2605357"></a><a class="indexterm" name="id2605365"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372571"></a><a name="id372573"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372576"></a><a class="indexterm" name="id372584"></a><a class="indexterm" name="id372592"></a>
                 Why did you validate connectivity before attempting migration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1062 +1062 @@
                 potential problems that may otherwise affect or impede account migration. I am always
                 mindful of the 4 P's of migration: Planning Prevents Poor Performance.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605389"></a><a name="id2605392"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372613"></a><a name="id372615"></a></td><td align="left" valign="top"><p>
                 How would you merge 10 tdbsam-based domains into an LDAP database?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605402"></a><a class="indexterm" name="id2605410"></a><a class="indexterm" name="id2605418"></a><a class="indexterm" name="id2605426"></a><a class="indexterm" name="id2605434"></a><a class="indexterm" name="id2605442"></a><a class="indexterm" name="id2605449"></a><a class="indexterm" name="id2605457"></a><a class="indexterm" name="id2605465"></a><a class="indexterm" name="id2605473"></a><a class="indexterm" name="id2605481"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372626"></a><a class="indexterm" name="id372634"></a><a class="indexterm" name="id372642"></a><a class="indexterm" name="id372649"></a><a class="indexterm" name="id372657"></a><a class="indexterm" name="id372665"></a><a class="indexterm" name="id372672"></a><a class="indexterm" name="id372680"></a><a class="indexterm" name="id372688"></a><a class="indexterm" name="id372696"></a><a class="indexterm" name="id372704"></a>
                 If you have 10 tdbsam Samba domains, there is considerable risk that there are a number of
                 accounts that have the same UNIX identifier (UID/GID). This means that you almost 
@@ -1074 +1074 @@
                 you have migrated before handing over access to a user. After all, too many users with a bad
                 migration experience may threaten your career.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605512"></a><a name="id2605514"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605517"></a><a class="indexterm" name="id2605525"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372728"></a><a name="id372731"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372734"></a><a class="indexterm" name="id372742"></a>
                 I want to change my domain name after I migrate all accounts from an NT4 domain to a 
                 Samba-3 domain. Does it make any sense to migrate the machine accounts in that case?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605546"></a><a class="indexterm" name="id2605554"></a><a class="indexterm" name="id2605562"></a><a class="indexterm" name="id2605570"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372761"></a><a class="indexterm" name="id372769"></a><a class="indexterm" name="id372777"></a><a class="indexterm" name="id372785"></a>
                 I would recommend not to migrate the machine account. The machine accounts should still work, but there are registry entries
                 on each Windows NT4 and upward client that have a tattoo of the old domain name. If you
                 unjoin the domain and then rejoin the newly renamed Samba-3 domain, you can be certain to avoid
                 this tattooing effect.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605588"></a><a name="id2605590"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605593"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372800"></a><a name="id372802"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372805"></a>
                 After merging multiple NT4 domains into a Samba-3 domain, I lost all multiple group mappings. Why?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605609"></a><a class="indexterm" name="id2605617"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372820"></a><a class="indexterm" name="id372828"></a>
                 Samba-3 currently does not implement multiple group membership internally. If you use the Windows 
                 NT4 Domain User Manager to manage accounts and you have an LDAP backend, the multiple group
@@ -1093 +1093 @@
                 and <code class="filename">/etc/group</code> information also. That is where the multiple group information
                 is most closely at your fingertips.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605652"></a><a name="id2605655"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372858"></a><a name="id372860"></a></td><td align="left" valign="top"><p>
                 How can I reset group membership after loading the account information into the LDAP database?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605666"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372871"></a>
                 You can use the NT4 Domain User Manager that can be downloaded from the Microsoft Web site. The
                 installation file is called <code class="filename">SRVTOOLS.EXE</code>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605687"></a><a name="id2605689"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605692"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372890"></a><a name="id372892"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372895"></a>
                 What are the limits or constraints that apply to group names?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2605708"></a><a class="indexterm" name="id2605715"></a><a class="indexterm" name="id2605723"></a><a class="indexterm" name="id2605731"></a><a class="indexterm" name="id2605739"></a><a class="indexterm" name="id2605747"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372910"></a><a class="indexterm" name="id372918"></a><a class="indexterm" name="id372926"></a><a class="indexterm" name="id372934"></a><a class="indexterm" name="id372942"></a><a class="indexterm" name="id372950"></a>
                 A Windows 200x group name can be up to 254 characters long, while in Windows NT4 the group
                 name is limited to 20 characters. Most UNIX systems limit this to 32 characters. Windows 
@@ -1112 +1112 @@
                 or user account names. You have to experiment with your system to find what its 
                 peculiarities are.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2605791"></a><a name="id2605794"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2605797"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372987"></a><a name="id372989"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372992"></a>
                 My Windows NT4 PDC has 323,000 user accounts. How long will it take to migrate them to a Samba-3
                 LDAP backend system using the vampire process?
@@ -1121 +1121 @@
                 integer. UNIX/Linux systems that have a 32-bit UID/GID can easily handle this number of accounts. 
                 Please check this carefully before you attempt to effect a migration using the vampire process.
-                </p><p><a class="indexterm" name="id2605834"></a>
+                </p><p><a class="indexterm" name="id373019"></a>
                 Migration speed depends much on the processor speed, the network speed, disk I/O capability, and
                 LDAP update overheads. On a dual processor AMD MP1600+ with 1 GB memory that was mirroring LDAP

trunk/server/docs/htmldocs/Samba3-ByExample/nw4migration.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Migrating NetWare Server to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"><link rel="next" href="RefSection.html" title="Part III. Reference Section"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Migrating NetWare Server to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ntmigration.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="RefSection.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="nw4migration"></a>Chapter 10. Migrating NetWare Server to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="nw4migration.html#id2606026">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606137">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606228">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606305">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606495">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606504">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></div><p>
-        <a class="indexterm" name="id2605872"></a>
-        <a class="indexterm" name="id2605878"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Migrating NetWare Server to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"><link rel="next" href="RefSection.html" title="Part III. Reference Section"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Migrating NetWare Server to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ntmigration.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="RefSection.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 10. Migrating NetWare Server to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="nw4migration"></a>Chapter 10. Migrating NetWare Server to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="nw4migration.html#id373183">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373359">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373431">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373599">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373608">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></div><p>
+        <a class="indexterm" name="id373052"></a>
+        <a class="indexterm" name="id373059"></a>
         Novell is a company any seasoned IT manager has to admire. It has become increasingly
         Linux-friendly and is emerging out of a deep regression that almost saw the company
@@ -9 +9 @@
         Meanwhile, there can be no denying that Novell is a Linux company.
         </p><p>
-        <a class="indexterm" name="id2605896"></a>
-        <a class="indexterm" name="id2605903"></a>
-        <a class="indexterm" name="id2605910"></a>
-        <a class="indexterm" name="id2605917"></a>
+        <a class="indexterm" name="id373073"></a>
+        <a class="indexterm" name="id373080"></a>
+        <a class="indexterm" name="id373087"></a>
+        <a class="indexterm" name="id373093"></a>
         Whatever flavor of Linux is preferred in your environment, whether Red Hat, Debian,
         Gentoo, Mandrake, or SUSE (Novell), the information in this chapter should be read with
@@ -18 +18 @@
         in this chapter should provide something of value.
         </p><p>
-        <a class="indexterm" name="id2605932"></a>
+        <a class="indexterm" name="id373106"></a>
         Contributions to this chapter were made by Misty Stanley-Jones, a UNIX administrator of many
         years who surfaced on the Samba mailing list with a barrage of questions and who
         regularly helps other administrators to solve thorny Samba migration questions.
         </p><p>
-        <a class="indexterm" name="id2605946"></a>
-        <a class="indexterm" name="id2605953"></a>
-        <a class="indexterm" name="id2605960"></a>
-        <a class="indexterm" name="id2605966"></a>
+        <a class="indexterm" name="id373118"></a>
+        <a class="indexterm" name="id373125"></a>
+        <a class="indexterm" name="id373132"></a>
+        <a class="indexterm" name="id373139"></a>
         One wonders how many NetWare servers remain in active service. Many are being migrated
         to Samba on Linux. Red Hat Linux, SUSE Linux 9.x, and SUSE Linux Enterprise Server 9 are
@@ -50 +50 @@
         original documentation contributed by Misty, the Courier-IMAP package had been built
         directly from the original source tarball.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606026"></a>Introduction</h2></div></div></div><p>
-        <a class="indexterm" name="id2606034"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id373183"></a>Introduction</h2></div></div></div><p>
+        <a class="indexterm" name="id373190"></a>
         Misty Stanley-Jones was recruited by Abmas to administer a network that had
         not received much attention for some years and was much in need of a makeover.
@@ -58 +58 @@
         </p><p>
         A site survey turned up the following details for the old NetWare server:
-        </p><table class="simplelist" border="0" summary="Simple list"><tr><td>200 MHz MMX processor</td></tr><tr><td>512K RAM</td></tr><tr><td>24 GB disk space in RAID1</td></tr><tr><td>Novell 4.11 patched to service pack 7</td></tr><tr><td>60+ users</td></tr><tr><td>7 network-attached printers</td></tr></table><p>
+        </p><table border="0" summary="Simple list" class="simplelist"><tr><td>200 MHz MMX processor</td></tr><tr><td>512K RAM</td></tr><tr><td>24 GB disk space in RAID1</td></tr><tr><td>Novell 4.11 patched to service pack 7</td></tr><tr><td>60+ users</td></tr><tr><td>7 network-attached printers</td></tr></table><p>
         The company had outgrown this server several years before and was dealing with
         severe growing pains. Some of the problems experienced were:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Very slow performance</p></li><li><p>Available storage hovering around the 5% range</p><div class="itemizedlist"><ul type="circle"><li><p>Extremely slow print spooling.</p></li><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Very slow performance</p></li><li class="listitem"><p>Available storage hovering around the 5% range</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>Extremely slow print spooling.</p></li><li class="listitem"><p>
                                         Users storing information on their local hard
                                         drives, causing backup integrity problems
                                         </p></li></ul></div></li></ul></div><p>
-        <a class="indexterm" name="id2606123"></a>
+        <a class="indexterm" name="id373272"></a>
         At one point disk space had filled up to 100 percent, causing the payroll database
         to become corrupt. This caused the accounting department to be down for over
@@ -71 +71 @@
         server was created with very poor security and design considerations from
         a discarded desktop PC.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2606137"></a>Assignment Tasks</h3></div></div></div><p>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id373282"></a>Assignment Tasks</h3></div></div></div><p>
         Misty has provided this summary of her migration experience in the hope
         that it will help someone to avoid the challenges she faced. Perhaps her
@@ -90 +90 @@
         the overall information more useful to you.
         </p><p>
-        <a class="indexterm" name="id2606174"></a>
+        <a class="indexterm" name="id373311"></a>
         After management reviewed a cost-benefit report as well as an estimated
         time-to-completion, approval was given proceed with the solution proposed.
         The server was built from purchased components. The total project cost
         was $3,000. A brief description of the configuration follows:
-        </p><table class="simplelist" border="0" summary="Simple list"><tr><td>
+        </p><table border="0" summary="Simple list" class="simplelist"><tr><td>
                         3.0 GHz P4 Processor
                 </td></tr><tr><td>
@@ -112 +112 @@
         The new system has operated for 6 months without problems. Over the past months
         much attention has been focused on cleaning up desktops and user profiles.
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606228"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2606236"></a>
-        <a class="indexterm" name="id2606243"></a>
-        <a class="indexterm" name="id2606250"></a>
-        <a class="indexterm" name="id2606257"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id373359"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id373367"></a>
+        <a class="indexterm" name="id373374"></a>
+        <a class="indexterm" name="id373381"></a>
+        <a class="indexterm" name="id373388"></a>
         A decision to use LDAP was made even though I knew nothing about LDAP except that
-        I had been reading the book &#8220;<span class="quote">LDAP System Administration,</span>&#8221; by Gerald Carter.
+        I had been reading the book <span class="quote">&#8220;<span class="quote">LDAP System Administration,</span>&#8221;</span> by Gerald Carter.
         LDAP seemed to provide some of the functionality of Novell's e-Directory Services
         and would provide centralized authentication and identity management.
         </p><p>
-        <a class="indexterm" name="id2606276"></a>
-        <a class="indexterm" name="id2606282"></a>
-        <a class="indexterm" name="id2606289"></a>
+        <a class="indexterm" name="id373404"></a>
+        <a class="indexterm" name="id373411"></a>
+        <a class="indexterm" name="id373417"></a>
         Building the LDAP database took a while and a lot of trial and error. Following
-        the guidance I obtained from &#8220;<span class="quote">LDAP System 
-        Administration,</span>&#8221; I installed OpenLDAP (from RPM; later I compiled
+        the guidance I obtained from <span class="quote">&#8220;<span class="quote">LDAP System 
+        Administration,</span>&#8221;</span> I installed OpenLDAP (from RPM; later I compiled
         a more current version from source) and built my initial LDAP tree.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2606305"></a>Technical Issues</h3></div></div></div><p>
-        <a class="indexterm" name="id2606313"></a>
-        <a class="indexterm" name="id2606319"></a>
-        <a class="indexterm" name="id2606326"></a>
-        <a class="indexterm" name="id2606333"></a>
-        <a class="indexterm" name="id2606340"></a>
-        <a class="indexterm" name="id2606347"></a>
-        <a class="indexterm" name="id2606354"></a>
-        <a class="indexterm" name="id2606360"></a>
-        <a class="indexterm" name="id2606367"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id373431"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id373439"></a>
+        <a class="indexterm" name="id373446"></a>
+        <a class="indexterm" name="id373452"></a>
+        <a class="indexterm" name="id373459"></a>
+        <a class="indexterm" name="id373466"></a>
+        <a class="indexterm" name="id373473"></a>
+        <a class="indexterm" name="id373480"></a>
+        <a class="indexterm" name="id373486"></a>
+        <a class="indexterm" name="id373493"></a>
         The first challenge was to create a company white pages, followed by manually
         entering everything from the printed company directory. This used only the inetOrgPerson
@@ -147 +147 @@
         and SMTP.
         </p><p>
-        Because a decision was made to use Courier-IMAP the schema &#8220;<span class="quote">authldap.schema</span>&#8221;
+        Because a decision was made to use Courier-IMAP the schema <span class="quote">&#8220;<span class="quote">authldap.schema</span>&#8221;</span>
         from the Courier-IMAP source, tarball is necessary to resolve Courier-specific LDAP directory
         needs. Where the Courier-IMAP file provided by SUSE is used, this file is named
@@ -184 +184 @@
   echo "userPassword: $userPassword"
 done
-</pre></div></div><br class="example-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+</pre></div></div><br class="example-break"><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         
         The PADL MigrationTools are recommended for migration of the UNIX account information into
@@ -190 +190 @@
         aliases, hosts, netgroups, networks, protocols, PRCs, and services from the existing ASCII text
         files (or from a name service such as NIS). This too set can be obtained from the <a class="ulink" href="http://www.padl.com" target="_top">PADL Web site</a>.
-        </p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606495"></a>Implementation</h2></div></div></div><p>
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2606504"></a>NetWare Migration Using LDAP Backend</h3></div></div></div><p>
+        </p></div></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id373599"></a>Implementation</h2></div></div></div><p>
+        </p><div class="sect2" title="NetWare Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id373608"></a>NetWare Migration Using LDAP Backend</h3></div></div></div><p>
         The following software must be installed on the SUSE Linux Enterprise Server to perform
         this migration:
-        </p><table class="simplelist" border="0" summary="Simple list"><tr><td>courier-imap</td></tr><tr><td>courier-imap-ldap</td></tr><tr><td>nss_ldap</td></tr><tr><td>openldap2-client</td></tr><tr><td>openldap2-devel (only for Samba compilation)</td></tr><tr><td>openldap2</td></tr><tr><td>pam_ldap</td></tr><tr><td>samba-3.0.20 or later</td></tr><tr><td>samba-client-3.0.20 or later</td></tr><tr><td>samba-winbind-3.0.20 or later</td></tr><tr><td>smbldap-tools Version 0.9.1</td></tr></table><p>
+        </p><table border="0" summary="Simple list" class="simplelist"><tr><td>courier-imap</td></tr><tr><td>courier-imap-ldap</td></tr><tr><td>nss_ldap</td></tr><tr><td>openldap2-client</td></tr><tr><td>openldap2-devel (only for Samba compilation)</td></tr><tr><td>openldap2</td></tr><tr><td>pam_ldap</td></tr><tr><td>samba-3.0.20 or later</td></tr><tr><td>samba-client-3.0.20 or later</td></tr><tr><td>samba-winbind-3.0.20 or later</td></tr><tr><td>smbldap-tools Version 0.9.1</td></tr></table><p>
         Each software application must be carefully configured in preparation for migration.
         The configuration files used at Abmas are provided as a guide and should be modified
         to meet needs at your site.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2606568"></a>LDAP Server Configuration</h4></div></div></div><p>
+        </p><div class="sect3" title="LDAP Server Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id373667"></a>LDAP Server Configuration</h4></div></div></div><p>
         The <code class="filename">/etc/openldap/slapd.conf</code> file Misty used is shown here:
 </p><pre class="programlisting">
@@ -363 +363 @@
 </pre><p>
 </p><p>
-        <a class="indexterm" name="id2606766"></a>
+        <a class="indexterm" name="id373778"></a>
         The <code class="filename">/etc/ldap.conf</code> file used is listed in <a class="link" href="nw4migration.html#ch8ldap" title="Example 10.2. NSS LDAP Control File /etc/ldap.conf">&#8220;NSS LDAP Control File  /etc/ldap.conf&#8221;</a>.
         </p><div class="example"><a name="ch8ldap"></a><p class="title"><b>Example 10.2. NSS LDAP Control File  /etc/ldap.conf</b></p><div class="example-contents"><pre class="screen">
@@ -417 +417 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2606851"></a>
-        <a class="indexterm" name="id2606857"></a>
+        <a class="indexterm" name="id373848"></a>
+        <a class="indexterm" name="id373854"></a>
         In my setup, users authenticate via PAM and NSS using LDAP-based accounts.
         The configuration file that controls the behavior of the PAM <code class="literal">pam_unix2</code>
@@ -459 +459 @@
 password: use_ldap
 session: none
-</pre></div></div><br class="example-break"><a class="indexterm" name="id2606922"></a><a class="indexterm" name="id2606929"></a><a class="indexterm" name="id2606936"></a><div class="itemizedlist"><ul type="disc"><li><p>
+</pre></div></div><br class="example-break"><a class="indexterm" name="id373906"></a><a class="indexterm" name="id373913"></a><a class="indexterm" name="id373920"></a><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         If your LDAP database goes down, nobody can authenticate except for root.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         If failover is configured incorrectly, weird behavior can occur. For example, 
                         DNS can fail to resolve.
@@ -469 +469 @@
         </p><p>
         The following services authenticate using LDAP:
-        </p><a class="indexterm" name="id2606972"></a><a class="indexterm" name="id2606979"></a><a class="indexterm" name="id2606986"></a><table class="simplelist" border="0" summary="Simple list"><tr><td>UNIX login/ssh</td></tr><tr><td>Postfix (SMTP)</td></tr><tr><td>Courier-IMAP/IMAPS/POP3/POP3S</td></tr></table><p>
-        <a class="indexterm" name="id2607011"></a>
-        <a class="indexterm" name="id2607018"></a>
+        </p><a class="indexterm" name="id373952"></a><a class="indexterm" name="id373959"></a><a class="indexterm" name="id373966"></a><table border="0" summary="Simple list" class="simplelist"><tr><td>UNIX login/ssh</td></tr><tr><td>Postfix (SMTP)</td></tr><tr><td>Courier-IMAP/IMAPS/POP3/POP3S</td></tr></table><p>
+        <a class="indexterm" name="id373991"></a>
+        <a class="indexterm" name="id373998"></a>
         Companywide white pages can be searched using an LDAP client
         such as the one in the Windows Address Book.
         </p><p>
-        <a class="indexterm" name="id2607030"></a>
-        <a class="indexterm" name="id2607037"></a>
+        <a class="indexterm" name="id374009"></a>
+        <a class="indexterm" name="id374016"></a>
         Having gained a solid understanding of LDAP and a relatively workable LDAP tree
         thus far, it was time to configure Samba. I compiled the latest stable Samba and
@@ -483 +483 @@
         </p><p>
         The Samba <code class="filename">smb.conf</code> file was configured as shown in <a class="link" href="nw4migration.html#ch8smbconf" title="Example 10.4. Samba Configuration File smb.conf Part A">&#8220;Samba Configuration File  smb.conf Part A&#8221;</a>.
-        </p><div class="example"><a name="ch8smbconf"></a><p class="title"><b>Example 10.4. Samba Configuration File  smb.conf Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2607107"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2607119"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2607130"></a><em class="parameter"><code>server string = Corp File Server</code></em></td></tr><tr><td><a class="indexterm" name="id2607142"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id2607155"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607166"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2607178"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2607190"></a><em class="parameter"><code>log file = /data/samba/log/%m.log</code></em></td></tr><tr><td><a class="indexterm" name="id2607202"></a><em class="parameter"><code>name resolve order = wins host bcast</code></em></td></tr><tr><td><a class="indexterm" name="id2607214"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607226"></a><em class="parameter"><code>printcap name = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2607238"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607250"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2607261"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2607274"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2607286"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2607299"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2607312"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2607325"></a><em class="parameter"><code>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"</code></em></td></tr><tr><td><a class="indexterm" name="id2607338"></a><em class="parameter"><code>logon script = logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2607349"></a><em class="parameter"><code>logon path = \\%L\profiles\%U\%a</code></em></td></tr><tr><td><a class="indexterm" name="id2607361"></a><em class="parameter"><code>logon drive = H:</code></em></td></tr><tr><td><a class="indexterm" name="id2607373"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2607385"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607396"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607408"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2607420"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2607432"></a><em class="parameter"><code>ldap idmap suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2607444"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2607456"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607468"></a><em class="parameter"><code>ldap suffix = ou=MEGANET2,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2607480"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id2607492"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2607504"></a><em class="parameter"><code>admin users = root, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607516"></a><em class="parameter"><code>printer admin = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607528"></a><em class="parameter"><code>force printername = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf2"></a><p class="title"><b>Example 10.5. Samba Configuration File  smb.conf Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2607567"></a><em class="parameter"><code>comment = Network logon service</code></em></td></tr><tr><td><a class="indexterm" name="id2607579"></a><em class="parameter"><code>path = /data/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2607591"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607603"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2607623"></a><em class="parameter"><code>comment = Roaming Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2607635"></a><em class="parameter"><code>path = /data/samba/profiles/</code></em></td></tr><tr><td><a class="indexterm" name="id2607647"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607658"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607670"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2607682"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2607702"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2607714"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2607726"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607737"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2607749"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2607761"></a><em class="parameter"><code>hide files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2607772"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[software]</code></em></td></tr><tr><td><a class="indexterm" name="id2607793"></a><em class="parameter"><code>comment = Software for %a computers</code></em></td></tr><tr><td><a class="indexterm" name="id2607805"></a><em class="parameter"><code>path = /data/samba/shares/software/%a</code></em></td></tr><tr><td><a class="indexterm" name="id2607817"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[public]</code></em></td></tr><tr><td><a class="indexterm" name="id2607837"></a><em class="parameter"><code>comment = Public Files</code></em></td></tr><tr><td><a class="indexterm" name="id2607849"></a><em class="parameter"><code>path = /data/samba/shares/public</code></em></td></tr><tr><td><a class="indexterm" name="id2607861"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607873"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[PDF]</code></em></td></tr><tr><td><a class="indexterm" name="id2607893"></a><em class="parameter"><code>comment = Location of documents printed to PDFCreator printer</code></em></td></tr><tr><td><a class="indexterm" name="id2607906"></a><em class="parameter"><code>path = /data/samba/shares/pdf</code></em></td></tr><tr><td><a class="indexterm" name="id2607917"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf3"></a><p class="title"><b>Example 10.6. Samba Configuration File  smb.conf Part C</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[EVERYTHING]</code></em></td></tr><tr><td><a class="indexterm" name="id2607956"></a><em class="parameter"><code>comment = All shares</code></em></td></tr><tr><td><a class="indexterm" name="id2607968"></a><em class="parameter"><code>path = /data/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2607980"></a><em class="parameter"><code>valid users = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607992"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[CDROM]</code></em></td></tr><tr><td><a class="indexterm" name="id2608012"></a><em class="parameter"><code>comment = CD-ROM on MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2608024"></a><em class="parameter"><code>path = /mnt</code></em></td></tr><tr><td><a class="indexterm" name="id2608035"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2608056"></a><em class="parameter"><code>comment = Printer Drivers Share</code></em></td></tr><tr><td><a class="indexterm" name="id2608068"></a><em class="parameter"><code>path = /data/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2608079"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id2608091"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2608112"></a><em class="parameter"><code>comment = All Printers</code></em></td></tr><tr><td><a class="indexterm" name="id2608123"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id2608135"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2608147"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608158"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[acct_hp8500]</code></em></td></tr><tr><td><a class="indexterm" name="id2608179"></a><em class="parameter"><code>comment = "Accounting Color Laser Printer"</code></em></td></tr><tr><td><a class="indexterm" name="id2608191"></a><em class="parameter"><code>path = /data/samba/spool/private</code></em></td></tr><tr><td><a class="indexterm" name="id2608203"></a><em class="parameter"><code>valid users = @acct, @acct_admin, @hr, "@Domain Admins",@Receptionist, dwayne, terri, danae, jerry</code></em></td></tr><tr><td><a class="indexterm" name="id2608216"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2608227"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608239"></a><em class="parameter"><code>copy = printers</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[plotter]</code></em></td></tr><tr><td><a class="indexterm" name="id2608259"></a><em class="parameter"><code>comment = Engineering Plotter</code></em></td></tr><tr><td><a class="indexterm" name="id2608271"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id2608283"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2608295"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608306"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608318"></a><em class="parameter"><code>copy = printers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf4"></a><p class="title"><b>Example 10.7. Samba Configuration File  smb.conf Part D</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[APPS]</code></em></td></tr><tr><td><a class="indexterm" name="id2608357"></a><em class="parameter"><code>path = /data/samba/shares/Apps</code></em></td></tr><tr><td><a class="indexterm" name="id2608369"></a><em class="parameter"><code>force group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2608381"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT]</code></em></td></tr><tr><td><a class="indexterm" name="id2608402"></a><em class="parameter"><code>path = /data/samba/shares/Accounting</code></em></td></tr><tr><td><a class="indexterm" name="id2608414"></a><em class="parameter"><code>valid users = @acct, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2608426"></a><em class="parameter"><code>force group = acct</code></em></td></tr><tr><td><a class="indexterm" name="id2608437"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608449"></a><em class="parameter"><code>create mask = 0660</code></em></td></tr><tr><td><a class="indexterm" name="id2608460"></a><em class="parameter"><code>directory mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT_ADMIN]</code></em></td></tr><tr><td><a class="indexterm" name="id2608481"></a><em class="parameter"><code>path = /data/samba/shares/Acct_Admin</code></em></td></tr><tr><td><a class="indexterm" name="id2608493"></a><em class="parameter"><code>valid users = @"acct_admin"</code></em></td></tr><tr><td><a class="indexterm" name="id2608505"></a><em class="parameter"><code>force group = acct_admin</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[HR_PR]</code></em></td></tr><tr><td><a class="indexterm" name="id2608526"></a><em class="parameter"><code>path = /data/samba/shares/HR_PR</code></em></td></tr><tr><td><a class="indexterm" name="id2608538"></a><em class="parameter"><code>valid users = @hr, @acct_admin</code></em></td></tr><tr><td><a class="indexterm" name="id2608549"></a><em class="parameter"><code>force group = hr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ENGR]</code></em></td></tr><tr><td><a class="indexterm" name="id2608570"></a><em class="parameter"><code>path = /data/samba/shares/Engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608582"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id2608594"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608606"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608617"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[DATA]</code></em></td></tr><tr><td><a class="indexterm" name="id2608638"></a><em class="parameter"><code>path = /data/samba/shares/DATA</code></em></td></tr><tr><td><a class="indexterm" name="id2608650"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id2608662"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608674"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608685"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2608697"></a><em class="parameter"><code>copy = engr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf5"></a><p class="title"><b>Example 10.8. Samba Configuration File  smb.conf Part E</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[X]</code></em></td></tr><tr><td><a class="indexterm" name="id2608736"></a><em class="parameter"><code>path = /data/samba/shares/X</code></em></td></tr><tr><td><a class="indexterm" name="id2608748"></a><em class="parameter"><code>valid users = @engr, @acct</code></em></td></tr><tr><td><a class="indexterm" name="id2608759"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608771"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608782"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2608794"></a><em class="parameter"><code>copy = engr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[NETWORK]</code></em></td></tr><tr><td><a class="indexterm" name="id2608814"></a><em class="parameter"><code>path = /data/samba/shares/network</code></em></td></tr><tr><td><a class="indexterm" name="id2608826"></a><em class="parameter"><code>valid users = "@Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2608838"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608850"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2608861"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[UTILS]</code></em></td></tr><tr><td><a class="indexterm" name="id2608882"></a><em class="parameter"><code>path = /data/samba/shares/Utils</code></em></td></tr><tr><td><a class="indexterm" name="id2608894"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[SYS]</code></em></td></tr><tr><td><a class="indexterm" name="id2608915"></a><em class="parameter"><code>path = /data/samba/shares/SYS</code></em></td></tr><tr><td><a class="indexterm" name="id2608926"></a><em class="parameter"><code>valid users = chad</code></em></td></tr><tr><td><a class="indexterm" name="id2608938"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608950"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><p>
-        <a class="indexterm" name="id2608964"></a>
-        <a class="indexterm" name="id2608971"></a>
-        <a class="indexterm" name="id2608978"></a>
+        </p><div class="example"><a name="ch8smbconf"></a><p class="title"><b>Example 10.4. Samba Configuration File  smb.conf Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id374082"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id374094"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id374105"></a><em class="parameter"><code>server string = Corp File Server</code></em></td></tr><tr><td><a class="indexterm" name="id374117"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id374128"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374140"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id374152"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id374163"></a><em class="parameter"><code>log file = /data/samba/log/%m.log</code></em></td></tr><tr><td><a class="indexterm" name="id374175"></a><em class="parameter"><code>name resolve order = wins host bcast</code></em></td></tr><tr><td><a class="indexterm" name="id374186"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374198"></a><em class="parameter"><code>printcap name = cups</code></em></td></tr><tr><td><a class="indexterm" name="id374209"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id374221"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id374232"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id374244"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id374256"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id374268"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id374280"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id374292"></a><em class="parameter"><code>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"</code></em></td></tr><tr><td><a class="indexterm" name="id374304"></a><em class="parameter"><code>logon script = logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id374316"></a><em class="parameter"><code>logon path = \\%L\profiles\%U\%a</code></em></td></tr><tr><td><a class="indexterm" name="id374328"></a><em class="parameter"><code>logon drive = H:</code></em></td></tr><tr><td><a class="indexterm" name="id374339"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id374350"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374362"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374373"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id374385"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id374397"></a><em class="parameter"><code>ldap idmap suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id374408"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id374420"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374431"></a><em class="parameter"><code>ldap suffix = ou=MEGANET2,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id374443"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id374455"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id374466"></a><em class="parameter"><code>admin users = root, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374478"></a><em class="parameter"><code>printer admin = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374489"></a><em class="parameter"><code>force printername = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf2"></a><p class="title"><b>Example 10.5. Samba Configuration File  smb.conf Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id374528"></a><em class="parameter"><code>comment = Network logon service</code></em></td></tr><tr><td><a class="indexterm" name="id374540"></a><em class="parameter"><code>path = /data/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id374551"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374563"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id374583"></a><em class="parameter"><code>comment = Roaming Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id374595"></a><em class="parameter"><code>path = /data/samba/profiles/</code></em></td></tr><tr><td><a class="indexterm" name="id374607"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374618"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374630"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id374641"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id374662"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id374673"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id374685"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374696"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id374708"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id374719"></a><em class="parameter"><code>hide files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id374731"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[software]</code></em></td></tr><tr><td><a class="indexterm" name="id374751"></a><em class="parameter"><code>comment = Software for %a computers</code></em></td></tr><tr><td><a class="indexterm" name="id374763"></a><em class="parameter"><code>path = /data/samba/shares/software/%a</code></em></td></tr><tr><td><a class="indexterm" name="id374774"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[public]</code></em></td></tr><tr><td><a class="indexterm" name="id374795"></a><em class="parameter"><code>comment = Public Files</code></em></td></tr><tr><td><a class="indexterm" name="id374806"></a><em class="parameter"><code>path = /data/samba/shares/public</code></em></td></tr><tr><td><a class="indexterm" name="id374818"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374829"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[PDF]</code></em></td></tr><tr><td><a class="indexterm" name="id374850"></a><em class="parameter"><code>comment = Location of documents printed to PDFCreator printer</code></em></td></tr><tr><td><a class="indexterm" name="id374862"></a><em class="parameter"><code>path = /data/samba/shares/pdf</code></em></td></tr><tr><td><a class="indexterm" name="id374873"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf3"></a><p class="title"><b>Example 10.6. Samba Configuration File  smb.conf Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[EVERYTHING]</code></em></td></tr><tr><td><a class="indexterm" name="id374912"></a><em class="parameter"><code>comment = All shares</code></em></td></tr><tr><td><a class="indexterm" name="id374923"></a><em class="parameter"><code>path = /data/samba</code></em></td></tr><tr><td><a class="indexterm" name="id374934"></a><em class="parameter"><code>valid users = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374946"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[CDROM]</code></em></td></tr><tr><td><a class="indexterm" name="id374966"></a><em class="parameter"><code>comment = CD-ROM on MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id374978"></a><em class="parameter"><code>path = /mnt</code></em></td></tr><tr><td><a class="indexterm" name="id374990"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id375010"></a><em class="parameter"><code>comment = Printer Drivers Share</code></em></td></tr><tr><td><a class="indexterm" name="id375022"></a><em class="parameter"><code>path = /data/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id375033"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id375045"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id375065"></a><em class="parameter"><code>comment = All Printers</code></em></td></tr><tr><td><a class="indexterm" name="id375076"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id375088"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id375100"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375111"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[acct_hp8500]</code></em></td></tr><tr><td><a class="indexterm" name="id375131"></a><em class="parameter"><code>comment = "Accounting Color Laser Printer"</code></em></td></tr><tr><td><a class="indexterm" name="id375143"></a><em class="parameter"><code>path = /data/samba/spool/private</code></em></td></tr><tr><td><a class="indexterm" name="id375155"></a><em class="parameter"><code>valid users = @acct, @acct_admin, @hr, "@Domain Admins",@Receptionist, dwayne, terri, danae, jerry</code></em></td></tr><tr><td><a class="indexterm" name="id375167"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id375178"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375190"></a><em class="parameter"><code>copy = printers</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[plotter]</code></em></td></tr><tr><td><a class="indexterm" name="id375210"></a><em class="parameter"><code>comment = Engineering Plotter</code></em></td></tr><tr><td><a class="indexterm" name="id375222"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id375233"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id375245"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375256"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375268"></a><em class="parameter"><code>copy = printers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf4"></a><p class="title"><b>Example 10.7. Samba Configuration File  smb.conf Part D</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[APPS]</code></em></td></tr><tr><td><a class="indexterm" name="id375307"></a><em class="parameter"><code>path = /data/samba/shares/Apps</code></em></td></tr><tr><td><a class="indexterm" name="id375318"></a><em class="parameter"><code>force group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id375330"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT]</code></em></td></tr><tr><td><a class="indexterm" name="id375350"></a><em class="parameter"><code>path = /data/samba/shares/Accounting</code></em></td></tr><tr><td><a class="indexterm" name="id375362"></a><em class="parameter"><code>valid users = @acct, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id375373"></a><em class="parameter"><code>force group = acct</code></em></td></tr><tr><td><a class="indexterm" name="id375385"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375396"></a><em class="parameter"><code>create mask = 0660</code></em></td></tr><tr><td><a class="indexterm" name="id375408"></a><em class="parameter"><code>directory mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT_ADMIN]</code></em></td></tr><tr><td><a class="indexterm" name="id375428"></a><em class="parameter"><code>path = /data/samba/shares/Acct_Admin</code></em></td></tr><tr><td><a class="indexterm" name="id375440"></a><em class="parameter"><code>valid users = @"acct_admin"</code></em></td></tr><tr><td><a class="indexterm" name="id375451"></a><em class="parameter"><code>force group = acct_admin</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[HR_PR]</code></em></td></tr><tr><td><a class="indexterm" name="id375472"></a><em class="parameter"><code>path = /data/samba/shares/HR_PR</code></em></td></tr><tr><td><a class="indexterm" name="id375484"></a><em class="parameter"><code>valid users = @hr, @acct_admin</code></em></td></tr><tr><td><a class="indexterm" name="id375495"></a><em class="parameter"><code>force group = hr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ENGR]</code></em></td></tr><tr><td><a class="indexterm" name="id375516"></a><em class="parameter"><code>path = /data/samba/shares/Engr</code></em></td></tr><tr><td><a class="indexterm" name="id375527"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id375539"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id375550"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375562"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[DATA]</code></em></td></tr><tr><td><a class="indexterm" name="id375582"></a><em class="parameter"><code>path = /data/samba/shares/DATA</code></em></td></tr><tr><td><a class="indexterm" name="id375594"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id375606"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id375617"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375629"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id375640"></a><em class="parameter"><code>copy = engr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf5"></a><p class="title"><b>Example 10.8. Samba Configuration File  smb.conf Part E</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[X]</code></em></td></tr><tr><td><a class="indexterm" name="id375679"></a><em class="parameter"><code>path = /data/samba/shares/X</code></em></td></tr><tr><td><a class="indexterm" name="id375690"></a><em class="parameter"><code>valid users = @engr, @acct</code></em></td></tr><tr><td><a class="indexterm" name="id375702"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id375713"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375725"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id375736"></a><em class="parameter"><code>copy = engr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[NETWORK]</code></em></td></tr><tr><td><a class="indexterm" name="id375757"></a><em class="parameter"><code>path = /data/samba/shares/network</code></em></td></tr><tr><td><a class="indexterm" name="id375768"></a><em class="parameter"><code>valid users = "@Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id375780"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375791"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id375803"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[UTILS]</code></em></td></tr><tr><td><a class="indexterm" name="id375823"></a><em class="parameter"><code>path = /data/samba/shares/Utils</code></em></td></tr><tr><td><a class="indexterm" name="id375835"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[SYS]</code></em></td></tr><tr><td><a class="indexterm" name="id375855"></a><em class="parameter"><code>path = /data/samba/shares/SYS</code></em></td></tr><tr><td><a class="indexterm" name="id375867"></a><em class="parameter"><code>valid users = chad</code></em></td></tr><tr><td><a class="indexterm" name="id375878"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375890"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id375905"></a>
+        <a class="indexterm" name="id375911"></a>
+        <a class="indexterm" name="id375918"></a>
         Most of these shares are only used by one company group, but they are required
         because of some ancient Qbasic and Rbase applications were that written expecting
         their own drive letters.
         </p><p>
-        <a class="indexterm" name="id2608992"></a>
-        <a class="indexterm" name="id2608998"></a>
-        <a class="indexterm" name="id2609005"></a>
+        <a class="indexterm" name="id375930"></a>
+        <a class="indexterm" name="id375937"></a>
+        <a class="indexterm" name="id375944"></a>
         Note: During the process of building the new server, I kept data files
         up to date with the Novell server via use of <code class="literal">rsync</code>. 
@@ -557 +557 @@
 <code class="prompt">root# </code> smbpasswd -w verysecret
 </pre><p>
-        where &#8220;<span class="quote">verysecret</span>&#8221; is replaced by the LDAP bind password.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        where <span class="quote">&#8220;<span class="quote">verysecret</span>&#8221;</span> is replaced by the LDAP bind password.
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
 The Idealx smbldap-tools package can be configured using a script called 
 <code class="literal">configure.pl</code> that is provided as part of the tool. See <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>
@@ -740 +740 @@
 smbpasswd="/usr/bin/smbpasswd"
 </pre></div></div><br class="example-break"><p>
-        <a class="indexterm" name="id2609419"></a>
+        <a class="indexterm" name="id376262"></a>
         Note: I chose not to take advantage of the TLS capability of this. 
         Eventually I may go back and tweak it.  Also, I chose not to take advantage
@@ -814 +814 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2609520"></a>
-        <a class="indexterm" name="id2609527"></a>
-        <a class="indexterm" name="id2609534"></a>
-        <a class="indexterm" name="id2609540"></a>
-        <a class="indexterm" name="id2609547"></a>
+        <a class="indexterm" name="id376336"></a>
+        <a class="indexterm" name="id376343"></a>
+        <a class="indexterm" name="id376350"></a>
+        <a class="indexterm" name="id376357"></a>
+        <a class="indexterm" name="id376363"></a>
         With the LDAP directory now initialized, it was time to create the Windows and POSIX
         (UNIX) group accounts as well as the mappings from Windows groups to UNIX groups.
@@ -826 +826 @@
         try to do this by hand.
         </p><p>
-        <a class="indexterm" name="id2609570"></a>
-        <a class="indexterm" name="id2609577"></a>
-        <a class="indexterm" name="id2609584"></a>
+        <a class="indexterm" name="id376383"></a>
+        <a class="indexterm" name="id376389"></a>
+        <a class="indexterm" name="id376396"></a>
         After I had my group mappings in place, I added users to the groups (the users
         don't really have to exist yet). I used the <code class="literal">smbldap-groupmod</code>
@@ -834 +834 @@
         attributes to the group entries in LDAP.
         </p><p>
-        <a class="indexterm" name="id2609604"></a>
-        <a class="indexterm" name="id2609611"></a>
-        <a class="indexterm" name="id2609618"></a>
+        <a class="indexterm" name="id376414"></a>
+        <a class="indexterm" name="id376421"></a>
+        <a class="indexterm" name="id376428"></a>
         The most monumental task of all was adding the sambaSamAccount information to each
         already existent posixAccount entry.  I did it one at a time as I moved people onto
@@ -843 +843 @@
 <code class="prompt">root# </code> smbldap-usermod -a -P username
 </pre><p>
-        <a class="indexterm" name="id2609640"></a>
-        <a class="indexterm" name="id2609647"></a>
-        <a class="indexterm" name="id2609654"></a>
+        <a class="indexterm" name="id376448"></a>
+        <a class="indexterm" name="id376455"></a>
+        <a class="indexterm" name="id376462"></a>
         I completed that step for every user after asking the person what his or her current
         NetWare password was. The wiser way to have done it would probably have been to dump the
@@ -852 +852 @@
 <code class="prompt">root# </code> slapcat &gt; somefile.ldif
 </pre><p>
-        <a class="indexterm" name="id2609678"></a>
-        <a class="indexterm" name="id2609684"></a>
+        <a class="indexterm" name="id376483"></a>
+        <a class="indexterm" name="id376490"></a>
         Then update the LDIF file created by using a Perl script to parse and add the
         appropriate attributes and objectClasses to each entry, followed by re-importing
@@ -934 +934 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2609789"></a>
+        <a class="indexterm" name="id376575"></a>
         So now I could log on with a test user from the machine w2kengrspare. It was all well and
         good, but that user was in no groups yet and so had pretty boring access.  I fixed that
@@ -943 +943 @@
         I also did not have to do a logon script per user or per group.
         </p><p>
-        <a class="indexterm" name="id2609813"></a>
+        <a class="indexterm" name="id376595"></a>
         I downloaded Kixtart and put the following files in my netlogon share:
 </p><pre class="screen">
@@ -955 +955 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2609844"></a>
+        <a class="indexterm" name="id376618"></a>
         I then wrote the <code class="filename">logon.kix</code> file that is shown in
         <a class="link" href="nw4migration.html#ch8kix" title="Example 10.15. Kixtart Control File File: logon.kix">&#8220;Kixtart Control File  File: logon.kix&#8221;</a>. I chose to keep it all in one file, but it
@@ -1138 +1138 @@
         so it was easier to do it by hand.
         </p><p>
-        <a class="indexterm" name="id2610141"></a>
+        <a class="indexterm" name="id376842"></a>
         At this point I was able to add the users. This is the part that really falls
         into upgrade. I moved the users over one group at a time, starting with the
@@ -1152 +1152 @@
         struggled with the most effective way to do it.  Here is the method that worked
         for every one of my users on Windows NT, 2000, and XP:
-        </p><div class="procedure"><ol type="1"><li><p>
+        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Log in as the user on the domain. This creates the local copy
                         of the user's profile and copies it to the server as he or she logs out.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                         Reboot the computer and log in as the local machine administrator.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                         Right-click My Computer, click Properties, and navigate to the
                         user profiles tab (varies per version of Windows).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                         Select the user's local profile <code class="constant">(COMPUTERNAME\username)</code>,
                         and click the <code class="literal">Copy To</code> button.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                         In the next dialog, copy it directly to the profiles share on the
                         Samba server (in my case \\PDCname\profiles\user\&lt;architecture&gt;.
                         You will have had to make a connection to the share as that
                         user (e.g., Windows Explorer type \\PDCname\profiles\username).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                         When the copy is complete (it can take a while) log out, and log back in
                         as the user. All of his or her settings and all contents of My Documents,
                         Favorites, and the registry should have been copied successfully.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                         If it doesn't look right (the dead giveaway is the desktop background),
                         shut down the computer without logging out (power cycle) and try logging
@@ -1179 +1179 @@
                 </p></li></ol></div><p>
         Words to the Wise:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         If the user was anything other than a standard user on his or her system
                         before, you will save yourself some headaches by giving him or her identical
@@ -1187 +1187 @@
                         before logging on as that user for the first time. Otherwise the user will
                         have trouble with permissions on his or her registry keys.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                         If any application was installed for the user only, rather than for
                         the entire system, it will probably not work without being reinstalled.

trunk/server/docs/htmldocs/Samba3-ByExample/pr01.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>About the Cover Artwork</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr02.html" title="Acknowledgments"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">About the Cover Artwork</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr02.html">Next</a></td></tr></table><hr></div><div class="preface" lang="en-US"><div class="titlepage"><div><div><h2 class="title"><a name="id2540354"></a>About the Cover Artwork</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>About the Cover Artwork</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr02.html" title="Acknowledgments"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">About the Cover Artwork</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr02.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="About the Cover Artwork"><div class="titlepage"><div><div><h2 class="title"><a name="id281291"></a>About the Cover Artwork</h2></div></div></div><p>
         The cover artwork of this book continues the freedom theme of the first
-        edition of &#8220;<span class="quote">Samba-3 by Example</span>&#8221;. The history of civilization
+        edition of <span class="quote">&#8220;<span class="quote">Samba-3 by Example</span>&#8221;</span>. The history of civilization
         demonstrates the fragile nature of freedom. It can be lost in a moment,
         and once lost, the cost of recovering liberty can be incredible. The last

trunk/server/docs/htmldocs/Samba3-ByExample/pr02.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Acknowledgments</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr01.html" title="About the Cover Artwork"><link rel="next" href="pr03.html" title="Foreword"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Acknowledgments</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr03.html">Next</a></td></tr></table><hr></div><div class="preface" lang="en-US"><div class="titlepage"><div><div><h2 class="title"><a name="id2500840"></a>Acknowledgments</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Acknowledgments</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr01.html" title="About the Cover Artwork"><link rel="next" href="pr03.html" title="Foreword"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Acknowledgments</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr03.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="Acknowledgments"><div class="titlepage"><div><div><h2 class="title"><a name="id281791"></a>Acknowledgments</h2></div></div></div><p>
         <span class="emphasis"><em>Samba-3 by Example</em></span> would not have been written except
         as a result of feedback provided by reviewers and readers of the book <span class="emphasis"><em>The

trunk/server/docs/htmldocs/Samba3-ByExample/pr03.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Foreword</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr02.html" title="Acknowledgments"><link rel="next" href="preface.html" title="Preface"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Foreword</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr02.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="preface.html">Next</a></td></tr></table><hr></div><div class="preface" lang="en-US"><div class="titlepage"><div><div><h2 class="title"><a name="id2501056"></a>Foreword</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="pr03.html#id2501062">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></div><div class="sect1" lang="en-US"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2501062"></a>By John M. Weathersby, Executive Director, OSSI</h2></div></div></div><div class="blockquote"><blockquote class="blockquote"><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Foreword</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr02.html" title="Acknowledgments"><link rel="next" href="preface.html" title="Preface"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Foreword</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr02.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="preface.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="Foreword"><div class="titlepage"><div><div><h2 class="title"><a name="id280651"></a>Foreword</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="pr03.html#id280658">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></div><div class="sect1" title="By John M. Weathersby, Executive Director, OSSI"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280658"></a>By John M. Weathersby, Executive Director, OSSI</h2></div></div></div><div class="blockquote"><blockquote class="blockquote"><p>
 The Open Source Software Institute (OSSI) is comprised of representatives from a broad spectrum of business and
 non-business organizations that share a common interest in the promotion of development and implementation

trunk/server/docs/htmldocs/Samba3-ByExample/preface.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Preface</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr03.html" title="Foreword"><link rel="next" href="ExNetworks.html" title="Part I. Example Network Configurations"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Preface</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr03.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ExNetworks.html">Next</a></td></tr></table><hr></div><div class="preface" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="preface"></a>Preface</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="preface.html#id2501251">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id2498970">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id2498857">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id2498889">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id2498954">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id2550647">Conventions Used</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Preface</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr03.html" title="Foreword"><link rel="next" href="ExNetworks.html" title="Part I. Example Network Configurations"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Preface</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr03.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ExNetworks.html">Next</a></td></tr></table><hr></div><div class="preface" title="Preface"><div class="titlepage"><div><div><h2 class="title"><a name="preface"></a>Preface</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="preface.html#id280788">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id280825">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id280643">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id322292">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id322341">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id322920">Conventions Used</a></span></dt></dl></div><p>
         Network administrators live busy lives. We face distractions and pressures
         that drive us to seek proven, working case scenarios that can be easily
@@ -34 +34 @@
         services and applications such as OpenLDAP, DNS and DHCP, the need for which
         can be met from other resources that are dedicated to the subject.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2501251"></a>Why Is This Book Necessary?</h2></div></div></div><p>
+        </p><div class="sect1" title="Why Is This Book Necessary?"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280788"></a>Why Is This Book Necessary?</h2></div></div></div><p>
         This book is the result of observations and feedback. The feedback from
         the Samba-HOWTO-Collection has been positive and complimentary. There
         have been requests for far more worked examples, a
-        &#8220;<span class="quote">Samba Cookbook,</span>&#8221; and for training materials to
+        <span class="quote">&#8220;<span class="quote">Samba Cookbook,</span>&#8221;</span> and for training materials to
         help kick-start the process of mastering Samba.
         </p><p>
@@ -54 +54 @@
         on the CD-ROM. This book is descriptive, provides detailed diagrams, and
         makes deployment of Samba-3 a breeze.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2498970"></a>Samba 3.0.20 Update Edition</h3></div></div></div><p>
+        </p><div class="sect2" title="Samba 3.0.20 Update Edition"><div class="titlepage"><div><div><h3 class="title"><a name="id280825"></a>Samba 3.0.20 Update Edition</h3></div></div></div><p>
         The Samba 3.0.x series has been remarkably popular. At the time this book first
         went to print samba-3.0.2 was being released. There have been significant modifications
@@ -112 +112 @@
                                                 <p>
                                                 Symbolically linked files and directories on the UNIX host to absolute paths will
-                                                now be followed. This can be turned off using &#8220;<span class="quote">wide links = No</span>&#8221; in
-                                                the share stanza in the <code class="filename">smb.conf</code> file. Turning off &#8220;<span class="quote">wide links</span>&#8221;
+                                                now be followed. This can be turned off using <span class="quote">&#8220;<span class="quote">wide links = No</span>&#8221;</span> in
+                                                the share stanza in the <code class="filename">smb.conf</code> file. Turning off <span class="quote">&#8220;<span class="quote">wide links</span>&#8221;</span>
                                                 support will degrade server performance because each path must be checked.
                                                 </p>
@@ -123 +123 @@
                                                 <p>
                                                 Versions of Samba prior to samba-3.0.11 required the use of the UNIX <code class="constant">root</code>
-                                                account from network Windows clients. The new &#8220;<span class="quote">enable privileges = Yes</span>&#8221; capability
+                                                account from network Windows clients. The new <span class="quote">&#8220;<span class="quote">enable privileges = Yes</span>&#8221;</span> capability
                                                 means that functions such as adding machines to the domain, managing printers, etc. can now
                                                 be delegated to normal user accounts or to groups of users.
                                                 </p>
-                                        </td></tr></tbody></table></div></div><br class="table-break"></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2498857"></a>Prerequisites</h2></div></div></div><p>
+                                        </td></tr></tbody></table></div></div><br class="table-break"></div></div><div class="sect1" title="Prerequisites"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280643"></a>Prerequisites</h2></div></div></div><p>
         This book is not a tutorial on UNIX or Linux administration. UNIX and Linux
         training is best obtained from books dedicated to the subject. This book
@@ -140 +140 @@
         may need to refer to administrative guides or manuals for your operating system
         platform to find what is the best method to achieve what the text of this book describes.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2498889"></a>Approach</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Approach"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id322292"></a>Approach</h2></div></div></div><p>
         The first chapter deals with some rather thorny network analysis issues. Do not be
         put off by this. The information you glean, even without a detailed understanding
@@ -168 +168 @@
         Each chapter has a set of questions and answers to help you to
         to understand and digest key attributes of the solutions presented.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2498954"></a>Summary of Topics</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Summary of Topics"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id322341"></a>Summary of Topics</h2></div></div></div><p>
         The contents of this second edition of <span class="emphasis"><em>Samba-3 by Example</em></span>
         have been rearranged based on feedback from purchasers of the first edition.
@@ -188 +188 @@
                 soon needs to replace all servers and workstations.
                 </p><p><span class="emphasis"><em>TechInfo</em></span>  This chapter demands:
-                        </p><div class="itemizedlist"><ul type="disc"><li><p>Case 1: The simplest <code class="filename">smb.conf</code> file that may
+                        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Case 1: The simplest <code class="filename">smb.conf</code> file that may
                                         reasonably be used. Works with Samba-2.x also. This
                                         configuration uses Share Mode security. Encrypted
                                         passwords are not used, so there is no 
                                         <code class="filename">smbpasswd</code> file.
-                                        </p></li><li><p>Case 2: Another simple <code class="filename">smb.conf</code> file that adds
+                                        </p></li><li class="listitem"><p>Case 2: Another simple <code class="filename">smb.conf</code> file that adds
                                         WINS support and printing support. This case deals with
                                         a special requirement that demonstrates how to deal with
@@ -201 +201 @@
                                         Samba-2.x. Encrypted passwords are not used, so there is no
                                         <code class="filename">smbpasswd</code> file.
-                                        </p></li><li><p>Case 3: This <code class="filename">smb.conf</code> configuration uses User Mode
+                                        </p></li><li class="listitem"><p>Case 3: This <code class="filename">smb.conf</code> configuration uses User Mode
                                         security. The file share configuration demonstrates
                                         the ability to provide master access to an administrator
@@ -339 +339 @@
                 avoid Samba configuration options that will weigh the server down. MS distributed file
                 services to make your network fly and much more. This chapter contains a good deal of 
-                &#8220;<span class="quote">Did I tell you about this...?</span>&#8221; type of hints to help keep your name on the top
+                <span class="quote">&#8220;<span class="quote">Did I tell you about this...?</span>&#8221;</span> type of hints to help keep your name on the top
                 performers list.
                 </p></dd><dt><span class="term">Chapter 14  Samba Support.</span></dt><dd><p>
@@ -365 +365 @@
                 a file and print server to create a connection over which file and print
                 operations may take place.
-                </p></dd></dl></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2550647"></a>Conventions Used</h2></div></div></div><p>
+                </p></dd></dl></div></div><div class="sect1" title="Conventions Used"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id322920"></a>Conventions Used</h2></div></div></div><p>
     The following notation conventions are used throughout this book:
-    </p><div class="itemizedlist"><ul type="disc"><li><p>
-        TOSHARG2 is used as an abbreviation for the book, &#8220;<span class="quote">The Official Samba-3
-        HOWTO and Reference Guide, Second Edition</span>&#8221; Editors: John H. Terpstra and Jelmer R. Vernooij,
+    </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+        TOSHARG2 is used as an abbreviation for the book, <span class="quote">&#8220;<span class="quote">The Official Samba-3
+        HOWTO and Reference Guide, Second Edition</span>&#8221;</span> Editors: John H. Terpstra and Jelmer R. Vernooij,
         Publisher: Prentice Hall, ISBN: 0131882228.
-        </p></li><li><p>
-        S3bE2 is used as an abbreviation for the book, &#8220;<span class="quote">Samba-3 by Example, Second Edition</span>&#8221; 
+        </p></li><li class="listitem"><p>
+        S3bE2 is used as an abbreviation for the book, <span class="quote">&#8220;<span class="quote">Samba-3 by Example, Second Edition</span>&#8221;</span> 
         Editors: John H. Terpstra, Publisher: Prentice Hall, ISBN: 013188221X.
-        </p></li><li><p>
+        </p></li><li class="listitem"><p>
         Directories and filenames appear in mono-font. For example,
         <code class="filename">/etc/pam.conf</code>.
-        </p></li><li><p>
+        </p></li><li class="listitem"><p>
         Executable names are bolded. For example, <code class="literal">smbd</code>.
-        </p></li><li><p>
+        </p></li><li class="listitem"><p>
         Menu items and buttons appear in bold. For example, click <span class="guibutton">Next</span>.
-        </p></li><li><p>
+        </p></li><li class="listitem"><p>
         Selecting a menu item is indicated as:
         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Control Panel</span> &#8594; <span class="guimenuitem">Administrative Tools</span> &#8594; <span class="guimenuitem">Active Directory Users and Computers</span>

trunk/server/docs/htmldocs/Samba3-ByExample/primer.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Networking Primer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"><link rel="next" href="apa.html" title="Appendix A.  GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Networking Primer</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="primer"></a>Chapter 16. Networking Primer</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="primer.html#id2625280">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id2625441">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2625502">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id2625618">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2625744">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id2626892">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id2627394">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id2627962">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id2628077">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Networking Primer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"><link rel="next" href="apa.html" title="Appendix A.  GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Networking Primer</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 16. Networking Primer"><div class="titlepage"><div><div><h2 class="title"><a name="primer"></a>Chapter 16. Networking Primer</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="primer.html#id390627">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id390763">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id390813">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id390920">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391033">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id393121">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id393223">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></div><p>
         You are about to use the equivalent of a microscope to look at the information
         that runs through the veins of a Windows network. We do more to observe the information than
         to interrogate it. When you are done with this primer, you should have a good understanding
         of the types of information that flow over the network. Do not worry, this is not
-        a biology lesson. We won't lose you in unnecessary detail. Think to yourself, &#8220;<span class="quote">This
-        is easy,</span>&#8221; then tackle each exercise without fear.
+        a biology lesson. We won't lose you in unnecessary detail. Think to yourself, <span class="quote">&#8220;<span class="quote">This
+        is easy,</span>&#8221;</span> then tackle each exercise without fear.
         </p><p>
         Samba can be configured with a minimum of complexity. Simplicity should be mastered
         before you get too deeply into complexities. Let's get moving: we have work to do.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2625280"></a>Requirements and Notes</h2></div></div></div><p>
+        </p><div class="sect1" title="Requirements and Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id390627"></a>Requirements and Notes</h2></div></div></div><p>
         Successful completion of this primer requires two Microsoft Windows 9x/Me Workstations
         as well as two Microsoft Windows XP Professional Workstations, each equipped with an Ethernet
@@ -17 +17 @@
         on a quiet network where there is no other traffic. It is best to use a dedicated hub
         with only the machines under test connected at the time of the exercises.
-        </p><p><a class="indexterm" name="id2625300"></a>
+        </p><p><a class="indexterm" name="id390642"></a>
         Wireshark (formerly Ethereal) has become the network protocol analyzer of choice for many network administrators.
         You may find more information regarding this tool from the
@@ -30 +30 @@
         To obtain <code class="literal">Wireshark</code> for your system, please visit the Wireshark
         <a class="ulink" href="http://www.wireshark.org/download.html" target="_top">download site</a>.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         The successful completion of this chapter requires that you capture network traffic
         using <code class="literal">Wireshark</code>. It is recommended that you use a hub, not an
@@ -37 +37 @@
         that is used to monitor traffic; this would not allow you to complete the projects.
         </p></div><p>
-        <a class="indexterm" name="id2625370"></a>
+        <a class="indexterm" name="id390701"></a>
         Do not worry too much if you do not have access to all this equipment; network captures
         from the exercises are provided on the enclosed CD-ROM. This makes it possible to dive directly
         into the analytical part of the exercises if you so desire.
-        </p><p><a class="indexterm" name="id2625386"></a><a class="indexterm" name="id2625397"></a>
+        </p><p><a class="indexterm" name="id390714"></a><a class="indexterm" name="id390726"></a>
         Please do not be alarmed at the use of a high-powered analysis tool (Wireshark) in this
         primer.  We expose you only to a minimum of detail necessary to complete
@@ -55 +55 @@
         <a class="link" href="primer.html#chap01qa" title="Questions and Answers">&#8220;Questions and Answers&#8221;</a> also provides useful information
         that may help you to avoid significantly time-consuming networking problems.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2625441"></a>Introduction</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id390763"></a>Introduction</h2></div></div></div><p>
         The purpose of this chapter is to create familiarity with key aspects of Microsoft Windows
         network computing. If you want a solid technical grounding, do not gloss over these exercises.
         The points covered are recurrent issues on the Samba mailing lists.
-        </p><p><a class="indexterm" name="id2625456"></a>
+        </p><p><a class="indexterm" name="id390775"></a>
         You can see from these exercises that Windows networking involves quite a lot of network
         broadcast traffic. You can look into the contents of some packets, but only to see
@@ -73 +73 @@
         </p><p>
         Recommended preparatory reading: <span class="emphasis"><em>The Official Samba-3 HOWTO and Reference Guide, Second
-        Edition</em></span> (TOSHARG2) Chapter 9, &#8220;<span class="quote">Network Browsing,</span>&#8221; and Chapter 3,
-        &#8220;<span class="quote">Server Types and Security Modes.</span>&#8221;
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2625502"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id2625508"></a>
+        Edition</em></span> (TOSHARG2) Chapter 9, <span class="quote">&#8220;<span class="quote">Network Browsing,</span>&#8221;</span> and Chapter 3,
+        <span class="quote">&#8220;<span class="quote">Server Types and Security Modes.</span>&#8221;</span>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id390813"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id390820"></a>
                 You are about to witness how Microsoft Windows computer networking functions. The
                 exercises step through identification of how a client machine establishes a
@@ -81 +81 @@
                 each other (i.e., how browsing works) and how the two key types of user identification
                 (share mode security and user mode security) are affected.
-                </p><p><a class="indexterm" name="id2625526"></a>
+                </p><p><a class="indexterm" name="id390834"></a>
                 The networking protocols used by MS Windows networking when working with Samba
                 use TCP/IP as the transport protocol. The protocols that are specific to Windows
                 networking are encapsulated in TCP/IP. The network analyzer we use (Wireshark)
                 is able to show you the contents of the TCP/IP packets (or messages).
-                </p><div class="procedure"><a name="chap01tasks"></a><p class="title"><b>Procedure 16.1. Diagnostic Tasks</b></p><ol type="1"><li><p><a class="indexterm" name="id2625559"></a><a class="indexterm" name="id2625570"></a><a class="indexterm" name="id2625578"></a>
+                </p><div class="procedure" title="Procedure 16.1. Diagnostic Tasks"><a name="chap01tasks"></a><p class="title"><b>Procedure 16.1. Diagnostic Tasks</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id390864"></a><a class="indexterm" name="id390875"></a><a class="indexterm" name="id390883"></a>
                         Examine network traces to witness SMB broadcasts, host announcements,
                         and name resolution processes.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Examine network traces to witness how share mode security functions.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         Examine network traces to witness the use of user mode security.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         Review traces of network logons for a Windows 9x/Me client as well as
                         a domain logon for a Windows XP Professional client.
-                        </p></li></ol></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2625618"></a>Exercises</h2></div></div></div><p>
-        <a class="indexterm" name="id2625626"></a>
+                        </p></li></ol></div></div></div><div class="sect1" title="Exercises"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id390920"></a>Exercises</h2></div></div></div><p>
+        <a class="indexterm" name="id390928"></a>
         You are embarking on a course of discovery. The first part of the exercise requires
         two MS Windows 9x/Me systems. We called one machine <code class="constant">WINEPRESSME</code> and the
@@ -109 +109 @@
         For these exercises, our test environment consisted of a SUSE 9.2 Professional Linux Workstation running
         VMWare 4.5. The following VMWare images were prepared:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>Windows 98  name: MILGATE98</p></li><li><p>Windows Me  name: WINEPRESSME</p></li><li><p>Windows XP Professional  name: LightrayXP</p></li><li><p>Samba-3.0.20 running on a SUSE Enterprise Linux 9</p></li></ul></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Windows 98  name: MILGATE98</p></li><li class="listitem"><p>Windows Me  name: WINEPRESSME</p></li><li class="listitem"><p>Windows XP Professional  name: LightrayXP</p></li><li class="listitem"><p>Samba-3.0.20 running on a SUSE Enterprise Linux 9</p></li></ul></div><p>
         Choose a workgroup name (MIDEARTH) for each exercise.
         </p><p>
-        <a class="indexterm" name="id2625715"></a>
+        <a class="indexterm" name="id391010"></a>
         The network captures provided on the CD-ROM included with this book were captured using <code class="constant">Ethereal</code>
         version <code class="literal">0.10.6</code>. A later version suffices without problems (i.e. you should be using Wireshark), but an earlier version may not
@@ -120 +120 @@
         that can be derived from this book really does warrant your taking sufficient time to practice each exercise with
         care and attention to detail.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2625744"></a>Single-Machine Broadcast Activity</h3></div></div></div><p>
+        </p><div class="sect2" title="Single-Machine Broadcast Activity"><div class="titlepage"><div><div><h3 class="title"><a name="id391033"></a>Single-Machine Broadcast Activity</h3></div></div></div><p>
         In this section, we start a single Windows 9x/Me machine, then monitor network activity for 30 minutes.
-        </p><div class="procedure"><a name="id2625755"></a><p class="title"><b>Procedure 16.2. Monitoring Windows 9x Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 16.2. Monitoring Windows 9x Steps"><a name="id391043"></a><p class="title"><b>Procedure 16.2. Monitoring Windows 9x Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Start the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>).
                 Launch <code class="literal">Wireshark</code>, click
@@ -128 +128 @@
                 </p><p>
                 Click the following:
-                </p><div class="orderedlist"><ol type="1"><li><p>Update list of packets in real time</p></li><li><p>Automatic scrolling in live capture</p></li><li><p>Enable MAC name resolution</p></li><li><p>Enable network name resolution</p></li><li><p>Enable transport name resolution</p></li></ol></div><p>
+                </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Update list of packets in real time</p></li><li class="listitem"><p>Automatic scrolling in live capture</p></li><li class="listitem"><p>Enable MAC name resolution</p></li><li class="listitem"><p>Enable network name resolution</p></li><li class="listitem"><p>Enable transport name resolution</p></li></ol></div><p>
                 Click <span class="guibutton">OK</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Start the Windows 9x/Me machine to be monitored. Let it run for a full 30 minutes. While monitoring,
                 do not press any keyboard keys, do not click any on-screen icons or menus, and do not answer any dialog boxes.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 At the conclusion of 30 minutes, stop the capture. Save the capture to a file so you can go back to it later.
                 Leave this machine running in preparation for the task in <a class="link" href="primer.html#secondmachine" title="Second Machine Startup Broadcast Interaction">&#8220;Second Machine Startup Broadcast Interaction&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Analyze the capture. Identify each discrete message type that was captured. Note what transport protocol
                 was used. Identify the timing between messages of identical types.
-                </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2625878"></a>Findings</h4></div></div></div><p>
+                </p></li></ol></div><div class="sect3" title="Findings"><div class="titlepage"><div><div><h4 class="title"><a name="id391158"></a>Findings</h4></div></div></div><p>
                 The summary of the first 10 minutes of the packet capture should look like <a class="link" href="primer.html#pktcap01" title="Figure 16.1. Windows Me Broadcasts The First 10 Minutes">&#8220;Windows Me  Broadcasts  The First 10 Minutes&#8221;</a>.
                 A screenshot of a later stage of the same capture is shown in <a class="link" href="primer.html#pktcap02" title="Figure 16.2. Windows Me Later Broadcast Sample">&#8220;Windows Me  Later Broadcast Sample&#8221;</a>.
-                </p><div class="figure"><a name="pktcap01"></a><p class="title"><b>Figure 16.1. Windows Me  Broadcasts  The First 10 Minutes</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture.png" width="216" alt="Windows Me Broadcasts The First 10 Minutes"></div></div></div><br class="figure-break"><div class="figure"><a name="pktcap02"></a><p class="title"><b>Figure 16.2. Windows Me  Later Broadcast Sample</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture2.png" width="226.8" alt="Windows Me Later Broadcast Sample"></div></div></div><br class="figure-break"><p><a class="indexterm" name="id2625995"></a><a class="indexterm" name="id2626006"></a>
+                </p><div class="figure"><a name="pktcap01"></a><p class="title"><b>Figure 16.1. Windows Me  Broadcasts  The First 10 Minutes</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture.png" width="216" alt="Windows Me Broadcasts The First 10 Minutes"></div></div></div><br class="figure-break"><div class="figure"><a name="pktcap02"></a><p class="title"><b>Figure 16.2. Windows Me  Later Broadcast Sample</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture2.png" width="226.8" alt="Windows Me Later Broadcast Sample"></div></div></div><br class="figure-break"><p><a class="indexterm" name="id391271"></a><a class="indexterm" name="id391282"></a>
                 Broadcast messages observed are shown in <a class="link" href="primer.html#capsstats01" title="Table 16.1. Windows Me Startup Broadcast Capture Statistics">&#8220;Windows Me  Startup Broadcast Capture Statistics&#8221;</a>.
                 Actual observations vary a little, but not by much.
@@ -148 +148 @@
                 first to ensure that its name would not result in a name clash, and second to establish its
                 presence with the Local Master Browser (LMB).
-                </p><div class="table"><a name="capsstats01"></a><p class="title"><b>Table 16.1. Windows Me  Startup Broadcast Capture Statistics</b></p><div class="table-contents"><table summary="Windows Me  Startup Broadcast Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">WINEPRESSME&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;20&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1d&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1e&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1b&gt;</td><td align="center">Qry</td><td align="center">84</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">__MSBROWSE__</td><td align="center">Reg</td><td align="center">8</td><td align="left">Registered after winning election to Browse Master</td></tr><tr><td align="left">JHT&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 x 2. This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">2</td><td align="left">Observed at 10 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Get Backup List Request</td><td align="center">Qry</td><td align="center">12</td><td align="left">6 x 2 early in startup, 0.5 sec apart</td></tr><tr><td align="left">Browser Election Request</td><td align="center">Ann</td><td align="center">10</td><td align="left">5 x 2 early in startup</td></tr><tr><td align="left">Request Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">4</td><td align="left">Early in startup</td></tr></tbody></table></div></div><br class="table-break"><p><a class="indexterm" name="id2626353"></a><a class="indexterm" name="id2626361"></a>
+                </p><div class="table"><a name="capsstats01"></a><p class="title"><b>Table 16.1. Windows Me  Startup Broadcast Capture Statistics</b></p><div class="table-contents"><table summary="Windows Me  Startup Broadcast Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">WINEPRESSME&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;20&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1d&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1e&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1b&gt;</td><td align="center">Qry</td><td align="center">84</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">__MSBROWSE__</td><td align="center">Reg</td><td align="center">8</td><td align="left">Registered after winning election to Browse Master</td></tr><tr><td align="left">JHT&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 x 2. This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">2</td><td align="left">Observed at 10 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Get Backup List Request</td><td align="center">Qry</td><td align="center">12</td><td align="left">6 x 2 early in startup, 0.5 sec apart</td></tr><tr><td align="left">Browser Election Request</td><td align="center">Ann</td><td align="center">10</td><td align="left">5 x 2 early in startup</td></tr><tr><td align="left">Request Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">4</td><td align="left">Early in startup</td></tr></tbody></table></div></div><br class="table-break"><p><a class="indexterm" name="id391620"></a><a class="indexterm" name="id391628"></a>
                 From the packet trace, it should be noted that no messages were propagated over TCP/IP;
                 all messages employed UDP/IP.  When steady-state operation has been achieved, there is a cycle
                 of various announcements, re-election of a browse master, and name queries. These create
                 the symphony of announcements by which network browsing is made possible.
-                </p><p><a class="indexterm" name="id2626379"></a>
+                </p><p><a class="indexterm" name="id391642"></a>
                 For detailed information regarding the precise behavior of the CIFS/SMB protocols,
-                refer to the book &#8220;<span class="quote">Implementing CIFS: The Common Internet File System,</span>&#8221;
+                refer to the book <span class="quote">&#8220;<span class="quote">Implementing CIFS: The Common Internet File System,</span>&#8221;</span>
                 by Christopher Hertel, (Prentice Hall PTR, ISBN: 013047116X).
-                </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="secondmachine"></a>Second Machine Startup Broadcast Interaction</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Second Machine Startup Broadcast Interaction"><div class="titlepage"><div><div><h3 class="title"><a name="secondmachine"></a>Second Machine Startup Broadcast Interaction</h3></div></div></div><p>
         At this time, the machine you used to capture the single-system startup trace should still be running.
         The objective of this task is to identify the interaction of two machines in respect to broadcast activity.
-        </p><div class="procedure"><a name="id2626415"></a><p class="title"><b>Procedure 16.3. Monitoring of Second Machine Activity</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 16.3. Monitoring of Second Machine Activity"><a name="id391674"></a><p class="title"><b>Procedure 16.3. Monitoring of Second Machine Activity</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 On the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>),
                 launch <code class="literal">Wireshark</code> and click
@@ -166 +166 @@
                 </p><p>
                 Click:
-                </p><div class="orderedlist"><ol type="1"><li><p>Update list of packets in real time</p></li><li><p>Automatic scrolling in live capture</p></li><li><p>Enable MAC name resolution</p></li><li><p>Enable network name resolution</p></li><li><p>Enable transport name resolution</p></li></ol></div><p>
+                </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Update list of packets in real time</p></li><li class="listitem"><p>Automatic scrolling in live capture</p></li><li class="listitem"><p>Enable MAC name resolution</p></li><li class="listitem"><p>Enable network name resolution</p></li><li class="listitem"><p>Enable transport name resolution</p></li></ol></div><p>
                 Click <span class="guibutton">OK</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Start the second Windows 9x/Me machine. Let it run for 15 to 20 minutes. While monitoring, do not press
                 any keyboard keys, do not click any on-screen icons or menus, and do not answer any dialog boxes.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 At the conclusion of the capture time, stop the capture. Be sure to save the captured data so you
                 can examine the network data capture again at a later date should that be necessary.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Analyze the capture trace, taking note of the transport protocols used, the types of messages observed,
                 and what interaction took place between the two machines. Leave both machines running for the next task.
-                </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2626531"></a>Findings</h4></div></div></div><p>
+                </p></li></ol></div><div class="sect3" title="Findings"><div class="titlepage"><div><div><h4 class="title"><a name="id391782"></a>Findings</h4></div></div></div><p>
                 <a class="link" href="primer.html#capsstats02" title="Table 16.2. Second Machine (Windows 98) Capture Statistics">&#8220;Second Machine (Windows 98)  Capture Statistics&#8221;</a> summarizes capture statistics observed. As in the previous case,
                 all announcements used UDP/IP broadcasts. Also, as was observed with the last example, the second
@@ -183 +183 @@
                 (i.e., the name is already registered by another machine) on the network segment. Those wishing
                 to explore the inner details of the precise mechanism of how this functions should refer to
-                &#8220;<span class="quote">Implementing CIFS: The Common Internet File System.</span>&#8221;
+                <span class="quote">&#8220;<span class="quote">Implementing CIFS: The Common Internet File System.</span>&#8221;</span>
                 </p><div class="table"><a name="capsstats02"></a><p class="title"><b>Table 16.2. Second Machine (Windows 98)  Capture Statistics</b></p><div class="table-contents"><table summary="Second Machine (Windows 98)  Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">MILGATE98&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">MILGATE98&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">MILGATE98&lt;20&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1d&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1e&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1b&gt;</td><td align="center">Qry</td><td align="center">18</td><td align="left">900 sec apart at stable operation</td></tr><tr><td align="left">JHT&lt;03&gt;</td><td align="center">Reg</td><td align="center">2</td><td align="left">This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement MILGATE98</td><td align="center">Ann</td><td align="center">14</td><td align="left">Every 120 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">6</td><td align="left">900 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">6</td><td align="left">Insufficient detail to determine frequency</td></tr></tbody></table></div></div><br class="table-break"><p>
-                <a class="indexterm" name="id2626813"></a>
-                <a class="indexterm" name="id2626820"></a>
-                <a class="indexterm" name="id2626827"></a>
+                <a class="indexterm" name="id392055"></a>
+                <a class="indexterm" name="id392062"></a>
+                <a class="indexterm" name="id392069"></a>
                 Observation of the contents of Host Announcements, Domain/Workgroup Announcements,
                 and Local Master Announcements is instructive. These messages convey a significant
                 level of detail regarding the nature of each machine that is on the network. An example
                 dissection of a Host Announcement is given in <a class="link" href="primer.html#hostannounce" title="Figure 16.3. Typical Windows 9x/Me Host Announcement">&#8220;Typical Windows 9x/Me Host Announcement&#8221;</a>.
-                </p><div class="figure"><a name="hostannounce"></a><p class="title"><b>Figure 16.3. Typical Windows 9x/Me Host Announcement</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/HostAnnouncment.png" width="221.4" alt="Typical Windows 9x/Me Host Announcement"></div></div></div><br class="figure-break"></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2626892"></a>Simple Windows Client Connection Characteristics</h3></div></div></div><p>
+                </p><div class="figure"><a name="hostannounce"></a><p class="title"><b>Figure 16.3. Typical Windows 9x/Me Host Announcement</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/HostAnnouncment.png" width="221.4" alt="Typical Windows 9x/Me Host Announcement"></div></div></div><br class="figure-break"></div></div><div class="sect2" title="Simple Windows Client Connection Characteristics"><div class="titlepage"><div><div><h3 class="title"><a name="id392130"></a>Simple Windows Client Connection Characteristics</h3></div></div></div><p>
         The purpose of this exercise is to discover how Microsoft Windows clients create (establish)
         connections with remote servers. The methodology involves analysis of a key aspect of how
         Windows clients access remote servers: the session setup protocol.
-        </p><div class="procedure"><a name="id2626906"></a><p class="title"><b>Procedure 16.4. Client Connection Exploration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 16.4. Client Connection Exploration Steps"><a name="id392141"></a><p class="title"><b>Procedure 16.4. Client Connection Exploration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure a Windows 9x/Me machine (MILGATE98) with a share called <code class="constant">Stuff</code>.
                 Create a <em class="parameter"><code>Full Access</code></em> control password on this share.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Configure another Windows 9x/Me machine (WINEPRESSME) as a client. Make sure that it exports
                 no shared resources.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Start both Windows 9x/Me machines and allow them to stabilize for 10 minutes. Log on to both
                 machines using a user name (JHT) of your choice. Wait approximately 2 minutes before proceeding.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Start Wireshark (or the network sniffer of your choice).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 From the WINEPRESSME machine, right-click <span class="guimenu">Network Neighborhood</span>, select
                 <span class="guimenuitem">Explore</span>, select
@@ -213 +213 @@
                 Enter the password you set for the <code class="constant">Full Control</code> mode for the
                 <code class="constant">Stuff</code> share.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 When the share called <code class="constant">Stuff</code> is being displayed, stop the capture.
                 Save the captured data in case it is needed for later analysis.
-                </p></li><li><p>
-                <a class="indexterm" name="id2627037"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id392265"></a>
                 From the top of the packets captured, scan down to locate the first packet that has
                 interpreted as <code class="constant">Session Setup AndX, User: anonymous; Tree Connect AndX,
                 Path: \\MILGATE98\IPC$</code>.
-                </p></li><li><p><a class="indexterm" name="id2627056"></a><a class="indexterm" name="id2627064"></a>
+                </p></li><li class="step" title="Step 8"><p><a class="indexterm" name="id392283"></a><a class="indexterm" name="id392291"></a>
                 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request,
                 and Tree Connect AndX Request</code>. Examine both operations. Identify the name of
                 the user Account and what password was used. The Account name should be empty.
                 This is a <code class="constant">NULL</code> session setup packet.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Return to the packet capture sequence. There will be a number of packets that have been
                 decoded of the type <code class="constant">Session Setup AndX</code>. Locate the last such packet
                 that was targeted at the <code class="constant">\\MILGATE98\IPC$</code> service.
-                </p></li><li><p>
-                <a class="indexterm" name="id2627108"></a>
-                <a class="indexterm" name="id2627115"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id392331"></a>
+                <a class="indexterm" name="id392338"></a>
                 Dissect this packet as per the previous one. This packet should have a password length
                 of 24 (characters) and should have a password field, the contents of which is a
                 long hexadecimal number. Observe the name in the Account field. This is a User Mode
                 session setup packet.
-                </p></li></ol></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2627129"></a>Findings and Comments</h4></div></div></div><p>
-                <a class="indexterm" name="id2627138"></a>
-                The <code class="constant">IPC$</code> share serves a vital purpose<sup>[<a name="id2627149" href="#ftn.id2627149" class="footnote">15</a>]</sup>
+                </p></li></ol></div><div class="sect3" title="Findings and Comments"><div class="titlepage"><div><div><h4 class="title"><a name="id392350"></a>Findings and Comments</h4></div></div></div><p>
+                <a class="indexterm" name="id392358"></a>
+                The <code class="constant">IPC$</code> share serves a vital purpose<sup>[<a name="id392369" href="#ftn.id392369" class="footnote">15</a>]</sup>
                 in SMB/CIFS-based networking.  A Windows client connects to this resource to obtain the list of
                 resources that are available on the server. The server responds with the shares and print queues that
@@ -245 +245 @@
                 username and a <code class="constant">NULL</code> password.
                 </p><p>
-                <a class="indexterm" name="id2627169"></a>
+                <a class="indexterm" name="id392386"></a>
                 The two packets examined are material evidence of how Windows clients may
                 interoperate with Samba. Samba requires every connection setup to be authenticated using
@@ -252 +252 @@
                 account.
                 </p><p>
-            <a class="indexterm" name="id2627189"></a><a class="indexterm" name="id2627195"></a>
-            <a class="indexterm" name="id2627204"></a>
+            <a class="indexterm" name="id392403"></a><a class="indexterm" name="id392408"></a>
+            <a class="indexterm" name="id392417"></a>
                 Samba has a special name for the <code class="constant">NULL</code>, or empty, user account:
                 it calls it the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. The
@@ -262 +262 @@
                 <a class="link" href="primer.html#nullconnect" title="Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request">&#8220;Typical Windows 9x/Me NULL SessionSetUp AndX Request&#8221;</a>.
                 </p><div class="figure"><a name="nullconnect"></a><p class="title"><b>Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/NullConnect.png" width="221.4" alt="Typical Windows 9x/Me NULL SessionSetUp AndX Request"></div></div></div><br class="figure-break"><p>
-                <a class="indexterm" name="id2627289"></a>
-                <a class="indexterm" name="id2627296"></a>
-                <a class="indexterm" name="id2627303"></a>
+                <a class="indexterm" name="id392498"></a>
+                <a class="indexterm" name="id392505"></a>
+                <a class="indexterm" name="id392512"></a>
                 When a UNIX/Linux system does not have a <code class="constant">nobody</code> user account
                 (<code class="filename">/etc/passwd</code>), the operation of the <code class="constant">NULL</code>
@@ -272 +272 @@
                 is shown in <a class="link" href="primer.html#userconnect" title="Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request">&#8220;Typical Windows 9x/Me User SessionSetUp AndX Request&#8221;</a>.
                 </p><div class="figure"><a name="userconnect"></a><p class="title"><b>Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserConnect.png" width="221.4" alt="Typical Windows 9x/Me User SessionSetUp AndX Request"></div></div></div><br class="figure-break"><p>
-                <a class="indexterm" name="id2627380"></a>
+                <a class="indexterm" name="id392585"></a>
                 The User Mode connection packet contains the account name and the domain name.
                 The password is provided in Microsoft encrypted form, and its length is shown
                 as 24 characters. This is the length of Microsoft encrypted passwords.
-                </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2627394"></a>Windows 200x/XP Client Interaction with Samba-3</h3></div></div></div><p>
-        By now you may be asking, &#8220;<span class="quote">Why did you choose to work with Windows 9x/Me?</span>&#8221;
+                </p></div></div><div class="sect2" title="Windows 200x/XP Client Interaction with Samba-3"><div class="titlepage"><div><div><h3 class="title"><a name="id392597"></a>Windows 200x/XP Client Interaction with Samba-3</h3></div></div></div><p>
+        By now you may be asking, <span class="quote">&#8220;<span class="quote">Why did you choose to work with Windows 9x/Me?</span>&#8221;</span>
         </p><p>
         First, we want to demonstrate the simple case. This book is not intended to be a detailed treatise
@@ -291 +291 @@
         a domain member of either a Samba-controlled domain or a Windows NT4 or 200x Active Directory domain.
         Here we do not provide details for how to configure this, as full coverage is provided earlier in this book.
-        </p><div class="procedure"><a name="id2627437"></a><p class="title"><b>Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up"><a name="id392631"></a><p class="title"><b>Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Start your domain controller. Also, start the Wireshark monitoring machine, launch Wireshark,
                 and then wait for the next step to complete.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Start the Windows XP Client and wait 5 minutes before proceeding.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 On the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>),
                 launch <code class="literal">Wireshark</code> and click
@@ -302 +302 @@
                 </p><p>
                 Click:
-                </p><div class="orderedlist"><ol type="1"><li><p>Update list of packets in real time</p></li><li><p>Automatic scrolling in live capture</p></li><li><p>Enable MAC name resolution</p></li><li><p>Enable network name resolution</p></li><li><p>Enable transport name resolution</p></li></ol></div><p>
+                </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Update list of packets in real time</p></li><li class="listitem"><p>Automatic scrolling in live capture</p></li><li class="listitem"><p>Enable MAC name resolution</p></li><li class="listitem"><p>Enable network name resolution</p></li><li class="listitem"><p>Enable transport name resolution</p></li></ol></div><p>
                 Click <span class="guibutton">OK</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 On the Windows XP Professional client, press <span class="guimenu">Ctrl-Alt-Delete</span> to bring
                 up the domain logon screen. Log in using valid credentials for a domain user account.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Now proceed to connect to the domain controller as follows:
                 <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">(right-click) My Network Places</span> &#8594; <span class="guimenuitem">Explore</span> &#8594; <span class="guimenuitem">{Left Panel} [+] Entire Network</span> &#8594; <span class="guimenuitem">{Left Panel} [+] Microsoft Windows Network</span> &#8594; <span class="guimenuitem">{Left Panel} [+] Midearth</span> &#8594; <span class="guimenuitem">{Left Panel} [+] Frodo</span> &#8594; <span class="guimenuitem">{Left Panel} [+] data</span>. Close the explorer window.
@@ -313 +313 @@
                 In this step, our domain name is <code class="constant">Midearth</code>, the domain controller is called
                 <code class="constant">Frodo</code>, and we have connected to a share called <code class="constant">data</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Stop the capture on the <code class="literal">Wireshark</code> monitoring machine. Be sure to save the captured data
                 to a file so that you can refer to it again later.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 If desired, the Windows XP Professional client and the domain controller are no longer needed for exercises
                 in this chapter.
-                </p></li><li><p>
-                <a class="indexterm" name="id2627663"></a>
-                <a class="indexterm" name="id2627670"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id392845"></a>
+                <a class="indexterm" name="id392852"></a>
                 From the top of the packets captured, scan down to locate the first packet that has
                 interpreted as <code class="constant">Session Setup AndX Request, NTLMSSP_AUTH</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2627690"></a>
-                <a class="indexterm" name="id2627697"></a>
-                <a class="indexterm" name="id2627704"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id392870"></a>
+                <a class="indexterm" name="id392877"></a>
+                <a class="indexterm" name="id392884"></a>
                 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request</code>.
                 Expand the packet decode information, beginning at the <code class="constant">Security Blob:</code>
@@ -334 +334 @@
                 The <code class="constant">User name: NULL</code> so indicates. An example decode is shown in
                 <a class="link" href="primer.html#XPCap01" title="Figure 16.6. Typical Windows XP NULL Session Setup AndX Request">&#8220;Typical Windows XP NULL Session Setup AndX Request&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 Return to the packet capture sequence. There will be a number of packets that have been
                 decoded of the type <code class="constant">Session Setup AndX Request</code>. Click the last such packet that
                 has been decoded as <code class="constant">Session Setup AndX Request, NTLMSSP_AUTH</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2627766"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id392941"></a>
                 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request</code>.
                 Expand the packet decode information, beginning at the <code class="constant">Security Blob:</code>
@@ -349 +349 @@
                 The values of these two parameters are the Microsoft encrypted password hashes: respectively, the LanMan
                 password and then the NT (case-preserving) password hash.
-                </p></li><li><p>
-                <a class="indexterm" name="id2627828"></a>
-                <a class="indexterm" name="id2627835"></a>
+                </p></li><li class="step" title="Step 12"><p>
+                <a class="indexterm" name="id392995"></a>
+                <a class="indexterm" name="id393002"></a>
                 The passwords are 24-character hexadecimal numbers. This packet confirms that this is a User Mode
                 session setup packet.
-                </p></li></ol></div><div class="figure"><a name="XPCap01"></a><p class="title"><b>Figure 16.6. Typical Windows XP NULL Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-NullConnection.png" width="270" alt="Typical Windows XP NULL Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="figure"><a name="XPCap02"></a><p class="title"><b>Figure 16.7. Typical Windows XP User Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-UserConnection.png" width="270" alt="Typical Windows XP User Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2627931"></a>Discussion</h4></div></div></div><p><a class="indexterm" name="id2627938"></a>
+                </p></li></ol></div><div class="figure"><a name="XPCap01"></a><p class="title"><b>Figure 16.6. Typical Windows XP NULL Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-NullConnection.png" width="270" alt="Typical Windows XP NULL Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="figure"><a name="XPCap02"></a><p class="title"><b>Figure 16.7. Typical Windows XP User Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-UserConnection.png" width="270" alt="Typical Windows XP User Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="sect3" title="Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id393094"></a>Discussion</h4></div></div></div><p><a class="indexterm" name="id393101"></a>
                 This exercise demonstrates that, while the specific protocol for the Session Setup AndX is handled
                 in a more sophisticated manner by recent MS Windows clients, the underlying rules or principles
@@ -361 +361 @@
                 technology server (one using Windows NT4/200x or Samba). It also demonstrates that an authenticated
                 connection must be made before resources can be used.
-                </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2627962"></a>Conclusions to Exercises</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Conclusions to Exercises"><div class="titlepage"><div><div><h3 class="title"><a name="id393121"></a>Conclusions to Exercises</h3></div></div></div><p>
         In summary, the following points have been established in this chapter:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 When NetBIOS over TCP/IP protocols are enabled, MS Windows networking employs broadcast-oriented messaging protocols to provide knowledge of network services.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Network browsing protocols query information stored on browse masters that manage
                 information provided by NetBIOS Name Registrations and by way of ongoing host
                 announcements and workgroup announcements.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 All Samba servers must be configured with a mechanism for mapping the <code class="constant">NULL-Session</code>
                 to a valid but nonprivileged UNIX system account.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The use of Microsoft encrypted passwords is built right into the fabric of Windows
                 networking operations. Such passwords cannot be provided from the UNIX <code class="filename">/etc/passwd</code>
@@ -378 +378 @@
                 use. Samba-2.x permitted such encrypted passwords to be stored in the <code class="constant">smbpasswd</code>
                 file or in an LDAP database. Samba-3 permits use of multiple <em class="parameter"><code>passdb backend</code></em>
-                databases in concurrent deployment. Refer to <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 10, &#8220;<span class="quote">Account Information Databases.</span>&#8221;
-                </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="chap01conc"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2628050"></a>
+                databases in concurrent deployment. Refer to <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 10, <span class="quote">&#8220;<span class="quote">Account Information Databases.</span>&#8221;</span>
+                </p></li></ul></div></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="chap01conc"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id393199"></a>
         The exercises demonstrate the use of the <code class="constant">guest</code> account, the way that
         MS Windows clients and servers resolve computer names to a TCP/IP address, and how connections
@@ -388 +388 @@
         the Microsoft knowledgebase article
         <a class="ulink" href="http://support.microsoft.com/support/kb/articles/Q102/78/8.asp" target="_top">Q102878.</a>
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2628077"></a>Technical Issues</h3></div></div></div><p>
-                <a class="indexterm" name="id2628085"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id393223"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id393231"></a>
                 Network browsing involves SMB broadcast announcements, SMB enumeration requests,
                 connections to the <code class="constant">IPC$</code> share, share enumerations, and SMB connection
                 setup processes. The use of anonymous connections to a Samba server involve the use of
                 the <em class="parameter"><code>guest account</code></em> that must map to a valid UNIX UID.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="chap01qa"></a>Questions and Answers</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="chap01qa"></a>Questions and Answers</h2></div></div></div><p>
         The questions and answers given in this section are designed to highlight important aspects of Microsoft
         Windows networking.
-        </p><div class="qandaset"><dl><dt> <a href="primer.html#id2628131">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id393266"></a><dl><dt> <a href="primer.html#id393272">
                 What is the significance of the MIDEARTH&lt;1b&gt; type query?
-                </a></dt><dt> <a href="primer.html#id2628177">
+                </a></dt><dt> <a href="primer.html#id393315">
                 What is the significance of the MIDEARTH&lt;1d&gt; type name registration?
-                </a></dt><dt> <a href="primer.html#id2628251">
+                </a></dt><dt> <a href="primer.html#id393382">
                 What is the role and significance of the &lt;01&gt;&lt;02&gt;__MSBROWSE__&lt;02&gt;&lt;01&gt;
                 name registration?
-                </a></dt><dt> <a href="primer.html#id2628284">
+                </a></dt><dt> <a href="primer.html#id393410">
                 What is the significance of the MIDEARTH&lt;1e&gt; type name registration?
-                </a></dt><dt> <a href="primer.html#id2628315">
+                </a></dt><dt> <a href="primer.html#id393437">
                 
                 What is the significance of the guest account in smb.conf?
-                </a></dt><dt> <a href="primer.html#id2628393">
+                </a></dt><dt> <a href="primer.html#id393508">
                 Is it possible to reduce network broadcast activity with Samba-3?
-                </a></dt><dt> <a href="primer.html#id2628502">
+                </a></dt><dt> <a href="primer.html#id393609">
                 Can I just use plain-text passwords with Samba?
-                </a></dt><dt> <a href="primer.html#id2628589">
+                </a></dt><dt> <a href="primer.html#id393684">
                 What parameter in the smb.conf file is used to enable the use of encrypted passwords?
-                </a></dt><dt> <a href="primer.html#id2628630">
+                </a></dt><dt> <a href="primer.html#id393723">
                 Is it necessary to specify encrypt passwords = Yes
                 when Samba-3 is configured as a domain member?
-                </a></dt><dt> <a href="primer.html#id2628662">
+                </a></dt><dt> <a href="primer.html#id393753">
                 Is it necessary to specify a guest account when Samba-3 is configured
                 as a domain member server?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2628131"></a><a name="id2628133"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id393272"></a><a name="id393275"></a></td><td align="left" valign="top"><p>
                 What is the significance of the MIDEARTH&lt;1b&gt; type query?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2628145"></a>
-                <a class="indexterm" name="id2628155"></a>
+                <a class="indexterm" name="id393286"></a>
+                <a class="indexterm" name="id393296"></a>
                 This is a broadcast announcement by which the Windows machine is attempting to
                 locate a Domain Master Browser (DMB) in the event that it might exist on the network.
-                Refer to <span class="emphasis"><em>TOSHARG2,</em></span> Chapter 9, Section 9.7, &#8220;<span class="quote">Technical Overview of Browsing,</span>&#8221;
+                Refer to <span class="emphasis"><em>TOSHARG2,</em></span> Chapter 9, Section 9.7, <span class="quote">&#8220;<span class="quote">Technical Overview of Browsing,</span>&#8221;</span>
                 for details regarding the function of the DMB and its role in network browsing.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628177"></a><a name="id2628179"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393315"></a><a name="id393317"></a></td><td align="left" valign="top"><p>
                 What is the significance of the MIDEARTH&lt;1d&gt; type name registration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2628192"></a>
-                <a class="indexterm" name="id2628201"></a>
+                <a class="indexterm" name="id393329"></a>
+                <a class="indexterm" name="id393338"></a>
                 This name registration records the machine IP addresses of the LMBs.
                 Network clients can query this name type to obtain a list of browser servers from the
@@ -442 +442 @@
                 collating the information contained within them. Using this information, it can provide answers to other Windows
                 network clients that request information such as:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         The list of machines known to the LMB (i.e., the browse list)
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The IP addresses of all domain controllers known for the domain
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The IP addresses of LMBs
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The IP address of the DMB (if one exists)
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The IP address of the LMB on the local segment
-                        </p></li></ul></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628251"></a><a name="id2628254"></a></td><td align="left" valign="top"><p>
+                        </p></li></ul></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id393382"></a><a name="id393384"></a></td><td align="left" valign="top"><p>
                 What is the role and significance of the &lt;01&gt;&lt;02&gt;__MSBROWSE__&lt;02&gt;&lt;01&gt;
                 name registration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2628269"></a>
+                <a class="indexterm" name="id393397"></a>
                 This name is registered by the browse master to broadcast and receive domain announcements.
                 Its scope is limited to the local network segment, or subnet. By querying this name type,
                 master browsers on networks that have multiple domains can find the names of master browsers
                 for each domain.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628284"></a><a name="id2628286"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393410"></a><a name="id393412"></a></td><td align="left" valign="top"><p>
                 What is the significance of the MIDEARTH&lt;1e&gt; type name registration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2628298"></a>
+                <a class="indexterm" name="id393423"></a>
                 This name is registered by all browse masters in a domain or workgroup. The registration
                 name type is known as the Browser Election Service. Master browsers register themselves
                 with this name type so that DMBs can locate them to perform cross-subnet
                 browse list updates. This name type is also used to initiate elections for Master Browsers.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628315"></a><a name="id2628317"></a></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2628321"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393437"></a><a name="id393439"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id393443"></a>
                 What is the significance of the <em class="parameter"><code>guest account</code></em> in smb.conf?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -483 +483 @@
                 or there must be an entry in the <code class="filename">smb.conf</code> file with a valid UNIX account, such as
                 <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account = ftp</a>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628393"></a><a name="id2628395"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393508"></a><a name="id393510"></a></td><td align="left" valign="top"><p>
                 Is it possible to reduce network broadcast activity with Samba-3?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2628407"></a>
-                <a class="indexterm" name="id2628413"></a>
+                <a class="indexterm" name="id393521"></a>
+                <a class="indexterm" name="id393528"></a>
                 Yes, there are two ways to do this. The first involves use of WINS (See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9,
-                Section 9.5, &#8220;<span class="quote">WINS  The Windows Inter-networking Name Server</span>&#8221;); the
+                Section 9.5, <span class="quote">&#8220;<span class="quote">WINS  The Windows Inter-networking Name Server</span>&#8221;</span>); the
                 alternate method involves disabling the use of NetBIOS over TCP/IP. This second method requires
-                a correctly configured DNS server (see <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, Section 9.3, &#8220;<span class="quote">Discussion</span>&#8221;).
-                </p><p>
-                <a class="indexterm" name="id2628445"></a>
-                <a class="indexterm" name="id2628452"></a>
-                <a class="indexterm" name="id2628461"></a>
+                a correctly configured DNS server (see <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, Section 9.3, <span class="quote">&#8220;<span class="quote">Discussion</span>&#8221;</span>).
+                </p><p>
+                <a class="indexterm" name="id393558"></a>
+                <a class="indexterm" name="id393564"></a>
+                <a class="indexterm" name="id393573"></a>
                 The use of WINS reduces network broadcast traffic. The reduction is greatest when all network
                 clients are configured to operate in <em class="parameter"><code>Hybrid Mode</code></em>. This can be effected through
                 use of DHCP to set the NetBIOS node type to type 8 for all network clients. Additionally, it is
                 beneficial to configure Samba to use <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order = wins host cast</a>.
-                </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 Use of SMB without NetBIOS is possible only on Windows 200x/XP Professional clients and servers, as
                 well as with Samba-3.
-                </p></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628502"></a><a name="id2628504"></a></td><td align="left" valign="top"><p>
+                </p></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id393609"></a><a name="id393611"></a></td><td align="left" valign="top"><p>
                 Can I just use plain-text passwords with Samba?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -526 +526 @@
                 PDC/BDC to provide Windows user and group accounts, the <em class="parameter"><code>idmap uid, idmap gid</code></em> ranges
                 set in the <code class="filename">smb.conf</code> file provide the local UID/GIDs needed for local identity management purposes.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628589"></a><a name="id2628591"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393684"></a><a name="id393686"></a></td><td align="left" valign="top"><p>
                 What parameter in the <code class="filename">smb.conf</code> file is used to enable the use of encrypted passwords?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 The parameter in the <code class="filename">smb.conf</code> file that controls this behavior is known as <em class="parameter"><code>encrypt
                 passwords</code></em>. The default setting for this in Samba-3 is <code class="constant">Yes (Enabled)</code>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628630"></a><a name="id2628632"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393723"></a><a name="id393725"></a></td><td align="left" valign="top"><p>
                 Is it necessary to specify <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = Yes</a>
                 when Samba-3 is configured as a domain member?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 No. This is the default behavior.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2628662"></a><a name="id2628664"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393753"></a><a name="id393756"></a></td><td align="left" valign="top"><p>
                 Is it necessary to specify a <em class="parameter"><code>guest account</code></em> when Samba-3 is configured
                 as a domain member server?
@@ -544 +544 @@
                 necessary to provide a <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account = an_account</a>,
                 where <code class="constant">an_account</code> is a valid local UNIX user account.
-                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2627149" href="#id2627149" class="para">15</a>] </sup>TOSHARG2, Sect 4.5.1</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. A Collection of Useful Tidbits </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A. 
-    GNU General Public License version 3
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id392369" href="#id392369" class="para">15</a>] </sup>TOSHARG2, Sect 4.5.1</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. A Collection of Useful Tidbits </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A. 
+    <acronym class="acronym">GNU</acronym> General Public License version 3
   </td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/secure.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id2558563">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558614">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2558848">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558863">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2559289">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2559329">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2560183">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2564645">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2564707">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 3. Secure Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id330143">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330177">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330386">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330398">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id330742">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330776">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id331530">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id335513">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id335566">Questions and Answers</a></span></dt></dl></div><p>
         Congratulations, your Samba networking skills are developing nicely. You started out
         with three simple networks in <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">&#8220;No-Frills Samba Servers&#8221;</a>, and then in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">&#8220;Small Office Networking&#8221;</a>
@@ -12 +12 @@
         To avoid confusion, this book is all about Samba-3. Let's get the exercises in this 
         chapter underway.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2558563"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id330143"></a>Introduction</h2></div></div></div><p>
         You have made Mr. Meany a very happy man. Recently he paid you a fat bonus for work 
         well done. It is one year since the last network upgrade. You have been quite busy. 
@@ -41 +41 @@
         about your move, she almost resigned, although she was reassured that a new manager would
         be hired to run Information Technology, and she would be responsible only for operations.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558614"></a>Assignment Tasks</h3></div></div></div><p>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id330177"></a>Assignment Tasks</h3></div></div></div><p>
                 You promised the staff Internet services including Web browsing, electronic mail, virus
                 protection, and a company Web site.  Christine is eager to help turn the vision into 
@@ -84 +84 @@
                 some problems with desktop computers and software installation into the new users' 
                 desktop profiles.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2558848"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id330386"></a>Dissection and Discussion</h2></div></div></div><p>
         Many of the conclusions you draw here are obvious. Some requirements are not very clear
         or may simply be your means of drawing the most out of Samba-3. Much can be done more simply
@@ -90 +90 @@
         users. This means that some functionality will be overdesigned for the current 130-user
         environment.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558863"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id330398"></a>Technical Issues</h3></div></div></div><p>
                 In this exercise we use a 24-bit subnet mask for the two local networks. This,
                 of course, limits our network to a maximum of 253 usable IP addresses. The network
@@ -98 +98 @@
                 in the 172.16.0.0/16 range. This is done in subsequent chapters.
                 </p><p>
-                <a class="indexterm" name="id2558881"></a>
-                <a class="indexterm" name="id2558888"></a>
+                <a class="indexterm" name="id330412"></a>
+                <a class="indexterm" name="id330419"></a>
                 The high growth rates projected are a good reason to use the <code class="constant">tdbsam</code>
                 passdb backend. The use of <code class="constant">smbpasswd</code> for the backend may result in
@@ -105 +105 @@
                 are not available with the older, flat ASCII-based <code class="constant">smbpasswd</code> database.
                 </p><p>
-                <a class="indexterm" name="id2558914"></a>
+                <a class="indexterm" name="id330443"></a>
                 The proposed network design uses a single server to act as an Internet services host for
                 electronic mail, Web serving, remote administrative access via SSH, 
@@ -118 +118 @@
                 directly connected to the Internet.
                 </p><p>
-                <a class="indexterm" name="id2558939"></a>
-                <a class="indexterm" name="id2558945"></a>
-                <a class="indexterm" name="id2558952"></a>
-                <a class="indexterm" name="id2558960"></a>
+                <a class="indexterm" name="id330462"></a>
+                <a class="indexterm" name="id330469"></a>
+                <a class="indexterm" name="id330475"></a>
+                <a class="indexterm" name="id330483"></a>
                 You know that your ISP is providing full firewall services, but you cannot rely on that.
                 Always assume that human error will occur, so be prepared by using Linux firewall facilities
@@ -132 +132 @@
                 covered except insofar as this affects Samba-3.
                 </p><p>
-                <a class="indexterm" name="id2558989"></a>
+                <a class="indexterm" name="id330507"></a>
                 Notebook computers are configured to use a network login when in the office and a
                 local account to log in while away from the office. Users store all work done in
@@ -142 +142 @@
                 records.
                 </p><p>
-                <a class="indexterm" name="id2559020"></a>
+                <a class="indexterm" name="id330527"></a>
                 All applications are served from the central server from a share called <code class="constant">apps</code>.
                 Microsoft Office XP Professional and OpenOffice 1.1.0 will be installed using a network 
@@ -149 +149 @@
                 locally installed applications on a need-to-have basis only.
                 </p><p>
-                <a class="indexterm" name="id2559039"></a>
+                <a class="indexterm" name="id330543"></a>
                 The introduction of roaming profiles support means that users can move between
                 desktop computer systems without constraint while retaining full access to their data.
                 The desktop travels with them as they move.
                 </p><p>
-                <a class="indexterm" name="id2559052"></a>
+                <a class="indexterm" name="id330555"></a>
                 The DNS server implementation must now address both internal and external
                 needs. You forward DNS lookups to your ISP-provided server as well as the 
                 <code class="constant">abmas.us</code> external secondary DNS server.
                 </p><p>
-                <a class="indexterm" name="id2559069"></a>
-                <a class="indexterm" name="id2559075"></a>
-                <a class="indexterm" name="id2559083"></a>
+                <a class="indexterm" name="id330569"></a>
+                <a class="indexterm" name="id330575"></a>
+                <a class="indexterm" name="id330584"></a>
                 Compared with the DHCP server configuration in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">&#8220;Small Office Networking&#8221;</a>, <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>, the 
                 configuration used in this example has to deal with the presence of an Internet connection.
@@ -185 +185 @@
                 then clone that configuration, using Norton Ghost, to all workstations. Each machine is
                 identical, so this should pose no problem.
-                </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2559135"></a>Hardware Requirements</h4></div></div></div><p>
-                <a class="indexterm" name="id2559143"></a>
+                </p><div class="sect3" title="Hardware Requirements"><div class="titlepage"><div><div><h4 class="title"><a name="id330622"></a>Hardware Requirements</h4></div></div></div><p>
+                <a class="indexterm" name="id330630"></a>
                 This server runs a considerable number of services. From similarly configured Linux
                 installations, the approximate calculated memory requirements are as shown in
@@ -214 +214 @@
                 compromise in this area.
                 </p><p>
-                <a class="indexterm" name="id2559194"></a>
+                <a class="indexterm" name="id330669"></a>
                 Aggregate input/output loads should be considered for sizing network configuration as 
                 well as disk subsystems. For network bandwidth calculations, one would typically use an
@@ -223 +223 @@
                 switched ports.
                 </p><p>
-                <a class="indexterm" name="id2559213"></a>
-                <a class="indexterm" name="id2559219"></a>
+                <a class="indexterm" name="id330683"></a>
+                <a class="indexterm" name="id330689"></a>
                 Considering the choice of 1 Gb Ethernet interfaces for the two local network segments,
                 the aggregate network I/O capacity will be 2100 Mb/sec (about 230 MB/sec), an I/O
@@ -256 +256 @@
                        Recommended Storage:              908 GBytes
 </pre></div></div><p><br class="example-break">
-                <a class="indexterm" name="id2559277"></a>
+                <a class="indexterm" name="id330731"></a>
                 The preferred storage capacity should be approximately 1 Terabyte. Use of RAID level 5
                 with two hot spare drives would require an 8-drive by 200 GB capacity per drive array.
-                </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559289"></a>Political Issues</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id330742"></a>Political Issues</h3></div></div></div><p>
                 Your industry is coming under increasing accountability pressures. Increased paranoia
                 is necessary so you can demonstrate that you have acted with due diligence. You must
@@ -268 +268 @@
                 gives you greater control over software licensing.
                 </p><p>
-                <a class="indexterm" name="id2559311"></a>
+                <a class="indexterm" name="id330760"></a>
                 You are well aware that the current configuration results in some performance issues
                 as the size of the desktop profile grows. Given that users use Microsoft Outlook
                 Express, you know that the storage implications of the <code class="constant">.PST</code> file
                 is something that needs to be addressed later.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2559329"></a>Implementation</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id330776"></a>Implementation</h2></div></div></div><p>
         <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">&#8220;Abmas Network Topology  130 Users&#8221;</a> demonstrates the overall design of the network that you will implement.
         </p><p>
@@ -284 +284 @@
         </p><p>
         The <code class="filename">smb.conf</code> file has the following noteworthy features:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 The NetBIOS name of the Samba server is set to <code class="constant">DIAMOND</code>.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The Domain name is set to <code class="constant">PROMISES</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559386"></a>
-                <a class="indexterm" name="id2559392"></a>
-                <a class="indexterm" name="id2559398"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id330826"></a>
+                <a class="indexterm" name="id330832"></a>
+                <a class="indexterm" name="id330838"></a>
                 Ethernet interface <code class="constant">eth0</code> is attached to the Internet connection
                 and is externally exposed. This interface is explicitly not available for Samba to use.
@@ -298 +298 @@
                 This is achieved by way of the <em class="parameter"><code>interfaces</code></em> parameter and the
                 <em class="parameter"><code>bind interfaces only</code></em> entry.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559431"></a>
-                <a class="indexterm" name="id2559438"></a>
-                <a class="indexterm" name="id2559444"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id330868"></a>
+                <a class="indexterm" name="id330874"></a>
+                <a class="indexterm" name="id330881"></a>
                 The <em class="parameter"><code>passdb backend</code></em> parameter specifies the creation and use
                 of the <code class="constant">tdbsam</code> password backend. This is a binary database that
                 has excellent scalability for a large number of user account entries.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559466"></a>
-                <a class="indexterm" name="id2559472"></a>
-                <a class="indexterm" name="id2559478"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id330901"></a>
+                <a class="indexterm" name="id330907"></a>
+                <a class="indexterm" name="id330913"></a>
                 WINS serving is enabled by the <a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = Yes</a>,
                 and name resolution is set to use it by means of the
                 <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order = wins bcast hosts</a> entry.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559508"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id330940"></a>
                 The Samba server is configured for use by Windows clients as a time server.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559520"></a>
-                <a class="indexterm" name="id2559526"></a>
-                <a class="indexterm" name="id2559532"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id330950"></a>
+                <a class="indexterm" name="id330957"></a>
+                <a class="indexterm" name="id330963"></a>
                 Samba is configured to directly interface with CUPS via the direct internal interface
                 that is provided by CUPS libraries. This is achieved with the 
                 <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing = CUPS</a> as well as the
                 <a class="link" href="smb.conf.5.html#PRINTCAPNAME" target="_top">printcap name = CUPS</a> entries.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559563"></a>
-                <a class="indexterm" name="id2559569"></a>
-                <a class="indexterm" name="id2559576"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id330990"></a>
+                <a class="indexterm" name="id330996"></a>
+                <a class="indexterm" name="id331003"></a>
                 External interface scripts are provided to enable Samba to interface smoothly to
                 essential operating system functions for user and group management. This is important
@@ -334 +334 @@
                 downloaded from the Microsoft FTP
                 <a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">site</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559605"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id331028"></a>
                 The <code class="filename">smb.conf</code> file specifies that the Samba server will operate in (default) <em class="parameter"><code>
-                security = user</code></em> mode<sup>[<a name="id2559623" href="#ftn.id2559623" class="footnote">5</a>]</sup>
+                security = user</code></em> mode<sup>[<a name="id331045" href="#ftn.id331045" class="footnote">5</a>]</sup>
                 (User Mode).
-                </p></li><li><p>
-                <a class="indexterm" name="id2559640"></a>
-                <a class="indexterm" name="id2559646"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id331061"></a>
+                <a class="indexterm" name="id331067"></a>
                 Domain logon services as well as a Domain logon script are specified. The logon script
                 will be used to add robustness to the overall network configuration.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559659"></a>
-                <a class="indexterm" name="id2559665"></a>
-                <a class="indexterm" name="id2559672"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id331079"></a>
+                <a class="indexterm" name="id331085"></a>
+                <a class="indexterm" name="id331092"></a>
                 Roaming profiles are enabled through the specification of the parameter,
                 <a class="link" href="smb.conf.5.html#LOGONPATH" target="_top">logon path = \\%L\profiles\%U</a>. The value of this parameter translates the
@@ -356 +356 @@
                 profile share for each user. This directory must be owned by the user also. An exception to this
                 requirement is when a profile is created for group use.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559712"></a>
-                <a class="indexterm" name="id2559718"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id331124"></a>
+                <a class="indexterm" name="id331130"></a>
                 Precautionary veto is effected for particular Windows file names that have been targeted by 
                 virus-related activity. Additionally, Microsoft Office files are vetoed from opportunistic locking
                 controls. This should help to prevent lock contention-related file access problems.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Every user has a private home directory on the UNIX/Linux host. This is mapped to
                 a network drive that is the same for all users.
                 </p></li></ul></div><p>
         The configuration of the server is the most complex so far. The following steps are used:
-        </p><div class="orderedlist"><ol type="1"><li><p>
+        </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
                 Basic System Configuration
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Samba Configuration
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 DHCP and DNS Server Configuration
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Printer Configuration
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Process Start-up Configuration
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Validation
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Application Share Configuration
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Windows Client Configuration
                 </p></li></ol></div><p>
         The following sections cover each step in logical and defined detail.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2559803"></a>
+        </p><div class="sect2" title="Basic System Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id331207"></a>
         The preparation in this section assumes that your SUSE Enterprise Linux Server 8.0 system has been
         freshly installed. It prepares basic files so that the system is ready for comprehensive
         operation in line with the network diagram shown in <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">&#8220;Abmas Network Topology  130 Users&#8221;</a>.
-        </p><div class="procedure"><a name="id2559820"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2559830"></a>
+        </p><div class="procedure" title="Procedure 3.1. Server Configuration Steps"><a name="id331220"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id331231"></a>
                 Using the UNIX/Linux system tools, name the server <code class="constant">server.abmas.us</code>.
                 Verify that your hostname is correctly set by running:
@@ -403 +403 @@
 server.abmas.us
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2559870"></a>
-                <a class="indexterm" name="id2559877"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id331268"></a>
+                <a class="indexterm" name="id331274"></a>
                 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses
                 of all network interfaces that are on the host server. This is necessary so that during
@@ -426 +426 @@
 192.168.2.30    hplj6f.abmas.biz hplj6f
 </pre><p>
-                <a class="indexterm" name="id2559928"></a>
-                <a class="indexterm" name="id2559934"></a>
-                <a class="indexterm" name="id2559940"></a>
+                <a class="indexterm" name="id331319"></a>
+                <a class="indexterm" name="id331325"></a>
+                <a class="indexterm" name="id331332"></a>
                 The printer entries are not necessary if <code class="literal">named</code> is started prior to
                 startup of <code class="literal">cupsd</code>, the CUPS daemon.
-                </p></li><li><p>
-                <a class="indexterm" name="id2559965"></a>
-                <a class="indexterm" name="id2559971"></a>
-                <a class="indexterm" name="id2559978"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id331354"></a>
+                <a class="indexterm" name="id331361"></a>
+                <a class="indexterm" name="id331367"></a>
                 The host server is acting as a router between the two internal network segments as well
                 as for all Internet access. This necessitates that IP forwarding be enabled. This can be
@@ -443 +443 @@
                 To ensure that your kernel is capable of IP forwarding during configuration, you may 
                 wish to execute that command manually also. This setting permits the Linux system to 
-                act as a router.<sup>[<a name="id2560004" href="#ftn.id2560004" class="footnote">6</a>]</sup>
-                </p></li><li><p>
-                <a class="indexterm" name="id2560016"></a>
-                <a class="indexterm" name="id2560023"></a>
+                act as a router.<sup>[<a name="id331388" href="#ftn.id331388" class="footnote">6</a>]</sup>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id331400"></a>
+                <a class="indexterm" name="id331406"></a>
                 Installation of a basic firewall and NAT facility is necessary.
                 The following script can be installed in the <code class="filename">/usr/local/sbin</code>
@@ -498 +498 @@
 echo -e "\nNAT firewall done.\n"
 </pre></div></div><p><br class="example-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Execute the following to make the script executable:
 </p><pre class="screen">
@@ -525 +525 @@
 </pre><p>
                 </p></li></ol></div><p>
-        <a class="indexterm" name="id2560162"></a>
+        <a class="indexterm" name="id331512"></a>
         The server is now ready for Samba configuration. During the validation step, you remove
         the entry for the Samba server <code class="constant">diamond</code> from the <code class="filename">/etc/hosts</code>
         file. This is done after you are satisfied that DNS-based name resolution is functioning correctly.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560183"></a>Samba Configuration</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id331530"></a>Samba Configuration</h3></div></div></div><p>
         When you have completed this section, the Samba server is ready for testing and validation;
         however, testing and validation have to wait until DHCP, DNS, and printing (CUPS) services have 
         been configured.
-        </p><div class="procedure"><a name="id2560195"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 3.2. Samba Configuration Steps"><a name="id331541"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the Samba-3 binary RPM from the Samba-Team FTP site. Assuming that the binary
                 RPM file is called <code class="filename">samba-3.0.20-1.i386.rpm</code>, one way to install this
@@ -543 +543 @@
                 Successful operation is clearly indicated. If this installation should fail for any reason,
                 refer to the operating system manufacturer's documentation for guidance.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Install the <code class="filename">smb.conf</code> file shown in <a class="link" href="secure.html#promisnet" title="Example 3.4. 130 User Network with tdbsam [globals] Section">&#8220;130 User Network with tdbsam  [globals] Section&#8221;</a>, <a class="link" href="secure.html#promisnetsvca" title="Example 3.5. 130 User Network with tdbsam Services Section Part A">&#8220;130 User Network with tdbsam  Services Section Part A&#8221;</a>,
                 and <a class="link" href="secure.html#promisnetsvcb" title="Example 3.6. 130 User Network with tdbsam Services Section Part B">&#8220;130 User Network with tdbsam  Services Section Part B&#8221;</a>. Concatenate (join) all three files to make a single <code class="filename">smb.conf</code>
                 file. The final, fully qualified path for this file should be <code class="filename">/etc/samba/smb.conf</code>.
 
-</p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2560301"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id2560311"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id2560322"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2560332"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560342"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2560353"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560363"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id2560374"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id2560385"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2560396"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560407"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2560417"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2560428"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2560439"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2560449"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2560460"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2560471"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560481"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2560492"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2560503"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560514"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560525"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2560536"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2560548"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560559"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560571"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2560582"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2560593"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2560604"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2560616"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2560626"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2560636"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560647"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560657"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560668"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560678"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560688"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2560699"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2560709"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2560720"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">
-
-</p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2560759"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2560770"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2560780"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2560791"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2560809"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2560820"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2560830"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560841"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560851"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560861"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560872"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2560891"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2560901"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2560912"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560922"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2560941"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2560952"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2560963"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2560973"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2560992"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561002"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2561013"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">
-
-</p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2561051"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561062"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2561072"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2561091"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561102"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2561112"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2561131"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561141"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2561152"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2561162"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">
-                </p></li><li><p>
-              <a class="indexterm" name="id2561180"></a><a class="indexterm" name="id2561185"></a>
+</p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id331640"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id331650"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id331661"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id331671"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331682"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id331692"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331702"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id331713"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id331724"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id331734"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331745"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id331755"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id331766"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id331776"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id331786"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id331797"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id331807"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331818"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id331828"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id331838"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331849"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331859"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id331870"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id331880"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331891"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331902"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id331912"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id331923"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id331933"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id331944"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id331954"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id331964"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331975"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331985"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331996"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332006"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332016"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id332027"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id332037"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id332048"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">
+
+</p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id332085"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id332096"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id332106"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id332117"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id332135"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id332146"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id332156"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332167"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332177"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332187"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332198"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id332217"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id332227"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id332237"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332248"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id332267"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id332277"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id332287"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id332298"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id332317"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id332327"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id332337"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">
+
+</p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id332375"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id332386"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id332396"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id332415"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id332425"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id332436"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id332454"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id332465"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id332475"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332486"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">
+                </p></li><li class="step" title="Step 3"><p>
+              <a class="indexterm" name="id332503"></a><a class="indexterm" name="id332508"></a>
                 Add the <code class="constant">root</code> user to the password backend as follows:
 </p><pre class="screen">
@@ -566 +566 @@
                 deleted. If for any reason the account is deleted, you may not be able to recreate this account
                 without considerable trouble.
-                </p></li><li><p>
-                <a class="indexterm" name="id2561229"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id332548"></a>
                 Create the username map file to permit the <code class="constant">root</code> account to be called
                 <code class="constant">Administrator</code> from the Windows network environment. To do this, create
@@ -593 +593 @@
 ####
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2561271"></a>
-                <a class="indexterm" name="id2561277"></a>
-                <a class="indexterm" name="id2561288"></a>
-                <a class="indexterm" name="id2561298"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id332583"></a>
+                <a class="indexterm" name="id332590"></a>
+                <a class="indexterm" name="id332600"></a>
+                <a class="indexterm" name="id332611"></a>
                 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">&#8220;Small Office Networking&#8221;</a>,
                 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">&#8220;Script to Map Windows NT Groups to UNIX Groups&#8221;</a>. Create a file containing this script. We called ours
@@ -603 +603 @@
                 and then execute the script. Sample output should be as follows:
 
-</p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id2561336"></a><pre class="screen">
+</p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id332645"></a><pre class="screen">
 #!/bin/bash
 #
@@ -655 +655 @@
 Users (S-1-5-32-545) -&gt; -1
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2561409"></a>
-                <a class="indexterm" name="id2561415"></a>
-                <a class="indexterm" name="id2561421"></a>
-                <a class="indexterm" name="id2561427"></a>
-                <a class="indexterm" name="id2561434"></a>
-                <a class="indexterm" name="id2561440"></a>
-                <a class="indexterm" name="id2561448"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id332701"></a>
+                <a class="indexterm" name="id332708"></a>
+                <a class="indexterm" name="id332714"></a>
+                <a class="indexterm" name="id332720"></a>
+                <a class="indexterm" name="id332726"></a>
+                <a class="indexterm" name="id332733"></a>
+                <a class="indexterm" name="id332741"></a>
                 There is one preparatory step without which you will not have a working Samba 
                 network environment. You must add an account for each network user. 
@@ -686 +686 @@
 </pre><p>
                 You do of course use a valid user login ID in place of <em class="parameter"><code>username</code></em>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2561553"></a>
-                <a class="indexterm" name="id2561561"></a>
-                <a class="indexterm" name="id2561569"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id332838"></a>
+                <a class="indexterm" name="id332846"></a>
+                <a class="indexterm" name="id332854"></a>
                 Using the preferred tool for your UNIX system, add each user to the UNIX groups created
                 previously as necessary. File system access control will be based on UNIX group membership.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Create the directory mount point for the disk subsystem that can be mounted to provide
                 data storage for company files. In this case the mount point is indicated in the <code class="filename">smb.conf</code>
                 file is <code class="filename">/data</code>. Format the file system as required, and mount the formatted
                 file system partition using appropriate system tools.
-                </p></li><li><p>
-                <a class="indexterm" name="id2561609"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id332889"></a>
                 Create the top-level file storage directories for data and applications as follows:
 </p><pre class="screen">
@@ -715 +715 @@
                 The <code class="filename">/apps</code> directory is the root of the <code class="constant">apps</code> share
                 that provides the application server infrastructure.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 The <code class="filename">smb.conf</code> file specifies an infrastructure to support roaming profiles and network
                 logon services. You can now create the file system infrastructure to provide the
@@ -738 +738 @@
 <code class="prompt">root# </code> chmod ug+wrx,o+rx,-w /var/lib/samba/profiles/'username'
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2561803"></a>
-                <a class="indexterm" name="id2561809"></a>
-                <a class="indexterm" name="id2561815"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id333063"></a>
+                <a class="indexterm" name="id333069"></a>
+                <a class="indexterm" name="id333075"></a>
                 Create a logon script. It is important that each line is correctly terminated with
                 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure
@@ -757 +757 @@
         &gt; /var/lib/samba/netlogon/scripts/logon.bat
 </pre><p>
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4dhcpdns"></a>Configuration of DHCP and DNS Servers</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Configuration of DHCP and DNS Servers"><div class="titlepage"><div><div><h3 class="title"><a name="ch4dhcpdns"></a>Configuration of DHCP and DNS Servers</h3></div></div></div><p>
         DHCP services are a basic component of the entire network client installation. DNS operation is
         foundational to Internet access as well as to trouble-free operation of local networking. When
         you have completed this section, the server should be ready for solid duty operation.
-        </p><div class="procedure"><a name="id2561886"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2561897"></a>
+        </p><div class="procedure" title="Procedure 3.3. DHCP and DNS Server Configuration Steps"><a name="id333134"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id333145"></a>
                 Create a file called <code class="filename">/etc/dhcpd.conf</code> with the contents as
                 shown in <a class="link" href="secure.html#prom-dhcp" title="Example 3.8. DHCP Server Configuration File /etc/dhcpd.conf">&#8220;DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
@@ -812 +812 @@
         }
 </pre></div></div><p><br class="example-break">
-                </p></li><li><p>
-                <a class="indexterm" name="id2561972"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id333199"></a>
                 Create a file called <code class="filename">/etc/named.conf</code> that has the combined contents
                 of the <a class="link" href="secure.html#ch4namedcfg" title="Example 3.9. DNS Master Configuration File /etc/named.conf Master Section">&#8220;DNS Master Configuration File  /etc/named.conf Master Section&#8221;</a>, <a class="link" href="secure.html#ch4namedvarfwd" title="Example 3.10. DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section">&#8220;DNS Master Configuration File  /etc/named.conf Forward Lookup Definition Section&#8221;</a>, and
                 <a class="link" href="secure.html#ch4namedvarrev" title="Example 3.11. DNS Master Configuration File /etc/named.conf Reverse Lookup Definition Section">&#8220;DNS Master Configuration File  /etc/named.conf Reverse Lookup Definition Section&#8221;</a> files that are concatenated (merged) in this
                 specific order.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Create the files shown in their respective directories as shown in <a class="link" href="secure.html#namedrscfiles" title="Table 3.2. DNS (named) Resource Files">DNS
                 (named) Resource Files</a>.
@@ -824 +824 @@
                         </p><div class="table"><a name="namedrscfiles"></a><p class="title"><b>Table 3.2. DNS (named) Resource Files</b></p><div class="table-contents"><table summary="DNS (named) Resource Files" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Reference</th><th align="left">File Location</th></tr></thead><tbody><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a></td><td align="left">/var/lib/named/localhost.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a></td><td align="left">/var/lib/named/127.0.0.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a></td><td align="left">/var/lib/named/root.hint</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">&#8220;DNS Abmas.biz Forward Zone File&#8221;</a></td><td align="left">/var/lib/named/master/abmas.biz.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasus" title="Example 3.15. DNS Abmas.us Forward Zone File">&#8220;DNS Abmas.us Forward Zone File&#8221;</a></td><td align="left">/var/lib/named/abmas.us.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#eth1zone" title="Example 3.12. DNS 192.168.1 Reverse Zone File">&#8220;DNS 192.168.1 Reverse Zone File&#8221;</a></td><td align="left">/var/lib/named/192.168.1.0.rev</td></tr><tr><td align="left"><a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">&#8220;DNS 192.168.2 Reverse Zone File&#8221;</a></td><td align="left">/var/lib/named/192.168.2.0.rev</td></tr></tbody></table></div></div><p><br class="table-break">
 
-</p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id2562182"></a><pre class="screen">
+</p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id333369"></a><pre class="screen">
 ###
 # Abmas Biz DNS Control File
@@ -1008 +1008 @@
 </pre></div></div><p><br class="example-break">
 
-                </p></li><li><p>
-              <a class="indexterm" name="id2562396"></a><a class="indexterm" name="id2562402"></a>
+                </p></li><li class="step" title="Step 4"><p>
+              <a class="indexterm" name="id333533"></a><a class="indexterm" name="id333539"></a>
                 All DNS name resolution should be handled locally. To ensure that the server is configured
                 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> to have the following
@@ -1018 +1018 @@
 nameserver 123.45.54.23
 </pre><p>
-              <a class="indexterm" name="id2562427"></a>
+              <a class="indexterm" name="id333561"></a>
                 This instructs the name resolver function (when configured correctly) to ask the DNS server
                 that is running locally to resolve names to addresses. In the event that the local name server
                 is not available, ask the name server provided by the ISP. The latter, of course, does not resolve
                 purely local names to IP addresses.
-                </p></li><li><p>
-                <a class="indexterm" name="id2562448"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id333580"></a>
                 The final step is to edit the <code class="filename">/etc/nsswitch.conf</code> file.
                 This file controls the operation of the various resolver libraries that are part of the Linux
@@ -1036 +1036 @@
         processing system.  Then you can configure the server so that all services
         start automatically on reboot. You must also manually start all services prior to validation testing.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Printer Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
         Network administrators who are new to CUPS based-printing typically experience some difficulty mastering
         its powerful features. The steps outlined in this section are designed to navigate around the distractions
@@ -1043 +1043 @@
         submitted to it. In other words, our configuration turns CUPS into a raw-mode print queue. This means that
         the correct printer driver must be installed on all clients.
-        </p><div class="procedure"><a name="id2562506"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 3.4. Printer Configuration Steps"><a name="id333627"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure each printer to be a DHCP client, carefully following the manufacturer's guidelines.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Follow the instructions in the printer manufacturer's manuals to permit printing to port 9100.
                 Use any other port the manufacturer specifies for direct-mode raw printing, and adjust the
                 port as necessary in the following example commands.
                 This allows the CUPS spooler to print using raw mode protocols.
-                <a class="indexterm" name="id2562532"></a>
-                <a class="indexterm" name="id2562539"></a>
-                </p></li><li><p>
-              <a class="indexterm" name="id2562552"></a><a class="indexterm" name="id2562560"></a>
+                <a class="indexterm" name="id333649"></a>
+                <a class="indexterm" name="id333656"></a>
+                </p></li><li class="step" title="Step 3"><p>
+              <a class="indexterm" name="id333669"></a><a class="indexterm" name="id333677"></a>
                 Configure the CUPS Print Queues as follows:
 </p><pre class="screen">
@@ -1061 +1061 @@
 <code class="prompt">root# </code> lpadmin -p hplj6f -v socket://hplj6f.abmas.biz:9100 -E
 </pre><p>
-                <a class="indexterm" name="id2562603"></a>
+                <a class="indexterm" name="id333717"></a>
                 This creates the necessary print queues with no assigned print filter.
-                </p></li><li><p><a class="indexterm" name="id2562618"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id333731"></a>
                 Print queues may not be enabled at creation. Use <code class="literal">lpc stat</code> to check
                 the status of the print queues and, if necessary, make certain that the queues you have 
@@ -1073 +1073 @@
 <code class="prompt">root# </code> /usr/bin/enable hplj6f
 </pre><p>
-                </p></li><li><p><a class="indexterm" name="id2562673"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id333783"></a>
                 Even though your print queues may be enabled, it is still possible that they
                 are not accepting print jobs. A print queue services incoming printing
@@ -1084 +1084 @@
 <code class="prompt">root# </code> /usr/sbin/accept hplj6f
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2562724"></a>
-                <a class="indexterm" name="id2562731"></a>
-                <a class="indexterm" name="id2562738"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id333831"></a>
+                <a class="indexterm" name="id333838"></a>
+                <a class="indexterm" name="id333844"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2562765"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id333871"></a>
                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Printing drivers are installed on each network client workstation.
                 </p></li></ol></div><p>
@@ -1105 +1105 @@
         </p><p>
         The UNIX system print queues have been configured and are ready for validation testing.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2562831"></a>
+        </p></div><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id333932"></a>
         There are two essential steps to process startup configuration. First, the process
         must be configured so that it automatically restarts each time the server
@@ -1115 +1115 @@
         necessary start or kill script is run.
         </p><p>
-        <a class="indexterm" name="id2562866"></a>
-        <a class="indexterm" name="id2562873"></a>
-        <a class="indexterm" name="id2562880"></a>
-        <a class="indexterm" name="id2562886"></a>
-        <a class="indexterm" name="id2562893"></a>
+        <a class="indexterm" name="id333964"></a>
+        <a class="indexterm" name="id333970"></a>
+        <a class="indexterm" name="id333977"></a>
+        <a class="indexterm" name="id333984"></a>
+        <a class="indexterm" name="id333991"></a>
         In the event that a service is not run as a daemon, but via the internetworking
         super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code>
@@ -1127 +1127 @@
         </p><p>
         Last, each service must be started to permit system validation to proceed.
-        </p><div class="procedure"><ol type="1"><li><p>
+        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Use the standard system tool to configure each service to restart
                 automatically at every system reboot. For example,
-                <a class="indexterm" name="id2562945"></a>
+                <a class="indexterm" name="id334038"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhpcd on
@@ -1137 +1137 @@
 <code class="prompt">root# </code> chkconfig smb on
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2562989"></a>
-                <a class="indexterm" name="id2562996"></a>
-                <a class="indexterm" name="id2563002"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id334080"></a>
+                <a class="indexterm" name="id334087"></a>
+                <a class="indexterm" name="id334094"></a>
                 Now start each service to permit the system to be validated.
                 Execute each of the following in the sequence shown:
@@ -1150 +1150 @@
 <code class="prompt">root# </code> /etc/rc.d/init.d/smb restart
 </pre><p>
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p>
-        <a class="indexterm" name="id2563057"></a>
+                </p></li></ol></div></div><div class="sect2" title="Validation"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p>
+        <a class="indexterm" name="id334146"></a>
         Complex networking problems are most often caused by simple things that are poorly or incorrectly
         configured. The validation process adopted here should be followed carefully; it is the result of the
@@ -1161 +1161 @@
         Later in this book you learn how to make users happier. For now, it is enough to learn to 
         validate. Let's get on with it.
-        </p><div class="procedure"><a name="id2563079"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol type="1"><li><p>
-                        <a class="indexterm" name="id2563090"></a>
+        </p><div class="procedure" title="Procedure 3.5. Server Validation Steps"><a name="id334161"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id334172"></a>
                         One of the most important facets of Samba configuration is to ensure that
                         name resolution functions correctly. You can check name resolution
@@ -1187 +1187 @@
                         This proves that name resolution via the <code class="filename">/etc/hosts</code> file
                         is working.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563160"></a>
+                        </p></li><li class="step" title="Step 2"><p>
+                        <a class="indexterm" name="id334233"></a>
                         So far, your installation is going particularly well. In this step we validate
                         DNS server and name resolution operation. Using your favorite UNIX system editor,
@@ -1196 +1196 @@
 hosts:        dns
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563193"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id334263"></a>
                         Before you test DNS operation, it is a good idea to verify that the DNS server
                         is running by executing the following:
@@ -1211 +1211 @@
 </pre><p>
                         This means that we are ready to check DNS operation. Do so by executing:
-                        <a class="indexterm" name="id2563223"></a>
+                        <a class="indexterm" name="id334287"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> ping diamond
@@ -1227 +1227 @@
 sleeth1.abmas.biz has address 192.168.1.1
 </pre><p>
-                        <a class="indexterm" name="id2563261"></a>
+                        <a class="indexterm" name="id334321"></a>
                         You may now remove the entry called <code class="constant">diamond</code> from the
                         <code class="filename">/etc/hosts</code> file. It does not hurt to leave it there,
                         but its removal reduces the number of administrative steps for this name.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563287"></a>
+                        </p></li><li class="step" title="Step 4"><p>
+                        <a class="indexterm" name="id334346"></a>
                         WINS is a great way to resolve NetBIOS names to their IP address. You can test
                         the operation of WINS by starting <code class="literal">nmbd</code> (manually or by way
@@ -1251 +1251 @@
 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.479 ms
 </pre><p>
-                        <a class="indexterm" name="id2563380"></a>
+                        <a class="indexterm" name="id334432"></a>
                         Now that you can relax with the knowledge that all three major forms of name
                         resolution to IP address resolution are working, edit the <code class="filename">/etc/nsswitch.conf</code>
@@ -1260 +1260 @@
 </pre><p>
                         The system is looking good. Let's move on.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 5"><p>
                         It would give you peace of mind to know that the DHCP server is running
                         and available for service. You can validate DHCP services by running:
@@ -1271 +1271 @@
                         This shows that the server is running. The proof of whether or not it is working
                         comes when you try to add the first DHCP client to the network.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563440"></a>
+                        </p></li><li class="step" title="Step 6"><p>
+                        <a class="indexterm" name="id334485"></a>
                         This is a good point at which to start validating Samba operation. You are 
                         content that name resolution is working for basic TCP/IP needs. Let's move on.
@@ -1343 +1343 @@
 </pre><p>
                         Clear away all errors before proceeding.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563541"></a>
-                        <a class="indexterm" name="id2563548"></a>
-                        <a class="indexterm" name="id2563554"></a>
-                        <a class="indexterm" name="id2563561"></a>
+                        </p></li><li class="step" title="Step 7"><p>
+                        <a class="indexterm" name="id334550"></a>
+                        <a class="indexterm" name="id334557"></a>
+                        <a class="indexterm" name="id334564"></a>
+                        <a class="indexterm" name="id334571"></a>
                         Check that the Samba server is running:
 </p><pre class="screen">
@@ -1360 +1360 @@
 </pre><p>
                         The <code class="literal">winbindd</code> daemon is running in split mode (normal), so there are also
-                        two instances<sup>[<a name="id2563592" href="#ftn.id2563592" class="footnote">7</a>]</sup> of it.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563623"></a>
-              <a class="indexterm" name="id2563630"></a>
+                        two instances<sup>[<a name="id334598" href="#ftn.id334598" class="footnote">7</a>]</sup> of it.
+                        </p></li><li class="step" title="Step 8"><p>
+                        <a class="indexterm" name="id334627"></a>
+              <a class="indexterm" name="id334634"></a>
                         Check that an anonymous connection can be made to the Samba server:
 </p><pre class="screen">
@@ -1394 +1394 @@
                         The <code class="constant">-U%</code> argument means to send a <code class="constant">NULL</code> username and
                         a <code class="constant">NULL</code> password.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563688"></a>
-                        <a class="indexterm" name="id2563695"></a>
-                        <a class="indexterm" name="id2563702"></a>
+                        </p></li><li class="step" title="Step 9"><p>
+                        <a class="indexterm" name="id334682"></a>
+                        <a class="indexterm" name="id334688"></a>
+                        <a class="indexterm" name="id334695"></a>
                         Verify that each printer has the IP address assigned in the DHCP server configuration file.
                         The easiest way to do this is to ping the printer name. Immediately after the ping response
@@ -1412 +1412 @@
 hplj6a (192.168.1.30) at 00:03:47:CB:81:E0 [ether] on eth0
 </pre><p>
-              <a class="indexterm" name="id2563748"></a>
+              <a class="indexterm" name="id334736"></a>
                         The MAC address <code class="constant">00:03:47:CB:81:E0</code> matches that specified for the
                         IP address from which the printer has responded and with the entry for it in the
                         <code class="filename">/etc/dhcpd.conf</code> file. Repeat this for each printer configured.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563777"></a>
+                        </p></li><li class="step" title="Step 10"><p>
+                        <a class="indexterm" name="id334763"></a>
                         Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool:
 </p><pre class="screen">
@@ -1435 +1435 @@
 smb: \&gt; q
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2563834"></a>
+                        </p></li><li class="step" title="Step 11"><p>
+                        <a class="indexterm" name="id334807"></a>
                         Your new server is connected to an Internet-accessible connection. Before you start
                         your firewall, you should run a port scanner against your system. You should repeat that
@@ -1510 +1510 @@
 Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
 </pre><p>
-                        </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p>
-        <a class="indexterm" name="id2563937"></a>
-        <a class="indexterm" name="id2563944"></a>
+                        </p></li></ol></div></div><div class="sect2" title="Application Share Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id334886"></a>
+        <a class="indexterm" name="id334893"></a>
         The use of an application server is a key mechanism by which desktop administration overheads
         can be reduced. Check the application manual for your software to identify how best to
@@ -1520 +1520 @@
         is typically not suited for administrative installation. Administratively installed software
         permits one or more of the following installation choices:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Install software fully onto a workstation, storing data files on the same workstation.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Install software fully onto a workstation with central network data file storage.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Install software to run off a central application server with data files stored
                 on the local workstation. This is often called a minimum installation, or a
                 network client installation.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Install software to run off a central application server with data files stored
                 on a central network share. This type of installation often prevents storage
                 of work files on the local workstation.
                 </p></li></ul></div><p>
-        <a class="indexterm" name="id2563996"></a>
+        <a class="indexterm" name="id334936"></a>
         A common application deployed in this environment is an office suite.
         Enterprise editions of Microsoft Office XP Professional can be administratively installed
@@ -1550 +1550 @@
         local disk space. In the latter case, when the applications are used, they load over the network.
         </p><p>
-        <a class="indexterm" name="id2564033"></a>
-        <a class="indexterm" name="id2564040"></a>
+        <a class="indexterm" name="id334963"></a>
+        <a class="indexterm" name="id334970"></a>
         Microsoft Office Service Packs can be unpacked to update an administrative share. This makes
         it possible to update MS Office XP Professional for all users from a single installation
@@ -1560 +1560 @@
         editing or by way of configuration options inside each Office XP Professional application.
         </p><p>
-        <a class="indexterm" name="id2564062"></a>
+        <a class="indexterm" name="id334988"></a>
         OpenOffice.Org OpenOffice Version 1.1.0 can be installed locally. It can also
         be installed to run off a network share. The latter is a most desirable solution for office-bound 
@@ -1573 +1573 @@
         share point. The full administrative OpenOffice share takes approximately 150 MB of disk
         space.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2564093"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>
+        </p><div class="sect3" title="Comments Regarding Software Terms of Use"><div class="titlepage"><div><div><h4 class="title"><a name="id335012"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>
                         Many single-user products can be installed into an administrative share, but
                         personal versions of products such as Microsoft Office XP Professional do not permit this. 
@@ -1597 +1597 @@
                         please do not use the software.
                         </p><p>
-                        <a class="indexterm" name="id2564142"></a>
+                        <a class="indexterm" name="id335047"></a>
                         Samba is provided under the terms of the GNU GPL Version 2, a copy of which is provided
                         with the source code.
-                        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4wincfg"></a>Windows Client Configuration</h3></div></div></div><p>
+                        </p></div></div><div class="sect2" title="Windows Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4wincfg"></a>Windows Client Configuration</h3></div></div></div><p>
         Christine needs to roll out 130 new desktop systems. There is no doubt that she also needs
         to reinstall many of the notebook computers that will be recycled for use with the new network 
@@ -1607 +1607 @@
         Ghost (enterprise edition) to replicate the staged machine to its target desktops. The same can
         be done with notebook computers as long as they are identical or sufficiently similar.
-        </p><div class="procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2564192"></a>
-                <a class="indexterm" name="id2564199"></a>
+        </p><div class="procedure" title="Procedure 3.6. Windows Client Configuration Procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id335091"></a>
+                <a class="indexterm" name="id335098"></a>
                 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 
                 TCP/IP protocol configuration. DHCP configures all Windows clients to use the WINS Server
                 address that has been defined for the local subnet.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Join the Windows Domain <code class="constant">PROMISES</code>. Use the Domain Administrator
                 username <code class="constant">root</code> and the SMB password you assigned to this account.
@@ -1620 +1620 @@
                 Reboot the machine as prompted and then log on using the Domain Administrator account
                 (<code class="constant">root</code>).
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Verify <code class="constant">DIAMOND</code> is visible in <span class="guimenu">My Network Places</span>, 
                 that it is possible to connect to it and see the shares <span class="guimenuitem">accounts</span>,
                 <span class="guimenuitem">apps</span>, and <span class="guimenuitem">finsvcs</span>, and that it is
                 possible to open each share to reveal its contents.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Create a drive mapping to the <code class="constant">apps</code> share on the server <code class="constant">DIAMOND</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Perform an administrative installation of each application to be used. Select the options
                 that you wish to use. Of course, you can choose to run applications over the network, correct?
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Now install all applications to be installed locally. Typical tools include Adobe Acrobat,
                 NTP-based time synchronization software, drivers for specific local devices such as fingerprint
                 scanners, and the like. Probably the most significant application for local installation
                 is antivirus software.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Now install all four printers onto the staging system. The printers you install
                 include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers. You will
@@ -1641 +1641 @@
                 Install printers on each machine following the steps shown in the Windows client printer
                 preparation procedure below.
-                </p></li><li><p>
-                <a class="indexterm" name="id2564337"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id335222"></a>
                 When you are satisfied that the staging systems are complete, use the appropriate procedure to
                 remove the client from the domain. Reboot the system and then log on as the local administrator
                 and clean out all temporary files stored on the system. Before shutting down, use the disk
                 defragmentation tool so that the file system is in optimal condition before replication.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Boot the workstation using the Norton (Symantec) Ghosting diskette (or CD-ROM) and image the
                 machine to a network share on the server.
-                </p></li><li><p>
-                <a class="indexterm" name="id2564366"></a>
-                <a class="indexterm" name="id2564375"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id335246"></a>
+                <a class="indexterm" name="id335256"></a>
                 You may now replicate the image to the target machines using the appropriate Norton Ghost 
                 procedure. Make sure to use the procedure that ensures each machine has a unique
                 Windows security identifier (SID). When the installation of the disk image has completed, boot the PC. 
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 Log on to the machine as the local Administrator (the only option), and join the machine to
                 the Domain, following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">&#8220;Joining a Domain: Windows 200x/XP Professional&#8221;</a>. The system is now 
                 ready for the user to log on, provided you have created a network logon account for that 
                 user, of course.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 Instruct all users to log on to the workstation using their assigned username and password.
-                </p></li></ol></div><div class="procedure"><a name="sbewinclntptrprep"></a><p class="title"><b>Procedure 3.7. Windows Client Printer Preparation Procedure</b></p><ol type="1"><li><p>
+                </p></li></ol></div><div class="procedure" title="Procedure 3.7. Windows Client Printer Preparation Procedure"><a name="sbewinclntptrprep"></a><p class="title"><b>Procedure 3.7. Windows Client Printer Preparation Procedure</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>.
                         Ensure that <span class="guimenuitem">Local printer</span> is selected.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Click <span class="guibutton">Next</span>. In the
                 <span class="guimenuitem">Manufacturer:</span> panel, select <code class="constant">HP</code>.
                 In the <span class="guimenuitem">Printers:</span> panel, select the printer called
                 <code class="constant">HP LaserJet 6</code>. Click <span class="guibutton">Next</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 In the <span class="guimenuitem">Available ports:</span> panel, select
                 <code class="constant">FILE:</code>. Accept the default printer name by clicking
-                <span class="guibutton">Next</span>. When asked, &#8220;<span class="quote">Would you like to print a
-                test page?,</span>&#8221; click <span class="guimenuitem">No</span>. Click
+                <span class="guibutton">Next</span>. When asked, <span class="quote">&#8220;<span class="quote">Would you like to print a
+                test page?,</span>&#8221;</span> click <span class="guimenuitem">No</span>. Click
                 <span class="guibutton">Finish</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 You may be prompted for the name of a file to print to. If so, close the
                 dialog panel. Right-click <span class="guiicon">HP LaserJet 6</span> &#8594; <span class="guimenuitem">Properties</span> &#8594; <span class="guisubmenu">Details (Tab)</span> &#8594; <span class="guimenuitem">Add Port</span>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 In the <span class="guimenuitem">Network</span> panel, enter the name of
                 the print queue on the Samba server as follows: <code class="constant">\\DIAMOND\hplj6a</code>.
                 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Repeat the printer installation steps above for both HP LaserJet 6 printers
                 as well as for both QMS Magicolor laser printers.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564645"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id335513"></a>Key Points Learned</h3></div></div></div><p>
                 How do you feel? You have built a capable network, a truly ambitious project.
                 Future network updates can be handled by
                 your staff. You must be a satisfied manager. Let's review the achievements.
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         A simple firewall has been configured to protect the server in the event that
                         the ISP firewall service should fail.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The Samba configuration uses measures to ensure that only local network users
                         can connect to SMB/CIFS services.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Samba uses the new <code class="constant">tdbsam</code> passdb backend facility.
                         Considerable complexity was added to Samba functionality.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         A DHCP server was configured to implement dynamic DNS (DDNS) updates to the DNS
                         server.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         The DNS server was configured to permit DDNS only for local network clients. This
                         server also provides primary DNS services for the company Internet presence.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         You introduced an application server as well as the concept of cloning a Windows
                         client in order to effect improved standardization of desktops and to reduce
                         the costs of network management.
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2564707"></a>Questions and Answers</h2></div></div></div><p>
-        </p><div class="qandaset"><dl><dt>1. <a href="secure.html#id2564723">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id335566"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id335576"></a><dl><dt>1. <a href="secure.html#id335582">
                 What is the maximum number of account entries that the tdbsam
                 passdb backend can handle?
-                </a></dt><dt>2. <a href="secure.html#id2564792">
+                </a></dt><dt>2. <a href="secure.html#id335635">
                 Would Samba operate any better if the OS level is set to a value higher than 35?
-                </a></dt><dt>3. <a href="secure.html#id2564814">
+                </a></dt><dt>3. <a href="secure.html#id335654">
                 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups?
-                </a></dt><dt>4. <a href="secure.html#id2564836">
+                </a></dt><dt>4. <a href="secure.html#id335674">
                 Why has a path been specified in the IPC$ share?
-                </a></dt><dt>5. <a href="secure.html#id2564865">
+                </a></dt><dt>5. <a href="secure.html#id335699">
                 Why does the smb.conf file in this exercise include an entry for smb ports?
-                </a></dt><dt>6. <a href="secure.html#id2564911">
+                </a></dt><dt>6. <a href="secure.html#id335740">
                 What is the difference between a print queue and a printer?
-                </a></dt><dt>7. <a href="secure.html#id2564947">
+                </a></dt><dt>7. <a href="secure.html#id335768">
                 Can all MS Windows application software be installed onto an application server share?
-                </a></dt><dt>8. <a href="secure.html#id2564972">
+                </a></dt><dt>8. <a href="secure.html#id335788">
                 Why use dynamic DNS (DDNS)?
-                </a></dt><dt>9. <a href="secure.html#id2564992">
+                </a></dt><dt>9. <a href="secure.html#id335807">
                 Why would you use WINS as well as DNS-based name resolution?
-                </a></dt><dt>10. <a href="secure.html#id2565077">
+                </a></dt><dt>10. <a href="secure.html#id335876">
                 What are the major benefits of using an application server?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2564723"></a><a name="id2564725"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id335582"></a><a name="id335584"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
                 What is the maximum number of account entries that the <em class="parameter"><code>tdbsam</code></em>
                 passdb backend can handle?
@@ -1758 +1758 @@
                 not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The
                 limitation of 250 users per tdbsam is predicated only on the need for replication,
-                not on the limits<sup>[<a name="id2564781" href="#ftn.id2564781" class="footnote">8</a>]</sup> of the tdbsam backend itself. 
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564792"></a><a name="id2564794"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
+                not on the limits<sup>[<a name="id335626" href="#ftn.id335626" class="footnote">8</a>]</sup> of the tdbsam backend itself. 
+                </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id335635"></a><a name="id335637"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
                 Would Samba operate any better if the OS level is set to a value higher than 35?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1765 +1765 @@
                 of 35 already assures Samba of precedence over MS Windows products in browser elections. There is
                 no gain to be had from setting this higher.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564814"></a><a name="id2564816"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id335654"></a><a name="id335656"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
                 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1771 +1771 @@
                 a later date Samba may make use of Windows Local Groups, as well as of the Active Directory special
                 Groups. Proper operation requires Domain Groups to be mapped to valid UNIX groups.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564836"></a><a name="id2564838"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id335674"></a><a name="id335676"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
                 Why has a path been specified in the <em class="parameter"><code>IPC$</code></em> share?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1777 +1777 @@
                 obtain access to the file system, it does so at a location that presents least risk. Under normal operation
                 this type of paranoid step should not be necessary. The use of this parameter should not be necessary. 
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564865"></a><a name="id2564867"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id335699"></a><a name="id335701"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
                 Why does the <code class="filename">smb.conf</code> file in this exercise include an entry for <a class="link" href="smb.conf.5.html#SMBPORTS" target="_top">smb ports</a>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1786 +1786 @@
                 The result of this is improved network performance. Where Samba-3 is installed as an Active Directory Domain
                 member, the default behavior is highly beneficial and should not be changed.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564911"></a><a name="id2564914"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id335740"></a><a name="id335742"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
                 What is the difference between a print queue and a printer?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1800 +1800 @@
                 and the job is then submitted to a sequential print queue where the job is stored until
                 the printer is ready to receive the job.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564947"></a><a name="id2564949"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id335768"></a><a name="id335770"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
                 Can all MS Windows application software be installed onto an application server share?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1808 +1808 @@
                 Professional do not permit installation to an application server share and can be installed
                 and used only to/from a local workstation hard disk.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564972"></a><a name="id2564974"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id335788"></a><a name="id335791"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
                 Why use dynamic DNS (DDNS)?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1814 +1814 @@
                 network clients that are not NetBIOS-enabled, and thus cannot use WINS, to locate
                 Windows clients via DNS.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564992"></a><a name="id2564994"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id335807"></a><a name="id335809"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
                 Why would you use WINS as well as DNS-based name resolution?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 WINS is to NetBIOS names as DNS is to fully qualified domain names (FQDN). The FQDN is
-                a name like &#8220;<span class="quote">myhost.mydomain.tld</span>&#8221; where <em class="parameter"><code>tld</code></em>
+                a name like <span class="quote">&#8220;<span class="quote">myhost.mydomain.tld</span>&#8221;</span> where <em class="parameter"><code>tld</code></em>
                 means <code class="constant">top-level domain</code>. A FQDN is a longhand but easy-to-remember
                 expression that may be up to 1024 characters in length and that represents an IP address. 
                 A NetBIOS name is always 16 characters long. The 16<sup>th</sup> character
-                is a name type indicator. A specific name type is registered<sup>[<a name="id2565029" href="#ftn.id2565029" class="footnote">9</a>]</sup> for each 
+                is a name type indicator. A specific name type is registered<sup>[<a name="id335840" href="#ftn.id335840" class="footnote">9</a>]</sup> for each 
                 type of service that is provided by the Windows server or client and that may be registered
                 where a WINS server is in use.
@@ -1837 +1837 @@
                 </p><p>
                 Windows 200x Active Directory requires the registration in the DNS zone for the domain it 
-                controls of service locator<sup>[<a name="id2565063" href="#ftn.id2565063" class="footnote">10</a>]</sup> records 
+                controls of service locator<sup>[<a name="id335866" href="#ftn.id335866" class="footnote">10</a>]</sup> records 
                 that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also 
                 requires the registration of special records that are called global catalog (GC) entries 
                 and site entries by which domain controllers and other essential ADS servers may be located. 
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2565077"></a><a name="id2565079"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id335876"></a><a name="id335879"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
                 What are the major benefits of using an application server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -1848 +1848 @@
                 one location for all major applications used. This results in faster update roll-outs and
                 significantly better application usage control.
-                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2559623" href="#id2559623" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id331045" href="#id331045" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.
                 This is necessary so that Samba can act as a Domain Controller (PDC); see
-                <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2560004" href="#id2560004" class="para">6</a>] </sup>You may want to do the echo command last and include 
-                                "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2563592" href="#id2563592" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>, 
+                <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id331388" href="#id331388" class="para">6</a>] </sup>You may want to do the echo command last and include 
+                                "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id334598" href="#id334598" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>, 
                         Chapter 23, Section 23.3. The single instance of <code class="literal">smbd</code> is normal. One additional
                         <code class="literal">smbd</code> slave process is spawned for each SMB/CIFS client 
-                        connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2564781" href="#id2564781" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very
+                        connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id335626" href="#id335626" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very
                 effective database technology.  There is surprisingly little performance loss even
-                with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2565029" href="#id2565029" class="para">9</a>] </sup>
-                See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2565063" href="#id2565063" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>
+                with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id335840" href="#id335840" class="para">9</a>] </sup>
+                See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id335866" href="#id335866" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>

trunk/server/docs/htmldocs/Samba3-ByExample/simple.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 1. No-Frills Samba Servers</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="next" href="small.html" title="Chapter 2. Small Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 1. No-Frills Samba Servers</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ExNetworks.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="small.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="simple"></a>Chapter 1. No-Frills Samba Servers</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="simple.html#id2550843">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id2550883">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id2550925">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id2551634">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id2554969">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 1. No-Frills Samba Servers</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="next" href="small.html" title="Chapter 2. Small Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 1. No-Frills Samba Servers</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ExNetworks.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="small.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 1. No-Frills Samba Servers"><div class="titlepage"><div><div><h2 class="title"><a name="simple"></a>Chapter 1. No-Frills Samba Servers</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="simple.html#id323089">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id323120">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id323158">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id323803">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id326925">Questions and Answers</a></span></dt></dl></div><p>
         This is the start of the real journey toward the successful deployment of Samba. For some this chapter
         is the end of the road because their needs will have been adequately met. For others, this chapter is
@@ -5 +5 @@
         example configurations of, for the greater part, complete networking solutions. The intent of this book
         is to help you to get your Samba installation working with the least amount of pain and aggravation.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2550843"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id323089"></a>Introduction</h2></div></div></div><p>
         This chapter lays the groundwork for understanding the basics of Samba operation. 
         Instead of a bland technical discussion, each principle is demonstrated by way of a 
-        real-world scenario for which a working solution<sup>[<a name="id2550854" href="#ftn.id2550854" class="footnote">1</a>]</sup> is fully described.
+        real-world scenario for which a working solution<sup>[<a name="id323099" href="#ftn.id323099" class="footnote">1</a>]</sup> is fully described.
         </p><p>
         The practical exercises take you on a journey through a drafting office, a charity administration
@@ -18 +18 @@
         you should aim to be a Samba expert, so do attempt to find better solutions and try them as you work your
         way through the examples.
-        </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2550883"></a>Assignment Tasks</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Assignment Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id323120"></a>Assignment Tasks</h2></div></div></div><p>
         Each case presented highlights different aspects of Windows networking for which a simple 
         Samba-based solution can be provided. Each has subtly different requirements taken from real-world cases.
@@ -26 +26 @@
         This chapter has three assignments built around fictitious companies: 
         </p><p>
-        </p><div class="itemizedlist"><ul type="disc"><li><p>A drafting office</p></li><li><p>A charity administration office</p></li><li><p>An accounting office</p></li></ul></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A drafting office</p></li><li class="listitem"><p>A charity administration office</p></li><li class="listitem"><p>An accounting office</p></li></ul></div><p>
         </p><p>
         Let's get started.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2550925"></a>Drafting Office</h3></div></div></div><p>
+        </p><div class="sect2" title="Drafting Office"><div class="titlepage"><div><div><h3 class="title"><a name="id323158"></a>Drafting Office</h3></div></div></div><p>
         Our fictitious company is called <span class="emphasis"><em>Abmas Design, Inc.</em></span> This is a three-person
         computer-aided design (CAD) business that often has more work than can be handled. The 
@@ -39 +39 @@
         plans from each machine. The files available from the server must remain read-only. 
         Anyone should be able to access the plans at any time and without barriers or difficulty.
-        </p><p><a class="indexterm" name="id2550950"></a>
-                <a class="indexterm" name="id2550956"></a>
+        </p><p><a class="indexterm" name="id323177"></a>
+                <a class="indexterm" name="id323183"></a>
         Mr. Bob Jordan has asked you to install the new server as economically as possible. The central
         server has a Pentium-IV 1.6GHz CPU, 768MB RAM, a 20GB IDE boot drive, a 160GB IDE second disk
@@ -47 +47 @@
         <a class="ulink" href="http://www.samba.org" target="_top">FTP</a> sites. (Note: Fedora CoreX indicates your favorite
         version.)
-        </p><p><a class="indexterm" name="id2550984"></a>
+        </p><p><a class="indexterm" name="id323204"></a>
         The four permanent drafting machines (Microsoft Windows workstations) have attached printers 
         and plotters that are shared on a peer-to-peer basis by any and all network users. The intent 
@@ -56 +56 @@
         machine. The office works best with this arrangement and does not want to change anything. 
         Old habits are too ingrained.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2551005"></a>Dissection and Discussion</h4></div></div></div><p>
-                <a class="indexterm" name="id2551012"></a>
+        </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id323219"></a>Dissection and Discussion</h4></div></div></div><p>
+                <a class="indexterm" name="id323227"></a>
                 The requirements for this server installation demand simplicity. An anonymous read-only
                 file server adequately meets all needs. The network consultant determines how
@@ -64 +64 @@
                 </p><p>
                 It is not necessary to have specific users on the server. The site has a method for storing
-                all design files (plans). Each plan is stored in a directory that is named YYYYWW,<sup>[<a name="id2551032" href="#ftn.id2551032" class="footnote">2</a>]</sup> where
+                all design files (plans). Each plan is stored in a directory that is named YYYYWW,<sup>[<a name="id323243" href="#ftn.id323243" class="footnote">2</a>]</sup> where
                 YYYY is the year, and WW is the week of the year. This arrangement allows work to be stored
                 by week of year to preserve the filing technique the site is familiar with.
@@ -74 +74 @@
                 demanding the disk space that would be needed if a duplicate file copy were to be stored. 
                 The share containing the plans is called <span class="emphasis"><em>Plans</em></span>.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2551061"></a>Implementation</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="id323262"></a>Implementation</h4></div></div></div><p>
                 It is assumed that the server is fully installed and ready for installation and 
                 configuration of Samba 3.0.20 and any support files needed. All TCP/IP addresses 
@@ -80 +80 @@
                 <code class="constant">192.168.1.1</code> and the netmask is <code class="constant">255.255.255.0</code>. 
                 The hostname of the server used is <code class="constant">server</code>.
-                </p><div class="procedure"><a name="id2551084"></a><p class="title"><b>Procedure 1.1. Samba Server Configuration</b></p><ol type="1"><li><p>
+                </p><div class="procedure" title="Procedure 1.1. Samba Server Configuration"><a name="id323282"></a><p class="title"><b>Procedure 1.1. Samba Server Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Download the Samba-3 RPM packages for Red Hat Fedora Core2 from the Samba
                         <a class="ulink" href="http://www.samba.org" target="_top">FTP servers.</a>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2551108"></a>
-                        <a class="indexterm" name="id2551116"></a>
+                        </p></li><li class="step" title="Step 2"><p>
+                        <a class="indexterm" name="id323305"></a>
+                        <a class="indexterm" name="id323314"></a>
                         Install the RPM package using either the Red Hat Linux preferred GUI
                         tool or the <code class="literal">rpm</code>:
@@ -91 +91 @@
 <code class="prompt">root# </code> rpm -Uvh samba-3.0.20-1.i386.rpm
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         Create a mount point for the file system that will be used to store all data files.
                         You can create a directory called <code class="filename">/plans</code>:
@@ -101 +101 @@
                         and execute, and the group and everyone else to read and execute only.
                         </p><p>
-                        <a class="indexterm" name="id2551175"></a>
+                        <a class="indexterm" name="id323369"></a>
                         Use Red Hat Linux system tools (refer to Red Hat instructions)
                         to format the 160GB hard drive with a suitable file system. An Ext3 file system
                         is suitable. Configure this drive to automatically mount using the <code class="filename">/plans</code>
                         directory as the mount point.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         Install the <code class="filename">smb.conf</code> file shown in <a class="link" href="simple.html#draft-smbconf" title="Example 1.1. Drafting Office smb.conf File">&#8220;Drafting Office smb.conf File&#8221;</a> in the
                         <code class="filename">/etc/samba</code> directory.
 
-</p><div class="example"><a name="draft-smbconf"></a><p class="title"><b>Example 1.1. Drafting Office <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global Parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2551244"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id2551254"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[Plans]</code></em></td></tr><tr><td><a class="indexterm" name="id2551273"></a><em class="parameter"><code>path = /plans</code></em></td></tr><tr><td><a class="indexterm" name="id2551283"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2551294"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><p><br class="example-break">
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2551311"></a>
+</p><div class="example"><a name="draft-smbconf"></a><p class="title"><b>Example 1.1. Drafting Office <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id323435"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id323446"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[Plans]</code></em></td></tr><tr><td><a class="indexterm" name="id323464"></a><em class="parameter"><code>path = /plans</code></em></td></tr><tr><td><a class="indexterm" name="id323475"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323485"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><p><br class="example-break">
+                        </p></li><li class="step" title="Step 5"><p>
+                        <a class="indexterm" name="id323503"></a>
                         Verify that the <code class="filename">/etc/hosts</code> file contains the following entry:
 </p><pre class="screen">
@@ -118 +118 @@
 </pre><p>
 
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2551335"></a>
-                        <a class="indexterm" name="id2551344"></a>
-                        <a class="indexterm" name="id2551350"></a>
+                        </p></li><li class="step" title="Step 6"><p>
+                        <a class="indexterm" name="id323526"></a>
+                        <a class="indexterm" name="id323534"></a>
+                        <a class="indexterm" name="id323540"></a>
                         Use the standard system tool to start Samba and to configure it to restart
                         automatically at every system reboot. For example,
@@ -128 +128 @@
 <code class="prompt">root# </code> /etc/rc.d/init.d/smb restart
 </pre><p>
-                        </p></li></ol></div><div class="procedure"><a name="id2551376"></a><p class="title"><b>Procedure 1.2. Windows Client Configuration</b></p><ol type="1"><li><p>
+                        </p></li></ol></div><div class="procedure" title="Procedure 1.2. Windows Client Configuration"><a name="id323566"></a><p class="title"><b>Procedure 1.2. Windows Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Make certain that all clients are set to the same network address range as
                         used for the Samba server. For example, one client might have an IP
                         address 192.168.1.10.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2551396"></a>
+                        </p></li><li class="step" title="Step 2"><p>
+                        <a class="indexterm" name="id323584"></a>
                         Ensure that the netmask used on the Windows clients matches that used
                         for the Samba server. All clients must have the same netmask, such as
                         255.255.255.0.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2551412"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id323598"></a>
                         Set the workgroup name on all clients to <code class="constant">MIDEARTH</code>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         Verify on each client that the machine called <code class="constant">SERVER</code>
                         is visible in the <span class="guimenu">Network Neighborhood</span>, that it is
                         possible to connect to it and see the share <span class="guimenuitem">Plans</span>,
                         and that it is possible to open that share to reveal its contents.
-                        </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="validate1"></a>Validation</h4></div></div></div><p>
-                <a class="indexterm" name="id2551458"></a>
+                        </p></li></ol></div></div><div class="sect3" title="Validation"><div class="titlepage"><div><div><h4 class="title"><a name="validate1"></a>Validation</h4></div></div></div><p>
+                <a class="indexterm" name="id323642"></a>
                 The first priority in validating the new Samba configuration should be to check
                 that Samba answers on the loop-back interface. Then it is time to check that Samba
                 answers its own name correctly. Last, check that a client can connect to the Samba
                 server.
-                </p><div class="procedure"><ol type="1"><li><p>
-                        <a class="indexterm" name="id2551477"></a>
-                        <a class="indexterm" name="id2551483"></a>
-                        <a class="indexterm" name="id2551490"></a>
+                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id323659"></a>
+                        <a class="indexterm" name="id323665"></a>
+                        <a class="indexterm" name="id323671"></a>
                         To check the ability to access the <code class="literal">smbd</code> daemon
                         services, execute the following:
@@ -173 +173 @@
         MIDEARTH           SERVER 
 </pre><p>
-                        <a class="indexterm" name="id2551521"></a>
-                        <a class="indexterm" name="id2551527"></a>
+                        <a class="indexterm" name="id323697"></a>
+                        <a class="indexterm" name="id323703"></a>
                         This indicates that Samba is able to respond on the loopback interface to
                         a NULL connection. The <em class="parameter"><code>-U%</code></em> means send an empty
                         username and an empty password. This command should be repeated after
                         Samba has been running for 15 minutes.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Now verify that Samba correctly handles being passed a username
                         and password, and that it answers its own name. Execute the following:
@@ -188 +188 @@
                         configured to ignore all usernames given; instead it uses the
                         <em class="parameter"><code>guest account</code></em> for all connections.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2551577"></a>
-                        <a class="indexterm" name="id2551583"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id323748"></a>
+                        <a class="indexterm" name="id323754"></a>
                         From the Windows 9x/Me client, launch Windows Explorer: 
                         <span class="guiicon">[Desktop: right-click] Network Neighborhood</span>+<span class="guimenu">Explore</span> &#8594; <span class="guimenuitem">[Left Panel]  [+] Entire Network</span> &#8594; <span class="guimenuitem">[Left Panel] [+] Server</span> &#8594; <span class="guimenuitem">[Left Panel] [+] Plans</span>. In the right panel you should see the files and directories
                         (folders) that are in the <span class="guiicon">Plans</span> share.
-                        </p></li></ol></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551634"></a>Charity Administration Office</h3></div></div></div><p>
+                        </p></li></ol></div></div></div><div class="sect2" title="Charity Administration Office"><div class="titlepage"><div><div><h3 class="title"><a name="id323803"></a>Charity Administration Office</h3></div></div></div><p>
         The fictitious charity organization is called <span class="emphasis"><em>Abmas Vision NL</em></span>. This office
         has five networked computers. Staff are all volunteers, staff changes are frequent.
@@ -217 +217 @@
         file share.
         </p><p>
-        <a class="indexterm" name="id2551697"></a>
-        <a class="indexterm" name="id2551703"></a>
+        <a class="indexterm" name="id323847"></a>
+        <a class="indexterm" name="id323854"></a>
         Printer handling in Samba results in a significant level of confusion. Samba presents to the
         MS Windows client only a print queue. The Samba <code class="literal">smbd</code> process passes a
@@ -232 +232 @@
         used on this network.
         </p><p>
-        <a class="indexterm" name="id2551736"></a>
+        <a class="indexterm" name="id323879"></a>
         The central server was donated by a local computer store. It is a dual processor Pentium-III
         server, has 1GB RAM, a 3-Ware IDE RAID Controller that has four 200GB IDE hard drives, and a
@@ -243 +243 @@
         to the printers was accepted. You have supplied SUSE Enterprise Linux Server 9 and
         have upgraded Samba to version 3.0.20.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2551758"></a>Dissection and Discussion</h4></div></div></div><p>
-                <a class="indexterm" name="id2551766"></a>
-                <a class="indexterm" name="id2551772"></a>
-                <a class="indexterm" name="id2551778"></a>
-                <a class="indexterm" name="id2551784"></a>
+        </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id323894"></a>Dissection and Discussion</h4></div></div></div><p>
+                <a class="indexterm" name="id323902"></a>
+                <a class="indexterm" name="id323908"></a>
+                <a class="indexterm" name="id323914"></a>
+                <a class="indexterm" name="id323920"></a>
                 This installation demands simplicity. Frequent turnover of volunteer staff indicates that
                 a network environment that requires users to logon might be problematic. It is suggested that the
@@ -259 +259 @@
                 an inadvertent ACL from overriding actual file permissions.
                 </p><p>
-                <a class="indexterm" name="id2551823"></a>
-                <a class="indexterm" name="id2551830"></a>
-                <a class="indexterm" name="id2551836"></a>
+                <a class="indexterm" name="id323953"></a>
+                <a class="indexterm" name="id323959"></a>
+                <a class="indexterm" name="id323965"></a>
                 This organization is a prime candidate for Share Mode security. The <em class="parameter"><code>force user</code></em>
                 allows all files to be owned by the same user and group. In addition, it would not hurt to
@@ -268 +268 @@
                 For further information regarding the significance of the SUID/SGID settings, see <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#ch12-SUIDSGID" title="Effect of Setting File and Directory SUID/SGID Permissions Explained">&#8220;Effect of Setting File and Directory SUID/SGID Permissions Explained&#8221;</a>.
                 </p><p>
-                <a class="indexterm" name="id2551869"></a>
-                <a class="indexterm" name="id2551875"></a>
-                <a class="indexterm" name="id2551883"></a>
-                <a class="indexterm" name="id2551890"></a>
+                <a class="indexterm" name="id323994"></a>
+                <a class="indexterm" name="id324000"></a>
+                <a class="indexterm" name="id324009"></a>
+                <a class="indexterm" name="id324015"></a>
                 All client workstations print to a print queue on the server. This ensures that print jobs
                 continue to print in the event that a user shuts down the workstation immediately after
@@ -278 +278 @@
                 that CUPS has become the leading UNIX printing technology.
                 </p><p>
-                <a class="indexterm" name="id2551907"></a>
+                <a class="indexterm" name="id324028"></a>
                 The print queues are set up as <code class="constant">Raw</code> devices, which means that CUPS will 
                 not do intelligent print processing, and vendor-supplied drivers must be installed locally on the 
@@ -298 +298 @@
                 really is just a print queue. The name of the print queue is representative of
                 the device to which the print spooler delivers print jobs.
-                </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2551953"></a>Implementation</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="id324064"></a>Implementation</h4></div></div></div><p>
                 It is assumed that the server is fully installed and ready for configuration of
                 Samba 3.0.20 and for necessary support files. All TCP/IP addresses should be hard-coded.
@@ -304 +304 @@
                 255.255.255.0. The hostname of the server used is <code class="constant">server</code>.
                 The office network is built as shown in <a class="link" href="simple.html#charitynet" title="Figure 1.1. Charity Administration Office Network">&#8220;Charity Administration Office Network&#8221;</a>.
-                </p><div class="figure"><a name="charitynet"></a><p class="title"><b>Figure 1.1. Charity Administration Office Network</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/Charity-Network.png" width="432" alt="Charity Administration Office Network"></div></div></div><br class="figure-break"><div class="procedure"><a name="id2552014"></a><p class="title"><b>Procedure 1.3. Samba Server Configuration</b></p><ol type="1"><li><p>
-                        <a class="indexterm" name="id2552024"></a>
+                </p><div class="figure"><a name="charitynet"></a><p class="title"><b>Figure 1.1. Charity Administration Office Network</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/Charity-Network.png" width="432" alt="Charity Administration Office Network"></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 1.3. Samba Server Configuration"><a name="id324118"></a><p class="title"><b>Procedure 1.3. Samba Server Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id324129"></a>
                         Create a group account for office file storage:
 </p><pre class="screen">
 <code class="prompt">root# </code> groupadd office
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2552048"></a>
-                        <a class="indexterm" name="id2552055"></a>
+                        </p></li><li class="step" title="Step 2"><p>
+                        <a class="indexterm" name="id324152"></a>
+                        <a class="indexterm" name="id324158"></a>
                         Create a user account for office file storage:
 </p><pre class="screen">
@@ -323 +323 @@
 </pre><p>
                         where XXXXXXXX is a secret password.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                                 Use the 3-Ware IDE RAID Controller firmware utilities to configure the four 200GB
                                 drives as a single RAID level 5 drive, with one drive set aside as the hot spare.
                                 (Refer to the 3-Ware RAID Controller Manual for the manufacturer's preferred procedure.)
                                 The resulting drive has a capacity of approximately 500GB of usable space.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2552099"></a>
+                                </p></li><li class="step" title="Step 4"><p>
+                                <a class="indexterm" name="id324197"></a>
                                 Create a mount point for the file system that can be used to store all data files.
                                 Create a directory called <code class="filename">/data</code>:
@@ -338 +338 @@
                                 The 755 permissions on this directory (mount point) permit the owner to read, write, and execute,
                                 and the group and everyone else to read and execute only.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5"><p>
                                 Use SUSE Linux system tools (refer to the SUSE Administrators Guide for correct
                                 procedures) to format the partition with a suitable file system. The reiserfs file system
                                 is suitable. Configure this drive to automount using the <code class="filename">/data</code>
                                 directory as the mount point. It must be mounted before proceeding.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 6"><p>
                                 Under the directory called <code class="filename">/data</code>, create two directories
                                 named <code class="filename">ftmfiles</code> and <code class="filename">officefiles</code>, and set
@@ -361 +361 @@
 /data/officefiles/misc
 </pre><p>
-                                <a class="indexterm" name="id2552207"></a>
+                                <a class="indexterm" name="id324296"></a>
                                 The <code class="literal">chown</code> operation sets the owner to the user <code class="constant">abmas</code>
                                 and the group to <code class="constant">office</code> on all directories just created.  It recursively
@@ -369 +369 @@
                                 created. Any new directories created still have the same owner, group, and permissions as the
                                 directory they are in. This should eliminate all permissions-based file access problems.  For
-                                more information on this subject, refer to TOSHARG2<sup>[<a name="id2552236" href="#ftn.id2552236" class="footnote">3</a>]</sup> or refer
+                                more information on this subject, refer to TOSHARG2<sup>[<a name="id324318" href="#ftn.id324318" class="footnote">3</a>]</sup> or refer
                                 to the UNIX man page for the <code class="literal">chmod</code> and the <code class="literal">chown</code> commands.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 7"><p>
                                 Install the <code class="filename">smb.conf</code> file shown in <a class="link" href="simple.html#charity-smbconfnew" title="Example 1.2. Charity Administration Office smb.conf New-style File">&#8220;Charity Administration Office smb.conf New-style File&#8221;</a> in the
                                 <code class="filename">/etc/samba</code> directory. This newer <code class="filename">smb.conf</code> file uses user-mode security
@@ -380 +380 @@
                                 can install the file shown in <a class="link" href="simple.html#charity-smbconf" title="Example 1.3. Charity Administration Office smb.conf Old-style File">&#8220;Charity Administration Office smb.conf Old-style File&#8221;</a> in the
                                 <code class="filename">/etc/samba</code> directory.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2552304"></a>
+                                </p></li><li class="step" title="Step 8"><p>
+                                <a class="indexterm" name="id324382"></a>
                                 We must ensure that the <code class="literal">smbd</code> can resolve the name of the Samba
                                 server to its IP address. Verify that the <code class="filename">/etc/hosts</code> file
@@ -388 +388 @@
 192.168.1.1     server
 </pre><p>
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 9"><p>
                                 Configure the printers with the IP address as shown in <a class="link" href="simple.html#charitynet" title="Figure 1.1. Charity Administration Office Network">&#8220;Charity Administration Office Network&#8221;</a>.
                                 Follow the instructions in the manufacturer's manual to permit printing to port 9100
                                 so that the CUPS spooler can print using raw mode protocols.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2552349"></a>
+                                </p></li><li class="step" title="Step 10"><p>
+                                <a class="indexterm" name="id324423"></a>
                                 Configure the CUPS Print Queues:
 </p><pre class="screen">
@@ -400 +400 @@
 </pre><p>
                                 This creates the necessary print queues with no assigned print filter.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2552381"></a>
-                                <a class="indexterm" name="id2552388"></a>
-                                <a class="indexterm" name="id2552394"></a>
+                                </p></li><li class="step" title="Step 11"><p>
+                                <a class="indexterm" name="id324452"></a>
+                                <a class="indexterm" name="id324459"></a>
+                                <a class="indexterm" name="id324465"></a>
                                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2552418"></a>
+                                </p></li><li class="step" title="Step 12"><p>
+                                <a class="indexterm" name="id324488"></a>
                                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2552441"></a>
+                                </p></li><li class="step" title="Step 13"><p>
+                                <a class="indexterm" name="id324511"></a>
                                 Use the standard system tool to start Samba and CUPS to configure them to restart
                                 automatically at every system reboot. For example,
                                 </p><p>
-                                <a class="indexterm" name="id2552453"></a>
-                                <a class="indexterm" name="id2552459"></a>
-                                <a class="indexterm" name="id2552466"></a>
+                                <a class="indexterm" name="id324522"></a>
+                                <a class="indexterm" name="id324528"></a>
+                                <a class="indexterm" name="id324535"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig smb on
@@ -428 +428 @@
 <code class="prompt">root# </code> /etc/rc.d/init.d/cups restart
 </pre><p>
-                                </p></li></ol></div><div class="example"><a name="charity-smbconfnew"></a><p class="title"><b>Example 1.2. Charity Administration Office <code class="filename">smb.conf</code> New-style File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global Parameters - Newer Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2552530"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id2552540"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2552551"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2552561"></a><em class="parameter"><code>map to guest = Bad User</code></em></td></tr><tr><td><a class="indexterm" name="id2552572"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2552582"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id2552601"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id2552612"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id2552623"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2552633"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id2552644"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id2552654"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2552664"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id2552683"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id2552694"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id2552704"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2552714"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id2552725"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id2552735"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2552746"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2552764"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id2552776"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2552786"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2552796"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2552807"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2552817"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="charity-smbconf"></a><p class="title"><b>Example 1.3. Charity Administration Office <code class="filename">smb.conf</code> Old-style File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global Parameters - Older Style Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2552859"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id2552869"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td><a class="indexterm" name="id2552880"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2552890"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2552901"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2552911"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2552921"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id2552940"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id2552952"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id2552962"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2552972"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id2552983"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id2552993"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553004"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id2553022"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id2553033"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id2553043"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2553054"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id2553064"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id2553074"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553085"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2553104"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id2553115"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2553125"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553136"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553146"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553157"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="procedure"><a name="id2553168"></a><p class="title"><b>Procedure 1.4. Windows Client Configuration</b></p><ol type="1"><li><p>
+                                </p></li></ol></div><div class="example"><a name="charity-smbconfnew"></a><p class="title"><b>Example 1.2. Charity Administration Office <code class="filename">smb.conf</code> New-style File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters - Newer Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id324598"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id324609"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324619"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324630"></a><em class="parameter"><code>map to guest = Bad User</code></em></td></tr><tr><td><a class="indexterm" name="id324640"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id324650"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id324669"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id324680"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id324690"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id324700"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id324711"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id324721"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324732"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id324750"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id324761"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id324771"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id324782"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id324792"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id324802"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324813"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id324832"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id324842"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id324852"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324863"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324873"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324884"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="charity-smbconf"></a><p class="title"><b>Example 1.3. Charity Administration Office <code class="filename">smb.conf</code> Old-style File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters - Older Style Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id324924"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id324935"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td><a class="indexterm" name="id324945"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324956"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324966"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324976"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id324987"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id325006"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id325016"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id325026"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id325037"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id325047"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id325058"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325068"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id325087"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id325097"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id325108"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id325118"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id325128"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id325139"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325149"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id325168"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id325178"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id325189"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325199"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325210"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325220"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="procedure" title="Procedure 1.4. Windows Client Configuration"><a name="id325232"></a><p class="title"><b>Procedure 1.4. Windows Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                                 Configure clients to the network settings shown in <a class="link" href="simple.html#charitynet" title="Figure 1.1. Charity Administration Office Network">&#8220;Charity Administration Office Network&#8221;</a>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 2"><p>
                                 Ensure that the netmask used on the Windows clients matches that used
                                 for the Samba server. All clients must have the same netmask, such as
                                 <code class="constant">255.255.255.0</code>.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2553202"></a>
+                                </p></li><li class="step" title="Step 3"><p>
+                                <a class="indexterm" name="id325264"></a>
                                 On all Windows clients, set the WINS Server address to <code class="constant">192.168.1.1</code>,
                                 the IP address of the server.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 4"><p>
                                 Set the workgroup name on all clients to <code class="constant">MIDEARTH</code>.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2553230"></a>
-                                Install the &#8220;<span class="quote">Client for Microsoft Networks.</span>&#8221; Ensure that the only option
-                                enabled in its properties is the option &#8220;<span class="quote">Logon and restore network connections.</span>&#8221;
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5"><p>
+                                <a class="indexterm" name="id325290"></a>
+                                Install the <span class="quote">&#8220;<span class="quote">Client for Microsoft Networks.</span>&#8221;</span> Ensure that the only option
+                                enabled in its properties is the option <span class="quote">&#8220;<span class="quote">Logon and restore network connections.</span>&#8221;</span>
+                                </p></li><li class="step" title="Step 6"><p>
                                 Click <span class="guibutton">OK</span> when you are prompted to reboot the system. Reboot the
                                 system, then log on using any username and password you choose.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2553265"></a>
+                                </p></li><li class="step" title="Step 7"><p>
+                                <a class="indexterm" name="id325322"></a>
                                 Verify on each client that the machine called <code class="constant">SERVER</code>
                                 is visible in <span class="guimenu">My Network Places</span>, that it is
                                 possible to connect to it and see the share <span class="guimenuitem">office</span>,
                                 and that it is possible to open that share to reveal its contents.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2553295"></a>
-                                <a class="indexterm" name="id2553301"></a>
+                                </p></li><li class="step" title="Step 8"><p>
+                                <a class="indexterm" name="id325350"></a>
+                                <a class="indexterm" name="id325356"></a>
                                 Disable password caching on all Windows 9x/Me machines using the registry change file
                                 shown in <a class="link" href="simple.html#MEreg" title="Example 1.4. Windows Me Registry Edit File: Disable Password Caching">&#8220;Windows Me  Registry Edit File: Disable Password Caching&#8221;</a>. Be sure to remove all files that have the
@@ -472 +472 @@
 C:\WINDOWS: regedit ME-dpwc.reg
 </pre><p>
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 9"><p>
                                 Instruct all users to log onto the workstation using a name and password of their own
                                 choosing. The Samba server has been
                                 configured to ignore the username and password given.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 10"><p>
                                 On each Windows Me workstation, configure a network drive mapping to drive <code class="filename">G:</code>
                                 that redirects to the uniform naming convention (UNC) resource 
                                 <code class="filename">\\server\office</code>. Make this a permanent drive connection:
-                                </p><div class="procedure"><ol type="1"><li><p>
+                                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 10.1"><p>
                                                                 Right-click <span class="guimenu">My Network</span> &#8594; <span class="guimenuitem">Map Network Drive...</span>
-                                                </p></li><li><p>
-                                                In the box labeled &#8220;<span class="quote">Drive:</span>&#8221;, type G.
-                                                </p></li><li><p>
-                                                In the box labeled &#8220;<span class="quote">Path:</span>&#8221;, enter 
+                                                </p></li><li class="step" title="Step 10.2"><p>
+                                                In the box labeled <span class="quote">&#8220;<span class="quote">Drive:</span>&#8221;</span>, type G.
+                                                </p></li><li class="step" title="Step 10.3"><p>
+                                                In the box labeled <span class="quote">&#8220;<span class="quote">Path:</span>&#8221;</span>, enter 
                                                 <code class="filename">\\server\officefiles</code>.
-                                                </p></li><li><p>
+                                                </p></li><li class="step" title="Step 10.4"><p>
                                                 Click <span class="guimenuitem">Reconnect at logon</span>.
                                                 Click <span class="guibutton">OK</span>.
-                                                </p></li></ol></div></li><li><p>
+                                                </p></li></ol></div></li><li class="step" title="Step 11"><p>
                                 On each workstation, install the FTM software following the
                                 manufacturer's instructions.
-                                </p><div class="procedure"><ol type="1"><li><p>
+                                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 11.1"><p>
                                         During installation, you are prompted for the name of the Windows 98
                                         server. Enter the name <code class="constant">SERVER</code>.
-                                        </p></li><li><p>
+                                        </p></li><li class="step" title="Step 11.2"><p>
                                         You are prompted for the name of the data share.
                                         The prompt defaults to <code class="constant">FTMFILES</code>. Press enter to accept the default value.
-                                        </p></li><li><p>
+                                        </p></li><li class="step" title="Step 11.3"><p>
                                         You are now prompted for the print queue name. The default prompt is the name of
                                         the server you entered (<code class="constant">SERVER</code> as follows:
                                         <code class="constant">\\SERVER\PRINTQ</code>). Simply accept the default and press enter to
                                         continue. The software now completes the installation.
-                                        </p></li></ol></div></li><li><p>
+                                        </p></li></ol></div></li><li class="step" title="Step 12"><p>
                                 Install an office automation software package of the customer's choice. Either Microsoft
                                 Office 2003 Standard or OpenOffice 1.1.0 suffices for any functions the office may
                                 need to perform. Repeat this on each workstation.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 13"><p>
                                 Install a printer on each workstation using the following steps:
-                                </p><div class="procedure"><ol type="1"><li><p>
+                                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 13.1"><p>
                                                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>.
                                                         Ensure that <span class="guimenuitem">Local printer</span> is selected.
-                                                </p></li><li><p>
+                                                </p></li><li class="step" title="Step 13.2"><p>
                                                 Click <span class="guibutton">Next</span>. In the Manufacturer: panel, select
                                                 <code class="constant">HP</code>. In the Printers: panel, select the printer called
                                                 <code class="constant">HP LaserJet 5/5M Postscript</code>. Click <span class="guibutton">Next</span>.
-                                                </p></li><li><p>
+                                                </p></li><li class="step" title="Step 13.3"><p>
                                                 In the Available ports: panel, select <code class="constant">FILE:</code>. Accept the
                                                 default printer name by clicking <span class="guibutton">Next</span>. When asked,
-                                                &#8220;<span class="quote">Would you like to print a test page?</span>&#8221;, click
+                                                <span class="quote">&#8220;<span class="quote">Would you like to print a test page?</span>&#8221;</span>, click
                                                 <span class="guimenuitem">No</span>. Click <span class="guibutton">Finish</span>.
-                                                </p></li><li><p>
+                                                </p></li><li class="step" title="Step 13.4"><p>
                                                 You may be prompted for the name of a file to print to. If so, close the
                                                 dialog panel. Right-click <span class="guiicon">HP LaserJet 5/5M Postscript</span> &#8594; <span class="guimenuitem">Properties</span> &#8594; <span class="guisubmenu">Details (Tab)</span> &#8594; <span class="guimenuitem">Add Port</span>.
-                                                </p></li><li><p>
+                                                </p></li><li class="step" title="Step 13.5"><p>
                                                 In the Network panel, enter the name of
                                                 the print queue on the Samba server as follows: <code class="constant">\\SERVER\hplj5</code>.
                                                 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation.
-                                                </p></li><li><p>
+                                                </p></li><li class="step" title="Step 13.6"><p>
                                                 It is a good idea to test the functionality of the complete installation before
                                                 handing the newly configured network over to the Charity Administration Office
                                                 for production use.
-                                                </p></li></ol></div></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2553705"></a>Validation</h4></div></div></div><p>
+                                                </p></li></ol></div></li></ol></div></div><div class="sect3" title="Validation"><div class="titlepage"><div><div><h4 class="title"><a name="id325734"></a>Validation</h4></div></div></div><p>
                 Use the same validation process as was followed in <a class="link" href="simple.html#validate1" title="Validation">&#8220;Validation&#8221;</a>.
-                </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="AccountingOffice"></a>Accounting Office</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Accounting Office"><div class="titlepage"><div><div><h3 class="title"><a name="AccountingOffice"></a>Accounting Office</h3></div></div></div><p>
         Abmas Accounting is a 40-year-old family-run business. There are nine permanent
         computer users. The network clients were upgraded two years ago. All computers run Windows 2000
@@ -552 +552 @@
         on the server.
         </p><p>
-        <a class="indexterm" name="id2553768"></a>
+        <a class="indexterm" name="id325783"></a>
         The new server will run Red Hat Fedora Core2. You should install Samba-3.0.20 and 
         copy all files from the old system to the new one. The existing Windows NT4 server has a parallel
         port HP LaserJet 4 printer that is shared by all. The printer driver is installed on each
         workstation. You must not change anything on the workstations. Mr. Meany gave instructions to
-        replace the server, &#8220;<span class="quote">but leave everything else alone to avoid staff unrest.</span>&#8221;
+        replace the server, <span class="quote">&#8220;<span class="quote">but leave everything else alone to avoid staff unrest.</span>&#8221;</span>
         </p><p>
         You have tried to educate Mr. Meany and found that he has no desire to understand networking.
-        He believes that Windows for Workgroups 3.11 was &#8220;<span class="quote">the best server Microsoft ever sold
-        </span>&#8221; and that Windows NT and 2000 are &#8220;<span class="quote">too fang-dangled complex!</span>&#8221;
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2553799"></a>Dissection and Discussion</h4></div></div></div><p>
-                        <a class="indexterm" name="id2553807"></a>
+        He believes that Windows for Workgroups 3.11 was <span class="quote">&#8220;<span class="quote">the best server Microsoft ever sold
+        </span>&#8221;</span> and that Windows NT and 2000 are <span class="quote">&#8220;<span class="quote">too fang-dangled complex!</span>&#8221;</span>
+        </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id325807"></a>Dissection and Discussion</h4></div></div></div><p>
+                        <a class="indexterm" name="id325814"></a>
                         The requirements of this network installation are not unusual. The staff are not interested in the
                         details of networking. Passwords are never changed. In this example solution, we demonstrate the use
@@ -574 +574 @@
                         You have finished configuring the new hardware and have just completed installation of Red Hat 
                         Fedora Core2. Roll up your sleeves and let's get to work.
-                        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="AcctgNet"></a>Implementation</h4></div></div></div><p>
+                        </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="AcctgNet"></a>Implementation</h4></div></div></div><p>
                 The workstations have fixed IP addresses. The old server runs Windows NT4 Workstation, so it 
                 cannot be running as a WINS server. It is best that the new configuration preserves the same
@@ -583 +583 @@
                 <a class="link" href="simple.html#acctingnet2" title="Figure 1.2. Accounting Office Network Topology">&#8220;Accounting Office Network Topology&#8221;</a>. All machines have been configured as indicated prior to the
                 start of Samba configuration. The following prescriptive steps may now commence.
-                </p><div class="figure"><a name="acctingnet2"></a><p class="title"><b>Figure 1.2. Accounting Office Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/AccountingNetwork.png" width="459" alt="Accounting Office Network Topology"></div></div></div><br class="figure-break"><div class="table"><a name="acctingnet"></a><p class="title"><b>Table 1.1. Accounting Office Network Information</b></p><div class="table-contents"><table summary="Accounting Office Network Information" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="left">User</th><th align="left">Login-ID</th><th align="left">Password</th><th align="left">Share Name</th><th align="left">Directory</th><th align="left">Wkst</th></tr></thead><tbody><tr><td align="left">Alan Meany</td><td align="left">alan</td><td align="left">alm1961</td><td align="left">alan</td><td align="left">/data</td><td align="left">PC1</td></tr><tr><td align="left">James Meany</td><td align="left">james</td><td align="left">jimm1962</td><td align="left">james</td><td align="left">/data/james</td><td align="left">PC2</td></tr><tr><td align="left">Jeannie Meany</td><td align="left">jeannie</td><td align="left">jema1965</td><td align="left">jeannie</td><td align="left">/data/jeannie</td><td align="left">PC3</td></tr><tr><td align="left">Suzy Millicent</td><td align="left">suzy</td><td align="left">suzy1967</td><td align="left">suzy</td><td align="left">/data/suzy</td><td align="left">PC4</td></tr><tr><td align="left">Ursula Jenning</td><td align="left">ujen</td><td align="left">ujen1974</td><td align="left">ursula</td><td align="left">/data/ursula</td><td align="left">PC5</td></tr><tr><td align="left">Peter Pan</td><td align="left">peter</td><td align="left">pete1984</td><td align="left">peter</td><td align="left">/data/peter</td><td align="left">PC6</td></tr><tr><td align="left">Dale Roland</td><td align="left">dale</td><td align="left">dale1986</td><td align="left">dale</td><td align="left">/data/dale</td><td align="left">PC7</td></tr><tr><td align="left">Bertrand E Paoletti</td><td align="left">eric</td><td align="left">eric1993</td><td align="left">eric</td><td align="left">/data/eric</td><td align="left">PC8</td></tr><tr><td align="left">Russell Lewis</td><td align="left">russ</td><td align="left">russ2001</td><td align="left">russell</td><td align="left">/data/russell</td><td align="left">PC9</td></tr></tbody></table></div></div><br class="table-break"><div class="procedure"><a name="id2554178"></a><p class="title"><b>Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3</b></p><ol type="1"><li><p><a class="indexterm" name="id2554188"></a>
+                </p><div class="figure"><a name="acctingnet2"></a><p class="title"><b>Figure 1.2. Accounting Office Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/AccountingNetwork.png" width="459" alt="Accounting Office Network Topology"></div></div></div><br class="figure-break"><div class="table"><a name="acctingnet"></a><p class="title"><b>Table 1.1. Accounting Office Network Information</b></p><div class="table-contents"><table summary="Accounting Office Network Information" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="left">User</th><th align="left">Login-ID</th><th align="left">Password</th><th align="left">Share Name</th><th align="left">Directory</th><th align="left">Wkst</th></tr></thead><tbody><tr><td align="left">Alan Meany</td><td align="left">alan</td><td align="left">alm1961</td><td align="left">alan</td><td align="left">/data</td><td align="left">PC1</td></tr><tr><td align="left">James Meany</td><td align="left">james</td><td align="left">jimm1962</td><td align="left">james</td><td align="left">/data/james</td><td align="left">PC2</td></tr><tr><td align="left">Jeannie Meany</td><td align="left">jeannie</td><td align="left">jema1965</td><td align="left">jeannie</td><td align="left">/data/jeannie</td><td align="left">PC3</td></tr><tr><td align="left">Suzy Millicent</td><td align="left">suzy</td><td align="left">suzy1967</td><td align="left">suzy</td><td align="left">/data/suzy</td><td align="left">PC4</td></tr><tr><td align="left">Ursula Jenning</td><td align="left">ujen</td><td align="left">ujen1974</td><td align="left">ursula</td><td align="left">/data/ursula</td><td align="left">PC5</td></tr><tr><td align="left">Peter Pan</td><td align="left">peter</td><td align="left">pete1984</td><td align="left">peter</td><td align="left">/data/peter</td><td align="left">PC6</td></tr><tr><td align="left">Dale Roland</td><td align="left">dale</td><td align="left">dale1986</td><td align="left">dale</td><td align="left">/data/dale</td><td align="left">PC7</td></tr><tr><td align="left">Bertrand E Paoletti</td><td align="left">eric</td><td align="left">eric1993</td><td align="left">eric</td><td align="left">/data/eric</td><td align="left">PC8</td></tr><tr><td align="left">Russell Lewis</td><td align="left">russ</td><td align="left">russ2001</td><td align="left">russell</td><td align="left">/data/russell</td><td align="left">PC9</td></tr></tbody></table></div></div><br class="table-break"><div class="procedure" title="Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3"><a name="id326171"></a><p class="title"><b>Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id326181"></a>
                         Rename the old server from <code class="constant">CASHPOOL</code> to <code class="constant">STABLE</code>
                         by logging onto the console as the <code class="constant">Administrator</code>. Restart the machine
                         following system prompts.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Name the new server <code class="constant">CASHPOOL</code> using the standard configuration method.
                         Restart the machine following system prompts.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         Install the latest Samba-3 binary Red Hat Linux RPM that is available from the
                         Samba FTP site.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554234"></a>
-                        <a class="indexterm" name="id2554240"></a>
+                        </p></li><li class="step" title="Step 4"><p>
+                        <a class="indexterm" name="id326223"></a>
+                        <a class="indexterm" name="id326230"></a>
                         Add a group account for the office to use. Execute the following:
 </p><pre class="screen">
 <code class="prompt">root# </code> groupadd accts
 </pre><p>
-                        </p></li><li><p>
-                        Install the <code class="filename">smb.conf</code> file shown<sup>[<a name="id2554269" href="#ftn.id2554269" class="footnote">4</a>]</sup> 
+                        </p></li><li class="step" title="Step 5"><p>
+                        Install the <code class="filename">smb.conf</code> file shown<sup>[<a name="id326258" href="#ftn.id326258" class="footnote">4</a>]</sup> 
                         in <a class="link" href="simple.html#acctconf" title="Example 1.5. Accounting Office Network smb.conf Old Style Configuration File">&#8220;Accounting Office Network smb.conf Old Style Configuration File&#8221;</a>.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554302"></a>
-                        <a class="indexterm" name="id2554308"></a>
-                        <a class="indexterm" name="id2554314"></a>
+                        </p></li><li class="step" title="Step 6"><p>
+                        <a class="indexterm" name="id326289"></a>
+                        <a class="indexterm" name="id326296"></a>
+                        <a class="indexterm" name="id326302"></a>
                         For each user who uses this system (see <a class="link" href="simple.html#acctingnet" title="Table 1.1. Accounting Office Network Information">&#8220;Accounting Office Network Information&#8221;</a>),
                         execute the following:
@@ -620 +620 @@
 Added user "LoginID"
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554363"></a>
+                        </p></li><li class="step" title="Step 7"><p>
+                        <a class="indexterm" name="id326344"></a>
                         Create the directory structure for the file shares by executing the following:
 </p><pre class="screen">
@@ -635 +635 @@
 </pre><p>
                         The data storage structure is now prepared for use.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554412"></a>
+                        </p></li><li class="step" title="Step 8"><p>
+                        <a class="indexterm" name="id326390"></a>
                         Configure the CUPS Print Queues:
 </p><pre class="screen">
@@ -642 +642 @@
 </pre><p>
                         This creates the necessary print queues with no assigned print filter.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554438"></a>
-                        <a class="indexterm" name="id2554444"></a>
+                        </p></li><li class="step" title="Step 9"><p>
+                        <a class="indexterm" name="id326414"></a>
+                        <a class="indexterm" name="id326420"></a>
                         Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554468"></a>
-                        <a class="indexterm" name="id2554474"></a>
+                        </p></li><li class="step" title="Step 10"><p>
+                        <a class="indexterm" name="id326444"></a>
+                        <a class="indexterm" name="id326450"></a>
                         Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2554497"></a>
+                        </p></li><li class="step" title="Step 11"><p>
+                        <a class="indexterm" name="id326473"></a>
                         Use the standard system tool to start Samba and CUPS to configure them to restart
                         automatically at every system reboot. For example,
                         </p><p>
-                        <a class="indexterm" name="id2554509"></a>
-                        <a class="indexterm" name="id2554516"></a>
-                        <a class="indexterm" name="id2554522"></a>
+                        <a class="indexterm" name="id326484"></a>
+                        <a class="indexterm" name="id326490"></a>
+                        <a class="indexterm" name="id326497"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig smb on
@@ -670 +670 @@
 <code class="prompt">root# </code> /etc/rc.d/init.d/cups restart
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 12"><p>
                         On Alan's workstation, use Windows Explorer to migrate the files from the old server
                         to the new server. The new server should appear in the <span class="guimenu">Network Neighborhood</span>
                         with the name of the old server (<code class="constant">CASHPOOL</code>).
-                        </p><div class="procedure"><ol type="1"><li><p>
+                        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 12.1"><p>
                                         Log on to Alan's workstation as the user <code class="constant">alan</code>.
-                                        </p></li><li><p>
+                                        </p></li><li class="step" title="Step 12.2"><p>
                                         Launch a second instance of Windows Explorer and navigate to the share called
                                         <span class="guiicon">files</span> on the server called <span class="guimenu">STABLE</span>.
-                                        </p></li><li><p>
+                                        </p></li><li class="step" title="Step 12.3"><p>
                                         Click in the right panel, and press <span class="guimenu">Ctrl-A</span> to select all files and
                                         directories. Press <span class="guimenu">Ctrl-C</span> to instruct Windows that you wish to
                                         copy all selected items.
-                                        </p></li><li><p>
+                                        </p></li><li class="step" title="Step 12.4"><p>
                                         Launch the Windows Explorer, and navigate to the share called <span class="guiicon">files</span>
                                         on the server called <span class="guimenu">CASHPOOL</span>. Click in the right panel, and then press
                                         <span class="guimenu">Ctrl-V</span> to commence the copying process.
-                                        </p></li></ol></div></li><li><p>
+                                        </p></li></ol></div></li><li class="step" title="Step 13"><p>
                         Verify that the files are being copied correctly from the Windows NT4 machine to the Samba-3 server.
                         This is best done on the Samba-3 server. Check the contents of the directory tree under 
@@ -704 +704 @@
 <code class="prompt">root# </code> chmod -R ug+rwxs,o-r+x /data
 </pre><p>
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 14"><p>
                         The migration of all data should now be complete. It is time to validate the installation.
                         For this, you should make sure all applications, including printing, work before asking the
                         customer to test drive the new network.
-                        </p></li></ol></div><div class="example"><a name="acctconf"></a><p class="title"><b>Example 1.5. Accounting Office Network <code class="filename">smb.conf</code> Old Style Configuration File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2554750"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id2554761"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2554771"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2554781"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2554792"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[files]</code></em></td></tr><tr><td><a class="indexterm" name="id2554811"></a><em class="parameter"><code>comment = Work area files</code></em></td></tr><tr><td><a class="indexterm" name="id2554822"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id2554832"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[master]</code></em></td></tr><tr><td><a class="indexterm" name="id2554851"></a><em class="parameter"><code>comment = Master work area files</code></em></td></tr><tr><td><a class="indexterm" name="id2554862"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id2554872"></a><em class="parameter"><code>valid users = alan</code></em></td></tr><tr><td><a class="indexterm" name="id2554883"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2554902"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id2554913"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2554923"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2554934"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2554944"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2554954"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2554969"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ol></div><div class="example"><a name="acctconf"></a><p class="title"><b>Example 1.5. Accounting Office Network <code class="filename">smb.conf</code> Old Style Configuration File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id326708"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id326718"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id326729"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326739"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id326750"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[files]</code></em></td></tr><tr><td><a class="indexterm" name="id326768"></a><em class="parameter"><code>comment = Work area files</code></em></td></tr><tr><td><a class="indexterm" name="id326779"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id326789"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[master]</code></em></td></tr><tr><td><a class="indexterm" name="id326808"></a><em class="parameter"><code>comment = Master work area files</code></em></td></tr><tr><td><a class="indexterm" name="id326818"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id326829"></a><em class="parameter"><code>valid users = alan</code></em></td></tr><tr><td><a class="indexterm" name="id326839"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id326858"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id326868"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id326879"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326889"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326900"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326910"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id326925"></a>Questions and Answers</h2></div></div></div><p>
         The following questions and answers draw from the examples in this chapter.
         Many design decisions are impacted by the configurations chosen. The intent
         is to expose some of the hidden implications.
-        </p><div class="qandaset"><dl><dt> <a href="simple.html#id2554987">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id326935"></a><dl><dt> <a href="simple.html#id326941">
                 What makes an anonymous Samba server more simple than a non-anonymous Samba server?
-                </a></dt><dt> <a href="simple.html#id2555013">
+                </a></dt><dt> <a href="simple.html#id326964">
                 How is the operation of the parameter force user different from
                 setting the root directory of the share SUID?
-                </a></dt><dt> <a href="simple.html#id2555064">
+                </a></dt><dt> <a href="simple.html#id327008">
                 When would you both use the per share parameter force user and set
                 the share root directory SUID?
-                </a></dt><dt> <a href="simple.html#id2555091">
+                </a></dt><dt> <a href="simple.html#id327031">
                 What is better about CUPS printing than LPRng printing?
-                </a></dt><dt> <a href="simple.html#id2555135">
+                </a></dt><dt> <a href="simple.html#id327065">
                 When should Windows client IP addresses be hard-coded?
-                </a></dt><dt> <a href="simple.html#id2555161">
+                </a></dt><dt> <a href="simple.html#id327086">
                 Under what circumstances is it best to use a DHCP server?
-                </a></dt><dt> <a href="simple.html#id2555200">
+                </a></dt><dt> <a href="simple.html#id327117">
                 What is the purpose of setting the parameter guest ok on a share?
-                </a></dt><dt> <a href="simple.html#id2555224">
+                </a></dt><dt> <a href="simple.html#id327140">
                 When would you set the global parameter disable spoolss?
-                </a></dt><dt> <a href="simple.html#id2555310">
+                </a></dt><dt> <a href="simple.html#id327209">
                 Why would you disable password caching on Windows 9x/Me clients?
-                </a></dt><dt> <a href="simple.html#id2555334">
+                </a></dt><dt> <a href="simple.html#id327230">
                 The example of Abmas Accounting uses User Mode security. How does this provide anonymous access?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2554987"></a><a name="id2554989"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id326941"></a><a name="id326943"></a></td><td align="left" valign="top"><p>
                 What makes an anonymous Samba server more simple than a non-anonymous Samba server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -741 +741 @@
                 UNIX system and to the Samba configuration. Non-anonymous servers require additional
                 administration.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555013"></a><a name="id2555015"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id326964"></a><a name="id326966"></a></td><td align="left" valign="top"><p>
                 How is the operation of the parameter <em class="parameter"><code>force user</code></em> different from
                 setting the root directory of the share SUID?
@@ -755 +755 @@
                 The parameter <em class="parameter"><code>force user</code></em> has potential security implications that go
                 beyond the actual share root directory. Be careful and wary of using this parameter.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555064"></a><a name="id2555066"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327008"></a><a name="id327010"></a></td><td align="left" valign="top"><p>
                 When would you both use the per share parameter <em class="parameter"><code>force user</code></em> and set
                 the share root directory SUID?
@@ -762 +762 @@
                 are conducted as the forced user, while all file and directory creation are done as the SUID
                 directory owner.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555091"></a><a name="id2555093"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327031"></a><a name="id327034"></a></td><td align="left" valign="top"><p>
                 What is better about CUPS printing than LPRng printing?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -780 +780 @@
                 Which spooling system is better is a matter of personal taste. It depends on what you want to do and how you want to
                 do it and manage it. Most modern Linux systems ship with CUPS as the default print management system.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555135"></a><a name="id2555137"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327065"></a><a name="id327067"></a></td><td align="left" valign="top"><p>
                 When should Windows client IP addresses be hard-coded?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -789 +789 @@
                 for a DHCP server. This reduces maintenance overheads and eliminates a possible point of network
                 failure.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555161"></a><a name="id2555163"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327086"></a><a name="id327088"></a></td><td align="left" valign="top"><p>
                 Under what circumstances is it best to use a DHCP server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -805 +805 @@
                 assigned IP addresses with the DNS server. The benefits of Dynamic DNS (DDNS) are considerable in 
                 a large Windows network environment.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555200"></a><a name="id2555202"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327117"></a><a name="id327119"></a></td><td align="left" valign="top"><p>
                 What is the purpose of setting the parameter <em class="parameter"><code>guest ok</code></em> on a share?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 If this parameter is set to yes for a service, then no password is required to connect to the service.
                 Privileges are those of the guest account.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555224"></a><a name="id2555226"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327140"></a><a name="id327142"></a></td><td align="left" valign="top"><p>
                 When would you set the global parameter <em class="parameter"><code>disable spoolss</code></em>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -831 +831 @@
                 access rights associated with the logged on user. If the user possesses local administrator rights but not root
                 privilege on the Samba host (often the case), the <em class="parameter"><code>OpenPrinterEx()</code></em> call fails. The result is
-                that the client now displays an &#8220;<span class="quote">Access Denied; Unable to connect</span>&#8221; message in the printer queue window
+                that the client now displays an <span class="quote">&#8220;<span class="quote">Access Denied; Unable to connect</span>&#8221;</span> message in the printer queue window
                 (even though jobs may be printed successfully). This parameter MUST not be enabled on a print share that has a valid
                 print driver installed on the Samba server.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555310"></a><a name="id2555312"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327209"></a><a name="id327211"></a></td><td align="left" valign="top"><p>
                 Why would you disable password caching on Windows 9x/Me clients?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -841 +841 @@
                 machine) and decrypted, thus revealing the user's access credentials for all systems the user may have accessed.
                 It is most insecure to allow any Windows 9x/Me client to operate with password caching enabled.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2555334"></a><a name="id2555336"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327230"></a><a name="id327232"></a></td><td align="left" valign="top"><p>
                 The example of Abmas Accounting uses User Mode security. How does this provide anonymous access?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -849 +849 @@
                 password are the same as those set on the Samba server, access is transparent and does not require
                 separate user authentication.
-                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2550854" href="#id2550854" class="para">1</a>] </sup>The examples given mirror those documented
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id323099" href="#id323099" class="para">1</a>] </sup>The examples given mirror those documented
         in The Official Samba-3 HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 2, Section 2.3.1. You may gain additional
         insight from the standalone server configurations covered in TOSHARG2, sections 2.3.1.2 through 2.3.1.4.
-        </p></div><div class="footnote"><p><sup>[<a name="ftn.id2551032" href="#id2551032" class="para">2</a>] </sup>
+        </p></div><div class="footnote"><p><sup>[<a name="ftn.id323243" href="#id323243" class="para">2</a>] </sup>
                 This information is given purely as an example of how data may be stored in such a way that it
                 will be easy to locate records at a later date. The example is not meant to imply any instructions
                 that may be construed as essential to the design of the solution; this is something you will almost
-                certainly want to determine for yourself.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2552236" href="#id2552236" class="para">3</a>] </sup>The Official Samba-3 HOWTO and
-                                                Reference Guide, Chapter 15, File, Directory and Share Access Controls.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2554269" href="#id2554269" class="para">4</a>] </sup>This example uses the 
+                certainly want to determine for yourself.</p></div><div class="footnote"><p><sup>[<a name="ftn.id324318" href="#id324318" class="para">3</a>] </sup>The Official Samba-3 HOWTO and
+                                                Reference Guide, Chapter 15, File, Directory and Share Access Controls.</p></div><div class="footnote"><p><sup>[<a name="ftn.id326258" href="#id326258" class="para">4</a>] </sup>This example uses the 
                         <em class="parameter"><code>smbpasswd</code></em> file in an obtuse way, since the use of 
                         the <em class="parameter"><code>passdb backend</code></em> has not been specified in the <code class="filename">smb.conf</code> 

trunk/server/docs/htmldocs/Samba3-ByExample/small.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. Small Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="simple.html" title="Chapter 1. No-Frills Samba Servers"><link rel="next" href="secure.html" title="Chapter 3. Secure Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. Small Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="simple.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="secure.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="small"></a>Chapter 2. Small Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="small.html#id2555439">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2555462">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2555522">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2555570">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id2555768">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2555790">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id2557337">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id2557985">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id2558010">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id2558084">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. Small Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="simple.html" title="Chapter 1. No-Frills Samba Servers"><link rel="next" href="secure.html" title="Chapter 3. Secure Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. Small Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="simple.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="secure.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 2. Small Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="small"></a>Chapter 2. Small Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="small.html#id327308">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327326">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327416">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id327588">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327606">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id329058">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id329633">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id329652">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id329716">Questions and Answers</a></span></dt></dl></div><p>
         <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">&#8220;No-Frills Samba Servers&#8221;</a> focused on the basics of simple yet effective
         network solutions. Network administrators who take pride in their work
@@ -9 +9 @@
         good advice that the following two scenarios illustrate.
         </p><p>
-        <a class="indexterm" name="id2555395"></a>
+        <a class="indexterm" name="id327280"></a>
         In one case the network administrator of a mid-sized company spent three
         months building a new network to replace an old Netware server. What he
@@ -34 +34 @@
         new innovations. He always asked the users if a
         particular feature was what they wanted. He asked his boss for a raise
-        and got it. He often told me, &#8220;<span class="quote">Always keep a few new tricks up your
-        sleeves for when you need them.</span>&#8221; Was he smart? You decide. Let's
+        and got it. He often told me, <span class="quote">&#8220;<span class="quote">Always keep a few new tricks up your
+        sleeves for when you need them.</span>&#8221;</span> Was he smart? You decide. Let's
         get on with our next exercise.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2555439"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id327308"></a>Introduction</h2></div></div></div><p>
         Abmas Accounting has grown. Mr. Meany likes you and says he knew you
         were the right person for the job. That's why he asked you to install the
@@ -48 +48 @@
         some of the workstations that came with the acquired business and found some machines in need of both
         hardware and software maintenance.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555462"></a>Assignment Tasks</h3></div></div></div><p>
-                <a class="indexterm" name="id2555469"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id327326"></a>Assignment Tasks</h3></div></div></div><p>
+                <a class="indexterm" name="id327333"></a>
                 Mr. Meany is retiring in 12 months. Before he goes, he wants you to help ensure
                 that the business is running efficiently. Many of the new staff want notebook
@@ -81 +81 @@
                 user accounts from the Windows desktop. That person will be responsible for
                 basic operations.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2555522"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id327371"></a>Dissection and Discussion</h2></div></div></div><p>
         What are the key requirements in this business example? A quick review indicates
         a need for
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Scalability, from 52 to over 100 users in 12 months
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Mobile computing capability
-                <a class="indexterm" name="id2555543"></a>
-                </p></li><li><p>
+                <a class="indexterm" name="id327391"></a>
+                </p></li><li class="listitem"><p>
                 Improved reliability and usability
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Easier administration
                 </p></li></ul></div><p>
@@ -97 +97 @@
         (as in <a class="link" href="simple.html#AccountingOffice" title="Accounting Office">&#8220;Accounting Office&#8221;</a>).
 
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555570"></a>Technical Issues</h3></div></div></div><p>
-                <a class="indexterm" name="id2555577"></a>
-                <a class="indexterm" name="id2555584"></a>
-                <a class="indexterm" name="id2555590"></a>
-                <a class="indexterm" name="id2555596"></a>
-                <a class="indexterm" name="id2555602"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id327416"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id327424"></a>
+                <a class="indexterm" name="id327430"></a>
+                <a class="indexterm" name="id327436"></a>
+                <a class="indexterm" name="id327443"></a>
+                <a class="indexterm" name="id327449"></a>
                 It is time to implement a domain security environment. You will use the <code class="constant">
                 smbpasswd</code> (default) backend. You should implement a DHCP server. There is no need to
@@ -111 +111 @@
                 the printer a fixed IP address by way of its Ethernet interface (MAC) address.
                 See <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
-                </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 The <code class="filename">smb.conf</code> file you are creating in this exercise can be used with equal effectiveness
                 with Samba-2.2.x series releases. This is deliberate so that in the next chapter it is
@@ -123 +123 @@
                 other enhancements. It is important that you plan accordingly.
                 </p><p>
-                <a class="indexterm" name="id2555662"></a>
+                <a class="indexterm" name="id327498"></a>
                 You have split the network into two separate areas. Each has its own Ethernet switch.
                 There are 20 users on the accounting network and 32 users on the financial services
@@ -138 +138 @@
                 hostname name resolution.
                 </p><p>
-                <a class="indexterm" name="id2555692"></a>
-                <a class="indexterm" name="id2555700"></a>
+                <a class="indexterm" name="id327521"></a>
+                <a class="indexterm" name="id327530"></a>
                 It is necessary to map Windows Domain Groups to UNIX groups. It is
                 advisable to also map Windows Local Groups to UNIX groups. Additionally, the two
@@ -156 +156 @@
                 more information.
                 </p><p>
-                <a class="indexterm" name="id2555755"></a>
+                <a class="indexterm" name="id327576"></a>
                 Vendor-supplied printer drivers will be installed on each client. The CUPS print
                 spooler on the UNIX host will be operated in <code class="constant">raw</code> mode.
-                </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2555768"></a>Political Issues</h3></div></div></div><p>
+                </p></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id327588"></a>Political Issues</h3></div></div></div><p>
                 Mr. Meany is an old-school manager. He sets the rules and wants to see compliance.
                 He is willing to spend money on things he believes are of value. You need more
@@ -167 +167 @@
                 supplied with antivirus software? Above all, demonstrate good purchase value and remember
                 to make your users happy.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2555790"></a>Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id2555797"></a>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id327606"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id327614"></a>
         In this example, the assumption is made that this server is being configured from a clean start.
         The alternate approach could be to demonstrate the migration of the system that is documented
@@ -176 +176 @@
         Additionally, a fresh installation makes the example easier to follow.
         </p><p>
-        <a class="indexterm" name="id2555823"></a>
+        <a class="indexterm" name="id327636"></a>
         Each user will be given a home directory on the UNIX system, which will be available as a private
         share. Two additional shares will be created, one for the accounting department and the other for
@@ -182 +182 @@
         of group membership.
         </p><p>
-        <a class="indexterm" name="id2555838"></a>
+        <a class="indexterm" name="id327648"></a>
         UNIX group membership is the primary mechanism by which Windows Domain users will be granted
         rights and privileges within the Windows environment.
         </p><p>
-        <a class="indexterm" name="id2555852"></a>
+        <a class="indexterm" name="id327661"></a>
         The user <code class="literal">alanm</code> will be made the owner of all files. This will be preserved
         by setting the sticky bit (set UID/GID) on the top-level directories.
         </p><p>
         </p><div class="figure"><a name="acct2net"></a><p class="title"><b>Figure 2.1. Abmas Accounting  52-User Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/acct2net.png" alt="Abmas Accounting 52-User Network Topology"></div></div></div><p><br class="figure-break">
-</p><div class="procedure"><a name="id2555910"></a><p class="title"><b>Procedure 2.1. Server Installation Steps</b></p><ol type="1"><li><p>
+</p><div class="procedure" title="Procedure 2.1. Server Installation Steps"><a name="id327717"></a><p class="title"><b>Procedure 2.1. Server Installation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Using UNIX/Linux system tools, name the server <code class="constant">sleeth</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2555931"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id327737"></a>
                 Place an entry for the machine <code class="constant">sleeth</code> in the <code class="filename">/etc/hosts</code>.
                 The printers are network attached, so there should be entries for the
@@ -205 +205 @@
 192.168.2.10    qms
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Install the Samba-3 binary RPM from the Samba-Team FTP site.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Install the ISC DHCP server using the UNIX/Linux system tools available to you.
-                </p></li><li><p>
-                <a class="indexterm" name="id2555982"></a>
-                <a class="indexterm" name="id2555988"></a>
-                <a class="indexterm" name="id2555995"></a>
-                <a class="indexterm" name="id2556001"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id327784"></a>
+                <a class="indexterm" name="id327791"></a>
+                <a class="indexterm" name="id327797"></a>
+                <a class="indexterm" name="id327803"></a>
                 Because Samba will be operating over two network interfaces and clients on each side
                 may want to be able to reach clients on the other side, it is imperative that IP forwarding
@@ -223 +223 @@
 </pre><p>
                 This causes the Linux kernel to forward IP packets so that it acts as a router.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Install the <code class="filename">smb.conf</code> file as shown in <a class="link" href="small.html#acct2conf" title="Example 2.3. Accounting Office Network smb.conf File [globals] Section">&#8220;Accounting Office Network smb.conf File  [globals] Section&#8221;</a> and
                 <a class="link" href="small.html#acct3conf" title="Example 2.4. Accounting Office Network smb.conf File Services and Shares Section">&#8220;Accounting Office Network smb.conf File  Services and Shares Section&#8221;</a>. Combine these two examples to form a single
                 <code class="filename">/etc/samba/smb.conf</code> file.
-                </p></li><li><p>
-                <a class="indexterm" name="id2556060"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id327856"></a>
                 Add the user <code class="literal">root</code> to the Samba password backend:
 </p><pre class="screen">
@@ -236 +236 @@
 <code class="prompt">root# </code>
 </pre><p>
-                <a class="indexterm" name="id2556089"></a>
+                <a class="indexterm" name="id327884"></a>
                 This is the Windows Domain Administrator password. Never delete this account from
                 the password backend after Windows Domain Groups have been initialized. If you delete
                 this account, your system is crippled. You cannot restore this account,
                 and your Samba server can no longer be administered.
-                </p></li><li><p>
-                <a class="indexterm" name="id2556107"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id327899"></a>
                 Create the username map file to permit the <code class="constant">root</code> account to be called
                 <code class="constant">Administrator</code> from the Windows network environment. To do this, create
@@ -268 +268 @@
 ####
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2556147"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id327933"></a>
                 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in
                 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">&#8220;Script to Map Windows NT Groups to UNIX Groups&#8221;</a>. Create a file containing this script. We called ours
@@ -275 +275 @@
                 and then execute the script. Sample output should be as follows:
 
-</p><div class="example"><a name="initGrps"></a><p class="title"><b>Example 2.1. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id2556176"></a><pre class="screen">
+</p><div class="example"><a name="initGrps"></a><p class="title"><b>Example 2.1. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id327958"></a><pre class="screen">
 #!/bin/bash
 #
@@ -324 +324 @@
 Users (S-1-5-32-545) -&gt; -1
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2556254"></a>
-                <a class="indexterm" name="id2556260"></a>
-                <a class="indexterm" name="id2556268"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id328022"></a>
+                <a class="indexterm" name="id328029"></a>
+                <a class="indexterm" name="id328037"></a>
                 For each user who needs to be given a Windows Domain account, make an entry in the
                 <code class="filename">/etc/passwd</code> file as well as in the Samba password backend.
@@ -333 +333 @@
                 <code class="literal">smbpasswd</code> program to create the Domain user accounts.
                 </p><p>
-                <a class="indexterm" name="id2556293"></a>
-                <a class="indexterm" name="id2556300"></a>
-                <a class="indexterm" name="id2556306"></a>
+                <a class="indexterm" name="id328059"></a>
+                <a class="indexterm" name="id328066"></a>
+                <a class="indexterm" name="id328072"></a>
                 There are a number of tools for user management under UNIX, such as
                 <code class="literal">useradd</code> and <code class="literal">adduser</code>, as well as a plethora of custom
                 tools. With the tool of your choice, create a home directory for each user.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 11"><p>
                 Using the preferred tool for your UNIX system, add each user to the UNIX groups created
                 previously, as necessary. File system access control will be based on UNIX group membership.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 12"><p>
                 Create the directory mount point for the disk subsystem that is mounted to provide
                 data storage for company files. In this case the mount point is indicated in the <code class="filename">smb.conf</code>
@@ -348 +348 @@
                 file system partition using <code class="literal">mount</code>,
                 and make the appropriate changes in <code class="filename">/etc/fstab</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 13"><p>
                 Create the top-level file storage directories are follows:
 </p><pre class="screen">
@@ -360 +360 @@
                 share. The directory root of the <code class="literal">accounts</code> share is <code class="filename">/data/accounts</code>.
                 The directory root of the <code class="literal">finsvcs</code> share is <code class="filename">/data/finsvcs</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 14"><p>
                 Configure the printers with the IP addresses as shown in <a class="link" href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">&#8220;Abmas Accounting  52-User Network Topology&#8221;</a>.
                 Follow the instructions in the manufacturers' manuals to permit printing to port 9100.
                 This allows the CUPS spooler to print using raw mode protocols.
-                <a class="indexterm" name="id2556450"></a>
-                <a class="indexterm" name="id2556456"></a>
-                </p></li><li><p>
-                <a class="indexterm" name="id2556468"></a>
-                <a class="indexterm" name="id2556477"></a>
+                <a class="indexterm" name="id328203"></a>
+                <a class="indexterm" name="id328209"></a>
+                </p></li><li class="step" title="Step 15"><p>
+                <a class="indexterm" name="id328222"></a>
+                <a class="indexterm" name="id328230"></a>
                 Configure the CUPS Print Queues as follows:
 </p><pre class="screen">
@@ -375 +375 @@
 <code class="prompt">root# </code> lpadmin -p qms -v socket://192.168.2.10:9100 -E
 </pre><p>
-                <a class="indexterm" name="id2556508"></a>
+                <a class="indexterm" name="id328257"></a>
                 This creates the necessary print queues with no assigned print filter.
-                </p></li><li><p>
-                <a class="indexterm" name="id2556522"></a>
-                <a class="indexterm" name="id2556528"></a>
-                <a class="indexterm" name="id2556534"></a>
+                </p></li><li class="step" title="Step 16"><p>
+                <a class="indexterm" name="id328270"></a>
+                <a class="indexterm" name="id328277"></a>
+                <a class="indexterm" name="id328283"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream     application/vnd.cups-raw      0     -
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2556558"></a>
+                </p></li><li class="step" title="Step 17"><p>
+                <a class="indexterm" name="id328306"></a>
                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 application/octet-stream
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2556581"></a>
+                </p></li><li class="step" title="Step 18"><p>
+                <a class="indexterm" name="id328329"></a>
                 Using your favorite system editor, create an <code class="filename">/etc/dhcpd.conf</code> with the
                 contents as shown in <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
-</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example 2.2. Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><a class="indexterm" name="id2556614"></a><pre class="screen">
+</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example 2.2. Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><a class="indexterm" name="id328359"></a><pre class="screen">
 default-lease-time 86400;
 max-lease-time 172800;
@@ -439 +439 @@
         }
 </pre></div></div><p><br class="example-break">
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 19"><p>
                 Use the standard system tool to start Samba and CUPS and configure them to start
                 automatically at every system reboot. For example,
                 </p><p>
-                <a class="indexterm" name="id2556658"></a>
-                <a class="indexterm" name="id2556664"></a>
-                <a class="indexterm" name="id2556670"></a>
-                <a class="indexterm" name="id2556676"></a>
-                <a class="indexterm" name="id2556683"></a>
+                <a class="indexterm" name="id328392"></a>
+                <a class="indexterm" name="id328398"></a>
+                <a class="indexterm" name="id328404"></a>
+                <a class="indexterm" name="id328411"></a>
+                <a class="indexterm" name="id328417"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhcp on
@@ -456 +456 @@
 <code class="prompt">root# </code> /etc/rc.d/init.d/cups restart
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2556733"></a>
-                <a class="indexterm" name="id2556739"></a>
-                <a class="indexterm" name="id2556748"></a>
-                <a class="indexterm" name="id2556754"></a>
-                <a class="indexterm" name="id2556760"></a>
-                <a class="indexterm" name="id2556766"></a>
+                </p></li><li class="step" title="Step 20"><p>
+                <a class="indexterm" name="id328466"></a>
+                <a class="indexterm" name="id328472"></a>
+                <a class="indexterm" name="id328480"></a>
+                <a class="indexterm" name="id328487"></a>
+                <a class="indexterm" name="id328493"></a>
+                <a class="indexterm" name="id328499"></a>
                 Configure the name service switch (NSS) to handle WINS-based name resolution.
                 Since this system does not use a DNS server, it is safe to remove this option from
@@ -470 +470 @@
 hosts:  files wins
 </pre><p>
-                </p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example 2.3. Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2556824"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id2556834"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id2556846"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2556857"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2556867"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2556878"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2556889"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2556900"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m -G users '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2556911"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2556922"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2556934"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2556945"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -A '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2556956"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2556968"></a><em class="parameter"><code>logon script = scripts\login.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2556979"></a><em class="parameter"><code>logon path =  </code></em></td></tr><tr><td><a class="indexterm" name="id2556990"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2557000"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2557011"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2557021"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2557031"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="acct3conf"></a><p class="title"><b>Example 2.4. Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2557072"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2557082"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2557093"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2557103"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2557122"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2557132"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2557143"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2557153"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2557163"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2557174"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2557193"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2557204"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id2557214"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2557224"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2557243"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2557254"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2557264"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id2557274"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[finsrvcs]</code></em></td></tr><tr><td><a class="indexterm" name="id2557293"></a><em class="parameter"><code>comment = Financial Service Files</code></em></td></tr><tr><td><a class="indexterm" name="id2557304"></a><em class="parameter"><code>path = /data/finsrvcs</code></em></td></tr><tr><td><a class="indexterm" name="id2557315"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id2557325"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557337"></a>Validation</h3></div></div></div><p>
+                </p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example 2.3. Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id328555"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id328565"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id328576"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id328587"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id328597"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id328607"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id328618"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id328628"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m -G users '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328639"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328649"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id328659"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id328670"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -A '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328681"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328692"></a><em class="parameter"><code>logon script = scripts\login.bat</code></em></td></tr><tr><td><a class="indexterm" name="id328702"></a><em class="parameter"><code>logon path =  </code></em></td></tr><tr><td><a class="indexterm" name="id328713"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id328723"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328734"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328744"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328754"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="acct3conf"></a><p class="title"><b>Example 2.4. Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id328794"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id328805"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id328815"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id328825"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id328844"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id328855"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id328865"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328875"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328886"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328896"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id328915"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id328925"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id328936"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id328946"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id328965"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id328975"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id328986"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id328996"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[finsrvcs]</code></em></td></tr><tr><td><a class="indexterm" name="id329015"></a><em class="parameter"><code>comment = Financial Service Files</code></em></td></tr><tr><td><a class="indexterm" name="id329025"></a><em class="parameter"><code>path = /data/finsrvcs</code></em></td></tr><tr><td><a class="indexterm" name="id329036"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id329046"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Validation"><div class="titlepage"><div><div><h3 class="title"><a name="id329058"></a>Validation</h3></div></div></div><p>
                 Does everything function as it ought? That is the key question at this point.
                 Here are some simple steps to validate your Samba server configuration.
-                </p><div class="procedure"><a name="id2557348"></a><p class="title"><b>Procedure 2.2. Validation Steps</b></p><ol type="1"><li><p>
-                        <a class="indexterm" name="id2557358"></a>
+                </p><div class="procedure" title="Procedure 2.2. Validation Steps"><a name="id329068"></a><p class="title"><b>Procedure 2.2. Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id329078"></a>
                         If your <code class="filename">smb.conf</code> file has bogus options or parameters, this may cause Samba
                         to refuse to start. The first step should always be to validate the contents
@@ -520 +520 @@
 </pre><p>
                         Clear away all errors before proceeding, and start or restart samba as necessary.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2557438"></a>
-                        <a class="indexterm" name="id2557444"></a>
-                        <a class="indexterm" name="id2557450"></a>
-                        <a class="indexterm" name="id2557457"></a>
+                        </p></li><li class="step" title="Step 2"><p>
+                        <a class="indexterm" name="id329135"></a>
+                        <a class="indexterm" name="id329141"></a>
+                        <a class="indexterm" name="id329148"></a>
+                        <a class="indexterm" name="id329154"></a>
                         Check that the Samba server is running:
 </p><pre class="screen">
@@ -540 +540 @@
                         <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 23, Section 23.3. The single instance of
                         <code class="literal">smbd</code> is normal.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2557508"></a>
+                        </p></li><li class="step" title="Step 3"><p>
+                        <a class="indexterm" name="id329199"></a>
                         Check that an anonymous connection can be made to the Samba server:
 </p><pre class="screen">
@@ -569 +569 @@
                         The <code class="constant">-U%</code> argument means to send a <code class="constant">NULL</code> username and
                         a <code class="constant">NULL</code> password.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2557558"></a>
-                        <a class="indexterm" name="id2557564"></a>
-                        <a class="indexterm" name="id2557571"></a>
+                        </p></li><li class="step" title="Step 4"><p>
+                        <a class="indexterm" name="id329241"></a>
+                        <a class="indexterm" name="id329247"></a>
+                        <a class="indexterm" name="id329254"></a>
                         Verify that the printers have the IP addresses assigned in the DHCP server configuration file.
                         The easiest way to do this is to ping the printer name. Immediately after the ping response
@@ -590 +590 @@
                         IP address from which the printer has responded and the entry for it in the
                         <code class="filename">/etc/dhcpd.conf</code> file.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2557631"></a>
+                        </p></li><li class="step" title="Step 5"><p>
+                        <a class="indexterm" name="id329307"></a>
                         Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool:
 </p><pre class="screen">
@@ -608 +608 @@
 smb: \&gt; q
 </pre><p>
-                        </p></li></ol></div></div><div class="procedure"><a name="id2557680"></a><p class="title"><b>Procedure 2.3. Windows XP Professional Client Configuration</b></p><ol type="1"><li><p>
+                        </p></li></ol></div></div><div class="procedure" title="Procedure 2.3. Windows XP Professional Client Configuration"><a name="id329344"></a><p class="title"><b>Procedure 2.3. Windows XP Professional Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure clients to the network settings shown in <a class="link" href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">&#8220;Abmas Accounting  52-User Network Topology&#8221;</a>.
                 All clients use DHCP for TCP/IP protocol stack configuration.
-                <a class="indexterm" name="id2557698"></a>
-                <a class="indexterm" name="id2557704"></a>
+                <a class="indexterm" name="id329359"></a>
+                <a class="indexterm" name="id329366"></a>
                 DHCP configures all Windows clients to use the WINS Server address <code class="constant">192.168.1.1</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Join the Windows Domain called <code class="constant">BILLMORE</code>. Use the Domain Administrator
                 username <code class="constant">root</code> and the SMB password you assigned to this account.
@@ -620 +620 @@
                 a Windows Domain is given in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">&#8220;Joining a Domain: Windows 200x/XP Professional&#8221;</a>.
                 Reboot the machine as prompted and then log on using a Domain User account.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Verify on each client that the machine called <code class="constant">SLEETH</code>
                 is visible in <span class="guimenu">My Network Places</span>, that it is
@@ -626 +626 @@
                  and <span class="guimenuitem">finsvcs</span>,
                 and that it is possible to open that share to reveal its contents.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Instruct all users to log onto the workstation using their assigned username and password.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Install a printer on each using the following steps:
-                </p><div class="procedure"><ol type="1"><li><p>
+                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 5.1"><p>
                                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>.
                                         Ensure that <span class="guimenuitem">Local printer</span> is selected.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5.2"><p>
                                 Click <span class="guibutton">Next</span>. In the
                                 <span class="guimenuitem">Manufacturer:</span> panel, select <code class="constant">HP</code>.
                                 In the <span class="guimenuitem">Printers:</span> panel, select the printer called
                                 <code class="constant">HP LaserJet 4</code>. Click <span class="guibutton">Next</span>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5.3"><p>
                                 In the <span class="guimenuitem">Available ports:</span> panel, select
                                 <code class="constant">FILE:</code>. Accept the default printer name by clicking
-                                <span class="guibutton">Next</span>. When asked, &#8220;<span class="quote">Would you like to print a
-                                test page?</span>&#8221;, click <span class="guimenuitem">No</span>. Click
+                                <span class="guibutton">Next</span>. When asked, <span class="quote">&#8220;<span class="quote">Would you like to print a
+                                test page?</span>&#8221;</span>, click <span class="guimenuitem">No</span>. Click
                                 <span class="guibutton">Finish</span>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5.4"><p>
                                 You may be prompted for the name of a file to print to. If so, close the
                                 dialog panel. Right-click <span class="guiicon">HP LaserJet 4</span> &#8594; <span class="guimenuitem">Properties</span> &#8594; <span class="guisubmenu">Details (Tab)</span> &#8594; <span class="guimenuitem">Add Port</span>.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5.5"><p>
                                 In the <span class="guimenuitem">Network</span> panel, enter the name of
                                 the print queue on the Samba server as follows: <code class="constant">\\SERVER\hplj4</code>.
                                 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation.
-                                </p></li><li><p>
+                                </p></li><li class="step" title="Step 5.6"><p>
                                 Repeat the printer installation steps above for the HP LaserJet 6 printer
                                 as well as for the QMS Magicolor XXXX laser printer.
-                                </p></li></ol></div></li></ol></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557985"></a>Notebook Computers: A Special Case</h3></div></div></div><p>
+                                </p></li></ol></div></li></ol></div><div class="sect2" title="Notebook Computers: A Special Case"><div class="titlepage"><div><div><h3 class="title"><a name="id329633"></a>Notebook Computers: A Special Case</h3></div></div></div><p>
         As a network administrator, you already know how to create local machine accounts for Windows 200x/XP
         Professional systems. This is the preferred solution to provide continuity of work for notebook users
@@ -664 +664 @@
         that mean that as the network is more tightly secured, it becomes necessary to modify Windows client
         configuration somewhat.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558010"></a>Key Points Learned</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id329652"></a>Key Points Learned</h3></div></div></div><p>
                 In this network design and implementation exercise, you created a Windows NT4-style Domain
                 Controller using Samba-3.0.20. Following these guidelines, you experienced
                 and implemented several important aspects of Windows networking. In the next chapter,
                 you build on the experience. These are the highlights from this chapter:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id2558030"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id329669"></a>
                         You implemented a DHCP server, and Microsoft Windows clients were able to obtain all necessary
                         network configuration settings from this server.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2558043"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id329681"></a>
                         You created a Windows Domain Controller. You were able to use the network logon service
                         and successfully joined Windows 200x/XP Professional clients to the Domain.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2558057"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id329693"></a>
                         You created raw print queues in the CUPS printing system. You maintained a simple
                         printing system so that all users can share centrally managed printers. You installed
                         native printer drivers on the Windows clients.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         You experienced the benefits of centrally managed user accounts on the server.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         You offered Mobile notebook users a solution that allows them to continue to work
                         while away from the office and not connected to the corporate network.
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2558084"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id329716"></a>Questions and Answers</h2></div></div></div><p>
         Your new Domain Controller is ready to serve you. What does it mean? Here are some questions and answers that
         may help.
-        </p><div class="qandaset"><dl><dt>1. <a href="small.html#id2558097">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id329726"></a><dl><dt>1. <a href="small.html#id329728">
                 What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
-                </a></dt><dt>2. <a href="small.html#id2558124">
+                </a></dt><dt>2. <a href="small.html#id329750">
                 Are there any DHCP server configuration parameters in the /etc/dhcpd.conf
                 that should be noted in particular?
-                </a></dt><dt>3. <a href="small.html#id2558155">
+                </a></dt><dt>3. <a href="small.html#id329776">
                 Is it possible to create a Windows Domain account that is specifically called Administrator?
-                </a></dt><dt>4. <a href="small.html#id2558192">
+                </a></dt><dt>4. <a href="small.html#id329810">
                 Why is it necessary to give the Windows Domain Administrator a UNIX UID of 0?
-                </a></dt><dt>5. <a href="small.html#id2558230">
+                </a></dt><dt>5. <a href="small.html#id329843">
                 One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
                 root access. How can we do this?
-                </a></dt><dt>6. <a href="small.html#id2558270">
+                </a></dt><dt>6. <a href="small.html#id329878">
                 Why must I map Windows Domain Groups to UNIX groups?
-                </a></dt><dt>7. <a href="small.html#id2558306">
+                </a></dt><dt>7. <a href="small.html#id329912">
                 I deleted my root account and now I cannot add it back! What can I do?
-                </a></dt><dt>8. <a href="small.html#id2558373">
+                </a></dt><dt>8. <a href="small.html#id329978">
                 When I run net groupmap list, it reports a group called Administrators
                 as well as Domain Admins. What is the difference between them?
-                </a></dt><dt>9. <a href="small.html#id2558418">
+                </a></dt><dt>9. <a href="small.html#id330018">
                 What is the effect of changing the name of a Samba server or of changing the Domain name?
-                </a></dt><dt>10. <a href="small.html#id2558467">
+                </a></dt><dt>10. <a href="small.html#id330060">
                 How can I manage user accounts from my Windows XP Professional workstation?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2558097"></a><a name="id2558099"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id329728"></a><a name="id329730"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
                 What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -722 +722 @@
                 default routes and DNS server addresses that apply only to the Abmas office environment do
                 not interfere with remote operations. This is an extremely important feature of DHCP.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558124"></a><a name="id2558126"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id329750"></a><a name="id329752"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
                 Are there any DHCP server configuration parameters in the <code class="filename">/etc/dhcpd.conf</code>
                 that should be noted in particular?
@@ -731 +731 @@
                 NetBIOS machine name needs to be resolved to an IP Address. This configuration
                 results in far lower UDP broadcast traffic than would be the case if WINS was not used.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558155"></a><a name="id2558157"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id329776"></a><a name="id329778"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
                 Is it possible to create a Windows Domain account that is specifically called <code class="constant">Administrator</code>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -738 +738 @@
                 necessary to use the <em class="parameter"><code>username map</code></em> facility to map this account to the UNIX
                 account called <code class="constant">root</code>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558192"></a><a name="id2558194"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id329810"></a><a name="id329812"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
                 Why is it necessary to give the Windows Domain <code class="constant">Administrator</code> a UNIX UID of 0?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -748 +748 @@
                 settings within the Domain and on the Samba server, equivalent rights must be assigned. This is
                 achieved with the <code class="constant">root</code> UID equal to 0.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558230"></a><a name="id2558232"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id329843"></a><a name="id329845"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
                 One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
                 <code class="constant">root</code> access. How can we do this?
@@ -757 +757 @@
                 This must be the primary GID of the account of the user who is a member of the Windows <code class="constant">
                 Domain Admins</code> account.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558270"></a><a name="id2558272"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id329878"></a><a name="id329880"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
                 Why must I map Windows Domain Groups to UNIX groups?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -763 +763 @@
                 has a UNIX group account equivalent. The Domain groups that should be given UNIX equivalents are
                 <span class="guimenu">Domain Guests</span>, <span class="guimenu">Domain Users</span>, and <span class="guimenu">Domain Admins</span>.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558306"></a><a name="id2558308"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id329912"></a><a name="id329914"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
                 I deleted my <code class="constant">root</code> account and now I cannot add it back! What can I do?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 This is a nasty problem. Fortunately, there is a solution.
-                </p><div class="procedure"><ol type="1"><li><p>
+                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Back up your existing configuration files in case you need to restore them.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Rename the <code class="filename">group_mapping.tdb</code> file.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         Use the <code class="literal">smbpasswd</code> to add the root account.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         Restore the <code class="filename">group_mapping.tdb</code> file.
-                        </p></li></ol></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558373"></a><a name="id2558375"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
+                        </p></li></ol></div></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id329978"></a><a name="id329980"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
                 When I run <code class="literal">net groupmap list</code>, it reports a group called <span class="guimenu">Administrators</span>
                 as well as <span class="guimenu">Domain Admins</span>. What is the difference between them?
@@ -783 +783 @@
                 Groups at this time. A Workstation or Server Local Group has no meaning in a Samba context. This
                 may change at some later date. These accounts are provided only so that security objects are correctly shown.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558418"></a><a name="id2558420"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id330018"></a><a name="id330020"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
                 What is the effect of changing the name of a Samba server or of changing the Domain name?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
@@ -795 +795 @@
                 or the <code class="literal">smbpasswd</code> (Samba-2.2.x). To change the SID, you use the same tool. Be sure
                 to check the man page for this command for detailed instructions regarding the steps involved.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558467"></a><a name="id2558469"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id330060"></a><a name="id330062"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
                 How can I manage user accounts from my Windows XP Professional workstation?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>

trunk/server/docs/htmldocs/Samba3-ByExample/unixclients.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 7. Adding Domain Member Servers and Clients</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="next" href="upgrades.html" title="Chapter 8. Updating Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 7. Adding Domain Member Servers and Clients</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DMSMig.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="upgrades.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="unixclients"></a>Chapter 7. Adding Domain Member Servers and Clients</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="unixclients.html#id2589228">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id2589282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2589317">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id2589345">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2589994">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2590094">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2596343">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id2596918">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id2596972">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id2589130"></a><a class="indexterm" name="id2589137"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 7. Adding Domain Member Servers and Clients</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="next" href="upgrades.html" title="Chapter 8. Updating Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 7. Adding Domain Member Servers and Clients</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DMSMig.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="upgrades.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 7. Adding Domain Member Servers and Clients"><div class="titlepage"><div><div><h2 class="title"><a name="unixclients"></a>Chapter 7. Adding Domain Member Servers and Clients</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="unixclients.html#id357946">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id357994">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358022">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id358046">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id358646">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358731">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id365002">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id365047">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id357857"></a><a class="indexterm" name="id357864"></a>
         The most frequently discussed Samba subjects over the past 2 years have focused around domain control and printing. 
         It is well known that Samba is a file and print server. A recent survey conducted by <span class="emphasis"><em>Open Magazine</em></span> found 
@@ -12 +12 @@
         the addition of Samba servers into your present Windows network  whatever the controlling technology
         may be. So let's get back to our good friends at Abmas.
-        </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2589228"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id2589234"></a><a class="indexterm" name="id2589242"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id357946"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id357952"></a><a class="indexterm" name="id357960"></a>
         Looking back over the achievements of the past year or two, daily events at Abmas are rather straightforward
         with not too many distractions or problems. Your team is doing well, but a number of employees
         are asking for Linux desktop systems. Your network has grown and demands additional domain member servers. Let's
         get on with this; Christine and Stan are ready to go.
-        </p><p><a class="indexterm" name="id2589263"></a>
+        </p><p><a class="indexterm" name="id357978"></a>
         Stan is firmly in control of the department of the future, while Christine is enjoying a stable and
         predictable network environment. It is time to add more servers and to add Linux desktops. It is
         time to meet the demands of future growth and endure trial by fire.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2589282"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id2589288"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id357994"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id358000"></a>
         You must now add UNIX/Linux domain member servers to your network. You have a friend who has a Windows 2003
         Active Directory domain network who wants to add a Samba/Linux server and has asked Christine to help him
@@ -31 +31 @@
         do likewise at Swodniw Biz NL (your friend's company) to help them to evaluate a Linux desktop. You want to make
         the right decision, don't you?
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2589317"></a>Dissection and Discussion</h2></div></div></div><p>
-        <a class="indexterm" name="id2589325"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id358022"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id358030"></a>
         Recent Samba mailing-list activity is witness to how many sites are using winbind. Some have no trouble
         at all with it, yet to others the problems seem insurmountable. Periodically there are complaints concerning
@@ -40 +40 @@
         resolution. You also provide working examples of solutions for integrated authentication for
         both UNIX/Linux and Windows environments.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2589345"></a>Technical Issues</h3></div></div></div><p>
-                One of the great challenges we face when people ask us, &#8220;<span class="quote">What is the best way to solve
-                this problem?</span>&#8221; is to get beyond the facts so we not only can clearly comprehend
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id358046"></a>Technical Issues</h3></div></div></div><p>
+                One of the great challenges we face when people ask us, <span class="quote">&#8220;<span class="quote">What is the best way to solve
+                this problem?</span>&#8221;</span> is to get beyond the facts so we not only can clearly comprehend
                 the immediate technical problem, but also can understand how needs may change.
                 </p><p>
-                <a class="indexterm" name="id2589364"></a>
+                <a class="indexterm" name="id358063"></a>
                 There are a few facts we should note when dealing with the question of how best to
                 integrate UNIX/Linux clients and servers into a Windows networking environment:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id2589380"></a>
-                        <a class="indexterm" name="id2589387"></a>
-                        <a class="indexterm" name="id2589394"></a>
-                        <a class="indexterm" name="id2589403"></a>
-                        <a class="indexterm" name="id2589410"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id358078"></a>
+                        <a class="indexterm" name="id358084"></a>
+                        <a class="indexterm" name="id358091"></a>
+                        <a class="indexterm" name="id358100"></a>
+                        <a class="indexterm" name="id358107"></a>
                         A domain controller (PDC or BDC) is always authoritative for all accounts in its domain.
                         This means that a BDC must (of necessity) be able to resolve all account UIDs and GIDs
                         to the same values that the PDC resolved them to.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2589425"></a>
-                        <a class="indexterm" name="id2589432"></a>
-                        <a class="indexterm" name="id2589444"></a>
-                        <a class="indexterm" name="id2589451"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id358120"></a>
+                        <a class="indexterm" name="id358127"></a>
+                        <a class="indexterm" name="id358138"></a>
+                        <a class="indexterm" name="id358145"></a>
                         A domain member can be authoritative for local accounts, but is never authoritative for
                         domain accounts. If a user is accessing a domain member server and that user's account
@@ -67 +67 @@
                         from the domain in which that user's account resides. It must then map that ID to a
                         UID/GID pair that it can use locally. This is handled by <code class="literal">winbindd</code>.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Samba, when running on a domain member server, can resolve user identities from a
                         number of sources:
-                        </p><div class="itemizedlist"><ul type="circle"><li><p>
-                                <a class="indexterm" name="id2589483"></a>
-                                <a class="indexterm" name="id2589490"></a>
-                                <a class="indexterm" name="id2589497"></a>
-                                <a class="indexterm" name="id2589503"></a>
-                                <a class="indexterm" name="id2589510"></a>
+                        </p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>
+                                <a class="indexterm" name="id358173"></a>
+                                <a class="indexterm" name="id358180"></a>
+                                <a class="indexterm" name="id358187"></a>
+                                <a class="indexterm" name="id358193"></a>
+                                <a class="indexterm" name="id358200"></a>
                                 By executing a system <code class="literal">getpwnam()</code> or <code class="literal">getgrnam()</code> call. 
                                 On systems that support it, this utilizes the name service switch (NSS) facility to 
                                 resolve names according to the configuration of the <code class="filename">/etc/nsswitch.conf</code> 
                                 file. NSS can be configured to use LDAP, winbind, NIS, or local files.
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2589543"></a>
-                                <a class="indexterm" name="id2589550"></a>
-                                <a class="indexterm" name="id2589557"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id358231"></a>
+                                <a class="indexterm" name="id358238"></a>
+                                <a class="indexterm" name="id358245"></a>
                                 Performing, via NSS, a direct LDAP search (where an LDAP passdb backend has been configured).
                                 This requires the use of the PADL nss_ldap tool (or equivalent).
-                                </p></li><li><p>
-                                <a class="indexterm" name="id2589571"></a>
-                                <a class="indexterm" name="id2589578"></a>
-                                <a class="indexterm" name="id2589584"></a>
-                                <a class="indexterm" name="id2589591"></a>
+                                </p></li><li class="listitem"><p>
+                                <a class="indexterm" name="id358257"></a>
+                                <a class="indexterm" name="id358264"></a>
+                                <a class="indexterm" name="id358271"></a>
+                                <a class="indexterm" name="id358277"></a>
                                 Directly by querying <code class="literal">winbindd</code>. The <code class="literal">winbindd</code>
                                 contacts a domain controller to attempt to resolve the identity of the user or group. It
@@ -98 +98 @@
                                 <code class="filename">winbindd_cache.tdb</code> files.
                                 </p><p>
-                                <a class="indexterm" name="id2589631"></a>
-                                <a class="indexterm" name="id2589638"></a>
+                                <a class="indexterm" name="id358314"></a>
+                                <a class="indexterm" name="id358321"></a>
                                 If the parameter <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend = ldap:ldap://myserver.domain</a>
                                 was specified and the LDAP server has been configured with a container in which it may
@@ -111 +111 @@
                         in the <code class="filename">smb.conf</code> file. Some of the configuration options are rather less than obvious to the 
                         casual user.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2589703"></a>
-                        <a class="indexterm" name="id2589710"></a>
-                        <a class="indexterm" name="id2589720"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id358380"></a>
+                        <a class="indexterm" name="id358387"></a>
+                        <a class="indexterm" name="id358397"></a>
                         If you wish to make use of accounts (users and/or groups) that are local to (i.e., capable
                         of being resolved using) the NSS facility, it is possible to use the 
@@ -121 +121 @@
                         and to domain member servers.
                         </p></li></ul></div><p>
-                <a class="indexterm" name="id2589755"></a>
-                <a class="indexterm" name="id2589762"></a>
-                <a class="indexterm" name="id2589769"></a>
+                <a class="indexterm" name="id358428"></a>
+                <a class="indexterm" name="id358434"></a>
+                <a class="indexterm" name="id358441"></a>
                 For many administrators, it should be plain that the use of an LDAP-based repository for all network
                 accounts (both for POSIX accounts and for Samba accounts) provides the most elegant and
                 controllable facility. You eventually appreciate the decision to use LDAP.
                 </p><p>
-                <a class="indexterm" name="id2589784"></a>
-                <a class="indexterm" name="id2589790"></a>
-                <a class="indexterm" name="id2589797"></a>
+                <a class="indexterm" name="id358454"></a>
+                <a class="indexterm" name="id358460"></a>
+                <a class="indexterm" name="id358467"></a>
                 If your network account information resides in an LDAP repository, you should use it ahead of any
                 alternative method. This means that if it is humanly possible to use the <code class="literal">nss_ldap</code>
@@ -137 +137 @@
                 throughout the network.
                 </p><p>
-                <a class="indexterm" name="id2589820"></a>
-                <a class="indexterm" name="id2589829"></a>
-                <a class="indexterm" name="id2589836"></a>
-                <a class="indexterm" name="id2589843"></a>
-                <a class="indexterm" name="id2589850"></a>
-                <a class="indexterm" name="id2589857"></a>
+                <a class="indexterm" name="id358486"></a>
+                <a class="indexterm" name="id358495"></a>
+                <a class="indexterm" name="id358502"></a>
+                <a class="indexterm" name="id358509"></a>
+                <a class="indexterm" name="id358515"></a>
+                <a class="indexterm" name="id358522"></a>
                 In the situation where UNIX accounts are held on the domain member server itself, the only effective
                 way to use them involves the <code class="filename">smb.conf</code> entry 
@@ -150 +150 @@
                 disables the use of Samba with trusted domains (i.e., external domains).
                 </p><p>
-                <a class="indexterm" name="id2589908"></a>
-                <a class="indexterm" name="id2589915"></a>
-                <a class="indexterm" name="id2589924"></a>
-                <a class="indexterm" name="id2589931"></a>
+                <a class="indexterm" name="id358570"></a>
+                <a class="indexterm" name="id358577"></a>
+                <a class="indexterm" name="id358586"></a>
+                <a class="indexterm" name="id358593"></a>
                 Winbind can be used to create an appliance mode domain member server. In this capacity, <code class="literal">winbindd</code>
                 is configured to automatically allocate UIDs/GIDs from numeric ranges set in the <code class="filename">smb.conf</code> file. The allocation
@@ -162 +162 @@
                 is stored in the <code class="filename">winbindd_idmap.tdb</code> and <code class="filename">winbindd_cache.tdb</code> files.
                 </p><p>
-                <a class="indexterm" name="id2589979"></a>
+                <a class="indexterm" name="id358634"></a>
                 The use of an LDAP backend for the Winbind IDMAP facility permits Windows domain SIDs
                 mappings to UIDs/GIDs to be stored centrally. The result is a consistent mapping across all domain member
                 servers so configured. This solves one of the major headaches for network administrators who need to copy
                 files between or across network file servers.
-                </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2589994"></a>Political Issues</h3></div></div></div><p>
-                <a class="indexterm" name="id2590002"></a>
-                <a class="indexterm" name="id2590009"></a>
-                <a class="indexterm" name="id2590015"></a>
-                <a class="indexterm" name="id2590024"></a>
+                </p></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id358646"></a>Political Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id358654"></a>
+                <a class="indexterm" name="id358661"></a>
+                <a class="indexterm" name="id358667"></a>
+                <a class="indexterm" name="id358676"></a>
                 One of the most fierce conflicts recently being waged is resistance to the adoption of LDAP, in
                 particular OpenLDAP, as a replacement for UNIX NIS (previously called Yellow Pages). Let's face it, LDAP
@@ -183 +183 @@
                 commercial integration products. But it's not what Active Directory was designed for.
                 </p><p>
-                <a class="indexterm" name="id2590063"></a>
-                <a class="indexterm" name="id2590069"></a>
+                <a class="indexterm" name="id358707"></a>
+                <a class="indexterm" name="id358713"></a>
                 A number of long-term UNIX devotees have recently commented in various communications that the Samba Team
                 is the first application group to almost force network administrators to use LDAP. It should be pointed
@@ -190 +190 @@
                 finally emerged as the preferred identity management backend for Samba. We recommend LDAP for your total
                 organizational directory needs.
-                </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2590094"></a>Implementation</h2></div></div></div><p>
-        <a class="indexterm" name="id2590102"></a>
-        <a class="indexterm" name="id2590112"></a>
-        <a class="indexterm" name="id2590121"></a>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id358731"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id358738"></a>
+        <a class="indexterm" name="id358748"></a>
+        <a class="indexterm" name="id358757"></a>
         The domain member server and the domain member client are at the center of focus in this chapter.
         Configuration of Samba-3 domain controller is covered in earlier chapters, so if your 
@@ -199 +199 @@
         oil that helps you to add domain member servers and clients.
         </p><p>
-        <a class="indexterm" name="id2590137"></a>
+        <a class="indexterm" name="id358770"></a>
         In practice, domain member servers and domain member workstations are very different entities, but in
         terms of technology they share similar core infrastructure. A technologist would argue that servers
@@ -207 +207 @@
         but a server is viewed as a core component of the business.
         </p><p>
-        <a class="indexterm" name="id2590159"></a>
+        <a class="indexterm" name="id358787"></a>
         We can look at this another way. If a workstation breaks down, one user is affected, but if a
         server breaks down, hundreds of users may not be able to work. The services that a workstation
@@ -213 +213 @@
         and is distribution oriented.
         </p><p>
-        <a class="indexterm" name="id2590175"></a>
-        <a class="indexterm" name="id2590182"></a>
-        <a class="indexterm" name="id2590189"></a>
+        <a class="indexterm" name="id358800"></a>
+        <a class="indexterm" name="id358807"></a>
+        <a class="indexterm" name="id358813"></a>
         <span class="emphasis"><em>Why is this important?</em></span> For starters, we must identify what
         components of the operating system and its environment must be configured. Also, it is necessary
@@ -226 +226 @@
         So, in this chapter we demonstrate how to implement the technology. It is done within a context of
         what type of service need must be fulfilled.
-        </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sdcsdmldap"></a>Samba Domain with Samba Domain Member Server  Using NSS LDAP</h3></div></div></div><p>
-        <a class="indexterm" name="id2590230"></a>
-        <a class="indexterm" name="id2590236"></a>
-        <a class="indexterm" name="id2590243"></a>
-        <a class="indexterm" name="id2590250"></a>
-        <a class="indexterm" name="id2590259"></a>
-        <a class="indexterm" name="id2590266"></a>
+        </p><div class="sect2" title="Samba Domain with Samba Domain Member Server Using NSS LDAP"><div class="titlepage"><div><div><h3 class="title"><a name="sdcsdmldap"></a>Samba Domain with Samba Domain Member Server  Using NSS LDAP</h3></div></div></div><p>
+        <a class="indexterm" name="id358848"></a>
+        <a class="indexterm" name="id358854"></a>
+        <a class="indexterm" name="id358861"></a>
+        <a class="indexterm" name="id358868"></a>
+        <a class="indexterm" name="id358877"></a>
+        <a class="indexterm" name="id358884"></a>
         In this example, it is assumed that you have Samba PDC/BDC servers. This means you are using
         an LDAP ldapsam backend. We are adding to the LDAP backend database (directory)
@@ -248 +248 @@
         so that all domain member servers can use a consistent mapping.
         </p><p>
-        <a class="indexterm" name="id2590336"></a>
-        <a class="indexterm" name="id2590343"></a>
-        <a class="indexterm" name="id2590350"></a>
+        <a class="indexterm" name="id358942"></a>
+        <a class="indexterm" name="id358948"></a>
+        <a class="indexterm" name="id358955"></a>
         If your installation is accessed only from clients that are members of your own domain, and all 
         user accounts are present in a local passdb backend then it is not necessary to run
@@ -259 +259 @@
         <code class="literal">getpwnam()</code> system call. On NSS-enabled systems, the actual POSIX account
         source can be provided from
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
-                <a class="indexterm" name="id2590387"></a>
-                <a class="indexterm" name="id2590394"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                <a class="indexterm" name="id358988"></a>
+                <a class="indexterm" name="id358995"></a>
                 Accounts in <code class="filename">/etc/passwd</code> or in <code class="filename">/etc/group</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2590417"></a>
-                <a class="indexterm" name="id2590424"></a>
-                <a class="indexterm" name="id2590430"></a>
-                <a class="indexterm" name="id2590437"></a>
-                <a class="indexterm" name="id2590444"></a>
-                <a class="indexterm" name="id2590450"></a>
-                <a class="indexterm" name="id2590457"></a>
-                <a class="indexterm" name="id2590464"></a>
-                <a class="indexterm" name="id2590471"></a>
+                </p></li><li class="listitem"><p>
+                <a class="indexterm" name="id359018"></a>
+                <a class="indexterm" name="id359025"></a>
+                <a class="indexterm" name="id359031"></a>
+                <a class="indexterm" name="id359038"></a>
+                <a class="indexterm" name="id359045"></a>
+                <a class="indexterm" name="id359052"></a>
+                <a class="indexterm" name="id359058"></a>
+                <a class="indexterm" name="id359065"></a>
+                <a class="indexterm" name="id359072"></a>
                 Resolution via NSS. On NSS-enabled systems, there is usually a facility to resolve IDs
                 via multiple methods. The methods typically include <code class="literal">files</code>,
@@ -279 +279 @@
                 correctly installed, Samba adds to this list the <code class="literal">winbindd</code> facility.
                 The ldap facility is frequently the nss_ldap tool provided by PADL Software.
-                </p></li></ul></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+                </p></li></ul></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         To advoid confusion the use of the term <code class="literal">local passdb backend</code> means that
         the user account backend is not shared by any other Samba server  instead, it is
         used only locally on the Samba domain member server under discussion.
         </p></div><p>
-        <a class="indexterm" name="id2590550"></a>
+        <a class="indexterm" name="id359146"></a>
         The diagram in <a class="link" href="unixclients.html#ch9-sambadc" title="Figure 7.2. Samba Domain: Samba Member Server">&#8220;Samba Domain: Samba Member Server&#8221;</a> demonstrates the relationship of Samba and system 
         components that are involved in the identity resolution process where Samba is used as a domain
         member server within a Samba domain control network.
         </p><div class="figure"><a name="ch9-sambadc"></a><p class="title"><b>Figure 7.2. Samba Domain: Samba Member Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap9-SambaDC.png" width="324" alt="Samba Domain: Samba Member Server"></div></div></div><br class="figure-break"><p>
-        <a class="indexterm" name="id2590612"></a>
-        <a class="indexterm" name="id2590619"></a>
+        <a class="indexterm" name="id359206"></a>
+        <a class="indexterm" name="id359213"></a>
         In this example configuration, Samba will directly search the LDAP-based passwd backend ldapsam
         to obtain authentication and user identity information. The IDMAP information is stored in the LDAP
@@ -301 +301 @@
         If the network does not have an LDAP slave server (i.e., <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a> configuration), 
         change the target LDAP server from <code class="constant">lapdc</code> to <code class="constant">massive.</code>
-        </p><div class="procedure"><a name="id2590668"></a><p class="title"><b>Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution"><a name="id359255"></a><p class="title"><b>Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Create the <code class="filename">smb.conf</code> file as shown in <a class="link" href="unixclients.html#ch9-sdmsdc" title="Example 7.1. Samba Domain Member in Samba Domain Using LDAP smb.conf File">&#8220;Samba Domain Member in Samba Domain Using LDAP  smb.conf File&#8221;</a>. Locate
                 this file in the directory <code class="filename">/etc/samba</code>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2590706"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id359292"></a>
                 Configure the file that will be used by <code class="constant">nss_ldap</code> to
                 locate and communicate with the LDAP server. This file is called <code class="filename">ldap.conf</code>.
@@ -323 +323 @@
 /etc/ldap.conf
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Configure the NSS control file so it matches the one shown in
                 <a class="link" href="unixclients.html#ch9-sdmnss" title="Example 7.4. NSS using LDAP for Identity Resolution File: /etc/nsswitch.conf">&#8220;NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2590794"></a>
-                <a class="indexterm" name="id2590800"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id359372"></a>
+                <a class="indexterm" name="id359379"></a>
                 Before proceeding to configure Samba, validate the operation of the NSS identity 
                 resolution via LDAP by executing:
@@ -363 +363 @@
 sammy:x:4321:
 </pre><p>
-                <a class="indexterm" name="id2590865"></a>
-                <a class="indexterm" name="id2590872"></a>
-                <a class="indexterm" name="id2590878"></a>
+                <a class="indexterm" name="id359426"></a>
+                <a class="indexterm" name="id359433"></a>
+                <a class="indexterm" name="id359440"></a>
                 This shows that all is working as it should be. Notice that in the LDAP database
                 the users' primary and secondary group memberships are identical. It is not
@@ -374 +374 @@
                 conditions. It is intended that these limitations with winbind will be resolved soon
                 after Samba-3.0.20 has been released.
-                </p></li><li><p>
-                <a class="indexterm" name="id2590902"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id359458"></a>
                 The LDAP directory must have a container object for IDMAP data. There are several ways you can
                 check that your LDAP database is able to receive IDMAP information. One of the simplest is to
@@ -384 +384 @@
 ou: idmap
 </pre><p>
-                <a class="indexterm" name="id2590925"></a>
+                <a class="indexterm" name="id359479"></a>
                 If the execution of this command does not return IDMAP entries, you need to create an LDIF
                 template file (see <a class="link" href="unixclients.html#ch9-ldifadd" title="Example 7.2. LDIF IDMAP Add-On Load File File: /etc/openldap/idmap.LDIF">&#8220;LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF&#8221;</a>). You can add the required entries using
@@ -392 +392 @@
                 -w not24get &lt; /etc/openldap/idmap.LDIF
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Samba automatically populates the LDAP directory container when it needs to. To permit Samba
                 write access to the LDAP directory it is necessary to set the LDAP administrative password
@@ -399 +399 @@
 <code class="prompt">root# </code> smbpasswd -w not24get
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2590989"></a>
-                <a class="indexterm" name="id2591000"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id359538"></a>
+                <a class="indexterm" name="id359549"></a>
                 The system is ready to join the domain. Execute the following:
 </p><pre class="screen">
@@ -412 +412 @@
                 causes of failure to join are:
                 </p><p>
-                </p><div class="itemizedlist"><ul type="disc"><li><p>Broken resolution of NetBIOS names to the respective IP address.</p></li><li><p>Incorrect username and password credentials.</p></li><li><p>The NT4 <em class="parameter"><code>restrict anonymous</code></em> is set to exclude anonymous
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Broken resolution of NetBIOS names to the respective IP address.</p></li><li class="listitem"><p>Incorrect username and password credentials.</p></li><li class="listitem"><p>The NT4 <em class="parameter"><code>restrict anonymous</code></em> is set to exclude anonymous
                                 connections.</p></li></ul></div><p> 
                 </p><p>
@@ -419 +419 @@
 <code class="prompt">root# </code> net rpc join -S 'pdc-name' -U administrator%password -d 5
 </pre><p>
-                <a class="indexterm" name="id2591072"></a>
-                <a class="indexterm" name="id2591079"></a>
-                <a class="indexterm" name="id2591086"></a>
-                <a class="indexterm" name="id2591093"></a>
+                <a class="indexterm" name="id359616"></a>
+                <a class="indexterm" name="id359623"></a>
+                <a class="indexterm" name="id359629"></a>
+                <a class="indexterm" name="id359636"></a>
                 Note: Use "root" for UNIX/Linux and Samba, use "Administrator" for Windows NT4/200X. If the cause of
                 the failure appears to be related to a rejected or failed NT_SESSION_SETUP*  or an error message that
@@ -449 +449 @@
 Join to 'MEGANET2' failed.
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2591154"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id359688"></a>
                 Just joining the domain is not quite enough; you must now provide a privileged set
                 of credentials through which <code class="literal">winbindd</code> can interact with the 
@@ -458 +458 @@
 </pre><p>
                 The configuration is now ready to obtain the Samba domain user and group information.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 You may now start Samba in the usual manner, and your Samba domain member server
                 is ready for use. Just add shares as required.
-                </p></li></ol></div><div class="example"><a name="ch9-sdmsdc"></a><p class="title"><b>Example 7.1. Samba Domain Member in Samba Domain Using LDAP  <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2591232"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2591244"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2591256"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id2591267"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2591279"></a><em class="parameter"><code>log level = 10</code></em></td></tr><tr><td><a class="indexterm" name="id2591291"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2591302"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2591314"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2591326"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2591337"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2591350"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2591361"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id2591373"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2591385"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2591397"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2591409"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2591421"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2591433"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2591445"></a><em class="parameter"><code>idmap backend = ldap:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2591457"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2591469"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2591481"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2591493"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id2591505"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2591525"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2591537"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2591549"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2591560"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2591581"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2591593"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2591604"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2591616"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2591628"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2591648"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2591660"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2591672"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2591684"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch9-ldifadd"></a><p class="title"><b>Example 7.2. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
+                </p></li></ol></div><div class="example"><a name="ch9-sdmsdc"></a><p class="title"><b>Example 7.1. Samba Domain Member in Samba Domain Using LDAP  <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id359761"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id359773"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id359784"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id359796"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id359807"></a><em class="parameter"><code>log level = 10</code></em></td></tr><tr><td><a class="indexterm" name="id359819"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id359830"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id359842"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id359853"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id359865"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id359876"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id359888"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id359899"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id359911"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id359923"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id359934"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id359946"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id359957"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id359969"></a><em class="parameter"><code>idmap backend = ldap:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id359981"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id359992"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id360004"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360016"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id360027"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id360047"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id360059"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id360070"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id360082"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id360102"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id360114"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id360125"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360137"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360148"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id360169"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id360180"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id360192"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id360204"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch9-ldifadd"></a><p class="title"><b>Example 7.2. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
 dn: ou=Idmap,dc=abmas,dc=biz
 objectClass: organizationalUnit
@@ -498 +498 @@
 automount:      files
 aliases:        files
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="wdcsdm"></a>NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind"><div class="titlepage"><div><div><h3 class="title"><a name="wdcsdm"></a>NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</h3></div></div></div><p>
         You need to use this method for creating a Samba domain member server if any of the following conditions
         prevail:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 LDAP support (client) is not installed on the system.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 There are mitigating circumstances forcing a decision not to use LDAP.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The Samba domain member server must be part of a Windows NT4 Domain, or a Samba Domain.
                 </p></li></ul></div><p>
-        <a class="indexterm" name="id2591815"></a>
-        <a class="indexterm" name="id2591821"></a>
-        <a class="indexterm" name="id2591828"></a>
+        <a class="indexterm" name="id360323"></a>
+        <a class="indexterm" name="id360329"></a>
+        <a class="indexterm" name="id360336"></a>
         Later in the chapter, you can see how to configure a Samba domain member server for a Windows ADS domain.
         Right now your objective is to configure a Samba server that can be a member of a Windows NT4-style
         domain and/or does not use LDAP.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-        <a class="indexterm" name="id2591844"></a>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        <a class="indexterm" name="id360349"></a>
         If you use <code class="literal">winbind</code> for identity resolution, make sure that there are no
         duplicate accounts.
         </p><p>
-        <a class="indexterm" name="id2591861"></a>
+        <a class="indexterm" name="id360366"></a>
         For example, do not have more than one account that has UID=0 in the password database. If there 
         is an account called <code class="constant">root</code> in the <code class="filename">/etc/passwd</code> database, 
@@ -527 +527 @@
         <code class="constant">root</code>.
         </p><p>
-        <a class="indexterm" name="id2591898"></a>
-        <a class="indexterm" name="id2591904"></a>
-        <a class="indexterm" name="id2591911"></a>
+        <a class="indexterm" name="id360400"></a>
+        <a class="indexterm" name="id360406"></a>
+        <a class="indexterm" name="id360413"></a>
         Winbind will break if there is an account in <code class="filename">/etc/passwd</code> that has 
         the same UID as an account that is in LDAP ldapsam (or in tdbsam) but that differs in name only.
         </p></div><p>
-        <a class="indexterm" name="id2591930"></a>
-        <a class="indexterm" name="id2591937"></a>
-        <a class="indexterm" name="id2591944"></a>
-        <a class="indexterm" name="id2591950"></a>
-        <a class="indexterm" name="id2591960"></a>
+        <a class="indexterm" name="id360431"></a>
+        <a class="indexterm" name="id360437"></a>
+        <a class="indexterm" name="id360444"></a>
+        <a class="indexterm" name="id360451"></a>
+        <a class="indexterm" name="id360460"></a>
         The following configuration uses CIFS/SMB protocols alone to obtain user and group credentials.
         The winbind information is locally cached in the <code class="filename">winbindd_cache.tdb winbindd_idmap.tdb</code>
@@ -544 +544 @@
         files using the tool <code class="literal">tdbdump</code>, though you may have to build this from the Samba
         source code if it has not been supplied as part of a binary package distribution that you may be using.
-        </p><div class="procedure"><a name="id2591989"></a><p class="title"><b>Procedure 7.2. Configuration of Winbind-Based Identity Resolution</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 7.2. Configuration of Winbind-Based Identity Resolution"><a name="id360484"></a><p class="title"><b>Procedure 7.2. Configuration of Winbind-Based Identity Resolution</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Using your favorite text editor, create the <code class="filename">smb.conf</code> file so it has the contents
                 shown in <a class="link" href="unixclients.html#ch0-NT4DSDM" title="Example 7.5. Samba Domain Member Server Using Winbind smb.conf File for NT4 Domain">&#8220;Samba Domain Member Server Using Winbind smb.conf File for NT4 Domain&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2592021"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id360515"></a>
                 Edit the <code class="filename">/etc/nsswitch.conf</code> so it has the entries shown in
                 <a class="link" href="unixclients.html#ch9-sdmnss" title="Example 7.4. NSS using LDAP for Identity Resolution File: /etc/nsswitch.conf">&#8220;NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2592047"></a>
+                </p></li><li class="step" title="Step 3"><p>
+                <a class="indexterm" name="id360540"></a>
                 The system is ready to join the domain. Execute the following:
 </p><pre class="screen">
@@ -560 +560 @@
                 This indicates that the domain join succeed.
 
-                </p></li><li><p>
-                <a class="indexterm" name="id2592073"></a>
-                <a class="indexterm" name="id2592080"></a>
+                </p></li><li class="step" title="Step 4"><p>
+                <a class="indexterm" name="id360565"></a>
+                <a class="indexterm" name="id360572"></a>
                 Validate operation of <code class="literal">winbind</code> using the <code class="literal">wbinfo</code>
                 tool as follows:
@@ -588 +588 @@
 </pre><p>
                 This shows that domain groups have been correctly obtained also.
-                </p></li><li><p>
-                <a class="indexterm" name="id2592136"></a>
-                <a class="indexterm" name="id2592143"></a>
-                <a class="indexterm" name="id2592150"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id360624"></a>
+                <a class="indexterm" name="id360631"></a>
+                <a class="indexterm" name="id360637"></a>
                 The next step verifies that NSS is able to obtain this information
                 correctly from <code class="literal">winbind</code> also.
@@ -630 +630 @@
 MEGANET2+PIOps:x:10005:
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 The Samba member server of a Windows NT4 domain is ready for use.
-                </p></li></ol></div><div class="example"><a name="ch0-NT4DSDM"></a><p class="title"><b>Example 7.5. Samba Domain Member Server Using Winbind <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2592261"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2592272"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2592284"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id2592296"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2592308"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2592319"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2592331"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2592343"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2592354"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2592366"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2592378"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2592390"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id2592402"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2592414"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2592425"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2592438"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2592449"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id2592461"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id2592473"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id2592485"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2592506"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2592517"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2592529"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2592541"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2592561"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2592573"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2592585"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2592596"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2592608"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2592628"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2592640"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2592652"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2592664"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="dcwonss"></a>NT4/Samba Domain with Samba Domain Member Server without NSS Support</h3></div></div></div><p>
+                </p></li></ol></div><div class="example"><a name="ch0-NT4DSDM"></a><p class="title"><b>Example 7.5. Samba Domain Member Server Using Winbind <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id360734"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id360745"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id360757"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id360768"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id360780"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id360791"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id360803"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id360814"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id360826"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id360837"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id360849"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id360860"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id360872"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id360883"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id360895"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id360906"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id360918"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id360929"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id360941"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id360953"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id360973"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id360985"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id360996"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id361008"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id361028"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id361040"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id361051"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361062"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361074"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id361094"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361106"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361118"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id361129"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="NT4/Samba Domain with Samba Domain Member Server without NSS Support"><div class="titlepage"><div><div><h3 class="title"><a name="dcwonss"></a>NT4/Samba Domain with Samba Domain Member Server without NSS Support</h3></div></div></div><p>
         No matter how many UNIX/Linux administrators there may be who believe that a UNIX operating
         system that does not have NSS and PAM support to be outdated, the fact is there
@@ -643 +643 @@
         is found, it is used. If the account is not found, one will be automatically created
         on the local machine so that it can then be used for all access controls.
-        </p><div class="procedure"><a name="id2592707"></a><p class="title"><b>Procedure 7.3. Configuration Using Local Accounts Only</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 7.3. Configuration Using Local Accounts Only"><a name="id361165"></a><p class="title"><b>Procedure 7.3. Configuration Using Local Accounts Only</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Using your favorite text editor, create the <code class="filename">smb.conf</code> file so it has the contents
                 shown in <a class="link" href="unixclients.html#ch0-NT4DSCM" title="Example 7.6. Samba Domain Member Server Using Local Accounts smb.conf File for NT4 Domain">&#8220;Samba Domain Member Server Using Local Accounts smb.conf File for NT4 Domain&#8221;</a>.
-                </p></li><li><p><a class="indexterm" name="id2592740"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id361197"></a>
                 The system is ready to join the domain. Execute the following:
 </p><pre class="screen">
@@ -653 +653 @@
 </pre><p>
                 This indicates that the domain join succeed.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Be sure to run all three Samba daemons: <code class="literal">smbd</code>, <code class="literal">nmbd</code>, <code class="literal">winbindd</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 The Samba member server of a Windows NT4 domain is ready for use.
-                </p></li></ol></div><div class="example"><a name="ch0-NT4DSCM"></a><p class="title"><b>Example 7.6. Samba Domain Member Server Using Local Accounts <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2592828"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2592840"></a><em class="parameter"><code>workgroup = MEGANET3</code></em></td></tr><tr><td><a class="indexterm" name="id2592852"></a><em class="parameter"><code>netbios name = BSDBOX</code></em></td></tr><tr><td><a class="indexterm" name="id2592864"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id2592876"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2592888"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2592899"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2592911"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592923"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -M '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592935"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2592947"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2592959"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2592971"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2592982"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2592994"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2593006"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id2593018"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id2593030"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id2593042"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2593062"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2593074"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2593086"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2593097"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2593118"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2593130"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2593141"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593153"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593165"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2593185"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2593197"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2593209"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2593221"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="adssdm"></a>Active Directory Domain with Samba Domain Member Server</h3></div></div></div><p>
-        <a class="indexterm" name="id2593246"></a>
-        <a class="indexterm" name="id2593255"></a>
-        <a class="indexterm" name="id2593262"></a>
+                </p></li></ol></div><div class="example"><a name="ch0-NT4DSCM"></a><p class="title"><b>Example 7.6. Samba Domain Member Server Using Local Accounts <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id361282"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id361294"></a><em class="parameter"><code>workgroup = MEGANET3</code></em></td></tr><tr><td><a class="indexterm" name="id361305"></a><em class="parameter"><code>netbios name = BSDBOX</code></em></td></tr><tr><td><a class="indexterm" name="id361317"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id361328"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id361340"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id361351"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id361363"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id361374"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -M '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id361386"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id361398"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id361409"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id361421"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id361432"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id361444"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id361455"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id361467"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id361478"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id361490"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id361511"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id361522"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id361534"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id361545"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id361566"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id361577"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id361589"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361600"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361612"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id361632"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361644"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361655"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id361667"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Active Directory Domain with Samba Domain Member Server"><div class="titlepage"><div><div><h3 class="title"><a name="adssdm"></a>Active Directory Domain with Samba Domain Member Server</h3></div></div></div><p>
+        <a class="indexterm" name="id361692"></a>
+        <a class="indexterm" name="id361701"></a>
+        <a class="indexterm" name="id361707"></a>
         One of the much-sought-after features new to Samba-3 is the ability to join an Active Directory
         domain using Kerberos protocols. This makes it possible to operate an entire Windows network
@@ -668 +668 @@
         in. For now, we simply focus on how a Samba-3 server can be made a domain member server.
         </p><p>
-        <a class="indexterm" name="id2593284"></a>
-        <a class="indexterm" name="id2593291"></a>
-        <a class="indexterm" name="id2593298"></a>
-        <a class="indexterm" name="id2593305"></a>
+        <a class="indexterm" name="id361725"></a>
+        <a class="indexterm" name="id361732"></a>
+        <a class="indexterm" name="id361738"></a>
+        <a class="indexterm" name="id361745"></a>
         The diagram in <a class="link" href="unixclients.html#ch9-adsdc" title="Figure 7.3. Active Directory Domain: Samba Member Server">&#8220;Active Directory Domain: Samba Member Server&#8221;</a> demonstrates how Samba-3 interfaces with
         Microsoft Active Directory components. It should be noted that if Microsoft Windows Services
@@ -695 +695 @@
         is known as <code class="constant">w2k3s.london.abmas.biz</code>. In NetBIOS nomenclature, the
         domain name is <code class="constant">LONDON</code> and the server name is <code class="constant">W2K3S</code>.
-        </p><div class="figure"><a name="ch9-adsdc"></a><p class="title"><b>Figure 7.3. Active Directory Domain: Samba Member Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap9-ADSDC.png" width="324" alt="Active Directory Domain: Samba Member Server"></div></div></div><br class="figure-break"><div class="procedure"><a name="id2593418"></a><p class="title"><b>Procedure 7.4. Joining a Samba Server as an ADS Domain Member</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2593430"></a>
+        </p><div class="figure"><a name="ch9-adsdc"></a><p class="title"><b>Figure 7.3. Active Directory Domain: Samba Member Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap9-ADSDC.png" width="324" alt="Active Directory Domain: Samba Member Server"></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 7.4. Joining a Samba Server as an ADS Domain Member"><a name="id361844"></a><p class="title"><b>Procedure 7.4. Joining a Samba Server as an ADS Domain Member</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id361856"></a>
                 Before you try to use Samba-3, you want to know for certain that your executables have
                 support for Kerberos and for LDAP. Execute the following to identify whether or
@@ -762 +762 @@
                 This does look promising; <code class="literal">smbd</code> has been built with Kerberos and LDAP
                 support. You are relieved to know that it is safe to progress.
-                </p></li><li><p>
-                <a class="indexterm" name="id2593529"></a>
-                <a class="indexterm" name="id2593538"></a>
-                <a class="indexterm" name="id2593545"></a>
-                <a class="indexterm" name="id2593552"></a>
-                <a class="indexterm" name="id2593561"></a>
-                <a class="indexterm" name="id2593570"></a>
-                <a class="indexterm" name="id2593577"></a>
-                <a class="indexterm" name="id2593584"></a>
-                <a class="indexterm" name="id2593591"></a>
+                </p></li><li class="step" title="Step 2"><p>
+                <a class="indexterm" name="id361938"></a>
+                <a class="indexterm" name="id361947"></a>
+                <a class="indexterm" name="id361954"></a>
+                <a class="indexterm" name="id361960"></a>
+                <a class="indexterm" name="id361970"></a>
+                <a class="indexterm" name="id361979"></a>
+                <a class="indexterm" name="id361986"></a>
+                <a class="indexterm" name="id361993"></a>
+                <a class="indexterm" name="id361999"></a>
                 The next step is to identify which version of the Kerberos libraries have been used.
                 In order to permit Samba-3 to interoperate with Windows 2003 Active Directory, it is
@@ -792 +792 @@
                 From this point on, you are certain that the Samba-3 build you are using has the
                 necessary capabilities. You can now configure Samba-3 and the NSS. 
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Using you favorite editor, configure the <code class="filename">smb.conf</code> file that is located in the 
                 <code class="filename">/etc/samba</code> directory so that it has the contents shown 
                 in <a class="link" href="unixclients.html#ch9-adssdm" title="Example 7.7. Samba Domain Member smb.conf File for Active Directory Membership">&#8220;Samba Domain Member smb.conf File for Active Directory Membership&#8221;</a>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Edit or create the NSS control file so it has the contents shown in <a class="link" href="unixclients.html#ch9-sdmnss" title="Example 7.4. NSS using LDAP for Identity Resolution File: /etc/nsswitch.conf">&#8220;NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf&#8221;</a>.
-                </p></li><li><p>
-                <a class="indexterm" name="id2593692"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id362091"></a>
                 Delete the file <code class="filename">/etc/samba/secrets.tdb</code> if it exists. Of course, you
                 do keep a backup, don't you?
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Delete the tdb files that cache Samba information. You keep a backup of the old
                 files, of course. You also remove all files to ensure that nothing can pollute your
@@ -809 +809 @@
 <code class="prompt">root# </code> rm /var/lib/samba/*tdb
 </pre><p>
-                </p></li><li><p>
-                <a class="indexterm" name="id2593736"></a>
+                </p></li><li class="step" title="Step 7"><p>
+                <a class="indexterm" name="id362132"></a>
                 Validate your <code class="filename">smb.conf</code> file using <code class="literal">testparm</code> (as you have
                 done previously). Correct all errors reported before proceeding. The command you
@@ -819 +819 @@
                 Now that you are satisfied that your Samba server is ready to join the Windows
                 ADS domain, let's move on.
-                </p></li><li><p>
-                <a class="indexterm" name="id2593778"></a>
-                <a class="indexterm" name="id2593789"></a>
+                </p></li><li class="step" title="Step 8"><p>
+                <a class="indexterm" name="id362171"></a>
+                <a class="indexterm" name="id362182"></a>
                 This is a good time to double-check everything and then execute the following
                 command when everything you have done has checked out okay:
@@ -832 +832 @@
                 using Kerberos protocols.
                 </p><p>
-                <a class="indexterm" name="id2593817"></a>
-                <a class="indexterm" name="id2593824"></a>
+                <a class="indexterm" name="id362207"></a>
+                <a class="indexterm" name="id362214"></a>
                 In the event that you receive no output messages, a silent return means that the
                 domain join failed. You should use <code class="literal">ethereal</code> to identify what
                 may be failing. Common causes of a failed join include:
 
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
-                        <a class="indexterm" name="id2593845"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id362233"></a>
                         Defective or misconfigured DNS name resolution.
-                        </p></li><li><p>
-                        <a class="indexterm" name="id2593860"></a>
+                        </p></li><li class="listitem"><p>
+                        <a class="indexterm" name="id362247"></a>
                         Restrictive security settings on the Windows 200x ADS domain controller
                         preventing needed communications protocols. You can check this by searching
                         the Windows Server 200x Event Viewer.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Incorrectly configured <code class="filename">smb.conf</code> file settings.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Lack of support of necessary Kerberos protocols because the version of MIT
                         Kerberos (or Heimdal) in use is not up to date enough to support the necessary
@@ -854 +854 @@
                         </p></li></ul></div><p>
 
-                <a class="indexterm" name="id2593891"></a>
-                <a class="indexterm" name="id2593902"></a>
-                <a class="indexterm" name="id2593909"></a>
+                <a class="indexterm" name="id362275"></a>
+                <a class="indexterm" name="id362286"></a>
+                <a class="indexterm" name="id362293"></a>
                 In any case, never execute the <code class="literal">net rpc join</code> command in an attempt
                 to join the Samba server to the domain, unless you wish not to use the Kerberos
                 security protocols. Use of the older RPC-based domain join facility requires that
                 Windows Server 200x ADS has been configured appropriately for mixed mode operation.
-                </p></li><li><p>
-                <a class="indexterm" name="id2593934"></a>
-                <a class="indexterm" name="id2593941"></a>
+                </p></li><li class="step" title="Step 9"><p>
+                <a class="indexterm" name="id362314"></a>
+                <a class="indexterm" name="id362321"></a>
                 If the <code class="literal">tdbdump</code> is installed on your system (not essential),
                 you can look inside the <code class="filename">/etc/samba/secrets.tdb</code> file. If
@@ -890 +890 @@
 </pre><p>
                 This is given to demonstrate to the skeptics that this process truly does work.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 10"><p>
                 It is now time to start Samba in the usual way (as has been done many time before
                 in this book).  
-                </p></li><li><p>
-                <a class="indexterm" name="id2593998"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id362371"></a>
                 This is a good time to verify that everything is working. First, check that
                 winbind is able to obtain the list of users and groups from the ADS domain controller.
@@ -920 +920 @@
 </pre><p>
                 Excellent. That worked also, as expected.
-                </p></li><li><p><a class="indexterm" name="id2594044"></a>
+                </p></li><li class="step" title="Step 12"><p><a class="indexterm" name="id362412"></a>
                 Now repeat this via NSS to validate that full identity resolution is
                 functional as required. Execute:
@@ -952 +952 @@
 </pre><p>
                 This is very pleasing. Everything works as expected.
-                </p></li><li><p>
-                <a class="indexterm" name="id2594102"></a>
-                <a class="indexterm" name="id2594113"></a>
-                <a class="indexterm" name="id2594122"></a>
+                </p></li><li class="step" title="Step 13"><p>
+                <a class="indexterm" name="id362460"></a>
+                <a class="indexterm" name="id362471"></a>
+                <a class="indexterm" name="id362480"></a>
                 You may now perform final verification that communications between Samba-3 winbind and
                 the Active Directory server is using Kerberos protocols. Execute the following:
@@ -972 +972 @@
                 keep all server time clocks synchronized using the network time protocol (NTP).
                 In any case, the output we obtained confirms that all systems are operational.
-                </p></li><li><p>
-                <a class="indexterm" name="id2594158"></a>
+                </p></li><li class="step" title="Step 14"><p>
+                <a class="indexterm" name="id362511"></a>
                 There is one more action you elect to take, just because you are paranoid and disbelieving,
                 so you execute the following command:
@@ -1143 +1143 @@
         Now all is revealed. Your curiosity, as well as that of your team, has been put at ease.
         May this server serve well all who happen upon it.
-        </p><div class="example"><a name="ch9-adssdm"></a><p class="title"><b>Example 7.7. Samba Domain Member <code class="filename">smb.conf</code> File for Active Directory Membership</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2594415"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2594427"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id2594439"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id2594450"></a><em class="parameter"><code>server string = Samba 3.0.20</code></em></td></tr><tr><td><a class="indexterm" name="id2594462"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2594474"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2594486"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2594498"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2594509"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2594521"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2594533"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2594544"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id2594556"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2594568"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2594580"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2594592"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2594604"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id2594616"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2594636"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2594648"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2594659"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2594671"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2594692"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2594703"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2594715"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2594727"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2594738"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2594759"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2594770"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2594782"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2594794"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2594807"></a>IDMAP_RID with Winbind</h4></div></div></div><p>
-        <a class="indexterm" name="id2594815"></a>
-        <a class="indexterm" name="id2594822"></a>
-        <a class="indexterm" name="id2594828"></a>
-        <a class="indexterm" name="id2594835"></a>
+        </p><div class="example"><a name="ch9-adssdm"></a><p class="title"><b>Example 7.7. Samba Domain Member <code class="filename">smb.conf</code> File for Active Directory Membership</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id362682"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id362694"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id362705"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id362717"></a><em class="parameter"><code>server string = Samba 3.0.20</code></em></td></tr><tr><td><a class="indexterm" name="id362729"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id362740"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id362752"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id362763"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id362775"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id362786"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id362798"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id362809"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id362821"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id362832"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id362844"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id362855"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id362867"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id362878"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id362899"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id362910"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id362922"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id362933"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id362954"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id362965"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id362977"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id362988"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id363000"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id363020"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id363032"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id363043"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id363055"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="sect3" title="IDMAP_RID with Winbind"><div class="titlepage"><div><div><h4 class="title"><a name="id363067"></a>IDMAP_RID with Winbind</h4></div></div></div><p>
+        <a class="indexterm" name="id363075"></a>
+        <a class="indexterm" name="id363082"></a>
+        <a class="indexterm" name="id363088"></a>
+        <a class="indexterm" name="id363095"></a>
         The <code class="literal">idmap_rid</code> facility is a new tool that, unlike native winbind, creates a
         predictable mapping of MS Windows SIDs to UNIX UIDs and GIDs. The key benefit of this method
@@ -1154 +1154 @@
         is not compatible with trusted domain implementations.
         </p><p>
-        <a class="indexterm" name="id2594859"></a>
-        <a class="indexterm" name="id2594865"></a>
-        <a class="indexterm" name="id2594872"></a>
-        <a class="indexterm" name="id2594879"></a>
+        <a class="indexterm" name="id363115"></a>
+        <a class="indexterm" name="id363122"></a>
+        <a class="indexterm" name="id363128"></a>
+        <a class="indexterm" name="id363135"></a>
         This alternate method of SID to UID/GID  mapping can be achieved with the idmap_rid
         plug-in. This plug-in uses the RID of the user SID to derive the UID and GID by adding the
         RID to a base value specified. This utility requires that the parameter
-        &#8220;<span class="quote">allow trusted domains = No</span>&#8221; must be specified, as it is not compatible
+        <span class="quote">&#8220;<span class="quote">allow trusted domains = No</span>&#8221;</span> must be specified, as it is not compatible
         with multiple domain environments. The <em class="parameter"><code>idmap uid</code></em> and
         <em class="parameter"><code>idmap gid</code></em> ranges must be specified.
         </p><p>
-        <a class="indexterm" name="id2594912"></a>
-        <a class="indexterm" name="id2594919"></a>
+        <a class="indexterm" name="id363164"></a>
+        <a class="indexterm" name="id363171"></a>
         The idmap_rid facility can be used both for NT4/Samba-style domains as well as with Active Directory.
         To use this with an NT4 domain, the <em class="parameter"><code>realm</code></em> is not used. Additionally the
@@ -1172 +1172 @@
         </p><p>
         An example <code class="filename">smb.conf</code> file for an ADS domain environment is shown in <a class="link" href="unixclients.html#sbe-idmapridex" title="Example 7.8. Example smb.conf File Using idmap_rid">&#8220;Example smb.conf File Using idmap_rid&#8221;</a>.
-        </p><div class="example"><a name="sbe-idmapridex"></a><p class="title"><b>Example 7.8. Example <code class="filename">smb.conf</code> File Using <code class="constant">idmap_rid</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2594993"></a><em class="parameter"><code>workgroup = KPAK</code></em></td></tr><tr><td><a class="indexterm" name="id2595005"></a><em class="parameter"><code>netbios name = BIGJOE</code></em></td></tr><tr><td><a class="indexterm" name="id2595016"></a><em class="parameter"><code>realm = CORP.KPAK.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2595028"></a><em class="parameter"><code>server string = Office Server</code></em></td></tr><tr><td><a class="indexterm" name="id2595040"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2595052"></a><em class="parameter"><code>allow trusted domains = No</code></em></td></tr><tr><td><a class="indexterm" name="id2595064"></a><em class="parameter"><code>idmap backend = idmap_rid:KPAK=500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2595076"></a><em class="parameter"><code>idmap uid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2595088"></a><em class="parameter"><code>idmap gid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id2595100"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2595111"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2595124"></a><em class="parameter"><code>winbind enum users = No</code></em></td></tr><tr><td><a class="indexterm" name="id2595135"></a><em class="parameter"><code>winbind enum groups = No</code></em></td></tr><tr><td><a class="indexterm" name="id2595147"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2595159"></a><em class="parameter"><code>printer admin = "KPAK\Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
-        <a class="indexterm" name="id2595175"></a>
-        <a class="indexterm" name="id2595182"></a>
-        <a class="indexterm" name="id2595188"></a>
-        <a class="indexterm" name="id2595195"></a>
+        </p><div class="example"><a name="sbe-idmapridex"></a><p class="title"><b>Example 7.8. Example <code class="filename">smb.conf</code> File Using <code class="constant">idmap_rid</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id363243"></a><em class="parameter"><code>workgroup = KPAK</code></em></td></tr><tr><td><a class="indexterm" name="id363254"></a><em class="parameter"><code>netbios name = BIGJOE</code></em></td></tr><tr><td><a class="indexterm" name="id363266"></a><em class="parameter"><code>realm = CORP.KPAK.COM</code></em></td></tr><tr><td><a class="indexterm" name="id363277"></a><em class="parameter"><code>server string = Office Server</code></em></td></tr><tr><td><a class="indexterm" name="id363289"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id363300"></a><em class="parameter"><code>allow trusted domains = No</code></em></td></tr><tr><td><a class="indexterm" name="id363312"></a><em class="parameter"><code>idmap backend = idmap_rid:KPAK=500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id363324"></a><em class="parameter"><code>idmap uid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id363335"></a><em class="parameter"><code>idmap gid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id363347"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id363359"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id363370"></a><em class="parameter"><code>winbind enum users = No</code></em></td></tr><tr><td><a class="indexterm" name="id363382"></a><em class="parameter"><code>winbind enum groups = No</code></em></td></tr><tr><td><a class="indexterm" name="id363393"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id363405"></a><em class="parameter"><code>printer admin = "KPAK\Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id363420"></a>
+        <a class="indexterm" name="id363427"></a>
+        <a class="indexterm" name="id363433"></a>
+        <a class="indexterm" name="id363440"></a>
         In a large domain with many users, it is imperative to disable enumeration of users and groups.
         For example, at a site that has 22,000 users in Active Directory the winbind-based user and
@@ -1186 +1186 @@
         below.
         </p><p>
-        <a class="indexterm" name="id2595234"></a>
-        <a class="indexterm" name="id2595241"></a>
+        <a class="indexterm" name="id363473"></a>
+        <a class="indexterm" name="id363480"></a>
         The use of this tool requires configuration of NSS as per the native use of winbind. Edit the
         <code class="filename">/etc/nsswitch.conf</code> so it has the following parameters:
@@ -1201 +1201 @@
         </p><p>
         The following procedure can be used to utilize the idmap_rid facility:
-        </p><div class="procedure"><ol type="1"><li><p>
+        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Create or install and <code class="filename">smb.conf</code> file with the above configuration.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Edit the <code class="filename">/etc/nsswitch.conf</code> file as shown above.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Execute:
 </p><pre class="screen">
@@ -1213 +1213 @@
 </pre><p>
                 </p><p>
-                <a class="indexterm" name="id2595322"></a>
+                <a class="indexterm" name="id363555"></a>
                 An invalid or failed join can be detected by executing:
 </p><pre class="screen">
@@ -1225 +1225 @@
                 may have occurred. Increase the <em class="parameter"><code>log level</code></em> to 10, repeat the above test,
                 and then examine the log files produced to identify the nature of the failure.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Start the <code class="literal">nmbd</code>, <code class="literal">winbind,</code> and <code class="literal">smbd</code> daemons in the order shown.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Validate the operation of this configuration by executing:
-                <a class="indexterm" name="id2595389"></a>
+                <a class="indexterm" name="id363616"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> getent passwd administrator
 administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash
 </pre><p>
-                </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2595411"></a>IDMAP Storage in LDAP using Winbind</h4></div></div></div><p>
-        <a class="indexterm" name="id2595419"></a>
-        <a class="indexterm" name="id2595426"></a>
+                </p></li></ol></div></div><div class="sect3" title="IDMAP Storage in LDAP using Winbind"><div class="titlepage"><div><div><h4 class="title"><a name="id363637"></a>IDMAP Storage in LDAP using Winbind</h4></div></div></div><p>
+        <a class="indexterm" name="id363645"></a>
+        <a class="indexterm" name="id363652"></a>
         The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains as well as
         with ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any standards-compliant
@@ -1243 +1243 @@
         </p><p>
         The example in <a class="link" href="unixclients.html#sbeunxa" title="Example 7.9. Typical ADS Style Domain smb.conf File">&#8220;Typical ADS Style Domain smb.conf File&#8221;</a> is for an ADS-style domain.
-        </p><div class="example"><a name="sbeunxa"></a><p class="title"><b>Example 7.9. Typical ADS Style Domain <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2595486"></a><em class="parameter"><code>workgroup = SNOWSHOW</code></em></td></tr><tr><td><a class="indexterm" name="id2595498"></a><em class="parameter"><code>netbios name = GOODELF</code></em></td></tr><tr><td><a class="indexterm" name="id2595510"></a><em class="parameter"><code>realm = SNOWSHOW.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2595521"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id2595533"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2595545"></a><em class="parameter"><code>log level = 1 ads:10 auth:10 sam:10 rpc:10</code></em></td></tr><tr><td><a class="indexterm" name="id2595557"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id2595569"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2595581"></a><em class="parameter"><code>ldap suffix = dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id2595593"></a><em class="parameter"><code>idmap backend = ldap:ldap://ldap.snowshow.com</code></em></td></tr><tr><td><a class="indexterm" name="id2595605"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2595617"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2595629"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2595641"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
-        <a class="indexterm" name="id2595656"></a>
+        </p><div class="example"><a name="sbeunxa"></a><p class="title"><b>Example 7.9. Typical ADS Style Domain <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id363706"></a><em class="parameter"><code>workgroup = SNOWSHOW</code></em></td></tr><tr><td><a class="indexterm" name="id363718"></a><em class="parameter"><code>netbios name = GOODELF</code></em></td></tr><tr><td><a class="indexterm" name="id363729"></a><em class="parameter"><code>realm = SNOWSHOW.COM</code></em></td></tr><tr><td><a class="indexterm" name="id363741"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id363752"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id363764"></a><em class="parameter"><code>log level = 1 ads:10 auth:10 sam:10 rpc:10</code></em></td></tr><tr><td><a class="indexterm" name="id363776"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id363787"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id363799"></a><em class="parameter"><code>ldap suffix = dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id363811"></a><em class="parameter"><code>idmap backend = ldap:ldap://ldap.snowshow.com</code></em></td></tr><tr><td><a class="indexterm" name="id363822"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id363834"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id363846"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id363857"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id363872"></a>
         In the case of an NT4 or Samba-3-style domain the <em class="parameter"><code>realm</code></em> is not used, and the
         command used to join the domain is <code class="literal">net rpc join</code>. The above example also demonstrates
         advanced error reporting techniques that are documented in the chapter called "Reporting Bugs" in
-        &#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide, Second Edition</span>&#8221; (TOSHARG2).
+        <span class="quote">&#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide, Second Edition</span>&#8221;</span> (TOSHARG2).
         </p><p>
-        <a class="indexterm" name="id2595687"></a>
-        <a class="indexterm" name="id2595694"></a>
-        <a class="indexterm" name="id2595701"></a>
+        <a class="indexterm" name="id363900"></a>
+        <a class="indexterm" name="id363907"></a>
+        <a class="indexterm" name="id363914"></a>
         Where MIT kerberos is installed (version 1.3.4 or later), edit the <code class="filename">/etc/krb5.conf</code>
         file so it has the following contents:
@@ -1291 +1291 @@
         .snowshow.com = SNOWSHOW.COM
 </pre><p>
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         Samba cannot use the Heimdal libraries if there is no <code class="filename">/etc/krb5.conf</code> file.
         So long as there is an empty file, the Heimdal kerberos libraries will be usable. There is no
@@ -1307 +1307 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2595785"></a>
-        <a class="indexterm" name="id2595792"></a>
+        <a class="indexterm" name="id363986"></a>
+        <a class="indexterm" name="id363993"></a>
         You will need the <a class="ulink" href="http://www.padl.com" target="_top">PADL</a> <code class="literal">nss_ldap</code>
         tool set for this solution. Configure the <code class="filename">/etc/ldap.conf</code> file so it has
@@ -1327 +1327 @@
         </p><p>
         The following procedure may be followed to affect a working configuration:
-        </p><div class="procedure"><ol type="1"><li><p>
+        </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure the <code class="filename">smb.conf</code> file as shown above.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Create the <code class="filename">/etc/krb5.conf</code> file following the indications above.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Configure the <code class="filename">/etc/nsswitch.conf</code> file as shown above.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Download, build, and install the PADL nss_ldap tool set. Configure the
                 <code class="filename">/etc/ldap.conf</code> file as shown above.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 5"><p>
                 Configure an LDAP server and initialize the directory with the top-level entries needed by IDMAP
                 as shown in the following LDIF file:
@@ -1356 +1356 @@
 ou: idmap
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 6"><p>
                 Execute the command to join the Samba domain member server to the ADS domain as shown here:
 </p><pre class="screen">
@@ -1363 +1363 @@
 Joined 'GOODELF' to realm 'SNOWSHOW.COM'
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 Store the LDAP server access password in the Samba <code class="filename">secrets.tdb</code> file as follows:
 </p><pre class="screen">
 <code class="prompt">root# </code> smbpasswd -w not24get
 </pre><p>
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Start the <code class="literal">nmbd</code>, <code class="literal">winbind</code>, and <code class="literal">smbd</code> daemons in the order shown.
                 </p></li></ol></div><p>
-        <a class="indexterm" name="id2595993"></a>
+        <a class="indexterm" name="id364177"></a>
         Follow the diagnostic procedures shown earlier in this chapter to identify success or failure of the join.
         In many cases a failure is indicated by a silent return to the command prompt with no indication of the
         reason for failure.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2596006"></a>IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</h4></div></div></div><p>
-        <a class="indexterm" name="id2596015"></a>
-        <a class="indexterm" name="id2596022"></a>
+        </p></div><div class="sect3" title="IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension"><div class="titlepage"><div><div><h4 class="title"><a name="id364188"></a>IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</h4></div></div></div><p>
+        <a class="indexterm" name="id364196"></a>
+        <a class="indexterm" name="id364203"></a>
         The use of this method is messy. The information provided in this section is for guidance only
         and is very definitely not complete. This method does work; it is used in a number of large sites
@@ -1383 +1383 @@
         </p><p>
         An example <code class="filename">smb.conf</code> file is shown in <a class="link" href="unixclients.html#sbewinbindex" title="Example 7.10. ADS Membership Using RFC2307bis Identity Resolution smb.conf File">&#8220;ADS Membership Using RFC2307bis Identity Resolution smb.conf File&#8221;</a>.
-        </p><div class="example"><a name="sbewinbindex"></a><p class="title"><b>Example 7.10. ADS Membership Using RFC2307bis Identity Resolution <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2596085"></a><em class="parameter"><code>workgroup = BUBBAH</code></em></td></tr><tr><td><a class="indexterm" name="id2596096"></a><em class="parameter"><code>netbios name = MADMAX</code></em></td></tr><tr><td><a class="indexterm" name="id2596108"></a><em class="parameter"><code>realm = BUBBAH.COM</code></em></td></tr><tr><td><a class="indexterm" name="id2596120"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id2596132"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id2596143"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2596155"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id2596167"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id2596179"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2596191"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2596203"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
-        <a class="indexterm" name="id2596218"></a>
+        </p><div class="example"><a name="sbewinbindex"></a><p class="title"><b>Example 7.10. ADS Membership Using RFC2307bis Identity Resolution <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id364262"></a><em class="parameter"><code>workgroup = BUBBAH</code></em></td></tr><tr><td><a class="indexterm" name="id364274"></a><em class="parameter"><code>netbios name = MADMAX</code></em></td></tr><tr><td><a class="indexterm" name="id364285"></a><em class="parameter"><code>realm = BUBBAH.COM</code></em></td></tr><tr><td><a class="indexterm" name="id364297"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id364308"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id364320"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id364331"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id364343"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id364355"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id364366"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id364378"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id364393"></a>
         The DMS must be joined to the domain using the usual procedure. Additionally, it is necessary
         to build and install the PADL nss_ldap tool set. Be sure to build this tool set with the
@@ -1393 +1393 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2596239"></a>
+        <a class="indexterm" name="id364411"></a>
         The following <code class="filename">/etc/nsswitch.conf</code> file contents are required:
 </p><pre class="screen">
@@ -1405 +1405 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2596263"></a>
-        <a class="indexterm" name="id2596270"></a>
+        <a class="indexterm" name="id364434"></a>
+        <a class="indexterm" name="id364441"></a>
         The <code class="filename">/etc/ldap.conf</code> file must be configured also. Refer to the PADL documentation
         and source code for nss_ldap instructions.
@@ -1412 +1412 @@
         The next step involves preparation on the ADS schema. This is briefly discussed in the remaining
         part of this chapter.
-        </p><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2596292"></a>IDMAP, Active Directory, and MS Services for UNIX 3.5</h5></div></div></div><p>
-                <a class="indexterm" name="id2596301"></a>
+        </p><div class="sect4" title="IDMAP, Active Directory, and MS Services for UNIX 3.5"><div class="titlepage"><div><div><h5 class="title"><a name="id364460"></a>IDMAP, Active Directory, and MS Services for UNIX 3.5</h5></div></div></div><p>
+                <a class="indexterm" name="id364468"></a>
                 The Microsoft Windows Service for UNIX version 3.5 is available for free
                 <a class="ulink" href="http://www.microsoft.com/windows/sfu/" target="_top">download</a>
                 from the Microsoft Web site. You will need to download this tool and install it following
                 Microsoft instructions.
-                </p></div><div class="sect4" lang="en"><div class="titlepage"><div><div><h5 class="title"><a name="id2596321"></a>IDMAP, Active Directory, and AD4UNIX</h5></div></div></div><p>
+                </p></div><div class="sect4" title="IDMAP, Active Directory, and AD4UNIX"><div class="titlepage"><div><div><h5 class="title"><a name="id364486"></a>IDMAP, Active Directory, and AD4UNIX</h5></div></div></div><p>
                 Instructions for obtaining and installing the AD4UNIX tool set can be found from the
                 <a class="ulink" href="http://www.geekcomix.com/cgi-bin/classnotes/wiki.pl?LDAP01/An_Alternative_Approach" target="_top">
                 Geekcomix</a> Web site.
-                </p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2596343"></a>UNIX/Linux Client Domain Member</h3></div></div></div><p><a class="indexterm" name="id2596350"></a>
+                </p></div></div></div><div class="sect2" title="UNIX/Linux Client Domain Member"><div class="titlepage"><div><div><h3 class="title"><a name="id364506"></a>UNIX/Linux Client Domain Member</h3></div></div></div><p><a class="indexterm" name="id364512"></a>
         So far this chapter has been mainly concerned with the provision of file and print
         services for domain member servers. However, an increasing number of UNIX/Linux
@@ -1428 +1428 @@
         other than a single desktop user. The key demand for desktop systems is to be able
         to log onto any UNIX/Linux or Windows desktop using the same network user credentials.
-        </p><p><a class="indexterm" name="id2596369"></a>
+        </p><p><a class="indexterm" name="id364527"></a>
         The ability to use a common set of user credential across a variety of network systems
         is generally regarded as a single sign-on (SSO) solution. SSO systems are sold by a
         large number of vendors and include a range of technologies such as:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Proxy sign-on
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Federated directory provisioning
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Metadirectory server solutions
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Replacement authentication systems
-                </p></li></ul></div><p><a class="indexterm" name="id2596411"></a>
+                </p></li></ul></div><p><a class="indexterm" name="id364566"></a>
         There are really four solutions that provide integrated authentication and
         user identity management facilities:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Samba winbind (free). Samba-3.0.20 introduced a complete replacement for Winbind that now
                 provides a greater level of scalability in large ADS environments.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 <a class="ulink" href="http://www.padl.com" target="_top">PADL</a> PAM and LDAP tools (free).
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 <a class="ulink" href="http://www.vintela.com" target="_top">Vintela</a> Authentication Services (commercial).
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 <a class="ulink" href="http://www.centrify.com" target="_top">Centrify</a> DirectControl (commercial). 
                 Centrify's commercial product allows UNIX and Linux systems to use Active Directory
@@ -1465 +1465 @@
         support via Samba-3.
         </p><p>
-        <a class="indexterm" name="id2596490"></a>
+        <a class="indexterm" name="id364633"></a>
         On the other hand, if the authentication and identity resolution backend must be provided by
         a Windows NT4-style domain or from an Active Directory Domain that does not have the Microsoft
@@ -1471 +1471 @@
         situations now follows.
         </p><p>
-        <a class="indexterm" name="id2596508"></a>
-        <a class="indexterm" name="id2596514"></a>
-        <a class="indexterm" name="id2596521"></a>
+        <a class="indexterm" name="id364648"></a>
+        <a class="indexterm" name="id364655"></a>
+        <a class="indexterm" name="id364662"></a>
         To permit users to log on to a Linux system using Windows network credentials, you need to
         configure identity resolution (NSS) and PAM. This means that the basic steps include those
@@ -1480 +1480 @@
         of shares and printers is generally less important. Often this allows the share specifications
         to be entirely removed from the <code class="filename">smb.conf</code> file. That is obviously an administrator decision.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2596544"></a>NT4 Domain Member</h4></div></div></div><p>
+        </p><div class="sect3" title="NT4 Domain Member"><div class="titlepage"><div><div><h4 class="title"><a name="id364680"></a>NT4 Domain Member</h4></div></div></div><p>
                 The following steps provide a Linux system that users can log onto using
                 Windows NT4 (or Samba-3) domain network credentials:
-                </p><div class="procedure"><ol type="1"><li><p>
+                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Follow the steps outlined in <a class="link" href="unixclients.html#wdcsdm" title="NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind">&#8220;NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind&#8221;</a> and ensure that
                         all validation tests function as shown.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Identify what services users must log on to. On Red Hat Linux, if it is
                         intended that the user shall be given access to all services, it may be
                         most expeditious to simply configure the file 
                         <code class="filename">/etc/pam.d/system-auth</code>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         Carefully make a backup copy of all PAM configuration files before you
                         begin making changes. If you break the PAM configuration, please note
@@ -1498 +1498 @@
                         PAM files are incorrectly configured. The entire directory 
                         <code class="filename">/etc/pam.d</code> should be backed up to a safe location.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         If you require only console login support, edit the <code class="filename">/etc/pam.d/login</code>
                         so it matches <a class="link" href="unixclients.html#ch9-pamwnbdlogin" title="Example 7.11. SUSE: PAM login Module Using Winbind">&#8220;SUSE: PAM login Module Using Winbind&#8221;</a>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 5"><p>
                         To provide the ability to log onto the graphical desktop interface, you must edit
                         the files <code class="filename">gdm</code> and <code class="filename">xdm</code> in the 
                         <code class="filename">/etc/pam.d</code> directory.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 6"><p>
                         Edit only one file at a time. Carefully validate its operation before attempting
                         to reboot the machine.
-                        </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2596666"></a>ADS Domain Member</h4></div></div></div><p>
+                        </p></li></ol></div></div><div class="sect3" title="ADS Domain Member"><div class="titlepage"><div><div><h4 class="title"><a name="id364792"></a>ADS Domain Member</h4></div></div></div><p>
                 This procedure should be followed to permit a Linux network client (workstation/desktop)
                 to permit users to log on using Microsoft Active Directory-based user credentials.
-                </p><div class="procedure"><ol type="1"><li><p>
+                </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Follow the steps outlined in <a class="link" href="unixclients.html#adssdm" title="Active Directory Domain with Samba Domain Member Server">&#8220;Active Directory Domain with Samba Domain Member Server&#8221;</a> and ensure that
                         all validation tests function as shown.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 2"><p>
                         Identify what services users must log on to. On Red Hat Linux, if it is
                         intended that the user shall be given access to all services, it may be
                         most expeditious to simply configure the file 
                         <code class="filename">/etc/pam.d/system-auth</code> as shown in <a class="link" href="unixclients.html#ch9-rhsysauth" title="Example 7.13. Red Hat 9: PAM System Authentication File: /etc/pam.d/system-auth Module Using Winbind">&#8220;Red Hat 9: PAM System Authentication File: /etc/pam.d/system-auth Module Using Winbind&#8221;</a>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 3"><p>
                         Carefully make a backup copy of all PAM configuration files before you
                         begin making changes. If you break the PAM configuration, please note
@@ -1526 +1526 @@
                         PAM files are incorrectly configured. The entire directory 
                         <code class="filename">/etc/pam.d</code> should be backed up to a safe location.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 4"><p>
                         If you require only console login support, edit the <code class="filename">/etc/pam.d/login</code>
                         so it matches <a class="link" href="unixclients.html#ch9-pamwnbdlogin" title="Example 7.11. SUSE: PAM login Module Using Winbind">&#8220;SUSE: PAM login Module Using Winbind&#8221;</a>.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 5"><p>
                         To provide the ability to log onto the graphical desktop interface, you must edit
                         the files <code class="filename">gdm</code> and <code class="filename">xdm</code> in the 
                         <code class="filename">/etc/pam.d</code> directory.
-                        </p></li><li><p>
+                        </p></li><li class="step" title="Step 6"><p>
                         Edit only one file at a time. Carefully validate its operation before attempting
                         to reboot the machine.
@@ -1588 +1588 @@
 session     sufficient    /lib/security/$ISA/pam_unix.so
 session     sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
-</pre></div></div><br class="example-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2596918"></a>Key Points Learned</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id365002"></a>Key Points Learned</h3></div></div></div><p>
                 The addition of UNIX/Linux Samba servers and clients is a common requirement. In this chapter, you
                 learned how to integrate such servers so that the UID/GID mappings they use can be consistent
@@ -1595 +1595 @@
                 </p><p>
                 The following are key points made in this chapter:
-                </p><div class="itemizedlist"><ul type="disc"><li><p>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         Domain controllers are always authoritative for the domain.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Domain members may have local accounts and must be able to resolve the identity of 
                         domain user accounts. Domain user account identity must map to a local UID/GID. That 
                         local UID/GID can be stored in LDAP. This way, it is possible to share the IDMAP data 
                         across all domain member machines.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         Resolution of user and group identities on domain member machines may be implemented 
                         using direct LDAP services or using winbind.
-                        </p></li><li><p>
+                        </p></li><li class="listitem"><p>
                         On NSS/PAM enabled UNIX/Linux systems, NSS is responsible for identity management 
                         and PAM is responsible for authentication of logon credentials (username and password).
-                        </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2596972"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id365047"></a>Questions and Answers</h2></div></div></div><p>
         The following questions were obtained from the mailing list and also from private discussions
         with Windows network administrators.
-        </p><div class="qandaset"><dl><dt> <a href="unixclients.html#id2596990">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id365057"></a><dl><dt> <a href="unixclients.html#id365063">
                 We use NIS for all UNIX accounts. Why do we need winbind?
-                </a></dt><dt> <a href="unixclients.html#id2597105">
+                </a></dt><dt> <a href="unixclients.html#id365171">
                 Our IT management people do not like LDAP but are looking at Microsoft Active Directory. 
               Which is better?
-                </a></dt><dt> <a href="unixclients.html#id2597189">
+                </a></dt><dt> <a href="unixclients.html#id365244">
                 We want to implement a Samba PDC, four Samba BDCs, and 10 Samba servers. Is it possible 
                 to use NIS in place of LDAP?
-                </a></dt><dt> <a href="unixclients.html#id2597300">
+                </a></dt><dt> <a href="unixclients.html#id365348">
                 Are you suggesting that users should not log on to a domain member server? If so, why?
-                </a></dt><dt> <a href="unixclients.html#id2597421">
+                </a></dt><dt> <a href="unixclients.html#id365457">
                 We want to ensure that only users from our own domain plus from trusted domains can use our
                 Samba servers. In the smb.conf file on all servers, we have enabled the winbind
@@ -1627 +1627 @@
                 cannot access our servers, and users from Windows clients that are not domain members
                 can also access our servers. Is this a Samba bug?
-                </a></dt><dt> <a href="unixclients.html#id2597596">
+                </a></dt><dt> <a href="unixclients.html#id365622">
                 What are the benefits of using LDAP for my domain member servers?
-                </a></dt><dt> <a href="unixclients.html#id2597780">
+                </a></dt><dt> <a href="unixclients.html#id365797">
                 Is proper DNS operation necessary for Samba-3 plus LDAP? If so, what must I put into
                 my DNS configuration?
-                </a></dt><dt> <a href="unixclients.html#id2597938">
+                </a></dt><dt> <a href="unixclients.html#id365944">
                 Our Windows 2003 Server Active Directory domain runs with NetBIOS disabled. Can we
                 use Samba-3 with that configuration?
-                </a></dt><dt> <a href="unixclients.html#id2597956">
+                </a></dt><dt> <a href="unixclients.html#id365962">
                 When I tried to execute net ads join, I got no output. It did not work, so
                 I think that it failed. I then executed net rpc join and that worked fine.
                 That is okay, isn't it?
-                </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2596990"></a><a name="id2596992"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id365063"></a><a name="id365066"></a></td><td align="left" valign="top"><p>
                 We use NIS for all UNIX accounts. Why do we need winbind?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
-                <a class="indexterm" name="id2597004"></a>
-                <a class="indexterm" name="id2597011"></a>
-                <a class="indexterm" name="id2597018"></a>
-                <a class="indexterm" name="id2597025"></a>
-                <a class="indexterm" name="id2597031"></a>
-                <a class="indexterm" name="id2597038"></a>
+                <a class="indexterm" name="id365077"></a>
+                <a class="indexterm" name="id365083"></a>
+                <a class="indexterm" name="id365090"></a>
+                <a class="indexterm" name="id365097"></a>
+                <a class="indexterm" name="id365104"></a>
+                <a class="indexterm" name="id365111"></a>
                 You can use NIS for your UNIX accounts. NIS does not store the Windows encrypted
                 passwords that need to be stored in one of the acceptable passdb backends.
@@ -1654 +1654 @@
                 SIDs from trusted domains to local UID/GID values.
                 </p><p>
-                <a class="indexterm" name="id2597065"></a>
-                <a class="indexterm" name="id2597073"></a>
+                <a class="indexterm" name="id365135"></a>
+                <a class="indexterm" name="id365142"></a>
                 On a domain member server, you effectively map Windows domain users to local users
                 that are in your NIS database by specifying the <em class="parameter"><code>winbind trusted domains
@@ -1663 +1663 @@
                 </p><p>
                 As a general rule, it is always a good idea to run winbind on all Samba servers.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597105"></a><a name="id2597107"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365171"></a><a name="id365173"></a></td><td align="left" valign="top"><p>
                 Our IT management people do not like LDAP but are looking at Microsoft Active Directory. 
-              Which is better?<a class="indexterm" name="id2597114"></a>
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2597128"></a><a class="indexterm" name="id2597139"></a><a class="indexterm" name="id2597147"></a>
+              Which is better?<a class="indexterm" name="id365178"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365193"></a><a class="indexterm" name="id365204"></a><a class="indexterm" name="id365212"></a>
                 Microsoft Active Directory is an LDAP server that is intricately tied to a Kerberos
                 infrastructure. Most IT managers who object to LDAP do so because
@@ -1673 +1673 @@
                 devise the backup and recovery facilities in a site-dependent manner. LDAP servers
                 in general are seen as a high-energy, high-risk facility.
-                </p><p><a class="indexterm" name="id2597166"></a>
+                </p><p><a class="indexterm" name="id365227"></a>
                 Microsoft Active Directory by comparison is easy to install and configure and
                 is supplied with all tools necessary to implement and manage the directory. For sites
@@ -1682 +1682 @@
                 consider the options. On the other hand, if management just wants a solution that works,
                 Microsoft Active Directory is a good solution.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597189"></a><a name="id2597191"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365244"></a><a name="id365247"></a></td><td align="left" valign="top"><p>
                 We want to implement a Samba PDC, four Samba BDCs, and 10 Samba servers. Is it possible 
                 to use NIS in place of LDAP?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2597203"></a><a class="indexterm" name="id2597211"></a><a class="indexterm" name="id2597219"></a><a class="indexterm" name="id2597227"></a><a class="indexterm" name="id2597235"></a><a class="indexterm" name="id2597243"></a><a class="indexterm" name="id2597250"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365257"></a><a class="indexterm" name="id365265"></a><a class="indexterm" name="id365273"></a><a class="indexterm" name="id365281"></a><a class="indexterm" name="id365289"></a><a class="indexterm" name="id365296"></a><a class="indexterm" name="id365304"></a>
                 Yes, it is possible to use NIS in place of LDAP, but there may be problems with keeping
                 the Windows (SMB) encrypted passwords database correctly synchronized across the entire
@@ -1691 +1691 @@
                 membership secure account password. How can you keep changes that are on remote BDCs
                 synchronized on the PDC?
-                </p><p><a class="indexterm" name="id2597268"></a><a class="indexterm" name="id2597276"></a><a class="indexterm" name="id2597284"></a>
+                </p><p><a class="indexterm" name="id365318"></a><a class="indexterm" name="id365326"></a><a class="indexterm" name="id365334"></a>
                 LDAP is a more elegant solution because it permits centralized storage and management
                 of all network identities (user, group, and machine accounts) together with all information
                 Samba needs to provide to network clients and their users.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597300"></a><a name="id2597302"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365348"></a><a name="id365350"></a></td><td align="left" valign="top"><p>
                 Are you suggesting that users should not log on to a domain member server? If so, why?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2597314"></a><a class="indexterm" name="id2597322"></a><a class="indexterm" name="id2597333"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365361"></a><a class="indexterm" name="id365369"></a><a class="indexterm" name="id365380"></a>
                 Many UNIX administrators mock the model that the personal computer industry has adopted
                 as normative since the early days of Novell NetWare. The old
@@ -1703 +1703 @@
                 fears concerning the security and integrity of data. It was a simple and generally
                 effective measure to keep users away from servers, except through mapped drives.
-                </p><p><a class="indexterm" name="id2597351"></a><a class="indexterm" name="id2597359"></a><a class="indexterm" name="id2597367"></a><a class="indexterm" name="id2597375"></a><a class="indexterm" name="id2597382"></a>
+                </p><p><a class="indexterm" name="id365395"></a><a class="indexterm" name="id365403"></a><a class="indexterm" name="id365410"></a><a class="indexterm" name="id365418"></a><a class="indexterm" name="id365426"></a>
                 UNIX administrators are fully correct in asserting that UNIX servers and workstations
                 are identical in terms of the software that is installed. They correctly assert that
@@ -1712 +1712 @@
                 Only then can one begin to appraise the best strategy and adopt a site-specific
                 policy that best protects the needs of users and of the organization alike.
-                </p><p><a class="indexterm" name="id2597405"></a>
+                </p><p><a class="indexterm" name="id365443"></a>
                 From experience, it is my recommendation to keep general system-level logins to a
                 practical minimum and to eliminate them if possible. This should not be taken as a
                 hard rule, though. The better question is, what works best for the site?
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597421"></a><a name="id2597423"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2597426"></a><a class="indexterm" name="id2597434"></a><a class="indexterm" name="id2597446"></a><a class="indexterm" name="id2597454"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365457"></a><a name="id365459"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id365462"></a><a class="indexterm" name="id365470"></a><a class="indexterm" name="id365482"></a><a class="indexterm" name="id365490"></a>
                 We want to ensure that only users from our own domain plus from trusted domains can use our
                 Samba servers. In the <code class="filename">smb.conf</code> file on all servers, we have enabled the <em class="parameter"><code>winbind
@@ -1722 +1722 @@
                 cannot access our servers, and users from Windows clients that are not domain members
                 can also access our servers. Is this a Samba bug?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2597487"></a><a class="indexterm" name="id2597495"></a><a class="indexterm" name="id2597502"></a><a class="indexterm" name="id2597510"></a><a class="indexterm" name="id2597518"></a><a class="indexterm" name="id2597526"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365519"></a><a class="indexterm" name="id365527"></a><a class="indexterm" name="id365534"></a><a class="indexterm" name="id365542"></a><a class="indexterm" name="id365550"></a><a class="indexterm" name="id365558"></a>
                 The manual page for this <em class="parameter"><code>winbind trusted domains only</code></em> parameter says,
-                &#8220;<span class="quote">This parameter is designed to allow Samba servers that are members of a Samba-controlled 
+                <span class="quote">&#8220;<span class="quote">This parameter is designed to allow Samba servers that are members of a Samba-controlled 
                 domain to use UNIX accounts distributed vi NIS, rsync, or LDAP as the UIDs for winbindd users 
                 in the hosts primary domain. Therefore,  the user <code class="constant">SAMBA\user1</code> would be 
                 mapped to the account <code class="constant">user1</code> in <code class="filename">/etc/passwd</code> instead 
-                of allocating a new UID for him or her.</span>&#8221; This clearly suggests that you are trying
+                of allocating a new UID for him or her.</span>&#8221;</span> This clearly suggests that you are trying
                 to use this parameter inappropriately.
-                </p><p><a class="indexterm" name="id2597568"></a>
+                </p><p><a class="indexterm" name="id365596"></a>
                 A far better solution is to use the <em class="parameter"><code>valid users</code></em> by specifying
                 precisely the domain users and groups that should be permitted access to the shares. You could, 
@@ -1739 +1739 @@
         valid users = @"Domain Users", @"OTHERDOMAIN\Domain Users"
 </pre><p>
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597596"></a><a name="id2597598"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365622"></a><a name="id365624"></a></td><td align="left" valign="top"><p>
                 What are the benefits of using LDAP for my domain member servers?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2597609"></a><a class="indexterm" name="id2597617"></a><a class="indexterm" name="id2597625"></a><a class="indexterm" name="id2597633"></a><a class="indexterm" name="id2597640"></a><a class="indexterm" name="id2597648"></a><a class="indexterm" name="id2597656"></a><a class="indexterm" name="id2597664"></a><a class="indexterm" name="id2597672"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365634"></a><a class="indexterm" name="id365642"></a><a class="indexterm" name="id365650"></a><a class="indexterm" name="id365657"></a><a class="indexterm" name="id365665"></a><a class="indexterm" name="id365673"></a><a class="indexterm" name="id365681"></a><a class="indexterm" name="id365689"></a><a class="indexterm" name="id365696"></a>
                 The key benefit of using LDAP is that the UID of all users and the GID of all groups
                 are globally consistent on domain controllers as well as on domain member servers.
                 This means that it is possible to copy/replicate files across servers without
                 loss of identity.
-                </p><p><a class="indexterm" name="id2597688"></a><a class="indexterm" name="id2597696"></a><a class="indexterm" name="id2597704"></a><a class="indexterm" name="id2597712"></a><a class="indexterm" name="id2597720"></a><a class="indexterm" name="id2597728"></a><a class="indexterm" name="id2597739"></a><a class="indexterm" name="id2597747"></a>
+                </p><p><a class="indexterm" name="id365710"></a><a class="indexterm" name="id365718"></a><a class="indexterm" name="id365726"></a><a class="indexterm" name="id365734"></a><a class="indexterm" name="id365741"></a><a class="indexterm" name="id365749"></a><a class="indexterm" name="id365761"></a><a class="indexterm" name="id365768"></a>
                 When use is made of account identity resolution via winbind, even when an IDMAP backend
                 is stored in LDAP, the UID/GID on domain member servers is consistent, but differs
@@ -1753 +1753 @@
                 idmap uid/gid</code></em> in the <code class="filename">smb.conf</code> file. On domain controllers, the UID/GID is
                 that of the POSIX value assigned in the LDAP directory as part of the POSIX account information.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597780"></a><a name="id2597782"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365797"></a><a name="id365799"></a></td><td align="left" valign="top"><p>
                 Is proper DNS operation necessary for Samba-3 plus LDAP? If so, what must I put into
                 my DNS configuration?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2597793"></a><a class="indexterm" name="id2597805"></a><a class="indexterm" name="id2597816"></a><a class="indexterm" name="id2597824"></a><a class="indexterm" name="id2597832"></a><a class="indexterm" name="id2597839"></a><a class="indexterm" name="id2597847"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365810"></a><a class="indexterm" name="id365821"></a><a class="indexterm" name="id365832"></a><a class="indexterm" name="id365840"></a><a class="indexterm" name="id365847"></a><a class="indexterm" name="id365855"></a><a class="indexterm" name="id365863"></a>
                 Samba depends on correctly functioning resolution of hostnames to their IP address. Samba
                 makes no direct DNS lookup calls, but rather redirects all name-to-address calls via the
@@ -1769 +1769 @@
                 If this fails to resolve, it attempts a DNS lookup, and if that fails, it tries a
                 WINS lookup.
-                </p><p><a class="indexterm" name="id2597902"></a><a class="indexterm" name="id2597910"></a><a class="indexterm" name="id2597918"></a>
+                </p><p><a class="indexterm" name="id365913"></a><a class="indexterm" name="id365920"></a><a class="indexterm" name="id365928"></a>
                 The addition of the WINS-based name lookup makes sense only if NetBIOS over TCP/IP has
                 been enabled on all Windows clients. Where NetBIOS over TCP/IP has been disabled, DNS
@@ -1776 +1776 @@
                 case, the Windows 200x autoregisters all locator records it needs with its own DNS
                 server or servers.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597938"></a><a name="id2597940"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365944"></a><a name="id365947"></a></td><td align="left" valign="top"><p>
                 Our Windows 2003 Server Active Directory domain runs with NetBIOS disabled. Can we
                 use Samba-3 with that configuration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 Yes.
-                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2597956"></a><a name="id2597958"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id2597962"></a><a class="indexterm" name="id2597976"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365962"></a><a name="id365964"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id365967"></a><a class="indexterm" name="id365982"></a>
                 When I tried to execute net ads join, I got no output. It did not work, so
                 I think that it failed. I then executed net rpc join and that worked fine.
                 That is okay, isn't it?
-                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2598000"></a><a class="indexterm" name="id2598008"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id366004"></a><a class="indexterm" name="id366012"></a>
                 No. This is not okay. It means that your Samba-3 client has joined the ADS domain as
                 a Windows NT4 client, and Samba-3 will not be using Kerberos-based authentication.

trunk/server/docs/htmldocs/Samba3-ByExample/upgrades.html

@@ -1 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id2598125">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2598221">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2599550">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2599919">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600245">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2600427">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2600542">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600746">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2601160">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>
-<a class="indexterm" name="id2598040"></a>
-<a class="indexterm" name="id2598047"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 8. Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id366117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>
+<a class="indexterm" name="id366043"></a>
+<a class="indexterm" name="id366050"></a>
 It was a little difficult to select an appropriate title for this chapter.
 From email messages on the Samba mailing lists it is clear that many people
@@ -8 +8 @@
 installing a new Samba server to replace an older existing Samba server.
 </p><p>
-<a class="indexterm" name="id2598064"></a>
-<a class="indexterm" name="id2598070"></a>
+<a class="indexterm" name="id366063"></a>
+<a class="indexterm" name="id366070"></a>
 There has also been much talk about migration of Samba-3 from an smbpasswd
 passdb backend to the use of the tdbsam or ldapsam facilities that are new
@@ -18 +18 @@
 highlighted by an email posting that included the following neat remark:
 </p><div class="blockquote"><blockquote class="blockquote"><p>
-<a class="indexterm" name="id2598092"></a>
-I like the &#8220;<span class="quote">net rpc vampire</span>&#8221; on NT4, but that to my surprise does
+<a class="indexterm" name="id366088"></a>
+I like the <span class="quote">&#8220;<span class="quote">net rpc vampire</span>&#8221;</span> on NT4, but that to my surprise does
 not seem to work against a Samba PDC and, if addressed in the Samba to Samba
 context in either book, I could not find it.
 </p></blockquote></div><p>
-<a class="indexterm" name="id2598113"></a>
+<a class="indexterm" name="id366107"></a>
 So in response to the significant request for these situations to be better 
 documented, this chapter has now been added. User contributions and documentation
 of real-world experiences are a most welcome addition to this chapter.
-</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2598125"></a>Introduction</h2></div></div></div><p>
-<a class="indexterm" name="id2598133"></a>
-<a class="indexterm" name="id2598139"></a>
-<a class="indexterm" name="id2598146"></a>
+</p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id366117"></a>Introduction</h2></div></div></div><p>
+<a class="indexterm" name="id366125"></a>
+<a class="indexterm" name="id366131"></a>
+<a class="indexterm" name="id366138"></a>
 A Windows network administrator explained in an email what changes he was
-planning to make and followed with the question: &#8220;<span class="quote">Anyone done this
-before?</span>&#8221; Many of us have upgraded and updated Samba without incident.
+planning to make and followed with the question: <span class="quote">&#8220;<span class="quote">Anyone done this
+before?</span>&#8221;</span> Many of us have upgraded and updated Samba without incident.
 Others have experienced much pain and user frustration. So it is to be hoped
 that the notes in this chapter will make a positive difference by assuring
@@ -44 +44 @@
 fails to take adequate steps to avoid situations that may inflict lost
 productivity on them.
-</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
-<a class="indexterm" name="id2598177"></a>
-<a class="indexterm" name="id2598184"></a>
+</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+<a class="indexterm" name="id366163"></a>
+<a class="indexterm" name="id366170"></a>
 Samba makes it possible to upgrade and update configuration files, but it
 is not possible to downgrade the configuration files. Please ensure that
@@ -52 +52 @@
 in the rare event that this may be necessary.
 </p></div><p>
-<a class="indexterm" name="id2598199"></a>
-<a class="indexterm" name="id2598206"></a>
+<a class="indexterm" name="id366182"></a>
+<a class="indexterm" name="id366189"></a>
 It is prudent also to backup all data files on the server before attempting
 to perform a major upgrade. Many administrators have experienced the consequences
@@ -60 +60 @@
 the precautions taken were inadequate. If a backup was not needed, but was available,
 caution was on the side of the victor.
-</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2598221"></a>Cautions and Notes</h3></div></div></div><p>
-        Someone once said, &#8220;<span class="quote">It is good to be sorry, but better never to need to be!</span>&#8221;
+</p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id366200"></a>Cautions and Notes</h3></div></div></div><p>
+        Someone once said, <span class="quote">&#8220;<span class="quote">It is good to be sorry, but better never to need to be!</span>&#8221;</span>
         These are wise words of advice to those contemplating a Samba upgrade or update.
         </p><p>
-        <a class="indexterm" name="id2598239"></a>
-        <a class="indexterm" name="id2598245"></a>
-        <a class="indexterm" name="id2598252"></a>
+        <a class="indexterm" name="id366216"></a>
+        <a class="indexterm" name="id366223"></a>
+        <a class="indexterm" name="id366230"></a>
         This is as good a time as any to define the terms <code class="constant">upgrade</code> and
         <code class="constant">update</code>. The term <code class="constant">upgrade</code> refers to
@@ -74 +74 @@
         is in development.
         </p><p>
-        <a class="indexterm" name="id2598279"></a>
+        <a class="indexterm" name="id366254"></a>
         The term <code class="constant">update</code> refers to a minor version number installation
         in place of one of the same generation. For example, updating from Samba 3.0.10 to 3.0.14
         is an update. The move from Samba 2.0.7 to 3.0.14 is an upgrade.
         </p><p>
-        <a class="indexterm" name="id2598296"></a>
+        <a class="indexterm" name="id366269"></a>
         While the use of these terms is an exercise in semantics, what needs to be realized
         is that there are major functional differences between a Samba 2.x release and a Samba
@@ -87 +87 @@
         modified to preserve prior functionality.
         </p><p>
-        There is an old axiom that says, &#8220;<span class="quote">The greater the volume of the documentation,
+        There is an old axiom that says, <span class="quote">&#8220;<span class="quote">The greater the volume of the documentation,
         the greater the risk that noone will read it, but where there is no documentation,
-        noone can read it!</span>&#8221; While true, some documentation is an evil necessity.
+        noone can read it!</span>&#8221;</span> While true, some documentation is an evil necessity.
         It is hoped that this update to the documentation will avoid both extremes.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2598325"></a>Security Identifiers (SIDs)</h4></div></div></div><p>
-        <a class="indexterm" name="id2598333"></a>
-        <a class="indexterm" name="id2598342"></a>
-        <a class="indexterm" name="id2598349"></a>
-        <a class="indexterm" name="id2598356"></a>
-        <a class="indexterm" name="id2598362"></a>
-        <a class="indexterm" name="id2598372"></a>
+        </p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id366291"></a>Security Identifiers (SIDs)</h4></div></div></div><p>
+        <a class="indexterm" name="id366298"></a>
+        <a class="indexterm" name="id366308"></a>
+        <a class="indexterm" name="id366315"></a>
+        <a class="indexterm" name="id366322"></a>
+        <a class="indexterm" name="id366328"></a>
+        <a class="indexterm" name="id366337"></a>
         Before the days of Windows NT and OS/2, every Windows and DOS networking client
         that used the SMB protocols was an entirely autonomous entity. There was no concept
@@ -105 +105 @@
         Windows NT 3.10.
         </p><p>
-        <a class="indexterm" name="id2598391"></a>
-        <a class="indexterm" name="id2598398"></a>
-        <a class="indexterm" name="id2598405"></a>
-        <a class="indexterm" name="id2598412"></a>
-        <a class="indexterm" name="id2598418"></a>
-        <a class="indexterm" name="id2598425"></a>
+        <a class="indexterm" name="id366353"></a>
+        <a class="indexterm" name="id366360"></a>
+        <a class="indexterm" name="id366367"></a>
+        <a class="indexterm" name="id366374"></a>
+        <a class="indexterm" name="id366380"></a>
+        <a class="indexterm" name="id366387"></a>
         Versions of Samba prior to 1.9 did not make use of a SID. Instead they make exclusive use
         of the username that is embedded in the SessionSetUpAndX component of the connection
         setup process between a Windows client and an SMB/CIFS server. 
         </p><p>
-        <a class="indexterm" name="id2598442"></a>
-        <a class="indexterm" name="id2598449"></a>
-        <a class="indexterm" name="id2598455"></a>
+        <a class="indexterm" name="id366402"></a>
+        <a class="indexterm" name="id366409"></a>
+        <a class="indexterm" name="id366415"></a>
         Around November 1997 support was added to Samba-1.9 to handle the Windows security
         RPC-based protocols that implemented support for Samba to store a machine SID. This
         information was stored in a file called <code class="filename">MACHINE.SID.</code>
         </p><p>
-        <a class="indexterm" name="id2598475"></a>
-        <a class="indexterm" name="id2598482"></a>
-        <a class="indexterm" name="id2598488"></a>
+        <a class="indexterm" name="id366433"></a>
+        <a class="indexterm" name="id366440"></a>
+        <a class="indexterm" name="id366446"></a>
         Within the lifetime of the early Samba 2.x series, the machine SID information was
         relocated into a tdb file called <code class="filename">secrets.tdb</code>, which is where
@@ -130 +130 @@
         local machine and its role within a domain security context.
         </p><p>
-        <a class="indexterm" name="id2598509"></a>
-        <a class="indexterm" name="id2598518"></a>
-        <a class="indexterm" name="id2598527"></a>
-        <a class="indexterm" name="id2598534"></a>
+        <a class="indexterm" name="id366464"></a>
+        <a class="indexterm" name="id366474"></a>
+        <a class="indexterm" name="id366483"></a>
+        <a class="indexterm" name="id366489"></a>
         There are two types of SID, those pertaining to the machine itself and the domain to
         which it may belong, and those pertaining to users and groups within the security
@@ -139 +139 @@
         servers (DMS).
         </p><p>
-        <a class="indexterm" name="id2598548"></a>
-        <a class="indexterm" name="id2598555"></a>
-        <a class="indexterm" name="id2598562"></a>
-        <a class="indexterm" name="id2598569"></a>
-        <a class="indexterm" name="id2598576"></a>
-        <a class="indexterm" name="id2598582"></a>
+        <a class="indexterm" name="id366501"></a>
+        <a class="indexterm" name="id366508"></a>
+        <a class="indexterm" name="id366515"></a>
+        <a class="indexterm" name="id366522"></a>
+        <a class="indexterm" name="id366529"></a>
+        <a class="indexterm" name="id366535"></a>
         When the Samba <code class="literal">smbd</code> daemon is first started, if the <code class="filename">secrets.tdb</code>
         file does not exist, it is created at the first client connection attempt. If this file does
@@ -154 +154 @@
         (hostname) and domain name (workgroup), it will be different.
         </p><p>
-        <a class="indexterm" name="id2598632"></a>
+        <a class="indexterm" name="id366580"></a>
         The SID is the key used by MS Windows networking for all networking operations. This means
         that when the machine or domain SID changes, all security-encoded objects such as profiles
         and ACLs may become unusable.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         It is of paramount importance that the machine and domain SID be backed up so that in
         the event of a change of hostname (machine name) or domain name (workgroup) the SID can
         be restored to its previous value.
         </p></div><p>
-        <a class="indexterm" name="id2598653"></a>
-        <a class="indexterm" name="id2598660"></a>
-        <a class="indexterm" name="id2598667"></a>
-        <a class="indexterm" name="id2598673"></a>
-        <a class="indexterm" name="id2598680"></a>
-        <a class="indexterm" name="id2598687"></a>
-        <a class="indexterm" name="id2598694"></a>
-        <a class="indexterm" name="id2598701"></a>
-        <a class="indexterm" name="id2598708"></a>
-        <a class="indexterm" name="id2598714"></a>
+        <a class="indexterm" name="id366598"></a>
+        <a class="indexterm" name="id366604"></a>
+        <a class="indexterm" name="id366611"></a>
+        <a class="indexterm" name="id366617"></a>
+        <a class="indexterm" name="id366624"></a>
+        <a class="indexterm" name="id366631"></a>
+        <a class="indexterm" name="id366638"></a>
+        <a class="indexterm" name="id366645"></a>
+        <a class="indexterm" name="id366651"></a>
+        <a class="indexterm" name="id366658"></a>
         In Samba-3 on a domain controller (PDC or BDC), the domain name controls the domain
         SID. On all prior versions the hostname (computer name, or NetBIOS name) controlled
         the SID. On a standalone server the hostname still controls the SID.
         </p><p>
-        <a class="indexterm" name="id2598728"></a>
-        <a class="indexterm" name="id2598737"></a>
+        <a class="indexterm" name="id366670"></a>
+        <a class="indexterm" name="id366679"></a>
         The local machine SID can be backed up using this procedure (Samba-3):
 </p><pre class="screen">
@@ -201 +201 @@
         This is not a reversible process  it is a one-way upgrade.
         </p><p>
-        <a class="indexterm" name="id2598826"></a>
+        <a class="indexterm" name="id366761"></a>
         In the course of the Samba 2.0.x series the <code class="literal">smbpasswd</code> was modified to
         permit the domain SID to be captured to the <code class="filename">secrets.tdb</code> file by executing:
@@ -218 +218 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2598899"></a>
-        <a class="indexterm" name="id2598906"></a>
+        <a class="indexterm" name="id366829"></a>
+        <a class="indexterm" name="id366835"></a>
         Domain security information, which includes the domain SID, can be obtained from Samba-2.2.x
         systems by executing:
@@ -238 +238 @@
         case it is ever needed at a later date.
         </p><p>
-        <a class="indexterm" name="id2598953"></a>
-        <a class="indexterm" name="id2598960"></a>
-        <a class="indexterm" name="id2598966"></a>
+        <a class="indexterm" name="id366877"></a>
+        <a class="indexterm" name="id366884"></a>
+        <a class="indexterm" name="id366891"></a>
         Take note that the domain SID is used extensively in Samba. Where LDAP is used for the
         <em class="parameter"><code>passdb backend</code></em>, all user, group, and trust accounts are encoded
@@ -251 +251 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2599002"></a>
-        <a class="indexterm" name="id2599009"></a>
-        <a class="indexterm" name="id2599016"></a>
+        <a class="indexterm" name="id366922"></a>
+        <a class="indexterm" name="id366929"></a>
+        <a class="indexterm" name="id366936"></a>
         When the domain SID has changed, roaming profiles cease to be functional. The recovery
         of roaming profiles necessitates resetting of the domain portion of the user SID
@@ -262 +262 @@
         addressed to the creator of the RPM package. The Samba Team do their best to make
         available all the tools needed to manage a Samba-based Windows networking environment.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599053"></a>Change of hostname</h4></div></div></div><p>
-        <a class="indexterm" name="id2599061"></a>
-        <a class="indexterm" name="id2599070"></a>
+        </p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id366964"></a>Change of hostname</h4></div></div></div><p>
+        <a class="indexterm" name="id366972"></a>
+        <a class="indexterm" name="id366981"></a>
         Samba uses two methods by which the primary NetBIOS machine name (also known as a computer
         name or the hostname) may be determined: If the <code class="filename">smb.conf</code> file contains a
@@ -274 +274 @@
         SID to be generated. If this happens on a domain controller, it will also change the
         domain SID. These SIDs can be updated (restored) using the procedure outlined previously.
-        </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         Do NOT change the hostname or the <em class="parameter"><code>netbios name</code></em>. If this
         is changed, be sure to reset the machine SID to the original setting. Otherwise
         there may be serious interoperability and/or operational problems.
-        </p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599119"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>
-        <a class="indexterm" name="id2599127"></a>
+        </p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id367023"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>
+        <a class="indexterm" name="id367030"></a>
         The domain name of a Samba server is identical to the workgroup name and is
         set in the <code class="filename">smb.conf</code> file using the <em class="parameter"><code>workgroup</code></em> parameter.
         This has been consistent throughout the history of Samba and across all versions.
         </p><p>
-        <a class="indexterm" name="id2599152"></a>
+        <a class="indexterm" name="id367054"></a>
         Be aware that when the workgroup name is changed, a new SID will be generated.
         The old domain SID can be reset using the procedure outlined earlier in this chapter.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbeug1"></a>Location of config files</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Location of config files"><div class="titlepage"><div><div><h4 class="title"><a name="sbeug1"></a>Location of config files</h4></div></div></div><p>
         The Samba-Team has maintained a constant default location for all Samba control files
         throughout the life of the project. People who have produced binary packages of Samba
@@ -293 +293 @@
         for network administrators.
         </p><p>
-        <a class="indexterm" name="id2599183"></a>
+        <a class="indexterm" name="id367081"></a>
         The Samba 1.9.x <code class="filename">smb.conf</code> file may be found either in the <code class="filename">/etc</code>
         directory or in <code class="filename">/usr/local/samba/lib</code>.
@@ -301 +301 @@
         remains located also for Samba 3.0.x installations.
         </p><p>
-        <a class="indexterm" name="id2599230"></a>
+        <a class="indexterm" name="id367126"></a>
         Samba 2.x introduced the <code class="filename">secrets.tdb</code> file that is also stored in the
         <code class="filename">/etc/samba</code> directory, or in the <code class="filename">/usr/local/samba/lib</code>
         directory subsystem.
         </p><p>
-        <a class="indexterm" name="id2599260"></a>
+        <a class="indexterm" name="id367154"></a>
         The location at which <code class="literal">smbd</code> expects to find all configuration and control
         files is determined at the time of compilation of Samba. For versions of Samba prior to
@@ -318 +318 @@
         <code class="filename">/usr/local/samba/sbin</code>.
         </p><p>
-        <a class="indexterm" name="id2599318"></a>
+        <a class="indexterm" name="id367209"></a>
         Samba-3 provides a neat new way to track the location of all control files as well as to
         find the compile-time options used as the Samba package was built. Here  is how the dark
@@ -349 +349 @@
 </pre><p>
         </p><p>
-        <a class="indexterm" name="id2599355"></a>
+        <a class="indexterm" name="id367238"></a>
         It is important that both the <code class="filename">smb.conf</code> file and the <code class="filename">secrets.tdb</code>
         be backed up before attempting any upgrade. The <code class="filename">secrets.tdb</code> file
@@ -355 +355 @@
         of Samba. A backup means that it is always possible to revert a failed or problematic
         upgrade.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599385"></a>International Language Support</h4></div></div></div><p>
-        <a class="indexterm" name="id2599393"></a>
-        <a class="indexterm" name="id2599400"></a>
-        <a class="indexterm" name="id2599407"></a>
-        <a class="indexterm" name="id2599414"></a>
+        </p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id367266"></a>International Language Support</h4></div></div></div><p>
+        <a class="indexterm" name="id367273"></a>
+        <a class="indexterm" name="id367280"></a>
+        <a class="indexterm" name="id367287"></a>
+        <a class="indexterm" name="id367294"></a>
         Samba-2.x had no support for Unicode; instead, all national language character-set support in file names
         was done using particular locale codepage mapping techniques. Samba-3 supports Unicode in file names, thus
         providing true internationalization support.
         </p><p>
-        <a class="indexterm" name="id2599428"></a>
+        <a class="indexterm" name="id367306"></a>
         Non-English users whose national language character set has special characters and who upgrade naively will 
         find that many files that have the special characters in the file name will see them garbled and jumbled up.
@@ -370 +370 @@
         that was in use with Samba-2.x using an 8-bit encoding scheme.
         </p><p>
-        <a class="indexterm" name="id2599445"></a>
+        <a class="indexterm" name="id367320"></a>
         Files that are created with Samba-3 will use UTF-8 encoding. Should the file system ever end up with a
         mix of codepage (unix charset)-encoded file names and UTF-8-encoded file names, the mess will take some
         effort to set straight.
         </p><p>
-        <a class="indexterm" name="id2599459"></a>
+        <a class="indexterm" name="id367332"></a>
         A very helpful tool is available from Bjorn Jacke's <a class="ulink" href="http://j3e.de/linux/convmv/" target="_top">convmv</a>
         work. Convmv is a tool that can be used to convert file and directory names from one encoding method to
         another. The most common use for this tool is to convert locale-encoded files to UTF-8 Unicode encoding.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599479"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id367349"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>
         The smbldap-tools have been maturing rapidly over the past year. With maturation comes change.
         The location of the <code class="filename">smbldap.conf</code> and the <code class="filename">smbldap_bind.conf</code>
@@ -393 +393 @@
         current release should note that the information stored under <code class="constant">NextFreeUnixId</code>
         must now be relocated to the DIT object <code class="constant">sambaDomainName</code>.
-        </p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2599550"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>
+        </p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id367413"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>
 Sites that are being upgraded from Samba-2 (or earlier versions) to Samba-3
 may experience little difficulty or may require a lot of effort, depending
@@ -403 +403 @@
 does not use LDAP, the other does. Samba-1.9.x did not provide LDAP support.
 Samba-2.x could be compiled with LDAP support.
-</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbeug2"></a>Samba 1.9.x and 2.x Versions Without LDAP</h3></div></div></div><p>
+</p><div class="sect2" title="Samba 1.9.x and 2.x Versions Without LDAP"><div class="titlepage"><div><div><h3 class="title"><a name="sbeug2"></a>Samba 1.9.x and 2.x Versions Without LDAP</h3></div></div></div><p>
         Where it is necessary to upgrade an old Samba installation to Samba-3,
         the following procedure can be followed:
-        </p><div class="procedure"><a name="id2599588"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol type="1"><li><p>
-                <a class="indexterm" name="id2599599"></a>
-                <a class="indexterm" name="id2599606"></a>
-                <a class="indexterm" name="id2599613"></a>
+        </p><div class="procedure" title="Procedure 8.1. Upgrading from a Pre-Samba-3 Version"><a name="id367444"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id367455"></a>
+                <a class="indexterm" name="id367462"></a>
+                <a class="indexterm" name="id367468"></a>
                 Stop Samba. This can be done using the appropriate system tool
                 that is particular for each operating system or by executing the
                 <code class="literal">kill</code> command on <code class="literal">smbd</code>,
                 <code class="literal">nmbd</code>, and <code class="literal">winbindd</code>.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Find the location of the Samba <code class="filename">smb.conf</code> file and back it up to a
                 safe location.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Find the location of the <code class="filename">smbpasswd</code> file and
                 back it up to a safe location.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Find the location of the <code class="filename">secrets.tdb</code> file and
                 back it up to a safe location.
-                </p></li><li><p>
-                <a class="indexterm" name="id2599694"></a>
-                <a class="indexterm" name="id2599701"></a>
-                <a class="indexterm" name="id2599708"></a>
-                <a class="indexterm" name="id2599715"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id367546"></a>
+                <a class="indexterm" name="id367553"></a>
+                <a class="indexterm" name="id367560"></a>
+                <a class="indexterm" name="id367567"></a>
                 Find the location of the lock directory. This is the directory
                 in which Samba stores all its tdb control files. The default
@@ -437 +437 @@
                 <code class="filename">/var/lib/samba</code> directory. Copy all the
                 tdb files to a safe location.
-                </p></li><li><p>
-                <a class="indexterm" name="id2599754"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id367601"></a>
                 It is now safe to upgrade the Samba installation. On Linux systems
                 it is not necessary to remove the Samba RPMs because a simple
@@ -447 +447 @@
                 move it out of the way by renaming the directories that contain the
                 Samba binary files.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 When the Samba upgrade has been installed, the first step that should
                 be completed is to identify the new target locations for the control
                 files. Follow the steps shown in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">&#8220;Location of config files&#8221;</a> to locate
                 the correct directories to which each control file must be moved.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Do not change the hostname.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Do not change the workgroup name.
-                </p></li><li><p>
-                <a class="indexterm" name="id2599809"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id367650"></a>
                 Execute the <code class="literal">testparm</code> to validate the <code class="filename">smb.conf</code> file.
                 This process will flag any parameters that are no longer supported.
@@ -469 +469 @@
 <code class="prompt">root# </code> testparm -s smb.conf.master &gt; smb.conf
 </pre><p>
-        <a class="indexterm" name="id2599866"></a>
+        <a class="indexterm" name="id367704"></a>
                 The resulting <code class="filename">smb.conf</code> file will be stripped of all comments
                 and of all nonconforming configuration settings.
-                </p></li><li><p>
-                <a class="indexterm" name="id2599888"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id367725"></a>
                 It is now safe to start Samba using the appropriate system tool.
                 Alternately, it is possible to just execute <code class="literal">nmbd</code>,
                 <code class="literal">smbd</code>, and <code class="literal">winbindd</code> for the command
                 line while logged in as the root user.
-                </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2599919"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>
-        <a class="indexterm" name="id2599927"></a>
-        <a class="indexterm" name="id2599934"></a>
-        <a class="indexterm" name="id2599940"></a>
+                </p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id367754"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>
+        <a class="indexterm" name="id367762"></a>
+        <a class="indexterm" name="id367769"></a>
+        <a class="indexterm" name="id367776"></a>
         Samba 2.x servers that were running as a domain controller (PDC)
         require changes to the configuration of the scripting interface
@@ -487 +487 @@
         users, groups, and trust accounts (machines and interdomain).
         </p><p>
-        <a class="indexterm" name="id2599955"></a>
+        <a class="indexterm" name="id367788"></a>
         The following parameters are new to Samba-3 and should be correctly configured.
         Please refer to <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> through <a class="link" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network">&#8220;A Distributed 2000-User Network&#8221;</a>
         in this book for examples of use of the new parameters shown here:
-        <a class="indexterm" name="id2599976"></a>
-        <a class="indexterm" name="id2599983"></a>
-        <a class="indexterm" name="id2599990"></a>
-        <a class="indexterm" name="id2599997"></a>
-        <a class="indexterm" name="id2600004"></a>
-        <a class="indexterm" name="id2600011"></a>
-        <a class="indexterm" name="id2600018"></a>
-        </p><p>
-        </p><table class="simplelist" border="0" summary="Simple list"><tr><td>add group script</td></tr><tr><td>add machine script</td></tr><tr><td>add user to group script</td></tr><tr><td>delete group script</td></tr><tr><td>delete user from group script</td></tr><tr><td>passdb backend</td></tr><tr><td>set primary group script</td></tr></table><p>
-        </p><p>
-        <a class="indexterm" name="id2600063"></a>
-        <a class="indexterm" name="id2600070"></a>
+        <a class="indexterm" name="id367807"></a>
+        <a class="indexterm" name="id367814"></a>
+        <a class="indexterm" name="id367821"></a>
+        <a class="indexterm" name="id367828"></a>
+        <a class="indexterm" name="id367834"></a>
+        <a class="indexterm" name="id367841"></a>
+        <a class="indexterm" name="id367848"></a>
+        </p><p>
+        </p><table border="0" summary="Simple list" class="simplelist"><tr><td>add group script</td></tr><tr><td>add machine script</td></tr><tr><td>add user to group script</td></tr><tr><td>delete group script</td></tr><tr><td>delete user from group script</td></tr><tr><td>passdb backend</td></tr><tr><td>set primary group script</td></tr></table><p>
+        </p><p>
+        <a class="indexterm" name="id367892"></a>
+        <a class="indexterm" name="id367898"></a>
         The <em class="parameter"><code>add machine script</code></em> functionality was previously
         handled by the <em class="parameter"><code>add user script</code></em>, which in Samba-3 is
         used exclusively to add user accounts.
         </p><p>
-        <a class="indexterm" name="id2600094"></a>
-        <a class="indexterm" name="id2600101"></a>
-        <a class="indexterm" name="id2600108"></a>
-        <a class="indexterm" name="id2600114"></a>
-        <a class="indexterm" name="id2600121"></a>
-        <a class="indexterm" name="id2600128"></a>
-        <a class="indexterm" name="id2600135"></a>
-        <a class="indexterm" name="id2600142"></a>
-        <a class="indexterm" name="id2600148"></a>
+        <a class="indexterm" name="id367921"></a>
+        <a class="indexterm" name="id367928"></a>
+        <a class="indexterm" name="id367935"></a>
+        <a class="indexterm" name="id367942"></a>
+        <a class="indexterm" name="id367948"></a>
+        <a class="indexterm" name="id367955"></a>
+        <a class="indexterm" name="id367962"></a>
+        <a class="indexterm" name="id367969"></a>
+        <a class="indexterm" name="id367976"></a>
         Where the <em class="parameter"><code>passdb backend</code></em> used is either <code class="constant">smbpasswd</code>
         (the default) or the new <code class="constant">tdbsam</code>, the system interface scripts
@@ -522 +522 @@
         <code class="literal">groupmod</code>, <code class="literal">groupdel</code>, and so on.
         </p><p>
-        <a class="indexterm" name="id2600209"></a>
-        <a class="indexterm" name="id2600216"></a>
-        <a class="indexterm" name="id2600223"></a>
+        <a class="indexterm" name="id368035"></a>
+        <a class="indexterm" name="id368042"></a>
+        <a class="indexterm" name="id368048"></a>
         Where the <em class="parameter"><code>passdb backend</code></em> makes use of an LDAP directory,
         it is necessary either to use the <code class="constant">smbldap-tools</code> provided
         by Idealx or to use an alternate toolset provided by a third
         party or else home-crafted to manage the LDAP directory accounts.
-        </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600245"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id368069"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>
         Samba version 2.x could be compiled for use either with or without LDAP.
         The LDAP control settings in the <code class="filename">smb.conf</code> file in this old version are
@@ -539 +539 @@
         of all files to the correct locations.
         </p><p>
-        <a class="indexterm" name="id2600280"></a>
-        <a class="indexterm" name="id2600286"></a>
+        <a class="indexterm" name="id368099"></a>
+        <a class="indexterm" name="id368106"></a>
         The Samba SAM schema required for Samba-3 is significantly different from that
         used with Samba 2.x. This means that the LDAP directory must be updated
@@ -695 +695 @@
 the DN's with quotation marks.
 </pre><p>
-        </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2600427"></a>Updating a Samba-3 Installation</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id368184"></a>Updating a Samba-3 Installation</h2></div></div></div><p>
 The key concern in this section is to deal with the changes that have been
 affected in Samba-3 between the Samba-3.0.0 release and the current update.
@@ -701 +701 @@
 taken to update Samba-3 versions.
 </p><p>
-<a class="indexterm" name="id2600443"></a>
+<a class="indexterm" name="id368197"></a>
 The information in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">&#8220;Location of config files&#8221;</a> would not be necessary if every
 person who has ever produced Samba executable (binary) files could agree on
@@ -707 +707 @@
 Clearly, such agreement is further away than a pipedream.
 </p><p>
-<a class="indexterm" name="id2600468"></a>
+<a class="indexterm" name="id368220"></a>
 Vendors and packagers who produce Samba binary installable packages do not,
 as a rule, use the default paths used by the Samba-Team for the location of
@@ -720 +720 @@
 effect.
 </p><p>
-<a class="indexterm" name="id2600502"></a>
+<a class="indexterm" name="id368248"></a>
 The best advice for those lacking in code compilation experience is to use
 only vendor (or Samba-Team) provided binary packages. The Samba packages
@@ -726 +726 @@
 that are compatible with the original OS vendor's practices.
 </p><p>
-<a class="indexterm" name="id2600517"></a>
-<a class="indexterm" name="id2600524"></a>
+<a class="indexterm" name="id368261"></a>
+<a class="indexterm" name="id368268"></a>
 If you are not sure whether a binary package complies with the OS
 vendor's practices, it is better to ask the package maintainer via
@@ -733 +733 @@
 Alternately, just diagnose the paths specified by the binary files following
 the procedure outlined above.
-</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600542"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>
+</p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id368281"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>
         The guidance in this section deals with updates to an existing
         Samba-3 server installation.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600553"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>
+        </p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id368291"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>
         With the provision that the binary Samba-3 package has been built
         with the same path and feature settings as the existing Samba-3
@@ -743 +743 @@
         and without need to change either the <code class="filename">smb.conf</code> file or, where
         used, the LDAP schema.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600576"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>
-        <a class="indexterm" name="id2600584"></a>
-        <a class="indexterm" name="id2600591"></a>
+        </p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id368310"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>
+        <a class="indexterm" name="id368318"></a>
+        <a class="indexterm" name="id368324"></a>
         When updating versions of Samba-3 prior to 3.0.6 to 3.0.6 through 3.0.10,
         it is necessary only to update the LDAP schema (where LDAP is used).
@@ -751 +751 @@
         update.
         </p><p>
-        <a class="indexterm" name="id2600607"></a>
-        <a class="indexterm" name="id2600614"></a>
-        <a class="indexterm" name="id2600621"></a>
+        <a class="indexterm" name="id368339"></a>
+        <a class="indexterm" name="id368346"></a>
+        <a class="indexterm" name="id368352"></a>
         Samba-3.0.6 introduced the ability to remember the last <span class="emphasis"><em>n</em></span> number
         of passwords a user has used. This information will work only with
@@ -760 +760 @@
         </p><p>
         After updating the LDAP schema, do not forget to re-index the LDAP database.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600654"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>
-        <a class="indexterm" name="id2600663"></a>
+        </p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id368384"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>
+        <a class="indexterm" name="id368392"></a>
         Samba-3.0.8 introduced changes in how the <em class="parameter"><code>username map</code></em>
         behaves. It also included a change in behavior of <code class="literal">winbindd</code>.
@@ -767 +767 @@
         from versions prior to 3.0.8 to a current version.
         </p><p>
-        <a class="indexterm" name="id2600695"></a>
+        <a class="indexterm" name="id368421"></a>
         In Samba-3.0.11 a new privileges interface was implemented. Please
         refer to <a class="link" href="happy.html#sbehap-ppc" title="Addition of Machines to the Domain">&#8220;Addition of Machines to the Domain&#8221;</a> for information regarding this new
@@ -789 +789 @@
 back to searching the 'ldap suffix' in some cases.
 </pre><p>
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600746"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id368465"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>
         The two most likely candidates for replacement of a server are
         domain member servers and domain controllers. Each needs to be
         handled slightly differently.
-        </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600758"></a>Replacing a Domain Member Server</h4></div></div></div><p>
-        <a class="indexterm" name="id2600766"></a>
+        </p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id368475"></a>Replacing a Domain Member Server</h4></div></div></div><p>
+        <a class="indexterm" name="id368483"></a>
         Replacement of a domain member server should be done
         using the same procedure as outlined in <a class="link" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients">&#8220;Adding Domain Member Servers and Clients&#8221;</a>.
@@ -803 +803 @@
         change its SID and will necessitate rejoining to the domain.
         </p><p>
-        <a class="indexterm" name="id2600791"></a>
-        <a class="indexterm" name="id2600798"></a>
-        <a class="indexterm" name="id2600805"></a>
-        <a class="indexterm" name="id2600811"></a>
-        <a class="indexterm" name="id2600818"></a>
-        <a class="indexterm" name="id2600825"></a>
+        <a class="indexterm" name="id368506"></a>
+        <a class="indexterm" name="id368512"></a>
+        <a class="indexterm" name="id368519"></a>
+        <a class="indexterm" name="id368526"></a>
+        <a class="indexterm" name="id368532"></a>
+        <a class="indexterm" name="id368539"></a>
         Following a change of hostname (NetBIOS name) it is a good idea on all servers
         to shut down the Samba <code class="literal">smbd</code>, <code class="literal">nmbd</code>, and
@@ -818 +818 @@
         change, but can persist for a longer period of time.
         </p><p>
-        <a class="indexterm" name="id2600872"></a>
-        <a class="indexterm" name="id2600879"></a>
-        <a class="indexterm" name="id2600886"></a>
-        <a class="indexterm" name="id2600893"></a>
+        <a class="indexterm" name="id368583"></a>
+        <a class="indexterm" name="id368589"></a>
+        <a class="indexterm" name="id368596"></a>
+        <a class="indexterm" name="id368603"></a>
         If the old domain member server had local accounts, it is necessary to create
         on the new domain member server the same accounts with the same UID and GID
@@ -832 +832 @@
         account entries to the new target server.
         </p><p>
-        <a class="indexterm" name="id2600941"></a>
+        <a class="indexterm" name="id368648"></a>
         Where the user accounts for both UNIX and Samba are stored in LDAP, the new
         target server must be configured to use the <code class="literal">nss_ldap</code> tool set.
         This will automatically ensure that the appropriate user entities are
         available on the new server.
-        </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600960"></a>Replacing a Domain Controller</h4></div></div></div><p>
-        <a class="indexterm" name="id2600968"></a>
+        </p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id368664"></a>Replacing a Domain Controller</h4></div></div></div><p>
+        <a class="indexterm" name="id368672"></a>
         In the past, people who replaced a Windows NT4 domain controller typically
         installed a new server, created printers and file shares on it, then migrate across
@@ -848 +848 @@
         the same name as the old one. In this case, simply follow the same process
         as for upgrading a Samba 2.x system and do the following:
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Where UNIX (POSIX) user and group accounts are stored in the system
                 <code class="filename">/etc/passwd</code>, <code class="filename">/etc/shadow</code>, and 
@@ -863 +863 @@
                 the <code class="literal">nss_ldap</code> tool and the <code class="filename">/etc/nsswitch.conf</code>
                 (as shown in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>).
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Copy the <code class="filename">smb.conf</code> file from the old server to the new server into the correct
                 location as indicated previously in this chapter.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Copy the <code class="filename">secrets.tdb</code> file, the <code class="filename">smbpasswd</code>
                 file (if it is used), the <code class="filename">/etc/samba/passdb.tdb</code> file (only
                 used by the <code class="constant">tdbsam</code> backend), and all the tdb control files
                 from the old system to the correct location on the new system.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Before starting the Samba daemons, verify that the hostname of the new server
                 is identical to that of the old one. Note: The IP address can be different
                 from that of the old server.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Copy all files from the old server to the new server, taking precaution to
                 preserve all file ownership and permissions as well as any POSIX ACLs that
@@ -891 +891 @@
         should correctly pick up the original SID and preserve all other settings. It is
         sound advice to validate this before turning the system over to users.
-        </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2601160"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id368842"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>
         Yes, it works. The Windows ADMT tool can be used to migrate Samba accounts
         to MS Active Directory.  There are a few pitfalls to be aware of:
-        </p><div class="procedure"><a name="id2601172"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 8.2. Migration to Active Directory"><a name="id368853"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Administrator password must be THE SAME on the Samba server,
                 the 2003 ADS, and the local Administrator account on the workstations. 
@@ -900 +900 @@
                 called <code class="constant">Administrator</code> in your Samba domain, with 
                 full administrative (root) rights to that domain.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 In the Advanced/DNS section of the TCP/IP settings on your Windows 
                 workstations, make sure the <em class="parameter"><code>DNS suffix for this 
                 connection</code></em> field is blank. 
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Because you are migrating from Samba, user passwords cannot be 
                 migrated. You'll have to reset everyone's passwords. (If you were 
@@ -911 +911 @@
                 To date this has not been attempted with roaming profile support;
                 it has been documented as working with local profiles.
-                </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Disable the Windows Firewall on all workstations. Otherwise, 
                 workstations won't be migrated to the new domain.
-                </p></li><li><p>
-                <a class="indexterm" name="id2601238"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id368911"></a>
                 When migrating machines, always test first (using ADMT's test mode) 
                 and satisfy all errors before committing the migration. Note that the 
@@ -923 +923 @@
                 a test.
                 </p></li></ol></div><p>
-        <a class="indexterm" name="id2601256"></a>
+        <a class="indexterm" name="id368925"></a>
         There are some significant benefits of using the ADMT, besides just 
         migrating user accounts. ADMT can be found on the Windows 2003 CD.
-        </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 You can migrate workstations remotely. You can specify that SIDs 
                 be simply added instead of replaced, giving you the option of joining a 
                 workstation back to the old domain if something goes awry. The 
                 workstations will be joined to the new domain.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Not only are user accounts migrated from the old domain to the new 
                 domain, but ACLs on the workstations are migrated as well. Like SIDs, 
                 ACLs can be added instead of replaced.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Locally stored user profiles on workstations are migrated as well, 
                 presenting almost no disruption to the user. Saved passwords will be 
                 lost, just as when you administratively reset the password in Windows ADS.
-                </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The ADMT lets you test all operations before actually performing the 
                 migration. Accounts and workstations can be migrated individually or in