Changeset 739 for branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/Big500users.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 4. The 500-User Office"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 4. The 500-User Office"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id334536">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id334566">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id334641">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id334670">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id334846">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id334866">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id335580">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336096">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id339071">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id339124">Questions and Answers</a></span></dt></dl></div><p>
         The Samba-3 networking you explored in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> covers the finer points of
         configuration of peripheral services such as DHCP and DNS, and WINS. You experienced
 …
         to make printing more complex for the administrator while making it easier for the user.
         </p><p>
         <a class="indexterm" name="id335954"></a>
         <a class="indexterm" name="id335961"></a>
         <a class="indexterm" name="id335967"></a>
+        <a class="indexterm" name="id334482"></a>
+        <a class="indexterm" name="id334489"></a>
+        <a class="indexterm" name="id334496"></a>
         <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> demonstrates operation of a DHCP server and a DNS server
         as well as a central WINS server. You validated the operation of these services and
 …
         You should take the opportunity to innovate and expand on the methods presented
         here and explore them to the fullest.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336007"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id334536"></a>Introduction</h2></div></div></div><p>
         Business continues to go well for Abmas. Mr. Meany is driving your success and the
         network continues to grow thanks to the hard work Christine has done. You recently
 …
         it is rolled out. Your strategy is to complete the new network so that it
         is ready for operation when the old office moves into the new premises.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id336038"></a>Assignment Tasks</h3></div></div></div><p>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id334566"></a>Assignment Tasks</h3></div></div></div><p>
                 The acquired business had 280 network users. The old Abmas building housed
 network users in unbelievably cramped conditions. The network that
 …
                 every four months. They automatically roll that out to each desktop system.
                 You must keep DirectPointe informed of all changes.
                 </p><p><a class="indexterm" name="id336088"></a>
+                </p><p><a class="indexterm" name="id334616"></a>
                 The new network has a single Samba Primary Domain Controller (PDC) located in the
                 Network Operation Center (NOC). Buildings 1 and 2 each have a local server
 …
                 Printing is based on raw pass-through facilities just as it has been used so far.
                 All printer drivers are installed on the desktop and notebook computers.
                 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336113"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id336121"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id334641"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id334649"></a>
         The example you are building in this chapter is of a network design that works, but this
         does not make it a design that is recommended. As a general rule, there should be at least
 …
         controller. This is not a good omen for user satisfaction. You, of course, address this
         very soon (see <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>).
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id336141"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id334670"></a>Technical Issues</h3></div></div></div><p>
                 Stan has talked you into a horrible compromise, but it is addressed. Just make
                 certain that the performance of this network is well validated before going live.
 …
                 Design decisions made in this design include the following:
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         <a class="indexterm" name="id336161"></a>
                         <a class="indexterm" name="id336168"></a>
                         <a class="indexterm" name="id336174"></a>
+                        <a class="indexterm" name="id334689"></a>
+                        <a class="indexterm" name="id334696"></a>
+                        <a class="indexterm" name="id334702"></a>
                         A single PDC is being implemented. This limitation is based on the choice not to
                         use LDAP. Many network administrators fear using LDAP because of the perceived
 …
                         identity management as well as to store network access credentials.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id336188"></a>
                         <a class="indexterm" name="id336195"></a>
+                        <a class="indexterm" name="id334716"></a>
+                        <a class="indexterm" name="id334723"></a>
                         Because of the refusal to use an LDAP (ldapsam) passdb backend at this time, the
                         only choice that makes sense with 500 users is to use the tdbsam passwd backend.
 …
                         integrity of operations considerations.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id336229"></a>
+                        <a class="indexterm" name="id334757"></a>
                         A single central WINS server is being used. The PDC is also the WINS server.
                         Any attempt to operate a routed network without a WINS server while using NetBIOS
 …
                         why a single WINS server is being implemented. This should work without a problem.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id336261"></a>
+                        <a class="indexterm" name="id334789"></a>
                         BDCs make use of <code class="literal">winbindd</code> to provide
                         access to domain security credentials for file system access and object storage.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id336279"></a>
                         <a class="indexterm" name="id336288"></a>
+                        <a class="indexterm" name="id334807"></a>
+                        <a class="indexterm" name="id334816"></a>
                         Configuration of Windows XP Professional clients is achieved using DHCP. Each
                         subnet has its own DHCP server. Backup DHCP serving is provided by one
 …
                         each subnet. If in the future more addresses are required, it would make sense
                         to add further subnets rather than change addressing.
                         </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id336318"></a>Political Issues</h3></div></div></div><p>
+                        </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id334846"></a>Political Issues</h3></div></div></div><p>
                 This case gets close to the real world. You and I know the right way to implement
                 domain control. Politically, we have to navigate a minefield. In this case, the need is to
 …
                 by having the real solution ready before it is needed. That real solution is presented in
                 <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>.
                 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336338"></a>Implementation</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id334866"></a>Implementation</h2></div></div></div><p>
         The following configuration process begins following installation of Red Hat Fedora Core2 on the
         three servers shown in the network topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">&#8220;Network Topology  500 User Network Using tdbsam passdb backend.&#8221;</a>. You have
 …
         The abbreviation shown in this table as <code class="constant">{VLN}</code> refers to
         the directory location beginning with <code class="filename">/var/lib/named</code>.
         </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">&#8220;Common Samba Configuration File: /etc/samba/common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">&#8220;Server: BLDG1 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">&#8220;Server: BLDG2 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">&#8220;Common Domain Member Include File: dom-mem.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">&#8220;Server: MASSIVE, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">&#8220;Server: BLDG1, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">&#8220;Server: BLDG2, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">&#8220;Server: MASSIVE, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">&#8220;Server: MASSIVE, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">&#8220;Server: MASSIVE, File: named.conf, Part: C&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Server Preparation: All Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id337052"></a>Server Preparation: All Servers</h3></div></div></div><p>
+        </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">&#8220;Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">&#8220;Common Samba Configuration File: /etc/samba/common.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">&#8220;Server: BLDG1 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">&#8220;Server: BLDG2 (Member), File: smb.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">&#8220;Common Domain Member Include File: dom-mem.conf&#8221;</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">&#8220;Server: MASSIVE, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">&#8220;Server: BLDG1, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">&#8220;Server: BLDG2, File: dhcpd.conf&#8221;</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">&#8220;Server: MASSIVE, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">&#8220;Server: MASSIVE, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">&#8220;Server: MASSIVE, File: named.conf, Part: C&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">&#8220;Forward Zone File: abmas.biz.hosts&#8221;</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: A&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">&#8220;Servers: BLDG1/BLDG2, File: named.conf, Part: B&#8221;</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Server Preparation: All Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id335580"></a>Server Preparation: All Servers</h3></div></div></div><p>
         The following steps apply to all servers. Follow each step carefully.
         </p><div class="procedure" title="Procedure 4.1. Server Preparation Steps"><a name="id337062"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 4.1. Server Preparation Steps"><a name="id335590"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Using the UNIX/Linux system tools, set the name of the server as shown in the network
                         topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">&#8220;Network Topology  500 User Network Using tdbsam passdb backend.&#8221;</a>. For SUSE Linux products, the tool
 …
 </pre><p>
                         </p></li><li class="step" title="Step 2"><p>
                         <a class="indexterm" name="id337123"></a>
                         <a class="indexterm" name="id337130"></a>
+                        <a class="indexterm" name="id335651"></a>
+                        <a class="indexterm" name="id335658"></a>
                         Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses
                         of all network interfaces that are on the host server. This is necessary so that during
 …
                         should also include an entry for the printers in the <code class="filename">/etc/hosts</code> file.
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id337165"></a>
+                        <a class="indexterm" name="id335693"></a>
                         All DNS name resolution should be handled locally. To ensure that the server is configured
                         correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> so it has the following
 …
                         that is running locally to resolve names to addresses.
                         </p></li><li class="step" title="Step 4"><p>
                         <a class="indexterm" name="id337193"></a>
                         <a class="indexterm" name="id337200"></a>
+                        <a class="indexterm" name="id335721"></a>
+                        <a class="indexterm" name="id335728"></a>
                         Add the <code class="constant">root</code> user to the password backend:
 </p><pre class="screen">
 …
                         without considerable trouble.
                         </p></li><li class="step" title="Step 5"><p>
                         <a class="indexterm" name="id337241"></a>
                         <a class="indexterm" name="id337248"></a>
+                        <a class="indexterm" name="id335770"></a>
+                        <a class="indexterm" name="id335776"></a>
                         Create the username map file to permit the <code class="constant">root</code> account to be called
                         <code class="constant">Administrator</code> from the Windows network environment. To do this, create
 …
                         to port 9100.  Use any other port the manufacturer specifies for direct mode,
                         raw printing.  This allows the CUPS spooler to print using raw mode protocols.
                         <a class="indexterm" name="id337328"></a>
                         <a class="indexterm" name="id337335"></a>
+                        <a class="indexterm" name="id335856"></a>
+                        <a class="indexterm" name="id335863"></a>
                         </p></li><li class="step" title="Step 9"><p>
                         <a class="indexterm" name="id337348"></a>
+                        <a class="indexterm" name="id335876"></a>
                         Only on the server to which the printer is attached configure the CUPS Print
                         Queues as follows:
 …
 <code class="prompt">root# </code> lpadmin -p <em class="parameter"><code>printque</code></em> -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E
 </pre><p>
                         <a class="indexterm" name="id337382"></a>
+                        <a class="indexterm" name="id335910"></a>
                         This step creates the necessary print queue to use no assigned print filter. This
                         is ideal for raw printing, that is, printing without use of filters.
 …
 </pre><p>
                         </p></li><li class="step" title="Step 12"><p>
                         <a class="indexterm" name="id337455"></a>
                         <a class="indexterm" name="id337461"></a>
                         <a class="indexterm" name="id337468"></a>
+                        <a class="indexterm" name="id335983"></a>
+                        <a class="indexterm" name="id335990"></a>
+                        <a class="indexterm" name="id335996"></a>
                         This step, as well as the next one, may be omitted where CUPS version 1.1.18
                         or later is in use.  Although it does no harm to follow it anyway, and may
 …
 </pre><p>
                         </p></li><li class="step" title="Step 13"><p>
                         <a class="indexterm" name="id337500"></a>
+                        <a class="indexterm" name="id336029"></a>
                         Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 …
         is considerably more difficult when a single PDC is used on a routed network. It can be done, but not
         as elegantly as you see in the next chapter.
         </p></div></div><div class="sect2" title="Server-Specific Preparation"><div class="titlepage"><div><div><h3 class="title"><a name="id337568"></a>Server-Specific Preparation</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Server-Specific Preparation"><div class="titlepage"><div><div><h3 class="title"><a name="id336096"></a>Server-Specific Preparation</h3></div></div></div><p>
         There are some steps that apply to particular server functionality only. Each step is critical
         to correct server operation. The following step-by-step installation guidance will assist you
         in working through the process of configuring the PDC and then both BDC's.
         </p><div class="sect3" title="Configuration for Server: MASSIVE"><div class="titlepage"><div><div><h4 class="title"><a name="id337579"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>
+        </p><div class="sect3" title="Configuration for Server: MASSIVE"><div class="titlepage"><div><div><h4 class="title"><a name="id336107"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>
                 The steps presented here attempt to implement Samba installation in a generic manner. While
                 some steps are clearly specific to Linux, it should not be too difficult to apply them to
                 your platform of choice.
                 </p><div class="procedure" title="Procedure 4.2. Primary Domain Controller Preparation"><a name="id337592"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         <a class="indexterm" name="id337603"></a>
                         <a class="indexterm" name="id337610"></a>
+                </p><div class="procedure" title="Procedure 4.2. Primary Domain Controller Preparation"><a name="id336120"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id336132"></a>
+                        <a class="indexterm" name="id336138"></a>
                         The host server acts as a router between the two internal network segments as well
                         as for all Internet access. This necessitates that IP forwarding be enabled. This can be
 …
                         <code class="filename">/etc/rc.d/init.d/rc.local</code>.
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id337688"></a>
+                        <a class="indexterm" name="id336216"></a>
                         The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file.
                         This file controls the operation of the various resolver libraries that are part of the Linux
 …
 </pre><p>
                         </p></li><li class="step" title="Step 4"><p>
                         <a class="indexterm" name="id337715"></a>
+                        <a class="indexterm" name="id336244"></a>
                         Create and map Windows domain groups to UNIX groups. A sample script is provided in
                         <a class="link" href="Big500users.html#ch5-initgrps" title="Example 4.17. Initialize Groups Script, File: /etc/samba/initGrps.sh">&#8220;Initialize Groups Script, File: /etc/samba/initGrps.sh&#8221;</a>. Create a file containing this script. You called yours
 …
                         validation are shown in Section 4.3.2, Step 5.
                         </p></li><li class="step" title="Step 5"><p>
                         <a class="indexterm" name="id337743"></a>
                         <a class="indexterm" name="id337750"></a>
                         <a class="indexterm" name="id337759"></a>
+                        <a class="indexterm" name="id336272"></a>
+                        <a class="indexterm" name="id336279"></a>
+                        <a class="indexterm" name="id336288"></a>
                         For each user who needs to be given a Windows domain account, make an entry in the
                         <code class="filename">/etc/passwd</code> file as well as in the Samba password backend.
 …
                         <code class="literal">smbpasswd</code> to create a domain user account.
                         </p><p>
                         <a class="indexterm" name="id337784"></a>
                         <a class="indexterm" name="id337790"></a>
                         <a class="indexterm" name="id337797"></a>
+                        <a class="indexterm" name="id336312"></a>
+                        <a class="indexterm" name="id336319"></a>
+                        <a class="indexterm" name="id336326"></a>
                         There are a number of tools for user management under UNIX, such as
                         <code class="literal">useradd</code>, <code class="literal">adduser</code>, as well as a plethora of custom
 …
                         file system partition using appropriate system tools.
                         </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id337856"></a>
+                <a class="indexterm" name="id336384"></a>
                         Create the top-level file storage directories for data and applications as follows:
 </p><pre class="screen">
 …
 </pre><p>
                         </p></li><li class="step" title="Step 10"><p>
                         <a class="indexterm" name="id338048"></a>
                         <a class="indexterm" name="id338055"></a>
+                        <a class="indexterm" name="id336577"></a>
+                        <a class="indexterm" name="id336584"></a>
                         Create a logon script. It is important that each line is correctly terminated with
                         a carriage return and line-feed combination (i.e., DOS encoding). The following procedure
 …
                 isolated network segments. Remember that if the target installation platform is not Linux, it may
                 be necessary to adapt some commands to the equivalent on the target platform.
                 </p><div class="procedure" title="Procedure 4.3. Backup Domain Controller Configuration Steps"><a name="id338227"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         <a class="indexterm" name="id338238"></a>
+                </p><div class="procedure" title="Procedure 4.3. Backup Domain Controller Configuration Steps"><a name="id336754"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id336766"></a>
                         The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file.
                         This file controls the operation of the various resolver libraries that are part of the Linux
 …
                         start Samba at this time. Samba is controlled by the process called <code class="literal">smb</code>.
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id338286"></a>
+                        <a class="indexterm" name="id336813"></a>
                         You must now attempt to join the domain member servers to the domain. The following
                         instructions should be executed to effect this:
 …
 </pre><p>
                         </p></li><li class="step" title="Step 4"><p>
                         <a class="indexterm" name="id338316"></a>
+                        <a class="indexterm" name="id336843"></a>
                         You now start the Samba services by executing:
 </p><pre class="screen">
 …
                         <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">&#8220;Configuration Specific to Domain Member Servers: BLDG1, BLDG2&#8221;</a> until after the operation of the server has been
                         validated following the same methods as outlined in <a class="link" href="secure.html#ch4valid" title="Validation">&#8220;Validation&#8221;</a>.
                         </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338398"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id338409"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id338421"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id338432"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338444"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id338455"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id338467"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338478"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338490"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id338502"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id338514"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338526"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338538"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338549"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338560"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id338581"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id338593"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id338604"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id338624"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id338636"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id338648"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id338668"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id338680"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id338691"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338738"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id338749"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id338761"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id338773"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id338784"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id338796"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id338807"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338819"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338830"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id338851"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id338862"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id338874"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id338885"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id338906"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id338917"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id338929"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338940"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id338961"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id338972"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id338984"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id338995"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339038"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id339050"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id339061"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id339073"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id339084"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id339096"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id339107"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id339119"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339130"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id339142"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id339154"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id339165"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id339177"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339188"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339200"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id339211"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id339223"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id339235"></a><em class="parameter"><code>include =  </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id339259"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id339270"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id339282"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339293"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339305"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339316"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339328"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id339348"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id339360"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id339371"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id339383"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339425"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id339436"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id339448"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339490"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id339501"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id339512"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339555"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id339566"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id339578"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339590"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id339601"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id339613"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id339624"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">
+                        </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id336925"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id336936"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id336948"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id336959"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id336971"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id336982"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id336994"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id337006"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id337017"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id337029"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id337041"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id337053"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id337065"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337076"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337088"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id337108"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id337120"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id337131"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id337152"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id337163"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id337175"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id337195"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id337207"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id337218"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id337265"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id337277"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id337288"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id337300"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id337312"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id337323"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id337335"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337346"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337358"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id337378"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id337390"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id337401"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id337413"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id337433"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id337445"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id337456"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337468"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id337488"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id337500"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id337511"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id337523"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id337566"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id337577"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id337589"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id337600"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id337612"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id337623"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id337635"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id337646"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337658"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id337669"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id337681"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id337693"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id337704"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337716"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337727"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id337739"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id337750"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id337762"></a><em class="parameter"><code>include =  </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id337786"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id337798"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id337809"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337821"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337832"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337844"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id337855"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id337876"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id337887"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id337899"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id337910"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id337952"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id337963"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id337975"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338017"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id338029"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id338040"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338082"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id338094"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id338106"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338117"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id338129"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id338140"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id338152"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">
 # Abmas Accounting Inc.
 …
 net groupmap add ntgroup="Insurance Group"     unixgroup=piops type=d
 </pre></div></div><br class="example-break"><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p>
                 <a class="indexterm" name="id339909"></a>
                 <a class="indexterm" name="id339916"></a>
+                <a class="indexterm" name="id338437"></a>
+                <a class="indexterm" name="id338443"></a>
         There are two essential steps to process startup configuration. A process
         must be configured so that it is automatically restarted each time the server
 …
         necessary start or kill script is run.
         </p><p>
         <a class="indexterm" name="id339948"></a>
+        <a class="indexterm" name="id338475"></a>
         In the event that a service is provided not as a daemon but via the internetworking
         super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code>
 …
                 are for a Red Hat Linux system, please adapt them to suit the target OS platform on which you
                 are installing Samba.
         </p><div class="procedure" title="Procedure 4.4. Process Startup Configuration Steps"><a name="id339987"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 4.4. Process Startup Configuration Steps"><a name="id338515"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Use the standard system tool to configure each service to restart
                 automatically at every system reboot. For example,
                 <a class="indexterm" name="id340000"></a>
+                <a class="indexterm" name="id338527"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhpc on
 …
 </pre><p>
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id340049"></a>
                 <a class="indexterm" name="id340056"></a>
                 <a class="indexterm" name="id340062"></a>
+                <a class="indexterm" name="id338576"></a>
+                <a class="indexterm" name="id338583"></a>
+                <a class="indexterm" name="id338590"></a>
                 Now start each service to permit the system to be validated.
                 Execute each of the following in the sequence shown:
 …
         The procedure for desktop client configuration for the network in this chapter is similar to
         that used for the previous one. There are a few subtle changes that should be noted.
         </p><div class="procedure" title="Procedure 4.5. Windows Client Configuration Steps"><a name="id340124"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 4.5. Windows Client Configuration Steps"><a name="id338651"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install MS Windows XP Professional. During installation, configure the client to use DHCP for
                 TCP/IP protocol configuration.
                 <a class="indexterm" name="id340136"></a>
                 <a class="indexterm" name="id340142"></a>
+                <a class="indexterm" name="id338663"></a>
+                <a class="indexterm" name="id338670"></a>
                 DHCP configures all Windows clients to use the WINS Server address that has been defined
                 for the local subnet.
 …
                 also configure use of the identical printers that are located in the financial services department.
                 Install printers on each machine using the following steps:
         </p><div class="procedure" title="Procedure 4.6. Steps to Install Printer Drivers on Windows Clients"><a name="id340259"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol class="procedure" type="1"><li class="step" title="Step 7.1"><p>
+        </p><div class="procedure" title="Procedure 4.6. Steps to Install Printer Drivers on Windows Clients"><a name="id338786"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol class="procedure" type="1"><li class="step" title="Step 7.1"><p>
                                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Settings</span> &#8594; <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>.
                                         Ensure that <span class="guimenuitem">Local printer</span> is selected.
 …
                 </p></li><li class="step" title="Step 12"><p>
                 Instruct all users to log onto the workstation using their assigned username and password.
                 </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id340544"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id339071"></a>Key Points Learned</h3></div></div></div><p>
                 The network you have just deployed has been a valuable exercise in forced constraint.
                 You have deployed a network that works well, although you may soon start to see
 …
                         </p></li><li class="listitem"><p>
                         The introduction of roaming profiles
                         </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id340597"></a>Questions and Answers</h2></div></div></div><p>
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id340606"></a><dl><dt> <a href="Big500users.html#id340612">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id339124"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id339133"></a><dl><dt> <a href="Big500users.html#id339140">
                 The example smb.conf files in this chapter make use of the include facility.
                 How may I get to see what the actual working smb.conf settings are?
                 </a></dt><dt> <a href="Big500users.html#id340660">
+                </a></dt><dt> <a href="Big500users.html#id339187">
                 Why does the include file common.conf have an empty include statement?
                 </a></dt><dt> <a href="Big500users.html#id340716">
+                </a></dt><dt> <a href="Big500users.html#id339244">
                 I accept that the simplest configuration necessary to do the job is the best. The use of tdbsam
                 passdb backend is much simpler than having to manage an LDAP-based ldapsam passdb backend.
                 I tried using rsync to replicate the passdb.tdb, and it seems to work fine!
                 So what is the problem?
                 </a></dt><dt> <a href="Big500users.html#id340766">
+                </a></dt><dt> <a href="Big500users.html#id339294">
                 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash?
                 </a></dt><dt> <a href="Big500users.html#id340791">
+                </a></dt><dt> <a href="Big500users.html#id339319">
                 How does the Windows client find the PDC?
                 </a></dt><dt> <a href="Big500users.html#id340811">
+                </a></dt><dt> <a href="Big500users.html#id339338">
                 Why did you enable IP forwarding (routing) only on the server called MASSIVE?
                 </a></dt><dt> <a href="Big500users.html#id340838">
+                </a></dt><dt> <a href="Big500users.html#id339365">
                 You did nothing special to implement roaming profiles. Why?
                 </a></dt><dt> <a href="Big500users.html#id340856">
+                </a></dt><dt> <a href="Big500users.html#id339383">
                 On the domain member computers, you configured winbind in the /etc/nsswitch.conf file.
                 You did not configure any PAM settings. Is this an omission?
                 </a></dt><dt> <a href="Big500users.html#id340883">
+                </a></dt><dt> <a href="Big500users.html#id339410">
                 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this?
                 </a></dt><dt> <a href="Big500users.html#id340920">
+                </a></dt><dt> <a href="Big500users.html#id339447">
                 The domain controller has an auto-shutdown script. Isn't that dangerous?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id340612"></a><a name="id340615"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id339140"></a><a name="id339142"></a></td><td align="left" valign="top"><p>
                 The example <code class="filename">smb.conf</code> files in this chapter make use of the <em class="parameter"><code>include</code></em> facility.
                 How may I get to see what the actual working <code class="filename">smb.conf</code> settings are?
 …
 <code class="prompt">root# </code> testparm -s | less
 </pre><p>
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340660"></a><a name="id340662"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339187"></a><a name="id339189"></a></td><td align="left" valign="top"><p>
                 Why does the include file <code class="filename">common.conf</code> have an empty include statement?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 the include in place, even though the file it points to has already been included. This is a bug
                 that will be fixed at a future date.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340716"></a><a name="id340718"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339244"></a><a name="id339246"></a></td><td align="left" valign="top"><p>
                 I accept that the simplest configuration necessary to do the job is the best. The use of <em class="parameter"><code>tdbsam</code></em>
                 passdb backend is much simpler than having to manage an LDAP-based <em class="parameter"><code>ldapsam</code></em> passdb backend.
 …
                 to log onto the network following a reboot and may have to rejoin the domain to recover network
                 access capability.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340766"></a><a name="id340769"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339294"></a><a name="id339296"></a></td><td align="left" valign="top"><p>
                 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 The only exception to this rule is when the client makes a directed request from a specific DHCP server
                 for renewal of the lease it has. This means that under normal circumstances there is no risk of a clash.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340791"></a><a name="id340794"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339319"></a><a name="id339321"></a></td><td align="left" valign="top"><p>
                 How does the Windows client find the PDC?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 to register itself with the WINS server and to obtain enumeration of vital network information to
                 enable it to operate successfully.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340811"></a><a name="id340813"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339338"></a><a name="id339340"></a></td><td align="left" valign="top"><p>
                 Why did you enable IP forwarding (routing) only on the server called <code class="constant">MASSIVE</code>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 Route table entries are needed to direct MASSIVE to send all traffic intended for the remote network
                 segments to the router that is its gateway to them.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340838"></a><a name="id340840"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339365"></a><a name="id339367"></a></td><td align="left" valign="top"><p>
                 You did nothing special to implement roaming profiles. Why?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 Unless configured to do otherwise, the default behavior with Samba-3 and Windows XP Professional
                 clients is to use roaming profiles.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340856"></a><a name="id340858"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339383"></a><a name="id339385"></a></td><td align="left" valign="top"><p>
                 On the domain member computers, you configured winbind in the <code class="filename">/etc/nsswitch.conf</code> file.
                 You did not configure any PAM settings. Is this an omission?
 …
                 to enable the use of winbind. Samba makes use only of the identity resolution facilities of the name
                 service switch (NSS).
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340883"></a><a name="id340885"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339410"></a><a name="id339412"></a></td><td align="left" valign="top"><p>
                 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to
                 handle this functionality gracefully.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340920"></a><a name="id340922"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id339447"></a><a name="id339449"></a></td><td align="left" valign="top"><p>
                 The domain controller has an auto-shutdown script. Isn't that dangerous?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/DMSMig.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Domain Members, Updating Samba and Migration</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"><link rel="next" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Domain Members, Updating Samba and Migration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr></table><hr></div><div class="part" title="Part II. Domain Members, Updating Samba and Migration"><div class="titlepage"><div><div><h1 class="title"><a name="DMSMig"></a>Part II. Domain Members, Updating Samba and Migration</h1></div></div></div><div class="partintro" title="Domain Members, Updating Samba and Migration"><div><div><div><h1 class="title"><a name="id357819"></a>Domain Members, Updating Samba and Migration</h1></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part II. Domain Members, Updating Samba and Migration</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"><link rel="next" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part II. Domain Members, Updating Samba and Migration</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr></table><hr></div><div class="part" title="Part II. Domain Members, Updating Samba and Migration"><div class="titlepage"><div><div><h1 class="title"><a name="DMSMig"></a>Part II. Domain Members, Updating Samba and Migration</h1></div></div></div><div class="partintro" title="Domain Members, Updating Samba and Migration"><div><div><div><h1 class="title"><a name="id356343"></a>Domain Members, Updating Samba and Migration</h1></div></div></div><p>
 This section <span class="emphasis"><em>Samba-3 by Example</em></span> covers two main topics: How to add
 Samba Domain Member Servers and Samba Domain Member Clients to a Samba domain, the other
 …
 to a Samba or a Windows networking domain may also benefit by referring to the book
 <span class="emphasis"><em>The Official Samba-3 HOWTO and Reference Guide.</em></span>
 </p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id357946">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id357994">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358022">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id358046">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id358646">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358731">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id365002">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id365047">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id366117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id368988">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369064">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369115">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369276">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id369580">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369600">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id372263">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id372297">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id373183">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373359">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373431">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373599">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373608">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 6. A Distributed 2000-User Network </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Adding Domain Member Servers and Clients</td></tr></table></div></body></html>
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id356470">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id356518">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id356547">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id356570">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id357171">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id357255">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id363529">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id363573">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id364642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id364726">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id365940">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366596">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id366712">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366809">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366993">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367371">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id367517">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id367593">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id367644">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id367806">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id368109">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id368129">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id370790">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id370824">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id371710">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id371809">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id371886">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id371958">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id372125">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id372134">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="net2000users.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="unixclients.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 6. A Distributed 2000-User Network </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Adding Domain Member Servers and Clients</td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/DomApps.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Integrating Additional Services</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"><link rel="next" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Integrating Additional Services</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="kerberos.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="HA.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 12. Integrating Additional Services"><div class="titlepage"><div><div><h2 class="title"><a name="DomApps"></a>Chapter 12. Integrating Additional Services</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DomApps.html#id382225">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382248">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382338">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382367">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382513">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382530">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id384281">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id384336">Questions and Answers</a></span></dt></dl></div><p>
         <a class="indexterm" name="id382181"></a>
         <a class="indexterm" name="id382187"></a>
         <a class="indexterm" name="id382194"></a>
         <a class="indexterm" name="id382201"></a>
         <a class="indexterm" name="id382208"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 12. Integrating Additional Services</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"><link rel="next" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 12. Integrating Additional Services</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="kerberos.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="HA.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 12. Integrating Additional Services"><div class="titlepage"><div><div><h2 class="title"><a name="DomApps"></a>Chapter 12. Integrating Additional Services</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DomApps.html#id380752">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id380775">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id380865">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id380894">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id381040">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id381058">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382809">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382864">Questions and Answers</a></span></dt></dl></div><p>
+        <a class="indexterm" name="id380708"></a>
+        <a class="indexterm" name="id380714"></a>
+        <a class="indexterm" name="id380721"></a>
+        <a class="indexterm" name="id380728"></a>
+        <a class="indexterm" name="id380735"></a>
         You've come a long way now. You have pretty much mastered Samba-3 for
         most uses it can be put to. Up until now, you have cast Samba-3 in the leading
 …
         the latest Windows authentication technologies. Let's get started  this is
         leading edge.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382225"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id380752"></a>Introduction</h2></div></div></div><p>
         Abmas has continued its miraculous growth; indeed, nothing seems to be able
         to stop its diversification into multiple (and seemingly unrelated) fields.
 …
         gradually, taking over key services and easing the way to a full migration and,
         therefore, integration into Abmas's existing business later.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id382248"></a>Assignment Tasks</h3></div></div></div><p>
                 <a class="indexterm" name="id382256"></a>
                 <a class="indexterm" name="id382264"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id380775"></a>Assignment Tasks</h3></div></div></div><p>
+                <a class="indexterm" name="id380783"></a>
+                <a class="indexterm" name="id380791"></a>
                 You've promised the skeptical Abmas Snack Foods management team
                 that you can show them how Samba can ease itself and other Open Source
 …
                 acquisition). You have chosen Web proxying and caching as your proving ground.
                 </p><p>
                 <a class="indexterm" name="id382279"></a>
                 <a class="indexterm" name="id382286"></a>
+                <a class="indexterm" name="id380806"></a>
+                <a class="indexterm" name="id380813"></a>
                 Abmas Snack Foods has several thousand users housed at its head office
                 and multiple regional offices, plants, and warehouses. A high proportion of
 …
                 the earliest commercial users of Microsoft ISA.
                 </p><p>
                 <a class="indexterm" name="id382301"></a>
                 <a class="indexterm" name="id382308"></a>
                 <a class="indexterm" name="id382315"></a>
+                <a class="indexterm" name="id380828"></a>
+                <a class="indexterm" name="id380835"></a>
+                <a class="indexterm" name="id380842"></a>
                 The team is not happy with ISA. Because it never lived up to its marketing promises,
                 it underperformed and had reliability problems. You have pounced on the opportunity
 …
                 This is a hands-on exercise. You build software applications so
                 that you obtain the functionality Abmas needs.
                 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382338"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id380865"></a>Dissection and Discussion</h2></div></div></div><p>
         The key requirements in this business example are straightforward. You are not required
         to do anything new, just to replicate an existing system, not lose any existing features,
 …
                 </p></li><li class="listitem"><p>
                 Seamless and transparent interoperability with the existing Active Directory domain
                 </p></li></ul></div><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id382367"></a>Technical Issues</h3></div></div></div><p>
                 <a class="indexterm" name="id382375"></a>
                 <a class="indexterm" name="id382381"></a>
                 <a class="indexterm" name="id382388"></a>
                 <a class="indexterm" name="id382395"></a>
                 <a class="indexterm" name="id382402"></a>
                 <a class="indexterm" name="id382409"></a>
                 <a class="indexterm" name="id382415"></a>
                 <a class="indexterm" name="id382422"></a>
                 <a class="indexterm" name="id382429"></a>
                 <a class="indexterm" name="id382436"></a>
                 <a class="indexterm" name="id382443"></a>
                 <a class="indexterm" name="id382450"></a>
                 <a class="indexterm" name="id382459"></a><a class="indexterm" name="id382464"></a>
+                </p></li></ul></div><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id380894"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id380902"></a>
+                <a class="indexterm" name="id380909"></a>
+                <a class="indexterm" name="id380916"></a>
+                <a class="indexterm" name="id380922"></a>
+                <a class="indexterm" name="id380929"></a>
+                <a class="indexterm" name="id380936"></a>
+                <a class="indexterm" name="id380943"></a>
+                <a class="indexterm" name="id380950"></a>
+                <a class="indexterm" name="id380956"></a>
+                <a class="indexterm" name="id380963"></a>
+                <a class="indexterm" name="id380970"></a>
+                <a class="indexterm" name="id380977"></a>
+                <a class="indexterm" name="id380986"></a><a class="indexterm" name="id380992"></a>
                 Functionally, the user's Internet Explorer requests a browsing session with the
                 Squid proxy, for which it offers its AD authentication token. Squid hands off
 …
                         </p></li><li class="listitem"><p>
                         Tying it all together
                         </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id382513"></a>Political Issues</h3></div></div></div><p>
+                        </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id381040"></a>Political Issues</h3></div></div></div><p>
                 You are a stranger in a strange land, and all eyes are upon you. Some would even like to see
                 you fail. For you to gain the trust of your newly acquired IT people, it is essential that your
 …
                 will the entrenched positions consider taking up your new way of doing things on a
                 wider scale.
                 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382530"></a>Implementation</h2></div></div></div><p>
         <a class="indexterm" name="id382538"></a>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id381058"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id381065"></a>
         First, your system needs to be prepared and in a known good state to proceed. This consists
         of making sure that everything the system depends on is present and that everything that could
 …
         they must be removed.
         </p><p>
         <a class="indexterm" name="id382552"></a>
+        <a class="indexterm" name="id381079"></a>
         The following packages should be available on your Red Hat Linux system:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 <a class="indexterm" name="id382566"></a>
                 <a class="indexterm" name="id382572"></a>
+                <a class="indexterm" name="id381093"></a>
+                <a class="indexterm" name="id381100"></a>
                 krb5-libs
                 </p></li><li class="listitem"><p>
 …
                 pam_krb5
                 </p></li></ul></div><p>
         <a class="indexterm" name="id382602"></a>
+        <a class="indexterm" name="id381129"></a>
         In the case of SUSE Linux, these packages are called:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
 …
                 heimdal-devel
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id382625"></a>
+                <a class="indexterm" name="id381153"></a>
                 heimdal
                 </p></li><li class="listitem"><p>
 …
         for your Linux system to ensure that the packages are correctly updated.
         </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id382648"></a>
         <a class="indexterm" name="id382655"></a>
         <a class="indexterm" name="id382662"></a>
+        <a class="indexterm" name="id381175"></a>
+        <a class="indexterm" name="id381182"></a>
+        <a class="indexterm" name="id381189"></a>
         If the requirement is for interoperation with MS Windows Server 2003, it
         will be necessary to ensure that you are using MIT Kerberos version 1.3.1
 …
         updating.
         </p><p>
         <a class="indexterm" name="id382673"></a>
         <a class="indexterm" name="id382680"></a>
+        <a class="indexterm" name="id381201"></a>
+        <a class="indexterm" name="id381208"></a>
         Heimdal 0.6 or later is required in the case of SUSE Linux. SUSE Enterprise
         Linux Server 8 ships with Heimdal 0.4. SUSE 9 ships with the necessary version.
         </p></div><div class="sect2" title="Removal of Pre-Existing Conflicting RPMs"><div class="titlepage"><div><div><h3 class="title"><a name="ch10-one"></a>Removal of Pre-Existing Conflicting RPMs</h3></div></div></div><p>
         <a class="indexterm" name="id382701"></a>
+        <a class="indexterm" name="id381229"></a>
         If Samba and/or Squid RPMs are installed, they should be updated. You can
         build both from source.
         </p><p>
         <a class="indexterm" name="id382712"></a>
         <a class="indexterm" name="id382719"></a>
         <a class="indexterm" name="id382725"></a>
+        <a class="indexterm" name="id381240"></a>
+        <a class="indexterm" name="id381246"></a>
+        <a class="indexterm" name="id381253"></a>
         Locating the packages to be un-installed can be achieved by running:
 </p><pre class="screen">
 …
 <code class="prompt">root# </code> rpm -e samba-common
 </pre><p>
         </p><div class="sect2" title="Kerberos Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id382764"></a>Kerberos Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id382771"></a>
         <a class="indexterm" name="id382778"></a>
         <a class="indexterm" name="id382787"></a>
         <a class="indexterm" name="id382794"></a>
+        </p><div class="sect2" title="Kerberos Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id381292"></a>Kerberos Configuration</h3></div></div></div><p>
+        <a class="indexterm" name="id381299"></a>
+        <a class="indexterm" name="id381306"></a>
+        <a class="indexterm" name="id381315"></a>
+        <a class="indexterm" name="id381322"></a>
         The systems Kerberos installation must be configured to communicate with
         your primary Active Directory server (ADS KDC).
 …
         unless you are using Windows 2003 servers.
         </p><p>
         <a class="indexterm" name="id382810"></a>
         <a class="indexterm" name="id382817"></a>
         <a class="indexterm" name="id382824"></a>
         <a class="indexterm" name="id382830"></a>
         <a class="indexterm" name="id382837"></a>
         <a class="indexterm" name="id382846"></a>
         <a class="indexterm" name="id382853"></a>
+        <a class="indexterm" name="id381338"></a>
+        <a class="indexterm" name="id381345"></a>
+        <a class="indexterm" name="id381352"></a>
+        <a class="indexterm" name="id381358"></a>
+        <a class="indexterm" name="id381365"></a>
+        <a class="indexterm" name="id381374"></a>
+        <a class="indexterm" name="id381381"></a>
         Officially, neither MIT (1.3.4) nor Heimdal (0.63) Kerberos needs an <code class="filename">/etc/krb5.conf</code>
         file in order to work correctly. All ADS domains automatically create SRV records in the
 …
         specifying only a single KDC, even if there is more than one. Using the DNS lookup
         allows the KRB5 libraries to use whichever KDCs are available.
         </p><div class="procedure" title="Procedure 12.1. Kerberos Configuration Steps"><a name="id382882"></a><p class="title"><b>Procedure 12.1. Kerberos Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id382893"></a>
+        </p><div class="procedure" title="Procedure 12.1. Kerberos Configuration Steps"><a name="id381410"></a><p class="title"><b>Procedure 12.1. Kerberos Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id381421"></a>
                 If you find the need to manually configure the <code class="filename">krb5.conf</code>, you should edit it
                 to have the contents shown in <a class="link" href="DomApps.html#ch10-krb5conf" title="Example 12.1. Kerberos Configuration File: /etc/krb5.conf">&#8220;Kerberos Configuration  File: /etc/krb5.conf&#8221;</a>. The final fully qualified path for this file
                 should be <code class="filename">/etc/krb5.conf</code>.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id382926"></a>
                 <a class="indexterm" name="id382933"></a>
                 <a class="indexterm" name="id382940"></a>
                 <a class="indexterm" name="id382947"></a>
                 <a class="indexterm" name="id382953"></a>
                 <a class="indexterm" name="id382960"></a>
                 <a class="indexterm" name="id382967"></a>
                 <a class="indexterm" name="id382974"></a>
                 <a class="indexterm" name="id382981"></a>
                 <a class="indexterm" name="id382990"></a>
                 <a class="indexterm" name="id382996"></a>
                 <a class="indexterm" name="id383003"></a>
                 <a class="indexterm" name="id383010"></a>
+                <a class="indexterm" name="id381455"></a>
+                <a class="indexterm" name="id381462"></a>
+                <a class="indexterm" name="id381468"></a>
+                <a class="indexterm" name="id381475"></a>
+                <a class="indexterm" name="id381482"></a>
+                <a class="indexterm" name="id381489"></a>
+                <a class="indexterm" name="id381495"></a>
+                <a class="indexterm" name="id381502"></a>
+                <a class="indexterm" name="id381509"></a>
+                <a class="indexterm" name="id381518"></a>
+                <a class="indexterm" name="id381525"></a>
+                <a class="indexterm" name="id381532"></a>
+                <a class="indexterm" name="id381538"></a>
                 The following gotchas often catch people out. Kerberos is case sensitive. Your realm must
                 be in UPPERCASE, or you will get an error: <span class="quote">&#8220;<span class="quote">Cannot find KDC for requested realm while getting
 …
                 when you try to join the realm.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id383045"></a>
+                <a class="indexterm" name="id381574"></a>
                 You are now ready to test your installation by issuing the command:
 </p><pre class="screen">
 …
         kdc = w2k3s.london.abmas.biz
+        }
 </pre></div></div><br class="example-break"><p><a class="indexterm" name="id383105"></a>
+</pre></div></div><br class="example-break"><p><a class="indexterm" name="id381633"></a>
         The command
 </p><pre class="screen">
 …
 </pre><p>
         shows the Kerberos tickets cached by the system.
         </p><div class="sect3" title="Samba Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id383127"></a>Samba Configuration</h4></div></div></div><p>
         <a class="indexterm" name="id383135"></a>
+        </p><div class="sect3" title="Samba Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id381656"></a>Samba Configuration</h4></div></div></div><p>
+        <a class="indexterm" name="id381663"></a>
         Samba must be configured to correctly use Active Directory. Samba-3 must be used, since it
         has the necessary components to interface with Active Directory.
         </p><div class="procedure" title="Procedure 12.2. Securing Samba-3 With ADS Support Steps"><a name="id383144"></a><p class="title"><b>Procedure 12.2. Securing Samba-3 With ADS Support Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id383156"></a>
                 <a class="indexterm" name="id383162"></a>
                 <a class="indexterm" name="id383169"></a>
                 <a class="indexterm" name="id383176"></a>
                 <a class="indexterm" name="id383183"></a>
+        </p><div class="procedure" title="Procedure 12.2. Securing Samba-3 With ADS Support Steps"><a name="id381673"></a><p class="title"><b>Procedure 12.2. Securing Samba-3 With ADS Support Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id381684"></a>
+                <a class="indexterm" name="id381691"></a>
+                <a class="indexterm" name="id381698"></a>
+                <a class="indexterm" name="id381704"></a>
+                <a class="indexterm" name="id381711"></a>
                 Download the latest stable Samba-3 for Red Hat Linux from the official Samba Team
                 <a class="ulink" href="http://ftp.samba.org" target="_top">FTP site.</a> The official Samba Team
 …
                 needed, and are linked against MIT KRB5 version 1.3.1 and therefore are ready for use.
                 </p><p>
                 <a class="indexterm" name="id383207"></a>
                 <a class="indexterm" name="id383213"></a>
+                <a class="indexterm" name="id381735"></a>
+                <a class="indexterm" name="id381742"></a>
                 The necessary, validated RPM packages for SUSE Linux may be obtained from
                 the <a class="ulink" href="ftp://ftp.sernet.de/pub/samba" target="_top">SerNet</a> FTP site that
 …
                 file so it has contents similar to the example shown in <a class="link" href="DomApps.html#ch10-smbconf" title="Example 12.2. Samba Configuration File: /etc/samba/smb.conf">&#8220;Samba Configuration  File: /etc/samba/smb.conf&#8221;</a>.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id383261"></a>
                 <a class="indexterm" name="id383268"></a>
                 <a class="indexterm" name="id383274"></a>i
                 <a class="indexterm" name="id383286"></a>
                 <a class="indexterm" name="id383293"></a>
+                <a class="indexterm" name="id381790"></a>
+                <a class="indexterm" name="id381797"></a>
+                <a class="indexterm" name="id381803"></a>i
+                <a class="indexterm" name="id381815"></a>
+                <a class="indexterm" name="id381822"></a>
                 Next you need to create a computer account in the Active Directory.
                 This sets up the trust relationship needed for other clients to
 …
 </pre><p>
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id383324"></a>
                 <a class="indexterm" name="id383331"></a>
                 <a class="indexterm" name="id383337"></a>
                 <a class="indexterm" name="id383344"></a>
                 <a class="indexterm" name="id383351"></a>
+                <a class="indexterm" name="id381853"></a>
+                <a class="indexterm" name="id381860"></a>
+                <a class="indexterm" name="id381866"></a>
+                <a class="indexterm" name="id381873"></a>
+                <a class="indexterm" name="id381880"></a>
                 Your new Samba binaries must be started in the standard manner as is applicable
                 to the platform you are running on. Alternatively, start your Active Directory-enabled Samba with the following commands:
 …
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id383390"></a>
                 <a class="indexterm" name="id383396"></a>
                 <a class="indexterm" name="id383406"></a>
                 <a class="indexterm" name="id383412"></a>
                 <a class="indexterm" name="id383419"></a>
+                <a class="indexterm" name="id381919"></a>
+                <a class="indexterm" name="id381925"></a>
+                <a class="indexterm" name="id381935"></a>
+                <a class="indexterm" name="id381941"></a>
+                <a class="indexterm" name="id381948"></a>
                 We now need to test that Samba is communicating with the Active
                 Directory domain; most specifically, we want to see whether winbind
 …
                 This enumerates all the groups in your Active Directory tree.
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id383476"></a>
                 <a class="indexterm" name="id383483"></a>
+                <a class="indexterm" name="id382005"></a>
+                <a class="indexterm" name="id382012"></a>
                 Squid uses the <code class="literal">ntlm_auth</code> helper build with Samba-3.
                 You may test <code class="literal">ntlm_auth</code> with the command:
 …
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id383533"></a>
                 <a class="indexterm" name="id383540"></a>
                 <a class="indexterm" name="id383547"></a>
                 <a class="indexterm" name="id383553"></a>
                 <a class="indexterm" name="id383560"></a>
                 <a class="indexterm" name="id383567"></a>
                 <a class="indexterm" name="id383574"></a>
                 <a class="indexterm" name="id383581"></a>
+                <a class="indexterm" name="id382062"></a>
+                <a class="indexterm" name="id382069"></a>
+                <a class="indexterm" name="id382076"></a>
+                <a class="indexterm" name="id382082"></a>
+                <a class="indexterm" name="id382089"></a>
+                <a class="indexterm" name="id382096"></a>
+                <a class="indexterm" name="id382103"></a>
+                <a class="indexterm" name="id382110"></a>
                 The <code class="literal">ntlm_auth</code> helper, when run from a command line as the user
                 <span class="quote">&#8220;<span class="quote">root</span>&#8221;</span>, authenticates against your Active Directory domain (with
 …
 <code class="prompt">root# </code> chmod 750 /var/lib/samba/winbindd_privileged
 </pre><p>
                 </p></li></ol></div></div><div class="sect3" title="NSS Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id383649"></a>NSS Configuration</h4></div></div></div><p>
         <a class="indexterm" name="id383656"></a>
         <a class="indexterm" name="id383663"></a>
         <a class="indexterm" name="id383670"></a>
+                </p></li></ol></div></div><div class="sect3" title="NSS Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id382178"></a>NSS Configuration</h4></div></div></div><p>
+        <a class="indexterm" name="id382185"></a>
+        <a class="indexterm" name="id382192"></a>
+        <a class="indexterm" name="id382199"></a>
         For Squid to benefit from Samba-3, NSS must be updated to allow winbind as a valid route to user authentication.
         </p><p>
         Edit your <code class="filename">/etc/nsswitch.conf</code> file so it has the parameters shown
         in <a class="link" href="DomApps.html#ch10-etcnsscfg" title="Example 12.3. NSS Configuration File Extract File: /etc/nsswitch.conf">&#8220;NSS Configuration File Extract  File: /etc/nsswitch.conf&#8221;</a>.
         </p><div class="example"><a name="ch10-smbconf"></a><p class="title"><b>Example 12.2. Samba Configuration  File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id383726"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id383737"></a><em class="parameter"><code>netbios name = W2K3S</code></em></td></tr><tr><td><a class="indexterm" name="id383749"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id383760"></a><em class="parameter"><code>security = ads</code></em></td></tr><tr><td><a class="indexterm" name="id383772"></a><em class="parameter"><code>encrypt passwords = yes</code></em></td></tr><tr><td><a class="indexterm" name="id383783"></a><em class="parameter"><code>password server = w2k3s.london.abmas.biz</code></em></td></tr><tr><td># separate domain and username with '/', like DOMAIN/username</td></tr><tr><td><a class="indexterm" name="id383799"></a><em class="parameter"><code>winbind separator = /</code></em></td></tr><tr><td># use UIDs from 10000 to 20000 for domain users</td></tr><tr><td><a class="indexterm" name="id383814"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td># use GIDs from 10000 to 20000 for domain groups</td></tr><tr><td><a class="indexterm" name="id383829"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td># allow enumeration of winbind users and groups</td></tr><tr><td><a class="indexterm" name="id383844"></a><em class="parameter"><code>winbind enum users = yes</code></em></td></tr><tr><td><a class="indexterm" name="id383856"></a><em class="parameter"><code>winbind enum groups = yes</code></em></td></tr><tr><td><a class="indexterm" name="id383868"></a><em class="parameter"><code>winbind user default domain = yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch10-etcnsscfg"></a><p class="title"><b>Example 12.3. NSS Configuration File Extract  File: <code class="filename">/etc/nsswitch.conf</code></b></p><div class="example-contents"><pre class="screen">
+        </p><div class="example"><a name="ch10-smbconf"></a><p class="title"><b>Example 12.2. Samba Configuration  File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id382255"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id382266"></a><em class="parameter"><code>netbios name = W2K3S</code></em></td></tr><tr><td><a class="indexterm" name="id382278"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id382289"></a><em class="parameter"><code>security = ads</code></em></td></tr><tr><td><a class="indexterm" name="id382301"></a><em class="parameter"><code>encrypt passwords = yes</code></em></td></tr><tr><td><a class="indexterm" name="id382312"></a><em class="parameter"><code>password server = w2k3s.london.abmas.biz</code></em></td></tr><tr><td># separate domain and username with '/', like DOMAIN/username</td></tr><tr><td><a class="indexterm" name="id382328"></a><em class="parameter"><code>winbind separator = /</code></em></td></tr><tr><td># use UIDs from 10000 to 20000 for domain users</td></tr><tr><td><a class="indexterm" name="id382343"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td># use GIDs from 10000 to 20000 for domain groups</td></tr><tr><td><a class="indexterm" name="id382358"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td># allow enumeration of winbind users and groups</td></tr><tr><td><a class="indexterm" name="id382373"></a><em class="parameter"><code>winbind enum users = yes</code></em></td></tr><tr><td><a class="indexterm" name="id382385"></a><em class="parameter"><code>winbind enum groups = yes</code></em></td></tr><tr><td><a class="indexterm" name="id382396"></a><em class="parameter"><code>winbind user default domain = yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch10-etcnsscfg"></a><p class="title"><b>Example 12.3. NSS Configuration File Extract  File: <code class="filename">/etc/nsswitch.conf</code></b></p><div class="example-contents"><pre class="screen">
 passwd: files winbind
 shadow: files
 group: files winbind
 </pre></div></div><br class="example-break"></div><div class="sect3" title="Squid Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id383905"></a>Squid Configuration</h4></div></div></div><p>
         <a class="indexterm" name="id383913"></a>
         <a class="indexterm" name="id383920"></a>
+</pre></div></div><br class="example-break"></div><div class="sect3" title="Squid Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id382434"></a>Squid Configuration</h4></div></div></div><p>
+        <a class="indexterm" name="id382441"></a>
+        <a class="indexterm" name="id382448"></a>
         Squid must be configured correctly to interact with the Samba-3
         components that handle Active Directory authentication.
         </p></div></div><div class="sect2" title="Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id383934"></a>Configuration</h3></div></div></div></div><div class="procedure" title="Procedure 12.3. Squid Configuration Steps"><a name="id383939"></a><p class="title"><b>Procedure 12.3. Squid Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id383950"></a>
                 <a class="indexterm" name="id383957"></a>
                 <a class="indexterm" name="id383965"></a>
+        </p></div></div><div class="sect2" title="Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id382462"></a>Configuration</h3></div></div></div></div><div class="procedure" title="Procedure 12.3. Squid Configuration Steps"><a name="id382467"></a><p class="title"><b>Procedure 12.3. Squid Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id382479"></a>
+                <a class="indexterm" name="id382485"></a>
+                <a class="indexterm" name="id382493"></a>
                 If your Linux distribution is SUSE Linux 9, the version of Squid
                 supplied is already enabled to use the winbind helper agent. You
 …
                 programs.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id383980"></a>
                 <a class="indexterm" name="id383987"></a>
                 <a class="indexterm" name="id383994"></a>
                 <a class="indexterm" name="id384001"></a>
                 <a class="indexterm" name="id384007"></a>
+                <a class="indexterm" name="id382508"></a>
+                <a class="indexterm" name="id382515"></a>
+                <a class="indexterm" name="id382522"></a>
+                <a class="indexterm" name="id382529"></a>
+                <a class="indexterm" name="id382536"></a>
                 Squid, by default, runs as the user <code class="constant">nobody</code>. You need to
                 add a system user <code class="constant">squid</code> and a system group
 …
                 and a <code class="constant">squid</code> group in <code class="filename">/etc/group</code> if these aren't there already.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id384053"></a>
                 <a class="indexterm" name="id384060"></a>
+                <a class="indexterm" name="id382581"></a>
+                <a class="indexterm" name="id382588"></a>
                 You now need to change the permissions on Squid's <code class="constant">var</code>
                 directory.  Enter the following command:
 …
 </pre><p>
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id384089"></a>
                 <a class="indexterm" name="id384096"></a>
+                <a class="indexterm" name="id382617"></a>
+                <a class="indexterm" name="id382624"></a>
                 Squid must also have control over its logging. Enter the following commands:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id384153"></a>
+                <a class="indexterm" name="id382681"></a>
                 The <code class="filename">/etc/squid/squid.conf</code> file must be edited to include the lines from
                 <a class="link" href="DomApps.html#etcsquidcfg" title="Example 12.4. Squid Configuration File Extract /etc/squid.conf [ADMINISTRATIVE PARAMETERS Section]">&#8220;Squid Configuration File Extract  /etc/squid.conf [ADMINISTRATIVE PARAMETERS Section]&#8221;</a> and <a class="link" href="DomApps.html#etcsquid2" title="Example 12.5. Squid Configuration File extract File: /etc/squid.conf [AUTHENTICATION PARAMETERS Section]">&#8220;Squid Configuration File extract  File: /etc/squid.conf [AUTHENTICATION PARAMETERS Section]&#8221;</a>.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id384186"></a>
+                <a class="indexterm" name="id382714"></a>
                 You must create Squid's cache directories before it may be run.  Enter the following command:
 </p><pre class="screen">
 …
         acl AuthorizedUsers proxy_auth REQUIRED
         http_access allow all AuthorizedUsers
 </pre></div></div><br class="example-break"></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id384281"></a>Key Points Learned</h3></div></div></div><p>
                 <a class="indexterm" name="id384289"></a>
                 <a class="indexterm" name="id384296"></a>
                 <a class="indexterm" name="id384303"></a>
                 <a class="indexterm" name="id384310"></a>
                 <a class="indexterm" name="id384321"></a>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id382809"></a>Key Points Learned</h3></div></div></div><p>
+                <a class="indexterm" name="id382816"></a>
+                <a class="indexterm" name="id382823"></a>
+                <a class="indexterm" name="id382830"></a>
+                <a class="indexterm" name="id382837"></a>
+                <a class="indexterm" name="id382848"></a>
                 Microsoft Windows networking protocols permeate the spectrum of technologies that Microsoft
                 Windows clients use, even when accessing traditional services such as Web browsers. Depending
 …
                 the cookie-based authentication regime used by all competing browsers. It is Samba's implementation
                 of NTLMSSP that makes it attractive to implement the solution that has been demonstrated in this chapter.
                 </p></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384336"></a>Questions and Answers</h2></div></div></div><p>
         <a class="indexterm" name="id384344"></a>
         <a class="indexterm" name="id384351"></a>
         <a class="indexterm" name="id384358"></a>
         <a class="indexterm" name="id384365"></a>
+                </p></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id382864"></a>Questions and Answers</h2></div></div></div><p>
+        <a class="indexterm" name="id382871"></a>
+        <a class="indexterm" name="id382878"></a>
+        <a class="indexterm" name="id382885"></a>
+        <a class="indexterm" name="id382892"></a>
         The development of the <code class="literal">ntlm_auth</code> module was first discussed in many Open Source circles
         in 2002. At the SambaXP conference in Goettingen, Germany, Mr. Francesco Chemolli demonstrated the use of
 …
         Make certain that your Squid proxy server is equipped with sufficient memory to permit all proxy operations to run
         out of memory without invoking the overheads involved in the use of memory that has to be swapped to disk.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id384423"></a><dl><dt> <a href="DomApps.html#id384430">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id382950"></a><dl><dt> <a href="DomApps.html#id382957">
                 What does Samba have to do with Web proxy serving?
                 </a></dt><dt> <a href="DomApps.html#id384585">
+                </a></dt><dt> <a href="DomApps.html#id383112">
                 What other services does Samba provide?
                 </a></dt><dt> <a href="DomApps.html#id384721">
+                </a></dt><dt> <a href="DomApps.html#id383248">
                 Does use of Samba (ntlm_auth) improve the performance of Squid?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id384430"></a><a name="id384432"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id382957"></a><a name="id382959"></a></td><td align="left" valign="top"><p>
                 What does Samba have to do with Web proxy serving?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id384443"></a>
                 <a class="indexterm" name="id384450"></a>
                 <a class="indexterm" name="id384457"></a>
                 <a class="indexterm" name="id384466"></a>
                 <a class="indexterm" name="id384473"></a>
+                <a class="indexterm" name="id382970"></a>
+                <a class="indexterm" name="id382977"></a>
+                <a class="indexterm" name="id382984"></a>
+                <a class="indexterm" name="id382993"></a>
+                <a class="indexterm" name="id383000"></a>
                 To provide transparent interoperability between Windows clients and the network services
                 that are used from them, Samba had to develop tools and facilities that deliver that feature. The benefit
 …
                 module is basically a wrapper around authentication code from the core of the Samba project.
                 </p><p>
                 <a class="indexterm" name="id384492"></a>
                 <a class="indexterm" name="id384499"></a>
                 <a class="indexterm" name="id384508"></a>
                 <a class="indexterm" name="id384517"></a>
                 <a class="indexterm" name="id384526"></a>
                 <a class="indexterm" name="id384533"></a>
                 <a class="indexterm" name="id384540"></a>
                 <a class="indexterm" name="id384546"></a>
                 <a class="indexterm" name="id384553"></a>
+                <a class="indexterm" name="id383019"></a>
+                <a class="indexterm" name="id383026"></a>
+                <a class="indexterm" name="id383035"></a>
+                <a class="indexterm" name="id383044"></a>
+                <a class="indexterm" name="id383053"></a>
+                <a class="indexterm" name="id383060"></a>
+                <a class="indexterm" name="id383067"></a>
+                <a class="indexterm" name="id383074"></a>
+                <a class="indexterm" name="id383080"></a>
                 The <code class="literal">ntlm_auth</code> module supports basic plain-text authentication and NTLMSSP
                 protocols. This module makes it possible for Web and FTP proxy requests to be authenticated without
 …
                 also.
                 </p><p>
                 <a class="indexterm" name="id384574"></a>
+                <a class="indexterm" name="id383101"></a>
                 The short answer is that by adding a wrapper around key authentication components of Samba, other
                 projects (like Squid) can benefit from the labors expended in meeting user interoperability needs.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id384585"></a><a name="id384588"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id383112"></a><a name="id383115"></a></td><td align="left" valign="top"><p>
                 What other services does Samba provide?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id384599"></a>
                 <a class="indexterm" name="id384606"></a>
                 <a class="indexterm" name="id384612"></a>
                 <a class="indexterm" name="id384619"></a>
                 <a class="indexterm" name="id384626"></a>
+                <a class="indexterm" name="id383126"></a>
+                <a class="indexterm" name="id383133"></a>
+                <a class="indexterm" name="id383139"></a>
+                <a class="indexterm" name="id383146"></a>
+                <a class="indexterm" name="id383153"></a>
                 Samba-3 is a file and print server. The core components that provide this functionality are <code class="literal">smbd</code>,
                 <code class="literal">nmbd</code>, and the identity resolver daemon, <code class="literal">winbindd</code>.
                 </p><p>
                 <a class="indexterm" name="id384655"></a>
                 <a class="indexterm" name="id384662"></a>
+                <a class="indexterm" name="id383182"></a>
+                <a class="indexterm" name="id383189"></a>
                 Samba-3 is an SMB/CIFS client. The core component that provides this is called <code class="literal">smbclient</code>.
                 </p><p>
                 <a class="indexterm" name="id384679"></a>
                 <a class="indexterm" name="id384685"></a>
                 <a class="indexterm" name="id384692"></a>
                 <a class="indexterm" name="id384699"></a>
                 <a class="indexterm" name="id384706"></a>
+                <a class="indexterm" name="id383206"></a>
+                <a class="indexterm" name="id383212"></a>
+                <a class="indexterm" name="id383219"></a>
+                <a class="indexterm" name="id383226"></a>
+                <a class="indexterm" name="id383233"></a>
                 Samba-3 includes a number of helper tools, plug-in modules, utilities, and test and validation facilities.
                 Samba-3 includes glue modules that help provide interoperability between MS Windows clients and UNIX/Linux
 …
                 to permit identity resolution via SMB/CIFS servers (Windows NT4/200x, Samba, and a host of other commercial
                 server products).
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id384721"></a><a name="id384723"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id383248"></a><a name="id383250"></a></td><td align="left" valign="top"><p>
                 Does use of Samba (<code class="literal">ntlm_auth</code>) improve the performance of Squid?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ExNetworks.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. Example Network Configurations</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="preface.html" title="Preface"><link rel="next" href="simple.html" title="Chapter 1. No-Frills Samba Servers"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. Example Network Configurations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr></table><hr></div><div class="part" title="Part I. Example Network Configurations"><div class="titlepage"><div><div><h1 class="title"><a name="ExNetworks"></a>Part I. Example Network Configurations</h1></div></div></div><div class="partintro" title="Example Network Configurations"><div><div><div><h1 class="title"><a name="id323031"></a>Example Network Configurations</h1></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part I. Example Network Configurations</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="preface.html" title="Preface"><link rel="next" href="simple.html" title="Chapter 1. No-Frills Samba Servers"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part I. Example Network Configurations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr></table><hr></div><div class="part" title="Part I. Example Network Configurations"><div class="titlepage"><div><div><h1 class="title"><a name="ExNetworks"></a>Part I. Example Network Configurations</h1></div></div></div><div class="partintro" title="Example Network Configurations"><div><div><div><h1 class="title"><a name="id321531"></a>Example Network Configurations</h1></div></div></div><p>
 This section of <span class="emphasis"><em>Samba-3 by Example</em></span> provides example network
 configurations that can be copied, or modified as needed, and deployed as-is.
 …
 <a class="ulink" href="http://www.samba.org/samba/support/" target="_top">support</a> pages from
 the Samba web site.
 </p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id323089">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id323120">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id323158">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id323803">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id326925">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id327308">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327326">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327416">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id327588">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327606">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id329058">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id329633">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id329652">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id329716">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id330143">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330177">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330386">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330398">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id330742">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330776">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id331530">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id335513">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id335566">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id341463">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id341540">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id341668">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id342070">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343725">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343737">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id343908">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id350178">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id350194">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id350283">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id350512">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id350609">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350723">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id352365">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id352391">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id352420">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id352508">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id352846">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id352871">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352928">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id353175">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id353997">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id354011">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id357027">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id357166">Questions and Answers</a></span></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Preface </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. No-Frills Samba Servers</td></tr></table></div></body></html>
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id321589">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id321619">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id321657">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id322302">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id325424">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id325808">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id325825">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id325871">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id325916">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id326088">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id326106">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327557">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id328132">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id328152">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id328216">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id328642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id328676">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id328885">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id328897">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id329242">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id329275">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id330030">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id334042">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id334095">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id334536">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id334566">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id334641">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id334670">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id334846">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id334866">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id335580">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336096">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id339071">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id339124">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id339991">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id340067">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id340195">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id340598">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id342251">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id342264">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id342434">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id348703">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id348720">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id348809">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id349037">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id349135">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id349248">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id350249">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id350890">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id350916">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350946">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id351033">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id351371">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id351396">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id351452">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id351698">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id352520">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352534">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id355551">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id355690">Questions and Answers</a></span></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="preface.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="simple.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Preface </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 1. No-Frills Samba Servers</td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/HA.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 13. Performance, Reliability, and Availability</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="DomApps.html" title="Chapter 12. Integrating Additional Services"><link rel="next" href="ch14.html" title="Chapter 14. Samba Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 13. Performance, Reliability, and Availability</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DomApps.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="ch14.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 13. Performance, Reliability, and Availability"><div class="titlepage"><div><div><h2 class="title"><a name="HA"></a>Chapter 13. Performance, Reliability, and Availability</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="HA.html#id384815">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id384892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id385369">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id385810">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id386110">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id386178">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id386240">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id386332">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id386465">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id386548">Key Points Learned</a></span></dt></dl></div><p>
         <a class="indexterm" name="id384782"></a>
         <a class="indexterm" name="id384788"></a>
         <a class="indexterm" name="id384795"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 13. Performance, Reliability, and Availability</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="DomApps.html" title="Chapter 12. Integrating Additional Services"><link rel="next" href="ch14.html" title="Chapter 14. Samba Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 13. Performance, Reliability, and Availability</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DomApps.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="ch14.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 13. Performance, Reliability, and Availability"><div class="titlepage"><div><div><h2 class="title"><a name="HA"></a>Chapter 13. Performance, Reliability, and Availability</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="HA.html#id383342">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id383418">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id383870">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id383895">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id384336">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id384636">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id384704">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id384766">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id384817">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id384858">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id384991">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id385073">Key Points Learned</a></span></dt></dl></div><p>
+        <a class="indexterm" name="id383309"></a>
+        <a class="indexterm" name="id383315"></a>
+        <a class="indexterm" name="id383322"></a>
         Well, you have reached one of the last chapters of this book. It is customary to attempt
         to wrap up the theme and contents of a book in what is generally regarded as the
 …
         </p><div class="blockquote"><table border="0" width="100%" cellspacing="0" cellpadding="0" class="blockquote" summary="Block quote"><tr><td width="10%" valign="top"> </td><td width="80%" valign="top"><p>
         In a world so full of noise, how can the sparrow be heard?
         </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Anonymous</span></td></tr></table></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384815"></a>Introduction</h2></div></div></div><p>
         <a class="indexterm" name="id384822"></a>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Anonymous</span></td></tr></table></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id383342"></a>Introduction</h2></div></div></div><p>
+        <a class="indexterm" name="id383349"></a>
         The sparrow is a small bird whose sounds are drowned out by the noise of the busy
         world it lives in. Likewise, the simple steps that can be taken to improve the
 …
         custom tools and methods. Only passing comments are offered concerning these methods.
         </p><p>
         <a class="indexterm" name="id384837"></a>
         <a class="indexterm" name="id384844"></a>
         <a class="indexterm" name="id384851"></a>
+        <a class="indexterm" name="id383364"></a>
+        <a class="indexterm" name="id383371"></a>
+        <a class="indexterm" name="id383378"></a>
 <a class="ulink" href="http://www.google.com/search?hl=en&amp;lr=&amp;ie=ISO-8859-1&amp;q=samba+cluster&amp;btnG=Google+Search" target="_top">A search</a>
         for <span class="quote">&#8220;<span class="quote">samba cluster</span>&#8221;</span> produced 71,600 hits. And a search for <span class="quote">&#8220;<span class="quote">highly available samba</span>&#8221;</span>
 …
         availability, reliability, and scalability are of vital interest to corporate network users.
         </p><p>
         <a class="indexterm" name="id384882"></a>
+        <a class="indexterm" name="id383409"></a>
         So without further background, you can review a checklist of simple steps that
         can be taken to ensure acceptable network performance while keeping costs of ownership
         well under control.
         </p></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id384892"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id384899"></a>
         <a class="indexterm" name="id384906"></a>
+        </p></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id383418"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id383426"></a>
+        <a class="indexterm" name="id383433"></a>
         If it is your purpose to get the best mileage out of your Samba servers, there is one rule that
         must be obeyed. If you want the best, keep your implementation as simple as possible. You may
 …
         complex ones.
         </p><p>
         <a class="indexterm" name="id384924"></a>
         <a class="indexterm" name="id384931"></a>
+        <a class="indexterm" name="id383451"></a>
+        <a class="indexterm" name="id383458"></a>
         Problems reported by users fall into three categories: configurations that do not work, those
         that have broken behavior, and poor performance. The term <span class="emphasis"><em>broken behavior</em></span>
 …
         and at other times not listing them even though the machines are in use on the network.
         </p><p>
         <a class="indexterm" name="id384953"></a>
         <a class="indexterm" name="id384960"></a>
         <a class="indexterm" name="id384966"></a>
         <a class="indexterm" name="id384973"></a>
         <a class="indexterm" name="id384980"></a>
         <a class="indexterm" name="id384987"></a>
+        <a class="indexterm" name="id383480"></a>
+        <a class="indexterm" name="id383486"></a>
+        <a class="indexterm" name="id383493"></a>
+        <a class="indexterm" name="id383500"></a>
+        <a class="indexterm" name="id383507"></a>
+        <a class="indexterm" name="id383514"></a>
         A significant number of reports concern problems with the <code class="literal">smbfs</code> file system
         driver that is part of the Linux kernel, not part of Samba. Users continue to interpret that
 …
         Samba and are really foreign to it.
         </p><p>
         <a class="indexterm" name="id385043"></a>
+        <a class="indexterm" name="id383570"></a>
         The new project, <code class="literal">cifsfs</code>, is destined to replace <code class="literal">smbfs</code>.
         It, too, is not part of Samba, even though one of the Samba Team members is a prime mover in
 …
         Table 13.1 lists typical causes of:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Not Working (NW)</p></li><li class="listitem"><p>Broken Behavior (BB)</p></li><li class="listitem"><p>Poor Performance (PP)</p></li></ul></div><div class="table"><a name="ProbList"></a><p class="title"><b>Table 13.1. Effect of Common Problems</b></p><div class="table-contents"><table summary="Effect of Common Problems" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th align="left"><p>Problem</p></th><th align="center"><p>NW</p></th><th align="center"><p>BB</p></th><th align="center"><p>PP</p></th></tr></thead><tbody><tr><td align="left"><p>File locking</p></td><td align="center"><p>-</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Hardware problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Incorrect authentication</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Incorrect configuration</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>LDAP problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Name resolution</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Printing problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr><tr><td align="left"><p>Slow file transfer</p></td><td align="center"><p>-</p></td><td align="center"><p>-</p></td><td align="center"><p>X</p></td></tr><tr><td align="left"><p>Winbind problems</p></td><td align="center"><p>X</p></td><td align="center"><p>X</p></td><td align="center"><p>-</p></td></tr></tbody></table></div></div><br class="table-break"><p>
         <a class="indexterm" name="id385333"></a>
+        <a class="indexterm" name="id383859"></a>
         It is obvious to all that the first requirement (as a matter of network hygiene) is to eliminate
         problems that affect basic network operation. This book has provided sufficient working examples
         to help you to avoid all these problems.
         </p></div><div class="sect1" title="Guidelines for Reliable Samba Operation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id385344"></a>Guidelines for Reliable Samba Operation</h2></div></div></div><p>
         <a class="indexterm" name="id385352"></a>
         <a class="indexterm" name="id385359"></a>
+        </p></div><div class="sect1" title="Guidelines for Reliable Samba Operation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id383870"></a>Guidelines for Reliable Samba Operation</h2></div></div></div><p>
+        <a class="indexterm" name="id383878"></a>
+        <a class="indexterm" name="id383885"></a>
         Your objective is to provide a network that works correctly, can grow at all times, is resilient
         at times of extreme demand, and can scale to meet future needs. The following subject areas provide
         pointers that can help you today.
         </p><div class="sect2" title="Name Resolution"><div class="titlepage"><div><div><h3 class="title"><a name="id385369"></a>Name Resolution</h3></div></div></div><p>
+        </p><div class="sect2" title="Name Resolution"><div class="titlepage"><div><div><h3 class="title"><a name="id383895"></a>Name Resolution</h3></div></div></div><p>
         There are three basic current problem areas: bad hostnames, routed networks, and network collisions.
         These are covered in the following discussion.
         </p><div class="sect3" title="Bad Hostnames"><div class="titlepage"><div><div><h4 class="title"><a name="id385379"></a>Bad Hostnames</h4></div></div></div><p>
                 <a class="indexterm" name="id385387"></a>
                 <a class="indexterm" name="id385396"></a>
                 <a class="indexterm" name="id385403"></a>
                 <a class="indexterm" name="id385409"></a>
                 <a class="indexterm" name="id385416"></a>
+        </p><div class="sect3" title="Bad Hostnames"><div class="titlepage"><div><div><h4 class="title"><a name="id383905"></a>Bad Hostnames</h4></div></div></div><p>
+                <a class="indexterm" name="id383913"></a>
+                <a class="indexterm" name="id383922"></a>
+                <a class="indexterm" name="id383929"></a>
+                <a class="indexterm" name="id383936"></a>
+                <a class="indexterm" name="id383942"></a>
                 When configured as a DHCP client, a number of Linux distributions set the system hostname
                 to <code class="constant">localhost</code>. If the parameter <em class="parameter"><code>netbios name</code></em> is not
 …
                 correctly.
                 </p><p>
                 <a class="indexterm" name="id385465"></a>
+                <a class="indexterm" name="id383991"></a>
                 A few sites have tried to name Windows clients and Samba servers with a name that begins
                 with the digits 1-9. This does not work either because it may result in the client or
                 server attempting to use that name as an IP address.
                 </p><p>
                 <a class="indexterm" name="id385477"></a>
                 <a class="indexterm" name="id385486"></a>
+                <a class="indexterm" name="id384004"></a>
+                <a class="indexterm" name="id384012"></a>
                 A Samba server called <code class="constant">FRED</code> in a NetBIOS domain called <code class="constant">COLLISION</code>
                 in a network environment that is part of the fully-qualified Internet domain namespace known
 …
                 fails given that you probably do not have this in your DNS namespace.
                 </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 <a class="indexterm" name="id385526"></a>
                 <a class="indexterm" name="id385536"></a>
                 <a class="indexterm" name="id385542"></a>
+                <a class="indexterm" name="id384053"></a>
+                <a class="indexterm" name="id384062"></a>
+                <a class="indexterm" name="id384068"></a>
                 An Active Directory realm called <code class="constant">collision.parrots.com</code> is perfectly okay,
                 although it too must be capable of being resolved via DNS, something that functions correctly
                 if Windows 200x ADS has been properly installed and configured.
                 </p></div></div><div class="sect3" title="Routed Networks"><div class="titlepage"><div><div><h4 class="title"><a name="id385556"></a>Routed Networks</h4></div></div></div><p>
                 <a class="indexterm" name="id385564"></a>
                 <a class="indexterm" name="id385571"></a>
                 <a class="indexterm" name="id385580"></a>
+                </p></div></div><div class="sect3" title="Routed Networks"><div class="titlepage"><div><div><h4 class="title"><a name="id384083"></a>Routed Networks</h4></div></div></div><p>
+                <a class="indexterm" name="id384090"></a>
+                <a class="indexterm" name="id384097"></a>
+                <a class="indexterm" name="id384106"></a>
                 NetBIOS networks (Windows networking with NetBIOS over TCP/IP enabled) makes extensive use
                 of UDP-based broadcast traffic, as you saw during the exercises in <a class="link" href="primer.html" title="Chapter 16. Networking Primer">&#8220;Networking Primer&#8221;</a>.
                 </p><p>
                 <a class="indexterm" name="id385598"></a>
                 <a class="indexterm" name="id385605"></a>
                 <a class="indexterm" name="id385612"></a>
+                <a class="indexterm" name="id384124"></a>
+                <a class="indexterm" name="id384131"></a>
+                <a class="indexterm" name="id384138"></a>
                 UDP broadcast traffic is not forwarded by routers. This means that NetBIOS broadcast-based
                 networking cannot function across routed networks (i.e., multi-subnet networks) unless
                 special provisions are made:
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         <a class="indexterm" name="id385627"></a>
                         <a class="indexterm" name="id385634"></a>
                         <a class="indexterm" name="id385641"></a>
+                        <a class="indexterm" name="id384153"></a>
+                        <a class="indexterm" name="id384160"></a>
+                        <a class="indexterm" name="id384167"></a>
                         Either install on every Windows client an LMHOSTS file (located in the directory
                         <code class="filename">C:\windows\system32\drivers\etc</code>). It is also necessary to
 …
                         manual page for the <code class="filename">smb.conf</code> file.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id385684"></a>
+                        <a class="indexterm" name="id384210"></a>
                         Or configure Samba as a WINS server, and configure all network clients to use that
                         WINS server in their TCP/IP configuration.
                         </p></li></ul></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
                 <a class="indexterm" name="id385700"></a>
                 <a class="indexterm" name="id385709"></a>
+                <a class="indexterm" name="id384226"></a>
+                <a class="indexterm" name="id384235"></a>
                 The use of DNS is not an acceptable substitute for WINS. DNS does not store specific
                 information regarding NetBIOS networking particulars that get stored in the WINS
                 name resolution database and that Windows clients require and depend on.
                 </p></div></div><div class="sect3" title="Network Collisions"><div class="titlepage"><div><div><h4 class="title"><a name="id385720"></a>Network Collisions</h4></div></div></div><p>
                 <a class="indexterm" name="id385727"></a>
                 <a class="indexterm" name="id385737"></a>
                 <a class="indexterm" name="id385746"></a>
                 <a class="indexterm" name="id385753"></a>
+                </p></div></div><div class="sect3" title="Network Collisions"><div class="titlepage"><div><div><h4 class="title"><a name="id384246"></a>Network Collisions</h4></div></div></div><p>
+                <a class="indexterm" name="id384253"></a>
+                <a class="indexterm" name="id384263"></a>
+                <a class="indexterm" name="id384272"></a>
+                <a class="indexterm" name="id384279"></a>
                 Excessive network activity causes NetBIOS network timeouts. Timeouts may result in
                 blue screen of death (BSOD) experiences. High collision rates may be caused by excessive
 …
                 in <a class="link" href="primer.html" title="Chapter 16. Networking Primer">&#8220;Networking Primer&#8221;</a>.
                 </p><p>
                 <a class="indexterm" name="id385778"></a>
                 <a class="indexterm" name="id385784"></a>
                 <a class="indexterm" name="id385791"></a>
+                <a class="indexterm" name="id384304"></a>
+                <a class="indexterm" name="id384310"></a>
+                <a class="indexterm" name="id384317"></a>
                 Under no circumstances should the facility be supported by many routers, known as <code class="constant">NetBIOS
                 forwarding</code>, unless you know exactly what you are doing. Inappropriate use of this
 …
                 less than 15 KB/sec. After the NetBIOS forwarding was turned off, file transfer performance
                 immediately returned to 11 MB/sec.
                 </p></div></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id385810"></a>Samba Configuration</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id384336"></a>Samba Configuration</h3></div></div></div><p>
         As a general rule, the contents of the <code class="filename">smb.conf</code> file should be kept as simple as possible.
         No parameter should be specified unless you know it is essential to operation.
         </p><p>
         <a class="indexterm" name="id385828"></a>
         <a class="indexterm" name="id385835"></a>
         <a class="indexterm" name="id385842"></a>
+        <a class="indexterm" name="id384354"></a>
+        <a class="indexterm" name="id384361"></a>
+        <a class="indexterm" name="id384368"></a>
         Many UNIX administrators like to fully document the settings in the <code class="filename">smb.conf</code> file. This is a
         bad idea because it adds content to the file. The <code class="filename">smb.conf</code> file is re-read by every <code class="literal">smbd</code>
 …
         It is recommended to keep a fully documented <code class="filename">smb.conf</code> file on hand, and then to operate Samba only
         with an optimized file.
         </p><p><a class="indexterm" name="id385888"></a>
+        </p><p><a class="indexterm" name="id384414"></a>
         The preferred way to maintain a documented file is to call it something like <code class="filename">smb.conf.master</code>.
         You can generate the optimized file by executing:
 …
 Press enter to see a dump of your service definitions
 </pre><p>
         <a class="indexterm" name="id385939"></a>
+        <a class="indexterm" name="id384465"></a>
         You now, of course, press the enter key to complete the command, or else abort it by pressing Ctrl-C.
         The important thing to note is the noted Server role, as well as warning messages. Noted configuration
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id385960"></a>
         <a class="indexterm" name="id385967"></a>
         <a class="indexterm" name="id385974"></a>
+        <a class="indexterm" name="id384486"></a>
+        <a class="indexterm" name="id384493"></a>
+        <a class="indexterm" name="id384500"></a>
         There are two parameters that can cause severe network performance degradation: <em class="parameter"><code>socket options</code></em>
         and <em class="parameter"><code>socket address</code></em>. The <em class="parameter"><code>socket options</code></em> parameter was often necessary
 …
         this parameter being set. Do not use either parameter unless it has been proven necessary to use them.
         </p><p>
         <a class="indexterm" name="id386005"></a>
         <a class="indexterm" name="id386012"></a>
         <a class="indexterm" name="id386018"></a>
         <a class="indexterm" name="id386025"></a>
+        <a class="indexterm" name="id384531"></a>
+        <a class="indexterm" name="id384538"></a>
+        <a class="indexterm" name="id384544"></a>
+        <a class="indexterm" name="id384551"></a>
         Another <code class="filename">smb.conf</code> parameter that may cause severe network performance degradation is the
         <em class="parameter"><code>strict sync</code></em> parameter. Do not use this at all. There is no good reason
 …
         degrade network performance, so do not set it; if you must, do so with caution.
         </p><p>
         <a class="indexterm" name="id386064"></a>
         <a class="indexterm" name="id386071"></a>
         <a class="indexterm" name="id386078"></a>
         <a class="indexterm" name="id386085"></a>
+        <a class="indexterm" name="id384590"></a>
+        <a class="indexterm" name="id384597"></a>
+        <a class="indexterm" name="id384604"></a>
+        <a class="indexterm" name="id384611"></a>
         Finally, many network administrators deliberately disable opportunistic locking support. While this
         does not degrade Samba performance, it significantly degrades Windows client performance because
 …
         oplock support for operations that are tolerant of it. See <a class="link" href="appendix.html#ch12dblck" title="Shared Data Integrity">&#8220;Shared Data Integrity&#8221;</a> for more
         information.
         </p></div><div class="sect2" title="Use and Location of BDCs"><div class="titlepage"><div><div><h3 class="title"><a name="id386110"></a>Use and Location of BDCs</h3></div></div></div><p>
         <a class="indexterm" name="id386118"></a>
         <a class="indexterm" name="id386125"></a>
         <a class="indexterm" name="id386131"></a>
         <a class="indexterm" name="id386138"></a>
         <a class="indexterm" name="id386145"></a>
+        </p></div><div class="sect2" title="Use and Location of BDCs"><div class="titlepage"><div><div><h3 class="title"><a name="id384636"></a>Use and Location of BDCs</h3></div></div></div><p>
+        <a class="indexterm" name="id384644"></a>
+        <a class="indexterm" name="id384651"></a>
+        <a class="indexterm" name="id384657"></a>
+        <a class="indexterm" name="id384664"></a>
+        <a class="indexterm" name="id384671"></a>
         On a network segment where there is a PDC and a BDC, the BDC carries the bulk of the network logon
         processing. If the BDC is a heavily loaded server, the PDC carries a greater proportion of
 …
         and is undesirable.
         </p><p>
         <a class="indexterm" name="id386159"></a>
         <a class="indexterm" name="id386166"></a>
+        <a class="indexterm" name="id384685"></a>
+        <a class="indexterm" name="id384692"></a>
         As a general guide, instead of adding domain member servers to a network, you would be better advised
         to add BDCs until there are fewer than 30 Windows clients per BDC. Beyond that ratio, you should add
         domain member servers. This practice ensures that there are always sufficient domain controllers
         to handle logon requests and authentication traffic.
         </p></div><div class="sect2" title="Use One Consistent Version of MS Windows Client"><div class="titlepage"><div><div><h3 class="title"><a name="id386178"></a>Use One Consistent Version of MS Windows Client</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Use One Consistent Version of MS Windows Client"><div class="titlepage"><div><div><h3 class="title"><a name="id384704"></a>Use One Consistent Version of MS Windows Client</h3></div></div></div><p>
         Every network client has its own peculiarities. From a management perspective, it is easier to deal
         with one version of MS Windows that is maintained to a consistent update level than it is to deal
 …
         have necessitated special handling from the Samba server end. If you want to remain sane, keep you
         client workstation configurations consistent.
         </p></div><div class="sect2" title="For Scalability, Use SAN-Based Storage on Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id386195"></a>For Scalability, Use SAN-Based Storage on Samba Servers</h3></div></div></div><p>
         <a class="indexterm" name="id386203"></a>
         <a class="indexterm" name="id386210"></a>
+        </p></div><div class="sect2" title="For Scalability, Use SAN-Based Storage on Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id384721"></a>For Scalability, Use SAN-Based Storage on Samba Servers</h3></div></div></div><p>
+        <a class="indexterm" name="id384729"></a>
+        <a class="indexterm" name="id384736"></a>
         Many SAN-based storage systems permit more than one server to share a common data store.
         Use of a shared SAN data store means that you do not need to use time- and resource-hungry data
         synchronization techniques.
         </p><p>
         <a class="indexterm" name="id386222"></a>
         <a class="indexterm" name="id386229"></a>
+        <a class="indexterm" name="id384748"></a>
+        <a class="indexterm" name="id384755"></a>
         The use of a collection of relatively low-cost front-end Samba servers that are coupled to
         a shared backend SAN data store permits load distribution while containing costs below that
         of installing and managing a complex clustering facility.
         </p></div><div class="sect2" title="Distribute Network Load with MSDFS"><div class="titlepage"><div><div><h3 class="title"><a name="id386240"></a>Distribute Network Load with MSDFS</h3></div></div></div><p>
         <a class="indexterm" name="id386248"></a>
         <a class="indexterm" name="id386255"></a>
+        </p></div><div class="sect2" title="Distribute Network Load with MSDFS"><div class="titlepage"><div><div><h3 class="title"><a name="id384766"></a>Distribute Network Load with MSDFS</h3></div></div></div><p>
+        <a class="indexterm" name="id384774"></a>
+        <a class="indexterm" name="id384781"></a>
         Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits
         data to be accessed from a single share and yet to actually be distributed across multiple actual
 …
         implementation of an MSDFS installation.
         </p><p>
         <a class="indexterm" name="id386271"></a>
         <a class="indexterm" name="id386280"></a>
+        <a class="indexterm" name="id384797"></a>
+        <a class="indexterm" name="id384806"></a>
         The combination of multiple backend servers together with a front-end server and use of MSDFS
         can achieve almost the same as you would obtain with a clustered Samba server.
         </p></div><div class="sect2" title="Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth"><div class="titlepage"><div><div><h3 class="title"><a name="id386291"></a>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</h3></div></div></div><p>
         <a class="indexterm" name="id386299"></a>
         <a class="indexterm" name="id386306"></a>
         <a class="indexterm" name="id386313"></a>
+        </p></div><div class="sect2" title="Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth"><div class="titlepage"><div><div><h3 class="title"><a name="id384817"></a>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</h3></div></div></div><p>
+        <a class="indexterm" name="id384825"></a>
+        <a class="indexterm" name="id384832"></a>
+        <a class="indexterm" name="id384839"></a>
         Consider using <code class="literal">rsync</code> to replicate data across the WAN during times
         of low utilization. Users can then access the replicated data store rather than needing to do so
 …
         implementation if you choose to permit modification and return replication of the modified file;
         otherwise, you may inadvertently overwrite important data.
         </p></div><div class="sect2" title="Hardware Problems"><div class="titlepage"><div><div><h3 class="title"><a name="id386332"></a>Hardware Problems</h3></div></div></div><p>
         <a class="indexterm" name="id386340"></a>
         <a class="indexterm" name="id386346"></a>
         <a class="indexterm" name="id386353"></a>
         <a class="indexterm" name="id386360"></a>
         <a class="indexterm" name="id386369"></a>
         <a class="indexterm" name="id386378"></a>
+        </p></div><div class="sect2" title="Hardware Problems"><div class="titlepage"><div><div><h3 class="title"><a name="id384858"></a>Hardware Problems</h3></div></div></div><p>
+        <a class="indexterm" name="id384866"></a>
+        <a class="indexterm" name="id384872"></a>
+        <a class="indexterm" name="id384879"></a>
+        <a class="indexterm" name="id384886"></a>
+        <a class="indexterm" name="id384895"></a>
+        <a class="indexterm" name="id384904"></a>
         Networking hardware prices have fallen sharply over the past 5 years. A surprising number
         of Samba networking problems over this time have been traced to defective network interface
         cards (NICs) or defective HUBs, switches, and cables.
         </p><p>
         <a class="indexterm" name="id386393"></a>
+        <a class="indexterm" name="id384919"></a>
         Not surprising is the fact that network administrators do not like to be shown to have made
         a bad decision. Money saved in buying low-cost hardware may result in high costs incurred
         in corrective action.
         </p><p>
         <a class="indexterm" name="id386405"></a>
         <a class="indexterm" name="id386412"></a>
         <a class="indexterm" name="id386418"></a>
         <a class="indexterm" name="id386425"></a>
         <a class="indexterm" name="id386432"></a>
+        <a class="indexterm" name="id384931"></a>
+        <a class="indexterm" name="id384938"></a>
+        <a class="indexterm" name="id384944"></a>
+        <a class="indexterm" name="id384951"></a>
+        <a class="indexterm" name="id384958"></a>
         Defective NICs, HUBs, and switches may appear as intermittent network access problems, intermittent
         or persistent data corruption, slow network throughput, low performance, or even as BSOD
 …
         Defective hardware problems may take patience and persistence before the real cause can be discovered.
         </p><p>
         <a class="indexterm" name="id386450"></a>
+        <a class="indexterm" name="id384976"></a>
         Networking hardware defects can significantly impact perceived Samba performance, but defective
         RAID controllers as well as SCSI and IDE hard disk controllers have also been known to impair Samba server
 …
         administrator until the entire server was replaced. While you may well think that this would never
         happen to you, experience shows that given the right (unfortunate) circumstances, this can happen to anyone.
         </p></div><div class="sect2" title="Large Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id386465"></a>Large Directories</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Large Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id384991"></a>Large Directories</h3></div></div></div><p>
         There exist applications that create or manage directories containing many thousands of files. Such
         applications typically generate many small files (less than 100 KB). At the best of times, under UNIX,
 …
         as specified in the <code class="filename">smb.conf</code> stanza. This means that smbd will not be able to find lower case
         filenames with these settings.  Note, this is done on a per-share basis.
         </p></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386548"></a>Key Points Learned</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id385073"></a>Key Points Learned</h2></div></div></div><p>
         This chapter has touched in broad sweeps on a number of simple steps that can be taken
         to ensure that your Samba network is resilient, scalable, and reliable, and that it
 …
         her an even break.
         </p><p>
         <a class="indexterm" name="id386565"></a>
+        <a class="indexterm" name="id385090"></a>
         Last, but not least, you should not only keep the network design simple, but also be sure it is
         well documented. This book may serve as your pattern for documenting every

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/RefSection.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part III. Reference Section</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"><link rel="next" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part III. Reference Section</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="nw4migration.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="kerberos.html">Next</a></td></tr></table><hr></div><div class="part" title="Part III. Reference Section"><div class="titlepage"><div><div><h1 class="title"><a name="RefSection"></a>Part III. Reference Section</h1></div></div></div><div class="partintro" title="Reference Section"><div><div><div><h1 class="title"><a name="id377046"></a>Reference Section</h1></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part III. Reference Section</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"><link rel="next" href="kerberos.html" title="Chapter 11. Active Directory, Kerberos, and Security"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part III. Reference Section</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="nw4migration.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="kerberos.html">Next</a></td></tr></table><hr></div><div class="part" title="Part III. Reference Section"><div class="titlepage"><div><div><h1 class="title"><a name="RefSection"></a>Part III. Reference Section</h1></div></div></div><div class="partintro" title="Reference Section"><div><div><div><h1 class="title"><a name="id375575"></a>Reference Section</h1></div></div></div><p>
 This section <span class="emphasis"><em>Samba-3 by Example</em></span> provides important reference material
 that may help you to solve network performance issues, to answer some of the critiques
 published regarding Samba, or just to gain a more broad understanding of how Samba can
 play in a Windows networking world.
 </p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id377126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id377710">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id377723">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378089">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id379573">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379908">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380465">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380830">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id381514">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id381636">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id382225">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382248">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382338">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382367">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382513">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382530">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id384281">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id384336">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id384815">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id384892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id385369">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id385810">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id386110">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id386178">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id386240">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id386332">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id386465">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id386548">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id386696">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id386894">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387559">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387952">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388254">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388264">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388308">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388408">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388463">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id388919">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id389839">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id390270">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390409">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390484">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id390627">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id390763">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id390813">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id390920">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391033">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id393121">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id393223">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A.
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id375655">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id376238">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id376252">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id376618">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378100">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id378435">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id378992">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379357">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380041">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id380163">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id380752">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id380775">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id380865">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id380894">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id381040">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id381058">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382809">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382864">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id383342">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id383418">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id383870">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id383895">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id384336">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id384636">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id384704">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id384766">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id384817">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id384858">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id384991">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id385073">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id385222">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id385420">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386084">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386477">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386779">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id386790">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id386834">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id386933">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id386988">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id387443">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388364">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388795">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388933">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id389009">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id389151">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id389288">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id389338">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id389445">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id389558">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id390654">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id391645">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391746">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A.
     <acronym class="acronym">GNU</acronym> General Public License version 3
   </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id393828">A.
+  </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id392352">A.
     Preamble
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393937">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392460">A.
     TERMS AND CONDITIONS
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393940">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392464">A.
 . Definitions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394004">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392528">A.
 . Source Code.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394066">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392590">A.
 . Basic Permissions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394094">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392617">A.
 . Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394116">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392639">A.
 . Conveying Verbatim Copies.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394135">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392659">A.
 . Conveying Modified Source Versions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394207">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392731">A.
 . Conveying Non-Source Forms.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394339">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392863">A.
 . Additional Terms.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394444">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392969">A.
 . Termination.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394476">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393000">A.
 . Acceptance Not Required for Having Copies.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394495">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393019">A.
 . Automatic Licensing of Downstream Recipients.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394529">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393053">A.
 . Patents.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394618">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393142">A.
 . No Surrender of Others&#8217; Freedom.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394633">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393158">A.
 . Use with the ???TITLE??? Affero General Public License.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394657">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393181">A.
 . Revised Versions of this License.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394704">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393229">A.
 . Disclaimer of Warranty.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394722">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393246">A.
 . Limitation of Liability.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394736">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393261">A.
 . Interpretation of Sections 15 and 16.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394749">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393273">A.
     END OF TERMS AND CONDITIONS
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394752">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393277">A.
     How to Apply These Terms to Your New Programs
   </a></span></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="nw4migration.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="kerberos.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 10. Migrating NetWare Server to Samba-3 </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Active Directory, Kerberos, and Security</td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/apa.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Appendix A.  GNU General Public License version 3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="primer.html" title="Chapter 16. Networking Primer"><link rel="next" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Appendix A.
     <acronym class="acronym">GNU</acronym> General Public License version 3
   </th></tr><tr><td width="20%" align="left"><a accesskey="p" href="primer.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="go01.html">Next</a></td></tr></table><hr></div><div class="appendix" title="Appendix A.  GNU General Public License version 3"><div class="titlepage"><div><div><h2 class="title"><a name="id393802"></a>Appendix A.
+  </th></tr><tr><td width="20%" align="left"><a accesskey="p" href="primer.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="go01.html">Next</a></td></tr></table><hr></div><div class="appendix" title="Appendix A.  GNU General Public License version 3"><div class="titlepage"><div><div><h2 class="title"><a name="id392326"></a>Appendix A.
     <acronym class="acronym">GNU</acronym> General Public License version 3
   </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="bridgehead"><a href="apa.html#id393828">A.
+  </h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="bridgehead"><a href="apa.html#id392352">A.
     Preamble
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393937">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392460">A.
     TERMS AND CONDITIONS
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393940">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392464">A.
 . Definitions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394004">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392528">A.
 . Source Code.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394066">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392590">A.
 . Basic Permissions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394094">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392617">A.
 . Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394116">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392639">A.
 . Conveying Verbatim Copies.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394135">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392659">A.
 . Conveying Modified Source Versions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394207">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392731">A.
 . Conveying Non-Source Forms.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394339">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392863">A.
 . Additional Terms.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394444">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392969">A.
 . Termination.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394476">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393000">A.
 . Acceptance Not Required for Having Copies.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394495">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393019">A.
 . Automatic Licensing of Downstream Recipients.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394529">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393053">A.
 . Patents.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394618">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393142">A.
 . No Surrender of Others&#8217; Freedom.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394633">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393158">A.
 . Use with the ???TITLE??? Affero General Public License.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394657">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393181">A.
 . Revised Versions of this License.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394704">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393229">A.
 . Disclaimer of Warranty.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394722">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393246">A.
 . Limitation of Liability.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394736">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393261">A.
 . Interpretation of Sections 15 and 16.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394749">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393273">A.
     END OF TERMS AND CONDITIONS
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394752">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393277">A.
     How to Apply These Terms to Your New Programs
   </a></span></dt></dl></div><p>
 …
     Everyone is permitted to copy and distribute verbatim copies of this license
     document, but changing it is not allowed.
   </p><h2><a name="id393828"></a>
+  </p><h2><a name="id392352"></a>
     Preamble
   </h2><p>
 …
     The precise terms and conditions for copying, distribution and modification
     follow.
   </p><h2><a name="id393937"></a>
+  </p><h2><a name="id392460"></a>
     TERMS AND CONDITIONS
   </h2><h2><a name="id393940"></a>
+  </h2><h2><a name="id392464"></a>
 . Definitions.
   </h2><p>
 …
     a list of user commands or options, such as a menu, a prominent item in the
     list meets this criterion.
   </p><h2><a name="id394004"></a>
+  </p><h2><a name="id392528"></a>
 . Source Code.
   </h2><p>
 …
   </p><p>
     The Corresponding Source for a work in source code form is that same work.
   </p><h2><a name="id394066"></a>
+  </p><h2><a name="id392590"></a>
 . Basic Permissions.
   </h2><p>
 …
     conditions stated below.  Sublicensing is not allowed; section 10 makes it
     unnecessary.
   </p><h2><a name="id394094"></a>
+  </p><h2><a name="id392617"></a>
 . Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
   </h2><p>
 …
     third parties&#8217; legal rights to forbid circumvention of technological
     measures.
   </p><h2><a name="id394116"></a>
+  </p><h2><a name="id392639"></a>
 . Conveying Verbatim Copies.
   </h2><p>
 …
     You may charge any price or no price for each copy that you convey, and you
     may offer support or warranty protection for a fee.
   </p><h2><a name="id394135"></a>
+  </p><h2><a name="id392659"></a>
 . Conveying Modified Source Versions.
   </h2><p>
 …
     permit.  Inclusion of a covered work in an aggregate does not cause
     this License to apply to the other parts of the aggregate.
   </p><h2><a name="id394207"></a>
+  </p><h2><a name="id392731"></a>
 . Conveying Non-Source Forms.
   </h2><p>
 …
     and must require no special password or key for unpacking, reading or
     copying.
   </p><h2><a name="id394339"></a>
+  </p><h2><a name="id392863"></a>
 . Additional Terms.
    </h2><p>
 …
      of a separately written license, or stated as exceptions; the above
      requirements apply either way.
    </p><h2><a name="id394444"></a>
+   </p><h2><a name="id392969"></a>
 . Termination.
    </h2><p>
 …
      reinstated, you do not qualify to receive new licenses for the same
      material under section 10.
    </p><h2><a name="id394476"></a>
+   </p><h2><a name="id393000"></a>
 . Acceptance Not Required for Having Copies.
    </h2><p>
 …
      Therefore, by modifying or propagating a covered work, you indicate your
      acceptance of this License to do so.
    </p><h2><a name="id394495"></a>
+   </p><h2><a name="id393019"></a>
 . Automatic Licensing of Downstream Recipients.
    </h2><p>
 …
      by making, using, selling, offering for sale, or importing the Program or
      any portion of it.
    </p><h2><a name="id394529"></a>
+   </p><h2><a name="id393053"></a>
 . Patents.
   </h2><p>
 …
     implied license or other defenses to infringement that may otherwise be
     available to you under applicable patent law.
   </p><h2><a name="id394618"></a>
+  </p><h2><a name="id393142"></a>
 . No Surrender of Others&#8217; Freedom.
   </h2><p>
 …
     Program, the only way you could satisfy both those terms and this License
     would be to refrain entirely from conveying the Program.
   </p><h2><a name="id394633"></a>
+  </p><h2><a name="id393158"></a>
 . Use with the <acronym class="acronym">GNU</acronym> Affero General Public License.
   </h2><p>
 …
     section 13, concerning interaction through a network will apply to the
     combination as such.
   </p><h2><a name="id394657"></a>
+  </p><h2><a name="id393181"></a>
 . Revised Versions of this License.
   </h2><p>
 …
     However, no additional obligations are imposed on any author or copyright
     holder as a result of your choosing to follow a later version.
   </p><h2><a name="id394704"></a>
+  </p><h2><a name="id393229"></a>
 . Disclaimer of Warranty.
   </h2><p>
 …
     YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
     NECESSARY SERVICING, REPAIR OR CORRECTION.
   </p><h2><a name="id394722"></a>
+  </p><h2><a name="id393246"></a>
 . Limitation of Liability.
   </h2><p>
 …
     EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGES.
   </p><h2><a name="id394736"></a>
+  </p><h2><a name="id393261"></a>
 . Interpretation of Sections 15 and 16.
   </h2><p>
 …
     warranty or assumption of liability accompanies a copy of the Program in
     return for a fee.
   </p><h2><a name="id394749"></a>
+  </p><h2><a name="id393273"></a>
     END OF TERMS AND CONDITIONS
   </h2><h2><a name="id394752"></a>
+  </h2><h2><a name="id393277"></a>
     How to Apply These Terms to Your New Programs
   </h2><p>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/appendix.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 15. A Collection of Useful Tidbits</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="ch14.html" title="Chapter 14. Samba Support"><link rel="next" href="primer.html" title="Chapter 16. Networking Primer"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 15. A Collection of Useful Tidbits</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch14.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="primer.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 15. A Collection of Useful Tidbits"><div class="titlepage"><div><div><h2 class="title"><a name="appendix"></a>Chapter 15. A Collection of Useful Tidbits</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387559">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387952">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388254">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388264">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388308">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388408">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388463">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id388919">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id389839">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id390270">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390409">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390484">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></div><p>
         <a class="indexterm" name="id387011"></a>
         <a class="indexterm" name="id387018"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 15. A Collection of Useful Tidbits</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="ch14.html" title="Chapter 14. Samba Support"><link rel="next" href="primer.html" title="Chapter 16. Networking Primer"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 15. A Collection of Useful Tidbits</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch14.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="primer.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 15. A Collection of Useful Tidbits"><div class="titlepage"><div><div><h2 class="title"><a name="appendix"></a>Chapter 15. A Collection of Useful Tidbits</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386084">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386477">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386779">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id386790">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id386834">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id386933">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id386988">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id387443">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388364">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388795">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388933">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id389009">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></div><p>
+        <a class="indexterm" name="id385538"></a>
+        <a class="indexterm" name="id385544"></a>
         Information presented here is considered to be either basic or well-known material that is informative
         yet helpful. Over the years, I have observed an interesting behavior. There is an expectation that
 …
         as shown in the example given below.
         </p><div class="sect1" title="Joining a Domain: Windows 200x/XP Professional"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="domjoin"></a>Joining a Domain: Windows 200x/XP Professional</h2></div></div></div><p>
         <a class="indexterm" name="id387044"></a>
+        <a class="indexterm" name="id385570"></a>
         Microsoft Windows NT/200x/XP Professional platforms can participate in Domain Security.
         This section steps through the process for making a Windows 200x/XP Professional machine a
         member of a Domain Security environment. It should be noted that this process is identical
         when joining a domain that is controlled by Windows NT4/200x as well as a Samba PDC.
         </p><div class="procedure" title="Procedure 15.1. Steps to Join a Domain"><a name="id387055"></a><p class="title"><b>Procedure 15.1. Steps to Join a Domain</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 15.1. Steps to Join a Domain"><a name="id385581"></a><p class="title"><b>Procedure 15.1. Steps to Join a Domain</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Click <span class="guimenu">Start</span>.
                 </p></li><li class="step" title="Step 2"><p>
 …
                 Joining the domain is now complete.
                 </p></li></ol></div><p>
         <a class="indexterm" name="id387460"></a>
         <a class="indexterm" name="id387466"></a>
+        <a class="indexterm" name="id385985"></a>
+        <a class="indexterm" name="id385992"></a>
         The screen capture shown in <a class="link" href="appendix.html#swxpp007" title="Figure 15.4. The Computer Name Changes Panel Domain MIDEARTH">&#8220;The Computer Name Changes Panel  Domain MIDEARTH&#8221;</a> has a button labeled <span class="guimenu">More...</span>. This button opens a
         panel in which you can set (or change) the Primary DNS suffix of the computer. This is a parameter that mainly affects members
         of Microsoft Active Directory. Active Directory is heavily oriented around the DNS namespace.
         </p><p>
         <a class="indexterm" name="id387490"></a>
         <a class="indexterm" name="id387497"></a>
+        <a class="indexterm" name="id386015"></a>
+        <a class="indexterm" name="id386022"></a>
         Where NetBIOS technology uses WINS as well as UDP broadcast as key mechanisms for name resolution, Active Directory servers
         register their services with the Microsoft Dynamic DNS server. Windows clients must be able to query the correct DNS server
         to find the services (like which machines are domain controllers or which machines have the Netlogon service running).
         </p><p>
         <a class="indexterm" name="id387512"></a>
+        <a class="indexterm" name="id386037"></a>
         The default setting of the Primary DNS suffix is the Active Directory domain name. When you change the Primary DNS suffix,
         this does not affect domain membership, but it can break network browsing and the ability to resolve your computer name to
 …
         Where the client is a member of a Samba domain, it is preferable to leave this field blank.
         </p><p>
         <a class="indexterm" name="id387534"></a>
+        <a class="indexterm" name="id386059"></a>
         According to Microsoft documentation, <span class="quote">&#8220;<span class="quote">If this computer belongs to a group with <code class="constant">Group Policy</code>
         enabled on <code class="literal">Primary DNS suffice of this computer</code>, the string specified in the Group Policy is used
         as the primary DNS suffix and you might need to restart your computer to view the correct setting. The local setting is
         used only if Group Policy is disabled or unspecified.</span>&#8221;</span>
         </p></div><div class="sect1" title="Samba System File Location"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387559"></a>Samba System File Location</h2></div></div></div><p><a class="indexterm" name="id387566"></a><a class="indexterm" name="id387574"></a><a class="indexterm" name="id387581"></a>
+        </p></div><div class="sect1" title="Samba System File Location"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386084"></a>Samba System File Location</h2></div></div></div><p><a class="indexterm" name="id386091"></a><a class="indexterm" name="id386099"></a><a class="indexterm" name="id386107"></a>
         One of the frustrations expressed by subscribers to the Samba mailing lists revolves around the choice of where the default Samba Team
         build and installation process locates its Samba files. The location, chosen in the early 1990s, for the default installation is
 …
         Several UNIX vendors, and Linux vendors in particular, elected to locate the Samba files in a location other than the Samba Team
         default.
         </p><p><a class="indexterm" name="id387612"></a><a class="indexterm" name="id387624"></a><a class="indexterm" name="id387631"></a><a class="indexterm" name="id387643"></a><a class="indexterm" name="id387650"></a><a class="indexterm" name="id387662"></a><a class="indexterm" name="id387670"></a><a class="indexterm" name="id387677"></a><a class="indexterm" name="id387685"></a><a class="indexterm" name="id387693"></a><a class="indexterm" name="id387701"></a><a class="indexterm" name="id387709"></a><a class="indexterm" name="id387717"></a><a class="indexterm" name="id387725"></a><a class="indexterm" name="id387732"></a><a class="indexterm" name="id387740"></a>
+        </p><p><a class="indexterm" name="id386138"></a><a class="indexterm" name="id386149"></a><a class="indexterm" name="id386156"></a><a class="indexterm" name="id386168"></a><a class="indexterm" name="id386175"></a><a class="indexterm" name="id386187"></a><a class="indexterm" name="id386194"></a><a class="indexterm" name="id386202"></a><a class="indexterm" name="id386210"></a><a class="indexterm" name="id386218"></a><a class="indexterm" name="id386226"></a><a class="indexterm" name="id386234"></a><a class="indexterm" name="id386242"></a><a class="indexterm" name="id386250"></a><a class="indexterm" name="id386257"></a><a class="indexterm" name="id386265"></a>
         Linux vendors, working in conjunction with the Free Standards Group (FSG), Linux Standards Base (LSB), and File Hierarchy
         System (FHS), have elected to locate the configuration files under the <code class="filename">/etc/samba</code> directory, common binary
 …
         <code class="filename">/usr/lib/samba</code> directory tree. The files located there include the dynamically loadable modules for the
         passdb backend as well as for the VFS modules.
         </p><p><a class="indexterm" name="id387804"></a><a class="indexterm" name="id387812"></a><a class="indexterm" name="id387820"></a>
+        </p><p><a class="indexterm" name="id386329"></a><a class="indexterm" name="id386337"></a><a class="indexterm" name="id386344"></a>
         Samba creates runtime control files and generates log files. The runtime control files (tdb and dat files) are stored in
         the <code class="filename">/var/lib/samba</code> directory. Log files are created in <code class="filename">/var/log/samba.</code>
 …
         When Samba is built and installed using the default Samba Team process, all files are located under the
         <code class="filename">/usr/local/samba</code> directory tree. This makes it simple to find the files that Samba owns.
         </p><p><a class="indexterm" name="id387854"></a>
+        </p><p><a class="indexterm" name="id386379"></a>
         One way to find the Samba files that are installed on your UNIX/Linux system is to search for the location
         of all files called <code class="literal">smbd</code>. Here is an example:
 …
         Many people have been caught by installation of Samba using the default Samba Team process when it was already installed
         by the platform vendor's method. If your platform uses RPM format packages, you can check to see if Samba is installed by
         executing:<a class="indexterm" name="id387919"></a>
+        executing:<a class="indexterm" name="id386444"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> rpm -qa | grep samba
 …
 samba3-client-3.0.20-1
 samba3-cifsmount-3.0.20-1
         </pre><p><a class="indexterm" name="id387940"></a>
+        </pre><p><a class="indexterm" name="id386464"></a>
         The package names, of course, vary according to how the vendor, or the binary package builder, prepared them.
         </p></div><div class="sect1" title="Starting Samba"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387952"></a>Starting Samba</h2></div></div></div><p><a class="indexterm" name="id387958"></a>
+        </p></div><div class="sect1" title="Starting Samba"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386477"></a>Starting Samba</h2></div></div></div><p><a class="indexterm" name="id386483"></a>
         Samba essentially consists of two or three daemons. A daemon is a UNIX application that runs in the background and provides services.
         An example of a service is the Apache Web server for which the daemon is called <code class="literal">httpd</code>. In the case of Samba, there
 …
 exit 0
 </pre></div></div><br class="example-break"><div class="variablelist"><dl><dt><span class="term">nmbd</span></dt><dd><p>
                         <a class="indexterm" name="id388017"></a>
                         <a class="indexterm" name="id388024"></a>
+                        <a class="indexterm" name="id386542"></a>
+                        <a class="indexterm" name="id386549"></a>
                         This daemon handles all name registration and resolution requests. It is the primary vehicle involved
                         in network browsing. It handles all UDP-based protocols. The <code class="literal">nmbd</code> daemon should
                         be the first command started as part of the Samba startup process.
                         </p></dd><dt><span class="term">smbd</span></dt><dd><p>
                         <a class="indexterm" name="id388051"></a>
                         <a class="indexterm" name="id388058"></a>
+                        <a class="indexterm" name="id386576"></a>
+                        <a class="indexterm" name="id386583"></a>
                         This daemon handles all TCP/IP-based connection services for file- and print-based operations. It also
                         manages local authentication. It should be started immediately following the startup of <code class="literal">nmbd</code>.
                         </p></dd><dt><span class="term">winbindd</span></dt><dd><p>
                         <a class="indexterm" name="id388085"></a>
                         <a class="indexterm" name="id388092"></a>
+                        <a class="indexterm" name="id386610"></a>
+                        <a class="indexterm" name="id386616"></a>
                         This daemon should be started when Samba is a member of a Windows NT4 or ADS domain. It is also needed when
                         Samba has trust relationships with another domain. The <code class="literal">winbindd</code> daemon will check the
 …
         exit 1
 esac
 </pre></div></div><br class="example-break"><p><a class="indexterm" name="id388184"></a>
+</pre></div></div><br class="example-break"><p><a class="indexterm" name="id386709"></a>
         SUSE Linux implements individual control over each Samba daemon. A Samba control script that can be conveniently
         executed from the command line is shown in <a class="link" href="appendix.html#ch12SL" title="Example 15.1. A Useful Samba Control Script for SUSE Linux">&#8220;A Useful Samba Control Script for SUSE Linux&#8221;</a>. This can be located in the directory
         <code class="filename">/sbin</code> in a file called <code class="filename">samba</code>. This type of control script should be
         owned by user root and group root, and set so that only root can execute it.
         </p><p><a class="indexterm" name="id388216"></a>
+        </p><p><a class="indexterm" name="id386741"></a>
         A sample startup script for a Red Hat Linux system is shown in <a class="link" href="appendix.html#ch12RHscript" title="Example 15.2. A Sample Samba Control Script for Red Hat Linux">&#8220;A Sample Samba Control Script for Red Hat Linux&#8221;</a>.
         This file could be located in the directory <code class="filename">/etc/rc.d</code> and can be called
 …
         the Samba source code distribution tarball. The packaging files for each platform include a
         startup control file.
         </p></div><div class="sect1" title="DNS Configuration Files"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id388254"></a>DNS Configuration Files</h2></div></div></div><p>
+        </p></div><div class="sect1" title="DNS Configuration Files"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386779"></a>DNS Configuration Files</h2></div></div></div><p>
         The following files are common to all DNS server configurations. Rather than repeat them multiple times, they
         are presented here for general reference.
         </p><div class="sect2" title="The Forward Zone File for the Loopback Adaptor"><div class="titlepage"><div><div><h3 class="title"><a name="id388264"></a>The Forward Zone File for the Loopback Adaptor</h3></div></div></div><p>
+        </p><div class="sect2" title="The Forward Zone File for the Loopback Adaptor"><div class="titlepage"><div><div><h3 class="title"><a name="id386790"></a>The Forward Zone File for the Loopback Adaptor</h3></div></div></div><p>
         The forward zone file for the loopback address never changes. An example file is shown
         in <a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a>. All traffic destined for an IP address that is hosted on a
 …
                 IN NS           @
                 IN A            127.0.0.1
 </pre></div></div><br class="example-break"></div><div class="sect2" title="The Reverse Zone File for the Loopback Adaptor"><div class="titlepage"><div><div><h3 class="title"><a name="id388308"></a>The Reverse Zone File for the Loopback Adaptor</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="The Reverse Zone File for the Loopback Adaptor"><div class="titlepage"><div><div><h3 class="title"><a name="id386834"></a>The Reverse Zone File for the Loopback Adaptor</h3></div></div></div><p>
         The reverse zone file for the loopback address as shown in <a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a>
         is necessary so that references to the address <code class="constant">127.0.0.1</code> can be
 …
 M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
 ; End of File
 </pre></div></div><br class="example-break"></div><div class="sect2" title="DNS Root Server Hint File"><div class="titlepage"><div><div><h3 class="title"><a name="id388408"></a>DNS Root Server Hint File</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="DNS Root Server Hint File"><div class="titlepage"><div><div><h3 class="title"><a name="id386933"></a>DNS Root Server Hint File</h3></div></div></div><p>
         The content of the root hints file as shown in <a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a>  changes slowly over time.
         Periodically this file should be updated from the source shown. Because
           of its size, this file is located at the end of this chapter.
         </p></div></div><div class="sect1" title="Alternative LDAP Database Initialization"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="altldapcfg"></a>Alternative LDAP Database Initialization</h2></div></div></div><p><a class="indexterm" name="id388437"></a><a class="indexterm" name="id388448"></a>
+        </p></div></div><div class="sect1" title="Alternative LDAP Database Initialization"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="altldapcfg"></a>Alternative LDAP Database Initialization</h2></div></div></div><p><a class="indexterm" name="id386962"></a><a class="indexterm" name="id386973"></a>
         The following procedure may be used as an alternative means of configuring
         the initial LDAP database. Many administrators prefer to have greater control
         over how system files get configured.
         </p><div class="sect2" title="Initialization of the LDAP Database"><div class="titlepage"><div><div><h3 class="title"><a name="id388463"></a>Initialization of the LDAP Database</h3></div></div></div><p><a class="indexterm" name="id388470"></a><a class="indexterm" name="id388478"></a><a class="indexterm" name="id388489"></a>
+        </p><div class="sect2" title="Initialization of the LDAP Database"><div class="titlepage"><div><div><h3 class="title"><a name="id386988"></a>Initialization of the LDAP Database</h3></div></div></div><p><a class="indexterm" name="id386995"></a><a class="indexterm" name="id387003"></a><a class="indexterm" name="id387014"></a>
         The first step to get the LDAP server ready for action is to create the LDIF file from
         which the LDAP database will be preloaded. This is necessary to create the containers
 …
 displayName: Domain Users
 description: Domain Users
 </pre></div></div><br class="example-break"></div><div class="sect1" title="The LDAP Account Manager"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id388919"></a>The LDAP Account Manager</h2></div></div></div><p>
 <a class="indexterm" name="id388927"></a>
 <a class="indexterm" name="id388934"></a>
 <a class="indexterm" name="id388943"></a>
 <a class="indexterm" name="id388949"></a>
 <a class="indexterm" name="id388956"></a>
 <a class="indexterm" name="id388963"></a>
 <a class="indexterm" name="id388970"></a>
+</pre></div></div><br class="example-break"></div><div class="sect1" title="The LDAP Account Manager"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id387443"></a>The LDAP Account Manager</h2></div></div></div><p>
+<a class="indexterm" name="id387451"></a>
+<a class="indexterm" name="id387458"></a>
+<a class="indexterm" name="id387467"></a>
+<a class="indexterm" name="id387474"></a>
+<a class="indexterm" name="id387480"></a>
+<a class="indexterm" name="id387487"></a>
+<a class="indexterm" name="id387494"></a>
 The LDAP Account Manager (LAM) is an application suite that has been written in PHP.
 LAM can be used with any Web server that has PHP4 support. It connects to the LDAP
 …
 of 2005.
 </p><p>
 <a class="indexterm" name="id388996"></a>
 <a class="indexterm" name="id389003"></a>
 <a class="indexterm" name="id389010"></a>
+<a class="indexterm" name="id387521"></a>
+<a class="indexterm" name="id387527"></a>
+<a class="indexterm" name="id387534"></a>
 Requirements:
 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A web server that will work with PHP4.</p></li><li class="listitem"><p>PHP4 (available from the <a class="ulink" href="http://www.php.net/" target="_top">PHP</a> home page.)</p></li><li class="listitem"><p>OpenLDAP 2.0 or later.</p></li><li class="listitem"><p>A Web browser that supports CSS.</p></li><li class="listitem"><p>Perl.</p></li><li class="listitem"><p>The gettext package.</p></li><li class="listitem"><p>mcrypt + mhash (optional).</p></li><li class="listitem"><p>It is also a good idea to install SSL support.</p></li></ul></div><p>
 LAM is a useful tool that provides a simple Web-based device that can be used to
 manage the contents of the LDAP directory to:
 <a class="indexterm" name="id389067"></a>
 <a class="indexterm" name="id389074"></a>
 <a class="indexterm" name="id389081"></a>
+<a class="indexterm" name="id387592"></a>
+<a class="indexterm" name="id387598"></a>
+<a class="indexterm" name="id387605"></a>
 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Display user/group/host and Domain entries.</p></li><li class="listitem"><p>Manage entries (Add/Delete/Edit).</p></li><li class="listitem"><p>Filter and sort entries.</p></li><li class="listitem"><p>Store and use multiple operating profiles.</p></li><li class="listitem"><p>Edit organizational units (OUs).</p></li><li class="listitem"><p>Upload accounts from a file.</p></li><li class="listitem"><p>Is compatible with Samba-2.2.x and Samba-3.</p></li></ul></div><p>
 When correctly configured, LAM allows convenient management of UNIX (Posix) and Samba
 user, group, and windows domain member machine accounts.
 </p><p>
 <a class="indexterm" name="id389132"></a>
 <a class="indexterm" name="id389139"></a>
 <a class="indexterm" name="id389145"></a>
 <a class="indexterm" name="id389152"></a>
+<a class="indexterm" name="id387656"></a>
+<a class="indexterm" name="id387663"></a>
+<a class="indexterm" name="id387670"></a>
+<a class="indexterm" name="id387676"></a>
 The default password is <span class="quote">&#8220;<span class="quote">lam.</span>&#8221;</span> It is highly recommended that you use only
 an SSL connection to your Web server for all remote operations involving LAM. If you
 …
         <code class="filename">/srv/www/htdocs</code> directory.
         </p></li><li class="step" title="Step 3"><p>
         <a class="indexterm" name="id389226"></a>
+        <a class="indexterm" name="id387750"></a>
         Set file permissions using the following commands:
 </p><pre class="screen">
 …
 </pre><p>
         </p></li><li class="step" title="Step 4"><p>
         <a class="indexterm" name="id389276"></a>
+        <a class="indexterm" name="id387800"></a>
        Using your favorite editor create the following <code class="filename">config.cfg</code>
        LAM configuration file:
 …
 <code class="prompt">root# </code> vi config.cfg
 </pre><p>
         <a class="indexterm" name="id389315"></a>
         <a class="indexterm" name="id389324"></a>
+        <a class="indexterm" name="id387840"></a>
+        <a class="indexterm" name="id387849"></a>
         An example file is shown in <a class="link" href="appendix.html#lamcfg" title="Example 15.11. Example LAM Configuration File config.cfg">&#8220;Example LAM Configuration File  config.cfg&#8221;</a>.
         This is the minimum configuration that must be completed. The LAM profile
 …
         change the settings to match local site needs.
         </p></li></ol></div><p>
         <a class="indexterm" name="id389379"></a>
+        <a class="indexterm" name="id387903"></a>
         An example of a working file is shown here in <a class="link" href="appendix.html#lamconf" title="Example 15.12. LAM Profile Control File lam.conf">&#8220;LAM Profile Control File  lam.conf&#8221;</a>.
         This file has been stripped of comments to keep the size small. The comments
 …
         are preferred at your site.
         </p><p>
         <a class="indexterm" name="id389399"></a>
+        <a class="indexterm" name="id387923"></a>
         It is important that your LDAP server is running at the time that LAM is
         being configured. This permits you to validate correct operation.
         An example of the LAM login screen is provided in <a class="link" href="appendix.html#lam-login" title="Figure 15.6. The LDAP Account Manager Login Screen">&#8220;The LDAP Account Manager Login Screen&#8221;</a>.
         </p><div class="figure"><a name="lam-login"></a><p class="title"><b>Figure 15.6. The LDAP Account Manager Login Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-login.png" width="270" alt="The LDAP Account Manager Login Screen"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id389458"></a>
+        <a class="indexterm" name="id387983"></a>
         The LAM configuration editor has a number of options that must be managed correctly.
         An example of use of the LAM configuration editor is shown in <a class="link" href="appendix.html#lam-config" title="Figure 15.7. The LDAP Account Manager Configuration Screen">&#8220;The LDAP Account Manager Configuration Screen&#8221;</a>.
 …
         using LAM to add additional users and groups.
         </p><div class="figure"><a name="lam-config"></a><p class="title"><b>Figure 15.7. The LDAP Account Manager Configuration Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-config.png" width="270" alt="The LDAP Account Manager Configuration Screen"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id389523"></a>
+        <a class="indexterm" name="id388047"></a>
         LAM has some nice, but unusual features. For example, one unexpected feature in most application
         screens permits the generation of a PDF file that lists configuration information. This is a well
 …
         space.
         </p><p>
         <a class="indexterm" name="id389536"></a>
+        <a class="indexterm" name="id388060"></a>
         When you log onto LAM the opening screen drops you right into the user manager as shown in
         <a class="link" href="appendix.html#lam-user" title="Figure 15.8. The LDAP Account Manager User Edit Screen">&#8220;The LDAP Account Manager User Edit Screen&#8221;</a>. This is a logical action as it permits the most-needed facility
 …
         memberships.
         </p><div class="figure"><a name="lam-group"></a><p class="title"><b>Figure 15.9. The LDAP Account Manager Group Edit Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-groups.png" width="270" alt="The LDAP Account Manager Group Edit Screen"></div></div></div><br class="figure-break"><div class="figure"><a name="lam-group-mem"></a><p class="title"><b>Figure 15.10. The LDAP Account Manager Group Membership Edit Screen</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/lam-group-members.png" width="270" alt="The LDAP Account Manager Group Membership Edit Screen"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id389704"></a><a class="indexterm" name="id389710"></a>
+        <a class="indexterm" name="id388230"></a><a class="indexterm" name="id388236"></a>
         The final screen presented here is one that you should not normally need to use. Host accounts will
         be automatically managed using the smbldap-tools scripts. This means that the screen <a class="link" href="appendix.html#lam-host" title="Figure 15.11. The LDAP Account Manager Host Edit Screen">&#8220;The LDAP Account Manager Host Edit Screen&#8221;</a>
 …
 cachetimeout: 5
 pwdhash: SSHA
 </pre></div></div><br class="example-break"></div><div class="sect1" title="IDEALX Management Console"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id389839"></a>IDEALX Management Console</h2></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect1" title="IDEALX Management Console"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id388364"></a>IDEALX Management Console</h2></div></div></div><p>
         IMC (the IDEALX Mamagement Console) is a tool that can be used as the basis for a comprehensive
         web-based management interface for UNIX and Linux systems.
 …
         For further information regarding IMC refer to the web <a class="ulink" href="http://imc.sourceforge.net/" target="_top">site.</a>
         Prebuilt RPM packages are also <a class="ulink" href="http://imc.sourceforge.net/download.html" target="_top">available.</a>
         </p></div><div class="sect1" title="Effect of Setting File and Directory SUID/SGID Permissions Explained"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12-SUIDSGID"></a>Effect of Setting File and Directory SUID/SGID Permissions Explained</h2></div></div></div><a class="indexterm" name="id389935"></a><a class="indexterm" name="id389942"></a><p>
+        </p></div><div class="sect1" title="Effect of Setting File and Directory SUID/SGID Permissions Explained"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12-SUIDSGID"></a>Effect of Setting File and Directory SUID/SGID Permissions Explained</h2></div></div></div><a class="indexterm" name="id388460"></a><a class="indexterm" name="id388467"></a><p>
         The setting of the SUID/SGID bits on the file or directory permissions flag has particular
         consequences. If the file is executable and the SUID bit is set, it executes with the privilege
 …
 drw-rw-r--    2 bobj     Domain Users  12346 Dec 18 18:11 maryvfile.txt
 </pre><p>
         </p></div><div class="sect1" title="Shared Data Integrity"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12dblck"></a>Shared Data Integrity</h2></div></div></div><p><a class="indexterm" name="id390147"></a><a class="indexterm" name="id390155"></a>
+        </p></div><div class="sect1" title="Shared Data Integrity"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch12dblck"></a>Shared Data Integrity</h2></div></div></div><p><a class="indexterm" name="id388672"></a><a class="indexterm" name="id388680"></a>
         The integrity of shared data is often viewed as a particularly emotional issue, especially where
         there are concurrent problems with multiuser data access. Contrary to the assertions of some who have
 …
         </p><p>
         The solution to concurrent multiuser data access problems must consider three separate areas
         from which the problem may stem:<a class="indexterm" name="id390175"></a><a class="indexterm" name="id390186"></a><a class="indexterm" name="id390197"></a>
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>application-level locking controls</p></li><li class="listitem"><p>client-side locking controls</p></li><li class="listitem"><p>server-side locking controls</p></li></ul></div><p><a class="indexterm" name="id390229"></a><a class="indexterm" name="id390237"></a>
+        from which the problem may stem:<a class="indexterm" name="id388700"></a><a class="indexterm" name="id388711"></a><a class="indexterm" name="id388722"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>application-level locking controls</p></li><li class="listitem"><p>client-side locking controls</p></li><li class="listitem"><p>server-side locking controls</p></li></ul></div><p><a class="indexterm" name="id388754"></a><a class="indexterm" name="id388762"></a>
         Many database applications use some form of application-level access control. An example of one
         well-known application that uses application-level locking is Microsoft Access. Detailed guidance
         is provided here because this is the most common application for which problems have been reported.
         </p><p><a class="indexterm" name="id390251"></a><a class="indexterm" name="id390259"></a>
+        </p><p><a class="indexterm" name="id388776"></a><a class="indexterm" name="id388784"></a>
         Common applications that are affected by client- and server-side locking controls include MS
         Excel and Act!. Important locking guidance is provided here.
         </p><div class="sect2" title="Microsoft Access"><div class="titlepage"><div><div><h3 class="title"><a name="id390270"></a>Microsoft Access</h3></div></div></div><p>
+        </p><div class="sect2" title="Microsoft Access"><div class="titlepage"><div><div><h3 class="title"><a name="id388795"></a>Microsoft Access</h3></div></div></div><p>
         The best advice that can be given is to carefully read the Microsoft knowledgebase articles that
         cover this area. Examples of relevant documents include:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;208778</p></li><li class="listitem"><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;299373</p></li></ul></div><p><a class="indexterm" name="id390294"></a><a class="indexterm" name="id390306"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;208778</p></li><li class="listitem"><p>http://support.microsoft.com/default.aspx?scid=kb;en-us;299373</p></li></ul></div><p><a class="indexterm" name="id388819"></a><a class="indexterm" name="id388831"></a>
         Make sure that your MS Access database file is configured for multiuser access (not set for
         exclusive open). Open MS Access on each client workstation, then set the following: <span class="guimenu">(Menu bar) Tools</span>+<span class="guimenu">Options</span>+<span class="guimenu">[tab] General</span>.  Set network path to Default database folder: <code class="filename">\\server\share\folder</code>.
         </p><p>
         You can configure MS Access file sharing behavior as follows: click <span class="guimenu">[tab] Advanced</span>.
           Set:<a class="indexterm" name="id390353"></a>
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Default open mode: Shared</p></li><li class="listitem"><p>Default Record Locking: Edited Record</p></li><li class="listitem"><p>Open databases using record_level locking</p></li></ul></div><p><a class="indexterm" name="id390382"></a>
+          Set:<a class="indexterm" name="id388878"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Default open mode: Shared</p></li><li class="listitem"><p>Default Record Locking: Edited Record</p></li><li class="listitem"><p>Open databases using record_level locking</p></li></ul></div><p><a class="indexterm" name="id388906"></a>
         You must now commit the changes so that they will take effect. To do so, click
         <span class="guimenu">Apply</span><span class="guimenu">Ok</span>. At this point, you should exit MS Access, restart
         it, and then validate that these settings have not changed.
         </p></div><div class="sect2" title="Act! Database Sharing"><div class="titlepage"><div><div><h3 class="title"><a name="id390409"></a>Act! Database Sharing</h3></div></div></div><p><a class="indexterm" name="id390415"></a><a class="indexterm" name="id390423"></a>
+        </p></div><div class="sect2" title="Act! Database Sharing"><div class="titlepage"><div><div><h3 class="title"><a name="id388933"></a>Act! Database Sharing</h3></div></div></div><p><a class="indexterm" name="id388940"></a><a class="indexterm" name="id388948"></a>
         Where the server sharing the ACT! database(s) is running Samba,or Windows NT, 200x, or XP, you
         must disable opportunistic locking on the server and all workstations. Failure to do so
 …
         as well as from article
         <a class="ulink" href="http://itdomino.saleslogix.com/act.nsf/docid/200110485036" target="_top">200110485036</a>.
         </p><p><a class="indexterm" name="id390449"></a><a class="indexterm" name="id390457"></a>
+        </p><p><a class="indexterm" name="id388974"></a><a class="indexterm" name="id388982"></a>
         These documents clearly state that opportunistic locking must be disabled on both
         the server (Samba in the case we are interested in here), as well as on every workstation
 …
         Registered Act! users may download this utility from the Act! Web
         <a class="ulink" href="http://www.act.com/support/updates/index.cfm" target="_top">site.</a>
         </p></div><div class="sect2" title="Opportunistic Locking Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id390484"></a>Opportunistic Locking Controls</h3></div></div></div><p><a class="indexterm" name="id390491"></a>
+        </p></div><div class="sect2" title="Opportunistic Locking Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id389009"></a>Opportunistic Locking Controls</h3></div></div></div><p><a class="indexterm" name="id389016"></a>
         Third-party Windows applications may not be compatible with the use of opportunistic file
         and record locking. For applications that are known not to be compatible,<sup>[<a name="id390501" href="#ftn.id390501" class="footnote">14</a>]</sup> oplock
+        and record locking. For applications that are known not to be compatible,<sup>[<a name="id389026" href="#ftn.id389026" class="footnote">14</a>]</sup> oplock
         support may need to be disabled both on the Samba server and on the Windows workstations.
         </p><p><a class="indexterm" name="id390512"></a><a class="indexterm" name="id390520"></a><a class="indexterm" name="id390528"></a>
+        </p><p><a class="indexterm" name="id389037"></a><a class="indexterm" name="id389045"></a><a class="indexterm" name="id389053"></a>
         Oplocks enable a Windows client to cache parts of a file that are being
         edited. Another windows client may then request to open the file with the
 …
         doing so, that workstation must flush the file from cache memory to the
         disk or network drive.
         </p><p><a class="indexterm" name="id390546"></a>
+        </p><p><a class="indexterm" name="id389071"></a>
         Disabling of Oplocks usage may require server and client changes.
         Oplocks may be disabled by file, by file pattern, on the share, or on the
 …
         Comprehensive coverage of file and record-locking controls is provided in TOSHARG2, Chapter 13.
         The information in that chapter was obtained from a wide variety of sources.
         </p></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id390501" href="#id390501" class="para">14</a>] </sup>Refer to
+        </p></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id389026" href="#id389026" class="para">14</a>] </sup>Refer to
         the application manufacturer's installation guidelines and knowledge base for specific
         information regarding compatibility. It is often safe to assume that if the software

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ch14.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. Samba Support</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"><link rel="next" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. Samba Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="HA.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="appendix.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="chapter" title="Chapter 14. Samba Support"><div class="titlepage"><div><div><h2 class="title"><a name="id386581"></a>Chapter 14. Samba Support</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ch14.html#id386696">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id386894">Commercial Support</a></span></dt></dl></div><p>
 <a class="indexterm" name="id386590"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 14. Samba Support</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="HA.html" title="Chapter 13. Performance, Reliability, and Availability"><link rel="next" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 14. Samba Support</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="HA.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="appendix.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="chapter" title="Chapter 14. Samba Support"><div class="titlepage"><div><div><h2 class="title"><a name="id385106"></a>Chapter 14. Samba Support</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ch14.html#id385222">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id385420">Commercial Support</a></span></dt></dl></div><p>
+<a class="indexterm" name="id385115"></a>
 One of the most difficult to answer questions in the information technology industry is, <span class="quote">&#8220;<span class="quote">What is
 support?</span>&#8221;</span>. That question irritates some folks, as much as common answers may annoy others.
 </p><p>
 <a class="indexterm" name="id386604"></a>
+<a class="indexterm" name="id385130"></a>
 The most aggravating situation pertaining to support is typified when, as a Linux user, a call is made to
 an Internet service provider who, instead of listening to the problem to find a solution, blandly replies:
 …
 inconvenience, loss of productivity, disorientation, uncertainty, and real or perceived risk.
 </p><p>
 <a class="indexterm" name="id386628"></a>
 <a class="indexterm" name="id386635"></a>
 <a class="indexterm" name="id386642"></a>
+<a class="indexterm" name="id385154"></a>
+<a class="indexterm" name="id385161"></a>
+<a class="indexterm" name="id385168"></a>
 One of the forces that has become a driving force for the adoption of open source software is the fact that
 many IT businesses have provided services that have perhaps failed to deliver what the customer expected, or
 that have been found wanting for other reasons.
 </p><p>
 <a class="indexterm" name="id386654"></a>
 <a class="indexterm" name="id386661"></a>
+<a class="indexterm" name="id385180"></a>
+<a class="indexterm" name="id385187"></a>
 In recognition of the need for needs satisfaction as the primary experience an information technology user or
 consumer expects, the information provided in this chapter may help someone to avoid an unpleasant experience
 in respect of problem resolution.
 </p><p>
 <a class="indexterm" name="id386673"></a>
 <a class="indexterm" name="id386680"></a>
 <a class="indexterm" name="id386687"></a>
+<a class="indexterm" name="id385199"></a>
+<a class="indexterm" name="id385206"></a>
+<a class="indexterm" name="id385213"></a>
 In the open source software arena there are two support options: free support and paid-for (commercial)
 support.
 </p><div class="sect1" title="Free Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386696"></a>Free Support</h2></div></div></div><p>
 <a class="indexterm" name="id386704"></a>
 <a class="indexterm" name="id386710"></a>
 <a class="indexterm" name="id386717"></a>
 <a class="indexterm" name="id386724"></a>
 <a class="indexterm" name="id386731"></a>
 <a class="indexterm" name="id386738"></a>
+</p><div class="sect1" title="Free Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id385222"></a>Free Support</h2></div></div></div><p>
+<a class="indexterm" name="id385230"></a>
+<a class="indexterm" name="id385236"></a>
+<a class="indexterm" name="id385243"></a>
+<a class="indexterm" name="id385250"></a>
+<a class="indexterm" name="id385257"></a>
+<a class="indexterm" name="id385264"></a>
         Free support may be obtained from friends, colleagues, user groups, mailing lists, and interactive help
         facilities. An example of an interactive dacility is the Internet relay chat (IRC) channels that host user
         supported mutual assistance.
         </p><p>
 <a class="indexterm" name="id386750"></a>
 <a class="indexterm" name="id386756"></a>
 <a class="indexterm" name="id386763"></a>
 <a class="indexterm" name="id386770"></a>
 <a class="indexterm" name="id386777"></a>
+<a class="indexterm" name="id385276"></a>
+<a class="indexterm" name="id385282"></a>
+<a class="indexterm" name="id385289"></a>
+<a class="indexterm" name="id385296"></a>
+<a class="indexterm" name="id385303"></a>
         The Samba project maintains a mailing list that is commonly used to discuss solutions to Samba deployments.
         Information regarding subscription to the Samba mailing list can be found on the Samba <a class="ulink" href="https://lists.samba.org/mailman/" target="_top">web</a> site. The public mailing list that can be used to obtain
 …
         the Samba <a class="ulink" href="http://www.samba.org/samba.irc.html" target="_top">IRC</a> web page.
         </p><p>
 <a class="indexterm" name="id386814"></a>
 <a class="indexterm" name="id386821"></a>
 <a class="indexterm" name="id386828"></a>
 <a class="indexterm" name="id386834"></a>
+<a class="indexterm" name="id385340"></a>
+<a class="indexterm" name="id385347"></a>
+<a class="indexterm" name="id385354"></a>
+<a class="indexterm" name="id385360"></a>
         As a general rule, it is considered poor net behavior to contact a Samba Team member directly
         for free support. Most active members of the Samba Team work exceptionally long hours to assist
 …
         to show appropriate discretion and reservation in all direct contact.
         </p><p>
 <a class="indexterm" name="id386849"></a>
 <a class="indexterm" name="id386856"></a>
 <a class="indexterm" name="id386863"></a>
+<a class="indexterm" name="id385375"></a>
+<a class="indexterm" name="id385382"></a>
+<a class="indexterm" name="id385389"></a>
         When you stumble across a Samba bug, often the quickest way to get it resolved is by posting
         a bug <a class="ulink" href="https://bugzilla.samba.org/" target="_top">report</a>. All such reports are mailed to
 …
         that will permit the problem to be reproduced.
         </p><p>
 <a class="indexterm" name="id386883"></a>
+<a class="indexterm" name="id385409"></a>
         We all recognize that sometimes free support does not provide the answer that is sought within
         the time-frame required. At other times the problem is elusive and you may lack the experience
         necessary to isolate the problem and thus to resolve it. This is a situation where is may be
         prudent to purchase paid-for support.
         </p></div><div class="sect1" title="Commercial Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id386894"></a>Commercial Support</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Commercial Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id385420"></a>Commercial Support</h2></div></div></div><p>
         There are six basic support oriented services that are most commonly sought by Samba sites:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Assistance with network design</p></li><li class="listitem"><p>Staff Training</p></li><li class="listitem"><p>Assistance with Samba network deployment and installation</p></li><li class="listitem"><p>Priority telephone or email Samba configuration assistance</p></li><li class="listitem"><p>Trouble-shooting and diagnostic assistance</p></li><li class="listitem"><p>Provision of quality assured ready-to-install Samba binary packages</p></li></ul></div><p>
 <a class="indexterm" name="id386938"></a>
 <a class="indexterm" name="id386945"></a>
+<a class="indexterm" name="id385464"></a>
+<a class="indexterm" name="id385471"></a>
         Information regarding companies that provide professional Samba support can be obtained by performing a Google
         search, as well as by reference to the Samba <a class="ulink" href="http://www.samba.org/samba/support.html" target="_top">Support</a> web page. Companies who notify the Samba Team
 …
         them.
         </p><p>
 <a class="indexterm" name="id386966"></a>
+<a class="indexterm" name="id385492"></a>
         The policy within the Samba Team is to treat all commercial support providers equally and to show no
         preference. As a result, Samba Team members who provide commercial support are lumped in with everyone else.
 …
         is pro-community; so do what you can to help a local business to prosper.
         </p><p>
 <a class="indexterm" name="id386982"></a>
+<a class="indexterm" name="id385508"></a>
         Open source software support can be found in any quality, at any price and in any place you can
         to obtain it. Over 180 companies around the world provide Samba support, there is no excuse for

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/go01.html

r599	r739
1		<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Glossary</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="apa.html" title="Appendix A. GNU General Public License version 3"><link rel="next" href="ix01.html" title="Index"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Glossary</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apa.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr></table><hr></div><div class="glossary" title="Glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id39~~4912~~"></a>Glossary</h2></div></div></div><dl><dt>Access Control List</dt><dd><p>
	1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Glossary</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="apa.html" title="Appendix A. GNU General Public License version 3"><link rel="next" href="ix01.html" title="Index"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Glossary</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="apa.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ix01.html">Next</a></td></tr></table><hr></div><div class="glossary" title="Glossary"><div class="titlepage"><div><div><h2 class="title"><a name="id393436"></a>Glossary</h2></div></div></div><dl><dt>Access Control List</dt><dd><p>
2	2	A detailed list of permissions granted to users or groups with respect to file and network
3	3	resource access.

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/happy.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Making Happy Users</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="Big500users.html" title="Chapter 4. The 500-User Office"><link rel="next" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Making Happy Users</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Big500users.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="net2000users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 5. Making Happy Users"><div class="titlepage"><div><div><h2 class="title"><a name="happy"></a>Chapter 5. Making Happy Users</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id341463">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id341540">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id341668">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id342070">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343725">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343737">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id343908">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id350178">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id350194">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id350283">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id350512">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id350609">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350723">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id352365">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id352391">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id352420">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id352508">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 5. Making Happy Users</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="Big500users.html" title="Chapter 4. The 500-User Office"><link rel="next" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 5. Making Happy Users</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Big500users.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="net2000users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 5. Making Happy Users"><div class="titlepage"><div><div><h2 class="title"><a name="happy"></a>Chapter 5. Making Happy Users</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id339991">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id340067">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id340195">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id340598">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id342251">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id342264">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id342434">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id348703">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id348720">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id348809">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id349037">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id349135">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id349248">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id350249">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id350890">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id350916">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350946">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id351033">Questions and Answers</a></span></dt></dl></div><p>
         It is said that <span class="quote">&#8220;<span class="quote">a day that is without troubles is not fulfilling.  Rather, give
         me a day of troubles well handled so that I can be content with my achievements.</span>&#8221;</span>
 …
         may create problems for some network users. The following lists some of the problems that
         may occur:
         </p><a class="indexterm" name="id340972"></a><a class="indexterm" name="id340978"></a><a class="indexterm" name="id340987"></a><a class="indexterm" name="id340994"></a><a class="indexterm" name="id341000"></a><div class="caution" title="Caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p>
+        </p><a class="indexterm" name="id339499"></a><a class="indexterm" name="id339505"></a><a class="indexterm" name="id339514"></a><a class="indexterm" name="id339521"></a><a class="indexterm" name="id339528"></a><div class="caution" title="Caution" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Caution</h3><p>
 A significant number of network administrators have responded to the guidance given
 here. It should be noted that there are sites that have a single PDC for many hundreds of
 …
 clients is conservative and if followed will minimize problems  but it is not absolute.
 </p></div><div class="variablelist"><dl><dt><span class="term">Users experiencing difficulty logging onto the network</span></dt><dd><p>
                 <a class="indexterm" name="id341038"></a>
                 <a class="indexterm" name="id341046"></a>
+                <a class="indexterm" name="id339565"></a>
+                <a class="indexterm" name="id339574"></a>
                 When a Windows client logs onto the network, many data packets are exchanged
                 between the client and the server that is providing the network logon services.
 …
                 characteristics.
                 </p><p>
                 <a class="indexterm" name="id341061"></a>
                 <a class="indexterm" name="id341068"></a>
                 <a class="indexterm" name="id341074"></a>
+                <a class="indexterm" name="id339589"></a>
+                <a class="indexterm" name="id339595"></a>
+                <a class="indexterm" name="id339602"></a>
                 If the domain controller provides only network logon services
                 and all file and print activity is handled by domain member servers, one domain
 …
                 the Samba server as well as network bandwidth utilization.
                 </p></dd><dt><span class="term">Slow logons and log-offs</span></dt><dd><p>
                 <a class="indexterm" name="id341100"></a>
+                <a class="indexterm" name="id339627"></a>
                 Slow logons and log-offs may be caused by many factors that include:
                         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                                 <a class="indexterm" name="id341113"></a>
                                 <a class="indexterm" name="id341125"></a>
+                                <a class="indexterm" name="id339640"></a>
+                                <a class="indexterm" name="id339652"></a>
                                 Excessive delays in the resolution of a NetBIOS name to its IP
                                 address. This may be observed when an overloaded domain controller
 …
                                 a WINS server (this assumes that there is a single network segment).
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id341141"></a>
                                 <a class="indexterm" name="id341147"></a>
                                 <a class="indexterm" name="id341154"></a>
+                                <a class="indexterm" name="id339668"></a>
+                                <a class="indexterm" name="id339675"></a>
+                                <a class="indexterm" name="id339682"></a>
                                 Network traffic collisions due to overloading of the network
                                 segment. One short-term workaround to this may be to replace
                                 network HUBs with Ethernet switches.
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id341167"></a>
+                                <a class="indexterm" name="id339694"></a>
                                 Defective networking hardware. Over the past few years, we have seen
                                 on the Samba mailing list a significant increase in the number of
 …
                                 the cause of the problem.
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id341184"></a>
                                 <a class="indexterm" name="id341193"></a>
+                                <a class="indexterm" name="id339711"></a>
+                                <a class="indexterm" name="id339720"></a>
                                 Excessively large roaming profiles. This type of problem is typically
                                 the result of poor user education as well as poor network management.
 …
                                 on the part of network management.
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id341210"></a>
+                                <a class="indexterm" name="id339738"></a>
                                 You should verify that the Windows XP WebClient service is not running.
                                 The use of the WebClient service has been implicated in many Windows
 …
                 of factors, including:
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                                 <a class="indexterm" name="id341240"></a>
+                                <a class="indexterm" name="id339767"></a>
                                 Network overload (typically indicated by a high network collision rate)
                                 </p></li><li class="listitem"><p>
                                 Server overload
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id341258"></a>
+                                <a class="indexterm" name="id339786"></a>
                                 Timeout causing the client to close a connection that is in use but has
                                 been latent (no traffic) for some time (5 minutes or more)
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id341273"></a>
+                                <a class="indexterm" name="id339801"></a>
                                 Defective networking hardware
                                 </p></li></ul></div><p>
                 <a class="indexterm" name="id341287"></a>
+                <a class="indexterm" name="id339814"></a>
                 No matter what the cause, a sudden loss of access to network resources can
                 result in BSOD (blue screen of death) situations that necessitate rebooting of the client
 …
                 problem, data corruption.
                 </p></dd><dt><span class="term">Potential data corruption</span></dt><dd><p>
                 <a class="indexterm" name="id341314"></a>
+                <a class="indexterm" name="id339841"></a>
                 Data corruption is one of the most serious problems. It leads to uncertainty, anger, and
                 frustration, and generally precipitates immediate corrective demands. Management response
 …
         methods to improve the reliability of your network environment, but be warned that all such steps
         demand the price of complexity.
         </p><div class="sect1" title="Regarding LDAP Directories and Windows Computer Accounts"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id341339"></a>Regarding LDAP Directories and Windows Computer Accounts</h2></div></div></div><p>
         <a class="indexterm" name="id341347"></a>
+        </p><div class="sect1" title="Regarding LDAP Directories and Windows Computer Accounts"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id339866"></a>Regarding LDAP Directories and Windows Computer Accounts</h2></div></div></div><p>
+        <a class="indexterm" name="id339874"></a>
         Computer (machine) accounts can be placed wherever you like in an LDAP directory subject to some
         constraints that are described in this section.
         </p><p>
         <a class="indexterm" name="id341361"></a>
         <a class="indexterm" name="id341367"></a>
         <a class="indexterm" name="id341374"></a>
         <a class="indexterm" name="id341381"></a>
+        <a class="indexterm" name="id339888"></a>
+        <a class="indexterm" name="id339895"></a>
+        <a class="indexterm" name="id339902"></a>
+        <a class="indexterm" name="id339908"></a>
         The POSIX and SambaSAMAccount components of computer (machine) accounts are both used by Samba.
         That is, machine  accounts are treated inside Samba in the same way that Windows NT4/200X treats
 …
         the machine account ends in a $ character, as do trust accounts.
         </p><p>
         <a class="indexterm" name="id341394"></a>
         <a class="indexterm" name="id341401"></a>
+        <a class="indexterm" name="id339922"></a>
+        <a class="indexterm" name="id339928"></a>
         The need for Windows user, group, machine, trust, and other such accounts to be tied to a valid UNIX UID
         is a design decision that was made a long way back in the history of Samba development. It is
 …
         Samba-3.x series.
         </p><p>
         <a class="indexterm" name="id341414"></a>
         <a class="indexterm" name="id341420"></a>
+        <a class="indexterm" name="id339941"></a>
+        <a class="indexterm" name="id339947"></a>
         The resolution of a UID from the Windows SID is achieved within Samba through a mechanism that
         must refer back to the host operating system on which Samba is running. The name service
 …
         all account entities can be located in an LDAP directory.
         </p><p>
         <a class="indexterm" name="id341451"></a>
+        <a class="indexterm" name="id339978"></a>
         For many the weapon of choice is to use the PADL nss_ldap utility. This utility must
         be configured so that computer accounts can be resolved to a POSIX/UNIX account UID. That
 …
         in the documentation is directed at providing working examples only. The design
         of an LDAP directory is a complex subject that is beyond the scope of this documentation.
         </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id341463"></a>Introduction</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id339991"></a>Introduction</h2></div></div></div><p>
         You just opened an email from Christine that reads:
         </p><p>
 …
         </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Christine</span></td></tr></table></div><p>
         </p><p>
         <a class="indexterm" name="id341510"></a>
         <a class="indexterm" name="id341517"></a>
+        <a class="indexterm" name="id340037"></a>
+        <a class="indexterm" name="id340044"></a>
         Every compromise has consequences. Having a large routed (i.e., multisegment) network with only a
         single domain controller is a poor design that has obvious operational effects that may
 …
         Please let Stan know what the estimated cost will be so I can approve the expense. Do not wait
         for approval; I appreciate the urgency.
         </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Bob</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id341540"></a>Assignment Tasks</h3></div></div></div><p>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Bob</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id340067"></a>Assignment Tasks</h3></div></div></div><p>
                 The priority of assigned tasks in this chapter is:
                 </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
                         <a class="indexterm" name="id341559"></a>
                         <a class="indexterm" name="id341568"></a>
                         <a class="indexterm" name="id341575"></a>
                         <a class="indexterm" name="id341582"></a><a class="indexterm" name="id341587"></a>
+                        <a class="indexterm" name="id340086"></a>
+                        <a class="indexterm" name="id340095"></a>
+                        <a class="indexterm" name="id340102"></a>
+                        <a class="indexterm" name="id340108"></a><a class="indexterm" name="id340114"></a>
                         Implement Backup Domain Controllers (BDCs) in each building. This involves
                         a change from a <span class="emphasis"><em>tdbsam</em></span> backend that was used in the previous
 …
                         You can implement a single central LDAP server for this purpose.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id341608"></a>
                         <a class="indexterm" name="id341614"></a>
                         <a class="indexterm" name="id341621"></a>
                         <a class="indexterm" name="id341628"></a>
+                        <a class="indexterm" name="id340134"></a>
+                        <a class="indexterm" name="id340141"></a>
+                        <a class="indexterm" name="id340148"></a>
+                        <a class="indexterm" name="id340155"></a>
                         Rectify the problem of excessive logon times. This involves redirection of
                         folders to network shares as well as modification of all user desktops to
 …
                         create a new default profile that can be used for all new users.
                         </p></li></ol></div><p>
                 <a class="indexterm" name="id341644"></a>
+                <a class="indexterm" name="id340171"></a>
                 You configure a new MS Windows XP Professional workstation disk image that you roll out
                 to all desktop users. The instructions you have created are followed on a staging machine
                 from which all changes can be carefully tested before inflicting them on your network users.
                 </p><p>
                 <a class="indexterm" name="id341657"></a>
+                <a class="indexterm" name="id340184"></a>
                 This is the last network example in which specific mention of printing is made. The example
                 again makes use of the CUPS printing system.
                 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id341668"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id341676"></a>
         <a class="indexterm" name="id341682"></a>
         <a class="indexterm" name="id341689"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id340195"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id340203"></a>
+        <a class="indexterm" name="id340209"></a>
+        <a class="indexterm" name="id340216"></a>
         The implementation of Samba BDCs necessitates the installation and configuration of LDAP.
         For this site, you use OpenLDAP, the open source software LDAP server platform. Commercial
         LDAP servers in current use with Samba-3 include:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 <a class="indexterm" name="id341704"></a>
+                <a class="indexterm" name="id340231"></a>
                 Novell <a class="ulink" href="http://www.novell.com/products/edirectory/" target="_top">eDirectory</a>
                 is being successfully used by some sites. Information on how to use eDirectory can be
                 obtained from the Samba mailing lists or from Novell.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id341723"></a>
+                <a class="indexterm" name="id340250"></a>
                 IBM <a class="ulink" href="http://www-306.ibm.com/software/tivoli/products/directory-server/" target="_top">Tivoli
                 Directory Server</a> can be used to provide the Samba LDAP backend. Example schema
 …
                 <code class="filename">~samba/example/LDAP.</code>
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id341748"></a>
+                <a class="indexterm" name="id340275"></a>
                 Sun <a class="ulink" href="http://www.sun.com/software/software/products/identity_srvr/home_identity.xml" target="_top">ONE Identity
                 Server product suite</a> provides an LDAP server that can be used for Samba.
 …
         help you to get OpenLDAP and Samba-3 running as required, albeit with some learning curve challenges.
         </p><p>
         <a class="indexterm" name="id341780"></a>
+        <a class="indexterm" name="id340306"></a>
         For most sites, the deployment of Microsoft Active Directory from the shrink-wrapped installation is quite
         adequate. If you are migrating from Microsoft Active Directory, be warned that OpenLDAP does not include
 …
         requires an understanding of what you are doing, why you are doing it, and the tools that you must use.
         </p><p>
         <a class="indexterm" name="id341793"></a>
         <a class="indexterm" name="id341800"></a>
         <a class="indexterm" name="id341807"></a>
         <a class="indexterm" name="id341816"></a>
         <a class="indexterm" name="id341825"></a>
         <a class="indexterm" name="id341832"></a>
         <a class="indexterm" name="id341841"></a>
+        <a class="indexterm" name="id340320"></a>
+        <a class="indexterm" name="id340327"></a>
+        <a class="indexterm" name="id340334"></a>
+        <a class="indexterm" name="id340343"></a>
+        <a class="indexterm" name="id340352"></a>
+        <a class="indexterm" name="id340359"></a>
+        <a class="indexterm" name="id340368"></a>
         When installed and configured, an OpenLDAP Identity Management backend for Samba functions well.
         High availability operation may be obtained through directory replication/synchronization and
 …
         with Microsoft Active Directory.
         </p><p>
         <a class="indexterm" name="id341860"></a>
         <a class="indexterm" name="id341869"></a>
         <a class="indexterm" name="id341876"></a>
         <a class="indexterm" name="id341883"></a>
+        <a class="indexterm" name="id340387"></a>
+        <a class="indexterm" name="id340396"></a>
+        <a class="indexterm" name="id340403"></a>
+        <a class="indexterm" name="id340410"></a>
         A comparison of OpenLDAP with Microsoft Active Directory does not do justice to either. OpenLDAP is an LDAP directory
         tool-set. Microsoft Active Directory Server is an implementation of an LDAP server that is largely preconfigured
 …
         of OpenLDAP.
         </p><p>
         <a class="indexterm" name="id341906"></a>
         <a class="indexterm" name="id341915"></a>
+        <a class="indexterm" name="id340433"></a>
+        <a class="indexterm" name="id340442"></a>
         You may wish to consider outsourcing the development of your OpenLDAP directory to an expert, particularly
         if you find the challenge of learning about LDAP directories, schemas, configuration, and management
 …
         that is required for use as a passdb backend.
         </p><p>
         <a class="indexterm" name="id341929"></a>
+        <a class="indexterm" name="id340456"></a>
         For those who are willing to brave the process of installing and configuring LDAP and Samba-3 interoperability,
         there are a few nice Web-based tools that may help you to manage your users and groups more effectively.
 …
         by Jerry Carter quite useful.
         </p><p>
         <a class="indexterm" name="id342015"></a>
         <a class="indexterm" name="id342022"></a>
         <a class="indexterm" name="id342031"></a>
         <a class="indexterm" name="id342038"></a>
+        <a class="indexterm" name="id340542"></a>
+        <a class="indexterm" name="id340549"></a>
+        <a class="indexterm" name="id340558"></a>
+        <a class="indexterm" name="id340565"></a>
         Mary's problems are due to two factors. First, the absence of a domain controller on the local network is the
         main cause of the errors that result in blue screen crashes. Second, Mary has a large profile that must
 …
         staff morale. The following procedures solve this problem.
         </p><p>
         <a class="indexterm" name="id342055"></a>
+        <a class="indexterm" name="id340582"></a>
         There is also an opportunity to implement smart printing features. You add this to the Samba configuration
         so that future printer changes can be managed without need to change desktop configurations.
 …
         in the default desktop profile. Only one example of printing configuration is given. It is assumed that
         you can extrapolate the principles and use them to install all printers that may be needed.
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id342070"></a>Technical Issues</h3></div></div></div><p>
         <a class="indexterm" name="id342078"></a>
         <a class="indexterm" name="id342087"></a>
         <a class="indexterm" name="id342097"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id340598"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id340606"></a>
+        <a class="indexterm" name="id340615"></a>
+        <a class="indexterm" name="id340624"></a>
         The solution provided is a minimal approach to getting OpenLDAP running as an identity management directory
         server for UNIX system accounts as well as for Samba. From the OpenLDAP perspective, UNIX system
 …
         attributes Samba needs. Samba-3 can use the LDAP backend to store:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Windows Networking User Accounts</p></li><li class="listitem"><p>Windows NT Group Accounts</p></li><li class="listitem"><p>Mapping Information between UNIX Groups and Windows NT Groups</p></li><li class="listitem"><p>ID Mappings for SIDs to UIDs (also for foreign Domain SIDs)</p></li></ul></div><p>
         <a class="indexterm" name="id342133"></a>
         <a class="indexterm" name="id342140"></a>
         <a class="indexterm" name="id342146"></a>
         <a class="indexterm" name="id342153"></a>
         <a class="indexterm" name="id342160"></a>
         <a class="indexterm" name="id342167"></a>
         <a class="indexterm" name="id342176"></a>
         <a class="indexterm" name="id342182"></a>
         <a class="indexterm" name="id342189"></a>
+        <a class="indexterm" name="id340660"></a>
+        <a class="indexterm" name="id340666"></a>
+        <a class="indexterm" name="id340673"></a>
+        <a class="indexterm" name="id340680"></a>
+        <a class="indexterm" name="id340687"></a>
+        <a class="indexterm" name="id340694"></a>
+        <a class="indexterm" name="id340703"></a>
+        <a class="indexterm" name="id340709"></a>
+        <a class="indexterm" name="id340716"></a>
         The use of LDAP with Samba-3 makes it necessary to store UNIX accounts as well as Windows Networking
         accounts in the LDAP backend. This implies the need to use the
 …
         of the UNIX username to the UID. The relationships are demonstrated in <a class="link" href="happy.html#sbehap-LDAPdiag" title="Figure 5.1. The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts">&#8220;The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts&#8221;</a>.
         </p><div class="figure"><a name="sbehap-LDAPdiag"></a><p class="title"><b>Figure 5.1. The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UNIX-Samba-and-LDAP.png" width="270" alt="The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id342269"></a>
         <a class="indexterm" name="id342275"></a>
+        <a class="indexterm" name="id340794"></a>
+        <a class="indexterm" name="id340801"></a>
         You configure OpenLDAP so that it is operational. Before deploying the OpenLDAP, you really
         ought to learn how to configure secure communications over LDAP so that site security is not
         at risk. This is not covered in the following guidance.
         </p><p>
         <a class="indexterm" name="id342290"></a>
         <a class="indexterm" name="id342296"></a>
         <a class="indexterm" name="id342306"></a>
         <a class="indexterm" name="id342312"></a>
+        <a class="indexterm" name="id340816"></a>
+        <a class="indexterm" name="id340822"></a>
+        <a class="indexterm" name="id340832"></a>
+        <a class="indexterm" name="id340838"></a>
         When OpenLDAP has been made operative, you configure the PDC called <code class="constant">MASSIVE</code>.
         You initialize the Samba <code class="filename">secrets.tdb<sub></sub></code> file. Then you
 …
         that help to manage user and group configuration.
         </p><p>
         <a class="indexterm" name="id342343"></a>
         <a class="indexterm" name="id342350"></a>
         <a class="indexterm" name="id342356"></a>
+        <a class="indexterm" name="id340869"></a>
+        <a class="indexterm" name="id340875"></a>
+        <a class="indexterm" name="id340882"></a>
         In order to effect folder redirection and to add robustness to the implementation,
         create a network default profile. All network users workstations are configured to use
 …
         when the user logs off.
         </p><p>
         <a class="indexterm" name="id342369"></a>
+        <a class="indexterm" name="id340895"></a>
         The profile is configured so that users cannot change the appearance
         of their desktop. This is known as a mandatory profile. You make certain that users
         are able to use their computers efficiently.
         </p><p>
         <a class="indexterm" name="id342381"></a>
+        <a class="indexterm" name="id340907"></a>
         A network logon script is used to deliver flexible but consistent network drive
         connections.
         </p><div class="sect3" title="Addition of Machines to the Domain"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-ppc"></a>Addition of Machines to the Domain</h4></div></div></div><p>
                 <a class="indexterm" name="id342401"></a>
                 <a class="indexterm" name="id342406"></a>
                 <a class="indexterm" name="id342412"></a>
                 <a class="indexterm" name="id342417"></a>
+                <a class="indexterm" name="id340927"></a>
+                <a class="indexterm" name="id340932"></a>
+                <a class="indexterm" name="id340938"></a>
+                <a class="indexterm" name="id340943"></a>
                 Samba versions prior to 3.0.11 necessitated the use of a domain administrator account
                 that maps to the UNIX UID=0. The UNIX operating system permits only the <code class="constant">root</code>
 …
                 how any user can now be given the ability to add machines to the domain using a normal user account
                 that has been given the appropriate privileges.
                 </p></div><div class="sect3" title="Roaming Profile Background"><div class="titlepage"><div><div><h4 class="title"><a name="id342548"></a>Roaming Profile Background</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Roaming Profile Background"><div class="titlepage"><div><div><h4 class="title"><a name="id341073"></a>Roaming Profile Background</h4></div></div></div><p>
                 As XP roaming profiles grow, so does the amount of time it takes to log in and out.
                 </p><p>
                 <a class="indexterm" name="id342560"></a>
                 <a class="indexterm" name="id342566"></a>
                 <a class="indexterm" name="id342573"></a>
                 <a class="indexterm" name="id342580"></a>
+                <a class="indexterm" name="id341085"></a>
+                <a class="indexterm" name="id341092"></a>
+                <a class="indexterm" name="id341099"></a>
+                <a class="indexterm" name="id341106"></a>
                 An XP roaming profile consists of the <code class="constant">HKEY_CURRENT_USER</code> hive file
                 <code class="filename">NTUSER.DAT</code> and a number of folders (My Documents, Application Data,
 …
                 instead of the <code class="filename">My Documents</code> folder for saving documents.
                 </p><p>
                 <a class="indexterm" name="id342644"></a>
+                <a class="indexterm" name="id341170"></a>
                 Using a folder other than <code class="filename">My Documents</code> is a nuisance for
                 some users, since many applications use it by default.
                 </p><p>
                 <a class="indexterm" name="id342661"></a>
                 <a class="indexterm" name="id342668"></a>
                 <a class="indexterm" name="id342675"></a>
+                <a class="indexterm" name="id341187"></a>
+                <a class="indexterm" name="id341194"></a>
+                <a class="indexterm" name="id341200"></a>
                 The secret to rapid loading of roaming profiles is to prevent unnecessary data from
                 being copied back and forth, without losing any functionality. This is not difficult;
 …
                 as changing some paths in each user's <code class="filename">NTUSER.DAT</code> hive.
                 </p><p>
                 <a class="indexterm" name="id342693"></a>
                 <a class="indexterm" name="id342700"></a>
+                <a class="indexterm" name="id341219"></a>
+                <a class="indexterm" name="id341226"></a>
                 Every user profile has its own <code class="filename">NTUSER.DAT</code> file. This means
                 you need to edit every user's profile, unless a better method can be
 …
                 they are redirected.
                 </p></div><div class="sect3" title="The Local Group Policy"><div class="titlepage"><div><div><h4 class="title"><a name="sbehap-locgrppol"></a>The Local Group Policy</h4></div></div></div><p>
                 <a class="indexterm" name="id342736"></a>
                 <a class="indexterm" name="id342742"></a>
                 <a class="indexterm" name="id342749"></a>
                 <a class="indexterm" name="id342756"></a>
+                <a class="indexterm" name="id341262"></a>
+                <a class="indexterm" name="id341268"></a>
+                <a class="indexterm" name="id341275"></a>
+                <a class="indexterm" name="id341282"></a>
                 Without an Active Directory PDC, you cannot take full advantage of Group Policy
                 Objects. However, you can still make changes to the Local Group Policy by using
 …
                 semicolon-separated list. Note that this change must be made on all clients
                 that are using roaming profiles.
                 </p></div><div class="sect3" title="Profile Changes"><div class="titlepage"><div><div><h4 class="title"><a name="id342818"></a>Profile Changes</h4></div></div></div><p>
                 <a class="indexterm" name="id342826"></a>
                 <a class="indexterm" name="id342832"></a>
+                </p></div><div class="sect3" title="Profile Changes"><div class="titlepage"><div><div><h4 class="title"><a name="id341344"></a>Profile Changes</h4></div></div></div><p>
+                <a class="indexterm" name="id341352"></a>
+                <a class="indexterm" name="id341358"></a>
                 There are two changes that should be done to each user's profile. Move each of
                 the directories that you have excluded from being copied back and forth out of
 …
                 path (<code class="filename">C:\Documents and Settings\%USERNAME%</code>).
                 </p><p>
                 <a class="indexterm" name="id342857"></a>
                 <a class="indexterm" name="id342864"></a>
+                <a class="indexterm" name="id341383"></a>
+                <a class="indexterm" name="id341390"></a>
                 The above modifies existing user profiles. So that newly created profiles have
                 these settings, you need to modify the <code class="filename">NTUSER.DAT</code> in
 …
                 <code class="filename">NTUSER.DAT</code> to a Linux box and using <code class="literal">regedt32</code>.
                 The basic method is described under <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>.
                 </p></div><div class="sect3" title="Using a Network Default User Profile"><div class="titlepage"><div><div><h4 class="title"><a name="id342906"></a>Using a Network Default User Profile</h4></div></div></div><p>
                 <a class="indexterm" name="id342914"></a>
                 <a class="indexterm" name="id342921"></a>
+                </p></div><div class="sect3" title="Using a Network Default User Profile"><div class="titlepage"><div><div><h4 class="title"><a name="id341432"></a>Using a Network Default User Profile</h4></div></div></div><p>
+                <a class="indexterm" name="id341440"></a>
+                <a class="indexterm" name="id341446"></a>
                 If you are using Samba as your PDC, you should create a file share called
                 <code class="constant">NETLOGON</code> and within that create a directory called
 …
                 See also <a class="ulink" href="http://isg.ee.ethz.ch/tools/realmen/det/skel.en.html" target="_top">
                 the Real Men Don't Click</a> Web site.
                 </p></div><div class="sect3" title="Installation of Printer Driver Auto-Download"><div class="titlepage"><div><div><h4 class="title"><a name="id342960"></a>Installation of Printer Driver Auto-Download</h4></div></div></div><p>
                 <a class="indexterm" name="id342968"></a>
                 <a class="indexterm" name="id342977"></a>
                 <a class="indexterm" name="id342984"></a>
+                </p></div><div class="sect3" title="Installation of Printer Driver Auto-Download"><div class="titlepage"><div><div><h4 class="title"><a name="id341486"></a>Installation of Printer Driver Auto-Download</h4></div></div></div><p>
+                <a class="indexterm" name="id341494"></a>
+                <a class="indexterm" name="id341503"></a>
+                <a class="indexterm" name="id341510"></a>
                 The subject of printing is quite topical. Printing problems run second place to name
                 resolution issues today. So far in this book, you have experienced only what is generally
 …
                 <code class="literal">Raw-Print-Through</code> printing.
                 </p><p>
                 <a class="indexterm" name="id343008"></a>
                 <a class="indexterm" name="id343017"></a>
+                <a class="indexterm" name="id341534"></a>
+                <a class="indexterm" name="id341543"></a>
                 Samba permits the configuration of <code class="literal">smart</code> printing using the Microsoft
                 Windows point-and-click (also called drag-and-drop) printing. What this provides is
 …
                 suited to the printer to which the job is dispatched.
                 </p><p>
                 <a class="indexterm" name="id343057"></a>
                 <a class="indexterm" name="id343064"></a>
                 <a class="indexterm" name="id343071"></a>
+                <a class="indexterm" name="id341583"></a>
+                <a class="indexterm" name="id341590"></a>
+                <a class="indexterm" name="id341597"></a>
                 The CUPS printing subsystem is capable of intelligent printing. It has the capacity to
                 detect the data format and apply a print filter. This means that it is feasible to install
 …
                 </p><p>
                 Here are some diagnostic guidelines that can be referred to when things go wrong:
                 </p><div class="sect4" title="Preliminary Advice: Dangers Can Be Avoided"><div class="titlepage"><div><div><h5 class="title"><a name="id343123"></a>Preliminary Advice: Dangers Can Be Avoided</h5></div></div></div><p>
+                </p><div class="sect4" title="Preliminary Advice: Dangers Can Be Avoided"><div class="titlepage"><div><div><h5 class="title"><a name="id341649"></a>Preliminary Advice: Dangers Can Be Avoided</h5></div></div></div><p>
                 The best advice regarding how to mend a broken leg is <span class="quote">&#8220;<span class="quote">Never break a leg!</span>&#8221;</span>
                 </p><p>
                 <a class="indexterm" name="id343138"></a>
+                <a class="indexterm" name="id341664"></a>
                 Newcomers to Samba and LDAP seem to struggle a great deal at first.  If you want advice
                 regarding the best way to remedy LDAP and Samba problems: <span class="quote">&#8220;<span class="quote">Avoid them like the plague!</span>&#8221;</span>
 …
                 book and adapt them without first working through the examples provided. A little
                 thing overlooked can cause untold pain and may permanently tarnish your experience.
                 </p></div></div><div class="sect4" title="The Name Service Caching Daemon"><div class="titlepage"><div><div><h5 class="title"><a name="id343173"></a>The Name Service Caching Daemon</h5></div></div></div><p>
+                </p></div></div><div class="sect4" title="The Name Service Caching Daemon"><div class="titlepage"><div><div><h5 class="title"><a name="id341699"></a>The Name Service Caching Daemon</h5></div></div></div><p>
                 The name service caching daemon (nscd) is a primary cause of difficulties with name
                 resolution, particularly where <code class="literal">winbind</code> is used. Winbind does its
 …
 <code class="prompt">root# </code> rcnscd off
 </pre><p>
                 </p></div><div class="sect4" title="Debugging LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id343291"></a>Debugging LDAP</h5></div></div></div><p>
                 <a class="indexterm" name="id343298"></a>
                 <a class="indexterm" name="id343305"></a>
                 <a class="indexterm" name="id343312"></a>
+                </p></div><div class="sect4" title="Debugging LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id341816"></a>Debugging LDAP</h5></div></div></div><p>
+                <a class="indexterm" name="id341824"></a>
+                <a class="indexterm" name="id341831"></a>
+                <a class="indexterm" name="id341838"></a>
                 In the example <code class="filename">/etc/openldap/slapd.conf</code> control file
                 (see <a class="link" href="happy.html#sbehap-dbconf" title="Example 5.1. LDAP DB_CONFIG File">&#8220;LDAP DB_CONFIG File&#8221;</a>) there is an entry for <code class="constant">loglevel      256</code>.
 …
                 and restart <code class="literal">slapd</code>.
                 </p><p>
                 <a class="indexterm" name="id343346"></a>
                 <a class="indexterm" name="id343352"></a>
+                <a class="indexterm" name="id341872"></a>
+                <a class="indexterm" name="id341879"></a>
                 LDAP log information can be directed into a file that is separate from the normal system
                 log files by changing the <code class="filename">/etc/syslog.conf</code> file so it has the following
 …
                 customization with the intent that LDAP log files will be stored at a location
                 that meets local site needs and wishes more fully.
                 </p></div><div class="sect4" title="Debugging NSS_LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id343386"></a>Debugging NSS_LDAP</h5></div></div></div><p>
+                </p></div><div class="sect4" title="Debugging NSS_LDAP"><div class="titlepage"><div><div><h5 class="title"><a name="id341913"></a>Debugging NSS_LDAP</h5></div></div></div><p>
                 The basic mechanism for diagnosing problems with the nss_ldap utility involves adding to the
                 <code class="filename">/etc/ldap.conf</code> file the following parameters:
 …
                 </p><p>
                 The diagnostic process should follow these steps:
                 </p><div class="procedure" title="Procedure 5.1. NSS_LDAP Diagnostic Steps"><a name="id343427"></a><p class="title"><b>Procedure 5.1. NSS_LDAP Diagnostic Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                </p><div class="procedure" title="Procedure 5.1. NSS_LDAP Diagnostic Steps"><a name="id341954"></a><p class="title"><b>Procedure 5.1. NSS_LDAP Diagnostic Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Verify the <code class="constant">nss_base_passwd, nss_base_shadow, nss_base_group</code> entries
                         in the <code class="filename">/etc/ldap.conf</code> file and compare them closely with the directory
 …
                         <code class="filename">/etc/ldap.secrets</code> file is correct, as specified in the
                         <code class="filename">/etc/openldap/slapd.conf</code> file.
                         </p></li></ol></div></div><div class="sect4" title="Debugging Samba"><div class="titlepage"><div><div><h5 class="title"><a name="id343646"></a>Debugging Samba</h5></div></div></div><p>
+                        </p></li></ol></div></div><div class="sect4" title="Debugging Samba"><div class="titlepage"><div><div><h5 class="title"><a name="id342172"></a>Debugging Samba</h5></div></div></div><p>
                 The following parameters in the <code class="filename">smb.conf</code> file can be useful in tracking down Samba-related problems:
 </p><pre class="screen">
 …
                 Search for hints of what may have failed by looking for the words <span class="emphasis"><em>fail</em></span>
                 and <span class="emphasis"><em>error</em></span>.
                 </p></div><div class="sect4" title="Debugging on the Windows Client"><div class="titlepage"><div><div><h5 class="title"><a name="id343710"></a>Debugging on the Windows Client</h5></div></div></div><p>
+                </p></div><div class="sect4" title="Debugging on the Windows Client"><div class="titlepage"><div><div><h5 class="title"><a name="id342236"></a>Debugging on the Windows Client</h5></div></div></div><p>
                 MS Windows 2000 Professional and Windows  XP Professional clients can be configured
                 to create a netlogon.log file that can be very helpful in diagnosing network logon problems. Search
                 the Microsoft knowledge base for detailed instructions. The techniques vary a little with each
                 version of MS Windows.
                 </p></div></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id343725"></a>Political Issues</h3></div></div></div><p>
+                </p></div></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id342251"></a>Political Issues</h3></div></div></div><p>
                 MS Windows network users are generally very sensitive to limits that may be imposed when
                 confronted with locked-down workstation configurations. The challenge you face must
                 be promoted as a choice between reliable, fast network operation and a constant flux
                 of problems that result in user irritation.
                 </p></div><div class="sect2" title="Installation Checklist"><div class="titlepage"><div><div><h3 class="title"><a name="id343737"></a>Installation Checklist</h3></div></div></div><p>
+                </p></div><div class="sect2" title="Installation Checklist"><div class="titlepage"><div><div><h3 class="title"><a name="id342264"></a>Installation Checklist</h3></div></div></div><p>
         You are starting a complex project. Even though you went through the installation of a complex
         network in <a class="link" href="Big500users.html" title="Chapter 4. The 500-User Office">&#8220;The 500-User Office&#8221;</a>, this network is a bigger challenge because of the
 …
         been completed. The following task list may help you to keep track of the task items
         that are covered:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Samba-3 PDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>OpenLDAP server</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Samba-3 PDC</p></li><li class="listitem"><p>Idealx smbldap scripts</p></li><li class="listitem"><p>LDAP initialization</p></li><li class="listitem"><p>Create user and group accounts</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profile directories</p></li><li class="listitem"><p>Logon scripts</p></li><li class="listitem"><p>Configuration of user rights and privileges</p></li></ol></div></li><li class="listitem"><p>Samba-3 BDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profiles directories</p></li></ol></div></li><li class="listitem"><p>Windows XP Client Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Default profile folder redirection</p></li><li class="listitem"><p>MS Outlook PST file relocation</p></li><li class="listitem"><p>Delete roaming profile on logout</p></li><li class="listitem"><p>Upload printer drivers to Samba servers</p></li><li class="listitem"><p>Install software</p></li><li class="listitem"><p>Creation of roll-out images</p></li></ol></div></li></ul></div></div></div><div class="sect1" title="Samba Server Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id343908"></a>Samba Server Implementation</h2></div></div></div><p>
         <a class="indexterm" name="id343916"></a>
         <a class="indexterm" name="id343923"></a>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Samba-3 PDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>OpenLDAP server</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Samba-3 PDC</p></li><li class="listitem"><p>Idealx smbldap scripts</p></li><li class="listitem"><p>LDAP initialization</p></li><li class="listitem"><p>Create user and group accounts</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profile directories</p></li><li class="listitem"><p>Logon scripts</p></li><li class="listitem"><p>Configuration of user rights and privileges</p></li></ol></div></li><li class="listitem"><p>Samba-3 BDC Server Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>DHCP and DNS servers</p></li><li class="listitem"><p>PAM and NSS client tools</p></li><li class="listitem"><p>Printers</p></li><li class="listitem"><p>Share point directory roots</p></li><li class="listitem"><p>Profiles directories</p></li></ol></div></li><li class="listitem"><p>Windows XP Client Configuration</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Default profile folder redirection</p></li><li class="listitem"><p>MS Outlook PST file relocation</p></li><li class="listitem"><p>Delete roaming profile on logout</p></li><li class="listitem"><p>Upload printer drivers to Samba servers</p></li><li class="listitem"><p>Install software</p></li><li class="listitem"><p>Creation of roll-out images</p></li></ol></div></li></ul></div></div></div><div class="sect1" title="Samba Server Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id342434"></a>Samba Server Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id342442"></a>
+        <a class="indexterm" name="id342449"></a>
         The network design shown in <a class="link" href="happy.html#chap6net" title="Figure 5.2. Network Topology 500 User Network Using ldapsam passdb backend">&#8220;Network Topology  500 User Network Using ldapsam passdb backend&#8221;</a> is not comprehensive. It is assumed
         that you will install additional file servers and possibly additional BDCs.
         </p><div class="figure"><a name="chap6net"></a><p class="title"><b>Figure 5.2. Network Topology  500 User Network Using ldapsam passdb backend</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap6-net.png" width="270" alt="Network Topology 500 User Network Using ldapsam passdb backend"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id343983"></a>
         <a class="indexterm" name="id343990"></a>
+        <a class="indexterm" name="id342509"></a>
+        <a class="indexterm" name="id342516"></a>
         All configuration files and locations are shown for SUSE Linux 9.2 and are equally valid for SUSE
         Linux Enterprise Server 9. The file locations for Red Hat Linux are similar. You may need to
 …
         <a class="link" href="Big500users.html#ch5-dnshcp-setup" title="Installation of DHCP, DNS, and Samba Control Files">&#8220;Installation of DHCP, DNS, and Samba Control Files&#8221;</a> before commencing at <a class="link" href="happy.html#ldapsetup" title="OpenLDAP Server Configuration">&#8220;OpenLDAP Server Configuration&#8221;</a>.
         </p><div class="sect2" title="OpenLDAP Server Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ldapsetup"></a>OpenLDAP Server Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id344059"></a>
         <a class="indexterm" name="id344066"></a>
         <a class="indexterm" name="id344073"></a>
+        <a class="indexterm" name="id342586"></a>
+        <a class="indexterm" name="id342593"></a>
+        <a class="indexterm" name="id342600"></a>
         Confirm that the packages shown in <a class="link" href="happy.html#oldapreq" title="Table 5.2. Required OpenLDAP Linux Packages">&#8220;Required OpenLDAP Linux Packages&#8221;</a> are installed on your system.
         </p><div class="table"><a name="oldapreq"></a><p class="title"><b>Table 5.2. Required OpenLDAP Linux Packages</b></p><div class="table-contents"><table summary="Required OpenLDAP Linux Packages" border="1"><colgroup><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="center">SUSE Linux 8.x</th><th align="center">SUSE Linux 9.x</th><th align="center">Red Hat Linux</th></tr></thead><tbody><tr><td align="left">nss_ldap</td><td align="left">nss_ldap</td><td align="left">nss_ldap</td></tr><tr><td align="left">pam_ldap</td><td align="left">pam_ldap</td><td align="left">pam_ldap</td></tr><tr><td align="left">openldap2</td><td align="left">openldap2</td><td align="left">openldap</td></tr><tr><td align="left">openldap2-client</td><td align="left">openldap2-client</td><td align="left"> </td></tr></tbody></table></div></div><br class="table-break"><p>
 …
         for bootstrapping the LDAP and Samba-3 configuration is relatively straightforward. If you
         follow these guidelines, the resulting system should work fine.
         </p><div class="procedure" title="Procedure 5.2. OpenLDAP Server Configuration Steps"><a name="id344202"></a><p class="title"><b>Procedure 5.2. OpenLDAP Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id344213"></a>
+        </p><div class="procedure" title="Procedure 5.2. OpenLDAP Server Configuration Steps"><a name="id342728"></a><p class="title"><b>Procedure 5.2. OpenLDAP Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id342739"></a>
                 Install the file shown in <a class="link" href="happy.html#sbehap-slapdconf" title="Example 5.2. LDAP Master Configuration File /etc/openldap/slapd.conf Part A">&#8220;LDAP Master Configuration File  /etc/openldap/slapd.conf Part A&#8221;</a> in the directory
                 <code class="filename">/etc/openldap</code>.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id344240"></a>
                 <a class="indexterm" name="id344247"></a>
                 <a class="indexterm" name="id344253"></a>
+                <a class="indexterm" name="id342766"></a>
+                <a class="indexterm" name="id342773"></a>
+                <a class="indexterm" name="id342779"></a>
                 Remove all files from the directory <code class="filename">/data/ldap</code>, making certain that
                 the directory exists with permissions:
 …
                 This may require you to add a user and a group account for LDAP if they do not exist.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id344286"></a>
+                <a class="indexterm" name="id342812"></a>
                 Install the file shown in <a class="link" href="happy.html#sbehap-dbconf" title="Example 5.1. LDAP DB_CONFIG File">&#8220;LDAP DB_CONFIG File&#8221;</a> in the directory
                 <code class="filename">/data/ldap</code>. In the event that this file is added after <code class="constant">ldap</code>
 …
                 <code class="filename">/data/ldap</code> directory, and then restarting the <code class="constant">LDAP</code> server.
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id344336"></a>
+                <a class="indexterm" name="id342862"></a>
                 Performance logging can be enabled and should preferably be sent to a file on
                 a file system that is large enough to handle significantly sized logs. To enable
 …
 index default               sub
 </pre></div></div><br class="example-break"></div><div class="sect2" title="PAM and NSS Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-PAM-NSS"></a>PAM and NSS Client Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id344468"></a>
         <a class="indexterm" name="id344474"></a>
         <a class="indexterm" name="id344481"></a>
+        <a class="indexterm" name="id342994"></a>
+        <a class="indexterm" name="id343001"></a>
+        <a class="indexterm" name="id343007"></a>
         The steps that follow involve configuration of LDAP, NSS LDAP-based resolution of users and
         groups. Also, so that LDAP-based accounts can log onto the system, the steps ahead configure
         the Pluggable Authentication Modules (PAM) to permit LDAP-based authentication.
         </p><p>
         <a class="indexterm" name="id344493"></a>
         <a class="indexterm" name="id344502"></a>
+        <a class="indexterm" name="id343019"></a>
+        <a class="indexterm" name="id343028"></a>
         Since you have chosen to put UNIX user and group accounts into the LDAP database, it is likely
         that you may want to use them for UNIX system (Linux) local machine logons. This necessitates
 …
         module also has the ability to redirect authentication requests through LDAP.
         </p><p>
         <a class="indexterm" name="id344527"></a>
         <a class="indexterm" name="id344534"></a>
         <a class="indexterm" name="id344541"></a>
         <a class="indexterm" name="id344548"></a>
+        <a class="indexterm" name="id343054"></a>
+        <a class="indexterm" name="id343060"></a>
+        <a class="indexterm" name="id343067"></a>
+        <a class="indexterm" name="id343074"></a>
         You have chosen to configure these services by directly editing the system files, but of course, you
         know that this configuration can be done using system tools provided by the Linux system vendor.
 …
         configuration of SUSE Linux as an LDAP client. Red Hat Linux provides the <code class="literal">authconfig</code>
         tool for this.
         </p><div class="procedure" title="Procedure 5.3. PAM and NSS Client Configuration Steps"><a name="id344584"></a><p class="title"><b>Procedure 5.3. PAM and NSS Client Configuration Steps</b></p><div class="example"><a name="sbehap-nss01"></a><p class="title"><b>Example 5.4. Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></b></p><div class="example-contents"><pre class="screen">
+        </p><div class="procedure" title="Procedure 5.3. PAM and NSS Client Configuration Steps"><a name="id343111"></a><p class="title"><b>Procedure 5.3. PAM and NSS Client Configuration Steps</b></p><div class="example"><a name="sbehap-nss01"></a><p class="title"><b>Example 5.4. Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></b></p><div class="example-contents"><pre class="screen">
 host 127.0.0.1
 …
 ssl off
 </pre></div></div><br class="example-break"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id344595"></a>
                 <a class="indexterm" name="id344602"></a>
                 <a class="indexterm" name="id344609"></a>
+                <a class="indexterm" name="id343122"></a>
+                <a class="indexterm" name="id343129"></a>
+                <a class="indexterm" name="id343136"></a>
                 Execute the following command to find where the <code class="filename">nss_ldap</code> module
                 expects to find its control file:
 …
                 <a class="link" href="happy.html#sbehap-nss02" title="Example 5.5. Configuration File for NSS LDAP Clients Support /etc/ldap.conf">&#8220;Configuration File for NSS LDAP Clients Support  /etc/ldap.conf&#8221;</a> into the path that was obtained from the step above.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id344734"></a>
+                <a class="indexterm" name="id343259"></a>
                 Edit the NSS control file (<code class="filename">/etc/nsswitch.conf</code>) so that the lines that
                 control user and group resolution will obtain information from the normal system files as
 …
                 <code class="filename">nsswitch.conf</code> file is a significant cause of operational problems with LDAP.
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id344800"></a>
+                <a class="indexterm" name="id343325"></a>
                 For PAM LDAP configuration on this SUSE Linux 9.0 system, the simplest solution is to edit the following
                 files in the <code class="filename">/etc/pam.d</code> directory: <code class="literal">login</code>, <code class="literal">password</code>,
 …
 </pre><p>
                 </p><p>
                 <a class="indexterm" name="id344872"></a>
+                <a class="indexterm" name="id343397"></a>
                 On other Linux systems that do not have an LDAP-enabled <code class="literal">pam_unix2.so</code> module,
                 you must edit these files by adding the <code class="literal">pam_ldap.so</code> modules as shown here:
 …
                 LDAP, you probably want to use it rather than add an additional module.
                 </p></li></ol></div></div><div class="sect2" title="Samba-3 PDC Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-massive"></a>Samba-3 PDC Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id344942"></a>
+        <a class="indexterm" name="id343467"></a>
         Verify that the Samba-3.0.20 (or later) packages are installed on each SUSE Linux server
         before following the steps below. If Samba-3.0.20 (or later) is not installed, you have the
 …
         Red Hat Fedora Core and Red Hat Enterprise Linux Server 3 and 4, are included on the CD-ROM that
         is included with this book.
         </p><div class="procedure" title="Procedure 5.4. Configuration of PDC Called MASSIVE"><a name="id344954"></a><p class="title"><b>Procedure 5.4. Configuration of PDC Called <code class="constant">MASSIVE</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.4. Configuration of PDC Called MASSIVE"><a name="id343478"></a><p class="title"><b>Procedure 5.4. Configuration of PDC Called <code class="constant">MASSIVE</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-massive-smbconfa" title="Example 5.6. LDAP Based smb.conf File, Server: MASSIVE global Section: Part A">&#8220;LDAP Based smb.conf File, Server: MASSIVE  global Section: Part A&#8221;</a>,
                 <a class="link" href="happy.html#sbehap-massive-smbconfb" title="Example 5.7. LDAP Based smb.conf File, Server: MASSIVE global Section: Part B">&#8220;LDAP Based smb.conf File, Server: MASSIVE  global Section: Part B&#8221;</a>, <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>,
 …
                 the next step.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id345025"></a>
+                <a class="indexterm" name="id343552"></a>
                 Create and verify the contents of the <code class="filename">smb.conf</code> file that is generated by:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id345117"></a>
                 <a class="indexterm" name="id345124"></a>
+                <a class="indexterm" name="id343643"></a>
+                <a class="indexterm" name="id343650"></a>
                 Samba-3 communicates with the LDAP server. The password that it uses to
                 authenticate to the LDAP server must be stored in the <code class="filename">secrets.tdb</code>
 …
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id345169"></a>
                 <a class="indexterm" name="id345176"></a>
+                <a class="indexterm" name="id343695"></a>
+                <a class="indexterm" name="id343702"></a>
                 Samba-3 generates a Windows Security Identifier (SID) only when <code class="literal">smbd</code>
                 has been started. For this reason, you start Samba. After a few seconds delay,
 …
                 When a positive domain SID has been reported, stop Samba.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id345275"></a>
                 <a class="indexterm" name="id345281"></a>
                 <a class="indexterm" name="id345288"></a>
                 <a class="indexterm" name="id345295"></a>
+                <a class="indexterm" name="id343801"></a>
+                <a class="indexterm" name="id343808"></a>
+                <a class="indexterm" name="id343815"></a>
+                <a class="indexterm" name="id343821"></a>
                 Configure the NFS server for your Linux system. So you can complete the steps that
                 follow, enter into the <code class="filename">/etc/exports</code> the following entry:
 …
         Your Samba-3 PDC is now ready to communicate with the LDAP password backend. Let's get on with
         configuration of the LDAP server.
         </p><div class="example"><a name="sbehap-massive-smbconfa"></a><p class="title"><b>Example 5.6. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id345373"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id345384"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id345396"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id345407"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id345418"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345430"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id345442"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345453"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id345465"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id345476"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id345488"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id345499"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id345511"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id345522"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id345534"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345545"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id345557"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id345568"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id345580"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id345592"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345604"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345616"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345628"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id345640"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id345652"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-massive-smbconfb"></a><p class="title"><b>Example 5.7. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td><a class="indexterm" name="id345688"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id345700"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id345711"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id345723"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345734"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345746"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345757"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id345769"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id345780"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id345792"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id345804"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id345815"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id345827"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id345839"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id345850"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id345862"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id345873"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id345884"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Install and Configure Idealx smbldap-tools Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="sbeidealx"></a>Install and Configure Idealx smbldap-tools Scripts</h3></div></div></div><p>
         <a class="indexterm" name="id345910"></a>
+        </p><div class="example"><a name="sbehap-massive-smbconfa"></a><p class="title"><b>Example 5.6. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id343898"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id343910"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id343921"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id343933"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id343944"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id343956"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id343968"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id343979"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id343991"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id344002"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id344014"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id344025"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id344037"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id344048"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id344060"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id344071"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id344083"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id344094"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id344106"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id344118"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id344130"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id344142"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id344154"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id344166"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id344178"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-massive-smbconfb"></a><p class="title"><b>Example 5.7. LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td><a class="indexterm" name="id344214"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id344226"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id344237"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id344249"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id344260"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id344272"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id344283"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id344295"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id344306"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id344318"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id344329"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id344341"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id344353"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id344364"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id344376"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id344387"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id344399"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id344410"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Install and Configure Idealx smbldap-tools Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="sbeidealx"></a>Install and Configure Idealx smbldap-tools Scripts</h3></div></div></div><p>
+        <a class="indexterm" name="id344436"></a>
         The Idealx scripts, or equivalent, are necessary to permit Samba-3 to manage accounts
         on the LDAP server. You have chosen the Idealx scripts because they are the best-known
 …
         The scripts are not needed on BDC machines because all LDAP updates are handled by
         the PDC alone.
         </p><div class="sect3" title="Installation of smbldap-tools from the Tarball"><div class="titlepage"><div><div><h4 class="title"><a name="id345968"></a>Installation of smbldap-tools from the Tarball</h4></div></div></div><p>
+        </p><div class="sect3" title="Installation of smbldap-tools from the Tarball"><div class="titlepage"><div><div><h4 class="title"><a name="id344495"></a>Installation of smbldap-tools from the Tarball</h4></div></div></div><p>
         To perform a manual installation of the smbldap-tools scripts, the following procedure may be used:
         </p><div class="procedure" title="Procedure 5.5. Unpacking and Installation Steps for the smbldap-tools Tarball"><a name="idealxscript"></a><p class="title"><b>Procedure 5.5. Unpacking and Installation Steps for the <code class="constant">smbldap-tools</code> Tarball</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
 …
                 The smbldap-tools scripts are now ready for the configuration step outlined in
                 <a class="link" href="happy.html#smbldap-init" title="Configuration of smbldap-tools">&#8220;Configuration of smbldap-tools&#8221;</a>.
                 </p></li></ol></div></div><div class="sect3" title="Installing smbldap-tools from the RPM Package"><div class="titlepage"><div><div><h4 class="title"><a name="id346204"></a>Installing smbldap-tools from the RPM Package</h4></div></div></div><p>
+                </p></li></ol></div></div><div class="sect3" title="Installing smbldap-tools from the RPM Package"><div class="titlepage"><div><div><h4 class="title"><a name="id344729"></a>Installing smbldap-tools from the RPM Package</h4></div></div></div><p>
         In the event that you have elected to use the RPM package provided by Idealx, download the
         source RPM <code class="filename">smbldap-tools-0.9.1-1.src.rpm</code>, then follow this procedure:
         </p><div class="procedure" title="Procedure 5.6. Installation Steps for smbldap-tools RPM's"><a name="id346220"></a><p class="title"><b>Procedure 5.6. Installation Steps for <code class="constant">smbldap-tools</code> RPM's</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.6. Installation Steps for smbldap-tools RPM's"><a name="id344745"></a><p class="title"><b>Procedure 5.6. Installation Steps for <code class="constant">smbldap-tools</code> RPM's</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the source RPM that has been downloaded as follows:
 </p><pre class="screen">
 …
         The smbldap-tools require that the NetBIOS name (machine name) of the Samba server be included
         in the <code class="filename">smb.conf</code> file.
         </p><div class="procedure" title="Procedure 5.7. Configuration Steps for smbldap-tools to Enable Use"><a name="id346402"></a><p class="title"><b>Procedure 5.7. Configuration Steps for <code class="constant">smbldap-tools</code> to Enable Use</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.7. Configuration Steps for smbldap-tools to Enable Use"><a name="id344928"></a><p class="title"><b>Procedure 5.7. Configuration Steps for <code class="constant">smbldap-tools</code> to Enable Use</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Change into the directory that contains the <code class="filename">configure.pl</code> script.
 </p><pre class="screen">
 …
                 </p></li></ol></div><p>
         The smbldap-tools are now ready for use.
         </p></div></div><div class="sect2" title="LDAP Initialization and Creation of User and Group Accounts"><div class="titlepage"><div><div><h3 class="title"><a name="id346546"></a>LDAP Initialization and Creation of User and Group Accounts</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="LDAP Initialization and Creation of User and Group Accounts"><div class="titlepage"><div><div><h3 class="title"><a name="id345072"></a>LDAP Initialization and Creation of User and Group Accounts</h3></div></div></div><p>
         The LDAP database must be populated with well-known Windows domain user accounts and domain group
         accounts before Samba can be used. The following procedures step you through the process.
 …
         Addition of an account to the LDAP backend can be done in two ways:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 <a class="indexterm" name="id346574"></a>
                 <a class="indexterm" name="id346580"></a>
                 <a class="indexterm" name="id346587"></a>
                 <a class="indexterm" name="id346594"></a>
                 <a class="indexterm" name="id346601"></a>
                 <a class="indexterm" name="id346608"></a>
+                <a class="indexterm" name="id345099"></a>
+                <a class="indexterm" name="id345106"></a>
+                <a class="indexterm" name="id345113"></a>
+                <a class="indexterm" name="id345120"></a>
+                <a class="indexterm" name="id345126"></a>
+                <a class="indexterm" name="id345133"></a>
                 If you always have a user account in the <code class="filename">/etc/passwd</code> on every
                 server or in a NIS(+) backend, it is not necessary to add POSIX accounts for them in
 …
                 is included on the enclosed CD-ROM under <code class="filename">Chap06/Tools.</code>
                 </p></li></ul></div><p>
         <a class="indexterm" name="id346659"></a>
+        <a class="indexterm" name="id345184"></a>
         If you wish to have more control over how the LDAP database is initialized or
         if you don't want to use the Idealx smbldap-tools, you should refer to
         <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#altldapcfg" title="Alternative LDAP Database Initialization">&#8220;Alternative LDAP Database Initialization&#8221;</a>.
         </p><p>
         <a class="indexterm" name="id346685"></a>
+        <a class="indexterm" name="id345210"></a>
         The following steps initialize the LDAP database, and then you can add user and group
         accounts that Samba can use. You use the <code class="literal">smbldap-populate</code> to
 …
         The list of users does not cover all 500 network users; it provides examples only.
         </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id346712"></a>
         <a class="indexterm" name="id346720"></a>
         <a class="indexterm" name="id346730"></a>
+        <a class="indexterm" name="id345236"></a>
+        <a class="indexterm" name="id345245"></a>
+        <a class="indexterm" name="id345255"></a>
         In the following examples, as the LDAP database is initialized, we do create a container
         for Computer (machine) accounts. In the Samba-3 <code class="filename">smb.conf</code> files, specific use is made
 …
 </pre><p>
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id347108"></a>
+                <a class="indexterm" name="id345631"></a>
                 So that we can use a global IDMAP repository, the LDAP directory must have a container object for IDMAP data.
                 There are several ways you can check that your LDAP database is able to receive IDMAP information. One of
 …
 ou: idmap
 </pre><p>
                 <a class="indexterm" name="id347129"></a>
+                <a class="indexterm" name="id345652"></a>
                 If the execution of this command does not return IDMAP entries, you need to create an LDIF
                 template file (see <a class="link" href="happy.html#sbehap-ldifadd" title="Example 5.12. LDIF IDMAP Add-On Load File File: /etc/openldap/idmap.LDIF">&#8220;LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF&#8221;</a>). You can add the required entries using
 …
                 Samba automatically populates this LDAP directory container when it needs to.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id347164"></a>
+                <a class="indexterm" name="id345688"></a>
                 It looks like all has gone well, as expected. Let's confirm that this is the case
                 by running a few tests. First we check the contents of the database directly
 …
                 This looks good so far.
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id347205"></a>
+                <a class="indexterm" name="id345729"></a>
                 The next step is to prove that the LDAP server is running and responds to a
                 search request. Execute the following as shown (output has been cut to save space):
 …
                 Good. It is all working just fine.
                 </p></li><li class="step" title="Step 9"><p>
                 <a class="indexterm" name="id347246"></a>
+                <a class="indexterm" name="id345770"></a>
                 You must now make certain that the NSS resolver can interrogate LDAP also.
                 Execute the following commands:
 …
 Domain Computers:x:553:
 </pre><p>
                 <a class="indexterm" name="id347273"></a>
+                <a class="indexterm" name="id345797"></a>
                 This demonstrates that the <code class="literal">nss_ldap</code> library is functioning
                 as it should. If these two steps fail to produce this information, refer to
 …
                 have been successfully completed.
                 </p></li><li class="step" title="Step 10"><p>
                 <a class="indexterm" name="id347301"></a>
                 <a class="indexterm" name="id347308"></a>
                 <a class="indexterm" name="id347314"></a>
+                <a class="indexterm" name="id345825"></a>
+                <a class="indexterm" name="id345832"></a>
+                <a class="indexterm" name="id345838"></a>
                 Our database is now ready for the addition of network users. For each user for
                 whom an account must be created, execute the following:
 …
                 where <code class="constant">username</code> is the login ID for each user.
                 </p></li><li class="step" title="Step 11"><p>
                 <a class="indexterm" name="id347372"></a>
+                <a class="indexterm" name="id345896"></a>
                 Now verify that the UNIX (POSIX) accounts can be resolved via NSS by executing the
                 following:
 …
                 by system tools that make a getentpw() system call.
                 </p></li><li class="step" title="Step 13"><p>
                 <a class="indexterm" name="id347429"></a>
+                <a class="indexterm" name="id345953"></a>
                 The root account must have UID=0; if not, this means that operations conducted from
                 a Windows client using tools such as the Domain User Manager fails under UNIX because
 …
                 This is precisely what we want to see.
                 </p></li><li class="step" title="Step 16"><p>
                 <a class="indexterm" name="id347517"></a>
                 <a class="indexterm" name="id347524"></a>
+                <a class="indexterm" name="id346041"></a>
+                <a class="indexterm" name="id346048"></a>
                 The final validation step involves making certain that Samba-3 can obtain the user
                 accounts from the LDAP ldapsam passwd backend. Execute the following command as shown:
 …
                 This looks good. Of course, you fully expected that it would all work, didn't you?
                 </p></li><li class="step" title="Step 17"><p>
                 <a class="indexterm" name="id347558"></a>
+                <a class="indexterm" name="id346082"></a>
                 Now you add the group accounts that are used on the Abmas network. Execute
                 the following exactly as shown:
 …
                 output is of no concern.
                 </p></li><li class="step" title="Step 18"><p>
                 <a class="indexterm" name="id347598"></a>
+                <a class="indexterm" name="id346122"></a>
                 You really do want to confirm that UNIX group resolution from LDAP is functioning
                 as it should. Let's do this as shown here:
 …
                 as our own site-specific group accounts, are correctly listed. This is looking good.
                 </p></li><li class="step" title="Step 19"><p>
                 <a class="indexterm" name="id347627"></a>
+                <a class="indexterm" name="id346151"></a>
                 The final step we need to validate is that Samba can see all the Windows domain groups
                 and that they are correctly mapped to the respective UNIX group account. To do this,
 …
 </pre><p>
                 </p></li><li class="step" title="Step 23"><p>
                 <a class="indexterm" name="id347824"></a>
+                <a class="indexterm" name="id346348"></a>
                 You may now check Samba-3 operation as follows:
 </p><pre class="screen">
 …
         The server <code class="constant">MASSIVE</code> is now configured, and it is time to move onto the next task.
         </p></div><div class="sect2" title="Printer Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="sbehap-ptrcfg"></a>Printer Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id347908"></a>
+        <a class="indexterm" name="id346432"></a>
         The configuration for Samba-3 to enable CUPS raw-print-through printing has already been
         taken care of in the <code class="filename">smb.conf</code> file. The only preparation needed for <code class="constant">smart</code>
         printing to be possible involves creation of the directories in which Samba-3 stores
         Windows printing driver files.
         </p><div class="procedure" title="Procedure 5.9. Printer Configuration Steps"><a name="id347927"></a><p class="title"><b>Procedure 5.9. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.9. Printer Configuration Steps"><a name="id346451"></a><p class="title"><b>Procedure 5.9. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure all network-attached printers to have a fixed IP address.
                 </p></li><li class="step" title="Step 2"><p>
 …
                 to port 9100.  Use any other port the manufacturer specifies for direct mode,
                 raw printing.  This allows the CUPS spooler to print using raw mode protocols.
                 <a class="indexterm" name="id347982"></a>
                 <a class="indexterm" name="id347989"></a>
+                <a class="indexterm" name="id346506"></a>
+                <a class="indexterm" name="id346513"></a>
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id348002"></a>
                 <a class="indexterm" name="id348009"></a>
+                <a class="indexterm" name="id346526"></a>
+                <a class="indexterm" name="id346533"></a>
                 Only on the server to which the printer is attached, configure the CUPS Print
                 Queues as follows:
 …
          -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E
 </pre><p>
                 <a class="indexterm" name="id348043"></a>
+                <a class="indexterm" name="id346567"></a>
                 This step creates the necessary print queue to use no assigned print filter. This
                 is ideal for raw printing, that is, printing without use of filters.
 …
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id348117"></a>
                 <a class="indexterm" name="id348124"></a>
                 <a class="indexterm" name="id348130"></a>
+                <a class="indexterm" name="id346641"></a>
+                <a class="indexterm" name="id346648"></a>
+                <a class="indexterm" name="id346654"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 8"><p>
                  <a class="indexterm" name="id348157"></a>
+                 <a class="indexterm" name="id346681"></a>
                  Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 …
 <code class="prompt">root# </code> chmod -R ug=rwx,o=rx /var/lib/samba/drivers
 </pre><p>
                 </p></li></ol></div></div></div><div class="sect1" title="Samba-3 BDC Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sbehap-bldg1"></a>Samba-3 BDC Configuration</h2></div></div></div><div class="procedure" title="Procedure 5.10. Configuration of BDC Called: BLDG1"><a name="id348233"></a><p class="title"><b>Procedure 5.10. Configuration of BDC Called: <code class="constant">BLDG1</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                </p></li></ol></div></div></div><div class="sect1" title="Samba-3 BDC Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sbehap-bldg1"></a>Samba-3 BDC Configuration</h2></div></div></div><div class="procedure" title="Procedure 5.10. Configuration of BDC Called: BLDG1"><a name="id346757"></a><p class="title"><b>Procedure 5.10. Configuration of BDC Called: <code class="constant">BLDG1</code></b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the files in <a class="link" href="happy.html#sbehap-bldg1-smbconf" title="Example 5.8. LDAP Based smb.conf File, Server: BLDG1">&#8220;LDAP Based smb.conf File, Server: BLDG1&#8221;</a>,
                 <a class="link" href="happy.html#sbehap-shareconfa" title="Example 5.10. LDAP Based smb.conf File, Shares Section Part A">&#8220;LDAP Based smb.conf File, Shares Section  Part A&#8221;</a>, and <a class="link" href="happy.html#sbehap-shareconfb" title="Example 5.11. LDAP Based smb.conf File, Shares Section Part B">&#8220;LDAP Based smb.conf File, Shares Section  Part B&#8221;</a>
 …
                 This is the correct output. If the accounts that have UIDs above 512 are not shown, there is a problem.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id348380"></a>
+                <a class="indexterm" name="id346904"></a>
                 The next step in the verification process involves testing the operation of UNIX group
                 resolution via the NSS LDAP resolver. Execute these commands:
 …
                 is able to communicate correctly with the LDAP server (<code class="constant">MASSIVE</code>).
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id348415"></a>
+                <a class="indexterm" name="id346938"></a>
                 You must now set the LDAP administrative password into the Samba-3 <code class="filename">secrets.tdb</code>
                 file by executing this command:
 …
                 This indicates that the domain security account for the BDC has been correctly created.
                 </p></li><li class="step" title="Step 9"><p>
                 <a class="indexterm" name="id348504"></a>
+                <a class="indexterm" name="id347028"></a>
                 Verify that user and group account resolution works via Samba-3 tools as follows:
 </p><pre class="screen">
 …
                 </p></li><li class="step" title="Step 2"><p>
                 Follow carefully the steps shown in <a class="link" href="happy.html#sbehap-bldg1" title="Samba-3 BDC Configuration">&#8220;Samba-3 BDC Configuration&#8221;</a>, starting at step 2.
                 </p></li></ol></div><div class="example"><a name="sbehap-bldg1-smbconf"></a><p class="title"><b>Example 5.8. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id348810"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id348821"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id348832"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id348844"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id348856"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id348867"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id348879"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id348890"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id348902"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id348913"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id348925"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id348936"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id348948"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id348959"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id348971"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id348982"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id348994"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id349006"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349017"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id349028"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id349040"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349052"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349063"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349075"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id349086"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id349098"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349110"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id349122"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349133"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349144"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id349156"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-bldg2-smbconf"></a><p class="title"><b>Example 5.9. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id349201"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id349213"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id349224"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id349236"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id349247"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349259"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id349270"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id349282"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id349293"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id349305"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id349316"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id349328"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id349339"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id349351"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id349362"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id349374"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id349386"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id349397"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349409"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id349420"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id349432"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349443"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349455"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id349466"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id349478"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id349490"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id349501"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id349513"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349525"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id349536"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id349548"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfa"></a><p class="title"><b>Example 5.10. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id349592"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id349604"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id349615"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id349635"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id349647"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id349658"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id349679"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id349690"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id349702"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id349722"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id349734"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id349745"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id349757"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id349777"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id349789"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id349800"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349812"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349823"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfb"></a><p class="title"><b>Example 5.11. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id349868"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id349879"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id349891"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id349902"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id349922"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id349934"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id349946"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349957"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id349978"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id349989"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id350001"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id350012"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id350032"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id350044"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id350056"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id350067"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id350088"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id350099"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id350111"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id350122"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id350134"></a><em class="parameter"><code>read only = yes</code></em></td></tr><tr><td><a class="indexterm" name="id350145"></a><em class="parameter"><code>write list = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-ldifadd"></a><p class="title"><b>Example 5.12. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
+                </p></li></ol></div><div class="example"><a name="sbehap-bldg1-smbconf"></a><p class="title"><b>Example 5.8. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id347334"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id347345"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id347357"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id347368"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id347380"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id347391"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id347403"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id347414"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id347426"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id347438"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id347449"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id347460"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id347472"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id347484"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id347495"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id347507"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id347518"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id347530"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id347541"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id347553"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id347564"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id347576"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id347588"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id347599"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id347611"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id347622"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id347634"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id347646"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id347657"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id347669"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id347680"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-bldg2-smbconf"></a><p class="title"><b>Example 5.9. LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id347725"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id347737"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id347748"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id347760"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id347772"></a><em class="parameter"><code>enable privileges = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id347783"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id347795"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id347806"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id347818"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id347829"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id347841"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id347852"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id347864"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id347875"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id347887"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id347898"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id347910"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id347921"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id347933"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id347944"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id347956"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id347968"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id347979"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id347991"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id348002"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id348014"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id348026"></a><em class="parameter"><code>idmap backend = ldap:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id348037"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id348049"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id348060"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id348072"></a><em class="parameter"><code>printer admin = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfa"></a><p class="title"><b>Example 5.10. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id348117"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id348128"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id348140"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id348160"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id348172"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id348183"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id348204"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id348215"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id348227"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id348247"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id348259"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id348270"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id348282"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id348302"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id348314"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id348325"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id348337"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id348348"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-shareconfb"></a><p class="title"><b>Example 5.11. LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id348392"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id348404"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id348415"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id348427"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id348447"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id348459"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id348470"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id348482"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id348502"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id348514"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id348525"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id348537"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id348557"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id348569"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id348580"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id348592"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id348612"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id348624"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id348636"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id348647"></a><em class="parameter"><code>guest ok = no</code></em></td></tr><tr><td><a class="indexterm" name="id348658"></a><em class="parameter"><code>read only = yes</code></em></td></tr><tr><td><a class="indexterm" name="id348670"></a><em class="parameter"><code>write list = root, chrisr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbehap-ldifadd"></a><p class="title"><b>Example 5.12. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
 dn: ou=Idmap,dc=abmas,dc=biz
 objectClass: organizationalUnit
 ou: idmap
 structuralObjectClass: organizationalUnit
 </pre></div></div><br class="example-break"></div><div class="sect1" title="Miscellaneous Server Preparation Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id350178"></a>Miscellaneous Server Preparation Tasks</h2></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect1" title="Miscellaneous Server Preparation Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id348703"></a>Miscellaneous Server Preparation Tasks</h2></div></div></div><p>
         My father would say, <span class="quote">&#8220;<span class="quote">Dinner is not over until the dishes have been done.</span>&#8221;</span>
         The makings of a great network environment take a lot of effort and attention to detail.
 …
         a few more steps that must be completed so that your network runs like a well-rehearsed
         orchestra.
         </p><div class="sect2" title="Configuring Directory Share Point Roots"><div class="titlepage"><div><div><h3 class="title"><a name="id350194"></a>Configuring Directory Share Point Roots</h3></div></div></div><p>
+        </p><div class="sect2" title="Configuring Directory Share Point Roots"><div class="titlepage"><div><div><h3 class="title"><a name="id348720"></a>Configuring Directory Share Point Roots</h3></div></div></div><p>
         In your <code class="filename">smb.conf</code> file, you have specified Windows shares. Each has a <em class="parameter"><code>path</code></em>
         parameter. Even though it is obvious to all, one of the common Samba networking problems is
 …
 <code class="prompt">root# </code> chmod -R ug+rwx,o+rx-w /apps
 </pre><p>
         </p></div><div class="sect2" title="Configuring Profile Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id350283"></a>Configuring Profile Directories</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Configuring Profile Directories"><div class="titlepage"><div><div><h3 class="title"><a name="id348809"></a>Configuring Profile Directories</h3></div></div></div><p>
         You made a conscious decision to do everything it would take to improve network client
         performance. One of your decisions was to implement folder redirection. This means that Windows
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id350393"></a>
         <a class="indexterm" name="id350399"></a>
+        <a class="indexterm" name="id348918"></a>
+        <a class="indexterm" name="id348925"></a>
         You have three options insofar as the dynamically loaded portion of the roaming profile
         is concerned:
 …
         that is, just by changing the filename extension.
         </p><p>
         <a class="indexterm" name="id350445"></a>
         <a class="indexterm" name="id350452"></a>
+        <a class="indexterm" name="id348970"></a>
+        <a class="indexterm" name="id348977"></a>
         The location of the profile that a user can obtain is set in the user's account in the LDAP passdb backend.
         You can manage this using the Idealx smbldap-tools or using the
 …
 <code class="prompt">root# </code> chmod 700  /var/lib/samba/profiles/<span class="emphasis"><em>username</em></span>
 </pre><p>
         </p></div><div class="sect2" title="Preparation of Logon Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="id350512"></a>Preparation of Logon Scripts</h3></div></div></div><p>
         <a class="indexterm" name="id350519"></a>
+        </p></div><div class="sect2" title="Preparation of Logon Scripts"><div class="titlepage"><div><div><h3 class="title"><a name="id349037"></a>Preparation of Logon Scripts</h3></div></div></div><p>
+        <a class="indexterm" name="id349045"></a>
         The use of a logon script with Windows XP Professional is an option that every site should consider.
         Unless you have locked down the desktop so the user cannot change anything, there is risk that
 …
         Section 24.4. A quick Web search will bring up a host of options. One of the most popular logon
         facilities in use today is called <a class="ulink" href="http://www.kixtart.org" target="_top">KiXtart</a>.
         </p></div><div class="sect2" title="Assigning User Rights and Privileges"><div class="titlepage"><div><div><h3 class="title"><a name="id350609"></a>Assigning User Rights and Privileges</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Assigning User Rights and Privileges"><div class="titlepage"><div><div><h3 class="title"><a name="id349135"></a>Assigning User Rights and Privileges</h3></div></div></div><p>
         The ability to perform tasks such as joining Windows clients to the domain can be assigned to
         normal user accounts. By default, only the domain administrator account (<code class="constant">root</code> on UNIX
 …
         are granted rights can be restricted to particular machines. It is left to the network administrator
         to determine which rights should be provided and to whom.
         </p><div class="procedure" title="Procedure 5.12. Steps for Assignment of User Rights and Privileges"><a name="id350638"></a><p class="title"><b>Procedure 5.12. Steps for Assignment of User Rights and Privileges</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.12. Steps for Assignment of User Rights and Privileges"><a name="id349164"></a><p class="title"><b>Procedure 5.12. Steps for Assignment of User Rights and Privileges</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Log onto the PDC as the <code class="constant">root</code> account.
                 </p></li><li class="step" title="Step 2"><p>
 …
 SeDiskOperatorPrivilege
 </pre><p>
                 </p></li></ol></div></div></div><div class="sect1" title="Windows Client Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id350723"></a>Windows Client Configuration</h2></div></div></div><p>
         <a class="indexterm" name="id350731"></a>
+                </p></li></ol></div></div></div><div class="sect1" title="Windows Client Configuration"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id349248"></a>Windows Client Configuration</h2></div></div></div><p>
+        <a class="indexterm" name="id349256"></a>
         In the next few sections, you can configure a new Windows XP Professional disk image on a staging
         machine. You will configure all software, printer settings, profile and policy handling, and desktop
 …
         </p><div class="sect2" title="Configuration of Default Profile with Folder Redirection"><div class="titlepage"><div><div><h3 class="title"><a name="redirfold"></a>Configuration of Default Profile with Folder Redirection</h3></div></div></div><p>
         <a class="indexterm" name="id350774"></a>
+        <a class="indexterm" name="id349299"></a>
         Log onto the Windows XP Professional workstation as the local <code class="constant">Administrator</code>.
         It is necessary to expose folders that are generally hidden to provide access to the
         <code class="constant">Default User</code> folder.
         </p><div class="procedure" title="Procedure 5.13. Expose Hidden Folders"><a name="id350791"></a><p class="title"><b>Procedure 5.13. Expose Hidden Folders</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.13. Expose Hidden Folders"><a name="id349316"></a><p class="title"><b>Procedure 5.13. Expose Hidden Folders</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Launch the Windows Explorer by clicking
                         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">My Computer</span> &#8594; <span class="guimenuitem">Tools</span> &#8594; <span class="guimenuitem">Folder Options</span> &#8594; <span class="guimenuitem">View Tab</span>.
 …
                 and click <span class="guibutton">OK</span>.  Exit Windows Explorer.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id350856"></a>
+                <a class="indexterm" name="id349380"></a>
                 Launch the Registry Editor. Click
                 <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Run</span>. Key in <code class="literal">regedt32</code>, and click
 …
                 </p></li></ol></div><p>
         </p><div class="procedure" title="Procedure 5.14. Redirect Folders in Default System User Profile"><a name="sbehap-rdrfldr"></a><p class="title"><b>Procedure 5.14. Redirect Folders in Default System User Profile</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id350912"></a>
                 <a class="indexterm" name="id350919"></a>
+                <a class="indexterm" name="id349437"></a>
+                <a class="indexterm" name="id349443"></a>
                 Give focus to <code class="constant">HKEY_LOCAL_MACHINE</code> hive entry in the left panel.
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Load Hive...</span> &#8594; <span class="guimenuitem">Documents and Settings</span> &#8594; <span class="guimenuitem">Default User</span> &#8594; <span class="guimenuitem">NTUSER</span> &#8594; <span class="guimenuitem">Open</span>. In the dialog box that opens, enter the key name
 …
                 The right panel reveals the contents as shown in <a class="link" href="happy.html#XP-screen001" title="Figure 5.3. Windows XP Professional User Shared Folders">&#8220;Windows XP Professional  User Shared Folders&#8221;</a>.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id351008"></a>
                 <a class="indexterm" name="id351015"></a>
+                <a class="indexterm" name="id349532"></a>
+                <a class="indexterm" name="id349539"></a>
                 You edit hive keys. Acceptable values to replace the
                 <code class="constant">%USERPROFILE%</code> variable includes:
 …
                                 <code class="constant">\\MASSIVE\profdata</code></p></li><li class="listitem"><p>A network redirection (UNC name) that contains a macro such as </p><p><code class="constant">%LOGONSERVER%\profdata\</code></p></li></ul></div><p>
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id351059"></a>
+                <a class="indexterm" name="id349583"></a>
                 Set the registry keys as shown in <a class="link" href="happy.html#proffold" title="Table 5.4. Default Profile Redirections">&#8220;Default Profile Redirections&#8221;</a>. Your implementation makes the assumption
                 that users have statically located machines. Notebook computers (mobile users) need to be
 …
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Unload Hive...</span> &#8594; <span class="guimenuitem">Yes</span>.
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id351112"></a>
+                <a class="indexterm" name="id349636"></a>
                 Click <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Exit</span>. This exits the
                 Registry Editor.
 …
                 have redirected is in the exclusion list.
                 </p></li><li class="step" title="Step 8"><p>
                 You are now ready to copy<sup>[<a name="id351153" href="#ftn.id351153" class="footnote">11</a>]</sup>
+                You are now ready to copy<sup>[<a name="id349677" href="#ftn.id349677" class="footnote">11</a>]</sup>
                 the Default User profile to the Samba domain controllers. Launch Microsoft Windows Explorer,
                 and use it to copy the full contents of the directory <code class="filename">Default User</code> that
 …
         desktop behavior should be returned to the original Microsoft settings. The following steps achieve
         that ojective:
         </p><div class="procedure" title="Procedure 5.15. Reset Folder Display to Original Behavior"><a name="id351213"></a><p class="title"><b>Procedure 5.15. Reset Folder Display to Original Behavior</b></p><ul class="procedure"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.15. Reset Folder Display to Original Behavior"><a name="id349737"></a><p class="title"><b>Procedure 5.15. Reset Folder Display to Original Behavior</b></p><ul class="procedure"><li class="step" title="Step 1"><p>
                 To launch the Windows Explorer, click
                         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">My Computer</span> &#8594; <span class="guimenuitem">Tools</span> &#8594; <span class="guimenuitem">Folder Options</span> &#8594; <span class="guimenuitem">View Tab</span>.
                 Deselect <span class="guilabel">Show hidden files and folders</span>, and click <span class="guibutton">OK</span>.
                 Exit Windows Explorer.
                 </p></li></ul></div><div class="figure"><a name="XP-screen001"></a><p class="title"><b>Figure 5.3. Windows XP Professional  User Shared Folders</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/XP-screen001.png" width="351" alt="Windows XP Professional User Shared Folders"></div></div></div><br class="figure-break"><div class="table"><a name="proffold"></a><p class="title"><b>Table 5.4. Default Profile Redirections</b></p><div class="table-contents"><table summary="Default Profile Redirections" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Registry Key</th><th align="left">Redirected Value</th></tr></thead><tbody><tr><td align="left">Cache</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\InternetFiles</td></tr><tr><td align="left">Cookies</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Cookies</td></tr><tr><td align="left">History</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\History</td></tr><tr><td align="left">Local AppData</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\AppData</td></tr><tr><td align="left">Local Settings</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\LocalSettings</td></tr><tr><td align="left">My Pictures</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyPictures</td></tr><tr><td align="left">Personal</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyDocuments</td></tr><tr><td align="left">Recent</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Recent</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Configuration of MS Outlook to Relocate PST File"><div class="titlepage"><div><div><h3 class="title"><a name="id351441"></a>Configuration of MS Outlook to Relocate PST File</h3></div></div></div><p>
         <a class="indexterm" name="id351449"></a>
         <a class="indexterm" name="id351458"></a>
+                </p></li></ul></div><div class="figure"><a name="XP-screen001"></a><p class="title"><b>Figure 5.3. Windows XP Professional  User Shared Folders</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/XP-screen001.png" width="351" alt="Windows XP Professional User Shared Folders"></div></div></div><br class="figure-break"><div class="table"><a name="proffold"></a><p class="title"><b>Table 5.4. Default Profile Redirections</b></p><div class="table-contents"><table summary="Default Profile Redirections" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Registry Key</th><th align="left">Redirected Value</th></tr></thead><tbody><tr><td align="left">Cache</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\InternetFiles</td></tr><tr><td align="left">Cookies</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Cookies</td></tr><tr><td align="left">History</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\History</td></tr><tr><td align="left">Local AppData</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\AppData</td></tr><tr><td align="left">Local Settings</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\LocalSettings</td></tr><tr><td align="left">My Pictures</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyPictures</td></tr><tr><td align="left">Personal</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\MyDocuments</td></tr><tr><td align="left">Recent</td><td align="left">%LOGONSERVER%\profdata\%USERNAME%\Recent</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Configuration of MS Outlook to Relocate PST File"><div class="titlepage"><div><div><h3 class="title"><a name="id349965"></a>Configuration of MS Outlook to Relocate PST File</h3></div></div></div><p>
+        <a class="indexterm" name="id349973"></a>
+        <a class="indexterm" name="id349982"></a>
         Microsoft Outlook can store a Personal Storage file, generally known as a PST file.
         It is the nature of email storage that this file grows, at times quite rapidly.
 …
         To redirect the Outlook PST file in Outlook 2003 (older versions of Outlook behave
         slightly differently), follow these steps:
         </p><div class="procedure" title="Procedure 5.16. Outlook PST File Relocation"><a name="id351476"></a><p class="title"><b>Procedure 5.16. Outlook PST File Relocation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.16. Outlook PST File Relocation"><a name="id350000"></a><p class="title"><b>Procedure 5.16. Outlook PST File Relocation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Close Outlook if it is open.
                 </p></li><li class="step" title="Step 2"><p>
 …
                 Go back to the <span class="guimenu">Data Files</span> window, then delete the old data file entry.
                 </p></li></ol></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id351615"></a>
+        <a class="indexterm" name="id350139"></a>
         You may have to remove and reinstall the Outlook Address Book (Contacts) entries, otherwise
         the user may be not be able to retrieve contacts when addressing a new email message.
         </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id351628"></a>
+        <a class="indexterm" name="id350152"></a>
         Outlook Express is not at all like MS OutLook. It stores file very differently also. Outlook
         Express storage files can not be redirected to network shares. The options panel will not permit
 …
         registry, experience has shown that data corruption and loss of email messages will result.
         </p><p>
         <a class="indexterm" name="id351646"></a>
         <a class="indexterm" name="id351653"></a>
+        <a class="indexterm" name="id350170"></a>
+        <a class="indexterm" name="id350177"></a>
         In the same vane as MS Outlook, Outlook Express data stores can become very large. When used with
         roaming profiles this can result in excruciatingly long login and logout behavior will files are
 …
         profiles are used.
         </p></div><p>
         <a class="indexterm" name="id351665"></a>
+        <a class="indexterm" name="id350190"></a>
         Microsoft does not support storing PST files on network shares, although the practice does appear
         to be rather popular. Anyone who does relocation the PST file to a network resource should refer
 …
         understand the issues.
         </p><p>
         <a class="indexterm" name="id351684"></a>
+        <a class="indexterm" name="id350208"></a>
         Apart from manually moving PST files to a network share, it is possible to set the default PST
         location for new accounts by following the instructions at the WindowsITPro <a class="ulink" href="http://www.windowsitpro.com/Windows/Article/ArticleID/48228/48228.html" target="_top">web</a> site.
         </p><p>
         <a class="indexterm" name="id351701"></a>
+        <a class="indexterm" name="id350226"></a>
         User feedback suggests that disabling of oplocks on PST files will significantly improve
         network performance by reducing locking overheads. One way this can be done is to add to the
 …
 veto oplock files = /*.pdf/*.PST/
 </pre><p>
         </p></div><div class="sect2" title="Configure Delete Cached Profiles on Logout"><div class="titlepage"><div><div><h3 class="title"><a name="id351724"></a>Configure Delete Cached Profiles on Logout</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Configure Delete Cached Profiles on Logout"><div class="titlepage"><div><div><h3 class="title"><a name="id350249"></a>Configure Delete Cached Profiles on Logout</h3></div></div></div><p>
         Configure the Windows XP Professional client to auto-delete roaming profiles on logout:
         </p><p>
         <a class="indexterm" name="id351736"></a>
+        <a class="indexterm" name="id350261"></a>
         Click
         <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">Run</span>. In the dialog box, enter <code class="literal">MMC</code> and click <span class="guibutton">OK</span>.
 …
         <span class="guimenu">File</span> &#8594; <span class="guimenuitem">Add/Remove Snap-in</span> &#8594; <span class="guimenuitem">Add</span> &#8594; <span class="guimenuitem">Group Policy</span> &#8594; <span class="guimenuitem">Add</span> &#8594; <span class="guimenuitem">Finish</span> &#8594; <span class="guimenuitem">Close</span> &#8594; <span class="guimenuitem">OK</span>.
         </p><p>
         <a class="indexterm" name="id351830"></a>
+        <a class="indexterm" name="id350355"></a>
         The Microsoft Management Console now shows the <span class="guimenu">Group Policy</span>
         utility that enables you to set the policies needed. In the left panel, click
 …
         Close the Microsoft Management Console. The settings take immediate effect and persist onto all image copies
         made of this system to deploy the new standard desktop system.
         </p></div><div class="sect2" title="Uploading Printer Drivers to Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id351896"></a>Uploading Printer Drivers to Samba Servers</h3></div></div></div><p>
         <a class="indexterm" name="id351904"></a>
+        </p></div><div class="sect2" title="Uploading Printer Drivers to Samba Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id350420"></a>Uploading Printer Drivers to Samba Servers</h3></div></div></div><p>
+        <a class="indexterm" name="id350428"></a>
         Users want to be able to use network printers. You have a vested interest in making
         it easy for them to print. You have chosen to install the printer drivers onto the Samba
 …
         print to the printer chosen. The following procedure must be followed for every network
         printer:
         </p><div class="procedure" title="Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers"><a name="id351918"></a><p class="title"><b>Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers"><a name="id350443"></a><p class="title"><b>Procedure 5.17. Steps to Install Printer Drivers on the Samba Servers</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Join your Windows XP Professional workstation (the staging machine) to the
                 <code class="constant">MEGANET2</code> domain. If you are not sure of the procedure,
 …
                 button that is next to the <span class="guimenu">Driver</span> box. This launches the <span class="quote">&#8220;<span class="quote">Add Printer Wizard</span>&#8221;</span>.
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id352097"></a>
                 <a class="indexterm" name="id352106"></a>
+                <a class="indexterm" name="id350622"></a>
+                <a class="indexterm" name="id350631"></a>
                 The <span class="quote">&#8220;<span class="quote">Add Printer Driver Wizard on <code class="constant">MASSIVE</code></span>&#8221;</span> panel
                 is now presented. Click <span class="guimenu">Next</span> to continue. From the left panel, select the
 …
                 directed at the network server <code class="constant">\\massive\ps01-color</code>.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id352150"></a>
                 <a class="indexterm" name="id352160"></a>
                 <a class="indexterm" name="id352169"></a>
                 <a class="indexterm" name="id352178"></a>
                 <a class="indexterm" name="id352187"></a>
                 <a class="indexterm" name="id352196"></a>
+                <a class="indexterm" name="id350675"></a>
+                <a class="indexterm" name="id350685"></a>
+                <a class="indexterm" name="id350694"></a>
+                <a class="indexterm" name="id350703"></a>
+                <a class="indexterm" name="id350712"></a>
+                <a class="indexterm" name="id350721"></a>
                 The driver upload completes in anywhere from a few seconds to a few minutes. When it completes,
                 you are returned to the <span class="guimenu">Advanced</span> tab in the <span class="guimenu">Properties</span> panel.
 …
                 (Applicable to Active Directory use only.)
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id352247"></a>
+                <a class="indexterm" name="id350772"></a>
                 Click <span class="guimenu">OK</span>. It will take a minute or so to upload the settings to the server.
                 You are now returned to the <span class="guimenu">Printers and Faxes on Massive</span> monitor.
 …
                 click <span class="guimenu">Apply</span> again.
                 </p></li><li class="step" title="Step 10"><p>
                 <a class="indexterm" name="id352314"></a>
+                <a class="indexterm" name="id350840"></a>
                 Verify that all printer settings are at the desired configuration. When you are satisfied that they are,
                 click the <span class="guimenu">General</span> tab. Now click the <span class="guimenu">Print Test Page</span> button.
 …
                 When you have finished uploading drivers to all printers, close all applications. The next task
                 is to install software your users require to do their work.
                 </p></li></ol></div></div><div class="sect2" title="Software Installation"><div class="titlepage"><div><div><h3 class="title"><a name="id352365"></a>Software Installation</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Software Installation"><div class="titlepage"><div><div><h3 class="title"><a name="id350890"></a>Software Installation</h3></div></div></div><p>
         Your network has both fixed desktop workstations as well as notebook computers. As a general rule, it is
         a good idea to not tamper with the operating system that is provided by the notebook computer manufacturer.
 …
         and migrate that to the Samba server for later reuse when creating custom mandatory profiles, just in
         case a user may have specific needs you had not anticipated.
         </p></div><div class="sect2" title="Roll-out Image Creation"><div class="titlepage"><div><div><h3 class="title"><a name="id352391"></a>Roll-out Image Creation</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Roll-out Image Creation"><div class="titlepage"><div><div><h3 class="title"><a name="id350916"></a>Roll-out Image Creation</h3></div></div></div><p>
         The final steps before preparing the distribution Norton Ghost image file you might follow are:
         </p><div class="blockquote"><blockquote class="blockquote"><p>
 …
         in better performance and often significantly reduces the size of the compressed disk image. That
         also means it will take less time to deploy the image onto 500 workstations.
         </p></blockquote></div></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352420"></a>Key Points Learned</h2></div></div></div><p>
+        </p></blockquote></div></div></div><div class="sect1" title="Key Points Learned"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id350946"></a>Key Points Learned</h2></div></div></div><p>
         This chapter introduced many new concepts. Is it a sad fact that the example presented deliberately
         avoided any consideration of security. Security does not just happen; you must design it into your total
 …
         of compromise.
         </p><p>
         <a class="indexterm" name="id352437"></a>
         <a class="indexterm" name="id352445"></a>
+        <a class="indexterm" name="id350962"></a>
+        <a class="indexterm" name="id350971"></a>
         As a minimum, the LDAP server must be protected by way of Access Control Lists (ACLs), and it must be
         configured to use secure protocols for all communications over the network. Of course, secure networking
 …
                 </p></li><li class="listitem"><p>
                 Use of the CUPS printing system together with Samba-based printer driver auto-download.
                 </p></li></ul></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352508"></a>Questions and Answers</h2></div></div></div><p>
+                </p></li></ul></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id351033"></a>Questions and Answers</h2></div></div></div><p>
         Well, here we are at the end of this chapter and we have only ten questions to help you to
         remember so much. There are bound to be some sticky issues here.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id352518"></a><dl><dt> <a href="happy.html#id352525">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id351044"></a><dl><dt> <a href="happy.html#id351050">
                 Why did you not cover secure practices? Isn't it rather irresponsible to instruct
                 network administrators to implement insecure solutions?
                 </a></dt><dt> <a href="happy.html#id352558">
+                </a></dt><dt> <a href="happy.html#id351084">
                 You have focused much on SUSE Linux and little on the market leader, Red Hat. Do
                 you have a problem with Red Hat Linux? Doesn't that make your guidance irrelevant
                 to the Linux I might be using?
                 </a></dt><dt> <a href="happy.html#id352600">
+                </a></dt><dt> <a href="happy.html#id351126">
                 You did not use SWAT to configure Samba. Is there something wrong with it?
                 </a></dt><dt> <a href="happy.html#id352635">
+                </a></dt><dt> <a href="happy.html#id351160">
                 You have exposed a well-used password not24get. Is that
                 not irresponsible?
                 </a></dt><dt> <a href="happy.html#id352657">
+                </a></dt><dt> <a href="happy.html#id351183">
                 The Idealx smbldap-tools create many domain group accounts that are not used. Is that
                 a good thing?
                 </a></dt><dt> <a href="happy.html#id352681">
+                </a></dt><dt> <a href="happy.html#id351206">
                 Can I use LDAP just for Samba accounts and not for UNIX system accounts?
                 </a></dt><dt> <a href="happy.html#id352701">
+                </a></dt><dt> <a href="happy.html#id351227">
                 Why are the Windows domain RID portions not the same as the UNIX UID?
                 </a></dt><dt> <a href="happy.html#id352732">
+                </a></dt><dt> <a href="happy.html#id351258">
                 Printer configuration examples all show printing to the HP port 9100. Does this
                 mean that I must have HP printers for these solutions to work?
                 </a></dt><dt> <a href="happy.html#id352757">
+                </a></dt><dt> <a href="happy.html#id351282">
                 Is folder redirection dangerous? I've heard that you can lose your data that way.
                 </a></dt><dt> <a href="happy.html#id352779">
+                </a></dt><dt> <a href="happy.html#id351304">
                 Is it really necessary to set a local Group Policy to exclude the redirected
                 folders from the roaming profile?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id352525"></a><a name="id352527"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id351050"></a><a name="id351052"></a></td><td align="left" valign="top"><p>
                 Why did you not cover secure practices? Isn't it rather irresponsible to instruct
                 network administrators to implement insecure solutions?
 …
                 that you should implement a network without provision for data recovery and for disaster
                 management? Back to our focus: The deployment of Samba has been clearly demonstrated.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352558"></a><a name="id352561"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351084"></a><a name="id351086"></a></td><td align="left" valign="top"><p>
                 You have focused much on SUSE Linux and little on the market leader, Red Hat. Do
                 you have a problem with Red Hat Linux? Doesn't that make your guidance irrelevant
 …
                 features of both products (companies also). No bias in presentation is intended.
                 Oh, before I forget, I particularly like Debian Linux; that is my favorite playground.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352600"></a><a name="id352603"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351126"></a><a name="id351128"></a></td><td align="left" valign="top"><p>
                 You did not use SWAT to configure Samba. Is there something wrong with it?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 and insecure. Many will not touch it with a barge-pole. By not introducing SWAT, I
                 hope to have brought their interests on board. SWAT is well covered is <span class="emphasis"><em>TOSHARG2</em></span>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352635"></a><a name="id352637"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351160"></a><a name="id351162"></a></td><td align="left" valign="top"><p>
                 You have exposed a well-used password <span class="emphasis"><em>not24get</em></span>. Is that
                 not irresponsible?
 …
                 used throughout. I guess you can figure out that in a real deployment it would make
                 sense to use a more secure and original password.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352657"></a><a name="id352660"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351183"></a><a name="id351185"></a></td><td align="left" valign="top"><p>
                 The Idealx smbldap-tools create many domain group accounts that are not used. Is that
                 a good thing?
 …
                 and, besides, it does no harm to create accounts that are not now used  at some time
                 Samba may well use them.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352681"></a><a name="id352683"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351206"></a><a name="id351208"></a></td><td align="left" valign="top"><p>
                 Can I use LDAP just for Samba accounts and not for UNIX system accounts?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 password files in sync? I think that having everything in LDAP makes a lot of sense
                 for the UNIX administrator who is still learning the craft and is migrating from MS Windows.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352701"></a><a name="id352703"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351227"></a><a name="id351229"></a></td><td align="left" valign="top"><p>
                 Why are the Windows domain RID portions not the same as the UNIX UID?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 permit you to override that to some extent. See the <code class="filename">smb.conf</code> man page entry
                 for <em class="parameter"><code>algorithmic rid base</code></em>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352732"></a><a name="id352735"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351258"></a><a name="id351260"></a></td><td align="left" valign="top"><p>
                 Printer configuration examples all show printing to the HP port 9100. Does this
                 mean that I must have HP printers for these solutions to work?
 …
                 argument to the <code class="constant">lpadmin -v</code> option that is right for your
                 printer.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352757"></a><a name="id352759"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351282"></a><a name="id351284"></a></td><td align="left" valign="top"><p>
                 Is folder redirection dangerous? I've heard that you can lose your data that way.
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 folder. That was not the case, so by declining to move the data back, he wiped out
                 the data. You cannot hold the tool responsible for that. Caveat emptor still applies.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id352779"></a><a name="id352781"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id351304"></a><a name="id351306"></a></td><td align="left" valign="top"><p>
                 Is it really necessary to set a local Group Policy to exclude the redirected
                 folders from the roaming profile?
 …
                 Yes. If you do not do this, the data will still be copied from the network folder
                 (share) to the local cached copy of the profile.
                 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id351153" href="#id351153" class="para">11</a>] </sup>
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id349677" href="#id349677" class="para">11</a>] </sup>
                         There is an alternate method by which a default user profile can be added to the
                         <code class="constant">NETLOGON</code> share. This facility in the Windows System tool

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/index.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Samba-3 by Example</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr01.html" title="About the Cover Artwork"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Samba-3 by Example</th></tr><tr><td width="20%" align="left"> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr></table><hr></div><div class="book" title="Samba-3 by Example"><div class="titlepage"><div><div><h1 class="title"><a name="S3bE"></a>Samba-3 by Example</h1></div><div><h2 class="subtitle">Practical Exercises in Successful Samba Deployment</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div><div><p class="pubdate">July, 2006</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="preface"><a href="pr01.html">About the Cover Artwork</a></span></dt><dt><span class="preface"><a href="pr02.html">Acknowledgments</a></span></dt><dt><span class="preface"><a href="pr03.html">Foreword</a></span></dt><dd><dl><dt><span class="sect1"><a href="pr03.html#id280658">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></dd><dt><span class="preface"><a href="preface.html">Preface</a></span></dt><dd><dl><dt><span class="sect1"><a href="preface.html#id280788">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id280825">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id280643">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id322292">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id322341">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id322920">Conventions Used</a></span></dt></dl></dd><dt><span class="part"><a href="ExNetworks.html">I. Example Network Configurations</a></span></dt><dd><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id323089">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id323120">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id323158">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id323803">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id326925">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id327308">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327326">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327416">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id327588">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327606">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id329058">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id329633">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id329652">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id329716">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id330143">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330177">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330386">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330398">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id330742">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330776">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id331530">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id335513">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id335566">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id341463">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id341540">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id341668">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id342070">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343725">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id343737">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id343908">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id350178">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id350194">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id350283">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id350512">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id350609">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350723">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id352365">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id352391">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id352420">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id352508">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id352846">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id352871">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352928">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id353175">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id353997">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id354011">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id357027">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id357166">Questions and Answers</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="DMSMig.html">II. Domain Members, Updating Samba and Migration</a></span></dt><dd><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id357946">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id357994">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358022">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id358046">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id358646">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358731">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id365002">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id365047">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id366117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id368988">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369064">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369115">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369276">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id369580">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369600">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id372263">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id372297">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id373183">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373359">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373431">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373599">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373608">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="part"><a href="RefSection.html">III. Reference Section</a></span></dt><dd><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id377126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id377710">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id377723">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378089">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id379573">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379908">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380465">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380830">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id381514">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id381636">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id382225">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382248">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382338">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id382367">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382513">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382530">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id384281">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id384336">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id384815">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id384892">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id385369">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id385810">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id386110">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id386178">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id386240">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id386332">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id386465">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id386548">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id386696">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id386894">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387559">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id387952">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388254">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388264">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388308">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388408">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388463">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id388919">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id389839">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id390270">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390409">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id390484">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id390627">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id390763">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id390813">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id390920">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391033">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id393121">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id393223">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A.
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Samba-3 by Example</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr01.html" title="About the Cover Artwork"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Samba-3 by Example</th></tr><tr><td width="20%" align="left"> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr></table><hr></div><div class="book" title="Samba-3 by Example"><div class="titlepage"><div><div><h1 class="title"><a name="S3bE"></a>Samba-3 by Example</h1></div><div><h2 class="subtitle">Practical Exercises in Successful Samba Deployment</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div><div><p class="pubdate">July, 2006</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="preface"><a href="pr01.html">About the Cover Artwork</a></span></dt><dt><span class="preface"><a href="pr02.html">Acknowledgments</a></span></dt><dt><span class="preface"><a href="pr03.html">Foreword</a></span></dt><dd><dl><dt><span class="sect1"><a href="pr03.html#id314105">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></dd><dt><span class="preface"><a href="preface.html">Preface</a></span></dt><dd><dl><dt><span class="sect1"><a href="preface.html#id281184">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id281221">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id280852">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id320789">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id320838">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id321418">Conventions Used</a></span></dt></dl></dd><dt><span class="part"><a href="ExNetworks.html">I. Example Network Configurations</a></span></dt><dd><dl><dt><span class="chapter"><a href="simple.html">1. No-Frills Samba Servers</a></span></dt><dd><dl><dt><span class="sect1"><a href="simple.html#id321589">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id321619">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id321657">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id322302">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id325424">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="small.html">2. Small Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="small.html#id325808">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id325825">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id325871">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id325916">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id326088">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id326106">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327557">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id328132">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id328152">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id328216">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="secure.html">3. Secure Office Networking</a></span></dt><dd><dl><dt><span class="sect1"><a href="secure.html#id328642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id328676">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id328885">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id328897">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id329242">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id329275">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id330030">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id334042">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id334095">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="Big500users.html">4. The 500-User Office</a></span></dt><dd><dl><dt><span class="sect1"><a href="Big500users.html#id334536">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id334566">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id334641">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id334670">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id334846">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id334866">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id335580">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336096">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id339071">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id339124">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="happy.html">5. Making Happy Users</a></span></dt><dd><dl><dt><span class="sect1"><a href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a></span></dt><dt><span class="sect1"><a href="happy.html#id339991">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id340067">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id340195">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id340598">Technical Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id342251">Political Issues</a></span></dt><dt><span class="sect2"><a href="happy.html#id342264">Installation Checklist</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id342434">Samba Server Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></span></dt><dt><span class="sect2"><a href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></span></dt><dt><span class="sect2"><a href="happy.html#sbehap-ptrcfg">Printer Configuration</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a></span></dt><dt><span class="sect1"><a href="happy.html#id348703">Miscellaneous Server Preparation Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#id348720">Configuring Directory Share Point Roots</a></span></dt><dt><span class="sect2"><a href="happy.html#id348809">Configuring Profile Directories</a></span></dt><dt><span class="sect2"><a href="happy.html#id349037">Preparation of Logon Scripts</a></span></dt><dt><span class="sect2"><a href="happy.html#id349135">Assigning User Rights and Privileges</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id349248">Windows Client Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></span></dt><dt><span class="sect2"><a href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></span></dt><dt><span class="sect2"><a href="happy.html#id350249">Configure Delete Cached Profiles on Logout</a></span></dt><dt><span class="sect2"><a href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></span></dt><dt><span class="sect2"><a href="happy.html#id350890">Software Installation</a></span></dt><dt><span class="sect2"><a href="happy.html#id350916">Roll-out Image Creation</a></span></dt></dl></dd><dt><span class="sect1"><a href="happy.html#id350946">Key Points Learned</a></span></dt><dt><span class="sect1"><a href="happy.html#id351033">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="net2000users.html">6. A Distributed 2000-User Network</a></span></dt><dd><dl><dt><span class="sect1"><a href="net2000users.html#id351371">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id351396">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id351452">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id351698">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id352520">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352534">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id355551">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id355690">Questions and Answers</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="DMSMig.html">II. Domain Members, Updating Samba and Migration</a></span></dt><dd><dl><dt><span class="chapter"><a href="unixclients.html">7. Adding Domain Member Servers and Clients</a></span></dt><dd><dl><dt><span class="sect1"><a href="unixclients.html#id356470">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id356518">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id356547">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id356570">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id357171">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id357255">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id363529">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id363573">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="upgrades.html">8. Updating Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="upgrades.html#id364642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id364726">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id365940">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366596">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id366712">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366809">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366993">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367371">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="ntmigration.html">9. Migrating NT4 Domain to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="ntmigration.html#id367517">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id367593">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id367644">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id367806">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id368109">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id368129">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id370790">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id370824">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="nw4migration.html">10. Migrating NetWare Server to Samba-3</a></span></dt><dd><dl><dt><span class="sect1"><a href="nw4migration.html#id371710">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id371809">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id371886">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id371958">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id372125">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id372134">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="part"><a href="RefSection.html">III. Reference Section</a></span></dt><dd><dl><dt><span class="chapter"><a href="kerberos.html">11. Active Directory, Kerberos, and Security</a></span></dt><dd><dl><dt><span class="sect1"><a href="kerberos.html#id375655">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id376238">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id376252">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id376618">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378100">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id378435">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id378992">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379357">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380041">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id380163">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="DomApps.html">12. Integrating Additional Services</a></span></dt><dd><dl><dt><span class="sect1"><a href="DomApps.html#id380752">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id380775">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id380865">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#id380894">Technical Issues</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id381040">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id381058">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></span></dt><dt><span class="sect2"><a href="DomApps.html#id382809">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="DomApps.html#id382864">Questions and Answers</a></span></dt></dl></dd><dt><span class="chapter"><a href="HA.html">13. Performance, Reliability, and Availability</a></span></dt><dd><dl><dt><span class="sect1"><a href="HA.html#id383342">Introduction</a></span></dt><dt><span class="sect1"><a href="HA.html#id383418">Dissection and Discussion</a></span></dt><dt><span class="sect1"><a href="HA.html#id383870">Guidelines for Reliable Samba Operation</a></span></dt><dd><dl><dt><span class="sect2"><a href="HA.html#id383895">Name Resolution</a></span></dt><dt><span class="sect2"><a href="HA.html#id384336">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="HA.html#id384636">Use and Location of BDCs</a></span></dt><dt><span class="sect2"><a href="HA.html#id384704">Use One Consistent Version of MS Windows Client</a></span></dt><dt><span class="sect2"><a href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></span></dt><dt><span class="sect2"><a href="HA.html#id384766">Distribute Network Load with MSDFS</a></span></dt><dt><span class="sect2"><a href="HA.html#id384817">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></span></dt><dt><span class="sect2"><a href="HA.html#id384858">Hardware Problems</a></span></dt><dt><span class="sect2"><a href="HA.html#id384991">Large Directories</a></span></dt></dl></dd><dt><span class="sect1"><a href="HA.html#id385073">Key Points Learned</a></span></dt></dl></dd><dt><span class="chapter"><a href="ch14.html">14. Samba Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="ch14.html#id385222">Free Support</a></span></dt><dt><span class="sect1"><a href="ch14.html#id385420">Commercial Support</a></span></dt></dl></dd><dt><span class="chapter"><a href="appendix.html">15. A Collection of Useful Tidbits</a></span></dt><dd><dl><dt><span class="sect1"><a href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386084">Samba System File Location</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386477">Starting Samba</a></span></dt><dt><span class="sect1"><a href="appendix.html#id386779">DNS Configuration Files</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id386790">The Forward Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id386834">The Reverse Zone File for the Loopback Adaptor</a></span></dt><dt><span class="sect2"><a href="appendix.html#id386933">DNS Root Server Hint File</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id386988">Initialization of the LDAP Database</a></span></dt></dl></dd><dt><span class="sect1"><a href="appendix.html#id387443">The LDAP Account Manager</a></span></dt><dt><span class="sect1"><a href="appendix.html#id388364">IDEALX Management Console</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></span></dt><dt><span class="sect1"><a href="appendix.html#ch12dblck">Shared Data Integrity</a></span></dt><dd><dl><dt><span class="sect2"><a href="appendix.html#id388795">Microsoft Access</a></span></dt><dt><span class="sect2"><a href="appendix.html#id388933">Act! Database Sharing</a></span></dt><dt><span class="sect2"><a href="appendix.html#id389009">Opportunistic Locking Controls</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="primer.html">16. Networking Primer</a></span></dt><dd><dl><dt><span class="sect1"><a href="primer.html#id389151">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id389288">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id389338">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id389445">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id389558">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id390654">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id391645">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391746">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></dd><dt><span class="appendix"><a href="apa.html">A.
     <acronym class="acronym">GNU</acronym> General Public License version 3
   </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id393828">A.
+  </a></span></dt><dd><dl><dt><span class="bridgehead"><a href="apa.html#id392352">A.
     Preamble
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393937">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392460">A.
     TERMS AND CONDITIONS
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393940">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392464">A.
 . Definitions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394004">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392528">A.
 . Source Code.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394066">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392590">A.
 . Basic Permissions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394094">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392617">A.
 . Protecting Users&#8217; Legal Rights From Anti-Circumvention Law.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394116">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392639">A.
 . Conveying Verbatim Copies.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394135">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392659">A.
 . Conveying Modified Source Versions.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394207">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392731">A.
 . Conveying Non-Source Forms.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394339">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392863">A.
 . Additional Terms.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394444">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id392969">A.
 . Termination.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394476">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393000">A.
 . Acceptance Not Required for Having Copies.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394495">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393019">A.
 . Automatic Licensing of Downstream Recipients.
    </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394529">A.
+   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393053">A.
 . Patents.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394618">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393142">A.
 . No Surrender of Others&#8217; Freedom.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394633">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393158">A.
 . Use with the ???TITLE??? Affero General Public License.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394657">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393181">A.
 . Revised Versions of this License.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394704">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393229">A.
 . Disclaimer of Warranty.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394722">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393246">A.
 . Limitation of Liability.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394736">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393261">A.
 . Interpretation of Sections 15 and 16.
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394749">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393273">A.
     END OF TERMS AND CONDITIONS
   </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id394752">A.
+  </a></span></dt><dt><span class="bridgehead"><a href="apa.html#id393277">A.
     How to Apply These Terms to Your New Programs
   </a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="go01.html">Glossary</a></span></dt><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div><div class="list-of-figures"><p><b>List of Figures</b></p><dl><dt>1.1. <a href="simple.html#charitynet">Charity Administration Office Network</a></dt><dt>1.2. <a href="simple.html#acctingnet2">Accounting Office Network Topology</a></dt><dt>2.1. <a href="small.html#acct2net">Abmas Accounting  52-User Network Topology</a></dt><dt>3.1. <a href="secure.html#ch04net">Abmas Network Topology  130 Users</a></dt><dt>4.1. <a href="Big500users.html#chap05net">Network Topology  500 User Network Using tdbsam passdb backend.</a></dt><dt>5.1. <a href="happy.html#sbehap-LDAPdiag">The Interaction of LDAP, UNIX Posix Accounts and Samba Accounts</a></dt><dt>5.2. <a href="happy.html#chap6net">Network Topology  500 User Network Using ldapsam passdb backend</a></dt><dt>5.3. <a href="happy.html#XP-screen001">Windows XP Professional  User Shared Folders</a></dt><dt>6.1. <a href="net2000users.html#chap7idres">Samba and Authentication Backend Search Pathways</a></dt><dt>6.2. <a href="net2000users.html#ch7singleLDAP">Samba Configuration to Use a Single LDAP Server</a></dt><dt>6.3. <a href="net2000users.html#ch7dualLDAP">Samba Configuration to Use a Dual (Fail-over) LDAP Server</a></dt><dt>6.4. <a href="net2000users.html#ch7dualadd">Samba Configuration to Use Dual LDAP Databases - Broken - Do Not Use!</a></dt><dt>6.5. <a href="net2000users.html#ch7dualok">Samba Configuration to Use Two LDAP Databases - The result is additive.</a></dt><dt>6.6. <a href="net2000users.html#chap7net">Network Topology  2000 User Complex Design A</a></dt><dt>6.7. <a href="net2000users.html#chap7net2">Network Topology  2000 User Complex Design B</a></dt><dt>7.1. <a href="unixclients.html#ch09openmag">Open Magazine Samba Survey</a></dt><dt>7.2. <a href="unixclients.html#ch9-sambadc">Samba Domain: Samba Member Server</a></dt><dt>7.3. <a href="unixclients.html#ch9-adsdc">Active Directory Domain: Samba Member Server</a></dt><dt>9.1. <a href="ntmigration.html#ch8-migration">Schematic Explaining the <code class="literal">net rpc vampire</code> Process</a></dt><dt>9.2. <a href="ntmigration.html#NT4DUM">View of Accounts in NT4 Domain User Manager</a></dt><dt>15.1. <a href="appendix.html#swxpp001">The General Panel.</a></dt><dt>15.2. <a href="appendix.html#swxpp004">The Computer Name Panel.</a></dt><dt>15.3. <a href="appendix.html#swxpp006">The Computer Name Changes Panel</a></dt><dt>15.4. <a href="appendix.html#swxpp007">The Computer Name Changes Panel  Domain MIDEARTH</a></dt><dt>15.5. <a href="appendix.html#swxpp008">Computer Name Changes  User name and Password Panel</a></dt><dt>15.6. <a href="appendix.html#lam-login">The LDAP Account Manager Login Screen</a></dt><dt>15.7. <a href="appendix.html#lam-config">The LDAP Account Manager Configuration Screen</a></dt><dt>15.8. <a href="appendix.html#lam-user">The LDAP Account Manager User Edit Screen</a></dt><dt>15.9. <a href="appendix.html#lam-group">The LDAP Account Manager Group Edit Screen</a></dt><dt>15.10. <a href="appendix.html#lam-group-mem">The LDAP Account Manager Group Membership Edit Screen</a></dt><dt>15.11. <a href="appendix.html#lam-host">The LDAP Account Manager Host Edit Screen</a></dt><dt>15.12. <a href="appendix.html#imcidealx">The IMC Samba User Account Screen</a></dt><dt>16.1. <a href="primer.html#pktcap01">Windows Me  Broadcasts  The First 10 Minutes</a></dt><dt>16.2. <a href="primer.html#pktcap02">Windows Me  Later Broadcast Sample</a></dt><dt>16.3. <a href="primer.html#hostannounce">Typical Windows 9x/Me Host Announcement</a></dt><dt>16.4. <a href="primer.html#nullconnect">Typical Windows 9x/Me NULL SessionSetUp AndX Request</a></dt><dt>16.5. <a href="primer.html#userconnect">Typical Windows 9x/Me User SessionSetUp AndX Request</a></dt><dt>16.6. <a href="primer.html#XPCap01">Typical Windows XP NULL Session Setup AndX Request</a></dt><dt>16.7. <a href="primer.html#XPCap02">Typical Windows XP User Session Setup AndX Request</a></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>1. <a href="preface.html#pref-new">Samba Changes  3.0.2 to 3.0.20</a></dt><dt>1.1. <a href="simple.html#acctingnet">Accounting Office Network Information</a></dt><dt>3.1. <a href="secure.html#chap4netid">Abmas.US ISP Information</a></dt><dt>3.2. <a href="secure.html#namedrscfiles">DNS (named) Resource Files</a></dt><dt>4.1. <a href="Big500users.html#ch5-filelocations">Domain: <code class="constant">MEGANET</code>, File Locations for Servers</a></dt><dt>5.1. <a href="happy.html#sbehap-privs">Current Privilege Capabilities</a></dt><dt>5.2. <a href="happy.html#oldapreq">Required OpenLDAP Linux Packages</a></dt><dt>5.3. <a href="happy.html#sbehap-bigacct">Abmas Network Users and Groups</a></dt><dt>5.4. <a href="happy.html#proffold">Default Profile Redirections</a></dt><dt>9.1. <a href="ntmigration.html#ch8-vampire">Samba <code class="filename">smb.conf</code> Scripts Essential to Samba Operation</a></dt><dt>13.1. <a href="HA.html#ProbList">Effect of Common Problems</a></dt><dt>16.1. <a href="primer.html#capsstats01">Windows Me  Startup Broadcast Capture Statistics</a></dt><dt>16.2. <a href="primer.html#capsstats02">Second Machine (Windows 98)  Capture Statistics</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>1.1. <a href="simple.html#draft-smbconf">Drafting Office <code class="filename">smb.conf</code> File</a></dt><dt>1.2. <a href="simple.html#charity-smbconfnew">Charity Administration Office <code class="filename">smb.conf</code> New-style File</a></dt><dt>1.3. <a href="simple.html#charity-smbconf">Charity Administration Office <code class="filename">smb.conf</code> Old-style File</a></dt><dt>1.4. <a href="simple.html#MEreg">Windows Me  Registry Edit File: Disable Password Caching</a></dt><dt>1.5. <a href="simple.html#acctconf">Accounting Office Network <code class="filename">smb.conf</code> Old Style Configuration File</a></dt><dt>2.1. <a href="small.html#initGrps">Script to Map Windows NT Groups to UNIX Groups</a></dt><dt>2.2. <a href="small.html#dhcp01">Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></a></dt><dt>2.3. <a href="small.html#acct2conf">Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</a></dt><dt>2.4. <a href="small.html#acct3conf">Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</a></dt><dt>3.1. <a href="secure.html#ch4memoryest">Estimation of Memory Requirements</a></dt><dt>3.2. <a href="secure.html#ch4diskest">Estimation of Disk Storage Requirements</a></dt><dt>3.3. <a href="secure.html#ch4natfw">NAT Firewall Configuration Script</a></dt><dt>3.4. <a href="secure.html#promisnet">130 User Network with <span class="emphasis"><em>tdbsam</em></span>  [globals] Section</a></dt><dt>3.5. <a href="secure.html#promisnetsvca">130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part A</a></dt><dt>3.6. <a href="secure.html#promisnetsvcb">130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part B</a></dt><dt>3.7. <a href="secure.html#ch4initGrps">Script to Map Windows NT Groups to UNIX Groups</a></dt><dt>3.8. <a href="secure.html#prom-dhcp">DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></a></dt><dt>3.9. <a href="secure.html#ch4namedcfg">DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Master Section</a></dt><dt>3.10. <a href="secure.html#ch4namedvarfwd">DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Forward Lookup Definition Section</a></dt><dt>3.11. <a href="secure.html#ch4namedvarrev">DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Reverse Lookup Definition Section</a></dt><dt>3.12. <a href="secure.html#eth1zone">DNS 192.168.1 Reverse Zone File</a></dt><dt>3.13. <a href="secure.html#eth2zone">DNS 192.168.2 Reverse Zone File</a></dt><dt>3.14. <a href="secure.html#abmasbiz">DNS Abmas.biz Forward Zone File</a></dt><dt>3.15. <a href="secure.html#abmasus">DNS Abmas.us Forward Zone File</a></dt><dt>4.1. <a href="Big500users.html#ch5-massivesmb">Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></a></dt><dt>4.2. <a href="Big500users.html#ch5-dc-common">Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></a></dt><dt>4.3. <a href="Big500users.html#ch5-commonsmb">Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></a></dt><dt>4.4. <a href="Big500users.html#ch5-bldg1-smb">Server: BLDG1 (Member), File: smb.conf</a></dt><dt>4.5. <a href="Big500users.html#ch5-bldg2-smb">Server: BLDG2 (Member), File: smb.conf</a></dt><dt>4.6. <a href="Big500users.html#ch5-dommem-smb">Common Domain Member Include File: dom-mem.conf</a></dt><dt>4.7. <a href="Big500users.html#massive-dhcp">Server: MASSIVE, File: dhcpd.conf</a></dt><dt>4.8. <a href="Big500users.html#bldg1dhcp">Server: BLDG1, File: dhcpd.conf</a></dt><dt>4.9. <a href="Big500users.html#bldg2dhcp">Server: BLDG2, File: dhcpd.conf</a></dt><dt>4.10. <a href="Big500users.html#massive-nameda">Server: MASSIVE, File: named.conf, Part: A</a></dt><dt>4.11. <a href="Big500users.html#massive-namedb">Server: MASSIVE, File: named.conf, Part: B</a></dt><dt>4.12. <a href="Big500users.html#massive-namedc">Server: MASSIVE, File: named.conf, Part: C</a></dt><dt>4.13. <a href="Big500users.html#abmasbizdns">Forward Zone File: abmas.biz.hosts</a></dt><dt>4.14. <a href="Big500users.html#abmasusdns">Forward Zone File: abmas.biz.hosts</a></dt><dt>4.15. <a href="Big500users.html#bldg12nameda">Servers: BLDG1/BLDG2, File: named.conf, Part: A</a></dt><dt>4.16. <a href="Big500users.html#bldg12namedb">Servers: BLDG1/BLDG2, File: named.conf, Part: B</a></dt><dt>4.17. <a href="Big500users.html#ch5-initgrps">Initialize Groups Script, File: /etc/samba/initGrps.sh</a></dt><dt>5.1. <a href="happy.html#sbehap-dbconf">LDAP DB_CONFIG File</a></dt><dt>5.2. <a href="happy.html#sbehap-slapdconf">LDAP Master Configuration File  <code class="filename">/etc/openldap/slapd.conf</code> Part A</a></dt><dt>5.3. <a href="happy.html#sbehap-slapdconf2">LDAP Master Configuration File  <code class="filename">/etc/openldap/slapd.conf</code> Part B</a></dt><dt>5.4. <a href="happy.html#sbehap-nss01">Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></a></dt><dt>5.5. <a href="happy.html#sbehap-nss02">Configuration File for NSS LDAP Clients Support  <code class="filename">/etc/ldap.conf</code></a></dt><dt>5.6. <a href="happy.html#sbehap-massive-smbconfa">LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part A</a></dt><dt>5.7. <a href="happy.html#sbehap-massive-smbconfb">LDAP Based <code class="filename">smb.conf</code> File, Server: MASSIVE  global Section: Part B</a></dt><dt>5.8. <a href="happy.html#sbehap-bldg1-smbconf">LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG1</a></dt><dt>5.9. <a href="happy.html#sbehap-bldg2-smbconf">LDAP Based <code class="filename">smb.conf</code> File, Server: BLDG2</a></dt><dt>5.10. <a href="happy.html#sbehap-shareconfa">LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part A</a></dt><dt>5.11. <a href="happy.html#sbehap-shareconfb">LDAP Based <code class="filename">smb.conf</code> File, Shares Section  Part B</a></dt><dt>5.12. <a href="happy.html#sbehap-ldifadd">LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</a></dt><dt>6.1. <a href="net2000users.html#ch7-LDAP-master">LDAP Master Server Configuration File  <code class="filename">/etc/openldap/slapd.conf</code></a></dt><dt>6.2. <a href="net2000users.html#ch7-LDAP-slave">LDAP Slave Configuration File  <code class="filename">/etc/openldap/slapd.conf</code></a></dt><dt>6.3. <a href="net2000users.html#ch7-massmbconfA">Primary Domain Controller <code class="filename">smb.conf</code> File  Part A</a></dt><dt>6.4. <a href="net2000users.html#ch7-massmbconfB">Primary Domain Controller <code class="filename">smb.conf</code> File  Part B</a></dt><dt>6.5. <a href="net2000users.html#ch7-massmbconfC">Primary Domain Controller <code class="filename">smb.conf</code> File  Part C</a></dt><dt>6.6. <a href="net2000users.html#ch7-slvsmbocnfA">Backup Domain Controller <code class="filename">smb.conf</code> File  Part A</a></dt><dt>6.7. <a href="net2000users.html#ch7-slvsmbocnfB">Backup Domain Controller <code class="filename">smb.conf</code> File  Part B</a></dt><dt>7.1. <a href="unixclients.html#ch9-sdmsdc">Samba Domain Member in Samba Domain Using LDAP  <code class="filename">smb.conf</code> File</a></dt><dt>7.2. <a href="unixclients.html#ch9-ldifadd">LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</a></dt><dt>7.3. <a href="unixclients.html#ch9-sdmlcnf">Configuration File for NSS LDAP Support  <code class="filename">/etc/ldap.conf</code></a></dt><dt>7.4. <a href="unixclients.html#ch9-sdmnss">NSS using LDAP for Identity Resolution  File: <code class="filename">/etc/nsswitch.conf</code></a></dt><dt>7.5. <a href="unixclients.html#ch0-NT4DSDM">Samba Domain Member Server Using Winbind <code class="filename">smb.conf</code> File for NT4 Domain</a></dt><dt>7.6. <a href="unixclients.html#ch0-NT4DSCM">Samba Domain Member Server Using Local Accounts <code class="filename">smb.conf</code> File for NT4 Domain</a></dt><dt>7.7. <a href="unixclients.html#ch9-adssdm">Samba Domain Member <code class="filename">smb.conf</code> File for Active Directory Membership</a></dt><dt>7.8. <a href="unixclients.html#sbe-idmapridex">Example <code class="filename">smb.conf</code> File Using <code class="constant">idmap_rid</code></a></dt><dt>7.9. <a href="unixclients.html#sbeunxa">Typical ADS Style Domain <code class="filename">smb.conf</code> File</a></dt><dt>7.10. <a href="unixclients.html#sbewinbindex">ADS Membership Using RFC2307bis Identity Resolution <code class="filename">smb.conf</code> File</a></dt><dt>7.11. <a href="unixclients.html#ch9-pamwnbdlogin">SUSE: PAM <code class="filename">login</code> Module Using Winbind</a></dt><dt>7.12. <a href="unixclients.html#ch9-pamwbndxdm">SUSE: PAM <code class="filename">xdm</code> Module Using Winbind</a></dt><dt>7.13. <a href="unixclients.html#ch9-rhsysauth">Red Hat 9: PAM System Authentication File: <code class="filename">/etc/pam.d/system-auth</code> Module Using Winbind</a></dt><dt>9.1. <a href="ntmigration.html#sbent4smb">NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: A</a></dt><dt>9.2. <a href="ntmigration.html#sbent4smb2">NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: B</a></dt><dt>9.3. <a href="ntmigration.html#sbentslapd">NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part A</a></dt><dt>9.4. <a href="ntmigration.html#sbentslapd2">NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part B</a></dt><dt>9.5. <a href="ntmigration.html#sbrntldapconf">NT4 Migration NSS LDAP File: <code class="filename">/etc/ldap.conf</code></a></dt><dt>9.6. <a href="ntmigration.html#sbentnss">NT4 Migration NSS Control File: <code class="filename">/etc/nsswitch.conf</code> (Stage:1)</a></dt><dt>9.7. <a href="ntmigration.html#sbentnss2">NT4 Migration NSS Control File: <code class="filename">/etc/nsswitch.conf</code> (Stage:2)</a></dt><dt>10.1. <a href="nw4migration.html#sbeamg">A Rough Tool to Create an LDIF File from the System Account Files</a></dt><dt>10.2. <a href="nw4migration.html#ch8ldap">NSS LDAP Control File  /etc/ldap.conf</a></dt><dt>10.3. <a href="nw4migration.html#sbepu2">The PAM Control File <code class="filename">/etc/security/pam_unix2.conf</code></a></dt><dt>10.4. <a href="nw4migration.html#ch8smbconf">Samba Configuration File  smb.conf Part A</a></dt><dt>10.5. <a href="nw4migration.html#ch8smbconf2">Samba Configuration File  smb.conf Part B</a></dt><dt>10.6. <a href="nw4migration.html#ch8smbconf3">Samba Configuration File  smb.conf Part C</a></dt><dt>10.7. <a href="nw4migration.html#ch8smbconf4">Samba Configuration File  smb.conf Part D</a></dt><dt>10.8. <a href="nw4migration.html#ch8smbconf5">Samba Configuration File  smb.conf Part E</a></dt><dt>10.9. <a href="nw4migration.html#sbersync">Rsync Script</a></dt><dt>10.10. <a href="nw4migration.html#sbexcld">Rsync Files Exclusion List  <code class="filename">/root/excludes.txt</code></a></dt><dt>10.11. <a href="nw4migration.html#ch8ideal">Idealx smbldap-tools Control File  Part A</a></dt><dt>10.12. <a href="nw4migration.html#ch8ideal2">Idealx smbldap-tools Control File  Part B</a></dt><dt>10.13. <a href="nw4migration.html#ch8ideal3">Idealx smbldap-tools Control File  Part C</a></dt><dt>10.14. <a href="nw4migration.html#ch8ideal4">Idealx smbldap-tools Control File  Part D</a></dt><dt>10.15. <a href="nw4migration.html#ch8kix">Kixtart Control File  File: logon.kix</a></dt><dt>10.16. <a href="nw4migration.html#ch8kix2">Kixtart Control File  File: main.kix</a></dt><dt>10.17. <a href="nw4migration.html#ch8kix3">Kixtart Control File  File: setup.kix, Part A</a></dt><dt>10.18. <a href="nw4migration.html#ch8kix3b">Kixtart Control File  File: setup.kix, Part B</a></dt><dt>10.19. <a href="nw4migration.html#ch8kix4">Kixtart Control File  File: acct.kix</a></dt><dt>12.1. <a href="DomApps.html#ch10-krb5conf">Kerberos Configuration  File: <code class="filename">/etc/krb5.conf</code></a></dt><dt>12.2. <a href="DomApps.html#ch10-smbconf">Samba Configuration  File: <code class="filename">/etc/samba/smb.conf</code></a></dt><dt>12.3. <a href="DomApps.html#ch10-etcnsscfg">NSS Configuration File Extract  File: <code class="filename">/etc/nsswitch.conf</code></a></dt><dt>12.4. <a href="DomApps.html#etcsquidcfg">Squid Configuration File Extract  <code class="filename">/etc/squid.conf</code> [ADMINISTRATIVE PARAMETERS Section]</a></dt><dt>12.5. <a href="DomApps.html#etcsquid2">Squid Configuration File extract  File: <code class="filename">/etc/squid.conf</code> [AUTHENTICATION PARAMETERS Section]</a></dt><dt>15.1. <a href="appendix.html#ch12SL">A Useful Samba Control Script for SUSE Linux</a></dt><dt>15.2. <a href="appendix.html#ch12RHscript">A Sample Samba Control Script for Red Hat Linux</a></dt><dt>15.3. <a href="appendix.html#loopback">DNS Localhost Forward Zone File: <code class="filename">/var/lib/named/localhost.zone</code></a></dt><dt>15.4. <a href="appendix.html#dnsloopy">DNS Localhost Reverse Zone File: <code class="filename">/var/lib/named/127.0.0.zone</code></a></dt><dt>15.5. <a href="appendix.html#roothint">DNS Root Name Server Hint File: <code class="filename">/var/lib/named/root.hint</code></a></dt><dt>15.6. <a href="appendix.html#sbehap-ldapreconfa">LDAP Pre-configuration Script: <code class="filename">SMBLDAP-ldif-preconfig.sh</code>  Part A</a></dt><dt>15.7. <a href="appendix.html#sbehap-ldapreconfb">LDAP Pre-configuration Script: <code class="filename">SMBLDAP-ldif-preconfig.sh</code>  Part B</a></dt><dt>15.8. <a href="appendix.html#sbehap-ldapreconfc">LDAP Pre-configuration Script: <code class="filename">SMBLDAP-ldif-preconfig.sh</code>  Part C</a></dt><dt>15.9. <a href="appendix.html#sbehap-ldifpata">LDIF Pattern File Used to Pre-configure LDAP  Part A</a></dt><dt>15.10. <a href="appendix.html#sbehap-ldifpatb">LDIF Pattern File Used to Pre-configure LDAP  Part B</a></dt><dt>15.11. <a href="appendix.html#lamcfg">Example LAM Configuration File  <code class="filename">config.cfg</code></a></dt><dt>15.12. <a href="appendix.html#lamconf">LAM Profile Control File  <code class="filename">lam.conf</code></a></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="pr01.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> About the Cover Artwork</td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ix01.html

r599	r739
1		<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Index</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Index</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="index" title="Index"><div class="titlepage"><div><div><h2 class="title"><a name="id395334"></a>Index</h2></div></div></div><div class="index"><div class="indexdiv"><h3>Symbols</h3><dl><dt>%LOGONSERVER%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>%USERNAME%, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id342818">Profile Changes</a></dt><dt>%USERPROFILE%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>/data/ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>/etc/cups/mime.convs, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/cups/mime.types, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/dhcpd.conf, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>/etc/exports, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>/etc/group, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/hosts, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>/etc/krb5.conf, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>/etc/ldap.conf, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>/etc/mime.convs, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/mime.types, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/named.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>/etc/nsswitch.conf, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>/etc/openldap/slapd.conf, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>/etc/passwd, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>/etc/rc.d/boot.local, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>/etc/rc.d/rc.local, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>/etc/resolv.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>/etc/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/etc/samba/secrets.tdb, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>/etc/samba/smbusers, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>/etc/shadow, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>/etc/squid/squid.conf, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/syslog.conf, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>/etc/xinetd.d, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>/lib/libnss_ldap.so.2, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>/opt/IDEALX/sbin, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>/proc/sys/net/ipv4/ip_forward, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>/usr/bin, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/lib/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/local, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/local/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/local/samba/var/locks, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/usr/sbin, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/share, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/share/samba/swat, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/usr/share/swat, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/var/cache/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/var/lib/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>/var/log/ldaplogs, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>/var/log/samba, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>8-bit, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt></dl></div><div class="indexdiv"><h3></h3><dl><dt>, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="Big500users.html#id336338">Implementation</a>, <a class="indexterm" href="happy.html#sbehap-ppc">Addition of Machines to the Domain</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a></dt><dd><dl><dt>Domain account, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>liability, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>logon, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>problem, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>transparent inter-operability, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>A</h3><dl><dt>abmas-netfw.sh, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>accept, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>accepts liability, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>access, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>access control, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a>, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>Access Control Lists (see ACLs)</dt><dt>access control settings, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>access controls, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>accessible, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>account, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dd><dl><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>account credentials, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>account information, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>account names, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>account policies, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>accountable, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>accounts</dt><dd><dl><dt>authoritative, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Domain, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>machine, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>manage, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>user, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt></dl></dd><dt>ACL, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>ACLs, <a class="indexterm" href="happy.html#id352420">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>acquisitions, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Act!, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>ACT! database, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>Act!Diag, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>Active Directory, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id357994">Assignment Tasks</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>authentication, <a class="indexterm" href="DomApps.html#id383905">Squid Configuration</a></dt><dt>domain, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>management tools, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>realm, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>Replacement, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>tree, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt></dl></dd><dt>active directory, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>AD printer publishing, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>ADAM, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>add group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add machine script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>Add Printer Wizard</dt><dd><dl><dt>APW, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>add user script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add user to group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>adduser, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>adequate precautions, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>administrative installation, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>administrative rights, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>administrator, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>ADMT, <a class="indexterm" href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></dt><dt>ADS, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>affordability, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>alarm, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>algorithm, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>allow trusted domains, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>alternative, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>analysis, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>anonymous connection, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>Apache Web server, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>appliance mode, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>application server, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>application servers, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>application/octet-stream, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>APW, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>arp, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>assessment, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>assistance, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>assumptions, <a class="indexterm" href="HA.html#id386548">Key Points Learned</a></dt><dt>authconfig, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>authenticate, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>authenticated, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dt>authenticated connection, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>authentication, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dd><dl><dt>plain-text, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></dd><dt>authentication process, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>authentication protocols, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt><dt>authoritative, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>authorized location, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>auto-generated SID, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>automatically allocate, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>availability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt></dl></div><div class="indexdiv"><h3>B</h3><dl><dt>backends, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>background communication, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>Backup, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Backup Domain Controller (see BDC)</dt><dt>bandwidth, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dd><dl><dt>requirements, <a class="indexterm" href="net2000users.html#id353212">User Needs</a></dt></dl></dd><dt>bandwidth calculations, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>BDC, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id357027">Key Points Learned</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>benefit, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>best practices, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>bias, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>binary database, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>binary files, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>binary package, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>bind interfaces only, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>broadcast, <a class="indexterm" href="HA.html#id385556">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>directed, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>mailslot, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>broadcast messages, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>broadcast storms, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>broken, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>broken behavior, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>browse, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>browse master, <a class="indexterm" href="primer.html#id391158">Findings</a></dt><dt>Browse Master, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browse.dat, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>Browser Election Service, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browsing, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dt>budgetted, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>bug fixes, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>bug report, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt></dl></div><div class="indexdiv"><h3>C</h3><dl><dt>cache, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt><dt>cache directories, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>caching, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>case-sensitive, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>centralized storage, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>character set, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>check samba daemons, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>check-point, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>check-point controls, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>Checkpoint Controls, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>chgrp, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>chkconfig, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>chmod, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>choice, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>chown, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>CIFS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="primer.html#id391158">Findings</a></dt><dt>cifsfs, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>clean database, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>clients per DC, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Clock skew, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>cluster, <a class="indexterm" href="HA.html#id384815">Introduction</a></dt><dt>clustering, <a class="indexterm" href="HA.html#id384815">Introduction</a>, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>code maintainer, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>codepage, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>collision rates, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>commercial, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>commercial software, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>commercial support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id386894">Commercial Support</a></dt><dt>Common Internet File System (see CIFS)</dt><dt>comparison</dt><dd><dl><dt>Active Directory & OpenLDAP, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt></dl></dd><dt>compat, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>compatible, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>compile-time, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>complexities, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>compromise, <a class="indexterm" href="happy.html#id341463">Introduction</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>computer account, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Computer Management, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>computer name, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>condemns, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>conferences, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>configuration files, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>configure.pl, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>connection, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>connectivity, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>consequential risk, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>consultant, <a class="indexterm" href="simple.html#id323158">Drafting Office</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>consumer, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>consumer expects, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>contiguous directory, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>contributions, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>control files, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>convmv, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>copy, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>corrective action, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>cost, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>cost-benefit, <a class="indexterm" href="nw4migration.html#id373282">Assignment Tasks</a></dt><dt>country of origin, <a class="indexterm" href="ch14.html#id386894">Commercial Support</a></dt><dt>Courier-IMAP, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>credential, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>credentials, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>crippled, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>criticism, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Critics, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Cryptographic, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>CUPS, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="small.html#id329652">Key Points Learned</a>, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dd><dl><dt>queue, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt></dl></dd><dt>cupsd, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>customer expected, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>customers, <a class="indexterm" href="ch14.html">Samba Support</a></dt></dl></div><div class="indexdiv"><h3>D</h3><dl><dt>daemon, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>daemon control, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>data</dt><dd><dl><dt>corruption, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>integrity, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt></dl></dd><dt>data corruption, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a>, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>data integrity, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a>, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>data storage, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>database, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>database applications, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>DB_CONFIG, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>DCE, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>DDNS (see dynamic DNS)</dt><dt>Debian, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>default installation, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>default password, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>default profile, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>Default User, <a class="indexterm" href="happy.html#id342818">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>defective</dt><dd><dl><dt>cables, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>HUBs, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>switches, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt></dl></dd><dt>defects, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>defensible standards, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>defragmentation, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a></dt><dt>delete group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delete user from group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delimiter, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>dependability, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>deployment, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>desired security setting, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>development, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>DHCP, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="small.html#id329652">Key Points Learned</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dd><dl><dt>client, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>relay, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a></dt><dt>Relay Agent, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>request, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>requests, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a></dt><dt>servers, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>traffic, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt></dl></dd><dt>dhcp client validation, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>DHCP Server, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>DHCP server, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>diagnostic, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>diffusion, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>digital rights, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>digital sign'n'seal, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>digits, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>diligence, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>directory, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dd><dl><dt>Computers container, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>management, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>People container, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>replication, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>schema, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>server, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>synchronization, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt></dl></dd><dt>directory tree, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>disable, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>disaster recovery, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>disk image, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>disruptive, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>distributed, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="HA.html#id386240">Distribute Network Load with MSDFS</a></dt><dt>distributed domain, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>DMB, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>DMS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>DNS, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>configuration, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>Dynamic, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>dynamic, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>lookup, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>name lookup, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>SRV records, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>suffix, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></dd><dt>DNS server, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>document the settings, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>documentation, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>documented, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>Domain, <a class="indexterm" href="small.html#id327416">Technical Issues</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id327416">Technical Issues</a></dt></dl></dd><dt>domain</dt><dd><dl><dt>Active Directory, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>controller, <a class="indexterm" href="upgrades.html#id368664">Replacing a Domain Controller</a></dt><dt>joining, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>trusted, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt></dl></dd><dt>Domain accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Domain Administrator, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>Domain Controller, <a class="indexterm" href="small.html#id329652">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358731">Implementation</a>, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dd><dl><dt>closest, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>domain controller, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>domain controllers, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Domain Controllers, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>Domain Groups</dt><dd><dl><dt>well-known, <a class="indexterm" href="appendix.html#id388463">Initialization of the LDAP Database</a></dt></dl></dd><dt>Domain join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>domain master, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt><dt>Domain Master Browser (see DMB)</dt><dt>Domain Member, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dd><dl><dt>authoritative</dt><dd><dl><dt>local accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt></dl></dd><dt>client, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>desktop, <a class="indexterm" href="unixclients.html#id357946">Introduction</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id357946">Introduction</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358731">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>servers, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>workstations, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt></dl></dd><dt>domain member</dt><dd><dl><dt>servers, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt></dl></dd><dt>Domain Member server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Domain Member servers, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>domain members, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>domain name space, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>domain replication, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>domain SID, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>Domain SID, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>domain tree, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>Domain User Manager, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a></dt><dt>Domain users, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>DOS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>dos2unix, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>down-grade, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>drive letters, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>drive mapping, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>dumb printing, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>dump, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>duplicate accounts, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>dynamic DNS, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>E</h3><dl><dt>e-Directory, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>Easy Software Products, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>economically sustainable, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>eDirectory, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>education, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>election, <a class="indexterm" href="primer.html#id391158">Findings</a></dt><dt>employment, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>enable, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>encrypted, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>encrypted password, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>encrypted passwords, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>End User License Agreement (see EULA)</dt><dt>enumerating, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>essential, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>ethereal, <a class="indexterm" href="primer.html#id390920">Exercises</a></dt><dt>Ethernet switch, <a class="indexterm" href="small.html#id327416">Technical Issues</a></dt><dt>ethernet switch, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>EULA, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>Everyone, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>Excel, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>exclusive open, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt><dt>experiment, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>export, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>extent, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>External Domains, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>extreme demand, <a class="indexterm" href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></dt></dl></div><div class="indexdiv"><h3>F</h3><dl><dt>fail, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>failed, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>failed join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>failure, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>familiar, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>fatal problem, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>fear, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>fears, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Fedora, <a class="indexterm" href="simple.html#id323158">Drafting Office</a></dt><dt>FHS, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>file and print server, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>file and print service, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>file caching, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt><dt>File Hierarchy System (see FHS)</dt><dt>file locations, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>file permissions, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>file server</dt><dd><dl><dt>read-only, <a class="indexterm" href="simple.html#id323219">Dissection and Discussion</a></dt></dl></dd><dt>file servers, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a></dt><dt>file system, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dd><dl><dt>access control, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>Ext3, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt><dt>permissions, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>file system security, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>filter, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>financial responsibility, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>firewall, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>fix, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>flaws, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>flexibility, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>flush</dt><dd><dl><dt>cache memory, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt></dl></dd><dt>folder redirection, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>force group, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>force user, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>forced settings, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>foreign, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>foreign SID, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>forwarded, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>foundation members, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Free Standards Group (see FSG)</dt><dt>free support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>front-end, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dd><dl><dt>server, <a class="indexterm" href="HA.html#id386240">Distribute Network Load with MSDFS</a></dt></dl></dd><dt>frustration, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>FSG, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>FTP</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></dd><dt>full control, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id381156">Using MS Windows Explorer (File Manager)</a></dt><dt>fully qualified, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>functional differences, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a></dt></dl></div><div class="indexdiv"><h3>G</h3><dl><dt>generation, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a></dt><dt>Gentoo, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>getent, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>getfacl, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>getgrnam, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>getpwnam, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>getpwnam(), <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>GID, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Goettingen, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>government, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>GPL, <a class="indexterm" href="secure.html#id335012">Comments Regarding Software Terms of Use</a></dt><dt>group account, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>group management, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>group mapping, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>group membership, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>group names, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>group policies, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a></dt><dt>Group Policy, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>Group Policy editor, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>Group Policy Objects, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>groupadd, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>groupdel, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>groupmem, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>groupmod, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>GSS-API, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>guest account, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a>, <a class="indexterm" href="primer.html#chap01conc">Dissection and Discussion</a>, <a class="indexterm" href="primer.html#id393223">Technical Issues</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>H</h3><dl><dt>hackers, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>hardware prices, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>hardware problems, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>Heimdal, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Heimdal Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>Heimdal kerberos, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>help, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>helper agent, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>hesiod, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>hierarchy of control, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>high availability, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>hire, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>HKEY_CURRENT_USER, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>HKEY_LOCAL_MACHINE, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>HKEY_LOCAL_USER, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>host announcement, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a>, <a class="indexterm" href="primer.html#id391782">Findings</a></dt><dt>hostname, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>hosts, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>HUB, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Hybrid, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>hypothetical, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt></dl></div><div class="indexdiv"><h3>I</h3><dl><dt>Idealx, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dd><dl><dt>smbldap-tools, <a class="indexterm" href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt></dl></dd><dt>identifiers, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>identity, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dd><dl><dt>management, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt></dl></dd><dt>identity management, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>Identity Management, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>Identity management, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></dt><dt>Identity resolution, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>Identity resolver, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>IDMAP, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>idmap backend, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>IDMAP backend, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>idmap gid, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>idmap uid, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>idmap_rid, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>IMAP, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>import, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>income, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>independent expert, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>inetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>inetOrgPerson, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>inheritance, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>initGrps.sh, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>initial credentials, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>inoperative, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>install, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>installation, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>integrate, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>integrity, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>inter-domain, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>inter-operability, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>interactive help, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>interdomain trusts, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>interfaces, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>intermittent, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>internationalization, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>Internet Explorer, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>Internet Information Server, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>interoperability, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>IP forwarding, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>IPC$, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>iptables, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>IRC, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>isolated, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Italian, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>J</h3><dl><dt>jobs, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>joining a domain, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></div><div class="indexdiv"><h3>K</h3><dl><dt>KDC, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dd><dl><dt>Heimdal, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>interoperability, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>libraries, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>MIT, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>unspecified fields, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt></dl></dd><dt>kerberos, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt></dl></dd><dt>Kerberos ticket, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>kinit, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>Kixtart, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>klist, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>krb5, <a class="indexterm" href="DomApps.html#id382530">Implementation</a></dt><dt>krb5.conf, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt></dl></div><div class="indexdiv"><h3>L</h3><dl><dt>LAM, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dd><dl><dt>configuration editor, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>configuration file, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>login screen, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>opening screen, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>profile, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>wizard, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt></dl></dd><dt>large domain, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>LDAP, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id343123">Preliminary Advice: Dangers Can Be Avoided</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id352846">Introduction</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="net2000users.html#id357027">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369064">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dd><dl><dt>backend, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>database, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>directory, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>initial configuration, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>master/slave</dt><dd><dl><dt>background communication, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt></dl></dd><dt>preload, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>schema, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>secure, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>updates, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt></dl></dd><dt>ldap, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>LDAP Account Manager (see LAM)</dt><dt>LDAP backend, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>LDAP database, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>LDAP Interchange Format (see LDIF)</dt><dt>LDAP server, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>LDAP-transfer-LDIF.txt, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>ldap.conf, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>ldapadd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>ldapsam, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id369064">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>ldapsam backend, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>ldapsearch, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>LDIF, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id388463">Initialization of the LDAP Database</a></dt><dt>leadership, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Lightweight Directory Access Protocol (see LDAP)</dt><dt>limit, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Linux desktop, <a class="indexterm" href="unixclients.html#id357946">Introduction</a></dt><dt>Linux Standards Base (see LSB)</dt><dt>LMB, <a class="indexterm" href="primer.html#id391158">Findings</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>LMHOSTS, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>load distribution, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>local accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Local Group Policy, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>Local Master Announcement, <a class="indexterm" href="primer.html#id391782">Findings</a></dt><dt>Local Master Browser (see LMB)</dt><dt>localhost, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>lock directory, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>locking</dt><dd><dl><dt>Application level, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Client side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Server side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>logging, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>login, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>loglevel, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>logon credentials, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>logon hours, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a></dt><dt>logon machines, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>logon path, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>logon process, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>logon scrip, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>logon script, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id350512">Preparation of Logon Scripts</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>logon server, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>logon services, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>logon time, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>logon traffic, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>logon.kix, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>loopback, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>low performance, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>lower-case, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a></dt><dt>lpadmin, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>LSB, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>M</h3><dl><dt>machine, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>machine account, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>machine accounts, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>machine secret password, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a></dt><dt>MACHINE.SID, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>mailing list, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>mailing lists, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>managed, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>management, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dd><dl><dt>group, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>User, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>mandatory profile, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a></dt><dt>Mandrake, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>mapped drives, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>mapping, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dd><dl><dt>consistent, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt></dl></dd><dt>Mars_NWE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>material, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>memberUID, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>memory requirements, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>merge, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>merged, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>meta-directory, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>meta-service, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Microsoft Access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft Excel, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft ISA, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dt>Microsoft Management Console (see MMC)</dt><dt>Microsoft Office, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>Microsoft Outlook</dt><dd><dl><dt>PST files, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt></dl></dd><dt>migrate, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>migration, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id368988">Introduction</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dd><dl><dt>objectives, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt></dl></dd><dt>Migration speed, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>mime type, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>mime types, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>missing RPC's, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>MIT, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>MIT Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>MIT kerberos, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>MIT KRB5, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>mixed mode, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>mixed-mode, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>MMC, <a class="indexterm" href="happy.html#id351724">Configure Delete Cached Profiles on Logout</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>mobile computing, <a class="indexterm" href="small.html#id327371">Dissection and Discussion</a></dt><dt>mobility, <a class="indexterm" href="net2000users.html#id353175">Technical Issues</a></dt><dt>modularization, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>modules, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>MS Access</dt><dd><dl><dt>validate, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt></dl></dd><dt>MS Outlook, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>PST file, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>MS Windows Server 2003, <a class="indexterm" href="DomApps.html#id382530">Implementation</a></dt><dt>MS Word, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>MSDFS, <a class="indexterm" href="HA.html#id386240">Distribute Network Load with MSDFS</a></dt><dt>multi-subnet, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>multi-user</dt><dd><dl><dt>access, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt><dt>data access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>multiple directories, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>multiple domain controllers, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>multiple group mappings, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>mutual assistance, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>My Documents, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>My Network Places, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>mysqlsam, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt></dl></div><div class="indexdiv"><h3>N</h3><dl><dt>name resolution, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dd><dl><dt>Defective, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>name resolve order, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>name service switch, <a class="indexterm" href="small.html#id327606">Implementation</a> (see NSS)</dt><dt>named, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>NAT, <a class="indexterm" href="secure.html#id330398">Technical Issues</a></dt><dt>native, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>net</dt><dd><dl><dt>ads</dt><dd><dl><dt>info, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>status, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>getlocalsid, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt><dt>groupmap</dt><dd><dl><dt>add, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>list, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>modify, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt></dl></dd><dt>rpc</dt><dd><dl><dt>info, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>join, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt><dt>vampire, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></dt></dl></dd><dt>setlocalsid, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>NetBIOS, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>name cache, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>name resolution</dt><dd><dl><dt>delays, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Node Type, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></dd><dt>netbios</dt><dd><dl><dt>machine name, <a class="indexterm" href="upgrades.html#id366964">Change of hostname</a></dt></dl></dd><dt>netbios forwarding, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>NetBIOS name, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dd><dl><dt>aliases, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt></dl></dd><dt>netbios name, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366964">Change of hostname</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>NETLOGON, <a class="indexterm" href="happy.html#id342906">Using a Network Default User Profile</a>, <a class="indexterm" href="happy.html#id350723">Windows Client Configuration</a></dt><dt>netlogon, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Netlogon, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>netmask, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt><dt>Netware, <a class="indexterm" href="small.html">Small Office Networking</a></dt><dt>NetWare, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>network</dt><dd><dl><dt>administrators, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>analyzer, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dt>bandwidth, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>broadcast, <a class="indexterm" href="primer.html#id390763">Introduction</a></dt><dt>captures, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>collisions, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>load, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>logon scripts, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>management, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>multi-segment, <a class="indexterm" href="happy.html#id341463">Introduction</a></dt><dt>overload, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>performance, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>routed, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>segment, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>sniffer, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>timeout, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>timeouts, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>trace, <a class="indexterm" href="primer.html#id390813">Assignment Tasks</a></dt><dt>traffic</dt><dd><dl><dt>observation, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>wide-area, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt></dl></dd><dt>Network Address Translation (see NAT)</dt><dt>network administrators, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>network attached storage (see NAS)</dt><dt>network bandwidth</dt><dd><dl><dt>utilization, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Network Default Profile, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>network hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>network hygiene, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>network Identities, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>network load factors, <a class="indexterm" href="Big500users.html#id336113">Dissection and Discussion</a></dt><dt>Network Neighborhood, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>network segment, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>network segments, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>network share, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>networking</dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>networking hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>networking protocols, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>next generation, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>NextFreeUnixId, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>NFS server, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>NICs, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>NIS, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>nis, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>NIS schema, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>NIS server, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>NIS+, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>nisplus, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>NLM, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>nmap, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>nmbd, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>nobody, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>Novell, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id373183">Introduction</a></dt><dt>Novell SUSE SLES 9, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>NSS, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a> (see same service switch)</dt><dt>nss_ldap, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>nt acl support, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt><dt>NT4 registry, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>NTLM, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>NTLM authentication daemon, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>NTLMSSP, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>NTLMSSP_AUTH, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>ntlm_auth, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>NTP, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>NTUSER.DAT, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id342818">Profile Changes</a>, <a class="indexterm" href="happy.html#id342906">Using a Network Default User Profile</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>NULL connection, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>NULL session, <a class="indexterm" href="primer.html#id392350">Findings and Comments</a></dt><dt>NULL-Session, <a class="indexterm" href="primer.html#id393094">Discussion</a></dt></dl></div><div class="indexdiv"><h3>O</h3><dl><dt>objectClass, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>off-site storage, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Open Magazine, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>Open Source, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>OpenLDAP, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id358646">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>openldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>OpenOffice, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>operating profiles, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>oplock break, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>oplocks, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>Oplocks</dt><dd><dl><dt>disabled, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt></dl></dd><dt>opportunistic</dt><dd><dl><dt>locking, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt></dl></dd><dt>opportunistic locking, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id390409">Act! Database Sharing</a></dt><dt>optimized, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>organizational units, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>OS/2, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>Outlook</dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt></dl></dd><dt>Outlook Address Book, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>Outlook Express, <a class="indexterm" href="secure.html#id330742">Political Issues</a>, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>over-ride, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>over-ride controls, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>over-rule, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id381156">Using MS Windows Explorer (File Manager)</a></dt><dt>overheads, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a></dt><dt>ownership, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt></dl></div><div class="indexdiv"><h3>P</h3><dl><dt>package, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt><dt>package names, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>packages, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>PADL, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a></dt><dt>PADL LDAP tools, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>PADL Software, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>paid-for support, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>PAM, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>pam_ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>pam_ldap.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>pam_unix2.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dd><dl><dt>use_ldap, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt></dl></dd><dt>parameters, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>passdb backend, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id369064">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>passdb.tdb, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>passwd, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a></dt><dt>password</dt><dd><dl><dt>backend, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>password caching, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>password change, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a></dt><dt>password length, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>payroll, <a class="indexterm" href="nw4migration.html#id373183">Introduction</a></dt><dt>pdbedit, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>PDC, <a class="indexterm" href="Big500users.html#id336038">Assignment Tasks</a>, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>PDC/BDC ratio, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>PDF, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>performance, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a>, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a>, <a class="indexterm" href="HA.html#id384815">Introduction</a>, <a class="indexterm" href="HA.html#id385720">Network Collisions</a></dt><dt>performance degradation, <a class="indexterm" href="kerberos.html#id380322">Override Controls</a>, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>Perl, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>permission, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>permissions, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>excessive, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>group, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>user, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt></dl></dd><dt>Permissions, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>permits, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>permitted group, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>PHP, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>PHP4, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>pile-driver, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>ping, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>pitfalls, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>plain-text, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>Pluggable Authentication Modules (see PAM)</dt><dt>policy, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>poor performance, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>POP3, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>Posix, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>POSIX, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Posix accounts, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Posix ACLs, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>PosixAccount, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>posixAccount, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Postfix, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Postscript, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>powers, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>practices, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>precaution, <a class="indexterm" href="upgrades.html#id366117">Introduction</a></dt><dt>presence and leadership, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>price paid, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>primary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>principals, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>print filter, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>print queue, <a class="indexterm" href="simple.html#id323803">Charity Administration Office</a>, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt><dt>print spooler, <a class="indexterm" href="simple.html#id323803">Charity Administration Office</a></dt><dt>Print Test Page, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>printcap name, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>printer validation, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>printers</dt><dd><dl><dt>Advanced, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Default Settings, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>General, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Properties, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Security, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>Sharing, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>printing, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dd><dl><dt>drag-and-drop, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#id351896">Uploading Printer Drivers to Samba Servers</a></dt><dt>dumb, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>point-n-click, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>raw, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt></dl></dd><dt>privacy, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>Privilege Attribute Certificates (see PAC)</dt><dt>privilege controls, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>privileged pipe, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>privileges, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id368384">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt><dt>problem report, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>problem resolution, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>product defects, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>professional support, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>profile</dt><dd><dl><dt>default, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a></dt><dt>mandatory, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>roaming, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>profile path, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>profile share, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>profiles, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>profiles share, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>programmer, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>project, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>project maintainers, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Properties, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>proprietary, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>protected, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>protection, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>protocol</dt><dd><dl><dt>negotiation, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>protocol analysis, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>protocols, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>provided services, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>proxy, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>PST file, <a class="indexterm" href="happy.html#id351441">Configuration of MS Outlook to Relocate PST File</a></dt><dt>public specifications, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>purchase support, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt></dl></div><div class="indexdiv"><h3>Q</h3><dl><dt>Qbasic, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>qualified problem, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt></dl></div><div class="indexdiv"><h3>R</h3><dl><dt>RAID, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>RAID controllers, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>Raw Print Through, <a class="indexterm" href="happy.html#id342960">Installation of Printer Driver Auto-Download</a></dt><dt>raw printing, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>Rbase, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>rcldap, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>realm, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id363637">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>recognize, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>record locking, <a class="indexterm" href="appendix.html#id390270">Microsoft Access</a></dt><dt>recursively, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Red Hat, <a class="indexterm" href="simple.html#id323158">Drafting Office</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>Red Hat Fedora Linux, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Red Hat Linux, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="simple.html#AccountingOffice">Accounting Office</a>, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>redirected folders, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>refereed standards, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>regedit, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>regedt32, <a class="indexterm" href="happy.html#id342818">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dd><dl><dt>keys</dt><dd><dl><dt>SAM, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>SECURITY, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt></dl></dd></dl></dd><dt>registry change, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Registry Editor, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry hacks, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>registry keys, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>reimburse, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>rejected, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>rejoin, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>reliability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt><dt>remote announce, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>remote browse sync, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>remote procedure call (see RPC)</dt><dt>replicate, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>replicated, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>requesting payment, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>resilient, <a class="indexterm" href="HA.html#id385344">Guidelines for Reliable Samba Operation</a></dt><dt>resolution, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>resolve, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="HA.html#id385379">Bad Hostnames</a></dt><dt>response, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a></dt><dt>responsibility, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>responsible, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>restrict anonymous, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>restricted export, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>Restrictive security, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>reverse DNS, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a></dt><dt>rfc2307bis, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a></dt><dt>RID, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>risk, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>road-map, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dd><dl><dt>published, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></dd><dt>roaming profile, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a>, <a class="indexterm" href="net2000users.html#id353212">User Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>roaming profiles, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="happy.html#id342548">Roaming Profile Background</a></dt><dt>routed network, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a></dt><dt>router, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>routers, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>RPC, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>rpc, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>rpcclient, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>RPM, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dd><dl><dt>install, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt></dl></dd><dt>rpm, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>RPMs, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>rpms, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>rsync, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>rsyncd.conf, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>run-time control files, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>S</h3><dl><dt>safe-guards, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>SAM, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>samba, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>starting samba, <a class="indexterm" href="simple.html#id323262">Implementation</a></dt></dl></dd><dt>Samba, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Samba accounts, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>samba cluster, <a class="indexterm" href="HA.html#id384815">Introduction</a></dt><dt>samba control script, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>Samba Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Samba Domain server, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>Samba RPM Packages, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>Samba Tea, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>sambaDomainName, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>sambaGroupMapping, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>SambaSAMAccount, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>SambaSamAccount, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>sambaSamAccount, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>SambaXP conference, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>SAN, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>SAS, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>scalability, <a class="indexterm" href="HA.html#id384815">Introduction</a></dt><dt>scalable, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>schannel, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>schema, <a class="indexterm" href="unixclients.html#id364188">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id368069">Samba-2.x with LDAP Support</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>scripts, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>secondary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>secret, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>secrets.tdb, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>secure account password, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>secure connections, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>secure networking, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>secure networking protocols, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>security, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dd><dl><dt>identifier, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>share mode, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a></dt><dt>user mode, <a class="indexterm" href="simple.html#id325807">Dissection and Discussion</a></dt></dl></dd><dt>Security, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380879">Using the MMC Computer Management Interface</a></dt><dt>Security Account Manager (see SAM)</dt><dt>security controls, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>security descriptors, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>security fixes, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>security updates, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>SerNet, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>server</dt><dd><dl><dt>domain member, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>stand-alone, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>service, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dd><dl><dt>smb</dt><dd><dl><dt>start, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a></dt></dl></dd></dl></dd><dt>Service Packs, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt><dt>services provided, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>session setup, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>Session Setup, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></dt><dt>SessionSetUpAndX, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>set primary group script, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>setfacl, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>severely degrade, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>SFU, <a class="indexterm" href="unixclients.html#id364460">IDMAP, Active Directory, and MS Services for UNIX 3.5</a></dt><dt>SGID, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>shadow-utils, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>Share Access Controls, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>share ACLs, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>share definition, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>Share Definition</dt><dd><dl><dt>Controls, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a></dt></dl></dd><dt>share definition controls, <a class="indexterm" href="kerberos.html#id379908">Share Definition Controls</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>share level access controls, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>share level ACL, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Share Permissions, <a class="indexterm" href="kerberos.html#id379573">Share Access Controls</a></dt><dt>shared resource, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>shares, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>SID, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363067">IDMAP_RID with Winbind</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367023">Change of Workgroup (Domain) Name</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id388463">Initialization of the LDAP Database</a></dt><dt>side effects, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>Sign'n'seal, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>silent return, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>simple, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>Single Sign-On (see SSO)</dt><dt>slapcat, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>slapd, <a class="indexterm" href="happy.html#id343291">Debugging LDAP</a></dt><dt>slapd.conf, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>slow logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>slow network, <a class="indexterm" href="HA.html#id386332">Hardware Problems</a></dt><dt>slurpd, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>smart printing, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>SMB, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>SMB passwords, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>SMB/CIFS, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>smbclient, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>smbd, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dd><dl><dt>location of files, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt></dl></dd><dt>smbfs, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbldap-groupadd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>smbldap-groupmod, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>smbldap-passwd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-populate, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-tools, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>smbldap-tools updating, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>smbldap-useradd, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt><dt>smbldap-usermod, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>smbmnt, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbmount, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbpasswd, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#id346546">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>smbumnt, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>smbumount, <a class="indexterm" href="HA.html#id384892">Dissection and Discussion</a></dt><dt>SMTP, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a></dt><dt>snap-shot, <a class="indexterm" href="ntmigration.html#id369115">Dissection and Discussion</a></dt><dt>socket address, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>socket options, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>software, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>solve, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>source code, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>SPNEGO, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>SQL, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>Squid, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id383905">Squid Configuration</a></dt><dt>squid, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>Squid proxy, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>SRVTOOLS.EXE, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="happy.html#id350283">Configuring Profile Directories</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>SSL, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>stand-alone server, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>starting CUPS, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting dhcpd, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting samba, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dd><dl><dt>nmbd, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>smbd, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>winbindd, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt></dl></dd><dt>startingCUPS, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>startup script, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>sticky bit, <a class="indexterm" href="small.html#id327606">Implementation</a></dt><dt>storage capacity, <a class="indexterm" href="secure.html#id330622">Hardware Requirements</a></dt><dt>strategic, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a></dt><dt>strategy, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>straw-man, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>strict sync, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>stripped, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>strong cryptography, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>subscription, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>SUID, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>Sun ONE Identity Server, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>super daemon, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>support, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a>, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>survey, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>SUSE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>SUSE Enterprise Linux Server, <a class="indexterm" href="simple.html#id323803">Charity Administration Office</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a></dt><dt>SUSE Linux, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id343908">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id382530">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>SWAT, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>sync always, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>synchronization, <a class="indexterm" href="DomApps.html#id382764">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id386195">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>synchronize, <a class="indexterm" href="net2000users.html#id353212">User Needs</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>synchronized, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>syslog, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>system level logins, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>system security, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>T</h3><dl><dt>tattooing, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>TCP/IP, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>tdbdump, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>tdbsam, <a class="indexterm" href="secure.html#id330398">Technical Issues</a>, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id341540">Assignment Tasks</a>, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id368310">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id369276">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>testparm, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="HA.html#id385810">Samba Configuration</a></dt><dt>ticket, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>time server, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>Tivoli Directory Server, <a class="indexterm" href="happy.html#id341668">Dissection and Discussion</a></dt><dt>TLS, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>token, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a></dt><dt>tool, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>TOSHARG2, <a class="indexterm" href="simple.html#id324064">Implementation</a></dt><dt>track record, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>traffic collisions, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>transaction processing, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>transactional, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>transfer, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>translate, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>traverse, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>tree, <a class="indexterm" href="nw4migration.html#id373359">Dissection and Discussion</a></dt><dt>Tree Connect, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></dt><dt>trust account, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>trusted computing, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Trusted Domains, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>trusted domains, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>trusted third-party, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>trusting, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>turn-around time, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>U</h3><dl><dt>UDP</dt><dd><dl><dt>broadcast, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt></dl></dd><dt>UID, <a class="indexterm" href="simple.html#id323894">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id341339">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id342070">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>un-join, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>unauthorized activities, <a class="indexterm" href="kerberos.html#id379276">Kerberos Exposed</a></dt><dt>UNC name, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>unencrypted, <a class="indexterm" href="appendix.html#id388919">The LDAP Account Manager</a></dt><dt>Unicast, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a></dt><dt>unicode, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>Universal Naming Convention (see UNC name)</dt><dt>UNIX, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a></dt></dl></dd><dt>UNIX accounts, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>UNIX/Linux server, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>unix2dos, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt><dt>unknown, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>unsupported software, <a class="indexterm" href="ch14.html#id386894">Commercial Support</a></dt><dt>update, <a class="indexterm" href="upgrades.html#id366117">Introduction</a>, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a></dt><dt>updates, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>updating smbldap-tools, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>upgrade, <a class="indexterm" href="upgrades.html#id366117">Introduction</a>, <a class="indexterm" href="upgrades.html#id366200">Cautions and Notes</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>uppercase, <a class="indexterm" href="ntmigration.html#id369600">Implementation</a></dt><dt>user</dt><dd><dl><dt>management, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>user account, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>User and Group Controls, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>user credentials, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></dt><dt>user errors, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>user groups, <a class="indexterm" href="ch14.html#id386696">Free Support</a></dt><dt>user identities, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>user logins, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>user management, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>User Manager, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>User Mode, <a class="indexterm" href="secure.html#id330776">Implementation</a>, <a class="indexterm" href="primer.html#id392130">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>useradd, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337579">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>userdel, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>usermod, <a class="indexterm" href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></dt><dt>username, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>username map, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#id331530">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id337052">Server Preparation: All Servers</a></dt><dt>UTF-8, <a class="indexterm" href="upgrades.html#id367266">International Language Support</a></dt><dt>utilities, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>V</h3><dl><dt>valid users, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>validate, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>validated, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>validation, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>vampire, <a class="indexterm" href="ntmigration.html#id372297">Questions and Answers</a></dt><dt>vendor, <a class="indexterm" href="kerberos.html#id377723">Dissection and Discussion</a></dt><dt>vendors, <a class="indexterm" href="upgrades.html#id368184">Updating a Samba-3 Installation</a></dt><dt>VFS modules, <a class="indexterm" href="appendix.html#id387559">Samba System File Location</a></dt><dt>virus, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>VPN, <a class="indexterm" href="net2000users.html#id352871">Assignment Tasks</a></dt><dt>vulnerabilities, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt></dl></div><div class="indexdiv"><h3>W</h3><dl><dt>wbinfo, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a></dt><dt>weakness, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a></dt><dt>web</dt><dd><dl><dt>caching, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt><dt>proxying, <a class="indexterm" href="DomApps.html#id382248">Assignment Tasks</a></dt></dl></dd><dt>Web</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dd><dl><dt>access, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt></dl></dd></dl></dd><dt>Web browsers, <a class="indexterm" href="DomApps.html#id384281">Key Points Learned</a></dt><dt>WebClient, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>WHATSNEW.txt, <a class="indexterm" href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></dt><dt>white-pages, <a class="indexterm" href="nw4migration.html#id373431">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>wide-area, <a class="indexterm" href="net2000users.html#id353212">User Needs</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357027">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>wide-area network, <a class="indexterm" href="HA.html#id386110">Use and Location of BDCs</a>, <a class="indexterm" href="HA.html#id386291">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>winbind, <a class="indexterm" href="net2000users.html#id354011">Implementation</a>, <a class="indexterm" href="unixclients.html#id358022">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377126">Introduction</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382367">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id383649">NSS Configuration</a></dt><dt>Winbind, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id378089">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id381514">Key Points Learned</a></dt><dt>winbind trusted domains only, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>winbind use default domain, <a class="indexterm" href="kerberos.html#id380037">Checkpoint Controls</a></dt><dt>winbindd, <a class="indexterm" href="small.html#id329058">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id368384">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id383127">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387952">Starting Samba</a></dt><dt>winbindd_cache.tdb, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>winbindd_idmap.tdb, <a class="indexterm" href="unixclients.html#id358046">Technical Issues</a></dt><dt>Windows, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt><dt>NT, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a></dt></dl></dd><dt>Windows 2000 ACLs, <a class="indexterm" href="kerberos.html#id380830">Managing Windows 200x ACLs</a></dt><dt>Windows 2003 Serve, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Windows 200x ACLs, <a class="indexterm" href="kerberos.html#id381636">Questions and Answers</a></dt><dt>Windows accounts, <a class="indexterm" href="happy.html#id342070">Technical Issues</a></dt><dt>Windows ACLs, <a class="indexterm" href="kerberos.html#id381318">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Windows Address Book, <a class="indexterm" href="nw4migration.html#id373667">LDAP Server Configuration</a></dt><dt>Windows ADS Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>Windows clients, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>Windows Explorer, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>Windows explorer, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>Windows security identifier (see SID)</dt><dt>Windows Servers, <a class="indexterm" href="kerberos.html#id377126">Introduction</a></dt><dt>Windows Services for UNIX (see SUS)</dt><dt>Windows XP, <a class="indexterm" href="small.html#id327326">Assignment Tasks</a></dt><dt>WINS, <a class="indexterm" href="simple.html#id324064">Implementation</a>, <a class="indexterm" href="small.html#id327416">Technical Issues</a>, <a class="indexterm" href="small.html#id327606">Implementation</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#id336141">Technical Issues</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id353288">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>lookup, <a class="indexterm" href="unixclients.html#id365047">Questions and Answers</a></dt><dt>name resolution, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt><dt>server, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="HA.html#id385556">Routed Networks</a></dt></dl></dd><dt>WINS server, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="net2000users.html#id357166">Questions and Answers</a></dt><dt>WINS serving, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>wins support, <a class="indexterm" href="secure.html#id330776">Implementation</a></dt><dt>wins.dat, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id368475">Replacing a Domain Member Server</a></dt><dt>Wireshark, <a class="indexterm" href="primer.html#id390627">Requirements and Notes</a></dt><dt>wireshark, <a class="indexterm" href="primer.html#id390920">Exercises</a></dt><dt>Word, <a class="indexterm" href="kerberos.html#id380465">Share Point Directory and File Permissions</a></dt><dt>workgroup, <a class="indexterm" href="simple.html#id323262">Implementation</a>, <a class="indexterm" href="upgrades.html#id366291">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367023">Change of Workgroup (Domain) Name</a></dt><dt>Workgroup Announcement, <a class="indexterm" href="primer.html#id391782">Findings</a></dt><dt>workstation, <a class="indexterm" href="unixclients.html#id358731">Implementation</a></dt><dt>wrapper, <a class="indexterm" href="DomApps.html#id384336">Questions and Answers</a></dt><dt>write lock, <a class="indexterm" href="appendix.html#id390484">Opportunistic Locking Controls</a></dt></dl></div><div class="indexdiv"><h3>X</h3><dl><dt>xinetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>XML, <a class="indexterm" href="net2000users.html#id352928">Dissection and Discussion</a></dt><dt>xmlsam, <a class="indexterm" href="net2000users.html#id354011">Implementation</a></dt></dl></div><div class="indexdiv"><h3>Y</h3><dl><dt>YaST, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>Yellow Pages, <a class="indexterm" href="net2000users.html#id353585">Identity Management Needs</a></dt><dt>yellow pages (see NIS)</dt></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Glossary </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>
	1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Index</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="go01.html" title="Glossary"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Index</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> </td></tr></table><hr></div><div class="index" title="Index"><div class="titlepage"><div><div><h2 class="title"><a name="id393859"></a>Index</h2></div></div></div><div class="index"><div class="indexdiv"><h3>Symbols</h3><dl><dt>%LOGONSERVER%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>%USERNAME%, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id341344">Profile Changes</a></dt><dt>%USERPROFILE%, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>/data/ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>/etc/cups/mime.convs, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/cups/mime.types, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>/etc/dhcpd.conf, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>/etc/exports, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>/etc/group, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/hosts, <a class="indexterm" href="simple.html#id321762">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>/etc/krb5.conf, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>/etc/ldap.conf, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id362716">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>/etc/mime.convs, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/mime.types, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>/etc/named.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>/etc/nsswitch.conf, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id362716">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>/etc/openldap/slapd.conf, <a class="indexterm" href="happy.html#id341816">Debugging LDAP</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>/etc/passwd, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a></dt><dt>/etc/rc.d/boot.local, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt><dt>/etc/rc.d/rc.local, <a class="indexterm" href="small.html#id326106">Implementation</a></dt><dt>/etc/resolv.conf, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a></dt><dt>/etc/samba, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/etc/samba/secrets.tdb, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>/etc/samba/smbusers, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a></dt><dt>/etc/shadow, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a></dt><dt>/etc/squid/squid.conf, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>/etc/syslog.conf, <a class="indexterm" href="happy.html#id341816">Debugging LDAP</a></dt><dt>/etc/xinetd.d, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>/lib/libnss_ldap.so.2, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>/opt/IDEALX/sbin, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>/proc/sys/net/ipv4/ip_forward, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>/usr/bin, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/lib/samba, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/local, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/local/samba, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/local/samba/var/locks, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/usr/sbin, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/share, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/share/samba/swat, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/usr/share/swat, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/var/cache/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>/var/lib/samba, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>/var/log/ldaplogs, <a class="indexterm" href="happy.html#id341816">Debugging LDAP</a></dt><dt>/var/log/samba, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>8-bit, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt></dl></div><div class="indexdiv"><h3></h3><dl><dt>, <a class="indexterm" href="simple.html#id321762">Implementation</a>, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="Big500users.html#id334866">Implementation</a>, <a class="indexterm" href="happy.html#sbehap-ppc">Addition of Machines to the Domain</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="unixclients.html#id362716">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id382178">NSS Configuration</a></dt><dd><dl><dt>Domain account, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>liability, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>logon, <a class="indexterm" href="simple.html#id322563">Implementation</a></dt><dt>problem, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>transparent inter-operability, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>A</h3><dl><dt>abmas-netfw.sh, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>accept, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>accepts liability, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>access, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>access control, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a>, <a class="indexterm" href="kerberos.html#id379406">Using the MMC Computer Management Interface</a></dt><dt>Access Control Lists (see ACLs)</dt><dt>access control settings, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>access controls, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>accessible, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>account, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dd><dl><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></dd><dt>account credentials, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a></dt><dt>account information, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>account names, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>account policies, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>accountable, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>accounts</dt><dd><dl><dt>authoritative, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>Domain, <a class="indexterm" href="ntmigration.html#id367517">Introduction</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id367517">Introduction</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>machine, <a class="indexterm" href="ntmigration.html#id367517">Introduction</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>manage, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>user, <a class="indexterm" href="ntmigration.html#id367517">Introduction</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt></dl></dd><dt>ACL, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>ACLs, <a class="indexterm" href="happy.html#id350946">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>acquisitions, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Act!, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>ACT! database, <a class="indexterm" href="appendix.html#id388933">Act! Database Sharing</a></dt><dt>Act!Diag, <a class="indexterm" href="appendix.html#id388933">Act! Database Sharing</a></dt><dt>Active Directory, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id356518">Assignment Tasks</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>authentication, <a class="indexterm" href="DomApps.html#id382434">Squid Configuration</a></dt><dt>domain, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>management tools, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>realm, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>Replacement, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>Server, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>tree, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt></dl></dd><dt>active directory, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>AD printer publishing, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>ADAM, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a></dt><dt>add group script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add machine script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>Add Printer Wizard</dt><dd><dl><dt>APW, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>add user script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>add user to group script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>adduser, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt><dt>adequate precautions, <a class="indexterm" href="upgrades.html#id364642">Introduction</a></dt><dt>administrative installation, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>administrative rights, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>administrator, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a></dt><dt>ADMT, <a class="indexterm" href="upgrades.html#id367371">Migration of Samba Accounts to Active Directory</a></dt><dt>ADS, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></dd><dt>ADS Domain, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>affordability, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>alarm, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>algorithm, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>allow trusted domains, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>alternative, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>analysis, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>anonymous connection, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>Apache Web server, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>appliance mode, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>application server, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>application servers, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>application/octet-stream, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>APW, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>arp, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>assessment, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>assistance, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>assumptions, <a class="indexterm" href="HA.html#id385073">Key Points Learned</a></dt><dt>authconfig, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>authenticate, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>authenticated, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a></dt><dt>authenticated connection, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>authentication, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382178">NSS Configuration</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dd><dl><dt>plain-text, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt></dl></dd><dt>authentication process, <a class="indexterm" href="unixclients.html#id357255">Implementation</a></dt><dt>authentication protocols, <a class="indexterm" href="DomApps.html#id382809">Key Points Learned</a></dt><dt>authoritative, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>authorized location, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>auto-generated SID, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>automatically allocate, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>availability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt></dl></div><div class="indexdiv"><h3>B</h3><dl><dt>backends, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>background communication, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>Backup, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Backup Domain Controller (see BDC)</dt><dt>bandwidth, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a></dt><dd><dl><dt>requirements, <a class="indexterm" href="net2000users.html#id351735">User Needs</a></dt></dl></dd><dt>bandwidth calculations, <a class="indexterm" href="secure.html#id329122">Hardware Requirements</a></dt><dt>BDC, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id342434">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id355551">Key Points Learned</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a></dt><dt>benefit, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>best practices, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>bias, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>binary database, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>binary files, <a class="indexterm" href="upgrades.html#id366712">Updating a Samba-3 Installation</a></dt><dt>binary package, <a class="indexterm" href="upgrades.html#id366712">Updating a Samba-3 Installation</a></dt><dt>bind interfaces only, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>broadcast, <a class="indexterm" href="HA.html#id384083">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>directed, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>mailslot, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>broadcast messages, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>broadcast storms, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>broken, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>broken behavior, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>browse, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>browse master, <a class="indexterm" href="primer.html#id389683">Findings</a></dt><dt>Browse Master, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browse.dat, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a></dt><dt>Browser Election Service, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>browsing, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a>, <a class="indexterm" href="primer.html#id389338">Assignment Tasks</a></dt><dt>budgetted, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>bug fixes, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>bug report, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt></dl></div><div class="indexdiv"><h3>C</h3><dl><dt>cache, <a class="indexterm" href="appendix.html#id389009">Opportunistic Locking Controls</a></dt><dt>cache directories, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>caching, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>case-sensitive, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>centralized storage, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>character set, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt><dt>check samba daemons, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>check-point, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>check-point controls, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>Checkpoint Controls, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>chgrp, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>chkconfig, <a class="indexterm" href="simple.html#id321762">Implementation</a>, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>chmod, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>choice, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>chown, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>CIFS, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="primer.html#id389683">Findings</a></dt><dt>cifsfs, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>clean database, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>clients per DC, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Clock skew, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>cluster, <a class="indexterm" href="HA.html#id383342">Introduction</a></dt><dt>clustering, <a class="indexterm" href="HA.html#id383342">Introduction</a>, <a class="indexterm" href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>code maintainer, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>codepage, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt><dt>collision rates, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>commercial, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>commercial software, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>commercial support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id385420">Commercial Support</a></dt><dt>Common Internet File System (see CIFS)</dt><dt>comparison</dt><dd><dl><dt>Active Directory & OpenLDAP, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt></dl></dd><dt>compat, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>compatible, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>compile-time, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>complexities, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>compromise, <a class="indexterm" href="happy.html#id339991">Introduction</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>computer account, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>Computer Management, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>computer name, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>condemns, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>conferences, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>configuration files, <a class="indexterm" href="upgrades.html#id364642">Introduction</a></dt><dt>configure.pl, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>connection, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>connectivity, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>consequential risk, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>consultant, <a class="indexterm" href="simple.html#id321657">Drafting Office</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>consumer, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>consumer expects, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>contiguous directory, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>contributions, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>control files, <a class="indexterm" href="upgrades.html#id366712">Updating a Samba-3 Installation</a></dt><dt>convmv, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt><dt>copy, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>corrective action, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>cost, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>cost-benefit, <a class="indexterm" href="nw4migration.html#id371809">Assignment Tasks</a></dt><dt>country of origin, <a class="indexterm" href="ch14.html#id385420">Commercial Support</a></dt><dt>Courier-IMAP, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>credential, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>credentials, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>crippled, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>criticism, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Critics, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>Cryptographic, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>CUPS, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="small.html#id325916">Technical Issues</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="small.html#id328152">Key Points Learned</a>, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dd><dl><dt>queue, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt></dl></dd><dt>cupsd, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a></dt><dt>customer expected, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>customers, <a class="indexterm" href="ch14.html">Samba Support</a></dt></dl></div><div class="indexdiv"><h3>D</h3><dl><dt>daemon, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>daemon control, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>data</dt><dd><dl><dt>corruption, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>integrity, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt></dl></dd><dt>data corruption, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a>, <a class="indexterm" href="appendix.html#id388933">Act! Database Sharing</a></dt><dt>data integrity, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a>, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>data storage, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>database, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a></dt><dt>database applications, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>DB_CONFIG, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>DCE, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>DDNS (see dynamic DNS)</dt><dt>Debian, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>default installation, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>default password, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>default profile, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt><dt>Default User, <a class="indexterm" href="happy.html#id341344">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>defective</dt><dd><dl><dt>cables, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>HUBs, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>switches, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt></dl></dd><dt>defects, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>defensible standards, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>defragmentation, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a></dt><dt>delete group script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delete user from group script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>delimiter, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>dependability, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>deployment, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>desired security setting, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>development, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>DHCP, <a class="indexterm" href="small.html#id325916">Technical Issues</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="small.html#id328152">Key Points Learned</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dd><dl><dt>client, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>relay, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a></dt><dt>Relay Agent, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>request, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>requests, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a></dt><dt>servers, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>traffic, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt></dl></dd><dt>dhcp client validation, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>DHCP Server, <a class="indexterm" href="small.html#id326106">Implementation</a></dt><dt>DHCP server, <a class="indexterm" href="secure.html#id328897">Technical Issues</a></dt><dt>diagnostic, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a></dt><dt>diffusion, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>digital rights, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>digital sign'n'seal, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>digits, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>diligence, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>directory, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id357171">Political Issues</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dd><dl><dt>Computers container, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>management, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>People container, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>replication, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>schema, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>server, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt><dt>synchronization, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt></dl></dd><dt>directory tree, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>disable, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>disaster recovery, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>disk image, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a></dt><dt>disruptive, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>distributed, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="HA.html#id384766">Distribute Network Load with MSDFS</a></dt><dt>distributed domain, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>DMB, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>DMS, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a></dt><dt>DNS, <a class="indexterm" href="small.html#id325916">Technical Issues</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id384083">Routed Networks</a>, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dd><dl><dt>configuration, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>Dynamic, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>dynamic, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>lookup, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>name lookup, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>SRV records, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>suffix, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></dd><dt>DNS server, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></dt><dt>document the settings, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>documentation, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>documented, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>Domain, <a class="indexterm" href="small.html#id325916">Technical Issues</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id325916">Technical Issues</a></dt></dl></dd><dt>domain</dt><dd><dl><dt>Active Directory, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>controller, <a class="indexterm" href="upgrades.html#id367193">Replacing a Domain Controller</a></dt><dt>joining, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>trusted, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt></dl></dd><dt>Domain accounts, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>Domain Administrator, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>Domain Controller, <a class="indexterm" href="small.html#id328152">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id357255">Implementation</a>, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a></dt><dd><dl><dt>closest, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>domain controller, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>domain controllers, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>Domain Controllers, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>Domain Groups</dt><dd><dl><dt>well-known, <a class="indexterm" href="appendix.html#id386988">Initialization of the LDAP Database</a></dt></dl></dd><dt>Domain join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>domain master, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></dt><dt>Domain Master Browser (see DMB)</dt><dt>Domain Member, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a></dt><dd><dl><dt>authoritative</dt><dd><dl><dt>local accounts, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt></dl></dd><dt>client, <a class="indexterm" href="unixclients.html#id357255">Implementation</a></dt><dt>desktop, <a class="indexterm" href="unixclients.html#id356470">Introduction</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id356470">Introduction</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id357255">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>servers, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>workstations, <a class="indexterm" href="unixclients.html#id357255">Implementation</a></dt></dl></dd><dt>domain member</dt><dd><dl><dt>servers, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt></dl></dd><dt>Domain Member server, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>Domain Member servers, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>domain members, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>domain name space, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>domain replication, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>domain SID, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>Domain SID, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>domain tree, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>Domain User Manager, <a class="indexterm" href="happy.html#id348809">Configuring Profile Directories</a></dt><dt>Domain users, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>DOS, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>dos2unix, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt><dt>down-grade, <a class="indexterm" href="upgrades.html#id364642">Introduction</a></dt><dt>drive letters, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>drive mapping, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>dumb printing, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a></dt><dt>dump, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>duplicate accounts, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>dynamic DNS, <a class="indexterm" href="secure.html#id328897">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>E</h3><dl><dt>e-Directory, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a></dt><dt>Easy Software Products, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a></dt><dt>economically sustainable, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>eDirectory, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>education, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>election, <a class="indexterm" href="primer.html#id389683">Findings</a></dt><dt>employment, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>enable, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a></dt><dt>encrypted, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a></dt><dt>encrypted password, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>encrypted passwords, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>End User License Agreement (see EULA)</dt><dt>enumerating, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>essential, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>ethereal, <a class="indexterm" href="primer.html#id389445">Exercises</a></dt><dt>Ethernet switch, <a class="indexterm" href="small.html#id325916">Technical Issues</a></dt><dt>ethernet switch, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>EULA, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>Everyone, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>Excel, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>exclusive open, <a class="indexterm" href="appendix.html#id388795">Microsoft Access</a></dt><dt>experiment, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>export, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>extent, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>External Domains, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>extreme demand, <a class="indexterm" href="HA.html#id383870">Guidelines for Reliable Samba Operation</a></dt></dl></div><div class="indexdiv"><h3>F</h3><dl><dt>fail, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>failed, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>failed join, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>failure, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>familiar, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>fatal problem, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>fear, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>fears, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>Fedora, <a class="indexterm" href="simple.html#id321657">Drafting Office</a></dt><dt>FHS, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>file and print server, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>file and print service, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>file caching, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id389009">Opportunistic Locking Controls</a></dt><dt>File Hierarchy System (see FHS)</dt><dt>file locations, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>file permissions, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>file server</dt><dd><dl><dt>read-only, <a class="indexterm" href="simple.html#id321719">Dissection and Discussion</a></dt></dl></dd><dt>file servers, <a class="indexterm" href="happy.html#id342434">Samba Server Implementation</a></dt><dt>file system, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dd><dl><dt>access control, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a></dt><dt>Ext3, <a class="indexterm" href="simple.html#id321762">Implementation</a></dt><dt>permissions, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>file system security, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>filter, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>financial responsibility, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>firewall, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>fix, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>flaws, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>flexibility, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>flush</dt><dd><dl><dt>cache memory, <a class="indexterm" href="appendix.html#id389009">Opportunistic Locking Controls</a></dt></dl></dd><dt>folder redirection, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>force group, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>force user, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>forced settings, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a></dt><dt>foreign, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>foreign SID, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>forwarded, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>foundation members, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>Free Standards Group (see FSG)</dt><dt>free support, <a class="indexterm" href="ch14.html">Samba Support</a>, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>front-end, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dd><dl><dt>server, <a class="indexterm" href="HA.html#id384766">Distribute Network Load with MSDFS</a></dt></dl></dd><dt>frustration, <a class="indexterm" href="upgrades.html#id364642">Introduction</a></dt><dt>FSG, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>FTP</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt></dl></dd><dt>full control, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id379683">Using MS Windows Explorer (File Manager)</a></dt><dt>fully qualified, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>functional differences, <a class="indexterm" href="upgrades.html#id364726">Cautions and Notes</a></dt></dl></div><div class="indexdiv"><h3>G</h3><dl><dt>generation, <a class="indexterm" href="upgrades.html#id364726">Cautions and Notes</a></dt><dt>Gentoo, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>getent, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>getfacl, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>getgrnam, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>getpwnam, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>getpwnam(), <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>GID, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>Goettingen, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>government, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>GPL, <a class="indexterm" href="secure.html#id333541">Comments Regarding Software Terms of Use</a></dt><dt>group account, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>group management, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>group mapping, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>group membership, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>group names, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>group policies, <a class="indexterm" href="ntmigration.html#id367517">Introduction</a></dt><dt>Group Policy, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>Group Policy editor, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>Group Policy Objects, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a></dt><dt>groupadd, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>groupdel, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>groupmem, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>groupmod, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>GSS-API, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>guest account, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a>, <a class="indexterm" href="primer.html#chap01conc">Dissection and Discussion</a>, <a class="indexterm" href="primer.html#id391746">Technical Issues</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>H</h3><dl><dt>hackers, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>hardware prices, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>hardware problems, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>Heimdal, <a class="indexterm" href="DomApps.html#id381058">Implementation</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>Heimdal Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>Heimdal kerberos, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a></dt><dt>help, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>helper agent, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>hesiod, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>hierarchy of control, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>high availability, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>hire, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>HKEY_CURRENT_USER, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a></dt><dt>HKEY_LOCAL_MACHINE, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>HKEY_LOCAL_USER, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>host announcement, <a class="indexterm" href="primer.html#id389338">Assignment Tasks</a>, <a class="indexterm" href="primer.html#id390308">Findings</a></dt><dt>hostname, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>hosts, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>HUB, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>Hybrid, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>hypothetical, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt></dl></div><div class="indexdiv"><h3>I</h3><dl><dt>Idealx, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dd><dl><dt>smbldap-tools, <a class="indexterm" href="happy.html#sbeidealx">Install and Configure Idealx smbldap-tools Scripts</a>, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt></dl></dd><dt>identifiers, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>identity, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dd><dl><dt>management, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt></dl></dd><dt>identity management, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#id357171">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a></dt><dt>Identity Management, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>Identity management, <a class="indexterm" href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a></dt><dt>Identity resolution, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>Identity resolver, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>IDMAP, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>idmap backend, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>IDMAP backend, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>idmap gid, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>idmap uid, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>idmap_rid, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>IMAP, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a></dt><dt>import, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>income, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>independent expert, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>inetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>inetOrgPerson, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a></dt><dt>inheritance, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>initGrps.sh, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt><dt>initial credentials, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>inoperative, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>install, <a class="indexterm" href="upgrades.html">Updating Samba-3</a></dt><dt>installation, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>integrate, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>integrity, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>inter-domain, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>inter-operability, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>interactive help, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>interdomain trusts, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>interfaces, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>intermittent, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>internationalization, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt><dt>Internet Explorer, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>Internet Information Server, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>interoperability, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>IP forwarding, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt><dt>IPC$, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a></dt><dt>iptables, <a class="indexterm" href="secure.html#id328897">Technical Issues</a></dt><dt>IRC, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>isolated, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Italian, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>J</h3><dl><dt>jobs, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>joining a domain, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt></dl></div><div class="indexdiv"><h3>K</h3><dl><dt>KDC, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id381058">Implementation</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dd><dl><dt>Heimdal, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>interoperability, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>libraries, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>MIT, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>unspecified fields, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt></dl></dd><dt>kerberos, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dd><dl><dt>server, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt></dl></dd><dt>Kerberos ticket, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>kinit, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>Kixtart, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>klist, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>krb5, <a class="indexterm" href="DomApps.html#id381058">Implementation</a></dt><dt>krb5.conf, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt></dl></div><div class="indexdiv"><h3>L</h3><dl><dt>LAM, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dd><dl><dt>configuration editor, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>configuration file, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>login screen, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>opening screen, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>profile, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>wizard, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt></dl></dd><dt>large domain, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>LDAP, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a>, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a>, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#id341649">Preliminary Advice: Dangers Can Be Avoided</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id351371">Introduction</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="net2000users.html#id355551">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id367593">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dd><dl><dt>backend, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>database, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>directory, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>fail-over, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>initial configuration, <a class="indexterm" href="appendix.html#altldapcfg">Alternative LDAP Database Initialization</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>master/slave</dt><dd><dl><dt>background communication, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt></dl></dd><dt>preload, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>schema, <a class="indexterm" href="upgrades.html#id366838">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>secure, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt><dt>server, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>updates, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt></dl></dd><dt>ldap, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>LDAP Account Manager (see LAM)</dt><dt>LDAP backend, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>LDAP database, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>LDAP Interchange Format (see LDIF)</dt><dt>LDAP server, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>LDAP-transfer-LDIF.txt, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>ldap.conf, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>ldapadd, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>ldapsam, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="upgrades.html#id366838">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id367593">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>ldapsam backend, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>ldapsearch, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>LDIF, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id386988">Initialization of the LDAP Database</a></dt><dt>leadership, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>Lightweight Directory Access Protocol (see LDAP)</dt><dt>limit, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>Linux desktop, <a class="indexterm" href="unixclients.html#id356470">Introduction</a></dt><dt>Linux Standards Base (see LSB)</dt><dt>LMB, <a class="indexterm" href="primer.html#id389683">Findings</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dt>LMHOSTS, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>load distribution, <a class="indexterm" href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>local accounts, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>Local Group Policy, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a></dt><dt>Local Master Announcement, <a class="indexterm" href="primer.html#id390308">Findings</a></dt><dt>Local Master Browser (see LMB)</dt><dt>localhost, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>lock directory, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>locking</dt><dd><dl><dt>Application level, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Client side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Server side, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>logging, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>login, <a class="indexterm" href="secure.html#id328897">Technical Issues</a></dt><dt>loglevel, <a class="indexterm" href="happy.html#id341816">Debugging LDAP</a></dt><dt>logon credentials, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>logon hours, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a></dt><dt>logon machines, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>logon path, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>logon process, <a class="indexterm" href="unixclients.html#id357255">Implementation</a></dt><dt>logon scrip, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a></dt><dt>logon script, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#id349037">Preparation of Logon Scripts</a>, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>logon server, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>logon services, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>logon time, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a></dt><dt>logon traffic, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>logon.kix, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>loopback, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>low performance, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>lower-case, <a class="indexterm" href="ntmigration.html#id368129">Implementation</a></dt><dt>lpadmin, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>LSB, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>M</h3><dl><dt>machine, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>machine account, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>machine accounts, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>machine secret password, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a></dt><dt>MACHINE.SID, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>mailing list, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>mailing lists, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>managed, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>management, <a class="indexterm" href="unixclients.html#id357171">Political Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dd><dl><dt>group, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>User, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></dd><dt>mandatory profile, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#id348809">Configuring Profile Directories</a></dt><dt>Mandrake, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>mapped drives, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>mapping, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dd><dl><dt>consistent, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt></dl></dd><dt>Mars_NWE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>master, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a></dt><dt>material, <a class="indexterm" href="appendix.html">A Collection of Useful Tidbits</a></dt><dt>memberUID, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>memory requirements, <a class="indexterm" href="secure.html#id329122">Hardware Requirements</a></dt><dt>merge, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>merged, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>meta-directory, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>meta-service, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>Microsoft Access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft Excel, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt><dt>Microsoft ISA, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a></dt><dt>Microsoft Management Console (see MMC)</dt><dt>Microsoft Office, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>Microsoft Outlook</dt><dd><dl><dt>PST files, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt></dl></dd><dt>migrate, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>migration, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id367517">Introduction</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dd><dl><dt>objectives, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt></dl></dd><dt>Migration speed, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>mime type, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>mime types, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>missing RPC's, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>MIT, <a class="indexterm" href="DomApps.html#id381058">Implementation</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>MIT Kerberos, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>MIT kerberos, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a></dt><dt>MIT KRB5, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>mixed mode, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>mixed-mode, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>MMC, <a class="indexterm" href="happy.html#id350249">Configure Delete Cached Profiles on Logout</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>mobile computing, <a class="indexterm" href="small.html#id325871">Dissection and Discussion</a></dt><dt>mobility, <a class="indexterm" href="net2000users.html#id351698">Technical Issues</a></dt><dt>modularization, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>modules, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>MS Access</dt><dd><dl><dt>validate, <a class="indexterm" href="appendix.html#id388795">Microsoft Access</a></dt></dl></dd><dt>MS Outlook, <a class="indexterm" href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></dt><dt>PST file, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>MS Windows Server 2003, <a class="indexterm" href="DomApps.html#id381058">Implementation</a></dt><dt>MS Word, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>MSDFS, <a class="indexterm" href="HA.html#id384766">Distribute Network Load with MSDFS</a></dt><dt>multi-subnet, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>multi-user</dt><dd><dl><dt>access, <a class="indexterm" href="appendix.html#id388795">Microsoft Access</a></dt><dt>data access, <a class="indexterm" href="appendix.html#ch12dblck">Shared Data Integrity</a></dt></dl></dd><dt>multiple directories, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>multiple domain controllers, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>multiple group mappings, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>mutual assistance, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>My Documents, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a></dt><dt>My Network Places, <a class="indexterm" href="simple.html#id322563">Implementation</a></dt><dt>mysqlsam, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt></dl></div><div class="indexdiv"><h3>N</h3><dl><dt>name resolution, <a class="indexterm" href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="primer.html#id389338">Assignment Tasks</a></dt><dd><dl><dt>Defective, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>name resolve order, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>name service switch, <a class="indexterm" href="small.html#id326106">Implementation</a> (see NSS)</dt><dt>named, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a></dt><dt>NAT, <a class="indexterm" href="secure.html#id328897">Technical Issues</a></dt><dt>native, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>net</dt><dd><dl><dt>ads</dt><dd><dl><dt>info, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>join, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>status, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt></dl></dd><dt>getlocalsid, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>group, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></dt><dt>groupmap</dt><dd><dl><dt>add, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a></dt><dt>list, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>modify, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a></dt></dl></dd><dt>rpc</dt><dd><dl><dt>info, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>join, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></dt><dt>vampire, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></dt></dl></dd><dt>setlocalsid, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt></dl></dd><dt>NetBIOS, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a>, <a class="indexterm" href="HA.html#id384083">Routed Networks</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>name cache, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>name resolution</dt><dd><dl><dt>delays, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Node Type, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt></dl></dd><dt>netbios</dt><dd><dl><dt>machine name, <a class="indexterm" href="upgrades.html#id365491">Change of hostname</a></dt></dl></dd><dt>netbios forwarding, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>NetBIOS name, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dd><dl><dt>aliases, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt></dl></dd><dt>netbios name, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id365491">Change of hostname</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>NETLOGON, <a class="indexterm" href="happy.html#id341432">Using a Network Default User Profile</a>, <a class="indexterm" href="happy.html#id349248">Windows Client Configuration</a></dt><dt>netlogon, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>Netlogon, <a class="indexterm" href="appendix.html#domjoin">Joining a Domain: Windows 200x/XP Professional</a></dt><dt>netmask, <a class="indexterm" href="simple.html#id321762">Implementation</a></dt><dt>Netware, <a class="indexterm" href="small.html">Small Office Networking</a></dt><dt>NetWare, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>network</dt><dd><dl><dt>administrators, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>analyzer, <a class="indexterm" href="primer.html#id389338">Assignment Tasks</a></dt><dt>bandwidth, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>broadcast, <a class="indexterm" href="primer.html#id389288">Introduction</a></dt><dt>captures, <a class="indexterm" href="primer.html#id389151">Requirements and Notes</a></dt><dt>collisions, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>load, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>logon scripts, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>management, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>multi-segment, <a class="indexterm" href="happy.html#id339991">Introduction</a></dt><dt>overload, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>performance, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>routed, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>segment, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>sniffer, <a class="indexterm" href="primer.html#id389151">Requirements and Notes</a></dt><dt>timeout, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>timeouts, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>trace, <a class="indexterm" href="primer.html#id389338">Assignment Tasks</a></dt><dt>traffic</dt><dd><dl><dt>observation, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></dd><dt>wide-area, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt></dl></dd><dt>Network Address Translation (see NAT)</dt><dt>network administrators, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>network attached storage (see NAS)</dt><dt>network bandwidth</dt><dd><dl><dt>utilization, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>Network Default Profile, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a></dt><dt>network hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>network hygiene, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>network Identities, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>network load factors, <a class="indexterm" href="Big500users.html#id334641">Dissection and Discussion</a></dt><dt>Network Neighborhood, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>network segment, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a></dt><dt>network segments, <a class="indexterm" href="secure.html#id329122">Hardware Requirements</a></dt><dt>network share, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a></dt><dt>networking</dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt></dl></dd><dt>networking hardware</dt><dd><dl><dt>defective, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>networking protocols, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>next generation, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>NextFreeUnixId, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>NFS server, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>NICs, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>NIS, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id357171">Political Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>nis, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>NIS schema, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>NIS server, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>NIS+, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>nisplus, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>NLM, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>nmap, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>nmbd, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>nobody, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a></dt><dt>Novell, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a>, <a class="indexterm" href="nw4migration.html#id371710">Introduction</a></dt><dt>Novell SUSE SLES 9, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>NSS, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="DomApps.html#id382178">NSS Configuration</a> (see same service switch)</dt><dt>nss_ldap, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id362716">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>nt acl support, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a></dt><dt>NT4 registry, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>NTLM, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>NTLM authentication daemon, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>NTLMSSP, <a class="indexterm" href="DomApps.html#id382809">Key Points Learned</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a>, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>NTLMSSP_AUTH, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>ntlm_auth, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>NTP, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>NTUSER.DAT, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id341344">Profile Changes</a>, <a class="indexterm" href="happy.html#id341432">Using a Network Default User Profile</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>NULL connection, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>NULL session, <a class="indexterm" href="primer.html#id390873">Findings and Comments</a></dt><dt>NULL-Session, <a class="indexterm" href="primer.html#id391618">Discussion</a></dt></dl></div><div class="indexdiv"><h3>O</h3><dl><dt>objectClass, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>off-site storage, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Open Magazine, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>Open Source, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>OpenLDAP, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#id357171">Political Issues</a>, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a>, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>openldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>OpenOffice, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>operating profiles, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>oplock break, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a></dt><dt>oplocks, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>Oplocks</dt><dd><dl><dt>disabled, <a class="indexterm" href="appendix.html#id389009">Opportunistic Locking Controls</a></dt></dl></dd><dt>opportunistic</dt><dd><dl><dt>locking, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a></dt></dl></dd><dt>opportunistic locking, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a>, <a class="indexterm" href="appendix.html#id388933">Act! Database Sharing</a></dt><dt>optimized, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>organizational units, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>OS/2, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>Outlook</dt><dd><dl><dt>PST, <a class="indexterm" href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></dt></dl></dd><dt>Outlook Address Book, <a class="indexterm" href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></dt><dt>Outlook Express, <a class="indexterm" href="secure.html#id329242">Political Issues</a>, <a class="indexterm" href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></dt><dt>over-ride, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>over-ride controls, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a></dt><dt>over-rule, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id379683">Using MS Windows Explorer (File Manager)</a></dt><dt>overheads, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a></dt><dt>ownership, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt></dl></div><div class="indexdiv"><h3>P</h3><dl><dt>package, <a class="indexterm" href="simple.html#id321762">Implementation</a></dt><dt>package names, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>packages, <a class="indexterm" href="upgrades.html#id366712">Updating a Samba-3 Installation</a></dt><dt>PADL, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a></dt><dt>PADL LDAP tools, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt><dt>PADL Software, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>paid-for support, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>PAM, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>pam_ldap, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>pam_ldap.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>pam_unix2.so, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dd><dl><dt>use_ldap, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt></dl></dd><dt>parameters, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>passdb backend, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id366838">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id367593">Assignment Tasks</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>passdb.tdb, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>passwd, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a></dt><dt>password</dt><dd><dl><dt>backend, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>password caching, <a class="indexterm" href="simple.html#id322563">Implementation</a></dt><dt>password change, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a></dt><dt>password length, <a class="indexterm" href="primer.html#id390654">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>payroll, <a class="indexterm" href="nw4migration.html#id371710">Introduction</a></dt><dt>pdbedit, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>PDC, <a class="indexterm" href="Big500users.html#id334566">Assignment Tasks</a>, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a>, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-locgrppol">The Local Group Policy</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id368129">Implementation</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a>, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a></dt><dt>PDC/BDC ratio, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>PDF, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>performance, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a>, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a>, <a class="indexterm" href="HA.html#id383342">Introduction</a>, <a class="indexterm" href="HA.html#id384246">Network Collisions</a></dt><dt>performance degradation, <a class="indexterm" href="kerberos.html#id378849">Override Controls</a>, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>Perl, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>permission, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>permissions, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>excessive, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>group, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>user, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt></dl></dd><dt>Permissions, <a class="indexterm" href="kerberos.html#id379406">Using the MMC Computer Management Interface</a></dt><dt>permits, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>permitted group, <a class="indexterm" href="kerberos.html#id379406">Using the MMC Computer Management Interface</a></dt><dt>PHP, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>PHP4, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>pile-driver, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>ping, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>pitfalls, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>plain-text, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>Pluggable Authentication Modules (see PAM)</dt><dt>policy, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>poor performance, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>POP3, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a></dt><dt>Posix, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id368129">Implementation</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>POSIX, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>Posix accounts, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>Posix ACLs, <a class="indexterm" href="kerberos.html#id379357">Managing Windows 200x ACLs</a></dt><dt>PosixAccount, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>posixAccount, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>Postfix, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>Postscript, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a></dt><dt>powers, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>practices, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>precaution, <a class="indexterm" href="upgrades.html#id364642">Introduction</a></dt><dt>presence and leadership, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>price paid, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>primary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>principals, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>print filter, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>print queue, <a class="indexterm" href="simple.html#id322302">Charity Administration Office</a>, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a></dt><dt>print spooler, <a class="indexterm" href="simple.html#id322302">Charity Administration Office</a></dt><dt>Print Test Page, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>printcap name, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>printer validation, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a></dt><dt>printers</dt><dd><dl><dt>Advanced, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>Default Settings, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>General, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>Properties, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>Security, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>Sharing, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt></dl></dd><dt>printing, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dd><dl><dt>drag-and-drop, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a>, <a class="indexterm" href="happy.html#id350420">Uploading Printer Drivers to Samba Servers</a></dt><dt>dumb, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a></dt><dt>point-n-click, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a></dt><dt>raw, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a></dt></dl></dd><dt>privacy, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>Privilege Attribute Certificates (see PAC)</dt><dt>privilege controls, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>privileged pipe, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>privileges, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id366912">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt><dt>problem report, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>problem resolution, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>product defects, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>professional support, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>profile</dt><dd><dl><dt>default, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a></dt><dt>mandatory, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>roaming, <a class="indexterm" href="happy.html">Making Happy Users</a></dt></dl></dd><dt>profile path, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>profile share, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>profiles, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>profiles share, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>programmer, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>project, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>project maintainers, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>Properties, <a class="indexterm" href="kerberos.html#id379406">Using the MMC Computer Management Interface</a></dt><dt>proprietary, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>protected, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>protection, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>protocol</dt><dd><dl><dt>negotiation, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt></dl></dd><dt>protocol analysis, <a class="indexterm" href="primer.html#id389151">Requirements and Notes</a></dt><dt>protocols, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>provided services, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>proxy, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>PST file, <a class="indexterm" href="happy.html#id349965">Configuration of MS Outlook to Relocate PST File</a></dt><dt>public specifications, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>purchase support, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt></dl></div><div class="indexdiv"><h3>Q</h3><dl><dt>Qbasic, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>qualified problem, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt></dl></div><div class="indexdiv"><h3>R</h3><dl><dt>RAID, <a class="indexterm" href="secure.html#id329122">Hardware Requirements</a></dt><dt>RAID controllers, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>Raw Print Through, <a class="indexterm" href="happy.html#id341486">Installation of Printer Driver Auto-Download</a></dt><dt>raw printing, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4ptrcfg">Printer Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="happy.html#sbehap-ptrcfg">Printer Configuration</a></dt><dt>Rbase, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>rcldap, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>realm, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="unixclients.html#id362164">IDMAP Storage in LDAP using Winbind</a>, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>recognize, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>record locking, <a class="indexterm" href="appendix.html#id388795">Microsoft Access</a></dt><dt>recursively, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Red Hat, <a class="indexterm" href="simple.html#id321657">Drafting Office</a>, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>Red Hat Fedora Linux, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>Red Hat Linux, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="simple.html#AccountingOffice">Accounting Office</a>, <a class="indexterm" href="happy.html#id342434">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381058">Implementation</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>redirected folders, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>refereed standards, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>regedit, <a class="indexterm" href="simple.html#id322563">Implementation</a></dt><dt>regedt32, <a class="indexterm" href="happy.html#id341344">Profile Changes</a>, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dd><dl><dt>keys</dt><dd><dl><dt>SAM, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>SECURITY, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt></dl></dd></dl></dd><dt>registry change, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>Registry Editor, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>registry hacks, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>registry keys, <a class="indexterm" href="happy.html#redirfold">Configuration of Default Profile with Folder Redirection</a></dt><dt>reimburse, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>rejected, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>rejoin, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>reliability, <a class="indexterm" href="HA.html">Performance, Reliability, and Availability</a></dt><dt>remote announce, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>remote browse sync, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>remote procedure call (see RPC)</dt><dt>replicate, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="HA.html#id384817">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>replicated, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a></dt><dt>requesting payment, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>resilient, <a class="indexterm" href="HA.html#id383870">Guidelines for Reliable Samba Operation</a></dt><dt>resolution, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a></dt><dt>resolve, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="HA.html#id383905">Bad Hostnames</a></dt><dt>response, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a></dt><dt>responsibility, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>responsible, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>restrict anonymous, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>restricted export, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>Restrictive security, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>reverse DNS, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a></dt><dt>rfc2307bis, <a class="indexterm" href="unixclients.html#id362716">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a></dt><dt>RID, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>risk, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>road-map, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dd><dl><dt>published, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></dd><dt>roaming profile, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a>, <a class="indexterm" href="happy.html#id348809">Configuring Profile Directories</a>, <a class="indexterm" href="net2000users.html#id351735">User Needs</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>roaming profiles, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="happy.html#id341073">Roaming Profile Background</a></dt><dt>routed network, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a></dt><dt>router, <a class="indexterm" href="small.html#id326106">Implementation</a></dt><dt>routers, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>RPC, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>rpc, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>rpcclient, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>RPM, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a></dt><dd><dl><dt>install, <a class="indexterm" href="simple.html#id321762">Implementation</a></dt></dl></dd><dt>rpm, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>RPMs, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>rpms, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>rsync, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="HA.html#id384817">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>rsyncd.conf, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>run-time control files, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt></dl></div><div class="indexdiv"><h3>S</h3><dl><dt>safe-guards, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>SAM, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>samba, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dd><dl><dt>starting samba, <a class="indexterm" href="simple.html#id321762">Implementation</a></dt></dl></dd><dt>Samba, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>Samba accounts, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>samba cluster, <a class="indexterm" href="HA.html#id383342">Introduction</a></dt><dt>samba control script, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>Samba Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>Samba Domain server, <a class="indexterm" href="kerberos.html#id379406">Using the MMC Computer Management Interface</a></dt><dt>Samba RPM Packages, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a></dt><dt>Samba Tea, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>sambaDomainName, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>sambaGroupMapping, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>SambaSAMAccount, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>SambaSamAccount, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>sambaSamAccount, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>SambaXP conference, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>SAN, <a class="indexterm" href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>SAS, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>scalability, <a class="indexterm" href="HA.html#id383342">Introduction</a></dt><dt>scalable, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>schannel, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>schema, <a class="indexterm" href="unixclients.html#id362716">IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366596">Samba-2.x with LDAP Support</a>, <a class="indexterm" href="upgrades.html#id366838">Updating from Samba Versions between 3.0.6 and 3.0.10</a></dt><dt>scripts, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>secondary group, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a></dt><dt>secret, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>secrets.tdb, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a></dt><dt>secure, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>secure account password, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>secure connections, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>secure networking, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>secure networking protocols, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>security, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dd><dl><dt>identifier, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>share mode, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a></dt><dt>user mode, <a class="indexterm" href="simple.html#id324306">Dissection and Discussion</a></dt></dl></dd><dt>Security, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379406">Using the MMC Computer Management Interface</a></dt><dt>Security Account Manager (see SAM)</dt><dt>security controls, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>security descriptors, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>security fixes, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>security updates, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>SerNet, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>server</dt><dd><dl><dt>domain member, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>stand-alone, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt></dl></dd><dt>service, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dd><dl><dt>smb</dt><dd><dl><dt>start, <a class="indexterm" href="Big500users.html#ch5-domsvrspec">Configuration Specific to Domain Member Servers: BLDG1, BLDG2</a></dt></dl></dd></dl></dd><dt>Service Packs, <a class="indexterm" href="secure.html#ch4appscfg">Application Share Configuration</a></dt><dt>services, <a class="indexterm" href="DomApps.html#id382809">Key Points Learned</a></dt><dt>services provided, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>session setup, <a class="indexterm" href="primer.html#id390654">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>Session Setup, <a class="indexterm" href="primer.html#id390654">Simple Windows Client Connection Characteristics</a></dt><dt>SessionSetUpAndX, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>set primary group script, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>setfacl, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>severely degrade, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>SFU, <a class="indexterm" href="unixclients.html#id362988">IDMAP, Active Directory, and MS Services for UNIX 3.5</a></dt><dt>SGID, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>shadow-utils, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>Share Access Controls, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>share ACLs, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>share definition, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>Share Definition</dt><dd><dl><dt>Controls, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a></dt></dl></dd><dt>share definition controls, <a class="indexterm" href="kerberos.html#id378435">Share Definition Controls</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>share level access controls, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>share level ACL, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>Share Permissions, <a class="indexterm" href="kerberos.html#id378100">Share Access Controls</a></dt><dt>shared resource, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>shares, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>SID, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id361596">IDMAP_RID with Winbind</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id365549">Change of Workgroup (Domain) Name</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id386988">Initialization of the LDAP Database</a></dt><dt>side effects, <a class="indexterm" href="kerberos.html#id379357">Managing Windows 200x ACLs</a></dt><dt>Sign'n'seal, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>silent return, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></dt><dt>simple, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>Single Sign-On (see SSO)</dt><dt>slapcat, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>slapd, <a class="indexterm" href="happy.html#id341816">Debugging LDAP</a></dt><dt>slapd.conf, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>slave, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a></dt><dt>slow logon, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>slow network, <a class="indexterm" href="HA.html#id384858">Hardware Problems</a></dt><dt>slurpd, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>smart printing, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>SMB, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>SMB passwords, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>SMB/CIFS, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>smbclient, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>smbd, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#sbeug1">Location of config files</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dd><dl><dt>location of files, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt></dl></dd><dt>smbfs, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>smbldap-groupadd, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>smbldap-groupmod, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>smbldap-passwd, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-populate, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a></dt><dt>smbldap-tools, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a>, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>smbldap-tools updating, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>smbldap-useradd, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt><dt>smbldap-usermod, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>smbmnt, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>smbmount, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>smbpasswd, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id325916">Technical Issues</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="happy.html#id345072">LDAP Initialization and Creation of User and Group Accounts</a>, <a class="indexterm" href="happy.html#sbehap-bldg1">Samba-3 BDC Configuration</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html">Updating Samba-3</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="DomApps.html">Integrating Additional Services</a></dt><dt>smbumnt, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>smbumount, <a class="indexterm" href="HA.html#id383418">Dissection and Discussion</a></dt><dt>SMTP, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a></dt><dt>snap-shot, <a class="indexterm" href="ntmigration.html#id367644">Dissection and Discussion</a></dt><dt>socket address, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>socket options, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>software, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>solve, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>source code, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>SPNEGO, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>SQL, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>Squid, <a class="indexterm" href="DomApps.html#id381058">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id382434">Squid Configuration</a></dt><dt>squid, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>Squid proxy, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>SRVTOOLS.EXE, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="happy.html#id348809">Configuring Profile Directories</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>SSL, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>stand-alone server, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>starting CUPS, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting dhcpd, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dt>starting samba, <a class="indexterm" href="simple.html#id321762">Implementation</a>, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a>, <a class="indexterm" href="Big500users.html#ch5-procstart">Process Startup Configuration</a></dt><dd><dl><dt>nmbd, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>smbd, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>winbindd, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt></dl></dd><dt>startingCUPS, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a></dt><dt>startup script, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>sticky bit, <a class="indexterm" href="small.html#id326106">Implementation</a></dt><dt>storage capacity, <a class="indexterm" href="secure.html#id329122">Hardware Requirements</a></dt><dt>strategic, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a></dt><dt>strategy, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>straw-man, <a class="indexterm" href="kerberos.html">Active Directory, Kerberos, and Security</a></dt><dt>strict sync, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>stripped, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></dt><dt>strong cryptography, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>subscription, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>SUID, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a>, <a class="indexterm" href="appendix.html#ch12-SUIDSGID">Effect of Setting File and Directory SUID/SGID Permissions Explained</a></dt><dt>Sun ONE Identity Server, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>super daemon, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>support, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a>, <a class="indexterm" href="ch14.html">Samba Support</a></dt><dt>survey, <a class="indexterm" href="unixclients.html">Adding Domain Member Servers and Clients</a></dt><dt>SUSE, <a class="indexterm" href="nw4migration.html">Migrating NetWare Server to Samba-3</a></dt><dt>SUSE Enterprise Linux Server, <a class="indexterm" href="simple.html#id322302">Charity Administration Office</a>, <a class="indexterm" href="secure.html#ch4bsc">Basic System Configuration</a>, <a class="indexterm" href="DomApps.html#id381058">Implementation</a></dt><dt>SUSE Linux, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id342434">Samba Server Implementation</a>, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381058">Implementation</a>, <a class="indexterm" href="DomApps.html#ch10-one">Removal of Pre-Existing Conflicting RPMs</a></dt><dt>SWAT, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>sync always, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>synchronization, <a class="indexterm" href="DomApps.html#id381292">Kerberos Configuration</a>, <a class="indexterm" href="HA.html#id384721">For Scalability, Use SAN-Based Storage on Samba Servers</a></dt><dt>synchronize, <a class="indexterm" href="net2000users.html#id351735">User Needs</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>synchronized, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>syslog, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>system level logins, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>system security, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>T</h3><dl><dt>tattooing, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>TCP/IP, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>tdbdump, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>tdbsam, <a class="indexterm" href="secure.html#id328897">Technical Issues</a>, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="happy.html#id340067">Assignment Tasks</a>, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="upgrades.html#id366838">Updating from Samba Versions between 3.0.6 and 3.0.10</a>, <a class="indexterm" href="ntmigration.html#id367806">Technical Issues</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>testparm, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="happy.html#sbehap-massive">Samba-3 PDC Configuration</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="HA.html#id384336">Samba Configuration</a></dt><dt>ticket, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>time server, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>Tivoli Directory Server, <a class="indexterm" href="happy.html#id340195">Dissection and Discussion</a></dt><dt>TLS, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>token, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a></dt><dt>tool, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>TOSHARG2, <a class="indexterm" href="simple.html#id322563">Implementation</a></dt><dt>track record, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>traffic collisions, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>transaction processing, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a></dt><dt>transactional, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>transfer, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>translate, <a class="indexterm" href="kerberos.html#id379357">Managing Windows 200x ACLs</a></dt><dt>traverse, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>tree, <a class="indexterm" href="nw4migration.html#id371886">Dissection and Discussion</a></dt><dt>Tree Connect, <a class="indexterm" href="primer.html#id390654">Simple Windows Client Connection Characteristics</a></dt><dt>trust account, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a></dt><dt>trusted computing, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Trusted Domains, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>trusted domains, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>trusted third-party, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>trusting, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>turn-around time, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt></dl></div><div class="indexdiv"><h3>U</h3><dl><dt>UDP</dt><dd><dl><dt>broadcast, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt></dl></dd><dt>UID, <a class="indexterm" href="simple.html#id322394">Dissection and Discussion</a>, <a class="indexterm" href="happy.html#id339866">Regarding LDAP Directories and Windows Computer Accounts</a>, <a class="indexterm" href="happy.html#id340598">Technical Issues</a>, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>un-join, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>unauthorized activities, <a class="indexterm" href="kerberos.html#id377804">Kerberos Exposed</a></dt><dt>UNC name, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>unencrypted, <a class="indexterm" href="appendix.html#id387443">The LDAP Account Manager</a></dt><dt>Unicast, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a></dt><dt>unicode, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt><dt>Universal Naming Convention (see UNC name)</dt><dt>UNIX, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dd><dl><dt>groups, <a class="indexterm" href="small.html#id325916">Technical Issues</a>, <a class="indexterm" href="small.html#id326106">Implementation</a></dt></dl></dd><dt>UNIX accounts, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt><dt>UNIX/Linux server, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>unix2dos, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt><dt>unknown, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>unsupported software, <a class="indexterm" href="ch14.html#id385420">Commercial Support</a></dt><dt>update, <a class="indexterm" href="upgrades.html#id364642">Introduction</a>, <a class="indexterm" href="upgrades.html#id364726">Cautions and Notes</a></dt><dt>updates, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>updating smbldap-tools, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>upgrade, <a class="indexterm" href="upgrades.html#id364642">Introduction</a>, <a class="indexterm" href="upgrades.html#id364726">Cautions and Notes</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>uppercase, <a class="indexterm" href="ntmigration.html#id368129">Implementation</a></dt><dt>user</dt><dd><dl><dt>management, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a></dt></dl></dd><dt>user account, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="happy.html#ldapsetup">OpenLDAP Server Configuration</a></dt><dt>User and Group Controls, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>user credentials, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a></dt><dt>user errors, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>user groups, <a class="indexterm" href="ch14.html#id385222">Free Support</a></dt><dt>user identities, <a class="indexterm" href="unixclients.html#id357255">Implementation</a></dt><dt>user logins, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>user management, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>User Manager, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>User Mode, <a class="indexterm" href="secure.html#id329275">Implementation</a>, <a class="indexterm" href="primer.html#id390654">Simple Windows Client Connection Characteristics</a>, <a class="indexterm" href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></dt><dt>useradd, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="simple.html#AcctgNet">Implementation</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id336107">Configuration for Server: MASSIVE</a>, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>userdel, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></dt><dt>usermod, <a class="indexterm" href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a>, <a class="indexterm" href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></dt><dt>username, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>username map, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#id330030">Samba Configuration</a>, <a class="indexterm" href="Big500users.html#id335580">Server Preparation: All Servers</a></dt><dt>UTF-8, <a class="indexterm" href="upgrades.html#id365792">International Language Support</a></dt><dt>utilities, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt></dl></div><div class="indexdiv"><h3>V</h3><dl><dt>valid users, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a>, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>validate, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>validated, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>validation, <a class="indexterm" href="simple.html#validate1">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>vampire, <a class="indexterm" href="ntmigration.html#id370824">Questions and Answers</a></dt><dt>vendor, <a class="indexterm" href="kerberos.html#id376252">Dissection and Discussion</a></dt><dt>vendors, <a class="indexterm" href="upgrades.html#id366712">Updating a Samba-3 Installation</a></dt><dt>VFS modules, <a class="indexterm" href="appendix.html#id386084">Samba System File Location</a></dt><dt>virus, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>VPN, <a class="indexterm" href="net2000users.html#id351396">Assignment Tasks</a></dt><dt>vulnerabilities, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt></dl></div><div class="indexdiv"><h3>W</h3><dl><dt>wbinfo, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a></dt><dt>weakness, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a></dt><dt>web</dt><dd><dl><dt>caching, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a></dt><dt>proxying, <a class="indexterm" href="DomApps.html#id380775">Assignment Tasks</a></dt></dl></dd><dt>Web</dt><dd><dl><dt>proxy, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dd><dl><dt>access, <a class="indexterm" href="DomApps.html#id382809">Key Points Learned</a></dt></dl></dd></dl></dd><dt>Web browsers, <a class="indexterm" href="DomApps.html#id382809">Key Points Learned</a></dt><dt>WebClient, <a class="indexterm" href="happy.html">Making Happy Users</a></dt><dt>WHATSNEW.txt, <a class="indexterm" href="upgrades.html#id366596">Samba-2.x with LDAP Support</a></dt><dt>white-pages, <a class="indexterm" href="nw4migration.html#id371958">Technical Issues</a>, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>wide-area, <a class="indexterm" href="net2000users.html#id351735">User Needs</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id355551">Key Points Learned</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>wide-area network, <a class="indexterm" href="HA.html#id384636">Use and Location of BDCs</a>, <a class="indexterm" href="HA.html#id384817">Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</a></dt><dt>winbind, <a class="indexterm" href="net2000users.html#id352534">Implementation</a>, <a class="indexterm" href="unixclients.html#id356547">Dissection and Discussion</a>, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id375655">Introduction</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id380894">Technical Issues</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id382178">NSS Configuration</a></dt><dt>Winbind, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="kerberos.html#id376618">Technical Issues</a>, <a class="indexterm" href="kerberos.html#id380041">Key Points Learned</a></dt><dt>winbind trusted domains only, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>winbind use default domain, <a class="indexterm" href="kerberos.html#id378564">Checkpoint Controls</a></dt><dt>winbindd, <a class="indexterm" href="small.html#id327557">Validation</a>, <a class="indexterm" href="secure.html#ch4valid">Validation</a>, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a>, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a>, <a class="indexterm" href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server Using NSS LDAP</a>, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a>, <a class="indexterm" href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a>, <a class="indexterm" href="upgrades.html#id366912">Updating from Samba Versions after 3.0.6 to a Current Release</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a>, <a class="indexterm" href="DomApps.html#id381656">Samba Configuration</a>, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a>, <a class="indexterm" href="appendix.html#id386477">Starting Samba</a></dt><dt>winbindd_cache.tdb, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>winbindd_idmap.tdb, <a class="indexterm" href="unixclients.html#id356570">Technical Issues</a></dt><dt>Windows, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dd><dl><dt>client, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt><dt>NT, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a></dt></dl></dd><dt>Windows 2000 ACLs, <a class="indexterm" href="kerberos.html#id379357">Managing Windows 200x ACLs</a></dt><dt>Windows 2003 Serve, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Windows 200x ACLs, <a class="indexterm" href="kerberos.html#id380163">Questions and Answers</a></dt><dt>Windows accounts, <a class="indexterm" href="happy.html#id340598">Technical Issues</a></dt><dt>Windows ACLs, <a class="indexterm" href="kerberos.html#id379845">Setting Posix ACLs in UNIX/Linux</a></dt><dt>Windows Address Book, <a class="indexterm" href="nw4migration.html#id372194">LDAP Server Configuration</a></dt><dt>Windows ADS Domain, <a class="indexterm" href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></dt><dt>Windows clients, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>Windows Explorer, <a class="indexterm" href="simple.html#validate1">Validation</a></dt><dt>Windows explorer, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>Windows security identifier (see SID)</dt><dt>Windows Servers, <a class="indexterm" href="kerberos.html#id375655">Introduction</a></dt><dt>Windows Services for UNIX (see SUS)</dt><dt>Windows XP, <a class="indexterm" href="small.html#id325825">Assignment Tasks</a></dt><dt>WINS, <a class="indexterm" href="simple.html#id322563">Implementation</a>, <a class="indexterm" href="small.html#id325916">Technical Issues</a>, <a class="indexterm" href="small.html#id326106">Implementation</a>, <a class="indexterm" href="secure.html#ch4wincfg">Windows Client Configuration</a>, <a class="indexterm" href="Big500users.html#id334670">Technical Issues</a>, <a class="indexterm" href="Big500users.html#ch5wincfg">Windows Client Configuration</a>, <a class="indexterm" href="net2000users.html#id351811">The Nature of Windows Networking Protocols</a>, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a>, <a class="indexterm" href="primer.html#chap01qa">Questions and Answers</a></dt><dd><dl><dt>lookup, <a class="indexterm" href="unixclients.html#id363573">Questions and Answers</a></dt><dt>name resolution, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt><dt>server, <a class="indexterm" href="happy.html">Making Happy Users</a>, <a class="indexterm" href="HA.html#id384083">Routed Networks</a></dt></dl></dd><dt>WINS server, <a class="indexterm" href="Big500users.html">The 500-User Office</a>, <a class="indexterm" href="net2000users.html#id355690">Questions and Answers</a></dt><dt>WINS serving, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>wins support, <a class="indexterm" href="secure.html#id329275">Implementation</a></dt><dt>wins.dat, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a>, <a class="indexterm" href="upgrades.html#id367004">Replacing a Domain Member Server</a></dt><dt>Wireshark, <a class="indexterm" href="primer.html#id389151">Requirements and Notes</a></dt><dt>wireshark, <a class="indexterm" href="primer.html#id389445">Exercises</a></dt><dt>Word, <a class="indexterm" href="kerberos.html#id378992">Share Point Directory and File Permissions</a></dt><dt>workgroup, <a class="indexterm" href="simple.html#id321762">Implementation</a>, <a class="indexterm" href="upgrades.html#id364816">Security Identifiers (SIDs)</a>, <a class="indexterm" href="upgrades.html#id365549">Change of Workgroup (Domain) Name</a></dt><dt>Workgroup Announcement, <a class="indexterm" href="primer.html#id390308">Findings</a></dt><dt>workstation, <a class="indexterm" href="unixclients.html#id357255">Implementation</a></dt><dt>wrapper, <a class="indexterm" href="DomApps.html#id382864">Questions and Answers</a></dt><dt>write lock, <a class="indexterm" href="appendix.html#id389009">Opportunistic Locking Controls</a></dt></dl></div><div class="indexdiv"><h3>X</h3><dl><dt>xinetd, <a class="indexterm" href="secure.html#procstart">Process Startup Configuration</a></dt><dt>XML, <a class="indexterm" href="net2000users.html#id351452">Dissection and Discussion</a></dt><dt>xmlsam, <a class="indexterm" href="net2000users.html#id352534">Implementation</a></dt></dl></div><div class="indexdiv"><h3>Y</h3><dl><dt>YaST, <a class="indexterm" href="happy.html#sbehap-PAM-NSS">PAM and NSS Client Configuration</a></dt><dt>Yellow Pages, <a class="indexterm" href="net2000users.html#id352108">Identity Management Needs</a></dt><dt>yellow pages (see NIS)</dt></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="go01.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> </td></tr><tr><td width="40%" align="left" valign="top">Glossary </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> </td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/kerberos.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 11. Active Directory, Kerberos, and Security</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="RefSection.html" title="Part III. Reference Section"><link rel="next" href="DomApps.html" title="Chapter 12. Integrating Additional Services"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 11. Active Directory, Kerberos, and Security</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="RefSection.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="DomApps.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 11. Active Directory, Kerberos, and Security"><div class="titlepage"><div><div><h2 class="title"><a name="kerberos"></a>Chapter 11. Active Directory, Kerberos, and Security</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="kerberos.html#id377126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id377710">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id377723">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378089">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id379573">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379908">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380465">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380830">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id381514">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id381636">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id377075"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 11. Active Directory, Kerberos, and Security</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="RefSection.html" title="Part III. Reference Section"><link rel="next" href="DomApps.html" title="Chapter 12. Integrating Additional Services"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 11. Active Directory, Kerberos, and Security</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="RefSection.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="DomApps.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 11. Active Directory, Kerberos, and Security"><div class="titlepage"><div><div><h2 class="title"><a name="kerberos"></a>Chapter 11. Active Directory, Kerberos, and Security</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="kerberos.html#id375655">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id376238">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id376252">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id376618">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#ch10expl">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="kerberos.html#id378100">Share Access Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id378435">Share Definition Controls</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id378992">Share Point Directory and File Permissions</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id379357">Managing Windows 200x ACLs</a></span></dt><dt><span class="sect2"><a href="kerberos.html#id380041">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="kerberos.html#id380163">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id375604"></a>
         By this point in the book, you have been exposed to many Samba-3 features and capabilities.
         More importantly, if you have implemented the examples given, you are well on your way to becoming
 …
         practice, you likely have thought of improvements and scenarios with which you can experiment. You
         are rather well plugged in to the many flexible ways Samba can be used.
         </p><p><a class="indexterm" name="id377090"></a>
+        </p><p><a class="indexterm" name="id375618"></a>
         This is a book about Samba-3. Understandably, its intent is to present it in a positive light.
         The casual observer might conclude that this book is one-eyed about Samba. It is  what
 …
         decision. Criticism can be expected from the outside. Let's see how the interesting dynamic of
         criticism develops with respect to Abmas.
         </p><p><a class="indexterm" name="id377113"></a>
+        </p><p><a class="indexterm" name="id375642"></a>
         This chapter provides a shameless self-promotion of Samba-3. The objections raised were not pulled
         out of thin air. They were drawn from comments made by Samba users and from criticism during
 …
         as possible that of the original. The case presented is a straw-man example that is designed to
         permit each objection to be answered as it might occur in real life.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id377126"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id377133"></a><a class="indexterm" name="id377141"></a><a class="indexterm" name="id377148"></a><a class="indexterm" name="id377156"></a><a class="indexterm" name="id377164"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id375655"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id375661"></a><a class="indexterm" name="id375669"></a><a class="indexterm" name="id375677"></a><a class="indexterm" name="id375685"></a><a class="indexterm" name="id375693"></a>
         Abmas is continuing its meteoric growth with yet further acquisitions. The investment community took
         note of the spectacular projection of Abmas onto the global business stage. Abmas is building an
 …
         During the time that the acquisition was closing, the Video Rentals business upgraded its Windows
         NT4-based network to Windows 2003 Server and Active Directory.
         </p><p><a class="indexterm" name="id377182"></a>
+        </p><p><a class="indexterm" name="id375710"></a>
         You have accepted the fact that Abmas Video Rentals will use Microsoft Active Directory.
         The IT team, led by Stan Soroka, is committed to Samba-3 and to maintaining a uniform technology platform.
 …
         technologies.</span>&#8221;</span> This comment was made by one of Christine's staff as they were installing a new
         Samba-3 server at the new business.
         </p><p><a class="indexterm" name="id377201"></a><a class="indexterm" name="id377209"></a>
+        </p><p><a class="indexterm" name="id375729"></a><a class="indexterm" name="id375737"></a>
         Abmas Video Rentals' head of IT heard of this criticism. He was offended that a junior engineer
         should make such a comment. He felt that he had to prepare in case he might be criticized for his
         decision to use Active Directory. He decided he would defend his decision by hiring the services
         of an outside security systems consultant to report<sup>[<a name="id377221" href="#ftn.id377221" class="footnote">12</a>]</sup> on his unit's operations
+        of an outside security systems consultant to report<sup>[<a name="id375749" href="#ftn.id375749" class="footnote">12</a>]</sup> on his unit's operations
         and to investigate the role of Samba at his site. Here are key extracts from this hypothetical
         report:
         </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id377230"></a><a class="indexterm" name="id377238"></a><a class="indexterm" name="id377246"></a><a class="indexterm" name="id377254"></a>
+        </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id375759"></a><a class="indexterm" name="id375767"></a><a class="indexterm" name="id375775"></a><a class="indexterm" name="id375782"></a>
         ... the implementation of Microsoft Active Directory at the Abmas Video Rentals, Bamingsham site,
          has been examined. We find no evidence to support a notion that vulnerabilities exist at your site.
 …
         </p><p>
         ...
         </p><p><a class="indexterm" name="id377272"></a><a class="indexterm" name="id377283"></a><a class="indexterm" name="id377294"></a><a class="indexterm" name="id377302"></a><a class="indexterm" name="id377310"></a><a class="indexterm" name="id377318"></a>
+        </p><p><a class="indexterm" name="id375800"></a><a class="indexterm" name="id375812"></a><a class="indexterm" name="id375823"></a><a class="indexterm" name="id375831"></a><a class="indexterm" name="id375839"></a><a class="indexterm" name="id375847"></a>
         User and group accounts, and respective privileges, have been well thought out. File system shares are
         appropriately secured. Backup and disaster recovery plans are well managed and validated regularly, and
         effective off-site storage practices are considered to exceed industry norms.
         </p><p><a class="indexterm" name="id377332"></a><a class="indexterm" name="id377340"></a><a class="indexterm" name="id377347"></a>
+        </p><p><a class="indexterm" name="id375860"></a><a class="indexterm" name="id375868"></a><a class="indexterm" name="id375876"></a>
         Your staff are justifiably concerned that the use of Samba may compromise their good efforts to maintain
         a secure network.
         </p><p><a class="indexterm" name="id377363"></a><a class="indexterm" name="id377371"></a><a class="indexterm" name="id377379"></a><a class="indexterm" name="id377387"></a>
+        </p><p><a class="indexterm" name="id375892"></a><a class="indexterm" name="id375900"></a><a class="indexterm" name="id375907"></a><a class="indexterm" name="id375915"></a>
         The recently installed Linux file and application server uses a tool called <code class="literal">winbind</code>
         that is indiscriminate about security. All user accounts in Active Directory can be used to access data
 …
         to great lengths to set fine-grained controls that limit information access to those who need access.
         It seems incongruous to us that Samba winbind should be permitted to be used considering that it voids this fine work.
         </p><p><a class="indexterm" name="id377412"></a><a class="indexterm" name="id377420"></a><a class="indexterm" name="id377428"></a>
+        </p><p><a class="indexterm" name="id375941"></a><a class="indexterm" name="id375949"></a><a class="indexterm" name="id375957"></a>
         Graham Judd [head of network administration] has locked down the security of all systems and is following
         the latest Microsoft guidelines. ... null session connections have been disabled ... the internal network
 …
         </p><p>
         ...
         </p><p><a class="indexterm" name="id377448"></a><a class="indexterm" name="id377456"></a><a class="indexterm" name="id377464"></a><a class="indexterm" name="id377471"></a>
+        </p><p><a class="indexterm" name="id375976"></a><a class="indexterm" name="id375984"></a><a class="indexterm" name="id375992"></a><a class="indexterm" name="id376000"></a>
         Regarding the use of Samba, we offer the following comments: Samba is in use in nearly half of
         all sites we have surveyed. ... It is our opinion that Samba offers no better security than Microsoft
 …
         Samba is not at the full capabilities of Microsoft Windows NT4 server. Microsoft has moved well beyond that
         with trusted computing initiatives that the Samba developers do not participate in.
         </p><p><a class="indexterm" name="id377489"></a><a class="indexterm" name="id377496"></a><a class="indexterm" name="id377504"></a><a class="indexterm" name="id377512"></a><a class="indexterm" name="id377520"></a><a class="indexterm" name="id377528"></a><a class="indexterm" name="id377536"></a>
+        </p><p><a class="indexterm" name="id376017"></a><a class="indexterm" name="id376025"></a><a class="indexterm" name="id376033"></a><a class="indexterm" name="id376041"></a><a class="indexterm" name="id376049"></a><a class="indexterm" name="id376056"></a><a class="indexterm" name="id376064"></a>
         One wonders about the integrity of an open source program that is developed by a team of hackers
         who cannot be held accountable for the flaws in their code. The sheer number of updates and bug
         fixes they have released should ring alarm bells in any business.
         </p><p><a class="indexterm" name="id377549"></a><a class="indexterm" name="id377557"></a><a class="indexterm" name="id377565"></a>
+        </p><p><a class="indexterm" name="id376078"></a><a class="indexterm" name="id376086"></a><a class="indexterm" name="id376094"></a>
         Another factor that should be considered is that buying Microsoft products and services helps to
         provide employment in the IT industry. Samba and Open Source software place those jobs at risk.
         </p></blockquote></div><p><a class="indexterm" name="id377578"></a><a class="indexterm" name="id377586"></a>
+        </p></blockquote></div><p><a class="indexterm" name="id376106"></a><a class="indexterm" name="id376114"></a>
         This is also a challenge to rise above the trouble spot. You call Stan's team together for a simple
         discussion, but it gets further out of hand.  When you return to your office, you find the following
 …
         across all systems. I concur with the desire to improve security. One of the new guys who is championing
         the move to Kerberos was responsible for the comment that caused the embarrassment.
         </p><p><a class="indexterm" name="id377616"></a><a class="indexterm" name="id377624"></a><a class="indexterm" name="id377632"></a><a class="indexterm" name="id377640"></a>
+        </p><p><a class="indexterm" name="id376145"></a><a class="indexterm" name="id376153"></a><a class="indexterm" name="id376160"></a><a class="indexterm" name="id376168"></a>
         I am experiencing difficulty in handling the sharp push for Kerberos. He claims that Kerberos, OpenLDAP,
         plus Samba-3 will seamlessly replace Microsoft Active Directory. I am a little out of my depth with respect
         to the feasibility of such a move, but have taken steps to pull both of them into line. With your consent,
         I would like to hire the services of a well-known Samba consultant to set the record straight.
         </p><p><a class="indexterm" name="id377655"></a><a class="indexterm" name="id377662"></a><a class="indexterm" name="id377670"></a><a class="indexterm" name="id377678"></a><a class="indexterm" name="id377686"></a><a class="indexterm" name="id377694"></a>
+        </p><p><a class="indexterm" name="id376183"></a><a class="indexterm" name="id376191"></a><a class="indexterm" name="id376199"></a><a class="indexterm" name="id376207"></a><a class="indexterm" name="id376215"></a><a class="indexterm" name="id376222"></a>
         I intend to use this report to answer the criticism raised and would like to establish a policy that we
         will approve the use of Microsoft Windows Servers (and Active Directory) subject to all costs being covered
 …
         use of any centrally proposed standards, but make all noncompliance the financial responsibility of the
         out-of-step division. Hopefully, this will encourage all divisions to walk with us and not alone.
         </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Stan</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id377710"></a>Assignment Tasks</h3></div></div></div><p>
+        </p></td><td width="10%" valign="top"> </td></tr><tr><td width="10%" valign="top"> </td><td colspan="2" align="right" valign="top">--<span class="attribution">Stan</span></td></tr></table></div><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id376238"></a>Assignment Tasks</h3></div></div></div><p>
                 You agreed with Stan's recommendations and hired a consultant to help defuse the powder
                 keg. The consultant's task is to provide a tractable answer to each of the issues raised. The consultant must be able
                 to support his or her claims, keep emotions to the side, and answer technically.
                 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id377723"></a>Dissection and Discussion</h2></div></div></div><p><a class="indexterm" name="id377730"></a><a class="indexterm" name="id377738"></a><a class="indexterm" name="id377746"></a><a class="indexterm" name="id377754"></a><a class="indexterm" name="id377761"></a><a class="indexterm" name="id377769"></a><a class="indexterm" name="id377777"></a>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id376252"></a>Dissection and Discussion</h2></div></div></div><p><a class="indexterm" name="id376258"></a><a class="indexterm" name="id376266"></a><a class="indexterm" name="id376274"></a><a class="indexterm" name="id376282"></a><a class="indexterm" name="id376290"></a><a class="indexterm" name="id376298"></a><a class="indexterm" name="id376306"></a>
         Samba-3 is a tool. No one is pounding your door to make you use Samba. That is a choice that you are free to
         make or reject. It is likely that your decision to use Samba can greatly benefit your company.
 …
         money saved by not spending in the IT area can be spent elsewhere in the business. All money saved
         or spent creates employment.
         </p><p><a class="indexterm" name="id377794"></a><a class="indexterm" name="id377802"></a><a class="indexterm" name="id377809"></a><a class="indexterm" name="id377817"></a><a class="indexterm" name="id377825"></a>
+        </p><p><a class="indexterm" name="id376322"></a><a class="indexterm" name="id376330"></a><a class="indexterm" name="id376338"></a><a class="indexterm" name="id376346"></a><a class="indexterm" name="id376354"></a>
         In the long term, the use of Samba must be economically sustainable. In some situations, Samba is adopted
         purely to provide file and print service interoperability on platforms that otherwise cannot provide
 …
         effect a reduction in the cost of providing IT services. Obviously, it is also used by some as an
         alternative to the use of a Microsoft file and print serving platforms with no consideration of costs.
         </p><p><a class="indexterm" name="id377841"></a><a class="indexterm" name="id377848"></a><a class="indexterm" name="id377856"></a><a class="indexterm" name="id377864"></a>
+        </p><p><a class="indexterm" name="id376369"></a><a class="indexterm" name="id376377"></a><a class="indexterm" name="id376385"></a><a class="indexterm" name="id376393"></a>
         It would be foolish to adopt a technology that might put any data or users at risk. Security affects
         everyone. The Samba-Team is fully cognizant of the responsibility they have to their users.
         The Samba documentation clearly reveals that full responsibility is accepted to fix anything
         that is broken.
         </p><p><a class="indexterm" name="id377878"></a><a class="indexterm" name="id377886"></a><a class="indexterm" name="id377894"></a><a class="indexterm" name="id377902"></a><a class="indexterm" name="id377913"></a><a class="indexterm" name="id377921"></a><a class="indexterm" name="id377929"></a><a class="indexterm" name="id377937"></a><a class="indexterm" name="id377945"></a><a class="indexterm" name="id377952"></a><a class="indexterm" name="id377960"></a>
+        </p><p><a class="indexterm" name="id376407"></a><a class="indexterm" name="id376414"></a><a class="indexterm" name="id376422"></a><a class="indexterm" name="id376430"></a><a class="indexterm" name="id376442"></a><a class="indexterm" name="id376450"></a><a class="indexterm" name="id376457"></a><a class="indexterm" name="id376465"></a><a class="indexterm" name="id376473"></a><a class="indexterm" name="id376481"></a><a class="indexterm" name="id376489"></a>
         There is a mistaken perception in the IT industry that commercial software providers are fully
         accountable for the defects in products. Open Source software comes with no warranty, so it is
 …
         commercial software vendors are willingly accountable for product defects. In many cases, the
         commercial vendor accepts liability only to reimburse the price paid for the software.
         </p><p><a class="indexterm" name="id377977"></a><a class="indexterm" name="id377985"></a><a class="indexterm" name="id377993"></a><a class="indexterm" name="id378001"></a><a class="indexterm" name="id378009"></a><a class="indexterm" name="id378016"></a>
+        </p><p><a class="indexterm" name="id376506"></a><a class="indexterm" name="id376514"></a><a class="indexterm" name="id376521"></a><a class="indexterm" name="id376529"></a><a class="indexterm" name="id376537"></a><a class="indexterm" name="id376545"></a>
         The real issues that a consumer (like you) needs answered are What is the way of escape from technical
         problems, and how long will it take? The average problem turnaround time in the Open Source community is
         approximately 48 hours. What does the EULA offer? What is the track record in the commercial software
         industry? What happens when your commercial vendor decides to cease providing support?
         </p><p><a class="indexterm" name="id378031"></a><a class="indexterm" name="id378039"></a><a class="indexterm" name="id378047"></a><a class="indexterm" name="id378055"></a><a class="indexterm" name="id378062"></a><a class="indexterm" name="id378070"></a><a class="indexterm" name="id378078"></a>
+        </p><p><a class="indexterm" name="id376560"></a><a class="indexterm" name="id376567"></a><a class="indexterm" name="id376575"></a><a class="indexterm" name="id376583"></a><a class="indexterm" name="id376591"></a><a class="indexterm" name="id376599"></a><a class="indexterm" name="id376606"></a>
         Open Source software at least puts you in possession of the source code. This means that when
         all else fails, you can hire a programmer to solve the problem.
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id378089"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id376618"></a>Technical Issues</h3></div></div></div><p>
                 Each issue is now discussed and, where appropriate, example implementation steps are
                 provided.
                 </p><div class="variablelist"><dl><dt><span class="term">Winbind and Security</span></dt><dd><p><a class="indexterm" name="id378109"></a><a class="indexterm" name="id378117"></a><a class="indexterm" name="id378125"></a><a class="indexterm" name="id378136"></a><a class="indexterm" name="id378144"></a><a class="indexterm" name="id378152"></a><a class="indexterm" name="id378160"></a><a class="indexterm" name="id378168"></a><a class="indexterm" name="id378175"></a><a class="indexterm" name="id378183"></a>
+                </p><div class="variablelist"><dl><dt><span class="term">Winbind and Security</span></dt><dd><p><a class="indexterm" name="id376638"></a><a class="indexterm" name="id376645"></a><a class="indexterm" name="id376653"></a><a class="indexterm" name="id376665"></a><a class="indexterm" name="id376672"></a><a class="indexterm" name="id376680"></a><a class="indexterm" name="id376688"></a><a class="indexterm" name="id376696"></a><a class="indexterm" name="id376704"></a><a class="indexterm" name="id376712"></a>
                                 Windows network administrators may be dismayed to find that <code class="literal">winbind</code>
                                 exposes all domain users so that they may use their domain account credentials to
 …
                                 UNIX/Linux server in their Network Neighborhood and can browse the shares on the
                                 server seems to excite them further.
                                 </p><p><a class="indexterm" name="id378204"></a><a class="indexterm" name="id378212"></a><a class="indexterm" name="id378220"></a><a class="indexterm" name="id378227"></a>
+                                </p><p><a class="indexterm" name="id376732"></a><a class="indexterm" name="id376740"></a><a class="indexterm" name="id376748"></a><a class="indexterm" name="id376756"></a>
                                 <code class="literal">winbind</code> provides for the UNIX/Linux domain member server or
                                 client, the same as one would obtain by adding a Microsoft Windows server or
 …
                                 and therefore requires handling a little differently from the familiar Windows systems.
                                 One must recognize fear of the unknown.
                                 </p><p><a class="indexterm" name="id378247"></a><a class="indexterm" name="id378255"></a><a class="indexterm" name="id378263"></a><a class="indexterm" name="id378271"></a><a class="indexterm" name="id378279"></a><a class="indexterm" name="id378290"></a>
+                                </p><p><a class="indexterm" name="id376776"></a><a class="indexterm" name="id376783"></a><a class="indexterm" name="id376791"></a><a class="indexterm" name="id376799"></a><a class="indexterm" name="id376807"></a><a class="indexterm" name="id376818"></a>
                                 Windows network administrators need to recognize that <code class="literal">winbind</code> does
                                 not, and cannot, override account controls set using the Active Directory management
                                 tools. The control is the same. Have no fear.
                                 </p><p><a class="indexterm" name="id378309"></a><a class="indexterm" name="id378317"></a><a class="indexterm" name="id378328"></a><a class="indexterm" name="id378336"></a><a class="indexterm" name="id378344"></a><a class="indexterm" name="id378352"></a><a class="indexterm" name="id378360"></a><a class="indexterm" name="id378368"></a><a class="indexterm" name="id378375"></a><a class="indexterm" name="id378383"></a>
+                                </p><p><a class="indexterm" name="id376837"></a><a class="indexterm" name="id376845"></a><a class="indexterm" name="id376856"></a><a class="indexterm" name="id376864"></a><a class="indexterm" name="id376872"></a><a class="indexterm" name="id376880"></a><a class="indexterm" name="id376888"></a><a class="indexterm" name="id376896"></a><a class="indexterm" name="id376904"></a><a class="indexterm" name="id376911"></a>
                                 Where Samba and the ADS domain account information obtained through the use of
                                 <code class="literal">winbind</code> permits access, by browsing or by the drive mapping to
 …
                                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Shares themselves (i.e., the logical share itself)</p></li><li class="listitem"><p>The share definition in <code class="filename">smb.conf</code></p></li><li class="listitem"><p>The shared directories and files using UNIX permissions</p></li><li class="listitem"><p>Using Windows 2000 ACLs  if the file system is POSIX enabled</p></li></ul></div><p>
                                 Examples of each are given in <a class="link" href="kerberos.html#ch10expl" title="Implementation">&#8220;Implementation&#8221;</a>.
                                 </p></dd><dt><span class="term">User and Group Controls</span></dt><dd><p><a class="indexterm" name="id378452"></a><a class="indexterm" name="id378460"></a><a class="indexterm" name="id378471"></a><a class="indexterm" name="id378483"></a><a class="indexterm" name="id378490"></a><a class="indexterm" name="id378498"></a><a class="indexterm" name="id378506"></a><a class="indexterm" name="id378514"></a><a class="indexterm" name="id378522"></a>
+                                </p></dd><dt><span class="term">User and Group Controls</span></dt><dd><p><a class="indexterm" name="id376981"></a><a class="indexterm" name="id376989"></a><a class="indexterm" name="id377000"></a><a class="indexterm" name="id377011"></a><a class="indexterm" name="id377019"></a><a class="indexterm" name="id377027"></a><a class="indexterm" name="id377035"></a><a class="indexterm" name="id377042"></a><a class="indexterm" name="id377050"></a>
                                 User and group management facilities as known in the Windows ADS environment may be
                                 used to provide equivalent access control constraints or to provide equivalent
 …
                                 Windows 200x/XP. For example, access controls on a Samba server may be set within
                                 the share definition in a manner for which Windows has no equivalent.
                                 </p><p><a class="indexterm" name="id378537"></a><a class="indexterm" name="id378545"></a><a class="indexterm" name="id378553"></a><a class="indexterm" name="id378561"></a><a class="indexterm" name="id378572"></a><a class="indexterm" name="id378580"></a><a class="indexterm" name="id378588"></a>
+                                </p><p><a class="indexterm" name="id377066"></a><a class="indexterm" name="id377074"></a><a class="indexterm" name="id377082"></a><a class="indexterm" name="id377089"></a><a class="indexterm" name="id377101"></a><a class="indexterm" name="id377109"></a><a class="indexterm" name="id377116"></a>
                                 In any serious analysis of system security, it is important to examine the safeguards
                                 that remain when all other protective measures fail. An administrator may inadvertently
 …
                                 possible to guard against that by enforcing controls on the share definition itself. You
                                 see a practical example of this a little later in this chapter.
                                 </p><p><a class="indexterm" name="id378610"></a><a class="indexterm" name="id378618"></a>
+                                </p><p><a class="indexterm" name="id377138"></a><a class="indexterm" name="id377146"></a>
                                 The report that is critical of Samba really ought to have exercised greater due
                                 diligence: the real weakness is on the side of a Microsoft Windows environment.
                                 </p></dd><dt><span class="term">Security Overall</span></dt><dd><p><a class="indexterm" name="id378638"></a>
+                                </p></dd><dt><span class="term">Security Overall</span></dt><dd><p><a class="indexterm" name="id377166"></a>
                                 Samba is designed in such a manner that weaknesses inherent in the design of
                                 Microsoft Windows networking ought not to expose the underlying UNIX/Linux file
                                 system in any way. All software has potential defects, and Samba is no exception.
                                 What matters more is how defects that are discovered get dealt with.
                                 </p><p><a class="indexterm" name="id378652"></a><a class="indexterm" name="id378660"></a><a class="indexterm" name="id378668"></a><a class="indexterm" name="id378676"></a>
+                                </p><p><a class="indexterm" name="id377180"></a><a class="indexterm" name="id377188"></a><a class="indexterm" name="id377196"></a><a class="indexterm" name="id377204"></a>
                                 The Samba Team totally agrees with the necessity to observe and fully implement
                                 every security facility to provide a level of protection and security that is necessary
 …
                                 security be publicly condoned; yet this is the practice by many Windows network
                                 administrators just to make happy users who have no notion of consequential risk.
                                 </p><p><a class="indexterm" name="id378691"></a><a class="indexterm" name="id378699"></a><a class="indexterm" name="id378707"></a><a class="indexterm" name="id378715"></a><a class="indexterm" name="id378723"></a><a class="indexterm" name="id378730"></a><a class="indexterm" name="id378738"></a>
+                                </p><p><a class="indexterm" name="id377220"></a><a class="indexterm" name="id377228"></a><a class="indexterm" name="id377235"></a><a class="indexterm" name="id377243"></a><a class="indexterm" name="id377251"></a><a class="indexterm" name="id377259"></a><a class="indexterm" name="id377267"></a>
                                 The report condemns Samba for releasing updates and security fixes, yet Microsoft
                                 online updates need to be applied almost weekly. The answer to the criticism
 …
                                 user needs are being increasingly met or exceeded, and security updates are issued
                                 with a short turnaround time.
                                 </p><p><a class="indexterm" name="id378753"></a><a class="indexterm" name="id378761"></a><a class="indexterm" name="id378768"></a><a class="indexterm" name="id378776"></a><a class="indexterm" name="id378784"></a>
+                                </p><p><a class="indexterm" name="id377281"></a><a class="indexterm" name="id377289"></a><a class="indexterm" name="id377297"></a><a class="indexterm" name="id377305"></a><a class="indexterm" name="id377313"></a>
                                 The release of Samba-4 is expected around late 2004 to early 2005 and involves a near
                                 complete rewrite to permit extensive modularization and to prepare Samba for new
 …
                                 degree of dependability and on charter development consistent with published
                                 roadmap projections.
                                 </p><p><a class="indexterm" name="id378803"></a><a class="indexterm" name="id378811"></a><a class="indexterm" name="id378822"></a><a class="indexterm" name="id378833"></a><a class="indexterm" name="id378841"></a><a class="indexterm" name="id378849"></a><a class="indexterm" name="id378857"></a>
+                                </p><p><a class="indexterm" name="id377331"></a><a class="indexterm" name="id377339"></a><a class="indexterm" name="id377351"></a><a class="indexterm" name="id377362"></a><a class="indexterm" name="id377370"></a><a class="indexterm" name="id377378"></a><a class="indexterm" name="id377385"></a>
                                 Not well published is the fact that Microsoft was a foundation member of
                                 the Common Internet File System (CIFS) initiative, together with the participation
 …
                                 CIFS conferences and at the interoperability laboratories run concurrently with
                                 them.
                                 </p></dd><dt><span class="term">Cryptographic Controls (schannel, sign'n'seal)</span></dt><dd><p><a class="indexterm" name="id378881"></a><a class="indexterm" name="id378889"></a><a class="indexterm" name="id378897"></a>
+                                </p></dd><dt><span class="term">Cryptographic Controls (schannel, sign'n'seal)</span></dt><dd><p><a class="indexterm" name="id377410"></a><a class="indexterm" name="id377418"></a><a class="indexterm" name="id377425"></a>
                                 The report correctly mentions that Samba did not support the most recent
                                 <code class="constant">schannel</code> and <code class="constant">digital sign'n'seal</code> features
 …
                                 pathology report  they reflect accurately (at best) status at a snapshot in time.
                                 Meanwhile, the world moves on.
                                 </p><p><a class="indexterm" name="id378923"></a><a class="indexterm" name="id378930"></a><a class="indexterm" name="id378938"></a><a class="indexterm" name="id378946"></a><a class="indexterm" name="id378953"></a><a class="indexterm" name="id378968"></a><a class="indexterm" name="id378976"></a>
+                                </p><p><a class="indexterm" name="id377451"></a><a class="indexterm" name="id377458"></a><a class="indexterm" name="id377466"></a><a class="indexterm" name="id377474"></a><a class="indexterm" name="id377482"></a><a class="indexterm" name="id377497"></a><a class="indexterm" name="id377505"></a>
                                 It should be pointed out that had clear public specifications for the protocols
                                 been published, it would have been much easier to implement these features and would have
 …
                                 and defensible standards is obvious to all and would have enabled more secure networking
                                 for everyone.
                                 </p><p><a class="indexterm" name="id378992"></a><a class="indexterm" name="id379000"></a>
+                                </p><p><a class="indexterm" name="id377520"></a><a class="indexterm" name="id377528"></a>
                                 Critics of Samba often ignore fundamental problems that may plague (or may have plagued)
                                 the users of Microsoft's products also. Those who are first to criticize Samba
 …
                                 Windows networking sites. From notes such as this it is clear that there are benefits
                                 from not rushing new technology out of the door too soon.
                                 </p><p><a class="indexterm" name="id379032"></a><a class="indexterm" name="id379040"></a><a class="indexterm" name="id379048"></a><a class="indexterm" name="id379056"></a><a class="indexterm" name="id379064"></a><a class="indexterm" name="id379072"></a><a class="indexterm" name="id379080"></a><a class="indexterm" name="id379088"></a><a class="indexterm" name="id379096"></a>
+                                </p><p><a class="indexterm" name="id377561"></a><a class="indexterm" name="id377569"></a><a class="indexterm" name="id377577"></a><a class="indexterm" name="id377585"></a><a class="indexterm" name="id377593"></a><a class="indexterm" name="id377600"></a><a class="indexterm" name="id377608"></a><a class="indexterm" name="id377616"></a><a class="indexterm" name="id377624"></a>
                                 One final comment is warranted. If companies want more secure networking protocols,
                                 the most effective method by which this can be achieved is by users seeking
 …
                                 help the consumer to make a better choice.
                                 </p></dd><dt><span class="term">Active Directory Replacement with Kerberos, LDAP, and Samba
                                         <a class="indexterm" name="id379116"></a><a class="indexterm" name="id379128"></a><a class="indexterm" name="id379136"></a><a class="indexterm" name="id379143"></a>
+                                        <a class="indexterm" name="id377645"></a><a class="indexterm" name="id377656"></a><a class="indexterm" name="id377664"></a><a class="indexterm" name="id377672"></a>
                         </span></dt><dd><p>
 …
                                 and yet by which they are made to interoperate in ways that the components do not
                                 support.
                                 </p><p><a class="indexterm" name="id379174"></a><a class="indexterm" name="id379185"></a><a class="indexterm" name="id379193"></a><a class="indexterm" name="id379201"></a><a class="indexterm" name="id379209"></a>
+                                </p><p><a class="indexterm" name="id377702"></a><a class="indexterm" name="id377714"></a><a class="indexterm" name="id377721"></a><a class="indexterm" name="id377729"></a><a class="indexterm" name="id377737"></a>
                                 In order to make the popular request for Samba to be an Active Directory Server a
                                 reality, it is necessary to add to OpenLDAP, Kerberos, as well as Samba, RPC calls
 …
                                 the Samba Team does not make it a priority to absorb Kerberos and LDAP functionality
                                 into the Samba project, this dream request cannot become a reality.
                                 </p><p><a class="indexterm" name="id379225"></a><a class="indexterm" name="id379233"></a><a class="indexterm" name="id379241"></a><a class="indexterm" name="id379252"></a><a class="indexterm" name="id379260"></a>
+                                </p><p><a class="indexterm" name="id377753"></a><a class="indexterm" name="id377761"></a><a class="indexterm" name="id377769"></a><a class="indexterm" name="id377780"></a><a class="indexterm" name="id377788"></a>
                                 At this time, the integration of LDAP, Kerberos, and the missing RPCs is not on the
                                 Samba development roadmap. If it is not on the published roadmap, it cannot be delivered
 …
                                 The Samba Team is most committed to permitting Samba to be a full ADS domain member
                                 that is increasingly capable of being managed using Microsoft Windows MMC tools.
                                 </p></dd></dl></div><div class="sect3" title="Kerberos Exposed"><div class="titlepage"><div><div><h4 class="title"><a name="id379276"></a>Kerberos Exposed</h4></div></div></div><p><a class="indexterm" name="id379282"></a><a class="indexterm" name="id379290"></a><a class="indexterm" name="id379298"></a>
+                                </p></dd></dl></div><div class="sect3" title="Kerberos Exposed"><div class="titlepage"><div><div><h4 class="title"><a name="id377804"></a>Kerberos Exposed</h4></div></div></div><p><a class="indexterm" name="id377810"></a><a class="indexterm" name="id377818"></a><a class="indexterm" name="id377826"></a>
         Kerberos is a network authentication protocol that provides secure authentication for
         client-server applications by using secret-key cryptography. Firewalls are an insufficient
 …
         traffic but cannot prevent network traffic that comes from authorized locations from
         performing unauthorized activities.
         </p><p><a class="indexterm" name="id379312"></a><a class="indexterm" name="id379320"></a><a class="indexterm" name="id379328"></a>
+        </p><p><a class="indexterm" name="id377841"></a><a class="indexterm" name="id377848"></a><a class="indexterm" name="id377856"></a>
         Kerberos was created by MIT as a solution to network security problems. The Kerberos protocol uses
         strong cryptography so that a client can prove its identity to a server (and vice versa) across an
 …
         they can also encrypt all of their communications to assure privacy and data integrity as they go
         about their business.
         </p><p><a class="indexterm" name="id379343"></a><a class="indexterm" name="id379351"></a><a class="indexterm" name="id379359"></a><a class="indexterm" name="id379367"></a><a class="indexterm" name="id379378"></a>
+        </p><p><a class="indexterm" name="id377871"></a><a class="indexterm" name="id377879"></a><a class="indexterm" name="id377887"></a><a class="indexterm" name="id377895"></a><a class="indexterm" name="id377906"></a>
         Kerberos is a trusted third-party service. That means that there is a third party (the kerberos
         server) that is trusted by all the entities on the network (users and services, usually called
 …
         trusting the kerberos server, users and services can authenticate each other.
         </p><p>
         <a class="indexterm" name="id379394"></a>
         <a class="indexterm" name="id379401"></a>
         <a class="indexterm" name="id379408"></a>
+        <a class="indexterm" name="id377922"></a>
+        <a class="indexterm" name="id377929"></a>
+        <a class="indexterm" name="id377936"></a>
         Kerberos was, until recently, a technology that was restricted from being exported from the United States.
         For many years that hindered global adoption of more secure networking technologies both within the United States
 …
         and use of Kerberos across the spectrum of the information technology industry.
         </p><p>
         <a class="indexterm" name="id379430"></a>
+        <a class="indexterm" name="id377958"></a>
         A storm has broken out concerning interoperability between MIT Kerberos and Microsofts' implementation
         of it. For example, a 2002
         <a class="ulink" href="http://www.idg.com.sg/idgwww.nsf/0/5DDA8D153A7505A748256BAB000D992A?OpenDocument" target="_top">IDG</a>
         report<sup>[<a name="id379447" href="#ftn.id379447" class="footnote">13</a>]</sup> by
+        report<sup>[<a name="id377975" href="#ftn.id377975" class="footnote">13</a>]</sup> by
         states:
         </p><div class="blockquote"><blockquote class="blockquote"><p>
 …
         use of the Kerberos authentication specification, not everyone agrees.
         </p><p>
         <a class="indexterm" name="id379470"></a>
+        <a class="indexterm" name="id377998"></a>
         Robert Short, vice president of Windows core technology at Microsoft, wrote in his direct testimony prepared
         before his appearance that non-Microsoft operating systems can disregard the portion of the Kerberos version
 …
         that software developers could add their own authorization information, he said.
         </p></blockquote></div><p>
         <a class="indexterm" name="id379488"></a>
         <a class="indexterm" name="id379494"></a>
+        <a class="indexterm" name="id378016"></a>
+        <a class="indexterm" name="id378022"></a>
         It so happens that Microsoft Windows clients depend on and expect the contents of the <span class="emphasis"><em>unspecified
         fields</em></span> in the Kerberos 5 communications data stream for their Windows interoperability,
 …
         <a class="ulink" href="http://www.microsoft.com/technet/itsolutions/interop/mgmt/kerberos.asp" target="_top">
         technet</a> article:
         </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id379523"></a><a class="indexterm" name="id379535"></a>
+        </p><div class="blockquote"><blockquote class="blockquote"><p><a class="indexterm" name="id378051"></a><a class="indexterm" name="id378063"></a>
         The DCE Security Services are also layered on the Kerberos protocol. DCE authentication services use RPC
         representation of Kerberos protocol messages. In addition, DCE uses the authorization data field in Kerberos
 …
         </p></blockquote></div></div></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ch10expl"></a>Implementation</h2></div></div></div><p>
         The following procedures outline the implementation of the security measures discussed so far.
         </p><div class="sect2" title="Share Access Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id379573"></a>Share Access Controls</h3></div></div></div><p><a class="indexterm" name="id379580"></a><a class="indexterm" name="id379588"></a><a class="indexterm" name="id379596"></a>
+        </p><div class="sect2" title="Share Access Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id378100"></a>Share Access Controls</h3></div></div></div><p><a class="indexterm" name="id378107"></a><a class="indexterm" name="id378115"></a><a class="indexterm" name="id378123"></a>
         Access control entries placed on the share itself act as a filter at the time a when CIFS/SMB client (such as
         Windows XP Pro) attempts to make a connection to the Samba server.
         </p><div class="procedure" title="Procedure 11.1. Create/Edit/Delete Share ACLs"><a name="id379607"></a><p class="title"><b>Procedure 11.1. Create/Edit/Delete Share ACLs</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id379617"></a><a class="indexterm" name="id379625"></a>
+        </p><div class="procedure" title="Procedure 11.1. Create/Edit/Delete Share ACLs"><a name="id378134"></a><p class="title"><b>Procedure 11.1. Create/Edit/Delete Share ACLs</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id378144"></a><a class="indexterm" name="id378152"></a>
                 From a Windows 200x/XP Professional workstation, log on to the domain using the Domain Administrator
                 account (on Samba domains, this is usually the account called <code class="constant">root</code>).
 …
                 In the left panel,
                 <span class="guimenu">[Right mouse menu item] Computer Management (Local)</span> &#8594; <span class="guimenuitem">Connect to another computer ...</span> &#8594; <span class="guimenuitem">Browse...</span> &#8594; <span class="guimenuitem">Advanced</span> &#8594; <span class="guimenuitem">Find Now</span>. In the lower panel, click on the name of the server you wish to
                 administer. Click <span class="guimenu">OK</span> &#8594; <span class="guimenuitem">OK</span> &#8594; <span class="guimenuitem">OK</span>.<a class="indexterm" name="id379745"></a>
+                administer. Click <span class="guimenu">OK</span> &#8594; <span class="guimenuitem">OK</span> &#8594; <span class="guimenuitem">OK</span>.<a class="indexterm" name="id378272"></a>
                 In the left panel, the entry <span class="guimenu">Computer Management (Local)</span> should now reflect
                 the change made. For example, if the server you are administering is called <code class="constant">FRODO</code>,
 …
                 </p></li><li class="step" title="Step 4"><p>
                 In the left panel, click <span class="guimenu">Computer Management (FRODO)</span> &#8594; <span class="guimenuitem">[+] Shared Folders</span> &#8594; <span class="guimenuitem">Shares</span>.
                 </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id379806"></a><a class="indexterm" name="id379814"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id378334"></a><a class="indexterm" name="id378342"></a>
                 In the right panel, double-click on the share on which you wish to set/edit ACLs. This
                 will bring up the Properties panel. Click the <span class="guimenu">Share Permissions</span> tab.
                 </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id379836"></a><a class="indexterm" name="id379844"></a><a class="indexterm" name="id379852"></a><a class="indexterm" name="id379860"></a><a class="indexterm" name="id379868"></a><a class="indexterm" name="id379875"></a>
+                </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id378363"></a><a class="indexterm" name="id378371"></a><a class="indexterm" name="id378379"></a><a class="indexterm" name="id378387"></a><a class="indexterm" name="id378395"></a><a class="indexterm" name="id378403"></a>
                 You may now edit/add/remove access control settings. Be very careful. Many problems have been
                 created by people who decided that everyone should be rejected but one particular group should
 …
                 When you are done with editing, close all panels by clicking through the <span class="guimenu">OK</span>
                 buttons.
                 </p></li></ol></div></div><div class="sect2" title="Share Definition Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id379908"></a>Share Definition Controls</h3></div></div></div><p><a class="indexterm" name="id379914"></a><a class="indexterm" name="id379926"></a><a class="indexterm" name="id379934"></a><a class="indexterm" name="id379942"></a><a class="indexterm" name="id379949"></a><a class="indexterm" name="id379957"></a>
+                </p></li></ol></div></div><div class="sect2" title="Share Definition Controls"><div class="titlepage"><div><div><h3 class="title"><a name="id378435"></a>Share Definition Controls</h3></div></div></div><p><a class="indexterm" name="id378442"></a><a class="indexterm" name="id378453"></a><a class="indexterm" name="id378461"></a><a class="indexterm" name="id378469"></a><a class="indexterm" name="id378477"></a><a class="indexterm" name="id378484"></a>
         Share-definition-based access controls can be used like a checkpoint or like a pile-driver. Just as a
         checkpoint can be used to require someone who wants to get through to meet certain requirements, so
 …
         credential-related objectives, the user can be granted powers and privileges that would not normally be
         available under default settings.
         </p><p><a class="indexterm" name="id379973"></a><a class="indexterm" name="id379981"></a><a class="indexterm" name="id379989"></a><a class="indexterm" name="id379997"></a>
+        </p><p><a class="indexterm" name="id378500"></a><a class="indexterm" name="id378508"></a><a class="indexterm" name="id378516"></a><a class="indexterm" name="id378524"></a>
         It must be emphasized that the controls discussed here can act as a filter or give rights of passage
         that act as a superstructure over normal directory and file access controls. However, share-level
 …
         share-level controls to get to the share-definition controls. The proper hierarchy of controls implemented
         by Samba and Windows networking consists of:
         </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Share-level ACLs</p></li><li class="listitem"><p>Share-definition controls</p></li><li class="listitem"><p>Directory and file permissions</p></li><li class="listitem"><p>Directory and file POSIX ACLs</p></li></ol></div><div class="sect3" title="Checkpoint Controls"><div class="titlepage"><div><div><h4 class="title"><a name="id380037"></a>Checkpoint Controls</h4></div></div></div><p><a class="indexterm" name="id380044"></a>
+        </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>Share-level ACLs</p></li><li class="listitem"><p>Share-definition controls</p></li><li class="listitem"><p>Directory and file permissions</p></li><li class="listitem"><p>Directory and file POSIX ACLs</p></li></ol></div><div class="sect3" title="Checkpoint Controls"><div class="titlepage"><div><div><h4 class="title"><a name="id378564"></a>Checkpoint Controls</h4></div></div></div><p><a class="indexterm" name="id378571"></a>
         Consider the following extract from a <code class="filename">smb.conf</code> file defining the share called <code class="constant">Apps</code>:
 </p><pre class="screen">
 …
         This definition permits only those who are members of the group called <code class="constant">Employees</code> to
         access the share.
         </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p><a class="indexterm" name="id380077"></a><a class="indexterm" name="id380088"></a><a class="indexterm" name="id380096"></a><a class="indexterm" name="id380104"></a><a class="indexterm" name="id380112"></a>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p><a class="indexterm" name="id378604"></a><a class="indexterm" name="id378616"></a><a class="indexterm" name="id378624"></a><a class="indexterm" name="id378632"></a><a class="indexterm" name="id378639"></a>
         On domain member servers and clients, even when the <em class="parameter"><code>winbind use default domain</code></em> has
         been specified, the use of domain accounts in security controls requires fully qualified domain specification,
 …
         Note the necessity to use the double quotes to avoid having the space in the Windows group name interpreted as a
         delimiter.
         </p></div><p><a class="indexterm" name="id380145"></a><a class="indexterm" name="id380152"></a><a class="indexterm" name="id380160"></a>
+        </p></div><p><a class="indexterm" name="id378672"></a><a class="indexterm" name="id378679"></a><a class="indexterm" name="id378687"></a>
         If there is an ACL on the share itself to permit read/write access for all <code class="constant">Employees</code>
         as well as read/write for the group <code class="constant">Doctors</code>, both groups are permitted through
 …
         the group <code class="constant">Doctors</code>, who is not also a member of the group <code class="constant">Employees</code>,
         would immediately fail to validate.
         </p><p><a class="indexterm" name="id380188"></a>
+        </p><p><a class="indexterm" name="id378715"></a>
         Consider another example. In this case, you want to permit all members of the group <code class="constant">Employees</code>
         except the user <code class="constant">patrickj</code> to access the <code class="constant">Apps</code> share. This can be
 …
         invalid users = patrickj
 </pre><p>
             <a class="indexterm" name="id380224"></a>
+            <a class="indexterm" name="id378751"></a>
         Let us assume that you want to permit the user <code class="constant">gbshaw</code> to manage any file in the
         UNIX/Linux file system directory <code class="filename">/data/apps</code>, but you do not want to grant any write
 …
         admin users = gbshaw
 </pre><p>
             <a class="indexterm" name="id380251"></a>
+            <a class="indexterm" name="id378779"></a>
         Now we have a set of controls that permits only <code class="constant">Employees</code> who are also members of
         the group <code class="constant">Doctors</code>, excluding the user <code class="constant">patrickj</code>, to have
 …
         write list = peters
 </pre><p>
             <a class="indexterm" name="id380303"></a>
+            <a class="indexterm" name="id378830"></a>
         This is a particularly complex example at this point, but it begins to demonstrate the possibilities.
         You should refer to the online manual page for the <code class="filename">smb.conf</code> file for more information regarding
         the checkpoint controls that Samba implements.
         </p></div><div class="sect3" title="Override Controls"><div class="titlepage"><div><div><h4 class="title"><a name="id380322"></a>Override Controls</h4></div></div></div><p><a class="indexterm" name="id380328"></a>
+        </p></div><div class="sect3" title="Override Controls"><div class="titlepage"><div><div><h4 class="title"><a name="id378849"></a>Override Controls</h4></div></div></div><p><a class="indexterm" name="id378856"></a>
         Override controls implemented by Samba permit actions like the adoption of a different identity
         during file system operations, the forced overwriting of normal file and directory permissions,
 …
         force group = Mentors
 </pre><p>
             <a class="indexterm" name="id380366"></a><a class="indexterm" name="id380374"></a>
+            <a class="indexterm" name="id378893"></a><a class="indexterm" name="id378901"></a>
         That is all there is to it. Well, it is almost that simple. The downside of this method is that
         users are logged onto the Windows client as themselves, and then immediately before accessing the
 …
         This imposes significant overhead on Samba. The alternative way to effectively achieve the same result
         (but with lower system CPU overheads) is described next.
         </p><p><a class="indexterm" name="id380389"></a><a class="indexterm" name="id380397"></a><a class="indexterm" name="id380405"></a><a class="indexterm" name="id380416"></a><a class="indexterm" name="id380424"></a>
+        </p><p><a class="indexterm" name="id378917"></a><a class="indexterm" name="id378924"></a><a class="indexterm" name="id378932"></a><a class="indexterm" name="id378944"></a><a class="indexterm" name="id378952"></a>
         The use of the <em class="parameter"><code>force user</code></em> or the <em class="parameter"><code>force group</code></em> may
         also have a severe impact on system (particularly on Windows client) performance. If opportunistic
 …
         apparent performance degradation as the client continually attempts to reconnect to overcome the
         effect of the lost <code class="constant">oplock break</code>, or time-out.
         </p></div></div><div class="sect2" title="Share Point Directory and File Permissions"><div class="titlepage"><div><div><h3 class="title"><a name="id380465"></a>Share Point Directory and File Permissions</h3></div></div></div><p><a class="indexterm" name="id380472"></a><a class="indexterm" name="id380480"></a><a class="indexterm" name="id380488"></a><a class="indexterm" name="id380496"></a>
+        </p></div></div><div class="sect2" title="Share Point Directory and File Permissions"><div class="titlepage"><div><div><h3 class="title"><a name="id378992"></a>Share Point Directory and File Permissions</h3></div></div></div><p><a class="indexterm" name="id378999"></a><a class="indexterm" name="id379007"></a><a class="indexterm" name="id379015"></a><a class="indexterm" name="id379023"></a>
         Samba has been designed and implemented so that it respects as far as is feasible the security and
         user privilege controls that are built into the UNIX/Linux operating system. Samba does nothing
 …
         from a basic UNIX training guide. Instead, one common example of a typical problem is used
         to demonstrate the most effective solution referred to in the immediately preceding paragraph.
         </p><p><a class="indexterm" name="id380512"></a><a class="indexterm" name="id380520"></a><a class="indexterm" name="id380528"></a>
+        </p><p><a class="indexterm" name="id379040"></a><a class="indexterm" name="id379048"></a><a class="indexterm" name="id379055"></a>
         One of the common issues that repeatedly pops up on the Samba mailing lists involves the saving of
         Microsoft Office files (Word and Excel) to a network drive. Here is the typical sequence:
 …
         want to know when this <span class="quote">&#8220;<span class="quote">bug</span>&#8221;</span> will be fixed. The fact is, this is not a bug in Samba at all.
         Here is the real sequence of what happens in this case.
         </p><p><a class="indexterm" name="id380609"></a><a class="indexterm" name="id380617"></a><a class="indexterm" name="id380624"></a>
+        </p><p><a class="indexterm" name="id379136"></a><a class="indexterm" name="id379143"></a><a class="indexterm" name="id379151"></a>
         When the user saves a file, MS Word creates a new (temporary) file. This file is naturally owned
         by the user who creates the file (<code class="constant">billc</code>) and has the permissions that follow
 …
         simple steps to create a share in which all files will consistently be owned by the same user and the
         same group:
         </p><div class="procedure" title="Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership"><a name="id380661"></a><p class="title"><b>Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership"><a name="id379188"></a><p class="title"><b>Procedure 11.2. Using Directory Permissions to Force File User and Group Ownership</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Change your share definition so that it matches this pattern:
 </p><pre class="screen">
 …
         read only = No
 </pre><p>
                 </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id380685"></a><a class="indexterm" name="id380696"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id379212"></a><a class="indexterm" name="id379223"></a>
                 Set consistent user and group permissions recursively down the directory tree as shown here:
 </p><pre class="screen">
 <code class="prompt">root# </code> chown -R janetp.users /usr/data/finance
 </pre><p>
                 </p></li><li class="step" title="Step 3"><p><a class="indexterm" name="id380727"></a>
+                </p></li><li class="step" title="Step 3"><p><a class="indexterm" name="id379254"></a>
                 Set the files and directory permissions to be read/write for owner and group, and not accessible
                 to others (everyone), using the following command:
 …
 <code class="prompt">root# </code> chmod ug+rwx,o-rwx /usr/data/finance
 </pre><p>
                 </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id380754"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id379281"></a>
                 Set the SGID (supergroup) bit on all directories from the top down. This means all files
                 can be created with the permissions of the group set on the directory. It means all users
 …
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id380791"></a><a class="indexterm" name="id380799"></a><a class="indexterm" name="id380807"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id379318"></a><a class="indexterm" name="id379326"></a><a class="indexterm" name="id379334"></a>
                 Make sure all users that must have read/write access to the directory have
                 <code class="constant">finance</code> group membership as their primary group,
                 for example, the group they belong to in <code class="filename">/etc/passwd</code>.
                 </p></li></ol></div></div><div class="sect2" title="Managing Windows 200x ACLs"><div class="titlepage"><div><div><h3 class="title"><a name="id380830"></a>Managing Windows 200x ACLs</h3></div></div></div><p><a class="indexterm" name="id380837"></a><a class="indexterm" name="id380845"></a><a class="indexterm" name="id380853"></a><a class="indexterm" name="id380860"></a>
+                </p></li></ol></div></div><div class="sect2" title="Managing Windows 200x ACLs"><div class="titlepage"><div><div><h3 class="title"><a name="id379357"></a>Managing Windows 200x ACLs</h3></div></div></div><p><a class="indexterm" name="id379364"></a><a class="indexterm" name="id379372"></a><a class="indexterm" name="id379379"></a><a class="indexterm" name="id379387"></a>
         Samba must translate Windows 2000 ACLs to UNIX POSIX ACLs. This has some interesting side effects because
         there is not a one-to-one equivalence between them. The as-close-as-possible ACLs match means
 …
         There are two possible ways to set ACLs on UNIX/Linux file systems from a Windows network workstation,
         either via File Manager or via the Microsoft Management Console (MMC) Computer Management interface.
         </p><div class="sect3" title="Using the MMC Computer Management Interface"><div class="titlepage"><div><div><h4 class="title"><a name="id380879"></a>Using the MMC Computer Management Interface</h4></div></div></div><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="sect3" title="Using the MMC Computer Management Interface"><div class="titlepage"><div><div><h4 class="title"><a name="id379406"></a>Using the MMC Computer Management Interface</h4></div></div></div><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 From a Windows 200x/XP Professional workstation, log on to the domain using the Domain Administrator
                 account (on Samba domains, this is usually the account called <code class="constant">root</code>).
 …
                 </p></li><li class="step" title="Step 4"><p>
                 In the left panel, click <span class="guimenu">Computer Management (FRODO)</span> &#8594; <span class="guimenuitem">[+] Shared Folders</span> &#8594; <span class="guimenuitem">Shares</span>.
                 </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id381056"></a><a class="indexterm" name="id381064"></a><a class="indexterm" name="id381072"></a><a class="indexterm" name="id381080"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id379583"></a><a class="indexterm" name="id379591"></a><a class="indexterm" name="id379599"></a><a class="indexterm" name="id379606"></a>
                 In the right panel, double-click on the share on which you wish to set/edit ACLs. This
                 brings up the Properties panel. Click the <span class="guimenu">Security</span> tab. It is best
 …
                 functionality under the <code class="constant">Permissions</code> tab can be utilized with respect
                 to a Samba domain server.
                 </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id381116"></a><a class="indexterm" name="id381124"></a>
+                </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id379643"></a><a class="indexterm" name="id379651"></a>
                 You may now edit/add/remove access control settings. Be very careful. Many problems have been
                 created by people who decided that everyone should be rejected but one particular group should
 …
                 When you are done with editing, close all panels by clicking through the <span class="guimenu">OK</span>
                 buttons until the last panel closes.
                 </p></li></ol></div></div><div class="sect3" title="Using MS Windows Explorer (File Manager)"><div class="titlepage"><div><div><h4 class="title"><a name="id381156"></a>Using MS Windows Explorer (File Manager)</h4></div></div></div><p>
+                </p></li></ol></div></div><div class="sect3" title="Using MS Windows Explorer (File Manager)"><div class="titlepage"><div><div><h4 class="title"><a name="id379683"></a>Using MS Windows Explorer (File Manager)</h4></div></div></div><p>
         The following alternative method may be used from a Windows workstation. In this example we work
         with a domain called <code class="constant">MEGANET</code>, a server called <code class="constant">MASSIVE</code>, and a
 …
                 Click <span class="guimenu">Start</span> &#8594; <span class="guimenuitem">[right-click] My Computer</span> &#8594; <span class="guimenuitem">Explore</span> &#8594; <span class="guimenuitem">[left panel] [+] My Network Places</span> &#8594; <span class="guimenuitem">[+] Entire Network</span> &#8594; <span class="guimenuitem">[+] Microsoft Windows Network</span> &#8594; <span class="guimenuitem">[+] Meganet</span> &#8594; <span class="guimenuitem">[+] Massive</span> &#8594; <span class="guimenuitem">[right-click] Apps</span> &#8594; <span class="guimenuitem">Properties</span> &#8594; <span class="guimenuitem">Security</span> &#8594; <span class="guimenuitem">Advanced</span>. This opens a panel that has four tabs. Only the functionality under the
                 <code class="constant">Permissions</code> tab can be utilized for a Samba domain server.
                 </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id381277"></a><a class="indexterm" name="id381285"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id379804"></a><a class="indexterm" name="id379812"></a>
                 You may now edit/add/remove access control settings. Be very careful. Many problems have been
                 created by people who decided that everyone should be rejected but one particular group should
 …
                 When you are done with editing, close all panels by clicking through the <span class="guimenu">OK</span>
                 buttons until the last panel closes.
                 </p></li></ol></div></div><div class="sect3" title="Setting Posix ACLs in UNIX/Linux"><div class="titlepage"><div><div><h4 class="title"><a name="id381318"></a>Setting Posix ACLs in UNIX/Linux</h4></div></div></div><p><a class="indexterm" name="id381325"></a><a class="indexterm" name="id381333"></a>
+                </p></li></ol></div></div><div class="sect3" title="Setting Posix ACLs in UNIX/Linux"><div class="titlepage"><div><div><h4 class="title"><a name="id379845"></a>Setting Posix ACLs in UNIX/Linux</h4></div></div></div><p><a class="indexterm" name="id379852"></a><a class="indexterm" name="id379860"></a>
         Yet another alternative method for setting desired security settings on the shared resource files and
         directories can be achieved by logging into UNIX/Linux and setting POSIX ACLs directly using command-line
 …
 other::r-x
 </pre><p>
                 </p></li><li class="step" title="Step 3"><p><a class="indexterm" name="id381401"></a>
+                </p></li><li class="step" title="Step 3"><p><a class="indexterm" name="id379928"></a>
                 You want to add permission for <code class="constant">AppsMgrs</code> to enable them to
                 manage the applications (apps) share. It is important to set the ACL recursively
 …
 </pre><p>
                 This confirms that the change of POSIX ACL permissions has been effective.
                 </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id381451"></a><a class="indexterm" name="id381459"></a><a class="indexterm" name="id381467"></a><a class="indexterm" name="id381475"></a><a class="indexterm" name="id381483"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id379978"></a><a class="indexterm" name="id379986"></a><a class="indexterm" name="id379994"></a><a class="indexterm" name="id380002"></a><a class="indexterm" name="id380010"></a>
                 It is highly recommended that you read the online manual page for the <code class="literal">setfacl</code>
                 and <code class="literal">getfacl</code> commands. This provides information regarding how to set/read the default
                 ACLs and how that may be propagated through the directory tree. In Windows ACLs terms, this is the equivalent
                 of setting <code class="constant">inheritance</code> properties.
                 </p></li></ol></div></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id381514"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id380041"></a>Key Points Learned</h3></div></div></div><p>
                 The mish-mash of issues were thrown together into one chapter because it seemed like a good idea.
                 Looking back, this chapter could be broken into two, but it's too late now. It has been done.
                 The highlights covered are as follows:
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id381529"></a><a class="indexterm" name="id381537"></a><a class="indexterm" name="id381545"></a><a class="indexterm" name="id381553"></a>
+                </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id380056"></a><a class="indexterm" name="id380064"></a><a class="indexterm" name="id380072"></a><a class="indexterm" name="id380080"></a>
                         Winbind honors and does not override account controls set in Active Directory.
                         This means that password change, logon hours, and so on, are (or soon will be) enforced
 …
                         change is enforced. At this time, if logon hours expire, the user is not forcibly
                         logged off. That may be implemented at some later date.
                         </p></li><li class="listitem"><p><a class="indexterm" name="id381568"></a><a class="indexterm" name="id381576"></a>
+                        </p></li><li class="listitem"><p><a class="indexterm" name="id380096"></a><a class="indexterm" name="id380103"></a>
                         Sign'n'seal (plus schannel support) has been implemented in Samba-3. Beware of potential
                         problems acknowledged by Microsoft as having been fixed but reported by some as still
                         possibly an open issue.
                         </p></li><li class="listitem"><p><a class="indexterm" name="id381590"></a><a class="indexterm" name="id381598"></a><a class="indexterm" name="id381606"></a><a class="indexterm" name="id381614"></a>
+                        </p></li><li class="listitem"><p><a class="indexterm" name="id380117"></a><a class="indexterm" name="id380125"></a><a class="indexterm" name="id380133"></a><a class="indexterm" name="id380141"></a>
                         The combination of Kerberos 5, plus OpenLDAP, plus Samba, cannot replace Microsoft
                         Active Directory. The possibility to do this is not planned in the current Samba-3
 …
                         the four key methodologies was reviewed with specific reference to example deployment
                         techniques.
                         </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id381636"></a>Questions and Answers</h2></div></div></div><p>
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id381645"></a><dl><dt> <a href="kerberos.html#id381651">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id380163"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id380172"></a><dl><dt> <a href="kerberos.html#id380179">
                 Does Samba-3 require the Sign'n'seal registry hacks needed by Samba-2?
                 </a></dt><dt> <a href="kerberos.html#id381720">
+                </a></dt><dt> <a href="kerberos.html#id380247">
                 Does Samba-3 support Active Directory?
                 </a></dt><dt> <a href="kerberos.html#id381747">
+                </a></dt><dt> <a href="kerberos.html#id380274">
                 When Samba-3 is used with Active Directory, is it necessary to run mixed-mode operation, as was
                 necessary with Samba-2?
                 </a></dt><dt> <a href="kerberos.html#id381782">
+                </a></dt><dt> <a href="kerberos.html#id380310">
                 Is it safe to set share-level access controls in Samba?
                 </a></dt><dt> <a href="kerberos.html#id381809">
+                </a></dt><dt> <a href="kerberos.html#id380336">
                 Is it mandatory to set share ACLs to get a secure Samba-3 server?
                 </a></dt><dt> <a href="kerberos.html#id381882">
+                </a></dt><dt> <a href="kerberos.html#id380409">
                 The valid users did not work on the [homes].
                 Has this functionality been restored yet?
                 </a></dt><dt> <a href="kerberos.html#id381944">
+                </a></dt><dt> <a href="kerberos.html#id380472">
                 Is the bias against use of the force user and force group
                 really warranted?
                 </a></dt><dt> <a href="kerberos.html#id382006">
+                </a></dt><dt> <a href="kerberos.html#id380533">
                 The example given for file and directory access control forces all files to be owned by one
                 particular user. I do not like that. Is there any way I can see who created the file?
                 </a></dt><dt> <a href="kerberos.html#id382050">
+                </a></dt><dt> <a href="kerberos.html#id380576">
                 In the book, &#8220;The Official Samba-3 HOWTO and Reference Guide&#8221;, you recommended use
                 of the Windows NT4 Server Manager (part of the SRVTOOLS.EXE) utility. Why
                 have you mentioned only the use of the Windows 200x/XP MMC Computer Management utility?
                 </a></dt><dt> <a href="kerberos.html#id382110">
+                </a></dt><dt> <a href="kerberos.html#id380636">
                 I tried to set valid users = @Engineers, but it does not work. My Samba
                 server is an Active Directory domain member server. Has this been fixed now?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id381651"></a><a name="id381654"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381657"></a><a class="indexterm" name="id381665"></a>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id380179"></a><a name="id380181"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380184"></a><a class="indexterm" name="id380192"></a>
                 Does Samba-3 require the <code class="constant">Sign'n'seal</code> registry hacks needed by Samba-2?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381683"></a><a class="indexterm" name="id381691"></a><a class="indexterm" name="id381699"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380210"></a><a class="indexterm" name="id380218"></a><a class="indexterm" name="id380226"></a>
                 No. Samba-3 fully supports <code class="constant">Sign'n'seal</code> as well as <code class="constant">schannel</code>
                 operation. The registry change should not be applied when Samba-3 is used as a domain controller.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381720"></a><a name="id381722"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380247"></a><a name="id380249"></a></td><td align="left" valign="top"><p>
                 Does Samba-3 support Active Directory?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381732"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380259"></a>
                 Yes. Samba-3 can be a fully participating native mode Active Directory client. Samba-3 does not
                 provide Active Directory services. It cannot be used to replace a Microsoft Active Directory
                 server implementation. Samba-3 can function as an Active Directory client (workstation) toolkit,
                 and it can function as an Active Directory domain member server.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381747"></a><a name="id381749"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381752"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380274"></a><a name="id380276"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380280"></a>
                 When Samba-3 is used with Active Directory, is it necessary to run mixed-mode operation, as was
                 necessary with Samba-2?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381768"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380295"></a>
                 No. Samba-3 can be used with NetBIOS over TCP/IP disabled, just as can be done with Windows 200x
                 Server and 200x/XPPro client products. It is no longer necessary to run mixed-mode operation,
                 because Samba-3 can join a native Windows 2003 Server ADS domain.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381782"></a><a name="id381785"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381788"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380310"></a><a name="id380312"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380315"></a>
                 Is it safe to set share-level access controls in Samba?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 very mature technology. Not enough sites make use of this powerful capability, neither on
                 Windows server or with Samba servers.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381809"></a><a name="id381811"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381814"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380336"></a><a name="id380338"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380342"></a>
                 Is it mandatory to set share ACLs to get a secure Samba-3 server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381829"></a><a class="indexterm" name="id381837"></a><a class="indexterm" name="id381845"></a><a class="indexterm" name="id381853"></a><a class="indexterm" name="id381861"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380357"></a><a class="indexterm" name="id380364"></a><a class="indexterm" name="id380372"></a><a class="indexterm" name="id380380"></a><a class="indexterm" name="id380388"></a>
                 No. Samba-3 honors UNIX/Linux file system security, supports Windows 200x ACLs, and provides
                 means of securing shares through share definition controls in the <code class="filename">smb.conf</code> file. The additional
                 support for share-level ACLs is like frosting on the cake. It adds to security but is not essential
                 to it.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381882"></a><a name="id381884"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381887"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380409"></a><a name="id380411"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380414"></a>
                 The <em class="parameter"><code>valid users</code></em> did not work on the <em class="parameter"><code>[homes]</code></em>.
                 Has this functionality been restored yet?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381914"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380441"></a>
                 Yes. This was fixed in Samba-3.0.2. The use of this parameter is strongly recommended as a safeguard
                 on the <em class="parameter"><code>[homes]</code></em> meta-service. The correct way to specify this is:
                 <a class="link" href="smb.conf.5.html#VALIDUSERS" target="_top">valid users = %S</a>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id381944"></a><a name="id381947"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id381950"></a><a class="indexterm" name="id381958"></a><a class="indexterm" name="id381966"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380472"></a><a name="id380474"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380477"></a><a class="indexterm" name="id380485"></a><a class="indexterm" name="id380493"></a>
                 Is the bias against use of the <em class="parameter"><code>force user</code></em> and <em class="parameter"><code>force group</code></em>
                 really warranted?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id381992"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380519"></a>
                 There is no bias. There is a determination to recommend the right tool for the task at hand.
                 After all, it is better than putting users through performance problems, isn't it?
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id382006"></a><a name="id382008"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380533"></a><a name="id380535"></a></td><td align="left" valign="top"><p>
                 The example given for file and directory access control forces all files to be owned by one
                 particular user. I do not like that. Is there any way I can see who created the file?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id382019"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380546"></a>
                 Sure. You do not have to set the SUID bit on the directory. Simply execute the following command
                 to permit file ownership to be retained by the user who created it:
 …
                 Note that this required no more than removing the <code class="constant">u</code> argument so that the
                 SUID bit is not set for the owner.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id382050"></a><a name="id382052"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id382055"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380576"></a><a name="id380578"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380581"></a>
                 In the book, <span class="quote">&#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide</span>&#8221;</span>, you recommended use
                 of the Windows NT4 Server Manager (part of the <code class="filename">SRVTOOLS.EXE</code>) utility. Why
                 have you mentioned only the use of the Windows 200x/XP MMC Computer Management utility?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id382081"></a><a class="indexterm" name="id382088"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id380607"></a><a class="indexterm" name="id380614"></a>
                 Either tool can be used with equal effect. There is no benefit of one over the other, except that
                 the MMC utility is present on all Windows 200x/XP systems and does not require additional software
 …
                 Samba-controlled domain, the only tool that permits that is the NT4 Domain User Manager, which
                 is provided as part of the <code class="filename">SRVTOOLS.EXE</code> utility.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id382110"></a><a name="id382112"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id382116"></a><a class="indexterm" name="id382123"></a><a class="indexterm" name="id382130"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id380636"></a><a name="id380638"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id380642"></a><a class="indexterm" name="id380649"></a><a class="indexterm" name="id380657"></a>
                 I tried to set <em class="parameter"><code>valid users = @Engineers</code></em>, but it does not work. My Samba
                 server is an Active Directory domain member server. Has this been fixed now?
 …
                 The use of this parameter has always required the full specification of the domain account, for
                 example, <em class="parameter"><code>valid users = @"MEGANET2\Domain Admins"</code></em>.
                 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id377221" href="#id377221" class="para">12</a>] </sup>This report is entirely fictitious.
                         Any resemblance to a factual report is purely coincidental.</p></div><div class="footnote"><p><sup>[<a name="ftn.id379447" href="#id379447" class="para">13</a>] </sup>Note: This link is no longer active. The same article is still
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id375749" href="#id375749" class="para">12</a>] </sup>This report is entirely fictitious.
+                        Any resemblance to a factual report is purely coincidental.</p></div><div class="footnote"><p><sup>[<a name="ftn.id377975" href="#id377975" class="para">13</a>] </sup>Note: This link is no longer active. The same article is still
                         available from <a class="ulink" href="http://199.105.191.226/Man/2699/020430msdoj/" target="_top">ITWorld.com</a> (July 5, 2005)</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="RefSection.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="DomApps.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part III. Reference Section </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 12. Integrating Additional Services</td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/net2000users.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. A Distributed 2000-User Network</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="happy.html" title="Chapter 5. Making Happy Users"><link rel="next" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. A Distributed 2000-User Network</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="happy.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="DMSMig.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 6. A Distributed 2000-User Network"><div class="titlepage"><div><div><h2 class="title"><a name="net2000users"></a>Chapter 6. A Distributed 2000-User Network</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="net2000users.html#id352846">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id352871">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352928">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id353175">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id353997">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id354011">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id357027">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id357166">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. A Distributed 2000-User Network</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="happy.html" title="Chapter 5. Making Happy Users"><link rel="next" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. A Distributed 2000-User Network</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="happy.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="DMSMig.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 6. A Distributed 2000-User Network"><div class="titlepage"><div><div><h2 class="title"><a name="net2000users"></a>Chapter 6. A Distributed 2000-User Network</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="net2000users.html#id351371">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id351396">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id351452">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id351698">Technical Issues</a></span></dt><dt><span class="sect2"><a href="net2000users.html#id352520">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id352534">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="net2000users.html#id355551">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="net2000users.html#id355690">Questions and Answers</a></span></dt></dl></div><p>
 There is something indeed mystical about things that are
 big. Large networks exhibit a certain magnetism and exude a sense of
 …
 specifics of implementing LDAP changes, Samba changes, and approach and
 design of the solution and its deployment.
 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352846"></a>Introduction</h2></div></div></div><p>
+</p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id351371"></a>Introduction</h2></div></div></div><p>
 Abmas is a miracle company. Most businesses would have collapsed under
 the weight of rapid expansion that this company has experienced. Samba
 …
 Samba server just to change the way your network should function.
 </p><p>
 <a class="indexterm" name="id352861"></a>
+<a class="indexterm" name="id351386"></a>
 Network growth is common to all organizations. In this exercise,
 your preoccupation is with the mechanics of implementing Samba and
 LDAP so that network users on each network segment can work
 without impediment.
 </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id352871"></a>Assignment Tasks</h3></div></div></div><p>
+</p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id351396"></a>Assignment Tasks</h3></div></div></div><p>
         Starting with the configuration files for the server called
         <code class="constant">MASSIVE</code> in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you now deal with the
 …
         alternatives, and then design and implement a solution.
         </p><p>
         <a class="indexterm" name="id352896"></a>
+        <a class="indexterm" name="id351421"></a>
         Remember, you have users based in London (UK), Los Angeles,
         Washington. DC, and, three buildings in New York. A significant portion
 …
         DirectPointe. Your concern is server maintenance and third-level
         support. Build a plan and show what must be done.
         </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352928"></a>Dissection and Discussion</h2></div></div></div><p>
 <a class="indexterm" name="id352936"></a>
 <a class="indexterm" name="id352942"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id351452"></a>Dissection and Discussion</h2></div></div></div><p>
+<a class="indexterm" name="id351460"></a>
+<a class="indexterm" name="id351467"></a>
 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you implemented an LDAP server that provided the
 <em class="parameter"><code>passdb backend</code></em> for the Samba servers. You
 …
 took control of network performance.
 </p><p>
 <a class="indexterm" name="id352966"></a>
 <a class="indexterm" name="id352972"></a>
 <a class="indexterm" name="id352979"></a>
 <a class="indexterm" name="id352986"></a>
+<a class="indexterm" name="id351490"></a>
+<a class="indexterm" name="id351497"></a>
+<a class="indexterm" name="id351504"></a>
+<a class="indexterm" name="id351510"></a>
 The implementation of an LDAP-based passdb backend (known as
 <span class="emphasis"><em>ldapsam</em></span> in Samba parlance), or some form of database
 …
 managers.
 </p><p>
 <a class="indexterm" name="id353021"></a>
 <a class="indexterm" name="id353028"></a>
+<a class="indexterm" name="id351546"></a>
+<a class="indexterm" name="id351552"></a>
 The new <span class="emphasis"><em>tdbsam</em></span> facility supports functionality
 that is similar to an <span class="emphasis"><em>ldapsam</em></span>, but the lack of
 …
 backend? Is support for these tools broken? Answers to these
 questions require a bit of background.</p><p>
 <a class="indexterm" name="id353049"></a>
 <a class="indexterm" name="id353055"></a>
 <a class="indexterm" name="id353062"></a>
 <a class="indexterm" name="id353069"></a>
+<a class="indexterm" name="id351572"></a>
+<a class="indexterm" name="id351579"></a>
+<a class="indexterm" name="id351586"></a>
+<a class="indexterm" name="id351593"></a>
 <span class="emphasis"><em>What is a directory?</em></span> A directory is a
 collection of information regarding objects that can be accessed to
 …
 information is organized to facilitate read access rather than to
 support transaction processing.</p><p>
 <a class="indexterm" name="id353086"></a>
 <a class="indexterm" name="id353095"></a>
 <a class="indexterm" name="id353102"></a>
 <a class="indexterm" name="id353109"></a>
+<a class="indexterm" name="id351610"></a>
+<a class="indexterm" name="id351619"></a>
+<a class="indexterm" name="id351626"></a>
+<a class="indexterm" name="id351632"></a>
 The Lightweight Directory Access Protocol (LDAP) differs
 considerably from a traditional database. It has a simple search
 …
 the data repository and for keeping all copies (slaves) in sync with
 the master repository.</p><p>
 <a class="indexterm" name="id353122"></a>
 <a class="indexterm" name="id353129"></a>
 <a class="indexterm" name="id353135"></a>
+<a class="indexterm" name="id351646"></a>
+<a class="indexterm" name="id351652"></a>
+<a class="indexterm" name="id351659"></a>
 Samba is a flexible and powerful file and print sharing
 technology. It can use many external authentication sources and can be
 …
 avoid the proprietary implications of Microsoft Active Directory
 naturally gravitate toward OpenLDAP.</p><p>
 <a class="indexterm" name="id353149"></a>
+<a class="indexterm" name="id351673"></a>
 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you had to deal with a locally routed
 network. All deployment concerns focused around making users happy,
 …
 access information globally. And you must make the network robust
 enough so that it can sustain partial breakdown without causing loss of
 productivity.</p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id353175"></a>Technical Issues</h3></div></div></div><p>
+productivity.</p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id351698"></a>Technical Issues</h3></div></div></div><p>
         There are at least three areas that need to be addressed as you
         approach the challenge of designing a network solution for the newly
         expanded business:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id353189"></a>
                 User needs such as mobility and data access</p></li><li class="listitem"><p>The nature of Windows networking protocols</p></li><li class="listitem"><p>Identity management infrastructure needs</p></li></ul></div><p>Let's look at each in turn.</p><div class="sect3" title="User Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id353212"></a>User Needs</h4></div></div></div><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id351713"></a>
+                User needs such as mobility and data access</p></li><li class="listitem"><p>The nature of Windows networking protocols</p></li><li class="listitem"><p>Identity management infrastructure needs</p></li></ul></div><p>Let's look at each in turn.</p><div class="sect3" title="User Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id351735"></a>User Needs</h4></div></div></div><p>
         The new company has three divisions. Staff for each division are spread across
         the company. Some staff are office-bound and some are mobile users. Mobile
 …
         off for reasons outside the scope of this discussion.
         </p><p>
         <a class="indexterm" name="id353231"></a>
+        <a class="indexterm" name="id351755"></a>
         Decisions must be made regarding where data is to be stored, how it will be
         replicated (if at all), and what the network bandwidth implications are. For
 …
         to the network.
         </p><p>
         <a class="indexterm" name="id353252"></a>
         <a class="indexterm" name="id353262"></a>
+        <a class="indexterm" name="id351776"></a>
+        <a class="indexterm" name="id351785"></a>
         No matter which way you look at this, the bandwidth requirements
         for acceptable performance are substantial even if only 10 percent of
 …
         server to and from the client.
         </p><p>
         <a class="indexterm" name="id353277"></a>
+        <a class="indexterm" name="id351801"></a>
         Obviously then, user needs and wide-area practicalities dictate the economic and
         technical aspects of your network design as well as for standard operating procedures.
         </p></div><div class="sect3" title="The Nature of Windows Networking Protocols"><div class="titlepage"><div><div><h4 class="title"><a name="id353288"></a>The Nature of Windows Networking Protocols</h4></div></div></div><p>
         <a class="indexterm" name="id353296"></a>
+        </p></div><div class="sect3" title="The Nature of Windows Networking Protocols"><div class="titlepage"><div><div><h4 class="title"><a name="id351811"></a>The Nature of Windows Networking Protocols</h4></div></div></div><p>
+        <a class="indexterm" name="id351819"></a>
         Network logons that include roaming profile handling requires from 140 KB to 2 MB.
         The inclusion of support for a minimal set of common desktop applications can push
 …
         part of a total service-level assurance program that might be implemented.
         </p><p>
         <a class="indexterm" name="id353312"></a>
         <a class="indexterm" name="id353319"></a>
+        <a class="indexterm" name="id351836"></a>
+        <a class="indexterm" name="id351843"></a>
         One way to reduce the network bandwidth impact of user logon
         traffic is through folder redirection. In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you
 …
         logon or logout. Redirected folders are analogous to network drive
         connections.
         </p><p><a class="indexterm" name="id353343"></a>
+        </p><p><a class="indexterm" name="id351867"></a>
         Of course, network applications should only be run off
         local application servers. As a general rule, even with 2 Mb/sec
 …
         server that is located in New York.
         </p><p>
         <a class="indexterm" name="id353356"></a>
+        <a class="indexterm" name="id351879"></a>
         When network bandwidth becomes a precious commodity (that is most
         of the time), there is a significant demand to understand network
 …
         the network, several important things must happen.
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 <a class="indexterm" name="id353375"></a>
+                <a class="indexterm" name="id351899"></a>
                 The client obtains an IP address via DHCP. (DHCP is
                 necessary so that users can roam between offices.)
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id353387"></a>
                 <a class="indexterm" name="id353394"></a>
+                <a class="indexterm" name="id351911"></a>
+                <a class="indexterm" name="id351918"></a>
                 The client must register itself with the WINS and/or DNS server.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id353406"></a>
+                <a class="indexterm" name="id351929"></a>
                 The client must locate the closest domain controller.
                 </p></li><li class="listitem"><p>
 …
         at the WINS server.
         </p><p>
         <a class="indexterm" name="id353444"></a>
         <a class="indexterm" name="id353450"></a><a class="indexterm" name="id353460"></a>
+        <a class="indexterm" name="id351967"></a>
+        <a class="indexterm" name="id351974"></a><a class="indexterm" name="id351983"></a>
         Given that the client is already a domain member, it then sends
         a directed (Unicast) request to the WINS server seeking the list of
         IP addresses for domain controllers (NetBIOS name type 0x1C). The
         WINS server replies with the information requested.</p><p>
         <a class="indexterm" name="id353472"></a>
         <a class="indexterm" name="id353481"></a>
         <a class="indexterm" name="id353488"></a>
+        <a class="indexterm" name="id351995"></a>
+        <a class="indexterm" name="id352004"></a>
+        <a class="indexterm" name="id352011"></a>
         The client sends two netlogon mailslot broadcast requests
         to the local network and to each of the IP addresses returned by
 …
         domain controllers.
         </p><p>
         <a class="indexterm" name="id353502"></a>
         <a class="indexterm" name="id353511"></a>
         <a class="indexterm" name="id353518"></a>
+        <a class="indexterm" name="id352025"></a>
+        <a class="indexterm" name="id352035"></a>
+        <a class="indexterm" name="id352041"></a>
         The logon process begins with negotiation of the SMB/CIFS
         protocols that are to be used; this is followed by an exchange of
 …
         local domain controllers fail or break?
         </p><p>
         <a class="indexterm" name="id353533"></a>
         <a class="indexterm" name="id353540"></a>
         <a class="indexterm" name="id353546"></a>
         <a class="indexterm" name="id353553"></a>
+        <a class="indexterm" name="id352056"></a>
+        <a class="indexterm" name="id352063"></a>
+        <a class="indexterm" name="id352070"></a>
+        <a class="indexterm" name="id352076"></a>
         Under most circumstances, the nearest domain controller
         responds to the netlogon mailslot broadcast. The exception to this
 …
         domain controllers are by definition BDCs.
         </p><p>
         <a class="indexterm" name="id353566"></a>
         <a class="indexterm" name="id353573"></a>
+        <a class="indexterm" name="id352090"></a>
+        <a class="indexterm" name="id352097"></a>
         The provision of sufficient servers that are BDCs is an
         important design factor. The second important design factor
 …
         data. That is the subject of the next section, which involves key
         decisions regarding Identity Management facilities.
         </p></div><div class="sect3" title="Identity Management Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id353585"></a>Identity Management Needs</h4></div></div></div><p>
         <a class="indexterm" name="id353593"></a>
         <a class="indexterm" name="id353600"></a>
         <a class="indexterm" name="id353606"></a>
         <a class="indexterm" name="id353613"></a>
+        </p></div><div class="sect3" title="Identity Management Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id352108"></a>Identity Management Needs</h4></div></div></div><p>
+        <a class="indexterm" name="id352116"></a>
+        <a class="indexterm" name="id352123"></a>
+        <a class="indexterm" name="id352130"></a>
+        <a class="indexterm" name="id352136"></a>
         Network managers recognize that in large organizations users
         generally need to be given resource access based on needs, while
 …
         rights and privileges are allocated.
         </p><p>
         <a class="indexterm" name="id353627"></a>
         <a class="indexterm" name="id353634"></a>
         <a class="indexterm" name="id353640"></a>
+        <a class="indexterm" name="id352150"></a>
+        <a class="indexterm" name="id352157"></a>
+        <a class="indexterm" name="id352164"></a>
         Unfortunately, network resources tend to have their own Identity
         Management facilities, the quality and manageability of which varies
 …
         as <code class="constant">Network Information System</code> (NIS).
         </p><p>
         <a class="indexterm" name="id353666"></a>
+        <a class="indexterm" name="id352189"></a>
         NIS gained a strong following throughout the UNIX/VMS space in a short
         period of time and retained that appeal and use for over a decade.
 …
         other information systems is catching on.
         </p><p>
         <a class="indexterm" name="id353681"></a>
         <a class="indexterm" name="id353687"></a>
         <a class="indexterm" name="id353694"></a>
+        <a class="indexterm" name="id352204"></a>
+        <a class="indexterm" name="id352211"></a>
+        <a class="indexterm" name="id352217"></a>
         Nevertheless, both NIS and NIS+ continue to hold ground in
         business areas where UNIX still has major sway. Examples of
 …
         focus.
         </p><p>
         <a class="indexterm" name="id353707"></a>
         <a class="indexterm" name="id353714"></a>
+        <a class="indexterm" name="id352230"></a>
+        <a class="indexterm" name="id352237"></a>
         Today's networking world needs a scalable, distributed Identity
         Management infrastructure, commonly called a directory. The most
 …
         and a number of LDAP implementations.
         </p><p>
         <a class="indexterm" name="id353726"></a>
+        <a class="indexterm" name="id352249"></a>
         The problem of managing multiple directories has become a focal
         point over the past decade, creating a large market for
 …
         having to remember and deal with fewer login identities and
         passwords.</p><p>
         <a class="indexterm" name="id353740"></a>
+        <a class="indexterm" name="id352263"></a>
         The challenge of every large network is to find the optimum
         balance of internal systems and facilities for Identity
 …
         implemented has potentially significant impact on network bandwidth
         and systems response needs.</p><p>
         <a class="indexterm" name="id353754"></a>
         <a class="indexterm" name="id353761"></a>
         <a class="indexterm" name="id353770"></a>
+        <a class="indexterm" name="id352278"></a>
+        <a class="indexterm" name="id352285"></a>
+        <a class="indexterm" name="id352294"></a>
         In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, you implemented a single LDAP server for the
         entire network. This may work for smaller networks, but almost
 …
         servers within the context of a distributed 2,000-user network is a
         question that remains to be answered.</p><p>
         <a class="indexterm" name="id353796"></a>
         <a class="indexterm" name="id353803"></a>
+        <a class="indexterm" name="id352319"></a>
+        <a class="indexterm" name="id352326"></a>
         One possibility that has great appeal is to create a single,
         large distributed domain. The practical implications of this
 …
         maintenance.
         </p><p>
         <a class="indexterm" name="id353826"></a>
+        <a class="indexterm" name="id352350"></a>
         The network design in <a class="link" href="net2000users.html#chap7net2" title="Figure 6.7. Network Topology 2000 User Complex Design B">&#8220;Network Topology  2000 User Complex Design B&#8221;</a> takes the approach
         that management of networks that are too remote to be managed
 …
         in how they may access global resources.
         </p><p>
         <a class="indexterm" name="id353848"></a>
+        <a class="indexterm" name="id352371"></a>
         Desk-bound users need not be negatively affected by this design, since
         the use of interdomain trusts can be used to satisfy the need for global
         data sharing.
         </p><p>
         <a class="indexterm" name="id353859"></a>
         <a class="indexterm" name="id353866"></a>
         <a class="indexterm" name="id353875"></a>
+        <a class="indexterm" name="id352382"></a>
+        <a class="indexterm" name="id352389"></a>
+        <a class="indexterm" name="id352398"></a>
         When Samba-3 is configured to use an LDAP backend, it stores the domain
         account information in a directory entry. This account entry contains the
 …
         possible to operate with more than one PDC on a distributed network.
         </p><p>
         <a class="indexterm" name="id353887"></a>
         <a class="indexterm" name="id353894"></a>
         <a class="indexterm" name="id353901"></a>
+        <a class="indexterm" name="id352411"></a>
+        <a class="indexterm" name="id352417"></a>
+        <a class="indexterm" name="id352424"></a>
         How might this peculiar feature be exploited? The answer is simple. It is
         imperative that each network segment have its own WINS server. Major
 …
         single LDAP backend, users have unfettered ability to roam.
         </p><p>
         <a class="indexterm" name="id353921"></a>
         <a class="indexterm" name="id353930"></a>
+        <a class="indexterm" name="id352444"></a>
+        <a class="indexterm" name="id352454"></a>
         This concept has not been exhaustively validated, though we can see no reason
         why this should not work. The important facets are the following: The name of
 …
         that are in fact slave LDAP servers on the local segments.
         </p><p>
         <a class="indexterm" name="id353946"></a>
         <a class="indexterm" name="id353956"></a>
         <a class="indexterm" name="id353962"></a>
         <a class="indexterm" name="id353972"></a>
+        <a class="indexterm" name="id352470"></a>
+        <a class="indexterm" name="id352479"></a>
+        <a class="indexterm" name="id352486"></a>
+        <a class="indexterm" name="id352495"></a>
         With a single master LDAP server, all network updates are effected on a single
         server. In the event that this should become excessively fragile or network
 …
         procedures for managing the directory, because retroactive correction of
         inconsistent directory information can be exceedingly difficult.
         </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id353997"></a>Political Issues</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id352520"></a>Political Issues</h3></div></div></div><p>
         As organizations grow, the number of points of control increases
         also. In a large distributed organization, it is important that the
 …
         minutes rather than days (the old limitation of highly manual
         systems).
         </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id354011"></a>Implementation</h2></div></div></div><p>
         <a class="indexterm" name="id354019"></a>
         <a class="indexterm" name="id354026"></a>
         <a class="indexterm" name="id354032"></a>
         <a class="indexterm" name="id354039"></a>
+        </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id352534"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id352542"></a>
+        <a class="indexterm" name="id352549"></a>
+        <a class="indexterm" name="id352556"></a>
+        <a class="indexterm" name="id352562"></a>
         Samba-3 has the ability to use multiple password (authentication and
         identity resolution) backends. The diagram in <a class="link" href="net2000users.html#chap7idres" title="Figure 6.1. Samba and Authentication Backend Search Pathways">&#8220;Samba and Authentication Backend Search Pathways&#8221;</a>
 …
         using the specific systems shown.
         </p><div class="figure"><a name="chap7idres"></a><p class="title"><b>Figure 6.1. Samba and Authentication Backend Search Pathways</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-idresol.png" width="297" alt="Samba and Authentication Backend Search Pathways"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id354099"></a>
         <a class="indexterm" name="id354106"></a>
         <a class="indexterm" name="id354113"></a>
         <a class="indexterm" name="id354120"></a>
         <a class="indexterm" name="id354126"></a>
         <a class="indexterm" name="id354133"></a>
         <a class="indexterm" name="id354140"></a>
+        <a class="indexterm" name="id352623"></a>
+        <a class="indexterm" name="id352630"></a>
+        <a class="indexterm" name="id352637"></a>
+        <a class="indexterm" name="id352643"></a>
+        <a class="indexterm" name="id352650"></a>
+        <a class="indexterm" name="id352657"></a>
+        <a class="indexterm" name="id352664"></a>
         Samba is capable of using the <code class="constant">smbpasswd</code>,
         <code class="constant">tdbsam</code>, <code class="constant">xmlsam</code>,
 …
         operations.
         </p><p>
         <a class="indexterm" name="id354166"></a>
+        <a class="indexterm" name="id352690"></a>
         Additionally, it is possible to use multiple passdb backends
         concurrently as well as have multiple LDAP backends. As a result, you
 …
         This configuration tells Samba to use a single LDAP server, as shown in <a class="link" href="net2000users.html#ch7singleLDAP" title="Figure 6.2. Samba Configuration to Use a Single LDAP Server">&#8220;Samba Configuration to Use a Single LDAP Server&#8221;</a>.
         </p><div class="figure"><a name="ch7singleLDAP"></a><p class="title"><b>Figure 6.2. Samba Configuration to Use a Single LDAP Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-singleLDAP.png" width="351" alt="Samba Configuration to Use a Single LDAP Server"></div></div></div><p><br class="figure-break">
         <a class="indexterm" name="id354234"></a>
         <a class="indexterm" name="id354244"></a>
+        <a class="indexterm" name="id352758"></a>
+        <a class="indexterm" name="id352768"></a>
         The addition of a failover LDAP server can simply be done by adding a
         second entry for the failover server to the single <em class="parameter"><code>ldapsam</code></em>
 …
 ...
 </pre><p>
         <a class="indexterm" name="id354323"></a>
+        <a class="indexterm" name="id352848"></a>
         The effect of this style of entry is that Samba lists the users
         that are in both LDAP databases. If both contain the same information,
 …
         pattern similar to what was covered in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>. The following steps
     permit the operation of a master/slave OpenLDAP arrangement.
         </p><div class="procedure" title="Procedure 6.1. Implementation Steps for an LDAP Slave Server"><a name="id354454"></a><p class="title"><b>Procedure 6.1. Implementation Steps for an LDAP Slave Server</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
             <a class="indexterm" name="id354465"></a>
                 <a class="indexterm" name="id354472"></a>
+        </p><div class="procedure" title="Procedure 6.1. Implementation Steps for an LDAP Slave Server"><a name="id352976"></a><p class="title"><b>Procedure 6.1. Implementation Steps for an LDAP Slave Server</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+            <a class="indexterm" name="id352987"></a>
+                <a class="indexterm" name="id352994"></a>
                 Log onto the master LDAP server as <code class="constant">root</code>.
                 You are about to change the configuration of the LDAP server, so it
 …
 </pre><p>
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id354514"></a>
+                <a class="indexterm" name="id353036"></a>
                 Edit the <code class="filename">/etc/openldap/slapd.conf</code> file so it
                 matches the content of <a class="link" href="net2000users.html#ch7-LDAP-master" title="Example 6.1. LDAP Master Server Configuration File /etc/openldap/slapd.conf">&#8220;LDAP Master Server Configuration File  /etc/openldap/slapd.conf&#8221;</a>.
 …
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id354583"></a>
                 <a class="indexterm" name="id354590"></a>
+                <a class="indexterm" name="id353106"></a>
+                <a class="indexterm" name="id353112"></a>
                 Change directory to a suitable place to dump the contents of the
                 LDAP server. The dump file (and LDIF file) is used to preload
 …
                 Each record is written to the file.
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id354620"></a>
+                <a class="indexterm" name="id353142"></a>
                 Copy the file <code class="filename">LDAP-transfer-LDIF.txt</code> to the intended
                 slave LDAP server. A good location could be in the directory
 …
 </pre><p>
                 </p></li><li class="step" title="Step 10"><p>
             <a class="indexterm" name="id354767"></a>
                 <a class="indexterm" name="id354774"></a>
                 <a class="indexterm" name="id354781"></a>
+            <a class="indexterm" name="id353290"></a>
+                <a class="indexterm" name="id353296"></a>
+                <a class="indexterm" name="id353303"></a>
                 Go back to the master LDAP server. Execute the following to start LDAP as well
                 as <code class="literal">slurpd</code>, the synchronization daemon, as shown here:
 …
 <code class="prompt">root# </code> chkconfig slurpd on
 </pre><p>
             <a class="indexterm" name="id354824"></a>
+            <a class="indexterm" name="id353347"></a>
                 On Red Hat Linux, check the equivalent command to start <code class="literal">slurpd</code>.
                 </p></li><li class="step" title="Step 11"><p>
                 <a class="indexterm" name="id354844"></a>
+                <a class="indexterm" name="id353367"></a>
                 On the master LDAP server you may now add an account to validate that replication
                 is working. Assuming the configuration shown in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, execute:
 …
 index sambaDomainName       eq
 index default               sub
 </pre></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfA"></a><p class="title"><b>Example 6.3. Primary Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id355074"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id355085"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id355097"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id355108"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id355120"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id355131"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id355143"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id355154"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id355166"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id355177"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id355189"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355200"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id355212"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355224"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355236"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id355248"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id355259"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355272"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355284"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355296"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id355308"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id355319"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id355331"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id355343"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id355354"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id355366"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355377"></a><em class="parameter"><code>domain master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355389"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355400"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id355412"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id355423"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id355435"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id355447"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id355458"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id355470"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id355482"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id355493"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id355505"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id355516"></a><em class="parameter"><code>printing = cups</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfB"></a><p class="title"><b>Example 6.4. Primary Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[IPC$]</code></em></td></tr><tr><td><a class="indexterm" name="id355561"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id355581"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id355593"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id355604"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id355625"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id355636"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id355648"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id355668"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id355680"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id355691"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id355712"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id355723"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id355735"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id355746"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id355767"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id355778"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id355790"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355801"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355813"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfC"></a><p class="title"><b>Example 6.5. Primary Domain Controller <code class="filename">smb.conf</code> File  Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id355857"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id355869"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id355880"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id355892"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id355912"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id355924"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id355936"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id355947"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355959"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id355979"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id355990"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id356002"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356014"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id356034"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id356046"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id356057"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356069"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id356089"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id356101"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id356112"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id356124"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfA"></a><p class="title"><b>Example 6.6. Backup Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># # Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id356172"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id356183"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id356195"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id356206"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id356218"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id356229"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id356241"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id356252"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id356264"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id356275"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id356287"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id356298"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id356310"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id356322"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id356333"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id356345"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id356356"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356368"></a><em class="parameter"><code>os level = 63</code></em></td></tr><tr><td><a class="indexterm" name="id356379"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id356391"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id356402"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id356414"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id356425"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id356437"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id356449"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id356460"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id356472"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356483"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id356495"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id356507"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id356518"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id356538"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id356550"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id356562"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id356582"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id356594"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id356605"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfB"></a><p class="title"><b>Example 6.7. Backup Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id356650"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id356661"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id356673"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id356693"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id356705"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id356716"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356728"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id356748"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id356760"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id356771"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356783"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356794"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id356815"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id356826"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id356838"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id356849"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id356870"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id356881"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id356893"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356904"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id356925"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id356936"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id356948"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356959"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id356980"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id356991"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id357003"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id357014"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id357027"></a>Key Points Learned</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         <a class="indexterm" name="id357038"></a><a class="indexterm" name="id357043"></a>
+</pre></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfA"></a><p class="title"><b>Example 6.3. Primary Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id353596"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id353608"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id353619"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id353631"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id353643"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id353654"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id353666"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id353677"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id353689"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id353700"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id353712"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id353723"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id353735"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id353746"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id353758"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id353770"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id353782"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id353794"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id353806"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id353818"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id353830"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id353842"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id353854"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id353865"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id353877"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id353888"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id353900"></a><em class="parameter"><code>domain master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id353911"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id353923"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id353934"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id353946"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id353958"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id353969"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id353981"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id353993"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id354004"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id354016"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id354027"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id354039"></a><em class="parameter"><code>printing = cups</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfB"></a><p class="title"><b>Example 6.4. Primary Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[IPC$]</code></em></td></tr><tr><td><a class="indexterm" name="id354084"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id354104"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id354116"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id354127"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id354148"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id354159"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id354171"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id354191"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id354203"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id354214"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id354234"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id354246"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id354258"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id354269"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id354289"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id354301"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id354312"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id354324"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id354335"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfC"></a><p class="title"><b>Example 6.5. Primary Domain Controller <code class="filename">smb.conf</code> File  Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id354381"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id354392"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id354404"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id354415"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id354436"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id354447"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id354459"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id354470"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id354482"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id354502"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id354514"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id354525"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id354537"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id354557"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id354569"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id354580"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id354592"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id354612"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id354624"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id354636"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id354647"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfA"></a><p class="title"><b>Example 6.6. Backup Domain Controller <code class="filename">smb.conf</code> File  Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># # Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id354695"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id354706"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id354718"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id354729"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id354741"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id354753"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id354764"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id354776"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id354787"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id354799"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id354810"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id354822"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id354833"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id354845"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id354856"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id354868"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id354880"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id354891"></a><em class="parameter"><code>os level = 63</code></em></td></tr><tr><td><a class="indexterm" name="id354902"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id354914"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id354926"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id354937"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id354949"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id354960"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id354972"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id354984"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id354995"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355007"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id355018"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id355030"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id355041"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id355062"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id355073"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id355085"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id355105"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id355117"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id355128"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfB"></a><p class="title"><b>Example 6.7. Backup Domain Controller <code class="filename">smb.conf</code> File  Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id355174"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id355185"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id355197"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id355217"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id355229"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id355240"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id355252"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id355272"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id355284"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id355295"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355307"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355318"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id355338"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id355350"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id355362"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id355373"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id355393"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id355405"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id355417"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355428"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id355448"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id355460"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id355472"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id355483"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id355503"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id355515"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id355527"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id355538"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id355551"></a>Key Points Learned</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+                        <a class="indexterm" name="id355562"></a><a class="indexterm" name="id355567"></a>
                         Where Samba-3 is used as a domain controller, the use of LDAP is an
                         essential component to permit the use of BDCs.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id357055"></a>
+                        <a class="indexterm" name="id355579"></a>
                         Replication of the LDAP master server to create a network of BDCs
                         is an important mechanism for limiting WAN traffic.
 …
                         departure from this may clog wide-area arteries and slow legitimate network
                         traffic to a crawl.
                         </p></li></ul></div></div><div class="figure"><a name="chap7net"></a><p class="title"><b>Figure 6.6. Network Topology  2000 User Complex Design A</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net-Ar.png" width="432" alt="Network Topology 2000 User Complex Design A"></div></div></div><br class="figure-break"><div class="figure"><a name="chap7net2"></a><p class="title"><b>Figure 6.7. Network Topology  2000 User Complex Design B</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net2-Br.png" width="432" alt="Network Topology 2000 User Complex Design B"></div></div></div><br class="figure-break"></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id357166"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div><div class="figure"><a name="chap7net"></a><p class="title"><b>Figure 6.6. Network Topology  2000 User Complex Design A</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net-Ar.png" width="432" alt="Network Topology 2000 User Complex Design A"></div></div></div><br class="figure-break"><div class="figure"><a name="chap7net2"></a><p class="title"><b>Figure 6.7. Network Topology  2000 User Complex Design B</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net2-Br.png" width="432" alt="Network Topology 2000 User Complex Design B"></div></div></div><br class="figure-break"></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id355690"></a>Questions and Answers</h2></div></div></div><p>
         There is much rumor and misinformation regarding the use of MS Windows networking protocols.
         These questions are just a few of those frequently asked.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id357176"></a><dl><dt> <a href="net2000users.html#id357182">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id355700"></a><dl><dt> <a href="net2000users.html#id355707">
                 Is it true that DHCP uses lots of WAN bandwidth?
                 </a></dt><dt> <a href="net2000users.html#id357303">
+                </a></dt><dt> <a href="net2000users.html#id355828">
                 How much background communication takes place between a master LDAP server and its slave LDAP servers?
                 </a></dt><dt> <a href="net2000users.html#id357360">
+                </a></dt><dt> <a href="net2000users.html#id355885">
                 LDAP has a database. Is LDAP not just a fancy database front end?
                 </a></dt><dt> <a href="net2000users.html#id357417">
+                </a></dt><dt> <a href="net2000users.html#id355941">
                 Can Active Directory obtain account information from an OpenLDAP server?
                 </a></dt><dt> <a href="net2000users.html#id357449">
+                </a></dt><dt> <a href="net2000users.html#id355974">
                 What are the parts of a roaming profile? How large is each part?
                 </a></dt><dt> <a href="net2000users.html#id357590">
+                </a></dt><dt> <a href="net2000users.html#id356115">
                 Can the My Documents folder be stored on a network drive?
                 </a></dt><dt> <a href="net2000users.html#id357635">
+                </a></dt><dt> <a href="net2000users.html#id356159">
                 How much WAN bandwidth does WINS consume?
                 </a></dt><dt> <a href="net2000users.html#id357712">
+                </a></dt><dt> <a href="net2000users.html#id356236">
                 How many BDCs should I have? What is the right number of Windows clients per server?
                 </a></dt><dt> <a href="net2000users.html#id357739">
+                </a></dt><dt> <a href="net2000users.html#id356263">
                 I've heard that you can store NIS accounts in LDAP. Is LDAP not just a smarter way to
                 run an NIS server?
                 </a></dt><dt> <a href="net2000users.html#id357770">
+                </a></dt><dt> <a href="net2000users.html#id356294">
                 Can I use NIS in place of LDAP?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id357182"></a><a name="id357185"></a></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357189"></a>
                 <a class="indexterm" name="id357196"></a>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id355707"></a><a name="id355709"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id355713"></a>
+                <a class="indexterm" name="id355720"></a>
                 Is it true that DHCP uses lots of WAN bandwidth?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357212"></a>
                 <a class="indexterm" name="id357221"></a>
                 <a class="indexterm" name="id357228"></a>
+                <a class="indexterm" name="id355736"></a>
+                <a class="indexterm" name="id355745"></a>
+                <a class="indexterm" name="id355752"></a>
                 It is a smart practice to localize DHCP servers on each network segment. As a
                 rule, there should be two DHCP servers per network segment. This means that if
 …
                 routers. This makes it possible to run fewer DHCP servers.
                 </p><p>
                 <a class="indexterm" name="id357244"></a>
                 <a class="indexterm" name="id357253"></a>
+                <a class="indexterm" name="id355768"></a>
+                <a class="indexterm" name="id355777"></a>
                 A DHCP network address request and confirmation usually results in about six UDP packets.
                 The packets are from 60 to 568 bytes in length. Let us consider a site that has 300 DHCP
 …
                 From this can be seen that the traffic impact would be minimal.
                 </p><p>
                 <a class="indexterm" name="id357282"></a>
                 <a class="indexterm" name="id357291"></a>
+                <a class="indexterm" name="id355807"></a>
+                <a class="indexterm" name="id355816"></a>
                 Even when DHCP is configured to do DNS update (dynamic DNS) over a wide-area link,
                 the impact of the update is no more than the DHCP IP address renewal traffic and thus
                 still insignificant for most practical purposes.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357303"></a><a name="id357305"></a></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357310"></a>
                 <a class="indexterm" name="id357317"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id355828"></a><a name="id355830"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id355834"></a>
+                <a class="indexterm" name="id355841"></a>
                 How much background communication takes place between a master LDAP server and its slave LDAP servers?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357336"></a>
+                <a class="indexterm" name="id355860"></a>
                 The process that controls the replication of data from the master LDAP server to the slave LDAP
                 servers is called <code class="literal">slurpd</code>. The <code class="literal">slurpd</code> remains nascent (quiet)
                 until an update must be propagated. The propagation traffic per LDAP slave to update (add/modify/delete)
                 two user accounts requires less than 10KB traffic.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357360"></a><a name="id357362"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id355885"></a><a name="id355887"></a></td><td align="left" valign="top"><p>
                 LDAP has a database. Is LDAP not just a fancy database front end?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357374"></a>
                 <a class="indexterm" name="id357381"></a>
                 <a class="indexterm" name="id357390"></a>
                 <a class="indexterm" name="id357396"></a>
+                <a class="indexterm" name="id355898"></a>
+                <a class="indexterm" name="id355905"></a>
+                <a class="indexterm" name="id355914"></a>
+                <a class="indexterm" name="id355921"></a>
                 LDAP does store its data in a database of sorts. In fact, the LDAP backend is an application-specific
                 data storage system. This type of database is indexed so that records can be rapidly located, but the
 …
                 An LDAP front end is a purpose-built tool that has a search orientation that is designed around specific
                 simple queries. The term <code class="constant">database</code> is heavily overloaded and thus much misunderstood.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357417"></a><a name="id357419"></a></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357423"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id355941"></a><a name="id355943"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id355948"></a>
                 Can Active Directory obtain account information from an OpenLDAP server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357437"></a>
+                <a class="indexterm" name="id355962"></a>
                 No, at least not directly. It is possible to provision Active Directory from and/or to an OpenLDAP
                 database through use of a metadirectory server. Microsoft MMS (now called MIIS) can interface
                 to OpenLDAP using standard LDAP queries and updates.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357449"></a><a name="id357452"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id355974"></a><a name="id355976"></a></td><td align="left" valign="top"><p>
                 What are the parts of a roaming profile? How large is each part?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id357462"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id355986"></a>
                 A roaming profile consists of
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
 …
                         <code class="constant">Local Settings,</code> and more. See <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>, <a class="link" href="happy.html#XP-screen001" title="Figure 5.3. Windows XP Professional User Shared Folders">&#8220;Windows XP Professional  User Shared Folders&#8221;</a>.
                         </p><p>
                         <a class="indexterm" name="id357521"></a>
+                        <a class="indexterm" name="id356045"></a>
                         Each of these can be anywhere from a few bytes to gigabytes in capacity. Fortunately, all
                         such folders can be redirected to network drive resources. See <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>
 …
                         A static or rewritable portion that is typically only a few files (2-5 KB of information).
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id357545"></a>
                         <a class="indexterm" name="id357551"></a>
+                        <a class="indexterm" name="id356069"></a>
+                        <a class="indexterm" name="id356076"></a>
                         The registry load file that modifies the <code class="constant">HKEY_LOCAL_USER</code> hive. This is
                         the <code class="filename">NTUSER.DAT</code> file. It can be from 0.4 to 1.5 MB.
                         </p></li></ul></div><p>
                 <a class="indexterm" name="id357573"></a>
+                <a class="indexterm" name="id356097"></a>
                 Microsoft Outlook PST files may be stored in the <code class="constant">Local Settings\Application Data</code>
                 folder. It can be up to 2 GB in size per PST file.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357590"></a><a name="id357592"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id356115"></a><a name="id356117"></a></td><td align="left" valign="top"><p>
                 Can the <code class="constant">My Documents</code> folder be stored on a network drive?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357607"></a>
                 <a class="indexterm" name="id357614"></a>
+                <a class="indexterm" name="id356132"></a>
+                <a class="indexterm" name="id356138"></a>
                 Yes. More correctly, such folders can be redirected to network shares. No specific network drive
                 connection is required. Registry settings permit this to be redirected directly to a UNC (Universal
                 Naming Convention) resource, though it is possible to specify a network drive letter instead of a
                 UNC name. See <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">&#8220;Configuration of Default Profile with Folder Redirection&#8221;</a>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357635"></a><a name="id357637"></a></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357641"></a>
                 <a class="indexterm" name="id357648"></a>
                 <a class="indexterm" name="id357657"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id356159"></a><a name="id356162"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id356166"></a>
+                <a class="indexterm" name="id356173"></a>
+                <a class="indexterm" name="id356182"></a>
                 How much WAN bandwidth does WINS consume?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357671"></a>
                 <a class="indexterm" name="id357680"></a>
                 <a class="indexterm" name="id357687"></a>
+                <a class="indexterm" name="id356196"></a>
+                <a class="indexterm" name="id356205"></a>
+                <a class="indexterm" name="id356212"></a>
                 MS Windows clients cache information obtained from WINS lookups in a local NetBIOS name cache.
                 This keeps WINS lookups to a minimum. On a network with 3500 MS Windows clients and a central WINS
 …
                 In conclusion, the total load afforded through WINS traffic is again marginal to total operational
                 usage  as it should be.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357712"></a><a name="id357714"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id356236"></a><a name="id356238"></a></td><td align="left" valign="top"><p>
                 How many BDCs should I have? What is the right number of Windows clients per server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 As unsatisfactory as the answer might sound, it all depends on network and server load
                 characteristics.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357739"></a><a name="id357741"></a></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357745"></a><a class="indexterm" name="id357751"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id356263"></a><a name="id356265"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id356269"></a><a class="indexterm" name="id356275"></a>
                 I've heard that you can store NIS accounts in LDAP. Is LDAP not just a smarter way to
                 run an NIS server?
 …
                 a configurable schema that can store far more information for many more purposes than
                 just NIS.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id357770"></a><a name="id357772"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id356294"></a><a name="id356296"></a></td><td align="left" valign="top"><p>
                 Can I use NIS in place of LDAP?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id357783"></a>
                 <a class="indexterm" name="id357790"></a>
+                <a class="indexterm" name="id356308"></a>
+                <a class="indexterm" name="id356314"></a>
                 No. The NIS database does not have provision to store Microsoft encrypted passwords and does not deal
                 with the types of data necessary for interoperability with Microsoft Windows networking. The use

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ntmigration.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Migrating NT4 Domain to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="upgrades.html" title="Chapter 8. Updating Samba-3"><link rel="next" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Migrating NT4 Domain to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="upgrades.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="nw4migration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 9. Migrating NT4 Domain to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="ntmigration"></a>Chapter 9. Migrating NT4 Domain to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ntmigration.html#id368988">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369064">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369115">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369276">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id369580">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id369600">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id369724">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id371918">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id372263">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id372297">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 9. Migrating NT4 Domain to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="upgrades.html" title="Chapter 8. Updating Samba-3"><link rel="next" href="nw4migration.html" title="Chapter 10. Migrating NetWare Server to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 9. Migrating NT4 Domain to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="upgrades.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="nw4migration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 9. Migrating NT4 Domain to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="ntmigration"></a>Chapter 9. Migrating NT4 Domain to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="ntmigration.html#id367517">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id367593">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id367644">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id367806">Technical Issues</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id368109">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id368129">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="ntmigration.html#id368253">NT4 Migration Using LDAP Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id370444">NT4 Migration Using tdbsam Backend</a></span></dt><dt><span class="sect2"><a href="ntmigration.html#id370790">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="ntmigration.html#id370824">Questions and Answers</a></span></dt></dl></div><p>
         Ever since Microsoft announced that it was discontinuing support for Windows
         NT4, Samba users started to ask for detailed instructions on how to migrate
 …
         One wonders how many NT4 systems will be left in service by the time you read this
         book though.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id368988"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id368994"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id367517"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id367523"></a>
         Network administrators who want to migrate off a Windows NT4 environment know
         one thing with certainty. They feel that NT4 has been abandoned, and they want
 …
         failure, and much more.
         </p><p>
         <a class="indexterm" name="id369009"></a>
         <a class="indexterm" name="id369016"></a>
         <a class="indexterm" name="id369025"></a>
         <a class="indexterm" name="id369035"></a>
+        <a class="indexterm" name="id367538"></a>
+        <a class="indexterm" name="id367545"></a>
+        <a class="indexterm" name="id367554"></a>
+        <a class="indexterm" name="id367564"></a>
         The migration from NT4 to Samba-3 can involve a number of factors, including
         migration of data to another server, migration of network environment controls
 …
         accounts.
         </p><p>
         <a class="indexterm" name="id369049"></a>
+        <a class="indexterm" name="id367578"></a>
         It should be pointed out now that it is possible to migrate some systems from
         a Windows NT4 domain environment to a Samba-3 domain environment. This is certainly
 …
         migration before an environment that is acceptable for immediate use
         is obtained.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id369064"></a>Assignment Tasks</h3></div></div></div><p>
         <a class="indexterm" name="id369071"></a>
         <a class="indexterm" name="id369078"></a>
         <a class="indexterm" name="id369085"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id367593"></a>Assignment Tasks</h3></div></div></div><p>
+        <a class="indexterm" name="id367600"></a>
+        <a class="indexterm" name="id367607"></a>
+        <a class="indexterm" name="id367614"></a>
         You are about to migrate an MS Windows NT4 domain accounts database to
         a Samba-3 server. The Samba-3 server is using a
 …
         Your objective is to document the process of migrating user and group accounts
         from several NT4 domains into a single Samba-3 LDAP backend database.
         </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id369115"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id369123"></a>
         <a class="indexterm" name="id369129"></a>
         <a class="indexterm" name="id369135"></a>
         <a class="indexterm" name="id369147"></a>
         <a class="indexterm" name="id369158"></a>
         <a class="indexterm" name="id369165"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id367644"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id367652"></a>
+        <a class="indexterm" name="id367658"></a>
+        <a class="indexterm" name="id367664"></a>
+        <a class="indexterm" name="id367676"></a>
+        <a class="indexterm" name="id367688"></a>
+        <a class="indexterm" name="id367694"></a>
         The migration process takes a snapshot of information that is stored in the
         Windows NT4 registry-based accounts database. That information resides in
 …
         <code class="constant">SAM</code> and <code class="constant">SECURITY</code>.
         </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
         <a class="indexterm" name="id369187"></a>
         <a class="indexterm" name="id369194"></a>
+        <a class="indexterm" name="id367717"></a>
+        <a class="indexterm" name="id367724"></a>
         The Windows NT4 registry keys called <code class="constant">SAM</code> and <code class="constant">SECURITY</code>
         are protected so that you cannot view the contents. If you change the security setting
 …
         do this unless you are willing to render your domain controller inoperative.
         </p></div><p>
         <a class="indexterm" name="id369214"></a>
         <a class="indexterm" name="id369223"></a>
+        <a class="indexterm" name="id367743"></a>
+        <a class="indexterm" name="id367752"></a>
         Before commencing an NT4 to Samba-3 migration, you should consider what your objectives are.
         While in some cases it is possible simply to migrate an NT4 domain to a single Samba-3 server,
 …
         interact with the network environment.
         </p><p>
         <a class="indexterm" name="id369237"></a>
         <a class="indexterm" name="id369246"></a>
         <a class="indexterm" name="id369253"></a>
+        <a class="indexterm" name="id367767"></a>
+        <a class="indexterm" name="id367776"></a>
+        <a class="indexterm" name="id367783"></a>
         MS Windows NT4 was introduced some time around 1996. Many environments in which NT4 was deployed
         have done little to keep the NT4 server environment up to date with more recent Windows releases,
 …
         real disruption to users, but rather, with due diligence and care, should make their network experience
         a much happier one.
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id369276"></a>Technical Issues</h3></div></div></div><p>
         <a class="indexterm" name="id369284"></a>
         <a class="indexterm" name="id369291"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id367806"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id367813"></a>
+        <a class="indexterm" name="id367820"></a>
         Migration of an NT4 domain user and group database to Samba-3 involves a certain strategic
         element. Many sites have asked for instructions regarding merging of multiple NT4
 …
         from a Windows NT4 domain to a Samba domain.
         </p><div class="figure"><a name="ch8-migration"></a><p class="title"><b>Figure 9.1. Schematic Explaining the <code class="literal">net rpc vampire</code> Process</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch8-migration.png" width="297" alt="Schematic Explaining the net rpc vampire Process"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id369358"></a>
         <a class="indexterm" name="id369365"></a>
+        <a class="indexterm" name="id367887"></a>
+        <a class="indexterm" name="id367894"></a>
         If you want to merge multiple NT4 domain account databases into one Samba domain,
         you must now dump the contents of the first migration and edit it as appropriate. Now clean
 …
         files. You must start each migration with a new database into which you merge your NT4
         domains.
         </p><p><a class="indexterm" name="id369383"></a>
+        </p><p><a class="indexterm" name="id367912"></a>
         At this point, you are ready to perform the second migration, following the same steps as
         for the first. In other words, dump the database, edit it, and then you may merge the
         dump for the first and second migrations.
         </p><p><a class="indexterm" name="id369396"></a><a class="indexterm" name="id369404"></a><a class="indexterm" name="id369412"></a>
+        </p><p><a class="indexterm" name="id367925"></a><a class="indexterm" name="id367933"></a><a class="indexterm" name="id367941"></a>
         You must be careful. If you choose to migrate to an LDAP backend, your dump file
         now contains the full account information, including the domain SID. The domain SID for each
 …
         portion of the account SIDs so that all are the same.
         </p><p>
         <a class="indexterm" name="id369427"></a>
         <a class="indexterm" name="id369433"></a>
         <a class="indexterm" name="id369440"></a>
         <a class="indexterm" name="id369447"></a>
         <a class="indexterm" name="id369454"></a>
         <a class="indexterm" name="id369461"></a>
         <a class="indexterm" name="id369467"></a>
         <a class="indexterm" name="id369474"></a>
         <a class="indexterm" name="id369481"></a>
         <a class="indexterm" name="id369488"></a>
         <a class="indexterm" name="id369495"></a>
         <a class="indexterm" name="id369501"></a>
+        <a class="indexterm" name="id367956"></a>
+        <a class="indexterm" name="id367962"></a>
+        <a class="indexterm" name="id367969"></a>
+        <a class="indexterm" name="id367976"></a>
+        <a class="indexterm" name="id367983"></a>
+        <a class="indexterm" name="id367990"></a>
+        <a class="indexterm" name="id367996"></a>
+        <a class="indexterm" name="id368003"></a>
+        <a class="indexterm" name="id368010"></a>
+        <a class="indexterm" name="id368017"></a>
+        <a class="indexterm" name="id368024"></a>
+        <a class="indexterm" name="id368030"></a>
         If you choose to use a tdbsam (<code class="filename">passdb.tdb</code>) backend file, your best choice
         is to use <code class="literal">pdbedit</code> to export the contents of the tdbsam file into an
 …
         may be exported or imported into either a tdbsam (<code class="filename">passdb.tdb</code>) or
         an LDAP backend.
         </p><div class="figure"><a name="NT4DUM"></a><p class="title"><b>Figure 9.2. View of Accounts in NT4 Domain User Manager</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserMgrNT4.png" width="270" alt="View of Accounts in NT4 Domain User Manager"></div></div></div><br class="figure-break"></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id369580"></a>Political Issues</h3></div></div></div><p>
+        </p><div class="figure"><a name="NT4DUM"></a><p class="title"><b>Figure 9.2. View of Accounts in NT4 Domain User Manager</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserMgrNT4.png" width="270" alt="View of Accounts in NT4 Domain User Manager"></div></div></div><br class="figure-break"></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id368109"></a>Political Issues</h3></div></div></div><p>
         The merging of multiple Windows NT4-style domains into a single LDAP-backend-based Samba-3
         domain may be seen by those who had power over them as a loss of prestige or a loss of
 …
         Samba-3 domain is to promote (sell) the action as one that reduces costs and delivers
         greater network interoperability and manageability.
         </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id369600"></a>Implementation</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id368129"></a>Implementation</h2></div></div></div><p>
         From feedback on the Samba mailing lists, it seems that most Windows NT4 migrations
         to Samba-3 are being performed using a new server or a new installation of a Linux or UNIX
 …
                 migration to either a tdbsam or an ldapsam backend.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id369676"></a>
                 <a class="indexterm" name="id369682"></a>
                 <a class="indexterm" name="id369688"></a>
+                <a class="indexterm" name="id368205"></a>
+                <a class="indexterm" name="id368211"></a>
+                <a class="indexterm" name="id368218"></a>
                 Clean up the source NT4 PDC. Delete all accounts that need not be migrated.
                 Delete all files that should not be migrated. Where possible, change NT group
 …
                 </p></li><li class="listitem"><p>
                 Step through the migration process.
                 </p></li><li class="listitem"><p><a class="indexterm" name="id369706"></a>
+                </p></li><li class="listitem"><p><a class="indexterm" name="id368235"></a>
                 Remove the NT4 PDC from the network.
                 </p></li><li class="listitem"><p>
 …
                 </p></li></ul></div><p>
         It may help to use the above outline as a pre-migration checklist.
         </p><div class="sect2" title="NT4 Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id369724"></a>NT4 Migration Using LDAP Backend</h3></div></div></div><p>
+        </p><div class="sect2" title="NT4 Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id368253"></a>NT4 Migration Using LDAP Backend</h3></div></div></div><p>
         In this example, the migration is of an NT4 PDC to a Samba-3 PDC with an LDAP backend. The accounts about
         to be migrated are shown in <a class="link" href="ntmigration.html#NT4DUM" title="Figure 9.2. View of Accounts in NT4 Domain User Manager">&#8220;View of Accounts in NT4 Domain User Manager&#8221;</a>. In this example use is made of the
 …
         before commencing the following configuration steps.
         </p></div><div class="table"><a name="ch8-vampire"></a><p class="title"><b>Table 9.1. Samba <code class="filename">smb.conf</code> Scripts Essential to Samba Operation</b></p><div class="table-contents"><table summary="Samba smb.conf Scripts Essential to Samba Operation" border="1"><colgroup><col align="left"><col align="center"><col align="center"></colgroup><thead><tr><th align="left">Entity</th><th align="center">ldapsam Script</th><th align="center">tdbsam Script</th></tr></thead><tbody><tr><td align="left">Add User Accounts</td><td align="center">smbldap-useradd</td><td align="center">useradd</td></tr><tr><td align="left">Delete User Accounts</td><td align="center">smbldap-userdel</td><td align="center">userdel</td></tr><tr><td align="left">Add Group Accounts</td><td align="center">smbldap-groupadd</td><td align="center">groupadd</td></tr><tr><td align="left">Delete Group Accounts</td><td align="center">smbldap-groupdel</td><td align="center">groupdel</td></tr><tr><td align="left">Add User to Group</td><td align="center">smbldap-groupmod</td><td align="center">usermod (See Note)</td></tr><tr><td align="left">Add Machine Accounts</td><td align="center">smbldap-useradd</td><td align="center">useradd</td></tr></tbody></table></div></div><br class="table-break"><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id369914"></a>
         <a class="indexterm" name="id369921"></a>
         <a class="indexterm" name="id369928"></a>
+        <a class="indexterm" name="id368443"></a>
+        <a class="indexterm" name="id368450"></a>
+        <a class="indexterm" name="id368456"></a>
         The UNIX/Linux <code class="literal">usermod</code> utility does not permit simple user addition to (or deletion
         of users from) groups. This is a feature provided by the smbldap-tools scripts. If you want this
 …
         in the formal commands provided by Linux distributions (March 2004).
         </p></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id369961"></a>
+        <a class="indexterm" name="id368489"></a>
         The <code class="literal">tdbdump</code> utility is a utility that you can build from the Samba source-code tree. Not all Linux binary distributions include this tool. If it is missing from your
         Linux distribution, you will need to build this yourself or else forgo its use.
         </p></div><p>
         <a class="indexterm" name="id369979"></a>
+        <a class="indexterm" name="id368508"></a>
         Before starting the migration, all dead accounts were removed from the NT4 domain using the User Manager for Domains.
         </p><div class="procedure" title="Procedure 9.1. User Migration Steps"><a name="id369988"></a><p class="title"><b>Procedure 9.1. User Migration Steps</b></p><div class="example"><a name="sbent4smb"></a><p class="title"><b>Example 9.1. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id370046"></a><em class="parameter"><code>workgroup = DAMNATION</code></em></td></tr><tr><td><a class="indexterm" name="id370057"></a><em class="parameter"><code>netbios name = MERLIN</code></em></td></tr><tr><td><a class="indexterm" name="id370068"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id370080"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id370092"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id370103"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id370115"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id370126"></a><em class="parameter"><code>smb ports = 139 445</code></em></td></tr><tr><td><a class="indexterm" name="id370138"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id370149"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370161"></a><em class="parameter"><code>#delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370173"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370185"></a><em class="parameter"><code>#delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370197"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/ smbldap-groupmod -m '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370209"></a><em class="parameter"><code>#delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id370221"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370233"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id370245"></a><em class="parameter"><code>logon script = scripts\logon.cmd</code></em></td></tr><tr><td><a class="indexterm" name="id370257"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id370268"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id370280"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id370291"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370303"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id370314"></a><em class="parameter"><code>#wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370326"></a><em class="parameter"><code>wins server = 192.168.123.124</code></em></td></tr><tr><td><a class="indexterm" name="id370337"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id370349"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id370360"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id370372"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id370384"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370395"></a><em class="parameter"><code>ldap suffix = dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id370407"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id370418"></a><em class="parameter"><code>ldap timeout = 20</code></em></td></tr><tr><td><a class="indexterm" name="id370430"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id370441"></a><em class="parameter"><code>idmap backend = ldap:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id370453"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id370464"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id370476"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370487"></a><em class="parameter"><code>ea support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370499"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbent4smb2"></a><p class="title"><b>Example 9.2. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id370543"></a><em class="parameter"><code>comment = Application Data</code></em></td></tr><tr><td><a class="indexterm" name="id370555"></a><em class="parameter"><code>path = /data/home/apps</code></em></td></tr><tr><td><a class="indexterm" name="id370566"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id370587"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id370598"></a><em class="parameter"><code>path = /home/users/%U/Documents</code></em></td></tr><tr><td><a class="indexterm" name="id370610"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id370622"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id370633"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id370653"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id370665"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id370676"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370688"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370699"></a><em class="parameter"><code>use client driver = No</code></em></td></tr><tr><td><a class="indexterm" name="id370711"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id370731"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id370743"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id370754"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id370766"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id370786"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id370798"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id370809"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id370821"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id370841"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id370853"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id370864"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id370876"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id370896"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id370908"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbentslapd"></a><p class="title"><b>Example 9.3. NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part A</b></p><div class="example-contents"><pre class="screen">
+        </p><div class="procedure" title="Procedure 9.1. User Migration Steps"><a name="id368517"></a><p class="title"><b>Procedure 9.1. User Migration Steps</b></p><div class="example"><a name="sbent4smb"></a><p class="title"><b>Example 9.1. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id368576"></a><em class="parameter"><code>workgroup = DAMNATION</code></em></td></tr><tr><td><a class="indexterm" name="id368587"></a><em class="parameter"><code>netbios name = MERLIN</code></em></td></tr><tr><td><a class="indexterm" name="id368598"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id368610"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id368622"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id368633"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id368645"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id368656"></a><em class="parameter"><code>smb ports = 139 445</code></em></td></tr><tr><td><a class="indexterm" name="id368668"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id368679"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id368691"></a><em class="parameter"><code>#delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id368703"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id368715"></a><em class="parameter"><code>#delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id368727"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/ smbldap-groupmod -m '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id368739"></a><em class="parameter"><code>#delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id368751"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id368763"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id368775"></a><em class="parameter"><code>logon script = scripts\logon.cmd</code></em></td></tr><tr><td><a class="indexterm" name="id368787"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id368798"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id368810"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id368821"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id368833"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id368844"></a><em class="parameter"><code>#wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id368856"></a><em class="parameter"><code>wins server = 192.168.123.124</code></em></td></tr><tr><td><a class="indexterm" name="id368867"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id368879"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id368890"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id368902"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id368914"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id368925"></a><em class="parameter"><code>ldap suffix = dc=terpstra-world,dc=org</code></em></td></tr><tr><td><a class="indexterm" name="id368937"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id368948"></a><em class="parameter"><code>ldap timeout = 20</code></em></td></tr><tr><td><a class="indexterm" name="id368960"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id368971"></a><em class="parameter"><code>idmap backend = ldap:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id368983"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id368994"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id369006"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id369017"></a><em class="parameter"><code>ea support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id369029"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbent4smb2"></a><p class="title"><b>Example 9.2. NT4 Migration Samba-3 Server <code class="filename">smb.conf</code>  Part: B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id369073"></a><em class="parameter"><code>comment = Application Data</code></em></td></tr><tr><td><a class="indexterm" name="id369085"></a><em class="parameter"><code>path = /data/home/apps</code></em></td></tr><tr><td><a class="indexterm" name="id369096"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id369116"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id369128"></a><em class="parameter"><code>path = /home/users/%U/Documents</code></em></td></tr><tr><td><a class="indexterm" name="id369140"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id369151"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id369163"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id369183"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id369195"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id369206"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id369218"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id369229"></a><em class="parameter"><code>use client driver = No</code></em></td></tr><tr><td><a class="indexterm" name="id369240"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id369261"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id369272"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id369284"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id369296"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id369316"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id369327"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id369339"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id369350"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id369371"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id369382"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id369394"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id369406"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id369426"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id369438"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="sbentslapd"></a><p class="title"><b>Example 9.3. NT4 Migration LDAP Server Configuration File: <code class="filename">/etc/openldap/slapd.conf</code>  Part A</b></p><div class="example-contents"><pre class="screen">
 include         /etc/openldap/schema/core.schema
 include         /etc/openldap/schema/cosine.schema
 …
                 no account information can be deleted.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id370926"></a>
+                <a class="indexterm" name="id369456"></a>
                 Configure OpenLDAP in preparation for the migration. An example
                 <code class="filename">sladp.conf</code> file is shown in <a class="link" href="ntmigration.html#sbentslapd" title="Example 9.3. NT4 Migration LDAP Server Configuration File: /etc/openldap/slapd.conf Part A">&#8220;NT4 Migration LDAP Server Configuration File: /etc/openldap/slapd.conf  Part A&#8221;</a>.
 …
                 be obtained by executing the <code class="literal">slappasswd</code> command.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id371025"></a>
                 <a class="indexterm" name="id371032"></a>
+                <a class="indexterm" name="id369553"></a>
+                <a class="indexterm" name="id369560"></a>
                 Install the PADL <code class="literal">nss_ldap</code> tool set, then configure the <code class="filename">/etc/ldap.conf</code>
                 as shown in <a class="link" href="ntmigration.html#sbrntldapconf" title="Example 9.5. NT4 Migration NSS LDAP File: /etc/ldap.conf">&#8220;NT4 Migration NSS LDAP File: /etc/ldap.conf&#8221;</a>.
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id371087"></a>
+                <a class="indexterm" name="id369616"></a>
                 Edit the <code class="filename">/etc/nsswitch.conf</code> file so it has the entries shown
                 in <a class="link" href="ntmigration.html#sbentnss" title="Example 9.6. NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:1)">&#8220;NT4 Migration NSS Control File: /etc/nsswitch.conf (Stage:1)&#8221;</a>. Note that the LDAP entries have been commented out.
 …
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id371235"></a>
                 <a class="indexterm" name="id371242"></a>
                 <a class="indexterm" name="id371249"></a>
                 <a class="indexterm" name="id371256"></a>
+                <a class="indexterm" name="id369763"></a>
+                <a class="indexterm" name="id369770"></a>
+                <a class="indexterm" name="id369777"></a>
+                <a class="indexterm" name="id369784"></a>
                 Install the Idealx <code class="literal">smbldap-tools</code> software package, following
                 the instructions given in <a class="link" href="happy.html#sbeidealx" title="Install and Configure Idealx smbldap-tools Scripts">&#8220;Install and Configure Idealx smbldap-tools Scripts&#8221;</a>. The resulting perl scripts
 …
   /etc/smbldap-tools/smbldap_bind.conf done.
 </pre><p>
                 <a class="indexterm" name="id371351"></a>
                 <a class="indexterm" name="id371358"></a>
                 <a class="indexterm" name="id371365"></a>
                 <a class="indexterm" name="id371371"></a>
+                <a class="indexterm" name="id369879"></a>
+                <a class="indexterm" name="id369886"></a>
+                <a class="indexterm" name="id369893"></a>
+                <a class="indexterm" name="id369900"></a>
                 Note that the NT4 domain SID that was previously obtained was entered above. Also,
                 the sambaUnixIdPooldn object was specified as sambaDomainName=DAMNATION. This is
 …
                 This is expected behavior.
                 </p></li><li class="step" title="Step 12"><p>
                 <a class="indexterm" name="id371510"></a>
+                <a class="indexterm" name="id370038"></a>
                 Restart the LDAP server following initialization of the LDAP directory. Execute the
                 system control script provided on your system. The following steps can be used on
 …
                 across, set up privileges, and set share and file/directory access controls.
                 </p></li><li class="step" title="Step 21"><p>
                 <a class="indexterm" name="id371765"></a>
                 <a class="indexterm" name="id371772"></a>
+                <a class="indexterm" name="id370293"></a>
+                <a class="indexterm" name="id370300"></a>
                 Edit the <code class="filename">smb.conf</code> file to  reset the parameter
                 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = Yes</a> so that
 …
 Creating unix group: 'Users'
 </pre><p>
         </p></div></div><div class="sect2" title="NT4 Migration Using tdbsam Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id371918"></a>NT4 Migration Using tdbsam Backend</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="NT4 Migration Using tdbsam Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id370444"></a>NT4 Migration Using tdbsam Backend</h3></div></div></div><p>
         In this example, we change the domain name of the NT4 server from
         <code class="constant">DRUGPREP</code> to <code class="constant">MEGANET</code> prior to the use
 …
         databases. These entries must therefore be present, and correct options specified,
         in your <code class="filename">smb.conf</code> file, or else the migration does not work as it should.
         </p><div class="procedure" title="Procedure 9.2. Migration Steps Using tdbsam"><a name="id371961"></a><p class="title"><b>Procedure 9.2. Migration Steps Using tdbsam</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 9.2. Migration Steps Using tdbsam"><a name="id370488"></a><p class="title"><b>Procedure 9.2. Migration Steps Using tdbsam</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Prepare a Samba-3 server precisely per the instructions shown in <a class="link" href="Big500users.html" title="Chapter 4. The 500-User Office">&#8220;The 500-User Office&#8221;</a>.
                 Set the workgroup name to <code class="constant">MEGANET</code>.
                 </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id371988"></a><a class="indexterm" name="id371996"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id370515"></a><a class="indexterm" name="id370522"></a>
                 Edit the <code class="filename">smb.conf</code> file to temporarily change the parameter
                 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = No</a> so
 …
                 </p></li><li class="step" title="Step 3"><p>
                 Start Samba as you have done previously.
                 </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id372035"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id370562"></a>
                 Join the NT4 Domain as a BDC, as shown here:
 </p><pre class="screen">
 …
 Joined domain MEGANET.
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id372068"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id370595"></a>
                 You may vampire the accounts from the NT4 PDC by executing the command, as shown here:
 </p><pre class="screen">
 …
 SAM_DELTA_DOMAIN_INFO not handled
 </pre><p>
                 </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id372111"></a>
+                </p></li><li class="step" title="Step 6"><p><a class="indexterm" name="id370638"></a>
                 At this point, we can validate our migration. Let's look at the accounts
                 in the form in which they are seen in a smbpasswd file. This achieves that:
 …
      CF271B744F7A55AFDA277FF88D80C527:[UX         ]:LCT-3E8B4270:
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p><a class="indexterm" name="id372163"></a>
+                </p></li><li class="step" title="Step 7"><p><a class="indexterm" name="id370690"></a>
                 An expanded view of a user account entry shows more of what was
                 obtained from the NT4 PDC:
 …
 Password must change: Mon, 18 Jan 2038 20:14:07 GMT
 </pre><p>
                 </p></li><li class="step" title="Step 8"><p><a class="indexterm" name="id372190"></a>
+                </p></li><li class="step" title="Step 8"><p><a class="indexterm" name="id370717"></a>
                 The following command lists the long names of the groups that have been
                 imported (vampired) from the NT4 PDC:
 …
 </pre><p>
                 Everything looks well and in order.
                 </p></li><li class="step" title="Step 9"><p><a class="indexterm" name="id372225"></a><a class="indexterm" name="id372233"></a>
+                </p></li><li class="step" title="Step 9"><p><a class="indexterm" name="id370752"></a><a class="indexterm" name="id370760"></a>
                 Edit the <code class="filename">smb.conf</code> file to  reset the parameter
                 <a class="link" href="smb.conf.5.html#DOMAINMASTER" target="_top">domain master = Yes</a> so
                 the Samba server functions as a PDC for the purpose of migration.
                 </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id372263"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id370790"></a>Key Points Learned</h3></div></div></div><p>
                 Migration of an NT4 PDC database to a Samba-3 PDC is possible.
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
 …
                         The net Samba-3 domain most likely requires some
                         administration and updating before going live.
                         </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id372297"></a>Questions and Answers</h2></div></div></div><p>
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id372306"></a><dl><dt> <a href="ntmigration.html#id372313">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id370824"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id370833"></a><dl><dt> <a href="ntmigration.html#id370840">
                 Why must I start each migration with a clean database?
                 </a></dt><dt> <a href="ntmigration.html#id372349">
+                </a></dt><dt> <a href="ntmigration.html#id370876">
                 Is it possible to set my domain SID to anything I like?
                 </a></dt><dt> <a href="ntmigration.html#id372401">
+                </a></dt><dt> <a href="ntmigration.html#id370928">
                 When using a tdbsam passdb backend, why must I have all domain user and group accounts
                 in /etc/passwd and /etc/group?
                 </a></dt><dt> <a href="ntmigration.html#id372571">
+                </a></dt><dt> <a href="ntmigration.html#id371098">
                 Why did you validate connectivity before attempting migration?
                 </a></dt><dt> <a href="ntmigration.html#id372613">
+                </a></dt><dt> <a href="ntmigration.html#id371140">
                 How would you merge 10 tdbsam-based domains into an LDAP database?
                 </a></dt><dt> <a href="ntmigration.html#id372728">
+                </a></dt><dt> <a href="ntmigration.html#id371255">
                 I want to change my domain name after I migrate all accounts from an NT4 domain to a
                 Samba-3 domain. Does it make any sense to migrate the machine accounts in that case?
                 </a></dt><dt> <a href="ntmigration.html#id372800">
+                </a></dt><dt> <a href="ntmigration.html#id371327">
                 After merging multiple NT4 domains into a Samba-3 domain, I lost all multiple group mappings. Why?
                 </a></dt><dt> <a href="ntmigration.html#id372858">
+                </a></dt><dt> <a href="ntmigration.html#id371385">
                 How can I reset group membership after loading the account information into the LDAP database?
                 </a></dt><dt> <a href="ntmigration.html#id372890">
+                </a></dt><dt> <a href="ntmigration.html#id371417">
                 What are the limits or constraints that apply to group names?
                 </a></dt><dt> <a href="ntmigration.html#id372987">
+                </a></dt><dt> <a href="ntmigration.html#id371514">
                 My Windows NT4 PDC has 323,000 user accounts. How long will it take to migrate them to a Samba-3
                 LDAP backend system using the vampire process?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id372313"></a><a name="id372315"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372318"></a>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id370840"></a><a name="id370842"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id370845"></a>
                 Why must I start each migration with a clean database?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372333"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id370860"></a>
                 This is a recommendation that permits the data from each NT4 domain to
                 be kept separate until you are ready to merge them. Also, if you do not start with a clean database,
 …
                 without undue errors and then to handle the merging of vampired data under
                 proper supervision.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372349"></a><a name="id372351"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372354"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id370876"></a><a name="id370878"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id370881"></a>
                 Is it possible to set my domain SID to anything I like?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372369"></a><a class="indexterm" name="id372377"></a><a class="indexterm" name="id372384"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id370896"></a><a class="indexterm" name="id370904"></a><a class="indexterm" name="id370911"></a>
                 Yes, so long as the SID you create has the same structure as an autogenerated SID.
                 The typical SID looks like this: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX, where
 …
                 You may want to set the SID to one that is already in use somewhere on your network,
                 but that is a little different from straight out creating your own domain SID.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372401"></a><a name="id372403"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372406"></a><a class="indexterm" name="id372414"></a><a class="indexterm" name="id372422"></a><a class="indexterm" name="id372430"></a><a class="indexterm" name="id372438"></a><a class="indexterm" name="id372449"></a><a class="indexterm" name="id372460"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id370928"></a><a name="id370930"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id370933"></a><a class="indexterm" name="id370941"></a><a class="indexterm" name="id370949"></a><a class="indexterm" name="id370957"></a><a class="indexterm" name="id370965"></a><a class="indexterm" name="id370976"></a><a class="indexterm" name="id370987"></a>
                 When using a tdbsam passdb backend, why must I have all domain user and group accounts
                 in <code class="filename">/etc/passwd</code> and <code class="filename">/etc/group</code>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372491"></a><a class="indexterm" name="id372499"></a><a class="indexterm" name="id372506"></a><a class="indexterm" name="id372514"></a><a class="indexterm" name="id372522"></a><a class="indexterm" name="id372530"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id371018"></a><a class="indexterm" name="id371026"></a><a class="indexterm" name="id371033"></a><a class="indexterm" name="id371041"></a><a class="indexterm" name="id371049"></a><a class="indexterm" name="id371057"></a>
                 Samba-3 must be able to tie all user and group account SIDs to a UNIX UID or GID. Samba
                 does not fabricate the UNIX IDs from thin air, but rather requires them to be located
 …
                 In short then, all UNIX and Windows networking accounts, both in tdbsam as well as in
                 LDAP, require UIDs/GIDs.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372571"></a><a name="id372573"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372576"></a><a class="indexterm" name="id372584"></a><a class="indexterm" name="id372592"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371098"></a><a name="id371100"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id371103"></a><a class="indexterm" name="id371111"></a><a class="indexterm" name="id371119"></a>
                 Why did you validate connectivity before attempting migration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 potential problems that may otherwise affect or impede account migration. I am always
                 mindful of the 4 P's of migration: Planning Prevents Poor Performance.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372613"></a><a name="id372615"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371140"></a><a name="id371142"></a></td><td align="left" valign="top"><p>
                 How would you merge 10 tdbsam-based domains into an LDAP database?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372626"></a><a class="indexterm" name="id372634"></a><a class="indexterm" name="id372642"></a><a class="indexterm" name="id372649"></a><a class="indexterm" name="id372657"></a><a class="indexterm" name="id372665"></a><a class="indexterm" name="id372672"></a><a class="indexterm" name="id372680"></a><a class="indexterm" name="id372688"></a><a class="indexterm" name="id372696"></a><a class="indexterm" name="id372704"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id371153"></a><a class="indexterm" name="id371161"></a><a class="indexterm" name="id371168"></a><a class="indexterm" name="id371176"></a><a class="indexterm" name="id371184"></a><a class="indexterm" name="id371192"></a><a class="indexterm" name="id371199"></a><a class="indexterm" name="id371207"></a><a class="indexterm" name="id371215"></a><a class="indexterm" name="id371223"></a><a class="indexterm" name="id371231"></a>
                 If you have 10 tdbsam Samba domains, there is considerable risk that there are a number of
                 accounts that have the same UNIX identifier (UID/GID). This means that you almost
 …
                 you have migrated before handing over access to a user. After all, too many users with a bad
                 migration experience may threaten your career.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372728"></a><a name="id372731"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372734"></a><a class="indexterm" name="id372742"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371255"></a><a name="id371258"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id371261"></a><a class="indexterm" name="id371269"></a>
                 I want to change my domain name after I migrate all accounts from an NT4 domain to a
                 Samba-3 domain. Does it make any sense to migrate the machine accounts in that case?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372761"></a><a class="indexterm" name="id372769"></a><a class="indexterm" name="id372777"></a><a class="indexterm" name="id372785"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id371288"></a><a class="indexterm" name="id371296"></a><a class="indexterm" name="id371304"></a><a class="indexterm" name="id371312"></a>
                 I would recommend not to migrate the machine account. The machine accounts should still work, but there are registry entries
                 on each Windows NT4 and upward client that have a tattoo of the old domain name. If you
                 unjoin the domain and then rejoin the newly renamed Samba-3 domain, you can be certain to avoid
                 this tattooing effect.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372800"></a><a name="id372802"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372805"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371327"></a><a name="id371329"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id371332"></a>
                 After merging multiple NT4 domains into a Samba-3 domain, I lost all multiple group mappings. Why?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372820"></a><a class="indexterm" name="id372828"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id371347"></a><a class="indexterm" name="id371355"></a>
                 Samba-3 currently does not implement multiple group membership internally. If you use the Windows
                 NT4 Domain User Manager to manage accounts and you have an LDAP backend, the multiple group
 …
                 and <code class="filename">/etc/group</code> information also. That is where the multiple group information
                 is most closely at your fingertips.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372858"></a><a name="id372860"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371385"></a><a name="id371387"></a></td><td align="left" valign="top"><p>
                 How can I reset group membership after loading the account information into the LDAP database?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372871"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id371398"></a>
                 You can use the NT4 Domain User Manager that can be downloaded from the Microsoft Web site. The
                 installation file is called <code class="filename">SRVTOOLS.EXE</code>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372890"></a><a name="id372892"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372895"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371417"></a><a name="id371419"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id371422"></a>
                 What are the limits or constraints that apply to group names?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id372910"></a><a class="indexterm" name="id372918"></a><a class="indexterm" name="id372926"></a><a class="indexterm" name="id372934"></a><a class="indexterm" name="id372942"></a><a class="indexterm" name="id372950"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id371437"></a><a class="indexterm" name="id371445"></a><a class="indexterm" name="id371453"></a><a class="indexterm" name="id371461"></a><a class="indexterm" name="id371469"></a><a class="indexterm" name="id371477"></a>
                 A Windows 200x group name can be up to 254 characters long, while in Windows NT4 the group
                 name is limited to 20 characters. Most UNIX systems limit this to 32 characters. Windows
 …
                 or user account names. You have to experiment with your system to find what its
                 peculiarities are.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id372987"></a><a name="id372989"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id372992"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id371514"></a><a name="id371516"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id371519"></a>
                 My Windows NT4 PDC has 323,000 user accounts. How long will it take to migrate them to a Samba-3
                 LDAP backend system using the vampire process?
 …
                 integer. UNIX/Linux systems that have a 32-bit UID/GID can easily handle this number of accounts.
                 Please check this carefully before you attempt to effect a migration using the vampire process.
                 </p><p><a class="indexterm" name="id373019"></a>
+                </p><p><a class="indexterm" name="id371546"></a>
                 Migration speed depends much on the processor speed, the network speed, disk I/O capability, and
                 LDAP update overheads. On a dual processor AMD MP1600+ with 1 GB memory that was mirroring LDAP

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/nw4migration.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Migrating NetWare Server to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"><link rel="next" href="RefSection.html" title="Part III. Reference Section"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Migrating NetWare Server to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ntmigration.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="RefSection.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 10. Migrating NetWare Server to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="nw4migration"></a>Chapter 10. Migrating NetWare Server to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="nw4migration.html#id373183">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373282">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373359">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373431">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id373599">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id373608">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></div><p>
         <a class="indexterm" name="id373052"></a>
         <a class="indexterm" name="id373059"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Migrating NetWare Server to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"><link rel="next" href="RefSection.html" title="Part III. Reference Section"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Migrating NetWare Server to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ntmigration.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="RefSection.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 10. Migrating NetWare Server to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="nw4migration"></a>Chapter 10. Migrating NetWare Server to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="nw4migration.html#id371710">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id371809">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id371886">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id371958">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id372125">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id372134">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></div><p>
+        <a class="indexterm" name="id371579"></a>
+        <a class="indexterm" name="id371586"></a>
         Novell is a company any seasoned IT manager has to admire. It has become increasingly
         Linux-friendly and is emerging out of a deep regression that almost saw the company
 …
         Meanwhile, there can be no denying that Novell is a Linux company.
         </p><p>
         <a class="indexterm" name="id373073"></a>
         <a class="indexterm" name="id373080"></a>
         <a class="indexterm" name="id373087"></a>
         <a class="indexterm" name="id373093"></a>
+        <a class="indexterm" name="id371600"></a>
+        <a class="indexterm" name="id371607"></a>
+        <a class="indexterm" name="id371614"></a>
+        <a class="indexterm" name="id371620"></a>
         Whatever flavor of Linux is preferred in your environment, whether Red Hat, Debian,
         Gentoo, Mandrake, or SUSE (Novell), the information in this chapter should be read with
 …
         in this chapter should provide something of value.
         </p><p>
         <a class="indexterm" name="id373106"></a>
+        <a class="indexterm" name="id371633"></a>
         Contributions to this chapter were made by Misty Stanley-Jones, a UNIX administrator of many
         years who surfaced on the Samba mailing list with a barrage of questions and who
         regularly helps other administrators to solve thorny Samba migration questions.
         </p><p>
         <a class="indexterm" name="id373118"></a>
         <a class="indexterm" name="id373125"></a>
         <a class="indexterm" name="id373132"></a>
         <a class="indexterm" name="id373139"></a>
+        <a class="indexterm" name="id371645"></a>
+        <a class="indexterm" name="id371652"></a>
+        <a class="indexterm" name="id371659"></a>
+        <a class="indexterm" name="id371666"></a>
         One wonders how many NetWare servers remain in active service. Many are being migrated
         to Samba on Linux. Red Hat Linux, SUSE Linux 9.x, and SUSE Linux Enterprise Server 9 are
 …
         original documentation contributed by Misty, the Courier-IMAP package had been built
         directly from the original source tarball.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id373183"></a>Introduction</h2></div></div></div><p>
         <a class="indexterm" name="id373190"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id371710"></a>Introduction</h2></div></div></div><p>
+        <a class="indexterm" name="id371717"></a>
         Misty Stanley-Jones was recruited by Abmas to administer a network that had
         not received much attention for some years and was much in need of a makeover.
 …
                                         drives, causing backup integrity problems
                                         </p></li></ul></div></li></ul></div><p>
         <a class="indexterm" name="id373272"></a>
+        <a class="indexterm" name="id371799"></a>
         At one point disk space had filled up to 100 percent, causing the payroll database
         to become corrupt. This caused the accounting department to be down for over
 …
         server was created with very poor security and design considerations from
         a discarded desktop PC.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id373282"></a>Assignment Tasks</h3></div></div></div><p>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id371809"></a>Assignment Tasks</h3></div></div></div><p>
         Misty has provided this summary of her migration experience in the hope
         that it will help someone to avoid the challenges she faced. Perhaps her
 …
         the overall information more useful to you.
         </p><p>
         <a class="indexterm" name="id373311"></a>
+        <a class="indexterm" name="id371838"></a>
         After management reviewed a cost-benefit report as well as an estimated
         time-to-completion, approval was given proceed with the solution proposed.
 …
         The new system has operated for 6 months without problems. Over the past months
         much attention has been focused on cleaning up desktops and user profiles.
         </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id373359"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id373367"></a>
         <a class="indexterm" name="id373374"></a>
         <a class="indexterm" name="id373381"></a>
         <a class="indexterm" name="id373388"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id371886"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id371894"></a>
+        <a class="indexterm" name="id371901"></a>
+        <a class="indexterm" name="id371908"></a>
+        <a class="indexterm" name="id371915"></a>
         A decision to use LDAP was made even though I knew nothing about LDAP except that
         I had been reading the book <span class="quote">&#8220;<span class="quote">LDAP System Administration,</span>&#8221;</span> by Gerald Carter.
 …
         and would provide centralized authentication and identity management.
         </p><p>
         <a class="indexterm" name="id373404"></a>
         <a class="indexterm" name="id373411"></a>
         <a class="indexterm" name="id373417"></a>
+        <a class="indexterm" name="id371931"></a>
+        <a class="indexterm" name="id371938"></a>
+        <a class="indexterm" name="id371944"></a>
         Building the LDAP database took a while and a lot of trial and error. Following
         the guidance I obtained from <span class="quote">&#8220;<span class="quote">LDAP System
         Administration,</span>&#8221;</span> I installed OpenLDAP (from RPM; later I compiled
         a more current version from source) and built my initial LDAP tree.
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id373431"></a>Technical Issues</h3></div></div></div><p>
         <a class="indexterm" name="id373439"></a>
         <a class="indexterm" name="id373446"></a>
         <a class="indexterm" name="id373452"></a>
         <a class="indexterm" name="id373459"></a>
         <a class="indexterm" name="id373466"></a>
         <a class="indexterm" name="id373473"></a>
         <a class="indexterm" name="id373480"></a>
         <a class="indexterm" name="id373486"></a>
         <a class="indexterm" name="id373493"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id371958"></a>Technical Issues</h3></div></div></div><p>
+        <a class="indexterm" name="id371966"></a>
+        <a class="indexterm" name="id371972"></a>
+        <a class="indexterm" name="id371979"></a>
+        <a class="indexterm" name="id371986"></a>
+        <a class="indexterm" name="id371993"></a>
+        <a class="indexterm" name="id372000"></a>
+        <a class="indexterm" name="id372006"></a>
+        <a class="indexterm" name="id372013"></a>
+        <a class="indexterm" name="id372020"></a>
         The first challenge was to create a company white pages, followed by manually
         entering everything from the printed company directory. This used only the inetOrgPerson
 …
         aliases, hosts, netgroups, networks, protocols, PRCs, and services from the existing ASCII text
         files (or from a name service such as NIS). This too set can be obtained from the <a class="ulink" href="http://www.padl.com" target="_top">PADL Web site</a>.
         </p></div></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id373599"></a>Implementation</h2></div></div></div><p>
         </p><div class="sect2" title="NetWare Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id373608"></a>NetWare Migration Using LDAP Backend</h3></div></div></div><p>
+        </p></div></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id372125"></a>Implementation</h2></div></div></div><p>
+        </p><div class="sect2" title="NetWare Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id372134"></a>NetWare Migration Using LDAP Backend</h3></div></div></div><p>
         The following software must be installed on the SUSE Linux Enterprise Server to perform
         this migration:
 …
         The configuration files used at Abmas are provided as a guide and should be modified
         to meet needs at your site.
         </p><div class="sect3" title="LDAP Server Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id373667"></a>LDAP Server Configuration</h4></div></div></div><p>
+        </p><div class="sect3" title="LDAP Server Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id372194"></a>LDAP Server Configuration</h4></div></div></div><p>
         The <code class="filename">/etc/openldap/slapd.conf</code> file Misty used is shown here:
 </p><pre class="programlisting">
 …
 </pre><p>
 </p><p>
         <a class="indexterm" name="id373778"></a>
+        <a class="indexterm" name="id372304"></a>
         The <code class="filename">/etc/ldap.conf</code> file used is listed in <a class="link" href="nw4migration.html#ch8ldap" title="Example 10.2. NSS LDAP Control File /etc/ldap.conf">&#8220;NSS LDAP Control File  /etc/ldap.conf&#8221;</a>.
         </p><div class="example"><a name="ch8ldap"></a><p class="title"><b>Example 10.2. NSS LDAP Control File  /etc/ldap.conf</b></p><div class="example-contents"><pre class="screen">
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id373848"></a>
         <a class="indexterm" name="id373854"></a>
+        <a class="indexterm" name="id372373"></a>
+        <a class="indexterm" name="id372379"></a>
         In my setup, users authenticate via PAM and NSS using LDAP-based accounts.
         The configuration file that controls the behavior of the PAM <code class="literal">pam_unix2</code>
 …
 password: use_ldap
 session: none
 </pre></div></div><br class="example-break"><a class="indexterm" name="id373906"></a><a class="indexterm" name="id373913"></a><a class="indexterm" name="id373920"></a><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
+</pre></div></div><br class="example-break"><a class="indexterm" name="id372432"></a><a class="indexterm" name="id372439"></a><a class="indexterm" name="id372446"></a><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         If your LDAP database goes down, nobody can authenticate except for root.
                         </p></li><li class="listitem"><p>
 …
         </p><p>
         The following services authenticate using LDAP:
         </p><a class="indexterm" name="id373952"></a><a class="indexterm" name="id373959"></a><a class="indexterm" name="id373966"></a><table border="0" summary="Simple list" class="simplelist"><tr><td>UNIX login/ssh</td></tr><tr><td>Postfix (SMTP)</td></tr><tr><td>Courier-IMAP/IMAPS/POP3/POP3S</td></tr></table><p>
         <a class="indexterm" name="id373991"></a>
         <a class="indexterm" name="id373998"></a>
+        </p><a class="indexterm" name="id372478"></a><a class="indexterm" name="id372485"></a><a class="indexterm" name="id372492"></a><table border="0" summary="Simple list" class="simplelist"><tr><td>UNIX login/ssh</td></tr><tr><td>Postfix (SMTP)</td></tr><tr><td>Courier-IMAP/IMAPS/POP3/POP3S</td></tr></table><p>
+        <a class="indexterm" name="id372517"></a>
+        <a class="indexterm" name="id372524"></a>
         Companywide white pages can be searched using an LDAP client
         such as the one in the Windows Address Book.
         </p><p>
         <a class="indexterm" name="id374009"></a>
         <a class="indexterm" name="id374016"></a>
+        <a class="indexterm" name="id372535"></a>
+        <a class="indexterm" name="id372542"></a>
         Having gained a solid understanding of LDAP and a relatively workable LDAP tree
         thus far, it was time to configure Samba. I compiled the latest stable Samba and
 …
         </p><p>
         The Samba <code class="filename">smb.conf</code> file was configured as shown in <a class="link" href="nw4migration.html#ch8smbconf" title="Example 10.4. Samba Configuration File smb.conf Part A">&#8220;Samba Configuration File  smb.conf Part A&#8221;</a>.
         </p><div class="example"><a name="ch8smbconf"></a><p class="title"><b>Example 10.4. Samba Configuration File  smb.conf Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id374082"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id374094"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id374105"></a><em class="parameter"><code>server string = Corp File Server</code></em></td></tr><tr><td><a class="indexterm" name="id374117"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id374128"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374140"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id374152"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id374163"></a><em class="parameter"><code>log file = /data/samba/log/%m.log</code></em></td></tr><tr><td><a class="indexterm" name="id374175"></a><em class="parameter"><code>name resolve order = wins host bcast</code></em></td></tr><tr><td><a class="indexterm" name="id374186"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374198"></a><em class="parameter"><code>printcap name = cups</code></em></td></tr><tr><td><a class="indexterm" name="id374209"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id374221"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id374232"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id374244"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id374256"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id374268"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id374280"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id374292"></a><em class="parameter"><code>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"</code></em></td></tr><tr><td><a class="indexterm" name="id374304"></a><em class="parameter"><code>logon script = logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id374316"></a><em class="parameter"><code>logon path = \\%L\profiles\%U\%a</code></em></td></tr><tr><td><a class="indexterm" name="id374328"></a><em class="parameter"><code>logon drive = H:</code></em></td></tr><tr><td><a class="indexterm" name="id374339"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id374350"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374362"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374373"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id374385"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id374397"></a><em class="parameter"><code>ldap idmap suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id374408"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id374420"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374431"></a><em class="parameter"><code>ldap suffix = ou=MEGANET2,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id374443"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id374455"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id374466"></a><em class="parameter"><code>admin users = root, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374478"></a><em class="parameter"><code>printer admin = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374489"></a><em class="parameter"><code>force printername = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf2"></a><p class="title"><b>Example 10.5. Samba Configuration File  smb.conf Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id374528"></a><em class="parameter"><code>comment = Network logon service</code></em></td></tr><tr><td><a class="indexterm" name="id374540"></a><em class="parameter"><code>path = /data/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id374551"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374563"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id374583"></a><em class="parameter"><code>comment = Roaming Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id374595"></a><em class="parameter"><code>path = /data/samba/profiles/</code></em></td></tr><tr><td><a class="indexterm" name="id374607"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374618"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id374630"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id374641"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id374662"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id374673"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id374685"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374696"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id374708"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id374719"></a><em class="parameter"><code>hide files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id374731"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[software]</code></em></td></tr><tr><td><a class="indexterm" name="id374751"></a><em class="parameter"><code>comment = Software for %a computers</code></em></td></tr><tr><td><a class="indexterm" name="id374763"></a><em class="parameter"><code>path = /data/samba/shares/software/%a</code></em></td></tr><tr><td><a class="indexterm" name="id374774"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[public]</code></em></td></tr><tr><td><a class="indexterm" name="id374795"></a><em class="parameter"><code>comment = Public Files</code></em></td></tr><tr><td><a class="indexterm" name="id374806"></a><em class="parameter"><code>path = /data/samba/shares/public</code></em></td></tr><tr><td><a class="indexterm" name="id374818"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374829"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[PDF]</code></em></td></tr><tr><td><a class="indexterm" name="id374850"></a><em class="parameter"><code>comment = Location of documents printed to PDFCreator printer</code></em></td></tr><tr><td><a class="indexterm" name="id374862"></a><em class="parameter"><code>path = /data/samba/shares/pdf</code></em></td></tr><tr><td><a class="indexterm" name="id374873"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf3"></a><p class="title"><b>Example 10.6. Samba Configuration File  smb.conf Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[EVERYTHING]</code></em></td></tr><tr><td><a class="indexterm" name="id374912"></a><em class="parameter"><code>comment = All shares</code></em></td></tr><tr><td><a class="indexterm" name="id374923"></a><em class="parameter"><code>path = /data/samba</code></em></td></tr><tr><td><a class="indexterm" name="id374934"></a><em class="parameter"><code>valid users = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id374946"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[CDROM]</code></em></td></tr><tr><td><a class="indexterm" name="id374966"></a><em class="parameter"><code>comment = CD-ROM on MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id374978"></a><em class="parameter"><code>path = /mnt</code></em></td></tr><tr><td><a class="indexterm" name="id374990"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id375010"></a><em class="parameter"><code>comment = Printer Drivers Share</code></em></td></tr><tr><td><a class="indexterm" name="id375022"></a><em class="parameter"><code>path = /data/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id375033"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id375045"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id375065"></a><em class="parameter"><code>comment = All Printers</code></em></td></tr><tr><td><a class="indexterm" name="id375076"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id375088"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id375100"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375111"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[acct_hp8500]</code></em></td></tr><tr><td><a class="indexterm" name="id375131"></a><em class="parameter"><code>comment = "Accounting Color Laser Printer"</code></em></td></tr><tr><td><a class="indexterm" name="id375143"></a><em class="parameter"><code>path = /data/samba/spool/private</code></em></td></tr><tr><td><a class="indexterm" name="id375155"></a><em class="parameter"><code>valid users = @acct, @acct_admin, @hr, "@Domain Admins",@Receptionist, dwayne, terri, danae, jerry</code></em></td></tr><tr><td><a class="indexterm" name="id375167"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id375178"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375190"></a><em class="parameter"><code>copy = printers</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[plotter]</code></em></td></tr><tr><td><a class="indexterm" name="id375210"></a><em class="parameter"><code>comment = Engineering Plotter</code></em></td></tr><tr><td><a class="indexterm" name="id375222"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id375233"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id375245"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375256"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id375268"></a><em class="parameter"><code>copy = printers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf4"></a><p class="title"><b>Example 10.7. Samba Configuration File  smb.conf Part D</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[APPS]</code></em></td></tr><tr><td><a class="indexterm" name="id375307"></a><em class="parameter"><code>path = /data/samba/shares/Apps</code></em></td></tr><tr><td><a class="indexterm" name="id375318"></a><em class="parameter"><code>force group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id375330"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT]</code></em></td></tr><tr><td><a class="indexterm" name="id375350"></a><em class="parameter"><code>path = /data/samba/shares/Accounting</code></em></td></tr><tr><td><a class="indexterm" name="id375362"></a><em class="parameter"><code>valid users = @acct, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id375373"></a><em class="parameter"><code>force group = acct</code></em></td></tr><tr><td><a class="indexterm" name="id375385"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375396"></a><em class="parameter"><code>create mask = 0660</code></em></td></tr><tr><td><a class="indexterm" name="id375408"></a><em class="parameter"><code>directory mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT_ADMIN]</code></em></td></tr><tr><td><a class="indexterm" name="id375428"></a><em class="parameter"><code>path = /data/samba/shares/Acct_Admin</code></em></td></tr><tr><td><a class="indexterm" name="id375440"></a><em class="parameter"><code>valid users = @"acct_admin"</code></em></td></tr><tr><td><a class="indexterm" name="id375451"></a><em class="parameter"><code>force group = acct_admin</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[HR_PR]</code></em></td></tr><tr><td><a class="indexterm" name="id375472"></a><em class="parameter"><code>path = /data/samba/shares/HR_PR</code></em></td></tr><tr><td><a class="indexterm" name="id375484"></a><em class="parameter"><code>valid users = @hr, @acct_admin</code></em></td></tr><tr><td><a class="indexterm" name="id375495"></a><em class="parameter"><code>force group = hr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ENGR]</code></em></td></tr><tr><td><a class="indexterm" name="id375516"></a><em class="parameter"><code>path = /data/samba/shares/Engr</code></em></td></tr><tr><td><a class="indexterm" name="id375527"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id375539"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id375550"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375562"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[DATA]</code></em></td></tr><tr><td><a class="indexterm" name="id375582"></a><em class="parameter"><code>path = /data/samba/shares/DATA</code></em></td></tr><tr><td><a class="indexterm" name="id375594"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id375606"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id375617"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375629"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id375640"></a><em class="parameter"><code>copy = engr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf5"></a><p class="title"><b>Example 10.8. Samba Configuration File  smb.conf Part E</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[X]</code></em></td></tr><tr><td><a class="indexterm" name="id375679"></a><em class="parameter"><code>path = /data/samba/shares/X</code></em></td></tr><tr><td><a class="indexterm" name="id375690"></a><em class="parameter"><code>valid users = @engr, @acct</code></em></td></tr><tr><td><a class="indexterm" name="id375702"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id375713"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375725"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id375736"></a><em class="parameter"><code>copy = engr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[NETWORK]</code></em></td></tr><tr><td><a class="indexterm" name="id375757"></a><em class="parameter"><code>path = /data/samba/shares/network</code></em></td></tr><tr><td><a class="indexterm" name="id375768"></a><em class="parameter"><code>valid users = "@Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id375780"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375791"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id375803"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[UTILS]</code></em></td></tr><tr><td><a class="indexterm" name="id375823"></a><em class="parameter"><code>path = /data/samba/shares/Utils</code></em></td></tr><tr><td><a class="indexterm" name="id375835"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[SYS]</code></em></td></tr><tr><td><a class="indexterm" name="id375855"></a><em class="parameter"><code>path = /data/samba/shares/SYS</code></em></td></tr><tr><td><a class="indexterm" name="id375867"></a><em class="parameter"><code>valid users = chad</code></em></td></tr><tr><td><a class="indexterm" name="id375878"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id375890"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><p>
         <a class="indexterm" name="id375905"></a>
         <a class="indexterm" name="id375911"></a>
         <a class="indexterm" name="id375918"></a>
+        </p><div class="example"><a name="ch8smbconf"></a><p class="title"><b>Example 10.4. Samba Configuration File  smb.conf Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id372609"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id372620"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id372632"></a><em class="parameter"><code>server string = Corp File Server</code></em></td></tr><tr><td><a class="indexterm" name="id372643"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id372655"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id372667"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id372678"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id372690"></a><em class="parameter"><code>log file = /data/samba/log/%m.log</code></em></td></tr><tr><td><a class="indexterm" name="id372701"></a><em class="parameter"><code>name resolve order = wins host bcast</code></em></td></tr><tr><td><a class="indexterm" name="id372713"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id372724"></a><em class="parameter"><code>printcap name = cups</code></em></td></tr><tr><td><a class="indexterm" name="id372736"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id372747"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id372759"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id372771"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id372783"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id372795"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id372807"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id372819"></a><em class="parameter"><code>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"</code></em></td></tr><tr><td><a class="indexterm" name="id372831"></a><em class="parameter"><code>logon script = logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id372842"></a><em class="parameter"><code>logon path = \\%L\profiles\%U\%a</code></em></td></tr><tr><td><a class="indexterm" name="id372854"></a><em class="parameter"><code>logon drive = H:</code></em></td></tr><tr><td><a class="indexterm" name="id372866"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id372877"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id372888"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id372900"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id372912"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id372923"></a><em class="parameter"><code>ldap idmap suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id372935"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id372946"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id372958"></a><em class="parameter"><code>ldap suffix = ou=MEGANET2,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id372970"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id372981"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id372993"></a><em class="parameter"><code>admin users = root, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id373004"></a><em class="parameter"><code>printer admin = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id373016"></a><em class="parameter"><code>force printername = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf2"></a><p class="title"><b>Example 10.5. Samba Configuration File  smb.conf Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id373055"></a><em class="parameter"><code>comment = Network logon service</code></em></td></tr><tr><td><a class="indexterm" name="id373067"></a><em class="parameter"><code>path = /data/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id373078"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id373090"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id373110"></a><em class="parameter"><code>comment = Roaming Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id373122"></a><em class="parameter"><code>path = /data/samba/profiles/</code></em></td></tr><tr><td><a class="indexterm" name="id373134"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id373145"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id373157"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id373168"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id373189"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id373200"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id373212"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id373223"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id373235"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id373246"></a><em class="parameter"><code>hide files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id373258"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[software]</code></em></td></tr><tr><td><a class="indexterm" name="id373278"></a><em class="parameter"><code>comment = Software for %a computers</code></em></td></tr><tr><td><a class="indexterm" name="id373290"></a><em class="parameter"><code>path = /data/samba/shares/software/%a</code></em></td></tr><tr><td><a class="indexterm" name="id373301"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[public]</code></em></td></tr><tr><td><a class="indexterm" name="id373322"></a><em class="parameter"><code>comment = Public Files</code></em></td></tr><tr><td><a class="indexterm" name="id373333"></a><em class="parameter"><code>path = /data/samba/shares/public</code></em></td></tr><tr><td><a class="indexterm" name="id373345"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id373356"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[PDF]</code></em></td></tr><tr><td><a class="indexterm" name="id373377"></a><em class="parameter"><code>comment = Location of documents printed to PDFCreator printer</code></em></td></tr><tr><td><a class="indexterm" name="id373389"></a><em class="parameter"><code>path = /data/samba/shares/pdf</code></em></td></tr><tr><td><a class="indexterm" name="id373400"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf3"></a><p class="title"><b>Example 10.6. Samba Configuration File  smb.conf Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[EVERYTHING]</code></em></td></tr><tr><td><a class="indexterm" name="id373440"></a><em class="parameter"><code>comment = All shares</code></em></td></tr><tr><td><a class="indexterm" name="id373451"></a><em class="parameter"><code>path = /data/samba</code></em></td></tr><tr><td><a class="indexterm" name="id373462"></a><em class="parameter"><code>valid users = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id373474"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[CDROM]</code></em></td></tr><tr><td><a class="indexterm" name="id373494"></a><em class="parameter"><code>comment = CD-ROM on MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id373506"></a><em class="parameter"><code>path = /mnt</code></em></td></tr><tr><td><a class="indexterm" name="id373518"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id373538"></a><em class="parameter"><code>comment = Printer Drivers Share</code></em></td></tr><tr><td><a class="indexterm" name="id373550"></a><em class="parameter"><code>path = /data/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id373561"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id373573"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id373593"></a><em class="parameter"><code>comment = All Printers</code></em></td></tr><tr><td><a class="indexterm" name="id373604"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id373616"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id373628"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id373639"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[acct_hp8500]</code></em></td></tr><tr><td><a class="indexterm" name="id373659"></a><em class="parameter"><code>comment = "Accounting Color Laser Printer"</code></em></td></tr><tr><td><a class="indexterm" name="id373671"></a><em class="parameter"><code>path = /data/samba/spool/private</code></em></td></tr><tr><td><a class="indexterm" name="id373683"></a><em class="parameter"><code>valid users = @acct, @acct_admin, @hr, "@Domain Admins",@Receptionist, dwayne, terri, danae, jerry</code></em></td></tr><tr><td><a class="indexterm" name="id373695"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id373706"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id373718"></a><em class="parameter"><code>copy = printers</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[plotter]</code></em></td></tr><tr><td><a class="indexterm" name="id373738"></a><em class="parameter"><code>comment = Engineering Plotter</code></em></td></tr><tr><td><a class="indexterm" name="id373750"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id373761"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id373773"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id373784"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id373796"></a><em class="parameter"><code>copy = printers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf4"></a><p class="title"><b>Example 10.7. Samba Configuration File  smb.conf Part D</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[APPS]</code></em></td></tr><tr><td><a class="indexterm" name="id373835"></a><em class="parameter"><code>path = /data/samba/shares/Apps</code></em></td></tr><tr><td><a class="indexterm" name="id373846"></a><em class="parameter"><code>force group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id373858"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT]</code></em></td></tr><tr><td><a class="indexterm" name="id373878"></a><em class="parameter"><code>path = /data/samba/shares/Accounting</code></em></td></tr><tr><td><a class="indexterm" name="id373890"></a><em class="parameter"><code>valid users = @acct, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id373901"></a><em class="parameter"><code>force group = acct</code></em></td></tr><tr><td><a class="indexterm" name="id373913"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id373924"></a><em class="parameter"><code>create mask = 0660</code></em></td></tr><tr><td><a class="indexterm" name="id373936"></a><em class="parameter"><code>directory mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT_ADMIN]</code></em></td></tr><tr><td><a class="indexterm" name="id373956"></a><em class="parameter"><code>path = /data/samba/shares/Acct_Admin</code></em></td></tr><tr><td><a class="indexterm" name="id373968"></a><em class="parameter"><code>valid users = @"acct_admin"</code></em></td></tr><tr><td><a class="indexterm" name="id373979"></a><em class="parameter"><code>force group = acct_admin</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[HR_PR]</code></em></td></tr><tr><td><a class="indexterm" name="id374000"></a><em class="parameter"><code>path = /data/samba/shares/HR_PR</code></em></td></tr><tr><td><a class="indexterm" name="id374012"></a><em class="parameter"><code>valid users = @hr, @acct_admin</code></em></td></tr><tr><td><a class="indexterm" name="id374023"></a><em class="parameter"><code>force group = hr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ENGR]</code></em></td></tr><tr><td><a class="indexterm" name="id374044"></a><em class="parameter"><code>path = /data/samba/shares/Engr</code></em></td></tr><tr><td><a class="indexterm" name="id374055"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id374067"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id374078"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374090"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[DATA]</code></em></td></tr><tr><td><a class="indexterm" name="id374110"></a><em class="parameter"><code>path = /data/samba/shares/DATA</code></em></td></tr><tr><td><a class="indexterm" name="id374122"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id374134"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id374145"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374157"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id374168"></a><em class="parameter"><code>copy = engr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf5"></a><p class="title"><b>Example 10.8. Samba Configuration File  smb.conf Part E</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[X]</code></em></td></tr><tr><td><a class="indexterm" name="id374207"></a><em class="parameter"><code>path = /data/samba/shares/X</code></em></td></tr><tr><td><a class="indexterm" name="id374219"></a><em class="parameter"><code>valid users = @engr, @acct</code></em></td></tr><tr><td><a class="indexterm" name="id374230"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id374242"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374253"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id374265"></a><em class="parameter"><code>copy = engr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[NETWORK]</code></em></td></tr><tr><td><a class="indexterm" name="id374285"></a><em class="parameter"><code>path = /data/samba/shares/network</code></em></td></tr><tr><td><a class="indexterm" name="id374297"></a><em class="parameter"><code>valid users = "@Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id374308"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374320"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id374331"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[UTILS]</code></em></td></tr><tr><td><a class="indexterm" name="id374352"></a><em class="parameter"><code>path = /data/samba/shares/Utils</code></em></td></tr><tr><td><a class="indexterm" name="id374363"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[SYS]</code></em></td></tr><tr><td><a class="indexterm" name="id374384"></a><em class="parameter"><code>path = /data/samba/shares/SYS</code></em></td></tr><tr><td><a class="indexterm" name="id374396"></a><em class="parameter"><code>valid users = chad</code></em></td></tr><tr><td><a class="indexterm" name="id374407"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id374418"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id374433"></a>
+        <a class="indexterm" name="id374440"></a>
+        <a class="indexterm" name="id374447"></a>
         Most of these shares are only used by one company group, but they are required
         because of some ancient Qbasic and Rbase applications were that written expecting
         their own drive letters.
         </p><p>
         <a class="indexterm" name="id375930"></a>
         <a class="indexterm" name="id375937"></a>
         <a class="indexterm" name="id375944"></a>
+        <a class="indexterm" name="id374458"></a>
+        <a class="indexterm" name="id374465"></a>
+        <a class="indexterm" name="id374472"></a>
         Note: During the process of building the new server, I kept data files
         up to date with the Novell server via use of <code class="literal">rsync</code>.
 …
 smbpasswd="/usr/bin/smbpasswd"
 </pre></div></div><br class="example-break"><p>
         <a class="indexterm" name="id376262"></a>
+        <a class="indexterm" name="id374790"></a>
         Note: I chose not to take advantage of the TLS capability of this.
         Eventually I may go back and tweak it.  Also, I chose not to take advantage
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id376336"></a>
         <a class="indexterm" name="id376343"></a>
         <a class="indexterm" name="id376350"></a>
         <a class="indexterm" name="id376357"></a>
         <a class="indexterm" name="id376363"></a>
+        <a class="indexterm" name="id374864"></a>
+        <a class="indexterm" name="id374871"></a>
+        <a class="indexterm" name="id374878"></a>
+        <a class="indexterm" name="id374885"></a>
+        <a class="indexterm" name="id374891"></a>
         With the LDAP directory now initialized, it was time to create the Windows and POSIX
         (UNIX) group accounts as well as the mappings from Windows groups to UNIX groups.
 …
         try to do this by hand.
         </p><p>
         <a class="indexterm" name="id376383"></a>
         <a class="indexterm" name="id376389"></a>
         <a class="indexterm" name="id376396"></a>
+        <a class="indexterm" name="id374911"></a>
+        <a class="indexterm" name="id374918"></a>
+        <a class="indexterm" name="id374924"></a>
         After I had my group mappings in place, I added users to the groups (the users
         don't really have to exist yet). I used the <code class="literal">smbldap-groupmod</code>
 …
         attributes to the group entries in LDAP.
         </p><p>
         <a class="indexterm" name="id376414"></a>
         <a class="indexterm" name="id376421"></a>
         <a class="indexterm" name="id376428"></a>
+        <a class="indexterm" name="id374942"></a>
+        <a class="indexterm" name="id374949"></a>
+        <a class="indexterm" name="id374956"></a>
         The most monumental task of all was adding the sambaSamAccount information to each
         already existent posixAccount entry.  I did it one at a time as I moved people onto
 …
 <code class="prompt">root# </code> smbldap-usermod -a -P username
 </pre><p>
         <a class="indexterm" name="id376448"></a>
         <a class="indexterm" name="id376455"></a>
         <a class="indexterm" name="id376462"></a>
+        <a class="indexterm" name="id374976"></a>
+        <a class="indexterm" name="id374983"></a>
+        <a class="indexterm" name="id374990"></a>
         I completed that step for every user after asking the person what his or her current
         NetWare password was. The wiser way to have done it would probably have been to dump the
 …
 <code class="prompt">root# </code> slapcat &gt; somefile.ldif
 </pre><p>
         <a class="indexterm" name="id376483"></a>
         <a class="indexterm" name="id376490"></a>
+        <a class="indexterm" name="id375011"></a>
+        <a class="indexterm" name="id375018"></a>
         Then update the LDIF file created by using a Perl script to parse and add the
         appropriate attributes and objectClasses to each entry, followed by re-importing
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id376575"></a>
+        <a class="indexterm" name="id375103"></a>
         So now I could log on with a test user from the machine w2kengrspare. It was all well and
         good, but that user was in no groups yet and so had pretty boring access.  I fixed that
 …
         I also did not have to do a logon script per user or per group.
         </p><p>
         <a class="indexterm" name="id376595"></a>
+        <a class="indexterm" name="id375123"></a>
         I downloaded Kixtart and put the following files in my netlogon share:
 </p><pre class="screen">
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id376618"></a>
+        <a class="indexterm" name="id375146"></a>
         I then wrote the <code class="filename">logon.kix</code> file that is shown in
         <a class="link" href="nw4migration.html#ch8kix" title="Example 10.15. Kixtart Control File File: logon.kix">&#8220;Kixtart Control File  File: logon.kix&#8221;</a>. I chose to keep it all in one file, but it
 …
         so it was easier to do it by hand.
         </p><p>
         <a class="indexterm" name="id376842"></a>
+        <a class="indexterm" name="id375372"></a>
         At this point I was able to add the users. This is the part that really falls
         into upgrade. I moved the users over one group at a time, starting with the

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/pr01.html

r599	r739
1		<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>About the Cover Artwork</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr02.html" title="Acknowledgments"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">About the Cover Artwork</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr02.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="About the Cover Artwork"><div class="titlepage"><div><div><h2 class="title"><a name="id~~281291~~"></a>About the Cover Artwork</h2></div></div></div><p>
	1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>About the Cover Artwork</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="index.html" title="Samba-3 by Example"><link rel="next" href="pr02.html" title="Acknowledgments"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">About the Cover Artwork</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr02.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="About the Cover Artwork"><div class="titlepage"><div><div><h2 class="title"><a name="id316097"></a>About the Cover Artwork</h2></div></div></div><p>
2	2	The cover artwork of this book continues the freedom theme of the first
3	3	edition of <span class="quote">“<span class="quote">Samba-3 by Example</span>”</span>. The history of civilization

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/pr02.html

r599	r739
1		<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Acknowledgments</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr01.html" title="About the Cover Artwork"><link rel="next" href="pr03.html" title="Foreword"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Acknowledgments</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr03.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="Acknowledgments"><div class="titlepage"><div><div><h2 class="title"><a name="id28~~1791~~"></a>Acknowledgments</h2></div></div></div><p>
	1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Acknowledgments</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr01.html" title="About the Cover Artwork"><link rel="next" href="pr03.html" title="Foreword"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Acknowledgments</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr01.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="pr03.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="Acknowledgments"><div class="titlepage"><div><div><h2 class="title"><a name="id282688"></a>Acknowledgments</h2></div></div></div><p>
2	2	<span class="emphasis"><em>Samba-3 by Example</em></span> would not have been written except
3	3	as a result of feedback provided by reviewers and readers of the book <span class="emphasis"><em>The

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/pr03.html

r599	r739
1		<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Foreword</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr02.html" title="Acknowledgments"><link rel="next" href="preface.html" title="Preface"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Foreword</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr02.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="preface.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="Foreword"><div class="titlepage"><div><div><h2 class="title"><a name="id280651"></a>Foreword</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="pr03.html#id280658">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></div><div class="sect1" title="By John M. Weathersby, Executive Director, OSSI"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280658"></a>By John M. Weathersby, Executive Director, OSSI</h2></div></div></div><div class="blockquote"><blockquote class="blockquote"><p>
	1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Foreword</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr02.html" title="Acknowledgments"><link rel="next" href="preface.html" title="Preface"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Foreword</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr02.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="preface.html">Next</a></td></tr></table><hr></div><div lang="en-US" class="preface" title="Foreword"><div class="titlepage"><div><div><h2 class="title"><a name="id314098"></a>Foreword</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="pr03.html#id314105">By John M. Weathersby, Executive Director, OSSI</a></span></dt></dl></div><div class="sect1" title="By John M. Weathersby, Executive Director, OSSI"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id314105"></a>By John M. Weathersby, Executive Director, OSSI</h2></div></div></div><div class="blockquote"><blockquote class="blockquote"><p>
2	2	The Open Source Software Institute (OSSI) is comprised of representatives from a broad spectrum of business and
3	3	non-business organizations that share a common interest in the promotion of development and implementation

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/preface.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Preface</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr03.html" title="Foreword"><link rel="next" href="ExNetworks.html" title="Part I. Example Network Configurations"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Preface</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr03.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ExNetworks.html">Next</a></td></tr></table><hr></div><div class="preface" title="Preface"><div class="titlepage"><div><div><h2 class="title"><a name="preface"></a>Preface</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="preface.html#id280788">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id280825">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id280643">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id322292">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id322341">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id322920">Conventions Used</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Preface</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="index.html" title="Samba-3 by Example"><link rel="prev" href="pr03.html" title="Foreword"><link rel="next" href="ExNetworks.html" title="Part I. Example Network Configurations"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Preface</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="pr03.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="ExNetworks.html">Next</a></td></tr></table><hr></div><div class="preface" title="Preface"><div class="titlepage"><div><div><h2 class="title"><a name="preface"></a>Preface</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="preface.html#id281184">Why Is This Book Necessary?</a></span></dt><dd><dl><dt><span class="sect2"><a href="preface.html#id281221">Samba 3.0.20 Update Edition</a></span></dt></dl></dd><dt><span class="sect1"><a href="preface.html#id280852">Prerequisites</a></span></dt><dt><span class="sect1"><a href="preface.html#id320789">Approach</a></span></dt><dt><span class="sect1"><a href="preface.html#id320838">Summary of Topics</a></span></dt><dt><span class="sect1"><a href="preface.html#id321418">Conventions Used</a></span></dt></dl></div><p>
         Network administrators live busy lives. We face distractions and pressures
         that drive us to seek proven, working case scenarios that can be easily
 …
         services and applications such as OpenLDAP, DNS and DHCP, the need for which
         can be met from other resources that are dedicated to the subject.
         </p><div class="sect1" title="Why Is This Book Necessary?"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280788"></a>Why Is This Book Necessary?</h2></div></div></div><p>
+        </p><div class="sect1" title="Why Is This Book Necessary?"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id281184"></a>Why Is This Book Necessary?</h2></div></div></div><p>
         This book is the result of observations and feedback. The feedback from
         the Samba-HOWTO-Collection has been positive and complimentary. There
 …
         on the CD-ROM. This book is descriptive, provides detailed diagrams, and
         makes deployment of Samba-3 a breeze.
         </p><div class="sect2" title="Samba 3.0.20 Update Edition"><div class="titlepage"><div><div><h3 class="title"><a name="id280825"></a>Samba 3.0.20 Update Edition</h3></div></div></div><p>
+        </p><div class="sect2" title="Samba 3.0.20 Update Edition"><div class="titlepage"><div><div><h3 class="title"><a name="id281221"></a>Samba 3.0.20 Update Edition</h3></div></div></div><p>
         The Samba 3.0.x series has been remarkably popular. At the time this book first
         went to print samba-3.0.2 was being released. There have been significant modifications
 …
                                                 be delegated to normal user accounts or to groups of users.
                                                 </p>
                                         </td></tr></tbody></table></div></div><br class="table-break"></div></div><div class="sect1" title="Prerequisites"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280643"></a>Prerequisites</h2></div></div></div><p>
+                                        </td></tr></tbody></table></div></div><br class="table-break"></div></div><div class="sect1" title="Prerequisites"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id280852"></a>Prerequisites</h2></div></div></div><p>
         This book is not a tutorial on UNIX or Linux administration. UNIX and Linux
         training is best obtained from books dedicated to the subject. This book
 …
         may need to refer to administrative guides or manuals for your operating system
         platform to find what is the best method to achieve what the text of this book describes.
         </p></div><div class="sect1" title="Approach"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id322292"></a>Approach</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Approach"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id320789"></a>Approach</h2></div></div></div><p>
         The first chapter deals with some rather thorny network analysis issues. Do not be
         put off by this. The information you glean, even without a detailed understanding
 …
         Each chapter has a set of questions and answers to help you to
         to understand and digest key attributes of the solutions presented.
         </p></div><div class="sect1" title="Summary of Topics"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id322341"></a>Summary of Topics</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Summary of Topics"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id320838"></a>Summary of Topics</h2></div></div></div><p>
         The contents of this second edition of <span class="emphasis"><em>Samba-3 by Example</em></span>
         have been rearranged based on feedback from purchasers of the first edition.
 …
                 a file and print server to create a connection over which file and print
                 operations may take place.
                 </p></dd></dl></div></div><div class="sect1" title="Conventions Used"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id322920"></a>Conventions Used</h2></div></div></div><p>
+                </p></dd></dl></div></div><div class="sect1" title="Conventions Used"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id321418"></a>Conventions Used</h2></div></div></div><p>
     The following notation conventions are used throughout this book:
     </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/primer.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Networking Primer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"><link rel="next" href="apa.html" title="Appendix A.  GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Networking Primer</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 16. Networking Primer"><div class="titlepage"><div><div><h2 class="title"><a name="primer"></a>Chapter 16. Networking Primer</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="primer.html#id390627">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id390763">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id390813">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id390920">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391033">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id392130">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id392597">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id393121">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id393223">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 16. Networking Primer</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="RefSection.html" title="Part III. Reference Section"><link rel="prev" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits"><link rel="next" href="apa.html" title="Appendix A.  GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 16. Networking Primer</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><th width="60%" align="center">Part III. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 16. Networking Primer"><div class="titlepage"><div><div><h2 class="title"><a name="primer"></a>Chapter 16. Networking Primer</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="primer.html#id389151">Requirements and Notes</a></span></dt><dt><span class="sect1"><a href="primer.html#id389288">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id389338">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#id389445">Exercises</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id389558">Single-Machine Broadcast Activity</a></span></dt><dt><span class="sect2"><a href="primer.html#secondmachine">Second Machine Startup Broadcast Interaction</a></span></dt><dt><span class="sect2"><a href="primer.html#id390654">Simple Windows Client Connection Characteristics</a></span></dt><dt><span class="sect2"><a href="primer.html#id391120">Windows 200x/XP Client Interaction with Samba-3</a></span></dt><dt><span class="sect2"><a href="primer.html#id391645">Conclusions to Exercises</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01conc">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="primer.html#id391746">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="primer.html#chap01qa">Questions and Answers</a></span></dt></dl></div><p>
         You are about to use the equivalent of a microscope to look at the information
         that runs through the veins of a Windows network. We do more to observe the information than
 …
         Samba can be configured with a minimum of complexity. Simplicity should be mastered
         before you get too deeply into complexities. Let's get moving: we have work to do.
         </p><div class="sect1" title="Requirements and Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id390627"></a>Requirements and Notes</h2></div></div></div><p>
+        </p><div class="sect1" title="Requirements and Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id389151"></a>Requirements and Notes</h2></div></div></div><p>
         Successful completion of this primer requires two Microsoft Windows 9x/Me Workstations
         as well as two Microsoft Windows XP Professional Workstations, each equipped with an Ethernet
 …
         on a quiet network where there is no other traffic. It is best to use a dedicated hub
         with only the machines under test connected at the time of the exercises.
         </p><p><a class="indexterm" name="id390642"></a>
+        </p><p><a class="indexterm" name="id389166"></a>
         Wireshark (formerly Ethereal) has become the network protocol analyzer of choice for many network administrators.
         You may find more information regarding this tool from the
 …
         that is used to monitor traffic; this would not allow you to complete the projects.
         </p></div><p>
         <a class="indexterm" name="id390701"></a>
+        <a class="indexterm" name="id389225"></a>
         Do not worry too much if you do not have access to all this equipment; network captures
         from the exercises are provided on the enclosed CD-ROM. This makes it possible to dive directly
         into the analytical part of the exercises if you so desire.
         </p><p><a class="indexterm" name="id390714"></a><a class="indexterm" name="id390726"></a>
+        </p><p><a class="indexterm" name="id389238"></a><a class="indexterm" name="id389250"></a>
         Please do not be alarmed at the use of a high-powered analysis tool (Wireshark) in this
         primer.  We expose you only to a minimum of detail necessary to complete
 …
         <a class="link" href="primer.html#chap01qa" title="Questions and Answers">&#8220;Questions and Answers&#8221;</a> also provides useful information
         that may help you to avoid significantly time-consuming networking problems.
         </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id390763"></a>Introduction</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id389288"></a>Introduction</h2></div></div></div><p>
         The purpose of this chapter is to create familiarity with key aspects of Microsoft Windows
         network computing. If you want a solid technical grounding, do not gloss over these exercises.
         The points covered are recurrent issues on the Samba mailing lists.
         </p><p><a class="indexterm" name="id390775"></a>
+        </p><p><a class="indexterm" name="id389300"></a>
         You can see from these exercises that Windows networking involves quite a lot of network
         broadcast traffic. You can look into the contents of some packets, but only to see
 …
         Edition</em></span> (TOSHARG2) Chapter 9, <span class="quote">&#8220;<span class="quote">Network Browsing,</span>&#8221;</span> and Chapter 3,
         <span class="quote">&#8220;<span class="quote">Server Types and Security Modes.</span>&#8221;</span>
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id390813"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id390820"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id389338"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id389345"></a>
                 You are about to witness how Microsoft Windows computer networking functions. The
                 exercises step through identification of how a client machine establishes a
 …
                 each other (i.e., how browsing works) and how the two key types of user identification
                 (share mode security and user mode security) are affected.
                 </p><p><a class="indexterm" name="id390834"></a>
+                </p><p><a class="indexterm" name="id389359"></a>
                 The networking protocols used by MS Windows networking when working with Samba
                 use TCP/IP as the transport protocol. The protocols that are specific to Windows
                 networking are encapsulated in TCP/IP. The network analyzer we use (Wireshark)
                 is able to show you the contents of the TCP/IP packets (or messages).
                 </p><div class="procedure" title="Procedure 16.1. Diagnostic Tasks"><a name="chap01tasks"></a><p class="title"><b>Procedure 16.1. Diagnostic Tasks</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id390864"></a><a class="indexterm" name="id390875"></a><a class="indexterm" name="id390883"></a>
+                </p><div class="procedure" title="Procedure 16.1. Diagnostic Tasks"><a name="chap01tasks"></a><p class="title"><b>Procedure 16.1. Diagnostic Tasks</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id389389"></a><a class="indexterm" name="id389400"></a><a class="indexterm" name="id389408"></a>
                         Examine network traces to witness SMB broadcasts, host announcements,
                         and name resolution processes.
 …
                         Review traces of network logons for a Windows 9x/Me client as well as
                         a domain logon for a Windows XP Professional client.
                         </p></li></ol></div></div></div><div class="sect1" title="Exercises"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id390920"></a>Exercises</h2></div></div></div><p>
         <a class="indexterm" name="id390928"></a>
+                        </p></li></ol></div></div></div><div class="sect1" title="Exercises"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id389445"></a>Exercises</h2></div></div></div><p>
+        <a class="indexterm" name="id389453"></a>
         You are embarking on a course of discovery. The first part of the exercise requires
         two MS Windows 9x/Me systems. We called one machine <code class="constant">WINEPRESSME</code> and the
 …
         Choose a workgroup name (MIDEARTH) for each exercise.
         </p><p>
         <a class="indexterm" name="id391010"></a>
+        <a class="indexterm" name="id389534"></a>
         The network captures provided on the CD-ROM included with this book were captured using <code class="constant">Ethereal</code>
         version <code class="literal">0.10.6</code>. A later version suffices without problems (i.e. you should be using Wireshark), but an earlier version may not
 …
         that can be derived from this book really does warrant your taking sufficient time to practice each exercise with
         care and attention to detail.
         </p><div class="sect2" title="Single-Machine Broadcast Activity"><div class="titlepage"><div><div><h3 class="title"><a name="id391033"></a>Single-Machine Broadcast Activity</h3></div></div></div><p>
+        </p><div class="sect2" title="Single-Machine Broadcast Activity"><div class="titlepage"><div><div><h3 class="title"><a name="id389558"></a>Single-Machine Broadcast Activity</h3></div></div></div><p>
         In this section, we start a single Windows 9x/Me machine, then monitor network activity for 30 minutes.
         </p><div class="procedure" title="Procedure 16.2. Monitoring Windows 9x Steps"><a name="id391043"></a><p class="title"><b>Procedure 16.2. Monitoring Windows 9x Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 16.2. Monitoring Windows 9x Steps"><a name="id389568"></a><p class="title"><b>Procedure 16.2. Monitoring Windows 9x Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Start the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>).
                 Launch <code class="literal">Wireshark</code>, click
 …
                 Analyze the capture. Identify each discrete message type that was captured. Note what transport protocol
                 was used. Identify the timing between messages of identical types.
                 </p></li></ol></div><div class="sect3" title="Findings"><div class="titlepage"><div><div><h4 class="title"><a name="id391158"></a>Findings</h4></div></div></div><p>
+                </p></li></ol></div><div class="sect3" title="Findings"><div class="titlepage"><div><div><h4 class="title"><a name="id389683"></a>Findings</h4></div></div></div><p>
                 The summary of the first 10 minutes of the packet capture should look like <a class="link" href="primer.html#pktcap01" title="Figure 16.1. Windows Me Broadcasts The First 10 Minutes">&#8220;Windows Me  Broadcasts  The First 10 Minutes&#8221;</a>.
                 A screenshot of a later stage of the same capture is shown in <a class="link" href="primer.html#pktcap02" title="Figure 16.2. Windows Me Later Broadcast Sample">&#8220;Windows Me  Later Broadcast Sample&#8221;</a>.
                 </p><div class="figure"><a name="pktcap01"></a><p class="title"><b>Figure 16.1. Windows Me  Broadcasts  The First 10 Minutes</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture.png" width="216" alt="Windows Me Broadcasts The First 10 Minutes"></div></div></div><br class="figure-break"><div class="figure"><a name="pktcap02"></a><p class="title"><b>Figure 16.2. Windows Me  Later Broadcast Sample</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture2.png" width="226.8" alt="Windows Me Later Broadcast Sample"></div></div></div><br class="figure-break"><p><a class="indexterm" name="id391271"></a><a class="indexterm" name="id391282"></a>
+                </p><div class="figure"><a name="pktcap01"></a><p class="title"><b>Figure 16.1. Windows Me  Broadcasts  The First 10 Minutes</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture.png" width="216" alt="Windows Me Broadcasts The First 10 Minutes"></div></div></div><br class="figure-break"><div class="figure"><a name="pktcap02"></a><p class="title"><b>Figure 16.2. Windows Me  Later Broadcast Sample</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WINREPRESSME-Capture2.png" width="226.8" alt="Windows Me Later Broadcast Sample"></div></div></div><br class="figure-break"><p><a class="indexterm" name="id389796"></a><a class="indexterm" name="id389807"></a>
                 Broadcast messages observed are shown in <a class="link" href="primer.html#capsstats01" title="Table 16.1. Windows Me Startup Broadcast Capture Statistics">&#8220;Windows Me  Startup Broadcast Capture Statistics&#8221;</a>.
                 Actual observations vary a little, but not by much.
 …
                 first to ensure that its name would not result in a name clash, and second to establish its
                 presence with the Local Master Browser (LMB).
                 </p><div class="table"><a name="capsstats01"></a><p class="title"><b>Table 16.1. Windows Me  Startup Broadcast Capture Statistics</b></p><div class="table-contents"><table summary="Windows Me  Startup Broadcast Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">WINEPRESSME&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;20&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1d&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1e&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1b&gt;</td><td align="center">Qry</td><td align="center">84</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">__MSBROWSE__</td><td align="center">Reg</td><td align="center">8</td><td align="left">Registered after winning election to Browse Master</td></tr><tr><td align="left">JHT&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 x 2. This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">2</td><td align="left">Observed at 10 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Get Backup List Request</td><td align="center">Qry</td><td align="center">12</td><td align="left">6 x 2 early in startup, 0.5 sec apart</td></tr><tr><td align="left">Browser Election Request</td><td align="center">Ann</td><td align="center">10</td><td align="left">5 x 2 early in startup</td></tr><tr><td align="left">Request Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">4</td><td align="left">Early in startup</td></tr></tbody></table></div></div><br class="table-break"><p><a class="indexterm" name="id391620"></a><a class="indexterm" name="id391628"></a>
+                </p><div class="table"><a name="capsstats01"></a><p class="title"><b>Table 16.1. Windows Me  Startup Broadcast Capture Statistics</b></p><div class="table-contents"><table summary="Windows Me  Startup Broadcast Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">WINEPRESSME&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">WINEPRESSME&lt;20&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1d&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1e&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1b&gt;</td><td align="center">Qry</td><td align="center">84</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">__MSBROWSE__</td><td align="center">Reg</td><td align="center">8</td><td align="left">Registered after winning election to Browse Master</td></tr><tr><td align="left">JHT&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 x 2. This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">2</td><td align="left">Observed at 10 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">18</td><td align="left">300 sec apart at stable operation</td></tr><tr><td align="left">Get Backup List Request</td><td align="center">Qry</td><td align="center">12</td><td align="left">6 x 2 early in startup, 0.5 sec apart</td></tr><tr><td align="left">Browser Election Request</td><td align="center">Ann</td><td align="center">10</td><td align="left">5 x 2 early in startup</td></tr><tr><td align="left">Request Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">4</td><td align="left">Early in startup</td></tr></tbody></table></div></div><br class="table-break"><p><a class="indexterm" name="id390145"></a><a class="indexterm" name="id390152"></a>
                 From the packet trace, it should be noted that no messages were propagated over TCP/IP;
                 all messages employed UDP/IP.  When steady-state operation has been achieved, there is a cycle
                 of various announcements, re-election of a browse master, and name queries. These create
                 the symphony of announcements by which network browsing is made possible.
                 </p><p><a class="indexterm" name="id391642"></a>
+                </p><p><a class="indexterm" name="id390167"></a>
                 For detailed information regarding the precise behavior of the CIFS/SMB protocols,
                 refer to the book <span class="quote">&#8220;<span class="quote">Implementing CIFS: The Common Internet File System,</span>&#8221;</span>
 …
         At this time, the machine you used to capture the single-system startup trace should still be running.
         The objective of this task is to identify the interaction of two machines in respect to broadcast activity.
         </p><div class="procedure" title="Procedure 16.3. Monitoring of Second Machine Activity"><a name="id391674"></a><p class="title"><b>Procedure 16.3. Monitoring of Second Machine Activity</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 16.3. Monitoring of Second Machine Activity"><a name="id390199"></a><p class="title"><b>Procedure 16.3. Monitoring of Second Machine Activity</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 On the machine from which network activity will be monitored (using <code class="literal">Wireshark</code>),
                 launch <code class="literal">Wireshark</code> and click
 …
                 Analyze the capture trace, taking note of the transport protocols used, the types of messages observed,
                 and what interaction took place between the two machines. Leave both machines running for the next task.
                 </p></li></ol></div><div class="sect3" title="Findings"><div class="titlepage"><div><div><h4 class="title"><a name="id391782"></a>Findings</h4></div></div></div><p>
+                </p></li></ol></div><div class="sect3" title="Findings"><div class="titlepage"><div><div><h4 class="title"><a name="id390308"></a>Findings</h4></div></div></div><p>
                 <a class="link" href="primer.html#capsstats02" title="Table 16.2. Second Machine (Windows 98) Capture Statistics">&#8220;Second Machine (Windows 98)  Capture Statistics&#8221;</a> summarizes capture statistics observed. As in the previous case,
                 all announcements used UDP/IP broadcasts. Also, as was observed with the last example, the second
 …
                 <span class="quote">&#8220;<span class="quote">Implementing CIFS: The Common Internet File System.</span>&#8221;</span>
                 </p><div class="table"><a name="capsstats02"></a><p class="title"><b>Table 16.2. Second Machine (Windows 98)  Capture Statistics</b></p><div class="table-contents"><table summary="Second Machine (Windows 98)  Capture Statistics" border="1"><colgroup><col align="left"><col align="center"><col align="center"><col align="left"></colgroup><thead><tr><th align="left">Message</th><th align="center">Type</th><th align="center">Num</th><th align="left">Notes</th></tr></thead><tbody><tr><td align="left">MILGATE98&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">MILGATE98&lt;03&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.6 sec apart</td></tr><tr><td align="left">MILGATE98&lt;20&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;00&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1d&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1e&gt;</td><td align="center">Reg</td><td align="center">8</td><td align="left">4 lots of 2, 0.75 sec apart</td></tr><tr><td align="left">MIDEARTH&lt;1b&gt;</td><td align="center">Qry</td><td align="center">18</td><td align="left">900 sec apart at stable operation</td></tr><tr><td align="left">JHT&lt;03&gt;</td><td align="center">Reg</td><td align="center">2</td><td align="left">This is the name of the user that logged onto Windows</td></tr><tr><td align="left">Host Announcement MILGATE98</td><td align="center">Ann</td><td align="center">14</td><td align="left">Every 120 sec</td></tr><tr><td align="left">Domain/Workgroup Announcement MIDEARTH</td><td align="center">Ann</td><td align="center">6</td><td align="left">900 sec apart at stable operation</td></tr><tr><td align="left">Local Master Announcement WINEPRESSME</td><td align="center">Ann</td><td align="center">6</td><td align="left">Insufficient detail to determine frequency</td></tr></tbody></table></div></div><br class="table-break"><p>
                 <a class="indexterm" name="id392055"></a>
                 <a class="indexterm" name="id392062"></a>
                 <a class="indexterm" name="id392069"></a>
+                <a class="indexterm" name="id390580"></a>
+                <a class="indexterm" name="id390587"></a>
+                <a class="indexterm" name="id390594"></a>
                 Observation of the contents of Host Announcements, Domain/Workgroup Announcements,
                 and Local Master Announcements is instructive. These messages convey a significant
                 level of detail regarding the nature of each machine that is on the network. An example
                 dissection of a Host Announcement is given in <a class="link" href="primer.html#hostannounce" title="Figure 16.3. Typical Windows 9x/Me Host Announcement">&#8220;Typical Windows 9x/Me Host Announcement&#8221;</a>.
                 </p><div class="figure"><a name="hostannounce"></a><p class="title"><b>Figure 16.3. Typical Windows 9x/Me Host Announcement</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/HostAnnouncment.png" width="221.4" alt="Typical Windows 9x/Me Host Announcement"></div></div></div><br class="figure-break"></div></div><div class="sect2" title="Simple Windows Client Connection Characteristics"><div class="titlepage"><div><div><h3 class="title"><a name="id392130"></a>Simple Windows Client Connection Characteristics</h3></div></div></div><p>
+                </p><div class="figure"><a name="hostannounce"></a><p class="title"><b>Figure 16.3. Typical Windows 9x/Me Host Announcement</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/HostAnnouncment.png" width="221.4" alt="Typical Windows 9x/Me Host Announcement"></div></div></div><br class="figure-break"></div></div><div class="sect2" title="Simple Windows Client Connection Characteristics"><div class="titlepage"><div><div><h3 class="title"><a name="id390654"></a>Simple Windows Client Connection Characteristics</h3></div></div></div><p>
         The purpose of this exercise is to discover how Microsoft Windows clients create (establish)
         connections with remote servers. The methodology involves analysis of a key aspect of how
         Windows clients access remote servers: the session setup protocol.
         </p><div class="procedure" title="Procedure 16.4. Client Connection Exploration Steps"><a name="id392141"></a><p class="title"><b>Procedure 16.4. Client Connection Exploration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 16.4. Client Connection Exploration Steps"><a name="id390665"></a><p class="title"><b>Procedure 16.4. Client Connection Exploration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure a Windows 9x/Me machine (MILGATE98) with a share called <code class="constant">Stuff</code>.
                 Create a <em class="parameter"><code>Full Access</code></em> control password on this share.
 …
                 Save the captured data in case it is needed for later analysis.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id392265"></a>
+                <a class="indexterm" name="id390789"></a>
                 From the top of the packets captured, scan down to locate the first packet that has
                 interpreted as <code class="constant">Session Setup AndX, User: anonymous; Tree Connect AndX,
                 Path: \\MILGATE98\IPC$</code>.
                 </p></li><li class="step" title="Step 8"><p><a class="indexterm" name="id392283"></a><a class="indexterm" name="id392291"></a>
+                </p></li><li class="step" title="Step 8"><p><a class="indexterm" name="id390807"></a><a class="indexterm" name="id390815"></a>
                 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request,
                 and Tree Connect AndX Request</code>. Examine both operations. Identify the name of
 …
                 that was targeted at the <code class="constant">\\MILGATE98\IPC$</code> service.
                 </p></li><li class="step" title="Step 10"><p>
                 <a class="indexterm" name="id392331"></a>
                 <a class="indexterm" name="id392338"></a>
+                <a class="indexterm" name="id390855"></a>
+                <a class="indexterm" name="id390862"></a>
                 Dissect this packet as per the previous one. This packet should have a password length
                 of 24 (characters) and should have a password field, the contents of which is a
                 long hexadecimal number. Observe the name in the Account field. This is a User Mode
                 session setup packet.
                 </p></li></ol></div><div class="sect3" title="Findings and Comments"><div class="titlepage"><div><div><h4 class="title"><a name="id392350"></a>Findings and Comments</h4></div></div></div><p>
                 <a class="indexterm" name="id392358"></a>
                 The <code class="constant">IPC$</code> share serves a vital purpose<sup>[<a name="id392369" href="#ftn.id392369" class="footnote">15</a>]</sup>
+                </p></li></ol></div><div class="sect3" title="Findings and Comments"><div class="titlepage"><div><div><h4 class="title"><a name="id390873"></a>Findings and Comments</h4></div></div></div><p>
+                <a class="indexterm" name="id390881"></a>
+                The <code class="constant">IPC$</code> share serves a vital purpose<sup>[<a name="id390892" href="#ftn.id390892" class="footnote">15</a>]</sup>
                 in SMB/CIFS-based networking.  A Windows client connects to this resource to obtain the list of
                 resources that are available on the server. The server responds with the shares and print queues that
 …
                 username and a <code class="constant">NULL</code> password.
                 </p><p>
                 <a class="indexterm" name="id392386"></a>
+                <a class="indexterm" name="id390910"></a>
                 The two packets examined are material evidence of how Windows clients may
                 interoperate with Samba. Samba requires every connection setup to be authenticated using
 …
                 account.
                 </p><p>
             <a class="indexterm" name="id392403"></a><a class="indexterm" name="id392408"></a>
             <a class="indexterm" name="id392417"></a>
+            <a class="indexterm" name="id390926"></a><a class="indexterm" name="id390932"></a>
+            <a class="indexterm" name="id390941"></a>
                 Samba has a special name for the <code class="constant">NULL</code>, or empty, user account:
                 it calls it the <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account</a>. The
 …
                 <a class="link" href="primer.html#nullconnect" title="Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request">&#8220;Typical Windows 9x/Me NULL SessionSetUp AndX Request&#8221;</a>.
                 </p><div class="figure"><a name="nullconnect"></a><p class="title"><b>Figure 16.4. Typical Windows 9x/Me NULL SessionSetUp AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/NullConnect.png" width="221.4" alt="Typical Windows 9x/Me NULL SessionSetUp AndX Request"></div></div></div><br class="figure-break"><p>
                 <a class="indexterm" name="id392498"></a>
                 <a class="indexterm" name="id392505"></a>
                 <a class="indexterm" name="id392512"></a>
+                <a class="indexterm" name="id391021"></a>
+                <a class="indexterm" name="id391028"></a>
+                <a class="indexterm" name="id391034"></a>
                 When a UNIX/Linux system does not have a <code class="constant">nobody</code> user account
                 (<code class="filename">/etc/passwd</code>), the operation of the <code class="constant">NULL</code>
 …
                 is shown in <a class="link" href="primer.html#userconnect" title="Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request">&#8220;Typical Windows 9x/Me User SessionSetUp AndX Request&#8221;</a>.
                 </p><div class="figure"><a name="userconnect"></a><p class="title"><b>Figure 16.5. Typical Windows 9x/Me User SessionSetUp AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/UserConnect.png" width="221.4" alt="Typical Windows 9x/Me User SessionSetUp AndX Request"></div></div></div><br class="figure-break"><p>
                 <a class="indexterm" name="id392585"></a>
+                <a class="indexterm" name="id391108"></a>
                 The User Mode connection packet contains the account name and the domain name.
                 The password is provided in Microsoft encrypted form, and its length is shown
                 as 24 characters. This is the length of Microsoft encrypted passwords.
                 </p></div></div><div class="sect2" title="Windows 200x/XP Client Interaction with Samba-3"><div class="titlepage"><div><div><h3 class="title"><a name="id392597"></a>Windows 200x/XP Client Interaction with Samba-3</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Windows 200x/XP Client Interaction with Samba-3"><div class="titlepage"><div><div><h3 class="title"><a name="id391120"></a>Windows 200x/XP Client Interaction with Samba-3</h3></div></div></div><p>
         By now you may be asking, <span class="quote">&#8220;<span class="quote">Why did you choose to work with Windows 9x/Me?</span>&#8221;</span>
         </p><p>
 …
         a domain member of either a Samba-controlled domain or a Windows NT4 or 200x Active Directory domain.
         Here we do not provide details for how to configure this, as full coverage is provided earlier in this book.
         </p><div class="procedure" title="Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up"><a name="id392631"></a><p class="title"><b>Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up"><a name="id391154"></a><p class="title"><b>Procedure 16.5. Steps to Explore Windows XP Pro Connection Set-up</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Start your domain controller. Also, start the Wireshark monitoring machine, launch Wireshark,
                 and then wait for the next step to complete.
 …
                 in this chapter.
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id392845"></a>
                 <a class="indexterm" name="id392852"></a>
+                <a class="indexterm" name="id391368"></a>
+                <a class="indexterm" name="id391375"></a>
                 From the top of the packets captured, scan down to locate the first packet that has
                 interpreted as <code class="constant">Session Setup AndX Request, NTLMSSP_AUTH</code>.
                 </p></li><li class="step" title="Step 9"><p>
                 <a class="indexterm" name="id392870"></a>
                 <a class="indexterm" name="id392877"></a>
                 <a class="indexterm" name="id392884"></a>
+                <a class="indexterm" name="id391393"></a>
+                <a class="indexterm" name="id391400"></a>
+                <a class="indexterm" name="id391407"></a>
                 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request</code>.
                 Expand the packet decode information, beginning at the <code class="constant">Security Blob:</code>
 …
                 has been decoded as <code class="constant">Session Setup AndX Request, NTLMSSP_AUTH</code>.
                 </p></li><li class="step" title="Step 11"><p>
                 <a class="indexterm" name="id392941"></a>
+                <a class="indexterm" name="id391464"></a>
                 In the dissection (analysis) panel, expand the <code class="constant">SMB, Session Setup AndX Request</code>.
                 Expand the packet decode information, beginning at the <code class="constant">Security Blob:</code>
 …
                 password and then the NT (case-preserving) password hash.
                 </p></li><li class="step" title="Step 12"><p>
                 <a class="indexterm" name="id392995"></a>
                 <a class="indexterm" name="id393002"></a>
+                <a class="indexterm" name="id391519"></a>
+                <a class="indexterm" name="id391526"></a>
                 The passwords are 24-character hexadecimal numbers. This packet confirms that this is a User Mode
                 session setup packet.
                 </p></li></ol></div><div class="figure"><a name="XPCap01"></a><p class="title"><b>Figure 16.6. Typical Windows XP NULL Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-NullConnection.png" width="270" alt="Typical Windows XP NULL Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="figure"><a name="XPCap02"></a><p class="title"><b>Figure 16.7. Typical Windows XP User Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-UserConnection.png" width="270" alt="Typical Windows XP User Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="sect3" title="Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id393094"></a>Discussion</h4></div></div></div><p><a class="indexterm" name="id393101"></a>
+                </p></li></ol></div><div class="figure"><a name="XPCap01"></a><p class="title"><b>Figure 16.6. Typical Windows XP NULL Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-NullConnection.png" width="270" alt="Typical Windows XP NULL Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="figure"><a name="XPCap02"></a><p class="title"><b>Figure 16.7. Typical Windows XP User Session Setup AndX Request</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/WindowsXP-UserConnection.png" width="270" alt="Typical Windows XP User Session Setup AndX Request"></div></div></div><br class="figure-break"><div class="sect3" title="Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id391618"></a>Discussion</h4></div></div></div><p><a class="indexterm" name="id391624"></a>
                 This exercise demonstrates that, while the specific protocol for the Session Setup AndX is handled
                 in a more sophisticated manner by recent MS Windows clients, the underlying rules or principles
 …
                 technology server (one using Windows NT4/200x or Samba). It also demonstrates that an authenticated
                 connection must be made before resources can be used.
                 </p></div></div><div class="sect2" title="Conclusions to Exercises"><div class="titlepage"><div><div><h3 class="title"><a name="id393121"></a>Conclusions to Exercises</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Conclusions to Exercises"><div class="titlepage"><div><div><h3 class="title"><a name="id391645"></a>Conclusions to Exercises</h3></div></div></div><p>
         In summary, the following points have been established in this chapter:
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
 …
                 databases in concurrent deployment. Refer to <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 10, <span class="quote">&#8220;<span class="quote">Account Information Databases.</span>&#8221;</span>
                 </p></li></ul></div></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="chap01conc"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id393199"></a>
+        <a class="indexterm" name="id391723"></a>
         The exercises demonstrate the use of the <code class="constant">guest</code> account, the way that
         MS Windows clients and servers resolve computer names to a TCP/IP address, and how connections
 …
         the Microsoft knowledgebase article
         <a class="ulink" href="http://support.microsoft.com/support/kb/articles/Q102/78/8.asp" target="_top">Q102878.</a>
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id393223"></a>Technical Issues</h3></div></div></div><p>
                 <a class="indexterm" name="id393231"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id391746"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id391754"></a>
                 Network browsing involves SMB broadcast announcements, SMB enumeration requests,
                 connections to the <code class="constant">IPC$</code> share, share enumerations, and SMB connection
 …
         The questions and answers given in this section are designed to highlight important aspects of Microsoft
         Windows networking.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id393266"></a><dl><dt> <a href="primer.html#id393272">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id391789"></a><dl><dt> <a href="primer.html#id391796">
                 What is the significance of the MIDEARTH&lt;1b&gt; type query?
                 </a></dt><dt> <a href="primer.html#id393315">
+                </a></dt><dt> <a href="primer.html#id391838">
                 What is the significance of the MIDEARTH&lt;1d&gt; type name registration?
                 </a></dt><dt> <a href="primer.html#id393382">
+                </a></dt><dt> <a href="primer.html#id391905">
                 What is the role and significance of the &lt;01&gt;&lt;02&gt;__MSBROWSE__&lt;02&gt;&lt;01&gt;
                 name registration?
                 </a></dt><dt> <a href="primer.html#id393410">
+                </a></dt><dt> <a href="primer.html#id391933">
                 What is the significance of the MIDEARTH&lt;1e&gt; type name registration?
                 </a></dt><dt> <a href="primer.html#id393437">
+                </a></dt><dt> <a href="primer.html#id391960">
                 What is the significance of the guest account in smb.conf?
                 </a></dt><dt> <a href="primer.html#id393508">
+                </a></dt><dt> <a href="primer.html#id392031">
                 Is it possible to reduce network broadcast activity with Samba-3?
                 </a></dt><dt> <a href="primer.html#id393609">
+                </a></dt><dt> <a href="primer.html#id392132">
                 Can I just use plain-text passwords with Samba?
                 </a></dt><dt> <a href="primer.html#id393684">
+                </a></dt><dt> <a href="primer.html#id392207">
                 What parameter in the smb.conf file is used to enable the use of encrypted passwords?
                 </a></dt><dt> <a href="primer.html#id393723">
+                </a></dt><dt> <a href="primer.html#id392247">
                 Is it necessary to specify encrypt passwords = Yes
                 when Samba-3 is configured as a domain member?
                 </a></dt><dt> <a href="primer.html#id393753">
+                </a></dt><dt> <a href="primer.html#id392277">
                 Is it necessary to specify a guest account when Samba-3 is configured
                 as a domain member server?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id393272"></a><a name="id393275"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id391796"></a><a name="id391798"></a></td><td align="left" valign="top"><p>
                 What is the significance of the MIDEARTH&lt;1b&gt; type query?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id393286"></a>
                 <a class="indexterm" name="id393296"></a>
+                <a class="indexterm" name="id391810"></a>
+                <a class="indexterm" name="id391819"></a>
                 This is a broadcast announcement by which the Windows machine is attempting to
                 locate a Domain Master Browser (DMB) in the event that it might exist on the network.
                 Refer to <span class="emphasis"><em>TOSHARG2,</em></span> Chapter 9, Section 9.7, <span class="quote">&#8220;<span class="quote">Technical Overview of Browsing,</span>&#8221;</span>
                 for details regarding the function of the DMB and its role in network browsing.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393315"></a><a name="id393317"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id391838"></a><a name="id391841"></a></td><td align="left" valign="top"><p>
                 What is the significance of the MIDEARTH&lt;1d&gt; type name registration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id393329"></a>
                 <a class="indexterm" name="id393338"></a>
+                <a class="indexterm" name="id391852"></a>
+                <a class="indexterm" name="id391861"></a>
                 This name registration records the machine IP addresses of the LMBs.
                 Network clients can query this name type to obtain a list of browser servers from the
 …
                         </p></li><li class="listitem"><p>
                         The IP address of the LMB on the local segment
                         </p></li></ul></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id393382"></a><a name="id393384"></a></td><td align="left" valign="top"><p>
+                        </p></li></ul></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id391905"></a><a name="id391907"></a></td><td align="left" valign="top"><p>
                 What is the role and significance of the &lt;01&gt;&lt;02&gt;__MSBROWSE__&lt;02&gt;&lt;01&gt;
                 name registration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id393397"></a>
+                <a class="indexterm" name="id391920"></a>
                 This name is registered by the browse master to broadcast and receive domain announcements.
                 Its scope is limited to the local network segment, or subnet. By querying this name type,
                 master browsers on networks that have multiple domains can find the names of master browsers
                 for each domain.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393410"></a><a name="id393412"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id391933"></a><a name="id391935"></a></td><td align="left" valign="top"><p>
                 What is the significance of the MIDEARTH&lt;1e&gt; type name registration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id393423"></a>
+                <a class="indexterm" name="id391947"></a>
                 This name is registered by all browse masters in a domain or workgroup. The registration
                 name type is known as the Browser Election Service. Master browsers register themselves
                 with this name type so that DMBs can locate them to perform cross-subnet
                 browse list updates. This name type is also used to initiate elections for Master Browsers.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393437"></a><a name="id393439"></a></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id393443"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id391960"></a><a name="id391962"></a></td><td align="left" valign="top"><p>
+                <a class="indexterm" name="id391966"></a>
                 What is the significance of the <em class="parameter"><code>guest account</code></em> in smb.conf?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 or there must be an entry in the <code class="filename">smb.conf</code> file with a valid UNIX account, such as
                 <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account = ftp</a>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393508"></a><a name="id393510"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id392031"></a><a name="id392033"></a></td><td align="left" valign="top"><p>
                 Is it possible to reduce network broadcast activity with Samba-3?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id393521"></a>
                 <a class="indexterm" name="id393528"></a>
+                <a class="indexterm" name="id392045"></a>
+                <a class="indexterm" name="id392051"></a>
                 Yes, there are two ways to do this. The first involves use of WINS (See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9,
                 Section 9.5, <span class="quote">&#8220;<span class="quote">WINS  The Windows Inter-networking Name Server</span>&#8221;</span>); the
 …
                 a correctly configured DNS server (see <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, Section 9.3, <span class="quote">&#8220;<span class="quote">Discussion</span>&#8221;</span>).
                 </p><p>
                 <a class="indexterm" name="id393558"></a>
                 <a class="indexterm" name="id393564"></a>
                 <a class="indexterm" name="id393573"></a>
+                <a class="indexterm" name="id392082"></a>
+                <a class="indexterm" name="id392087"></a>
+                <a class="indexterm" name="id392097"></a>
                 The use of WINS reduces network broadcast traffic. The reduction is greatest when all network
                 clients are configured to operate in <em class="parameter"><code>Hybrid Mode</code></em>. This can be effected through
 …
                 Use of SMB without NetBIOS is possible only on Windows 200x/XP Professional clients and servers, as
                 well as with Samba-3.
                 </p></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id393609"></a><a name="id393611"></a></td><td align="left" valign="top"><p>
+                </p></div></td></tr><tr class="question"><td align="left" valign="top"><a name="id392132"></a><a name="id392135"></a></td><td align="left" valign="top"><p>
                 Can I just use plain-text passwords with Samba?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 PDC/BDC to provide Windows user and group accounts, the <em class="parameter"><code>idmap uid, idmap gid</code></em> ranges
                 set in the <code class="filename">smb.conf</code> file provide the local UID/GIDs needed for local identity management purposes.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393684"></a><a name="id393686"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id392207"></a><a name="id392209"></a></td><td align="left" valign="top"><p>
                 What parameter in the <code class="filename">smb.conf</code> file is used to enable the use of encrypted passwords?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 The parameter in the <code class="filename">smb.conf</code> file that controls this behavior is known as <em class="parameter"><code>encrypt
                 passwords</code></em>. The default setting for this in Samba-3 is <code class="constant">Yes (Enabled)</code>.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393723"></a><a name="id393725"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id392247"></a><a name="id392249"></a></td><td align="left" valign="top"><p>
                 Is it necessary to specify <a class="link" href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = Yes</a>
                 when Samba-3 is configured as a domain member?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 No. This is the default behavior.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id393753"></a><a name="id393756"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id392277"></a><a name="id392279"></a></td><td align="left" valign="top"><p>
                 Is it necessary to specify a <em class="parameter"><code>guest account</code></em> when Samba-3 is configured
                 as a domain member server?
 …
                 necessary to provide a <a class="link" href="smb.conf.5.html#GUESTACCOUNT" target="_top">guest account = an_account</a>,
                 where <code class="constant">an_account</code> is a valid local UNIX user account.
                 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id392369" href="#id392369" class="para">15</a>] </sup>TOSHARG2, Sect 4.5.1</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. A Collection of Useful Tidbits </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A.
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id390892" href="#id390892" class="para">15</a>] </sup>TOSHARG2, Sect 4.5.1</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="appendix.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="RefSection.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 15. A Collection of Useful Tidbits </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A.
     <acronym class="acronym">GNU</acronym> General Public License version 3
   </td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/secure.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 3. Secure Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id330143">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330177">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330386">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id330398">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id330742">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330776">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id331530">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id335513">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id335566">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 3. Secure Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id328642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id328676">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id328885">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id328897">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id329242">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id329275">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id330030">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id334042">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id334095">Questions and Answers</a></span></dt></dl></div><p>
         Congratulations, your Samba networking skills are developing nicely. You started out
         with three simple networks in <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">&#8220;No-Frills Samba Servers&#8221;</a>, and then in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">&#8220;Small Office Networking&#8221;</a>
 …
         To avoid confusion, this book is all about Samba-3. Let's get the exercises in this
         chapter underway.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id330143"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id328642"></a>Introduction</h2></div></div></div><p>
         You have made Mr. Meany a very happy man. Recently he paid you a fat bonus for work
         well done. It is one year since the last network upgrade. You have been quite busy.
 …
         about your move, she almost resigned, although she was reassured that a new manager would
         be hired to run Information Technology, and she would be responsible only for operations.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id330177"></a>Assignment Tasks</h3></div></div></div><p>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id328676"></a>Assignment Tasks</h3></div></div></div><p>
                 You promised the staff Internet services including Web browsing, electronic mail, virus
                 protection, and a company Web site.  Christine is eager to help turn the vision into
 …
                 some problems with desktop computers and software installation into the new users'
                 desktop profiles.
                 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id330386"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id328885"></a>Dissection and Discussion</h2></div></div></div><p>
         Many of the conclusions you draw here are obvious. Some requirements are not very clear
         or may simply be your means of drawing the most out of Samba-3. Much can be done more simply
 …
         users. This means that some functionality will be overdesigned for the current 130-user
         environment.
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id330398"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id328897"></a>Technical Issues</h3></div></div></div><p>
                 In this exercise we use a 24-bit subnet mask for the two local networks. This,
                 of course, limits our network to a maximum of 253 usable IP addresses. The network
 …
                 in the 172.16.0.0/16 range. This is done in subsequent chapters.
                 </p><p>
                 <a class="indexterm" name="id330412"></a>
                 <a class="indexterm" name="id330419"></a>
+                <a class="indexterm" name="id328912"></a>
+                <a class="indexterm" name="id328918"></a>
                 The high growth rates projected are a good reason to use the <code class="constant">tdbsam</code>
                 passdb backend. The use of <code class="constant">smbpasswd</code> for the backend may result in
 …
                 are not available with the older, flat ASCII-based <code class="constant">smbpasswd</code> database.
                 </p><p>
                 <a class="indexterm" name="id330443"></a>
+                <a class="indexterm" name="id328943"></a>
                 The proposed network design uses a single server to act as an Internet services host for
                 electronic mail, Web serving, remote administrative access via SSH,
 …
                 directly connected to the Internet.
                 </p><p>
                 <a class="indexterm" name="id330462"></a>
                 <a class="indexterm" name="id330469"></a>
                 <a class="indexterm" name="id330475"></a>
                 <a class="indexterm" name="id330483"></a>
+                <a class="indexterm" name="id328962"></a>
+                <a class="indexterm" name="id328968"></a>
+                <a class="indexterm" name="id328974"></a>
+                <a class="indexterm" name="id328983"></a>
                 You know that your ISP is providing full firewall services, but you cannot rely on that.
                 Always assume that human error will occur, so be prepared by using Linux firewall facilities
 …
                 covered except insofar as this affects Samba-3.
                 </p><p>
                 <a class="indexterm" name="id330507"></a>
+                <a class="indexterm" name="id329006"></a>
                 Notebook computers are configured to use a network login when in the office and a
                 local account to log in while away from the office. Users store all work done in
 …
                 records.
                 </p><p>
                 <a class="indexterm" name="id330527"></a>
+                <a class="indexterm" name="id329026"></a>
                 All applications are served from the central server from a share called <code class="constant">apps</code>.
                 Microsoft Office XP Professional and OpenOffice 1.1.0 will be installed using a network
 …
                 locally installed applications on a need-to-have basis only.
                 </p><p>
                 <a class="indexterm" name="id330543"></a>
+                <a class="indexterm" name="id329043"></a>
                 The introduction of roaming profiles support means that users can move between
                 desktop computer systems without constraint while retaining full access to their data.
                 The desktop travels with them as they move.
                 </p><p>
                 <a class="indexterm" name="id330555"></a>
+                <a class="indexterm" name="id329054"></a>
                 The DNS server implementation must now address both internal and external
                 needs. You forward DNS lookups to your ISP-provided server as well as the
                 <code class="constant">abmas.us</code> external secondary DNS server.
                 </p><p>
                 <a class="indexterm" name="id330569"></a>
                 <a class="indexterm" name="id330575"></a>
                 <a class="indexterm" name="id330584"></a>
+                <a class="indexterm" name="id329068"></a>
+                <a class="indexterm" name="id329075"></a>
+                <a class="indexterm" name="id329083"></a>
                 Compared with the DHCP server configuration in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">&#8220;Small Office Networking&#8221;</a>, <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>, the
                 configuration used in this example has to deal with the presence of an Internet connection.
 …
                 then clone that configuration, using Norton Ghost, to all workstations. Each machine is
                 identical, so this should pose no problem.
                 </p><div class="sect3" title="Hardware Requirements"><div class="titlepage"><div><div><h4 class="title"><a name="id330622"></a>Hardware Requirements</h4></div></div></div><p>
                 <a class="indexterm" name="id330630"></a>
+                </p><div class="sect3" title="Hardware Requirements"><div class="titlepage"><div><div><h4 class="title"><a name="id329122"></a>Hardware Requirements</h4></div></div></div><p>
+                <a class="indexterm" name="id329129"></a>
                 This server runs a considerable number of services. From similarly configured Linux
                 installations, the approximate calculated memory requirements are as shown in
 …
                 compromise in this area.
                 </p><p>
                 <a class="indexterm" name="id330669"></a>
+                <a class="indexterm" name="id329168"></a>
                 Aggregate input/output loads should be considered for sizing network configuration as
                 well as disk subsystems. For network bandwidth calculations, one would typically use an
 …
                 switched ports.
                 </p><p>
                 <a class="indexterm" name="id330683"></a>
                 <a class="indexterm" name="id330689"></a>
+                <a class="indexterm" name="id329183"></a>
+                <a class="indexterm" name="id329189"></a>
                 Considering the choice of 1 Gb Ethernet interfaces for the two local network segments,
                 the aggregate network I/O capacity will be 2100 Mb/sec (about 230 MB/sec), an I/O
 …
                        Recommended Storage:              908 GBytes
 </pre></div></div><p><br class="example-break">
                 <a class="indexterm" name="id330731"></a>
+                <a class="indexterm" name="id329231"></a>
                 The preferred storage capacity should be approximately 1 Terabyte. Use of RAID level 5
                 with two hot spare drives would require an 8-drive by 200 GB capacity per drive array.
                 </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id330742"></a>Political Issues</h3></div></div></div><p>
+                </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id329242"></a>Political Issues</h3></div></div></div><p>
                 Your industry is coming under increasing accountability pressures. Increased paranoia
                 is necessary so you can demonstrate that you have acted with due diligence. You must
 …
                 gives you greater control over software licensing.
                 </p><p>
                 <a class="indexterm" name="id330760"></a>
+                <a class="indexterm" name="id329260"></a>
                 You are well aware that the current configuration results in some performance issues
                 as the size of the desktop profile grows. Given that users use Microsoft Outlook
                 Express, you know that the storage implications of the <code class="constant">.PST</code> file
                 is something that needs to be addressed later.
                 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id330776"></a>Implementation</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id329275"></a>Implementation</h2></div></div></div><p>
         <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">&#8220;Abmas Network Topology  130 Users&#8221;</a> demonstrates the overall design of the network that you will implement.
         </p><p>
 …
                 The Domain name is set to <code class="constant">PROMISES</code>.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id330826"></a>
                 <a class="indexterm" name="id330832"></a>
                 <a class="indexterm" name="id330838"></a>
+                <a class="indexterm" name="id329325"></a>
+                <a class="indexterm" name="id329331"></a>
+                <a class="indexterm" name="id329338"></a>
                 Ethernet interface <code class="constant">eth0</code> is attached to the Internet connection
                 and is externally exposed. This interface is explicitly not available for Samba to use.
 …
                 <em class="parameter"><code>bind interfaces only</code></em> entry.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id330868"></a>
                 <a class="indexterm" name="id330874"></a>
                 <a class="indexterm" name="id330881"></a>
+                <a class="indexterm" name="id329368"></a>
+                <a class="indexterm" name="id329374"></a>
+                <a class="indexterm" name="id329380"></a>
                 The <em class="parameter"><code>passdb backend</code></em> parameter specifies the creation and use
                 of the <code class="constant">tdbsam</code> password backend. This is a binary database that
                 has excellent scalability for a large number of user account entries.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id330901"></a>
                 <a class="indexterm" name="id330907"></a>
                 <a class="indexterm" name="id330913"></a>
+                <a class="indexterm" name="id329400"></a>
+                <a class="indexterm" name="id329407"></a>
+                <a class="indexterm" name="id329413"></a>
                 WINS serving is enabled by the <a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = Yes</a>,
                 and name resolution is set to use it by means of the
                 <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order = wins bcast hosts</a> entry.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id330940"></a>
+                <a class="indexterm" name="id329439"></a>
                 The Samba server is configured for use by Windows clients as a time server.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id330950"></a>
                 <a class="indexterm" name="id330957"></a>
                 <a class="indexterm" name="id330963"></a>
+                <a class="indexterm" name="id329450"></a>
+                <a class="indexterm" name="id329456"></a>
+                <a class="indexterm" name="id329462"></a>
                 Samba is configured to directly interface with CUPS via the direct internal interface
                 that is provided by CUPS libraries. This is achieved with the
 …
                 <a class="link" href="smb.conf.5.html#PRINTCAPNAME" target="_top">printcap name = CUPS</a> entries.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id330990"></a>
                 <a class="indexterm" name="id330996"></a>
                 <a class="indexterm" name="id331003"></a>
+                <a class="indexterm" name="id329490"></a>
+                <a class="indexterm" name="id329496"></a>
+                <a class="indexterm" name="id329502"></a>
                 External interface scripts are provided to enable Samba to interface smoothly to
                 essential operating system functions for user and group management. This is important
 …
                 <a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">site</a>.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id331028"></a>
+                <a class="indexterm" name="id329527"></a>
                 The <code class="filename">smb.conf</code> file specifies that the Samba server will operate in (default) <em class="parameter"><code>
                 security = user</code></em> mode<sup>[<a name="id331045" href="#ftn.id331045" class="footnote">5</a>]</sup>
+                security = user</code></em> mode<sup>[<a name="id329544" href="#ftn.id329544" class="footnote">5</a>]</sup>
                 (User Mode).
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id331061"></a>
                 <a class="indexterm" name="id331067"></a>
+                <a class="indexterm" name="id329560"></a>
+                <a class="indexterm" name="id329566"></a>
                 Domain logon services as well as a Domain logon script are specified. The logon script
                 will be used to add robustness to the overall network configuration.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id331079"></a>
                 <a class="indexterm" name="id331085"></a>
                 <a class="indexterm" name="id331092"></a>
+                <a class="indexterm" name="id329578"></a>
+                <a class="indexterm" name="id329585"></a>
+                <a class="indexterm" name="id329591"></a>
                 Roaming profiles are enabled through the specification of the parameter,
                 <a class="link" href="smb.conf.5.html#LOGONPATH" target="_top">logon path = \\%L\profiles\%U</a>. The value of this parameter translates the
 …
                 requirement is when a profile is created for group use.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id331124"></a>
                 <a class="indexterm" name="id331130"></a>
+                <a class="indexterm" name="id329623"></a>
+                <a class="indexterm" name="id329630"></a>
                 Precautionary veto is effected for particular Windows file names that have been targeted by
                 virus-related activity. Additionally, Microsoft Office files are vetoed from opportunistic locking
 …
         The following sections cover each step in logical and defined detail.
         </p><div class="sect2" title="Basic System Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id331207"></a>
+        <a class="indexterm" name="id329706"></a>
         The preparation in this section assumes that your SUSE Enterprise Linux Server 8.0 system has been
         freshly installed. It prepares basic files so that the system is ready for comprehensive
         operation in line with the network diagram shown in <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">&#8220;Abmas Network Topology  130 Users&#8221;</a>.
         </p><div class="procedure" title="Procedure 3.1. Server Configuration Steps"><a name="id331220"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id331231"></a>
+        </p><div class="procedure" title="Procedure 3.1. Server Configuration Steps"><a name="id329720"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id329730"></a>
                 Using the UNIX/Linux system tools, name the server <code class="constant">server.abmas.us</code>.
                 Verify that your hostname is correctly set by running:
 …
 </pre><p>
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id331268"></a>
                 <a class="indexterm" name="id331274"></a>
+                <a class="indexterm" name="id329768"></a>
+                <a class="indexterm" name="id329774"></a>
                 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses
                 of all network interfaces that are on the host server. This is necessary so that during
 …
 .168.2.30    hplj6f.abmas.biz hplj6f
 </pre><p>
                 <a class="indexterm" name="id331319"></a>
                 <a class="indexterm" name="id331325"></a>
                 <a class="indexterm" name="id331332"></a>
+                <a class="indexterm" name="id329818"></a>
+                <a class="indexterm" name="id329825"></a>
+                <a class="indexterm" name="id329831"></a>
                 The printer entries are not necessary if <code class="literal">named</code> is started prior to
                 startup of <code class="literal">cupsd</code>, the CUPS daemon.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id331354"></a>
                 <a class="indexterm" name="id331361"></a>
                 <a class="indexterm" name="id331367"></a>
+                <a class="indexterm" name="id329854"></a>
+                <a class="indexterm" name="id329860"></a>
+                <a class="indexterm" name="id329866"></a>
                 The host server is acting as a router between the two internal network segments as well
                 as for all Internet access. This necessitates that IP forwarding be enabled. This can be
 …
                 To ensure that your kernel is capable of IP forwarding during configuration, you may
                 wish to execute that command manually also. This setting permits the Linux system to
                 act as a router.<sup>[<a name="id331388" href="#ftn.id331388" class="footnote">6</a>]</sup>
+                act as a router.<sup>[<a name="id329888" href="#ftn.id329888" class="footnote">6</a>]</sup>
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id331400"></a>
                 <a class="indexterm" name="id331406"></a>
+                <a class="indexterm" name="id329899"></a>
+                <a class="indexterm" name="id329906"></a>
                 Installation of a basic firewall and NAT facility is necessary.
                 The following script can be installed in the <code class="filename">/usr/local/sbin</code>
 …
 </pre><p>
                 </p></li></ol></div><p>
         <a class="indexterm" name="id331512"></a>
+        <a class="indexterm" name="id330011"></a>
         The server is now ready for Samba configuration. During the validation step, you remove
         the entry for the Samba server <code class="constant">diamond</code> from the <code class="filename">/etc/hosts</code>
         file. This is done after you are satisfied that DNS-based name resolution is functioning correctly.
         </p></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id331530"></a>Samba Configuration</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id330030"></a>Samba Configuration</h3></div></div></div><p>
         When you have completed this section, the Samba server is ready for testing and validation;
         however, testing and validation have to wait until DHCP, DNS, and printing (CUPS) services have
         been configured.
         </p><div class="procedure" title="Procedure 3.2. Samba Configuration Steps"><a name="id331541"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 3.2. Samba Configuration Steps"><a name="id330040"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Install the Samba-3 binary RPM from the Samba-Team FTP site. Assuming that the binary
                 RPM file is called <code class="filename">samba-3.0.20-1.i386.rpm</code>, one way to install this
 …
                 file. The final, fully qualified path for this file should be <code class="filename">/etc/samba/smb.conf</code>.
 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id331640"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id331650"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id331661"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id331671"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331682"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id331692"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331702"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id331713"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id331724"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id331734"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331745"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id331755"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id331766"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id331776"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id331786"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id331797"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id331807"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331818"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id331828"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id331838"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331849"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331859"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id331870"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id331880"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331891"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id331902"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id331912"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id331923"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id331933"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id331944"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id331954"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id331964"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331975"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331985"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id331996"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332006"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332016"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id332027"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id332037"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id332048"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">
 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id332085"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id332096"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id332106"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id332117"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id332135"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id332146"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id332156"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332167"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332177"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332187"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332198"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id332217"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id332227"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id332237"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332248"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id332267"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id332277"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id332287"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id332298"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id332317"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id332327"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id332337"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">
 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id332375"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id332386"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id332396"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id332415"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id332425"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id332436"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id332454"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id332465"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id332475"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id332486"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">
+</p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id330139"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id330150"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id330160"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id330171"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330181"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id330191"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330202"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id330212"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id330223"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id330234"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330244"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id330255"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id330265"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id330275"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id330286"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id330296"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id330307"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330317"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id330327"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id330338"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id330348"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id330359"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id330369"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id330379"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id330390"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id330402"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id330412"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id330422"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id330433"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id330443"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id330454"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id330464"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330474"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330485"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330495"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330506"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330516"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id330526"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id330537"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id330547"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">
+</p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id330585"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id330595"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id330606"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id330616"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id330635"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id330645"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id330656"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330666"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330676"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330687"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330697"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id330716"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id330726"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id330737"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330747"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id330766"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id330776"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id330787"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id330797"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id330816"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id330826"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id330837"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">
+</p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span>  Services Section Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id330875"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id330885"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id330895"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id330914"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id330925"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id330935"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id330954"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id330964"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id330975"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id330985"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">
                 </p></li><li class="step" title="Step 3"><p>
               <a class="indexterm" name="id332503"></a><a class="indexterm" name="id332508"></a>
+              <a class="indexterm" name="id331003"></a><a class="indexterm" name="id331008"></a>
                 Add the <code class="constant">root</code> user to the password backend as follows:
 </p><pre class="screen">
 …
                 without considerable trouble.
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id332548"></a>
+                <a class="indexterm" name="id331048"></a>
                 Create the username map file to permit the <code class="constant">root</code> account to be called
                 <code class="constant">Administrator</code> from the Windows network environment. To do this, create
 …
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id332583"></a>
                 <a class="indexterm" name="id332590"></a>
                 <a class="indexterm" name="id332600"></a>
                 <a class="indexterm" name="id332611"></a>
+                <a class="indexterm" name="id331083"></a>
+                <a class="indexterm" name="id331089"></a>
+                <a class="indexterm" name="id331100"></a>
+                <a class="indexterm" name="id331110"></a>
                 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">&#8220;Small Office Networking&#8221;</a>,
                 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">&#8220;Script to Map Windows NT Groups to UNIX Groups&#8221;</a>. Create a file containing this script. We called ours
 …
                 and then execute the script. Sample output should be as follows:
 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id332645"></a><pre class="screen">
+</p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id331144"></a><pre class="screen">
 #!/bin/bash
+#
 …
 </pre><p>
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id332701"></a>
                 <a class="indexterm" name="id332708"></a>
                 <a class="indexterm" name="id332714"></a>
                 <a class="indexterm" name="id332720"></a>
                 <a class="indexterm" name="id332726"></a>
                 <a class="indexterm" name="id332733"></a>
                 <a class="indexterm" name="id332741"></a>
+                <a class="indexterm" name="id331201"></a>
+                <a class="indexterm" name="id331207"></a>
+                <a class="indexterm" name="id331213"></a>
+                <a class="indexterm" name="id331220"></a>
+                <a class="indexterm" name="id331226"></a>
+                <a class="indexterm" name="id331232"></a>
+                <a class="indexterm" name="id331240"></a>
                 There is one preparatory step without which you will not have a working Samba
                 network environment. You must add an account for each network user.
 …
                 You do of course use a valid user login ID in place of <em class="parameter"><code>username</code></em>.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id332838"></a>
                 <a class="indexterm" name="id332846"></a>
                 <a class="indexterm" name="id332854"></a>
+                <a class="indexterm" name="id331337"></a>
+                <a class="indexterm" name="id331345"></a>
+                <a class="indexterm" name="id331354"></a>
                 Using the preferred tool for your UNIX system, add each user to the UNIX groups created
                 previously as necessary. File system access control will be based on UNIX group membership.
 …
                 file system partition using appropriate system tools.
                 </p></li><li class="step" title="Step 9"><p>
                 <a class="indexterm" name="id332889"></a>
+                <a class="indexterm" name="id331388"></a>
                 Create the top-level file storage directories for data and applications as follows:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 11"><p>
                 <a class="indexterm" name="id333063"></a>
                 <a class="indexterm" name="id333069"></a>
                 <a class="indexterm" name="id333075"></a>
+                <a class="indexterm" name="id331562"></a>
+                <a class="indexterm" name="id331568"></a>
+                <a class="indexterm" name="id331575"></a>
                 Create a logon script. It is important that each line is correctly terminated with
                 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure
 …
         foundational to Internet access as well as to trouble-free operation of local networking. When
         you have completed this section, the server should be ready for solid duty operation.
         </p><div class="procedure" title="Procedure 3.3. DHCP and DNS Server Configuration Steps"><a name="id333134"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id333145"></a>
+        </p><div class="procedure" title="Procedure 3.3. DHCP and DNS Server Configuration Steps"><a name="id331634"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id331644"></a>
                 Create a file called <code class="filename">/etc/dhcpd.conf</code> with the contents as
                 shown in <a class="link" href="secure.html#prom-dhcp" title="Example 3.8. DHCP Server Configuration File /etc/dhcpd.conf">&#8220;DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
 …
 </pre></div></div><p><br class="example-break">
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id333199"></a>
+                <a class="indexterm" name="id331698"></a>
                 Create a file called <code class="filename">/etc/named.conf</code> that has the combined contents
                 of the <a class="link" href="secure.html#ch4namedcfg" title="Example 3.9. DNS Master Configuration File /etc/named.conf Master Section">&#8220;DNS Master Configuration File  /etc/named.conf Master Section&#8221;</a>, <a class="link" href="secure.html#ch4namedvarfwd" title="Example 3.10. DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section">&#8220;DNS Master Configuration File  /etc/named.conf Forward Lookup Definition Section&#8221;</a>, and
 …
                         </p><div class="table"><a name="namedrscfiles"></a><p class="title"><b>Table 3.2. DNS (named) Resource Files</b></p><div class="table-contents"><table summary="DNS (named) Resource Files" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Reference</th><th align="left">File Location</th></tr></thead><tbody><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">&#8220;DNS Localhost Forward Zone File: /var/lib/named/localhost.zone&#8221;</a></td><td align="left">/var/lib/named/localhost.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">&#8220;DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone&#8221;</a></td><td align="left">/var/lib/named/127.0.0.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">&#8220;DNS Root Name Server Hint File: /var/lib/named/root.hint&#8221;</a></td><td align="left">/var/lib/named/root.hint</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">&#8220;DNS Abmas.biz Forward Zone File&#8221;</a></td><td align="left">/var/lib/named/master/abmas.biz.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasus" title="Example 3.15. DNS Abmas.us Forward Zone File">&#8220;DNS Abmas.us Forward Zone File&#8221;</a></td><td align="left">/var/lib/named/abmas.us.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#eth1zone" title="Example 3.12. DNS 192.168.1 Reverse Zone File">&#8220;DNS 192.168.1 Reverse Zone File&#8221;</a></td><td align="left">/var/lib/named/192.168.1.0.rev</td></tr><tr><td align="left"><a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">&#8220;DNS 192.168.2 Reverse Zone File&#8221;</a></td><td align="left">/var/lib/named/192.168.2.0.rev</td></tr></tbody></table></div></div><p><br class="table-break">
 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id333369"></a><pre class="screen">
+</p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File  <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id331893"></a><pre class="screen">
 ###
 # Abmas Biz DNS Control File
 …
                 </p></li><li class="step" title="Step 4"><p>
               <a class="indexterm" name="id333533"></a><a class="indexterm" name="id333539"></a>
+              <a class="indexterm" name="id332064"></a><a class="indexterm" name="id332069"></a>
                 All DNS name resolution should be handled locally. To ensure that the server is configured
                 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> to have the following
 …
 nameserver 123.45.54.23
 </pre><p>
               <a class="indexterm" name="id333561"></a>
+              <a class="indexterm" name="id332092"></a>
                 This instructs the name resolver function (when configured correctly) to ask the DNS server
                 that is running locally to resolve names to addresses. In the event that the local name server
 …
                 purely local names to IP addresses.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id333580"></a>
+                <a class="indexterm" name="id332110"></a>
                 The final step is to edit the <code class="filename">/etc/nsswitch.conf</code> file.
                 This file controls the operation of the various resolver libraries that are part of the Linux
 …
         submitted to it. In other words, our configuration turns CUPS into a raw-mode print queue. This means that
         the correct printer driver must be installed on all clients.
         </p><div class="procedure" title="Procedure 3.4. Printer Configuration Steps"><a name="id333627"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 3.4. Printer Configuration Steps"><a name="id332157"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure each printer to be a DHCP client, carefully following the manufacturer's guidelines.
                 </p></li><li class="step" title="Step 2"><p>
 …
                 port as necessary in the following example commands.
                 This allows the CUPS spooler to print using raw mode protocols.
                 <a class="indexterm" name="id333649"></a>
                 <a class="indexterm" name="id333656"></a>
+                <a class="indexterm" name="id332179"></a>
+                <a class="indexterm" name="id332186"></a>
                 </p></li><li class="step" title="Step 3"><p>
               <a class="indexterm" name="id333669"></a><a class="indexterm" name="id333677"></a>
+              <a class="indexterm" name="id332199"></a><a class="indexterm" name="id332207"></a>
                 Configure the CUPS Print Queues as follows:
 </p><pre class="screen">
 …
 <code class="prompt">root# </code> lpadmin -p hplj6f -v socket://hplj6f.abmas.biz:9100 -E
 </pre><p>
                 <a class="indexterm" name="id333717"></a>
+                <a class="indexterm" name="id332248"></a>
                 This creates the necessary print queues with no assigned print filter.
                 </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id333731"></a>
+                </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id332261"></a>
                 Print queues may not be enabled at creation. Use <code class="literal">lpc stat</code> to check
                 the status of the print queues and, if necessary, make certain that the queues you have
 …
 <code class="prompt">root# </code> /usr/bin/enable hplj6f
 </pre><p>
                 </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id333783"></a>
+                </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id332313"></a>
                 Even though your print queues may be enabled, it is still possible that they
                 are not accepting print jobs. A print queue services incoming printing
 …
 </pre><p>
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id333831"></a>
                 <a class="indexterm" name="id333838"></a>
                 <a class="indexterm" name="id333844"></a>
+                <a class="indexterm" name="id332361"></a>
+                <a class="indexterm" name="id332367"></a>
+                <a class="indexterm" name="id332374"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id333871"></a>
+                <a class="indexterm" name="id332400"></a>
                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 …
         The UNIX system print queues have been configured and are ready for validation testing.
         </p></div><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id333932"></a>
+        <a class="indexterm" name="id332462"></a>
         There are two essential steps to process startup configuration. First, the process
         must be configured so that it automatically restarts each time the server
 …
         necessary start or kill script is run.
         </p><p>
         <a class="indexterm" name="id333964"></a>
         <a class="indexterm" name="id333970"></a>
         <a class="indexterm" name="id333977"></a>
         <a class="indexterm" name="id333984"></a>
         <a class="indexterm" name="id333991"></a>
+        <a class="indexterm" name="id332493"></a>
+        <a class="indexterm" name="id332500"></a>
+        <a class="indexterm" name="id332507"></a>
+        <a class="indexterm" name="id332514"></a>
+        <a class="indexterm" name="id332520"></a>
         In the event that a service is not run as a daemon, but via the internetworking
         super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code>
 …
                 Use the standard system tool to configure each service to restart
                 automatically at every system reboot. For example,
                 <a class="indexterm" name="id334038"></a>
+                <a class="indexterm" name="id332567"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhpcd on
 …
 </pre><p>
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id334080"></a>
                 <a class="indexterm" name="id334087"></a>
                 <a class="indexterm" name="id334094"></a>
+                <a class="indexterm" name="id332610"></a>
+                <a class="indexterm" name="id332617"></a>
+                <a class="indexterm" name="id332624"></a>
                 Now start each service to permit the system to be validated.
                 Execute each of the following in the sequence shown:
 …
 </pre><p>
                 </p></li></ol></div></div><div class="sect2" title="Validation"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p>
         <a class="indexterm" name="id334146"></a>
+        <a class="indexterm" name="id332676"></a>
         Complex networking problems are most often caused by simple things that are poorly or incorrectly
         configured. The validation process adopted here should be followed carefully; it is the result of the
 …
         Later in this book you learn how to make users happier. For now, it is enough to learn to
         validate. Let's get on with it.
         </p><div class="procedure" title="Procedure 3.5. Server Validation Steps"><a name="id334161"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         <a class="indexterm" name="id334172"></a>
+        </p><div class="procedure" title="Procedure 3.5. Server Validation Steps"><a name="id332691"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id332702"></a>
                         One of the most important facets of Samba configuration is to ensure that
                         name resolution functions correctly. You can check name resolution
 …
                         is working.
                         </p></li><li class="step" title="Step 2"><p>
                         <a class="indexterm" name="id334233"></a>
+                        <a class="indexterm" name="id332763"></a>
                         So far, your installation is going particularly well. In this step we validate
                         DNS server and name resolution operation. Using your favorite UNIX system editor,
 …
 </pre><p>
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id334263"></a>
+                        <a class="indexterm" name="id332793"></a>
                         Before you test DNS operation, it is a good idea to verify that the DNS server
                         is running by executing the following:
 …
 </pre><p>
                         This means that we are ready to check DNS operation. Do so by executing:
                         <a class="indexterm" name="id334287"></a>
+                        <a class="indexterm" name="id332818"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> ping diamond
 …
 sleeth1.abmas.biz has address 192.168.1.1
 </pre><p>
                         <a class="indexterm" name="id334321"></a>
+                        <a class="indexterm" name="id332851"></a>
                         You may now remove the entry called <code class="constant">diamond</code> from the
                         <code class="filename">/etc/hosts</code> file. It does not hurt to leave it there,
                         but its removal reduces the number of administrative steps for this name.
                         </p></li><li class="step" title="Step 4"><p>
                         <a class="indexterm" name="id334346"></a>
+                        <a class="indexterm" name="id332876"></a>
                         WINS is a great way to resolve NetBIOS names to their IP address. You can test
                         the operation of WINS by starting <code class="literal">nmbd</code> (manually or by way
 …
 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.479 ms
 </pre><p>
                         <a class="indexterm" name="id334432"></a>
+                        <a class="indexterm" name="id332962"></a>
                         Now that you can relax with the knowledge that all three major forms of name
                         resolution to IP address resolution are working, edit the <code class="filename">/etc/nsswitch.conf</code>
 …
                         comes when you try to add the first DHCP client to the network.
                         </p></li><li class="step" title="Step 6"><p>
                         <a class="indexterm" name="id334485"></a>
+                        <a class="indexterm" name="id333015"></a>
                         This is a good point at which to start validating Samba operation. You are
                         content that name resolution is working for basic TCP/IP needs. Let's move on.
 …
                         Clear away all errors before proceeding.
                         </p></li><li class="step" title="Step 7"><p>
                         <a class="indexterm" name="id334550"></a>
                         <a class="indexterm" name="id334557"></a>
                         <a class="indexterm" name="id334564"></a>
                         <a class="indexterm" name="id334571"></a>
+                        <a class="indexterm" name="id333080"></a>
+                        <a class="indexterm" name="id333087"></a>
+                        <a class="indexterm" name="id333094"></a>
+                        <a class="indexterm" name="id333101"></a>
                         Check that the Samba server is running:
 </p><pre class="screen">
 …
 </pre><p>
                         The <code class="literal">winbindd</code> daemon is running in split mode (normal), so there are also
                         two instances<sup>[<a name="id334598" href="#ftn.id334598" class="footnote">7</a>]</sup> of it.
+                        two instances<sup>[<a name="id333129" href="#ftn.id333129" class="footnote">7</a>]</sup> of it.
                         </p></li><li class="step" title="Step 8"><p>
                         <a class="indexterm" name="id334627"></a>
               <a class="indexterm" name="id334634"></a>
+                        <a class="indexterm" name="id333157"></a>
+              <a class="indexterm" name="id333164"></a>
                         Check that an anonymous connection can be made to the Samba server:
 </p><pre class="screen">
 …
                         a <code class="constant">NULL</code> password.
                         </p></li><li class="step" title="Step 9"><p>
                         <a class="indexterm" name="id334682"></a>
                         <a class="indexterm" name="id334688"></a>
                         <a class="indexterm" name="id334695"></a>
+                        <a class="indexterm" name="id333211"></a>
+                        <a class="indexterm" name="id333218"></a>
+                        <a class="indexterm" name="id333225"></a>
                         Verify that each printer has the IP address assigned in the DHCP server configuration file.
                         The easiest way to do this is to ping the printer name. Immediately after the ping response
 …
 hplj6a (192.168.1.30) at 00:03:47:CB:81:E0 [ether] on eth0
 </pre><p>
               <a class="indexterm" name="id334736"></a>
+              <a class="indexterm" name="id333266"></a>
                         The MAC address <code class="constant">00:03:47:CB:81:E0</code> matches that specified for the
                         IP address from which the printer has responded and with the entry for it in the
                         <code class="filename">/etc/dhcpd.conf</code> file. Repeat this for each printer configured.
                         </p></li><li class="step" title="Step 10"><p>
                         <a class="indexterm" name="id334763"></a>
+                        <a class="indexterm" name="id333292"></a>
                         Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool:
 </p><pre class="screen">
 …
 </pre><p>
                         </p></li><li class="step" title="Step 11"><p>
                         <a class="indexterm" name="id334807"></a>
+                        <a class="indexterm" name="id333336"></a>
                         Your new server is connected to an Internet-accessible connection. Before you start
                         your firewall, you should run a port scanner against your system. You should repeat that
 …
 </pre><p>
                         </p></li></ol></div></div><div class="sect2" title="Application Share Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p>
         <a class="indexterm" name="id334886"></a>
         <a class="indexterm" name="id334893"></a>
+        <a class="indexterm" name="id333416"></a>
+        <a class="indexterm" name="id333422"></a>
         The use of an application server is a key mechanism by which desktop administration overheads
         can be reduced. Check the application manual for your software to identify how best to
 …
                 of work files on the local workstation.
                 </p></li></ul></div><p>
         <a class="indexterm" name="id334936"></a>
+        <a class="indexterm" name="id333465"></a>
         A common application deployed in this environment is an office suite.
         Enterprise editions of Microsoft Office XP Professional can be administratively installed
 …
         local disk space. In the latter case, when the applications are used, they load over the network.
         </p><p>
         <a class="indexterm" name="id334963"></a>
         <a class="indexterm" name="id334970"></a>
+        <a class="indexterm" name="id333493"></a>
+        <a class="indexterm" name="id333500"></a>
         Microsoft Office Service Packs can be unpacked to update an administrative share. This makes
         it possible to update MS Office XP Professional for all users from a single installation
 …
         editing or by way of configuration options inside each Office XP Professional application.
         </p><p>
         <a class="indexterm" name="id334988"></a>
+        <a class="indexterm" name="id333517"></a>
         OpenOffice.Org OpenOffice Version 1.1.0 can be installed locally. It can also
         be installed to run off a network share. The latter is a most desirable solution for office-bound
 …
         share point. The full administrative OpenOffice share takes approximately 150 MB of disk
         space.
         </p><div class="sect3" title="Comments Regarding Software Terms of Use"><div class="titlepage"><div><div><h4 class="title"><a name="id335012"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>
+        </p><div class="sect3" title="Comments Regarding Software Terms of Use"><div class="titlepage"><div><div><h4 class="title"><a name="id333541"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>
                         Many single-user products can be installed into an administrative share, but
                         personal versions of products such as Microsoft Office XP Professional do not permit this.
 …
                         please do not use the software.
                         </p><p>
                         <a class="indexterm" name="id335047"></a>
+                        <a class="indexterm" name="id333576"></a>
                         Samba is provided under the terms of the GNU GPL Version 2, a copy of which is provided
                         with the source code.
 …
         be done with notebook computers as long as they are identical or sufficiently similar.
         </p><div class="procedure" title="Procedure 3.6. Windows Client Configuration Procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id335091"></a>
                 <a class="indexterm" name="id335098"></a>
+                <a class="indexterm" name="id333619"></a>
+                <a class="indexterm" name="id333626"></a>
                 Install MS Windows XP Professional. During installation, configure the client to use DHCP for
                 TCP/IP protocol configuration. DHCP configures all Windows clients to use the WINS Server
 …
                 preparation procedure below.
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id335222"></a>
+                <a class="indexterm" name="id333750"></a>
                 When you are satisfied that the staging systems are complete, use the appropriate procedure to
                 remove the client from the domain. Reboot the system and then log on as the local administrator
 …
                 machine to a network share on the server.
                 </p></li><li class="step" title="Step 10"><p>
                 <a class="indexterm" name="id335246"></a>
                 <a class="indexterm" name="id335256"></a>
+                <a class="indexterm" name="id333774"></a>
+                <a class="indexterm" name="id333784"></a>
                 You may now replicate the image to the target machines using the appropriate Norton Ghost
                 procedure. Make sure to use the procedure that ensures each machine has a unique
 …
                 Repeat the printer installation steps above for both HP LaserJet 6 printers
                 as well as for both QMS Magicolor laser printers.
                 </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id335513"></a>Key Points Learned</h3></div></div></div><p>
+                </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id334042"></a>Key Points Learned</h3></div></div></div><p>
                 How do you feel? You have built a capable network, a truly ambitious project.
                 Future network updates can be handled by
 …
                         client in order to effect improved standardization of desktops and to reduce
                         the costs of network management.
                         </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id335566"></a>Questions and Answers</h2></div></div></div><p>
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id335576"></a><dl><dt>1. <a href="secure.html#id335582">
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id334095"></a>Questions and Answers</h2></div></div></div><p>
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id334104"></a><dl><dt>1. <a href="secure.html#id334111">
                 What is the maximum number of account entries that the tdbsam
                 passdb backend can handle?
                 </a></dt><dt>2. <a href="secure.html#id335635">
+                </a></dt><dt>2. <a href="secure.html#id334164">
                 Would Samba operate any better if the OS level is set to a value higher than 35?
                 </a></dt><dt>3. <a href="secure.html#id335654">
+                </a></dt><dt>3. <a href="secure.html#id334183">
                 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups?
                 </a></dt><dt>4. <a href="secure.html#id335674">
+                </a></dt><dt>4. <a href="secure.html#id334202">
                 Why has a path been specified in the IPC$ share?
                 </a></dt><dt>5. <a href="secure.html#id335699">
+                </a></dt><dt>5. <a href="secure.html#id334228">
                 Why does the smb.conf file in this exercise include an entry for smb ports?
                 </a></dt><dt>6. <a href="secure.html#id335740">
+                </a></dt><dt>6. <a href="secure.html#id334268">
                 What is the difference between a print queue and a printer?
                 </a></dt><dt>7. <a href="secure.html#id335768">
+                </a></dt><dt>7. <a href="secure.html#id334296">
                 Can all MS Windows application software be installed onto an application server share?
                 </a></dt><dt>8. <a href="secure.html#id335788">
+                </a></dt><dt>8. <a href="secure.html#id334316">
                 Why use dynamic DNS (DDNS)?
                 </a></dt><dt>9. <a href="secure.html#id335807">
+                </a></dt><dt>9. <a href="secure.html#id334335">
                 Why would you use WINS as well as DNS-based name resolution?
                 </a></dt><dt>10. <a href="secure.html#id335876">
+                </a></dt><dt>10. <a href="secure.html#id334404">
                 What are the major benefits of using an application server?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id335582"></a><a name="id335584"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id334111"></a><a name="id334113"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
                 What is the maximum number of account entries that the <em class="parameter"><code>tdbsam</code></em>
                 passdb backend can handle?
 …
                 not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The
                 limitation of 250 users per tdbsam is predicated only on the need for replication,
                 not on the limits<sup>[<a name="id335626" href="#ftn.id335626" class="footnote">8</a>]</sup> of the tdbsam backend itself.
                 </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id335635"></a><a name="id335637"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
+                not on the limits<sup>[<a name="id334154" href="#ftn.id334154" class="footnote">8</a>]</sup> of the tdbsam backend itself.
+                </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id334164"></a><a name="id334166"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
                 Would Samba operate any better if the OS level is set to a value higher than 35?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 of 35 already assures Samba of precedence over MS Windows products in browser elections. There is
                 no gain to be had from setting this higher.
                 </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id335654"></a><a name="id335656"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id334183"></a><a name="id334185"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
                 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 a later date Samba may make use of Windows Local Groups, as well as of the Active Directory special
                 Groups. Proper operation requires Domain Groups to be mapped to valid UNIX groups.
                 </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id335674"></a><a name="id335676"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id334202"></a><a name="id334205"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
                 Why has a path been specified in the <em class="parameter"><code>IPC$</code></em> share?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 obtain access to the file system, it does so at a location that presents least risk. Under normal operation
                 this type of paranoid step should not be necessary. The use of this parameter should not be necessary.
                 </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id335699"></a><a name="id335701"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id334228"></a><a name="id334230"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
                 Why does the <code class="filename">smb.conf</code> file in this exercise include an entry for <a class="link" href="smb.conf.5.html#SMBPORTS" target="_top">smb ports</a>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 The result of this is improved network performance. Where Samba-3 is installed as an Active Directory Domain
                 member, the default behavior is highly beneficial and should not be changed.
                 </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id335740"></a><a name="id335742"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id334268"></a><a name="id334270"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
                 What is the difference between a print queue and a printer?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 and the job is then submitted to a sequential print queue where the job is stored until
                 the printer is ready to receive the job.
                 </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id335768"></a><a name="id335770"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id334296"></a><a name="id334298"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
                 Can all MS Windows application software be installed onto an application server share?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 Professional do not permit installation to an application server share and can be installed
                 and used only to/from a local workstation hard disk.
                 </p></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id335788"></a><a name="id335791"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id334316"></a><a name="id334319"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
                 Why use dynamic DNS (DDNS)?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 network clients that are not NetBIOS-enabled, and thus cannot use WINS, to locate
                 Windows clients via DNS.
                 </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id335807"></a><a name="id335809"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id334335"></a><a name="id334337"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
                 Why would you use WINS as well as DNS-based name resolution?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 expression that may be up to 1024 characters in length and that represents an IP address.
                 A NetBIOS name is always 16 characters long. The 16<sup>th</sup> character
                 is a name type indicator. A specific name type is registered<sup>[<a name="id335840" href="#ftn.id335840" class="footnote">9</a>]</sup> for each
+                is a name type indicator. A specific name type is registered<sup>[<a name="id334368" href="#ftn.id334368" class="footnote">9</a>]</sup> for each
                 type of service that is provided by the Windows server or client and that may be registered
                 where a WINS server is in use.
 …
                 </p><p>
                 Windows 200x Active Directory requires the registration in the DNS zone for the domain it
                 controls of service locator<sup>[<a name="id335866" href="#ftn.id335866" class="footnote">10</a>]</sup> records
+                controls of service locator<sup>[<a name="id334394" href="#ftn.id334394" class="footnote">10</a>]</sup> records
                 that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also
                 requires the registration of special records that are called global catalog (GC) entries
                 and site entries by which domain controllers and other essential ADS servers may be located.
                 </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id335876"></a><a name="id335879"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id334404"></a><a name="id334406"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
                 What are the major benefits of using an application server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 one location for all major applications used. This results in faster update roll-outs and
                 significantly better application usage control.
                 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id331045" href="#id331045" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id329544" href="#id329544" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.
                 This is necessary so that Samba can act as a Domain Controller (PDC); see
                 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id331388" href="#id331388" class="para">6</a>] </sup>You may want to do the echo command last and include
                                 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id334598" href="#id334598" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>,
+                <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id329888" href="#id329888" class="para">6</a>] </sup>You may want to do the echo command last and include
+                                "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id333129" href="#id333129" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>,
                         Chapter 23, Section 23.3. The single instance of <code class="literal">smbd</code> is normal. One additional
                         <code class="literal">smbd</code> slave process is spawned for each SMB/CIFS client
                         connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id335626" href="#id335626" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very
+                        connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id334154" href="#id334154" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very
                 effective database technology.  There is surprisingly little performance loss even
                 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id335840" href="#id335840" class="para">9</a>] </sup>
                 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id335866" href="#id335866" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>
+                with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id334368" href="#id334368" class="para">9</a>] </sup>
+                See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id334394" href="#id334394" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/simple.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 1. No-Frills Samba Servers</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="next" href="small.html" title="Chapter 2. Small Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 1. No-Frills Samba Servers</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ExNetworks.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="small.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 1. No-Frills Samba Servers"><div class="titlepage"><div><div><h2 class="title"><a name="simple"></a>Chapter 1. No-Frills Samba Servers</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="simple.html#id323089">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id323120">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id323158">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id323803">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id326925">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 1. No-Frills Samba Servers</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="next" href="small.html" title="Chapter 2. Small Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 1. No-Frills Samba Servers</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ExNetworks.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="small.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 1. No-Frills Samba Servers"><div class="titlepage"><div><div><h2 class="title"><a name="simple"></a>Chapter 1. No-Frills Samba Servers</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="simple.html#id321589">Introduction</a></span></dt><dt><span class="sect1"><a href="simple.html#id321619">Assignment Tasks</a></span></dt><dd><dl><dt><span class="sect2"><a href="simple.html#id321657">Drafting Office</a></span></dt><dt><span class="sect2"><a href="simple.html#id322302">Charity Administration Office</a></span></dt><dt><span class="sect2"><a href="simple.html#AccountingOffice">Accounting Office</a></span></dt></dl></dd><dt><span class="sect1"><a href="simple.html#id325424">Questions and Answers</a></span></dt></dl></div><p>
         This is the start of the real journey toward the successful deployment of Samba. For some this chapter
         is the end of the road because their needs will have been adequately met. For others, this chapter is
 …
         example configurations of, for the greater part, complete networking solutions. The intent of this book
         is to help you to get your Samba installation working with the least amount of pain and aggravation.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id323089"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id321589"></a>Introduction</h2></div></div></div><p>
         This chapter lays the groundwork for understanding the basics of Samba operation.
         Instead of a bland technical discussion, each principle is demonstrated by way of a
         real-world scenario for which a working solution<sup>[<a name="id323099" href="#ftn.id323099" class="footnote">1</a>]</sup> is fully described.
+        real-world scenario for which a working solution<sup>[<a name="id321598" href="#ftn.id321598" class="footnote">1</a>]</sup> is fully described.
         </p><p>
         The practical exercises take you on a journey through a drafting office, a charity administration
 …
         you should aim to be a Samba expert, so do attempt to find better solutions and try them as you work your
         way through the examples.
         </p></div><div class="sect1" title="Assignment Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id323120"></a>Assignment Tasks</h2></div></div></div><p>
+        </p></div><div class="sect1" title="Assignment Tasks"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id321619"></a>Assignment Tasks</h2></div></div></div><p>
         Each case presented highlights different aspects of Windows networking for which a simple
         Samba-based solution can be provided. Each has subtly different requirements taken from real-world cases.
 …
         </p><p>
         Let's get started.
         </p><div class="sect2" title="Drafting Office"><div class="titlepage"><div><div><h3 class="title"><a name="id323158"></a>Drafting Office</h3></div></div></div><p>
+        </p><div class="sect2" title="Drafting Office"><div class="titlepage"><div><div><h3 class="title"><a name="id321657"></a>Drafting Office</h3></div></div></div><p>
         Our fictitious company is called <span class="emphasis"><em>Abmas Design, Inc.</em></span> This is a three-person
         computer-aided design (CAD) business that often has more work than can be handled. The
 …
         plans from each machine. The files available from the server must remain read-only.
         Anyone should be able to access the plans at any time and without barriers or difficulty.
         </p><p><a class="indexterm" name="id323177"></a>
                 <a class="indexterm" name="id323183"></a>
+        </p><p><a class="indexterm" name="id321676"></a>
+                <a class="indexterm" name="id321682"></a>
         Mr. Bob Jordan has asked you to install the new server as economically as possible. The central
         server has a Pentium-IV 1.6GHz CPU, 768MB RAM, a 20GB IDE boot drive, a 160GB IDE second disk
 …
         <a class="ulink" href="http://www.samba.org" target="_top">FTP</a> sites. (Note: Fedora CoreX indicates your favorite
         version.)
         </p><p><a class="indexterm" name="id323204"></a>
+        </p><p><a class="indexterm" name="id321703"></a>
         The four permanent drafting machines (Microsoft Windows workstations) have attached printers
         and plotters that are shared on a peer-to-peer basis by any and all network users. The intent
 …
         machine. The office works best with this arrangement and does not want to change anything.
         Old habits are too ingrained.
         </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id323219"></a>Dissection and Discussion</h4></div></div></div><p>
                 <a class="indexterm" name="id323227"></a>
+        </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id321719"></a>Dissection and Discussion</h4></div></div></div><p>
+                <a class="indexterm" name="id321726"></a>
                 The requirements for this server installation demand simplicity. An anonymous read-only
                 file server adequately meets all needs. The network consultant determines how
 …
                 </p><p>
                 It is not necessary to have specific users on the server. The site has a method for storing
                 all design files (plans). Each plan is stored in a directory that is named YYYYWW,<sup>[<a name="id323243" href="#ftn.id323243" class="footnote">2</a>]</sup> where
+                all design files (plans). Each plan is stored in a directory that is named YYYYWW,<sup>[<a name="id321742" href="#ftn.id321742" class="footnote">2</a>]</sup> where
                 YYYY is the year, and WW is the week of the year. This arrangement allows work to be stored
                 by week of year to preserve the filing technique the site is familiar with.
 …
                 demanding the disk space that would be needed if a duplicate file copy were to be stored.
                 The share containing the plans is called <span class="emphasis"><em>Plans</em></span>.
                 </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="id323262"></a>Implementation</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="id321762"></a>Implementation</h4></div></div></div><p>
                 It is assumed that the server is fully installed and ready for installation and
                 configuration of Samba 3.0.20 and any support files needed. All TCP/IP addresses
 …
                 <code class="constant">192.168.1.1</code> and the netmask is <code class="constant">255.255.255.0</code>.
                 The hostname of the server used is <code class="constant">server</code>.
                 </p><div class="procedure" title="Procedure 1.1. Samba Server Configuration"><a name="id323282"></a><p class="title"><b>Procedure 1.1. Samba Server Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                </p><div class="procedure" title="Procedure 1.1. Samba Server Configuration"><a name="id321782"></a><p class="title"><b>Procedure 1.1. Samba Server Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Download the Samba-3 RPM packages for Red Hat Fedora Core2 from the Samba
                         <a class="ulink" href="http://www.samba.org" target="_top">FTP servers.</a>
                         </p></li><li class="step" title="Step 2"><p>
                         <a class="indexterm" name="id323305"></a>
                         <a class="indexterm" name="id323314"></a>
+                        <a class="indexterm" name="id321805"></a>
+                        <a class="indexterm" name="id321813"></a>
                         Install the RPM package using either the Red Hat Linux preferred GUI
                         tool or the <code class="literal">rpm</code>:
 …
                         and execute, and the group and everyone else to read and execute only.
                         </p><p>
                         <a class="indexterm" name="id323369"></a>
+                        <a class="indexterm" name="id321869"></a>
                         Use Red Hat Linux system tools (refer to Red Hat instructions)
                         to format the 160GB hard drive with a suitable file system. An Ext3 file system
 …
                         <code class="filename">/etc/samba</code> directory.
 </p><div class="example"><a name="draft-smbconf"></a><p class="title"><b>Example 1.1. Drafting Office <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id323435"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id323446"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[Plans]</code></em></td></tr><tr><td><a class="indexterm" name="id323464"></a><em class="parameter"><code>path = /plans</code></em></td></tr><tr><td><a class="indexterm" name="id323475"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323485"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><p><br class="example-break">
+</p><div class="example"><a name="draft-smbconf"></a><p class="title"><b>Example 1.1. Drafting Office <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id321935"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id321945"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[Plans]</code></em></td></tr><tr><td><a class="indexterm" name="id321964"></a><em class="parameter"><code>path = /plans</code></em></td></tr><tr><td><a class="indexterm" name="id321974"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id321985"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><p><br class="example-break">
                         </p></li><li class="step" title="Step 5"><p>
                         <a class="indexterm" name="id323503"></a>
+                        <a class="indexterm" name="id322002"></a>
                         Verify that the <code class="filename">/etc/hosts</code> file contains the following entry:
 </p><pre class="screen">
 …
                         </p></li><li class="step" title="Step 6"><p>
                         <a class="indexterm" name="id323526"></a>
                         <a class="indexterm" name="id323534"></a>
                         <a class="indexterm" name="id323540"></a>
+                        <a class="indexterm" name="id322025"></a>
+                        <a class="indexterm" name="id322034"></a>
+                        <a class="indexterm" name="id322040"></a>
                         Use the standard system tool to start Samba and to configure it to restart
                         automatically at every system reboot. For example,
 …
 <code class="prompt">root# </code> /etc/rc.d/init.d/smb restart
 </pre><p>
                         </p></li></ol></div><div class="procedure" title="Procedure 1.2. Windows Client Configuration"><a name="id323566"></a><p class="title"><b>Procedure 1.2. Windows Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        </p></li></ol></div><div class="procedure" title="Procedure 1.2. Windows Client Configuration"><a name="id322065"></a><p class="title"><b>Procedure 1.2. Windows Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         Make certain that all clients are set to the same network address range as
                         used for the Samba server. For example, one client might have an IP
                         address 192.168.1.10.
                         </p></li><li class="step" title="Step 2"><p>
                         <a class="indexterm" name="id323584"></a>
+                        <a class="indexterm" name="id322084"></a>
                         Ensure that the netmask used on the Windows clients matches that used
                         for the Samba server. All clients must have the same netmask, such as
 .255.255.0.
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id323598"></a>
+                        <a class="indexterm" name="id322098"></a>
                         Set the workgroup name on all clients to <code class="constant">MIDEARTH</code>.
                         </p></li><li class="step" title="Step 4"><p>
 …
                         and that it is possible to open that share to reveal its contents.
                         </p></li></ol></div></div><div class="sect3" title="Validation"><div class="titlepage"><div><div><h4 class="title"><a name="validate1"></a>Validation</h4></div></div></div><p>
                 <a class="indexterm" name="id323642"></a>
+                <a class="indexterm" name="id322141"></a>
                 The first priority in validating the new Samba configuration should be to check
                 that Samba answers on the loop-back interface. Then it is time to check that Samba
 …
                 server.
                 </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         <a class="indexterm" name="id323659"></a>
                         <a class="indexterm" name="id323665"></a>
                         <a class="indexterm" name="id323671"></a>
+                        <a class="indexterm" name="id322158"></a>
+                        <a class="indexterm" name="id322164"></a>
+                        <a class="indexterm" name="id322171"></a>
                         To check the ability to access the <code class="literal">smbd</code> daemon
                         services, execute the following:
 …
         MIDEARTH           SERVER
 </pre><p>
                         <a class="indexterm" name="id323697"></a>
                         <a class="indexterm" name="id323703"></a>
+                        <a class="indexterm" name="id322197"></a>
+                        <a class="indexterm" name="id322203"></a>
                         This indicates that Samba is able to respond on the loopback interface to
                         a NULL connection. The <em class="parameter"><code>-U%</code></em> means send an empty
 …
                         <em class="parameter"><code>guest account</code></em> for all connections.
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id323748"></a>
                         <a class="indexterm" name="id323754"></a>
+                        <a class="indexterm" name="id322248"></a>
+                        <a class="indexterm" name="id322254"></a>
                         From the Windows 9x/Me client, launch Windows Explorer:
                         <span class="guiicon">[Desktop: right-click] Network Neighborhood</span>+<span class="guimenu">Explore</span> &#8594; <span class="guimenuitem">[Left Panel]  [+] Entire Network</span> &#8594; <span class="guimenuitem">[Left Panel] [+] Server</span> &#8594; <span class="guimenuitem">[Left Panel] [+] Plans</span>. In the right panel you should see the files and directories
                         (folders) that are in the <span class="guiicon">Plans</span> share.
                         </p></li></ol></div></div></div><div class="sect2" title="Charity Administration Office"><div class="titlepage"><div><div><h3 class="title"><a name="id323803"></a>Charity Administration Office</h3></div></div></div><p>
+                        </p></li></ol></div></div></div><div class="sect2" title="Charity Administration Office"><div class="titlepage"><div><div><h3 class="title"><a name="id322302"></a>Charity Administration Office</h3></div></div></div><p>
         The fictitious charity organization is called <span class="emphasis"><em>Abmas Vision NL</em></span>. This office
         has five networked computers. Staff are all volunteers, staff changes are frequent.
 …
         file share.
         </p><p>
         <a class="indexterm" name="id323847"></a>
         <a class="indexterm" name="id323854"></a>
+        <a class="indexterm" name="id322347"></a>
+        <a class="indexterm" name="id322353"></a>
         Printer handling in Samba results in a significant level of confusion. Samba presents to the
         MS Windows client only a print queue. The Samba <code class="literal">smbd</code> process passes a
 …
         used on this network.
         </p><p>
         <a class="indexterm" name="id323879"></a>
+        <a class="indexterm" name="id322379"></a>
         The central server was donated by a local computer store. It is a dual processor Pentium-III
         server, has 1GB RAM, a 3-Ware IDE RAID Controller that has four 200GB IDE hard drives, and a
 …
         to the printers was accepted. You have supplied SUSE Enterprise Linux Server 9 and
         have upgraded Samba to version 3.0.20.
         </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id323894"></a>Dissection and Discussion</h4></div></div></div><p>
                 <a class="indexterm" name="id323902"></a>
                 <a class="indexterm" name="id323908"></a>
                 <a class="indexterm" name="id323914"></a>
                 <a class="indexterm" name="id323920"></a>
+        </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id322394"></a>Dissection and Discussion</h4></div></div></div><p>
+                <a class="indexterm" name="id322401"></a>
+                <a class="indexterm" name="id322407"></a>
+                <a class="indexterm" name="id322414"></a>
+                <a class="indexterm" name="id322420"></a>
                 This installation demands simplicity. Frequent turnover of volunteer staff indicates that
                 a network environment that requires users to logon might be problematic. It is suggested that the
 …
                 an inadvertent ACL from overriding actual file permissions.
                 </p><p>
                 <a class="indexterm" name="id323953"></a>
                 <a class="indexterm" name="id323959"></a>
                 <a class="indexterm" name="id323965"></a>
+                <a class="indexterm" name="id322452"></a>
+                <a class="indexterm" name="id322458"></a>
+                <a class="indexterm" name="id322465"></a>
                 This organization is a prime candidate for Share Mode security. The <em class="parameter"><code>force user</code></em>
                 allows all files to be owned by the same user and group. In addition, it would not hurt to
 …
                 For further information regarding the significance of the SUID/SGID settings, see <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">&#8220;A Collection of Useful Tidbits&#8221;</a>, <a class="link" href="appendix.html#ch12-SUIDSGID" title="Effect of Setting File and Directory SUID/SGID Permissions Explained">&#8220;Effect of Setting File and Directory SUID/SGID Permissions Explained&#8221;</a>.
                 </p><p>
                 <a class="indexterm" name="id323994"></a>
                 <a class="indexterm" name="id324000"></a>
                 <a class="indexterm" name="id324009"></a>
                 <a class="indexterm" name="id324015"></a>
+                <a class="indexterm" name="id322494"></a>
+                <a class="indexterm" name="id322500"></a>
+                <a class="indexterm" name="id322508"></a>
+                <a class="indexterm" name="id322515"></a>
                 All client workstations print to a print queue on the server. This ensures that print jobs
                 continue to print in the event that a user shuts down the workstation immediately after
 …
                 that CUPS has become the leading UNIX printing technology.
                 </p><p>
                 <a class="indexterm" name="id324028"></a>
+                <a class="indexterm" name="id322528"></a>
                 The print queues are set up as <code class="constant">Raw</code> devices, which means that CUPS will
                 not do intelligent print processing, and vendor-supplied drivers must be installed locally on the
 …
                 really is just a print queue. The name of the print queue is representative of
                 the device to which the print spooler delivers print jobs.
                 </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="id324064"></a>Implementation</h4></div></div></div><p>
+                </p></div><div class="sect3" title="Implementation"><div class="titlepage"><div><div><h4 class="title"><a name="id322563"></a>Implementation</h4></div></div></div><p>
                 It is assumed that the server is fully installed and ready for configuration of
                 Samba 3.0.20 and for necessary support files. All TCP/IP addresses should be hard-coded.
 …
 .255.255.0. The hostname of the server used is <code class="constant">server</code>.
                 The office network is built as shown in <a class="link" href="simple.html#charitynet" title="Figure 1.1. Charity Administration Office Network">&#8220;Charity Administration Office Network&#8221;</a>.
                 </p><div class="figure"><a name="charitynet"></a><p class="title"><b>Figure 1.1. Charity Administration Office Network</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/Charity-Network.png" width="432" alt="Charity Administration Office Network"></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 1.3. Samba Server Configuration"><a name="id324118"></a><p class="title"><b>Procedure 1.3. Samba Server Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         <a class="indexterm" name="id324129"></a>
+                </p><div class="figure"><a name="charitynet"></a><p class="title"><b>Figure 1.1. Charity Administration Office Network</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/Charity-Network.png" width="432" alt="Charity Administration Office Network"></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 1.3. Samba Server Configuration"><a name="id322618"></a><p class="title"><b>Procedure 1.3. Samba Server Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id322628"></a>
                         Create a group account for office file storage:
 </p><pre class="screen">
 …
 </pre><p>
                         </p></li><li class="step" title="Step 2"><p>
                         <a class="indexterm" name="id324152"></a>
                         <a class="indexterm" name="id324158"></a>
+                        <a class="indexterm" name="id322651"></a>
+                        <a class="indexterm" name="id322658"></a>
                         Create a user account for office file storage:
 </p><pre class="screen">
 …
                                 The resulting drive has a capacity of approximately 500GB of usable space.
                                 </p></li><li class="step" title="Step 4"><p>
                                 <a class="indexterm" name="id324197"></a>
+                                <a class="indexterm" name="id322696"></a>
                                 Create a mount point for the file system that can be used to store all data files.
                                 Create a directory called <code class="filename">/data</code>:
 …
 /data/officefiles/misc
 </pre><p>
                                 <a class="indexterm" name="id324296"></a>
+                                <a class="indexterm" name="id322795"></a>
                                 The <code class="literal">chown</code> operation sets the owner to the user <code class="constant">abmas</code>
                                 and the group to <code class="constant">office</code> on all directories just created.  It recursively
 …
                                 created. Any new directories created still have the same owner, group, and permissions as the
                                 directory they are in. This should eliminate all permissions-based file access problems.  For
                                 more information on this subject, refer to TOSHARG2<sup>[<a name="id324318" href="#ftn.id324318" class="footnote">3</a>]</sup> or refer
+                                more information on this subject, refer to TOSHARG2<sup>[<a name="id322818" href="#ftn.id322818" class="footnote">3</a>]</sup> or refer
                                 to the UNIX man page for the <code class="literal">chmod</code> and the <code class="literal">chown</code> commands.
                                 </p></li><li class="step" title="Step 7"><p>
 …
                                 <code class="filename">/etc/samba</code> directory.
                                 </p></li><li class="step" title="Step 8"><p>
                                 <a class="indexterm" name="id324382"></a>
+                                <a class="indexterm" name="id322881"></a>
                                 We must ensure that the <code class="literal">smbd</code> can resolve the name of the Samba
                                 server to its IP address. Verify that the <code class="filename">/etc/hosts</code> file
 …
                                 so that the CUPS spooler can print using raw mode protocols.
                                 </p></li><li class="step" title="Step 10"><p>
                                 <a class="indexterm" name="id324423"></a>
+                                <a class="indexterm" name="id322923"></a>
                                 Configure the CUPS Print Queues:
 </p><pre class="screen">
 …
                                 This creates the necessary print queues with no assigned print filter.
                                 </p></li><li class="step" title="Step 11"><p>
                                 <a class="indexterm" name="id324452"></a>
                                 <a class="indexterm" name="id324459"></a>
                                 <a class="indexterm" name="id324465"></a>
+                                <a class="indexterm" name="id322952"></a>
+                                <a class="indexterm" name="id322958"></a>
+                                <a class="indexterm" name="id322964"></a>
                                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                                 </p></li><li class="step" title="Step 12"><p>
                                 <a class="indexterm" name="id324488"></a>
+                                <a class="indexterm" name="id322988"></a>
                                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                                 </p></li><li class="step" title="Step 13"><p>
                                 <a class="indexterm" name="id324511"></a>
+                                <a class="indexterm" name="id323011"></a>
                                 Use the standard system tool to start Samba and CUPS to configure them to restart
                                 automatically at every system reboot. For example,
                                 </p><p>
                                 <a class="indexterm" name="id324522"></a>
                                 <a class="indexterm" name="id324528"></a>
                                 <a class="indexterm" name="id324535"></a>
+                                <a class="indexterm" name="id323022"></a>
+                                <a class="indexterm" name="id323028"></a>
+                                <a class="indexterm" name="id323034"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig smb on
 …
 <code class="prompt">root# </code> /etc/rc.d/init.d/cups restart
 </pre><p>
                                 </p></li></ol></div><div class="example"><a name="charity-smbconfnew"></a><p class="title"><b>Example 1.2. Charity Administration Office <code class="filename">smb.conf</code> New-style File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters - Newer Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id324598"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id324609"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324619"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324630"></a><em class="parameter"><code>map to guest = Bad User</code></em></td></tr><tr><td><a class="indexterm" name="id324640"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id324650"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id324669"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id324680"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id324690"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id324700"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id324711"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id324721"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324732"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id324750"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id324761"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id324771"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id324782"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id324792"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id324802"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324813"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id324832"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id324842"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id324852"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324863"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324873"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324884"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="charity-smbconf"></a><p class="title"><b>Example 1.3. Charity Administration Office <code class="filename">smb.conf</code> Old-style File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters - Older Style Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id324924"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id324935"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td><a class="indexterm" name="id324945"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324956"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id324966"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id324976"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id324987"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id325006"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id325016"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id325026"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id325037"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id325047"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id325058"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325068"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id325087"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id325097"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id325108"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id325118"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id325128"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id325139"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325149"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id325168"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id325178"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id325189"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325199"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325210"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325220"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="procedure" title="Procedure 1.4. Windows Client Configuration"><a name="id325232"></a><p class="title"><b>Procedure 1.4. Windows Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                                </p></li></ol></div><div class="example"><a name="charity-smbconfnew"></a><p class="title"><b>Example 1.2. Charity Administration Office <code class="filename">smb.conf</code> New-style File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters - Newer Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id323098"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id323108"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id323119"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id323129"></a><em class="parameter"><code>map to guest = Bad User</code></em></td></tr><tr><td><a class="indexterm" name="id323140"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id323150"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id323169"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id323179"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id323190"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id323200"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id323210"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id323221"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323231"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id323250"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id323260"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id323271"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id323281"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id323292"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id323302"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323312"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id323331"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id323342"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id323352"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323362"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323373"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323383"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="charity-smbconf"></a><p class="title"><b>Example 1.3. Charity Administration Office <code class="filename">smb.conf</code> Old-style File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global Parameters - Older Style Configuration</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id323424"></a><em class="parameter"><code>workgroup = MIDEARTH</code></em></td></tr><tr><td><a class="indexterm" name="id323434"></a><em class="parameter"><code>security = SHARE</code></em></td></tr><tr><td><a class="indexterm" name="id323445"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id323455"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id323466"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323476"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id323486"></a><em class="parameter"><code>wins support = yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[FTMFILES]</code></em></td></tr><tr><td><a class="indexterm" name="id323505"></a><em class="parameter"><code>comment = Funds Tracking &amp; Management Files</code></em></td></tr><tr><td><a class="indexterm" name="id323516"></a><em class="parameter"><code>path = /data/ftmfiles</code></em></td></tr><tr><td><a class="indexterm" name="id323526"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id323536"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id323547"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id323557"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323568"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[office]</code></em></td></tr><tr><td><a class="indexterm" name="id323586"></a><em class="parameter"><code>comment = General Office Files</code></em></td></tr><tr><td><a class="indexterm" name="id323597"></a><em class="parameter"><code>path = /data/officefiles</code></em></td></tr><tr><td><a class="indexterm" name="id323607"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id323618"></a><em class="parameter"><code>force user = abmas</code></em></td></tr><tr><td><a class="indexterm" name="id323628"></a><em class="parameter"><code>force group = office</code></em></td></tr><tr><td><a class="indexterm" name="id323638"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323649"></a><em class="parameter"><code>nt acl support = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id323668"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id323678"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id323688"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323699"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323709"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id323720"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="procedure" title="Procedure 1.4. Windows Client Configuration"><a name="id323731"></a><p class="title"><b>Procedure 1.4. Windows Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                                 Configure clients to the network settings shown in <a class="link" href="simple.html#charitynet" title="Figure 1.1. Charity Administration Office Network">&#8220;Charity Administration Office Network&#8221;</a>.
                                 </p></li><li class="step" title="Step 2"><p>
 …
                                 <code class="constant">255.255.255.0</code>.
                                 </p></li><li class="step" title="Step 3"><p>
                                 <a class="indexterm" name="id325264"></a>
+                                <a class="indexterm" name="id323764"></a>
                                 On all Windows clients, set the WINS Server address to <code class="constant">192.168.1.1</code>,
                                 the IP address of the server.
 …
                                 Set the workgroup name on all clients to <code class="constant">MIDEARTH</code>.
                                 </p></li><li class="step" title="Step 5"><p>
                                 <a class="indexterm" name="id325290"></a>
+                                <a class="indexterm" name="id323789"></a>
                                 Install the <span class="quote">&#8220;<span class="quote">Client for Microsoft Networks.</span>&#8221;</span> Ensure that the only option
                                 enabled in its properties is the option <span class="quote">&#8220;<span class="quote">Logon and restore network connections.</span>&#8221;</span>
 …
                                 system, then log on using any username and password you choose.
                                 </p></li><li class="step" title="Step 7"><p>
                                 <a class="indexterm" name="id325322"></a>
+                                <a class="indexterm" name="id323822"></a>
                                 Verify on each client that the machine called <code class="constant">SERVER</code>
                                 is visible in <span class="guimenu">My Network Places</span>, that it is
 …
                                 and that it is possible to open that share to reveal its contents.
                                 </p></li><li class="step" title="Step 8"><p>
                                 <a class="indexterm" name="id325350"></a>
                                 <a class="indexterm" name="id325356"></a>
+                                <a class="indexterm" name="id323849"></a>
+                                <a class="indexterm" name="id323856"></a>
                                 Disable password caching on all Windows 9x/Me machines using the registry change file
                                 shown in <a class="link" href="simple.html#MEreg" title="Example 1.4. Windows Me Registry Edit File: Disable Password Caching">&#8220;Windows Me  Registry Edit File: Disable Password Caching&#8221;</a>. Be sure to remove all files that have the
 …
                                                 handing the newly configured network over to the Charity Administration Office
                                                 for production use.
                                                 </p></li></ol></div></li></ol></div></div><div class="sect3" title="Validation"><div class="titlepage"><div><div><h4 class="title"><a name="id325734"></a>Validation</h4></div></div></div><p>
+                                                </p></li></ol></div></li></ol></div></div><div class="sect3" title="Validation"><div class="titlepage"><div><div><h4 class="title"><a name="id324234"></a>Validation</h4></div></div></div><p>
                 Use the same validation process as was followed in <a class="link" href="simple.html#validate1" title="Validation">&#8220;Validation&#8221;</a>.
                 </p></div></div><div class="sect2" title="Accounting Office"><div class="titlepage"><div><div><h3 class="title"><a name="AccountingOffice"></a>Accounting Office</h3></div></div></div><p>
 …
         on the server.
         </p><p>
         <a class="indexterm" name="id325783"></a>
+        <a class="indexterm" name="id324282"></a>
         The new server will run Red Hat Fedora Core2. You should install Samba-3.0.20 and
         copy all files from the old system to the new one. The existing Windows NT4 server has a parallel
 …
         He believes that Windows for Workgroups 3.11 was <span class="quote">&#8220;<span class="quote">the best server Microsoft ever sold
         </span>&#8221;</span> and that Windows NT and 2000 are <span class="quote">&#8220;<span class="quote">too fang-dangled complex!</span>&#8221;</span>
         </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id325807"></a>Dissection and Discussion</h4></div></div></div><p>
                         <a class="indexterm" name="id325814"></a>
+        </p><div class="sect3" title="Dissection and Discussion"><div class="titlepage"><div><div><h4 class="title"><a name="id324306"></a>Dissection and Discussion</h4></div></div></div><p>
+                        <a class="indexterm" name="id324314"></a>
                         The requirements of this network installation are not unusual. The staff are not interested in the
                         details of networking. Passwords are never changed. In this example solution, we demonstrate the use
 …
                 <a class="link" href="simple.html#acctingnet2" title="Figure 1.2. Accounting Office Network Topology">&#8220;Accounting Office Network Topology&#8221;</a>. All machines have been configured as indicated prior to the
                 start of Samba configuration. The following prescriptive steps may now commence.
                 </p><div class="figure"><a name="acctingnet2"></a><p class="title"><b>Figure 1.2. Accounting Office Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/AccountingNetwork.png" width="459" alt="Accounting Office Network Topology"></div></div></div><br class="figure-break"><div class="table"><a name="acctingnet"></a><p class="title"><b>Table 1.1. Accounting Office Network Information</b></p><div class="table-contents"><table summary="Accounting Office Network Information" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="left">User</th><th align="left">Login-ID</th><th align="left">Password</th><th align="left">Share Name</th><th align="left">Directory</th><th align="left">Wkst</th></tr></thead><tbody><tr><td align="left">Alan Meany</td><td align="left">alan</td><td align="left">alm1961</td><td align="left">alan</td><td align="left">/data</td><td align="left">PC1</td></tr><tr><td align="left">James Meany</td><td align="left">james</td><td align="left">jimm1962</td><td align="left">james</td><td align="left">/data/james</td><td align="left">PC2</td></tr><tr><td align="left">Jeannie Meany</td><td align="left">jeannie</td><td align="left">jema1965</td><td align="left">jeannie</td><td align="left">/data/jeannie</td><td align="left">PC3</td></tr><tr><td align="left">Suzy Millicent</td><td align="left">suzy</td><td align="left">suzy1967</td><td align="left">suzy</td><td align="left">/data/suzy</td><td align="left">PC4</td></tr><tr><td align="left">Ursula Jenning</td><td align="left">ujen</td><td align="left">ujen1974</td><td align="left">ursula</td><td align="left">/data/ursula</td><td align="left">PC5</td></tr><tr><td align="left">Peter Pan</td><td align="left">peter</td><td align="left">pete1984</td><td align="left">peter</td><td align="left">/data/peter</td><td align="left">PC6</td></tr><tr><td align="left">Dale Roland</td><td align="left">dale</td><td align="left">dale1986</td><td align="left">dale</td><td align="left">/data/dale</td><td align="left">PC7</td></tr><tr><td align="left">Bertrand E Paoletti</td><td align="left">eric</td><td align="left">eric1993</td><td align="left">eric</td><td align="left">/data/eric</td><td align="left">PC8</td></tr><tr><td align="left">Russell Lewis</td><td align="left">russ</td><td align="left">russ2001</td><td align="left">russell</td><td align="left">/data/russell</td><td align="left">PC9</td></tr></tbody></table></div></div><br class="table-break"><div class="procedure" title="Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3"><a name="id326171"></a><p class="title"><b>Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id326181"></a>
+                </p><div class="figure"><a name="acctingnet2"></a><p class="title"><b>Figure 1.2. Accounting Office Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/AccountingNetwork.png" width="459" alt="Accounting Office Network Topology"></div></div></div><br class="figure-break"><div class="table"><a name="acctingnet"></a><p class="title"><b>Table 1.1. Accounting Office Network Information</b></p><div class="table-contents"><table summary="Accounting Office Network Information" border="1"><colgroup><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"><col align="left"></colgroup><thead><tr><th align="left">User</th><th align="left">Login-ID</th><th align="left">Password</th><th align="left">Share Name</th><th align="left">Directory</th><th align="left">Wkst</th></tr></thead><tbody><tr><td align="left">Alan Meany</td><td align="left">alan</td><td align="left">alm1961</td><td align="left">alan</td><td align="left">/data</td><td align="left">PC1</td></tr><tr><td align="left">James Meany</td><td align="left">james</td><td align="left">jimm1962</td><td align="left">james</td><td align="left">/data/james</td><td align="left">PC2</td></tr><tr><td align="left">Jeannie Meany</td><td align="left">jeannie</td><td align="left">jema1965</td><td align="left">jeannie</td><td align="left">/data/jeannie</td><td align="left">PC3</td></tr><tr><td align="left">Suzy Millicent</td><td align="left">suzy</td><td align="left">suzy1967</td><td align="left">suzy</td><td align="left">/data/suzy</td><td align="left">PC4</td></tr><tr><td align="left">Ursula Jenning</td><td align="left">ujen</td><td align="left">ujen1974</td><td align="left">ursula</td><td align="left">/data/ursula</td><td align="left">PC5</td></tr><tr><td align="left">Peter Pan</td><td align="left">peter</td><td align="left">pete1984</td><td align="left">peter</td><td align="left">/data/peter</td><td align="left">PC6</td></tr><tr><td align="left">Dale Roland</td><td align="left">dale</td><td align="left">dale1986</td><td align="left">dale</td><td align="left">/data/dale</td><td align="left">PC7</td></tr><tr><td align="left">Bertrand E Paoletti</td><td align="left">eric</td><td align="left">eric1993</td><td align="left">eric</td><td align="left">/data/eric</td><td align="left">PC8</td></tr><tr><td align="left">Russell Lewis</td><td align="left">russ</td><td align="left">russ2001</td><td align="left">russell</td><td align="left">/data/russell</td><td align="left">PC9</td></tr></tbody></table></div></div><br class="table-break"><div class="procedure" title="Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3"><a name="id324671"></a><p class="title"><b>Procedure 1.5. Migration from Windows NT4 Workstation System to Samba-3</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p><a class="indexterm" name="id324681"></a>
                         Rename the old server from <code class="constant">CASHPOOL</code> to <code class="constant">STABLE</code>
                         by logging onto the console as the <code class="constant">Administrator</code>. Restart the machine
 …
                         Samba FTP site.
                         </p></li><li class="step" title="Step 4"><p>
                         <a class="indexterm" name="id326223"></a>
                         <a class="indexterm" name="id326230"></a>
+                        <a class="indexterm" name="id324723"></a>
+                        <a class="indexterm" name="id324729"></a>
                         Add a group account for the office to use. Execute the following:
 </p><pre class="screen">
 …
 </pre><p>
                         </p></li><li class="step" title="Step 5"><p>
                         Install the <code class="filename">smb.conf</code> file shown<sup>[<a name="id326258" href="#ftn.id326258" class="footnote">4</a>]</sup>
+                        Install the <code class="filename">smb.conf</code> file shown<sup>[<a name="id324758" href="#ftn.id324758" class="footnote">4</a>]</sup>
                         in <a class="link" href="simple.html#acctconf" title="Example 1.5. Accounting Office Network smb.conf Old Style Configuration File">&#8220;Accounting Office Network smb.conf Old Style Configuration File&#8221;</a>.
                         </p></li><li class="step" title="Step 6"><p>
                         <a class="indexterm" name="id326289"></a>
                         <a class="indexterm" name="id326296"></a>
                         <a class="indexterm" name="id326302"></a>
+                        <a class="indexterm" name="id324789"></a>
+                        <a class="indexterm" name="id324795"></a>
+                        <a class="indexterm" name="id324801"></a>
                         For each user who uses this system (see <a class="link" href="simple.html#acctingnet" title="Table 1.1. Accounting Office Network Information">&#8220;Accounting Office Network Information&#8221;</a>),
                         execute the following:
 …
 </pre><p>
                         </p></li><li class="step" title="Step 7"><p>
                         <a class="indexterm" name="id326344"></a>
+                        <a class="indexterm" name="id324844"></a>
                         Create the directory structure for the file shares by executing the following:
 </p><pre class="screen">
 …
                         The data storage structure is now prepared for use.
                         </p></li><li class="step" title="Step 8"><p>
                         <a class="indexterm" name="id326390"></a>
+                        <a class="indexterm" name="id324890"></a>
                         Configure the CUPS Print Queues:
 </p><pre class="screen">
 …
                         This creates the necessary print queues with no assigned print filter.
                         </p></li><li class="step" title="Step 9"><p>
                         <a class="indexterm" name="id326414"></a>
                         <a class="indexterm" name="id326420"></a>
+                        <a class="indexterm" name="id324914"></a>
+                        <a class="indexterm" name="id324920"></a>
                         Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                         </p></li><li class="step" title="Step 10"><p>
                         <a class="indexterm" name="id326444"></a>
                         <a class="indexterm" name="id326450"></a>
+                        <a class="indexterm" name="id324944"></a>
+                        <a class="indexterm" name="id324950"></a>
                         Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                         </p></li><li class="step" title="Step 11"><p>
                         <a class="indexterm" name="id326473"></a>
+                        <a class="indexterm" name="id324973"></a>
                         Use the standard system tool to start Samba and CUPS to configure them to restart
                         automatically at every system reboot. For example,
                         </p><p>
                         <a class="indexterm" name="id326484"></a>
                         <a class="indexterm" name="id326490"></a>
                         <a class="indexterm" name="id326497"></a>
+                        <a class="indexterm" name="id324984"></a>
+                        <a class="indexterm" name="id324990"></a>
+                        <a class="indexterm" name="id324996"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig smb on
 …
                         For this, you should make sure all applications, including printing, work before asking the
                         customer to test drive the new network.
                         </p></li></ol></div><div class="example"><a name="acctconf"></a><p class="title"><b>Example 1.5. Accounting Office Network <code class="filename">smb.conf</code> Old Style Configuration File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id326708"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id326718"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id326729"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326739"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id326750"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[files]</code></em></td></tr><tr><td><a class="indexterm" name="id326768"></a><em class="parameter"><code>comment = Work area files</code></em></td></tr><tr><td><a class="indexterm" name="id326779"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id326789"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[master]</code></em></td></tr><tr><td><a class="indexterm" name="id326808"></a><em class="parameter"><code>comment = Master work area files</code></em></td></tr><tr><td><a class="indexterm" name="id326818"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id326829"></a><em class="parameter"><code>valid users = alan</code></em></td></tr><tr><td><a class="indexterm" name="id326839"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id326858"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id326868"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id326879"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326889"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326900"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326910"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id326925"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ol></div><div class="example"><a name="acctconf"></a><p class="title"><b>Example 1.5. Accounting Office Network <code class="filename">smb.conf</code> Old Style Configuration File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id325207"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id325218"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id325228"></a><em class="parameter"><code>disable spoolss = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325239"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id325249"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[files]</code></em></td></tr><tr><td><a class="indexterm" name="id325268"></a><em class="parameter"><code>comment = Work area files</code></em></td></tr><tr><td><a class="indexterm" name="id325278"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id325289"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[master]</code></em></td></tr><tr><td><a class="indexterm" name="id325307"></a><em class="parameter"><code>comment = Master work area files</code></em></td></tr><tr><td><a class="indexterm" name="id325318"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id325328"></a><em class="parameter"><code>valid users = alan</code></em></td></tr><tr><td><a class="indexterm" name="id325339"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id325357"></a><em class="parameter"><code>comment = Print Temporary Spool Configuration</code></em></td></tr><tr><td><a class="indexterm" name="id325368"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id325378"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325389"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325399"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id325409"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id325424"></a>Questions and Answers</h2></div></div></div><p>
         The following questions and answers draw from the examples in this chapter.
         Many design decisions are impacted by the configurations chosen. The intent
         is to expose some of the hidden implications.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id326935"></a><dl><dt> <a href="simple.html#id326941">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id325434"></a><dl><dt> <a href="simple.html#id325441">
                 What makes an anonymous Samba server more simple than a non-anonymous Samba server?
                 </a></dt><dt> <a href="simple.html#id326964">
+                </a></dt><dt> <a href="simple.html#id325463">
                 How is the operation of the parameter force user different from
                 setting the root directory of the share SUID?
                 </a></dt><dt> <a href="simple.html#id327008">
+                </a></dt><dt> <a href="simple.html#id325508">
                 When would you both use the per share parameter force user and set
                 the share root directory SUID?
                 </a></dt><dt> <a href="simple.html#id327031">
+                </a></dt><dt> <a href="simple.html#id325531">
                 What is better about CUPS printing than LPRng printing?
                 </a></dt><dt> <a href="simple.html#id327065">
+                </a></dt><dt> <a href="simple.html#id325565">
                 When should Windows client IP addresses be hard-coded?
                 </a></dt><dt> <a href="simple.html#id327086">
+                </a></dt><dt> <a href="simple.html#id325586">
                 Under what circumstances is it best to use a DHCP server?
                 </a></dt><dt> <a href="simple.html#id327117">
+                </a></dt><dt> <a href="simple.html#id325617">
                 What is the purpose of setting the parameter guest ok on a share?
                 </a></dt><dt> <a href="simple.html#id327140">
+                </a></dt><dt> <a href="simple.html#id325639">
                 When would you set the global parameter disable spoolss?
                 </a></dt><dt> <a href="simple.html#id327209">
+                </a></dt><dt> <a href="simple.html#id325709">
                 Why would you disable password caching on Windows 9x/Me clients?
                 </a></dt><dt> <a href="simple.html#id327230">
+                </a></dt><dt> <a href="simple.html#id325729">
                 The example of Abmas Accounting uses User Mode security. How does this provide anonymous access?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id326941"></a><a name="id326943"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id325441"></a><a name="id325443"></a></td><td align="left" valign="top"><p>
                 What makes an anonymous Samba server more simple than a non-anonymous Samba server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 UNIX system and to the Samba configuration. Non-anonymous servers require additional
                 administration.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id326964"></a><a name="id326966"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325463"></a><a name="id325465"></a></td><td align="left" valign="top"><p>
                 How is the operation of the parameter <em class="parameter"><code>force user</code></em> different from
                 setting the root directory of the share SUID?
 …
                 The parameter <em class="parameter"><code>force user</code></em> has potential security implications that go
                 beyond the actual share root directory. Be careful and wary of using this parameter.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327008"></a><a name="id327010"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325508"></a><a name="id325510"></a></td><td align="left" valign="top"><p>
                 When would you both use the per share parameter <em class="parameter"><code>force user</code></em> and set
                 the share root directory SUID?
 …
                 are conducted as the forced user, while all file and directory creation are done as the SUID
                 directory owner.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327031"></a><a name="id327034"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325531"></a><a name="id325533"></a></td><td align="left" valign="top"><p>
                 What is better about CUPS printing than LPRng printing?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 Which spooling system is better is a matter of personal taste. It depends on what you want to do and how you want to
                 do it and manage it. Most modern Linux systems ship with CUPS as the default print management system.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327065"></a><a name="id327067"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325565"></a><a name="id325567"></a></td><td align="left" valign="top"><p>
                 When should Windows client IP addresses be hard-coded?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 for a DHCP server. This reduces maintenance overheads and eliminates a possible point of network
                 failure.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327086"></a><a name="id327088"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325586"></a><a name="id325588"></a></td><td align="left" valign="top"><p>
                 Under what circumstances is it best to use a DHCP server?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 assigned IP addresses with the DNS server. The benefits of Dynamic DNS (DDNS) are considerable in
                 a large Windows network environment.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327117"></a><a name="id327119"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325617"></a><a name="id325619"></a></td><td align="left" valign="top"><p>
                 What is the purpose of setting the parameter <em class="parameter"><code>guest ok</code></em> on a share?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 If this parameter is set to yes for a service, then no password is required to connect to the service.
                 Privileges are those of the guest account.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327140"></a><a name="id327142"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325639"></a><a name="id325641"></a></td><td align="left" valign="top"><p>
                 When would you set the global parameter <em class="parameter"><code>disable spoolss</code></em>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 (even though jobs may be printed successfully). This parameter MUST not be enabled on a print share that has a valid
                 print driver installed on the Samba server.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327209"></a><a name="id327211"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325709"></a><a name="id325711"></a></td><td align="left" valign="top"><p>
                 Why would you disable password caching on Windows 9x/Me clients?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 machine) and decrypted, thus revealing the user's access credentials for all systems the user may have accessed.
                 It is most insecure to allow any Windows 9x/Me client to operate with password caching enabled.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id327230"></a><a name="id327232"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id325729"></a><a name="id325731"></a></td><td align="left" valign="top"><p>
                 The example of Abmas Accounting uses User Mode security. How does this provide anonymous access?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 password are the same as those set on the Samba server, access is transparent and does not require
                 separate user authentication.
                 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id323099" href="#id323099" class="para">1</a>] </sup>The examples given mirror those documented
+                </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id321598" href="#id321598" class="para">1</a>] </sup>The examples given mirror those documented
         in The Official Samba-3 HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 2, Section 2.3.1. You may gain additional
         insight from the standalone server configurations covered in TOSHARG2, sections 2.3.1.2 through 2.3.1.4.
         </p></div><div class="footnote"><p><sup>[<a name="ftn.id323243" href="#id323243" class="para">2</a>] </sup>
+        </p></div><div class="footnote"><p><sup>[<a name="ftn.id321742" href="#id321742" class="para">2</a>] </sup>
                 This information is given purely as an example of how data may be stored in such a way that it
                 will be easy to locate records at a later date. The example is not meant to imply any instructions
                 that may be construed as essential to the design of the solution; this is something you will almost
                 certainly want to determine for yourself.</p></div><div class="footnote"><p><sup>[<a name="ftn.id324318" href="#id324318" class="para">3</a>] </sup>The Official Samba-3 HOWTO and
                                                 Reference Guide, Chapter 15, File, Directory and Share Access Controls.</p></div><div class="footnote"><p><sup>[<a name="ftn.id326258" href="#id326258" class="para">4</a>] </sup>This example uses the
+                certainly want to determine for yourself.</p></div><div class="footnote"><p><sup>[<a name="ftn.id322818" href="#id322818" class="para">3</a>] </sup>The Official Samba-3 HOWTO and
+                                                Reference Guide, Chapter 15, File, Directory and Share Access Controls.</p></div><div class="footnote"><p><sup>[<a name="ftn.id324758" href="#id324758" class="para">4</a>] </sup>This example uses the
                         <em class="parameter"><code>smbpasswd</code></em> file in an obtuse way, since the use of
                         the <em class="parameter"><code>passdb backend</code></em> has not been specified in the <code class="filename">smb.conf</code>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/small.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. Small Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="simple.html" title="Chapter 1. No-Frills Samba Servers"><link rel="next" href="secure.html" title="Chapter 3. Secure Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. Small Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="simple.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="secure.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 2. Small Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="small"></a>Chapter 2. Small Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="small.html#id327308">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327326">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327416">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id327588">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id327606">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id329058">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id329633">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id329652">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id329716">Questions and Answers</a></span></dt></dl></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 2. Small Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="simple.html" title="Chapter 1. No-Frills Samba Servers"><link rel="next" href="secure.html" title="Chapter 3. Secure Office Networking"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 2. Small Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="simple.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="secure.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 2. Small Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="small"></a>Chapter 2. Small Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="small.html#id325808">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id325825">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id325871">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id325916">Technical Issues</a></span></dt><dt><span class="sect2"><a href="small.html#id326088">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id326106">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="small.html#id327557">Validation</a></span></dt><dt><span class="sect2"><a href="small.html#id328132">Notebook Computers: A Special Case</a></span></dt><dt><span class="sect2"><a href="small.html#id328152">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="small.html#id328216">Questions and Answers</a></span></dt></dl></div><p>
         <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">&#8220;No-Frills Samba Servers&#8221;</a> focused on the basics of simple yet effective
         network solutions. Network administrators who take pride in their work
 …
         good advice that the following two scenarios illustrate.
         </p><p>
         <a class="indexterm" name="id327280"></a>
+        <a class="indexterm" name="id325780"></a>
         In one case the network administrator of a mid-sized company spent three
         months building a new network to replace an old Netware server. What he
 …
         sleeves for when you need them.</span>&#8221;</span> Was he smart? You decide. Let's
         get on with our next exercise.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id327308"></a>Introduction</h2></div></div></div><p>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id325808"></a>Introduction</h2></div></div></div><p>
         Abmas Accounting has grown. Mr. Meany likes you and says he knew you
         were the right person for the job. That's why he asked you to install the
 …
         some of the workstations that came with the acquired business and found some machines in need of both
         hardware and software maintenance.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id327326"></a>Assignment Tasks</h3></div></div></div><p>
                 <a class="indexterm" name="id327333"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id325825"></a>Assignment Tasks</h3></div></div></div><p>
+                <a class="indexterm" name="id325833"></a>
                 Mr. Meany is retiring in 12 months. Before he goes, he wants you to help ensure
                 that the business is running efficiently. Many of the new staff want notebook
 …
                 user accounts from the Windows desktop. That person will be responsible for
                 basic operations.
                 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id327371"></a>Dissection and Discussion</h2></div></div></div><p>
+                </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id325871"></a>Dissection and Discussion</h2></div></div></div><p>
         What are the key requirements in this business example? A quick review indicates
         a need for
 …
                 </p></li><li class="listitem"><p>
                 Mobile computing capability
                 <a class="indexterm" name="id327391"></a>
+                <a class="indexterm" name="id325890"></a>
                 </p></li><li class="listitem"><p>
                 Improved reliability and usability
 …
         (as in <a class="link" href="simple.html#AccountingOffice" title="Accounting Office">&#8220;Accounting Office&#8221;</a>).
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id327416"></a>Technical Issues</h3></div></div></div><p>
                 <a class="indexterm" name="id327424"></a>
                 <a class="indexterm" name="id327430"></a>
                 <a class="indexterm" name="id327436"></a>
                 <a class="indexterm" name="id327443"></a>
                 <a class="indexterm" name="id327449"></a>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id325916"></a>Technical Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id325923"></a>
+                <a class="indexterm" name="id325930"></a>
+                <a class="indexterm" name="id325936"></a>
+                <a class="indexterm" name="id325942"></a>
+                <a class="indexterm" name="id325948"></a>
                 It is time to implement a domain security environment. You will use the <code class="constant">
                 smbpasswd</code> (default) backend. You should implement a DHCP server. There is no need to
 …
                 other enhancements. It is important that you plan accordingly.
                 </p><p>
                 <a class="indexterm" name="id327498"></a>
+                <a class="indexterm" name="id325997"></a>
                 You have split the network into two separate areas. Each has its own Ethernet switch.
                 There are 20 users on the accounting network and 32 users on the financial services
 …
                 hostname name resolution.
                 </p><p>
                 <a class="indexterm" name="id327521"></a>
                 <a class="indexterm" name="id327530"></a>
+                <a class="indexterm" name="id326021"></a>
+                <a class="indexterm" name="id326029"></a>
                 It is necessary to map Windows Domain Groups to UNIX groups. It is
                 advisable to also map Windows Local Groups to UNIX groups. Additionally, the two
 …
                 more information.
                 </p><p>
                 <a class="indexterm" name="id327576"></a>
+                <a class="indexterm" name="id326075"></a>
                 Vendor-supplied printer drivers will be installed on each client. The CUPS print
                 spooler on the UNIX host will be operated in <code class="constant">raw</code> mode.
                 </p></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id327588"></a>Political Issues</h3></div></div></div><p>
+                </p></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id326088"></a>Political Issues</h3></div></div></div><p>
                 Mr. Meany is an old-school manager. He sets the rules and wants to see compliance.
                 He is willing to spend money on things he believes are of value. You need more
 …
                 supplied with antivirus software? Above all, demonstrate good purchase value and remember
                 to make your users happy.
                 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id327606"></a>Implementation</h2></div></div></div><p>
         <a class="indexterm" name="id327614"></a>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id326106"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id326113"></a>
         In this example, the assumption is made that this server is being configured from a clean start.
         The alternate approach could be to demonstrate the migration of the system that is documented
 …
         Additionally, a fresh installation makes the example easier to follow.
         </p><p>
         <a class="indexterm" name="id327636"></a>
+        <a class="indexterm" name="id326135"></a>
         Each user will be given a home directory on the UNIX system, which will be available as a private
         share. Two additional shares will be created, one for the accounting department and the other for
 …
         of group membership.
         </p><p>
         <a class="indexterm" name="id327648"></a>
+        <a class="indexterm" name="id326147"></a>
         UNIX group membership is the primary mechanism by which Windows Domain users will be granted
         rights and privileges within the Windows environment.
         </p><p>
         <a class="indexterm" name="id327661"></a>
+        <a class="indexterm" name="id326160"></a>
         The user <code class="literal">alanm</code> will be made the owner of all files. This will be preserved
         by setting the sticky bit (set UID/GID) on the top-level directories.
         </p><p>
         </p><div class="figure"><a name="acct2net"></a><p class="title"><b>Figure 2.1. Abmas Accounting  52-User Network Topology</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/acct2net.png" alt="Abmas Accounting 52-User Network Topology"></div></div></div><p><br class="figure-break">
 </p><div class="procedure" title="Procedure 2.1. Server Installation Steps"><a name="id327717"></a><p class="title"><b>Procedure 2.1. Server Installation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+</p><div class="procedure" title="Procedure 2.1. Server Installation Steps"><a name="id326216"></a><p class="title"><b>Procedure 2.1. Server Installation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Using UNIX/Linux system tools, name the server <code class="constant">sleeth</code>.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id327737"></a>
+                <a class="indexterm" name="id326236"></a>
                 Place an entry for the machine <code class="constant">sleeth</code> in the <code class="filename">/etc/hosts</code>.
                 The printers are network attached, so there should be entries for the
 …
                 Install the ISC DHCP server using the UNIX/Linux system tools available to you.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id327784"></a>
                 <a class="indexterm" name="id327791"></a>
                 <a class="indexterm" name="id327797"></a>
                 <a class="indexterm" name="id327803"></a>
+                <a class="indexterm" name="id326284"></a>
+                <a class="indexterm" name="id326290"></a>
+                <a class="indexterm" name="id326296"></a>
+                <a class="indexterm" name="id326303"></a>
                 Because Samba will be operating over two network interfaces and clients on each side
                 may want to be able to reach clients on the other side, it is imperative that IP forwarding
 …
                 <code class="filename">/etc/samba/smb.conf</code> file.
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id327856"></a>
+                <a class="indexterm" name="id326355"></a>
                 Add the user <code class="literal">root</code> to the Samba password backend:
 </p><pre class="screen">
 …
 <code class="prompt">root# </code>
 </pre><p>
                 <a class="indexterm" name="id327884"></a>
+                <a class="indexterm" name="id326383"></a>
                 This is the Windows Domain Administrator password. Never delete this account from
                 the password backend after Windows Domain Groups have been initialized. If you delete
 …
                 and your Samba server can no longer be administered.
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id327899"></a>
+                <a class="indexterm" name="id326398"></a>
                 Create the username map file to permit the <code class="constant">root</code> account to be called
                 <code class="constant">Administrator</code> from the Windows network environment. To do this, create
 …
 </pre><p>
                 </p></li><li class="step" title="Step 9"><p>
                 <a class="indexterm" name="id327933"></a>
+                <a class="indexterm" name="id326432"></a>
                 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in
                 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">&#8220;Script to Map Windows NT Groups to UNIX Groups&#8221;</a>. Create a file containing this script. We called ours
 …
                 and then execute the script. Sample output should be as follows:
 </p><div class="example"><a name="initGrps"></a><p class="title"><b>Example 2.1. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id327958"></a><pre class="screen">
+</p><div class="example"><a name="initGrps"></a><p class="title"><b>Example 2.1. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id326458"></a><pre class="screen">
 #!/bin/bash
+#
 …
 </pre><p>
                 </p></li><li class="step" title="Step 10"><p>
                 <a class="indexterm" name="id328022"></a>
                 <a class="indexterm" name="id328029"></a>
                 <a class="indexterm" name="id328037"></a>
+                <a class="indexterm" name="id326522"></a>
+                <a class="indexterm" name="id326528"></a>
+                <a class="indexterm" name="id326537"></a>
                 For each user who needs to be given a Windows Domain account, make an entry in the
                 <code class="filename">/etc/passwd</code> file as well as in the Samba password backend.
 …
                 <code class="literal">smbpasswd</code> program to create the Domain user accounts.
                 </p><p>
                 <a class="indexterm" name="id328059"></a>
                 <a class="indexterm" name="id328066"></a>
                 <a class="indexterm" name="id328072"></a>
+                <a class="indexterm" name="id326559"></a>
+                <a class="indexterm" name="id326565"></a>
+                <a class="indexterm" name="id326571"></a>
                 There are a number of tools for user management under UNIX, such as
                 <code class="literal">useradd</code> and <code class="literal">adduser</code>, as well as a plethora of custom
 …
                 Follow the instructions in the manufacturers' manuals to permit printing to port 9100.
                 This allows the CUPS spooler to print using raw mode protocols.
                 <a class="indexterm" name="id328203"></a>
                 <a class="indexterm" name="id328209"></a>
+                <a class="indexterm" name="id326702"></a>
+                <a class="indexterm" name="id326708"></a>
                 </p></li><li class="step" title="Step 15"><p>
                 <a class="indexterm" name="id328222"></a>
                 <a class="indexterm" name="id328230"></a>
+                <a class="indexterm" name="id326721"></a>
+                <a class="indexterm" name="id326729"></a>
                 Configure the CUPS Print Queues as follows:
 </p><pre class="screen">
 …
 <code class="prompt">root# </code> lpadmin -p qms -v socket://192.168.2.10:9100 -E
 </pre><p>
                 <a class="indexterm" name="id328257"></a>
+                <a class="indexterm" name="id326756"></a>
                 This creates the necessary print queues with no assigned print filter.
                 </p></li><li class="step" title="Step 16"><p>
                 <a class="indexterm" name="id328270"></a>
                 <a class="indexterm" name="id328277"></a>
                 <a class="indexterm" name="id328283"></a>
+                <a class="indexterm" name="id326770"></a>
+                <a class="indexterm" name="id326776"></a>
+                <a class="indexterm" name="id326782"></a>
                 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 17"><p>
                 <a class="indexterm" name="id328306"></a>
+                <a class="indexterm" name="id326806"></a>
                 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line:
 </p><pre class="screen">
 …
 </pre><p>
                 </p></li><li class="step" title="Step 18"><p>
                 <a class="indexterm" name="id328329"></a>
+                <a class="indexterm" name="id326829"></a>
                 Using your favorite system editor, create an <code class="filename">/etc/dhcpd.conf</code> with the
                 contents as shown in <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">&#8220;Abmas Accounting DHCP Server Configuration File  /etc/dhcpd.conf&#8221;</a>.
 </p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example 2.2. Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><a class="indexterm" name="id328359"></a><pre class="screen">
+</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example 2.2. Abmas Accounting DHCP Server Configuration File  <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><a class="indexterm" name="id326858"></a><pre class="screen">
 default-lease-time 86400;
 max-lease-time 172800;
 …
                 automatically at every system reboot. For example,
                 </p><p>
                 <a class="indexterm" name="id328392"></a>
                 <a class="indexterm" name="id328398"></a>
                 <a class="indexterm" name="id328404"></a>
                 <a class="indexterm" name="id328411"></a>
                 <a class="indexterm" name="id328417"></a>
+                <a class="indexterm" name="id326891"></a>
+                <a class="indexterm" name="id326898"></a>
+                <a class="indexterm" name="id326904"></a>
+                <a class="indexterm" name="id326910"></a>
+                <a class="indexterm" name="id326916"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> chkconfig dhcp on
 …
 </pre><p>
                 </p></li><li class="step" title="Step 20"><p>
                 <a class="indexterm" name="id328466"></a>
                 <a class="indexterm" name="id328472"></a>
                 <a class="indexterm" name="id328480"></a>
                 <a class="indexterm" name="id328487"></a>
                 <a class="indexterm" name="id328493"></a>
                 <a class="indexterm" name="id328499"></a>
+                <a class="indexterm" name="id326965"></a>
+                <a class="indexterm" name="id326972"></a>
+                <a class="indexterm" name="id326980"></a>
+                <a class="indexterm" name="id326986"></a>
+                <a class="indexterm" name="id326992"></a>
+                <a class="indexterm" name="id326999"></a>
                 Configure the name service switch (NSS) to handle WINS-based name resolution.
                 Since this system does not use a DNS server, it is safe to remove this option from
 …
 hosts:  files wins
 </pre><p>
                 </p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example 2.3. Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id328555"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id328565"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id328576"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id328587"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id328597"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id328607"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id328618"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id328628"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m -G users '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328639"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328649"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id328659"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id328670"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -A '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328681"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id328692"></a><em class="parameter"><code>logon script = scripts\login.bat</code></em></td></tr><tr><td><a class="indexterm" name="id328702"></a><em class="parameter"><code>logon path =  </code></em></td></tr><tr><td><a class="indexterm" name="id328713"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id328723"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328734"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328744"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328754"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="acct3conf"></a><p class="title"><b>Example 2.4. Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id328794"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id328805"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id328815"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id328825"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id328844"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id328855"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id328865"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328875"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328886"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id328896"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id328915"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id328925"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id328936"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id328946"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id328965"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id328975"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id328986"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id328996"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[finsrvcs]</code></em></td></tr><tr><td><a class="indexterm" name="id329015"></a><em class="parameter"><code>comment = Financial Service Files</code></em></td></tr><tr><td><a class="indexterm" name="id329025"></a><em class="parameter"><code>path = /data/finsrvcs</code></em></td></tr><tr><td><a class="indexterm" name="id329036"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id329046"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Validation"><div class="titlepage"><div><div><h3 class="title"><a name="id329058"></a>Validation</h3></div></div></div><p>
+                </p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example 2.3. Accounting Office Network <code class="filename">smb.conf</code> File  [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id327054"></a><em class="parameter"><code>workgroup = BILLMORE</code></em></td></tr><tr><td><a class="indexterm" name="id327064"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id327076"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id327086"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id327096"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id327107"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id327117"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id327128"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m -G users '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id327138"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id327148"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id327159"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id327169"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -A '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id327180"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id327192"></a><em class="parameter"><code>logon script = scripts\login.bat</code></em></td></tr><tr><td><a class="indexterm" name="id327202"></a><em class="parameter"><code>logon path =  </code></em></td></tr><tr><td><a class="indexterm" name="id327212"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id327223"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327233"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327244"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327254"></a><em class="parameter"><code>printing = CUPS</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="acct3conf"></a><p class="title"><b>Example 2.4. Accounting Office Network <code class="filename">smb.conf</code> File  Services and Shares Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id327294"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id327304"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id327314"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id327325"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id327344"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id327354"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id327364"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327375"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327385"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327396"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id327414"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id327425"></a><em class="parameter"><code>path = /data/%U</code></em></td></tr><tr><td><a class="indexterm" name="id327435"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id327446"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id327464"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id327475"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id327485"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id327496"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[finsrvcs]</code></em></td></tr><tr><td><a class="indexterm" name="id327514"></a><em class="parameter"><code>comment = Financial Service Files</code></em></td></tr><tr><td><a class="indexterm" name="id327525"></a><em class="parameter"><code>path = /data/finsrvcs</code></em></td></tr><tr><td><a class="indexterm" name="id327535"></a><em class="parameter"><code>valid users = %G</code></em></td></tr><tr><td><a class="indexterm" name="id327546"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Validation"><div class="titlepage"><div><div><h3 class="title"><a name="id327557"></a>Validation</h3></div></div></div><p>
                 Does everything function as it ought? That is the key question at this point.
                 Here are some simple steps to validate your Samba server configuration.
                 </p><div class="procedure" title="Procedure 2.2. Validation Steps"><a name="id329068"></a><p class="title"><b>Procedure 2.2. Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                         <a class="indexterm" name="id329078"></a>
+                </p><div class="procedure" title="Procedure 2.2. Validation Steps"><a name="id327567"></a><p class="title"><b>Procedure 2.2. Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        <a class="indexterm" name="id327578"></a>
                         If your <code class="filename">smb.conf</code> file has bogus options or parameters, this may cause Samba
                         to refuse to start. The first step should always be to validate the contents
 …
                         Clear away all errors before proceeding, and start or restart samba as necessary.
                         </p></li><li class="step" title="Step 2"><p>
                         <a class="indexterm" name="id329135"></a>
                         <a class="indexterm" name="id329141"></a>
                         <a class="indexterm" name="id329148"></a>
                         <a class="indexterm" name="id329154"></a>
+                        <a class="indexterm" name="id327635"></a>
+                        <a class="indexterm" name="id327641"></a>
+                        <a class="indexterm" name="id327647"></a>
+                        <a class="indexterm" name="id327653"></a>
                         Check that the Samba server is running:
 </p><pre class="screen">
 …
                         <code class="literal">smbd</code> is normal.
                         </p></li><li class="step" title="Step 3"><p>
                         <a class="indexterm" name="id329199"></a>
+                        <a class="indexterm" name="id327699"></a>
                         Check that an anonymous connection can be made to the Samba server:
 </p><pre class="screen">
 …
                         a <code class="constant">NULL</code> password.
                         </p></li><li class="step" title="Step 4"><p>
                         <a class="indexterm" name="id329241"></a>
                         <a class="indexterm" name="id329247"></a>
                         <a class="indexterm" name="id329254"></a>
+                        <a class="indexterm" name="id327741"></a>
+                        <a class="indexterm" name="id327747"></a>
+                        <a class="indexterm" name="id327753"></a>
                         Verify that the printers have the IP addresses assigned in the DHCP server configuration file.
                         The easiest way to do this is to ping the printer name. Immediately after the ping response
 …
                         <code class="filename">/etc/dhcpd.conf</code> file.
                         </p></li><li class="step" title="Step 5"><p>
                         <a class="indexterm" name="id329307"></a>
+                        <a class="indexterm" name="id327807"></a>
                         Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool:
 </p><pre class="screen">
 …
 smb: \&gt; q
 </pre><p>
                         </p></li></ol></div></div><div class="procedure" title="Procedure 2.3. Windows XP Professional Client Configuration"><a name="id329344"></a><p class="title"><b>Procedure 2.3. Windows XP Professional Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                        </p></li></ol></div></div><div class="procedure" title="Procedure 2.3. Windows XP Professional Client Configuration"><a name="id327844"></a><p class="title"><b>Procedure 2.3. Windows XP Professional Client Configuration</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Configure clients to the network settings shown in <a class="link" href="small.html#acct2net" title="Figure 2.1. Abmas Accounting 52-User Network Topology">&#8220;Abmas Accounting  52-User Network Topology&#8221;</a>.
                 All clients use DHCP for TCP/IP protocol stack configuration.
                 <a class="indexterm" name="id329359"></a>
                 <a class="indexterm" name="id329366"></a>
+                <a class="indexterm" name="id327859"></a>
+                <a class="indexterm" name="id327865"></a>
                 DHCP configures all Windows clients to use the WINS Server address <code class="constant">192.168.1.1</code>.
                 </p></li><li class="step" title="Step 2"><p>
 …
                                 Repeat the printer installation steps above for the HP LaserJet 6 printer
                                 as well as for the QMS Magicolor XXXX laser printer.
                                 </p></li></ol></div></li></ol></div><div class="sect2" title="Notebook Computers: A Special Case"><div class="titlepage"><div><div><h3 class="title"><a name="id329633"></a>Notebook Computers: A Special Case</h3></div></div></div><p>
+                                </p></li></ol></div></li></ol></div><div class="sect2" title="Notebook Computers: A Special Case"><div class="titlepage"><div><div><h3 class="title"><a name="id328132"></a>Notebook Computers: A Special Case</h3></div></div></div><p>
         As a network administrator, you already know how to create local machine accounts for Windows 200x/XP
         Professional systems. This is the preferred solution to provide continuity of work for notebook users
 …
         that mean that as the network is more tightly secured, it becomes necessary to modify Windows client
         configuration somewhat.
         </p></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id329652"></a>Key Points Learned</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id328152"></a>Key Points Learned</h3></div></div></div><p>
                 In this network design and implementation exercise, you created a Windows NT4-style Domain
                 Controller using Samba-3.0.20. Following these guidelines, you experienced
 …
                 you build on the experience. These are the highlights from this chapter:
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         <a class="indexterm" name="id329669"></a>
+                        <a class="indexterm" name="id328168"></a>
                         You implemented a DHCP server, and Microsoft Windows clients were able to obtain all necessary
                         network configuration settings from this server.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id329681"></a>
+                        <a class="indexterm" name="id328180"></a>
                         You created a Windows Domain Controller. You were able to use the network logon service
                         and successfully joined Windows 200x/XP Professional clients to the Domain.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id329693"></a>
+                        <a class="indexterm" name="id328193"></a>
                         You created raw print queues in the CUPS printing system. You maintained a simple
                         printing system so that all users can share centrally managed printers. You installed
 …
                         You offered Mobile notebook users a solution that allows them to continue to work
                         while away from the office and not connected to the corporate network.
                         </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id329716"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id328216"></a>Questions and Answers</h2></div></div></div><p>
         Your new Domain Controller is ready to serve you. What does it mean? Here are some questions and answers that
         may help.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id329726"></a><dl><dt>1. <a href="small.html#id329728">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id328226"></a><dl><dt>1. <a href="small.html#id328228">
                 What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
                 </a></dt><dt>2. <a href="small.html#id329750">
+                </a></dt><dt>2. <a href="small.html#id328249">
                 Are there any DHCP server configuration parameters in the /etc/dhcpd.conf
                 that should be noted in particular?
                 </a></dt><dt>3. <a href="small.html#id329776">
+                </a></dt><dt>3. <a href="small.html#id328275">
                 Is it possible to create a Windows Domain account that is specifically called Administrator?
                 </a></dt><dt>4. <a href="small.html#id329810">
+                </a></dt><dt>4. <a href="small.html#id328309">
                 Why is it necessary to give the Windows Domain Administrator a UNIX UID of 0?
                 </a></dt><dt>5. <a href="small.html#id329843">
+                </a></dt><dt>5. <a href="small.html#id328342">
                 One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
                 root access. How can we do this?
                 </a></dt><dt>6. <a href="small.html#id329878">
+                </a></dt><dt>6. <a href="small.html#id328378">
                 Why must I map Windows Domain Groups to UNIX groups?
                 </a></dt><dt>7. <a href="small.html#id329912">
+                </a></dt><dt>7. <a href="small.html#id328412">
                 I deleted my root account and now I cannot add it back! What can I do?
                 </a></dt><dt>8. <a href="small.html#id329978">
+                </a></dt><dt>8. <a href="small.html#id328477">
                 When I run net groupmap list, it reports a group called Administrators
                 as well as Domain Admins. What is the difference between them?
                 </a></dt><dt>9. <a href="small.html#id330018">
+                </a></dt><dt>9. <a href="small.html#id328517">
                 What is the effect of changing the name of a Samba server or of changing the Domain name?
                 </a></dt><dt>10. <a href="small.html#id330060">
+                </a></dt><dt>10. <a href="small.html#id328559">
                 How can I manage user accounts from my Windows XP Professional workstation?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id329728"></a><a name="id329730"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id328228"></a><a name="id328230"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>
                 What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 default routes and DNS server addresses that apply only to the Abmas office environment do
                 not interfere with remote operations. This is an extremely important feature of DHCP.
                 </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id329750"></a><a name="id329752"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id328249"></a><a name="id328251"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>
                 Are there any DHCP server configuration parameters in the <code class="filename">/etc/dhcpd.conf</code>
                 that should be noted in particular?
 …
                 NetBIOS machine name needs to be resolved to an IP Address. This configuration
                 results in far lower UDP broadcast traffic than would be the case if WINS was not used.
                 </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id329776"></a><a name="id329778"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id328275"></a><a name="id328277"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>
                 Is it possible to create a Windows Domain account that is specifically called <code class="constant">Administrator</code>?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 necessary to use the <em class="parameter"><code>username map</code></em> facility to map this account to the UNIX
                 account called <code class="constant">root</code>.
                 </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id329810"></a><a name="id329812"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id328309"></a><a name="id328311"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>
                 Why is it necessary to give the Windows Domain <code class="constant">Administrator</code> a UNIX UID of 0?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 settings within the Domain and on the Samba server, equivalent rights must be assigned. This is
                 achieved with the <code class="constant">root</code> UID equal to 0.
                 </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id329843"></a><a name="id329845"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id328342"></a><a name="id328345"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>
                 One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
                 <code class="constant">root</code> access. How can we do this?
 …
                 This must be the primary GID of the account of the user who is a member of the Windows <code class="constant">
                 Domain Admins</code> account.
                 </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id329878"></a><a name="id329880"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id328378"></a><a name="id328380"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>
                 Why must I map Windows Domain Groups to UNIX groups?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 has a UNIX group account equivalent. The Domain groups that should be given UNIX equivalents are
                 <span class="guimenu">Domain Guests</span>, <span class="guimenu">Domain Users</span>, and <span class="guimenu">Domain Admins</span>.
                 </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id329912"></a><a name="id329914"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id328412"></a><a name="id328414"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>
                 I deleted my <code class="constant">root</code> account and now I cannot add it back! What can I do?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                         </p></li><li class="step" title="Step 4"><p>
                         Restore the <code class="filename">group_mapping.tdb</code> file.
                         </p></li></ol></div></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id329978"></a><a name="id329980"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
+                        </p></li></ol></div></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id328477"></a><a name="id328479"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>
                 When I run <code class="literal">net groupmap list</code>, it reports a group called <span class="guimenu">Administrators</span>
                 as well as <span class="guimenu">Domain Admins</span>. What is the difference between them?
 …
                 Groups at this time. A Workstation or Server Local Group has no meaning in a Samba context. This
                 may change at some later date. These accounts are provided only so that security objects are correctly shown.
                 </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id330018"></a><a name="id330020"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id328517"></a><a name="id328519"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>
                 What is the effect of changing the name of a Samba server or of changing the Domain name?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
 …
                 or the <code class="literal">smbpasswd</code> (Samba-2.2.x). To change the SID, you use the same tool. Be sure
                 to check the man page for this command for detailed instructions regarding the steps involved.
                 </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id330060"></a><a name="id330062"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id328559"></a><a name="id328561"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>
                 How can I manage user accounts from my Windows XP Professional workstation?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/unixclients.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 7. Adding Domain Member Servers and Clients</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="next" href="upgrades.html" title="Chapter 8. Updating Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 7. Adding Domain Member Servers and Clients</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DMSMig.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="upgrades.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 7. Adding Domain Member Servers and Clients"><div class="titlepage"><div><div><h2 class="title"><a name="unixclients"></a>Chapter 7. Adding Domain Member Servers and Clients</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="unixclients.html#id357946">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id357994">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358022">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id358046">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id358646">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id358731">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id364506">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id365002">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id365047">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id357857"></a><a class="indexterm" name="id357864"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 7. Adding Domain Member Servers and Clients</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="next" href="upgrades.html" title="Chapter 8. Updating Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 7. Adding Domain Member Servers and Clients</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="DMSMig.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="upgrades.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 7. Adding Domain Member Servers and Clients"><div class="titlepage"><div><div><h2 class="title"><a name="unixclients"></a>Chapter 7. Adding Domain Member Servers and Clients</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="unixclients.html#id356470">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id356518">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id356547">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#id356570">Technical Issues</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id357171">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id357255">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="unixclients.html#sdcsdmldap">Samba Domain with Samba Domain Member Server  Using NSS LDAP</a></span></dt><dt><span class="sect2"><a href="unixclients.html#wdcsdm">NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind</a></span></dt><dt><span class="sect2"><a href="unixclients.html#dcwonss">NT4/Samba Domain with Samba Domain Member Server without NSS Support</a></span></dt><dt><span class="sect2"><a href="unixclients.html#adssdm">Active Directory Domain with Samba Domain Member Server</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id363033">UNIX/Linux Client Domain Member</a></span></dt><dt><span class="sect2"><a href="unixclients.html#id363529">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="unixclients.html#id363573">Questions and Answers</a></span></dt></dl></div><p><a class="indexterm" name="id356381"></a><a class="indexterm" name="id356389"></a>
         The most frequently discussed Samba subjects over the past 2 years have focused around domain control and printing.
         It is well known that Samba is a file and print server. A recent survey conducted by <span class="emphasis"><em>Open Magazine</em></span> found
 …
         the addition of Samba servers into your present Windows network  whatever the controlling technology
         may be. So let's get back to our good friends at Abmas.
         </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id357946"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id357952"></a><a class="indexterm" name="id357960"></a>
+        </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id356470"></a>Introduction</h2></div></div></div><p><a class="indexterm" name="id356476"></a><a class="indexterm" name="id356484"></a>
         Looking back over the achievements of the past year or two, daily events at Abmas are rather straightforward
         with not too many distractions or problems. Your team is doing well, but a number of employees
         are asking for Linux desktop systems. Your network has grown and demands additional domain member servers. Let's
         get on with this; Christine and Stan are ready to go.
         </p><p><a class="indexterm" name="id357978"></a>
+        </p><p><a class="indexterm" name="id356502"></a>
         Stan is firmly in control of the department of the future, while Christine is enjoying a stable and
         predictable network environment. It is time to add more servers and to add Linux desktops. It is
         time to meet the demands of future growth and endure trial by fire.
         </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id357994"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id358000"></a>
+        </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id356518"></a>Assignment Tasks</h3></div></div></div><p><a class="indexterm" name="id356525"></a>
         You must now add UNIX/Linux domain member servers to your network. You have a friend who has a Windows 2003
         Active Directory domain network who wants to add a Samba/Linux server and has asked Christine to help him
 …
         do likewise at Swodniw Biz NL (your friend's company) to help them to evaluate a Linux desktop. You want to make
         the right decision, don't you?
         </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id358022"></a>Dissection and Discussion</h2></div></div></div><p>
         <a class="indexterm" name="id358030"></a>
+        </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id356547"></a>Dissection and Discussion</h2></div></div></div><p>
+        <a class="indexterm" name="id356554"></a>
         Recent Samba mailing-list activity is witness to how many sites are using winbind. Some have no trouble
         at all with it, yet to others the problems seem insurmountable. Periodically there are complaints concerning
 …
         resolution. You also provide working examples of solutions for integrated authentication for
         both UNIX/Linux and Windows environments.
         </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id358046"></a>Technical Issues</h3></div></div></div><p>
+        </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id356570"></a>Technical Issues</h3></div></div></div><p>
                 One of the great challenges we face when people ask us, <span class="quote">&#8220;<span class="quote">What is the best way to solve
                 this problem?</span>&#8221;</span> is to get beyond the facts so we not only can clearly comprehend
                 the immediate technical problem, but also can understand how needs may change.
                 </p><p>
                 <a class="indexterm" name="id358063"></a>
+                <a class="indexterm" name="id356587"></a>
                 There are a few facts we should note when dealing with the question of how best to
                 integrate UNIX/Linux clients and servers into a Windows networking environment:
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         <a class="indexterm" name="id358078"></a>
                         <a class="indexterm" name="id358084"></a>
                         <a class="indexterm" name="id358091"></a>
                         <a class="indexterm" name="id358100"></a>
                         <a class="indexterm" name="id358107"></a>
+                        <a class="indexterm" name="id356602"></a>
+                        <a class="indexterm" name="id356609"></a>
+                        <a class="indexterm" name="id356615"></a>
+                        <a class="indexterm" name="id356625"></a>
+                        <a class="indexterm" name="id356631"></a>
                         A domain controller (PDC or BDC) is always authoritative for all accounts in its domain.
                         This means that a BDC must (of necessity) be able to resolve all account UIDs and GIDs
                         to the same values that the PDC resolved them to.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id358120"></a>
                         <a class="indexterm" name="id358127"></a>
                         <a class="indexterm" name="id358138"></a>
                         <a class="indexterm" name="id358145"></a>
+                        <a class="indexterm" name="id356644"></a>
+                        <a class="indexterm" name="id356651"></a>
+                        <a class="indexterm" name="id356662"></a>
+                        <a class="indexterm" name="id356669"></a>
                         A domain member can be authoritative for local accounts, but is never authoritative for
                         domain accounts. If a user is accessing a domain member server and that user's account
 …
                         number of sources:
                         </p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>
                                 <a class="indexterm" name="id358173"></a>
                                 <a class="indexterm" name="id358180"></a>
                                 <a class="indexterm" name="id358187"></a>
                                 <a class="indexterm" name="id358193"></a>
                                 <a class="indexterm" name="id358200"></a>
+                                <a class="indexterm" name="id356697"></a>
+                                <a class="indexterm" name="id356704"></a>
+                                <a class="indexterm" name="id356711"></a>
+                                <a class="indexterm" name="id356718"></a>
+                                <a class="indexterm" name="id356724"></a>
                                 By executing a system <code class="literal">getpwnam()</code> or <code class="literal">getgrnam()</code> call.
                                 On systems that support it, this utilizes the name service switch (NSS) facility to
 …
                                 file. NSS can be configured to use LDAP, winbind, NIS, or local files.
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id358231"></a>
                                 <a class="indexterm" name="id358238"></a>
                                 <a class="indexterm" name="id358245"></a>
+                                <a class="indexterm" name="id356755"></a>
+                                <a class="indexterm" name="id356762"></a>
+                                <a class="indexterm" name="id356769"></a>
                                 Performing, via NSS, a direct LDAP search (where an LDAP passdb backend has been configured).
                                 This requires the use of the PADL nss_ldap tool (or equivalent).
                                 </p></li><li class="listitem"><p>
                                 <a class="indexterm" name="id358257"></a>
                                 <a class="indexterm" name="id358264"></a>
                                 <a class="indexterm" name="id358271"></a>
                                 <a class="indexterm" name="id358277"></a>
+                                <a class="indexterm" name="id356782"></a>
+                                <a class="indexterm" name="id356788"></a>
+                                <a class="indexterm" name="id356795"></a>
+                                <a class="indexterm" name="id356802"></a>
                                 Directly by querying <code class="literal">winbindd</code>. The <code class="literal">winbindd</code>
                                 contacts a domain controller to attempt to resolve the identity of the user or group. It
 …
                                 <code class="filename">winbindd_cache.tdb</code> files.
                                 </p><p>
                                 <a class="indexterm" name="id358314"></a>
                                 <a class="indexterm" name="id358321"></a>
+                                <a class="indexterm" name="id356838"></a>
+                                <a class="indexterm" name="id356845"></a>
                                 If the parameter <a class="link" href="smb.conf.5.html#IDMAPBACKEND" target="_top">idmap backend = ldap:ldap://myserver.domain</a>
                                 was specified and the LDAP server has been configured with a container in which it may
 …
                         casual user.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id358380"></a>
                         <a class="indexterm" name="id358387"></a>
                         <a class="indexterm" name="id358397"></a>
+                        <a class="indexterm" name="id356904"></a>
+                        <a class="indexterm" name="id356911"></a>
+                        <a class="indexterm" name="id356920"></a>
                         If you wish to make use of accounts (users and/or groups) that are local to (i.e., capable
                         of being resolved using) the NSS facility, it is possible to use the
 …
                         and to domain member servers.
                         </p></li></ul></div><p>
                 <a class="indexterm" name="id358428"></a>
                 <a class="indexterm" name="id358434"></a>
                 <a class="indexterm" name="id358441"></a>
+                <a class="indexterm" name="id356952"></a>
+                <a class="indexterm" name="id356959"></a>
+                <a class="indexterm" name="id356966"></a>
                 For many administrators, it should be plain that the use of an LDAP-based repository for all network
                 accounts (both for POSIX accounts and for Samba accounts) provides the most elegant and
                 controllable facility. You eventually appreciate the decision to use LDAP.
                 </p><p>
                 <a class="indexterm" name="id358454"></a>
                 <a class="indexterm" name="id358460"></a>
                 <a class="indexterm" name="id358467"></a>
+                <a class="indexterm" name="id356978"></a>
+                <a class="indexterm" name="id356985"></a>
+                <a class="indexterm" name="id356992"></a>
                 If your network account information resides in an LDAP repository, you should use it ahead of any
                 alternative method. This means that if it is humanly possible to use the <code class="literal">nss_ldap</code>
 …
                 throughout the network.
                 </p><p>
                 <a class="indexterm" name="id358486"></a>
                 <a class="indexterm" name="id358495"></a>
                 <a class="indexterm" name="id358502"></a>
                 <a class="indexterm" name="id358509"></a>
                 <a class="indexterm" name="id358515"></a>
                 <a class="indexterm" name="id358522"></a>
+                <a class="indexterm" name="id357011"></a>
+                <a class="indexterm" name="id357020"></a>
+                <a class="indexterm" name="id357027"></a>
+                <a class="indexterm" name="id357034"></a>
+                <a class="indexterm" name="id357041"></a>
+                <a class="indexterm" name="id357048"></a>
                 In the situation where UNIX accounts are held on the domain member server itself, the only effective
                 way to use them involves the <code class="filename">smb.conf</code> entry
 …
                 disables the use of Samba with trusted domains (i.e., external domains).
                 </p><p>
                 <a class="indexterm" name="id358570"></a>
                 <a class="indexterm" name="id358577"></a>
                 <a class="indexterm" name="id358586"></a>
                 <a class="indexterm" name="id358593"></a>
+                <a class="indexterm" name="id357095"></a>
+                <a class="indexterm" name="id357102"></a>
+                <a class="indexterm" name="id357111"></a>
+                <a class="indexterm" name="id357118"></a>
                 Winbind can be used to create an appliance mode domain member server. In this capacity, <code class="literal">winbindd</code>
                 is configured to automatically allocate UIDs/GIDs from numeric ranges set in the <code class="filename">smb.conf</code> file. The allocation
 …
                 is stored in the <code class="filename">winbindd_idmap.tdb</code> and <code class="filename">winbindd_cache.tdb</code> files.
                 </p><p>
                 <a class="indexterm" name="id358634"></a>
+                <a class="indexterm" name="id357159"></a>
                 The use of an LDAP backend for the Winbind IDMAP facility permits Windows domain SIDs
                 mappings to UIDs/GIDs to be stored centrally. The result is a consistent mapping across all domain member
                 servers so configured. This solves one of the major headaches for network administrators who need to copy
                 files between or across network file servers.
                 </p></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id358646"></a>Political Issues</h3></div></div></div><p>
                 <a class="indexterm" name="id358654"></a>
                 <a class="indexterm" name="id358661"></a>
                 <a class="indexterm" name="id358667"></a>
                 <a class="indexterm" name="id358676"></a>
+                </p></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id357171"></a>Political Issues</h3></div></div></div><p>
+                <a class="indexterm" name="id357179"></a>
+                <a class="indexterm" name="id357186"></a>
+                <a class="indexterm" name="id357192"></a>
+                <a class="indexterm" name="id357201"></a>
                 One of the most fierce conflicts recently being waged is resistance to the adoption of LDAP, in
                 particular OpenLDAP, as a replacement for UNIX NIS (previously called Yellow Pages). Let's face it, LDAP
 …
                 commercial integration products. But it's not what Active Directory was designed for.
                 </p><p>
                 <a class="indexterm" name="id358707"></a>
                 <a class="indexterm" name="id358713"></a>
+                <a class="indexterm" name="id357232"></a>
+                <a class="indexterm" name="id357238"></a>
                 A number of long-term UNIX devotees have recently commented in various communications that the Samba Team
                 is the first application group to almost force network administrators to use LDAP. It should be pointed
 …
                 finally emerged as the preferred identity management backend for Samba. We recommend LDAP for your total
                 organizational directory needs.
                 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id358731"></a>Implementation</h2></div></div></div><p>
         <a class="indexterm" name="id358738"></a>
         <a class="indexterm" name="id358748"></a>
         <a class="indexterm" name="id358757"></a>
+                </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id357255"></a>Implementation</h2></div></div></div><p>
+        <a class="indexterm" name="id357263"></a>
+        <a class="indexterm" name="id357272"></a>
+        <a class="indexterm" name="id357282"></a>
         The domain member server and the domain member client are at the center of focus in this chapter.
         Configuration of Samba-3 domain controller is covered in earlier chapters, so if your
 …
         oil that helps you to add domain member servers and clients.
         </p><p>
         <a class="indexterm" name="id358770"></a>
+        <a class="indexterm" name="id357295"></a>
         In practice, domain member servers and domain member workstations are very different entities, but in
         terms of technology they share similar core infrastructure. A technologist would argue that servers
 …
         but a server is viewed as a core component of the business.
         </p><p>
         <a class="indexterm" name="id358787"></a>
+        <a class="indexterm" name="id357312"></a>
         We can look at this another way. If a workstation breaks down, one user is affected, but if a
         server breaks down, hundreds of users may not be able to work. The services that a workstation
 …
         and is distribution oriented.
         </p><p>
         <a class="indexterm" name="id358800"></a>
         <a class="indexterm" name="id358807"></a>
         <a class="indexterm" name="id358813"></a>
+        <a class="indexterm" name="id357325"></a>
+        <a class="indexterm" name="id357331"></a>
+        <a class="indexterm" name="id357338"></a>
         <span class="emphasis"><em>Why is this important?</em></span> For starters, we must identify what
         components of the operating system and its environment must be configured. Also, it is necessary
 …
         what type of service need must be fulfilled.
         </p><div class="sect2" title="Samba Domain with Samba Domain Member Server Using NSS LDAP"><div class="titlepage"><div><div><h3 class="title"><a name="sdcsdmldap"></a>Samba Domain with Samba Domain Member Server  Using NSS LDAP</h3></div></div></div><p>
         <a class="indexterm" name="id358848"></a>
         <a class="indexterm" name="id358854"></a>
         <a class="indexterm" name="id358861"></a>
         <a class="indexterm" name="id358868"></a>
         <a class="indexterm" name="id358877"></a>
         <a class="indexterm" name="id358884"></a>
+        <a class="indexterm" name="id357374"></a>
+        <a class="indexterm" name="id357380"></a>
+        <a class="indexterm" name="id357387"></a>
+        <a class="indexterm" name="id357394"></a>
+        <a class="indexterm" name="id357403"></a>
+        <a class="indexterm" name="id357410"></a>
         In this example, it is assumed that you have Samba PDC/BDC servers. This means you are using
         an LDAP ldapsam backend. We are adding to the LDAP backend database (directory)
 …
         so that all domain member servers can use a consistent mapping.
         </p><p>
         <a class="indexterm" name="id358942"></a>
         <a class="indexterm" name="id358948"></a>
         <a class="indexterm" name="id358955"></a>
+        <a class="indexterm" name="id357467"></a>
+        <a class="indexterm" name="id357474"></a>
+        <a class="indexterm" name="id357481"></a>
         If your installation is accessed only from clients that are members of your own domain, and all
         user accounts are present in a local passdb backend then it is not necessary to run
 …
         source can be provided from
         </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 <a class="indexterm" name="id358988"></a>
                 <a class="indexterm" name="id358995"></a>
+                <a class="indexterm" name="id357514"></a>
+                <a class="indexterm" name="id357520"></a>
                 Accounts in <code class="filename">/etc/passwd</code> or in <code class="filename">/etc/group</code>.
                 </p></li><li class="listitem"><p>
                 <a class="indexterm" name="id359018"></a>
                 <a class="indexterm" name="id359025"></a>
                 <a class="indexterm" name="id359031"></a>
                 <a class="indexterm" name="id359038"></a>
                 <a class="indexterm" name="id359045"></a>
                 <a class="indexterm" name="id359052"></a>
                 <a class="indexterm" name="id359058"></a>
                 <a class="indexterm" name="id359065"></a>
                 <a class="indexterm" name="id359072"></a>
+                <a class="indexterm" name="id357544"></a>
+                <a class="indexterm" name="id357550"></a>
+                <a class="indexterm" name="id357557"></a>
+                <a class="indexterm" name="id357564"></a>
+                <a class="indexterm" name="id357571"></a>
+                <a class="indexterm" name="id357578"></a>
+                <a class="indexterm" name="id357584"></a>
+                <a class="indexterm" name="id357591"></a>
+                <a class="indexterm" name="id357598"></a>
                 Resolution via NSS. On NSS-enabled systems, there is usually a facility to resolve IDs
                 via multiple methods. The methods typically include <code class="literal">files</code>,
 …
         used only locally on the Samba domain member server under discussion.
         </p></div><p>
         <a class="indexterm" name="id359146"></a>
+        <a class="indexterm" name="id357673"></a>
         The diagram in <a class="link" href="unixclients.html#ch9-sambadc" title="Figure 7.2. Samba Domain: Samba Member Server">&#8220;Samba Domain: Samba Member Server&#8221;</a> demonstrates the relationship of Samba and system
         components that are involved in the identity resolution process where Samba is used as a domain
         member server within a Samba domain control network.
         </p><div class="figure"><a name="ch9-sambadc"></a><p class="title"><b>Figure 7.2. Samba Domain: Samba Member Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap9-SambaDC.png" width="324" alt="Samba Domain: Samba Member Server"></div></div></div><br class="figure-break"><p>
         <a class="indexterm" name="id359206"></a>
         <a class="indexterm" name="id359213"></a>
+        <a class="indexterm" name="id357733"></a>
+        <a class="indexterm" name="id357739"></a>
         In this example configuration, Samba will directly search the LDAP-based passwd backend ldapsam
         to obtain authentication and user identity information. The IDMAP information is stored in the LDAP
 …
         If the network does not have an LDAP slave server (i.e., <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a> configuration),
         change the target LDAP server from <code class="constant">lapdc</code> to <code class="constant">massive.</code>
         </p><div class="procedure" title="Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution"><a name="id359255"></a><p class="title"><b>Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution"><a name="id357782"></a><p class="title"><b>Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Create the <code class="filename">smb.conf</code> file as shown in <a class="link" href="unixclients.html#ch9-sdmsdc" title="Example 7.1. Samba Domain Member in Samba Domain Using LDAP smb.conf File">&#8220;Samba Domain Member in Samba Domain Using LDAP  smb.conf File&#8221;</a>. Locate
                 this file in the directory <code class="filename">/etc/samba</code>.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id359292"></a>
+                <a class="indexterm" name="id357819"></a>
                 Configure the file that will be used by <code class="constant">nss_ldap</code> to
                 locate and communicate with the LDAP server. This file is called <code class="filename">ldap.conf</code>.
 …
                 <a class="link" href="unixclients.html#ch9-sdmnss" title="Example 7.4. NSS using LDAP for Identity Resolution File: /etc/nsswitch.conf">&#8220;NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf&#8221;</a>.
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id359372"></a>
                 <a class="indexterm" name="id359379"></a>
+                <a class="indexterm" name="id357899"></a>
+                <a class="indexterm" name="id357906"></a>
                 Before proceeding to configure Samba, validate the operation of the NSS identity
                 resolution via LDAP by executing:
 …
 sammy:x:4321:
 </pre><p>
                 <a class="indexterm" name="id359426"></a>
                 <a class="indexterm" name="id359433"></a>
                 <a class="indexterm" name="id359440"></a>
+                <a class="indexterm" name="id357953"></a>
+                <a class="indexterm" name="id357960"></a>
+                <a class="indexterm" name="id357966"></a>
                 This shows that all is working as it should be. Notice that in the LDAP database
                 the users' primary and secondary group memberships are identical. It is not
 …
                 after Samba-3.0.20 has been released.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id359458"></a>
+                <a class="indexterm" name="id357985"></a>
                 The LDAP directory must have a container object for IDMAP data. There are several ways you can
                 check that your LDAP database is able to receive IDMAP information. One of the simplest is to
 …
 ou: idmap
 </pre><p>
                 <a class="indexterm" name="id359479"></a>
+                <a class="indexterm" name="id358006"></a>
                 If the execution of this command does not return IDMAP entries, you need to create an LDIF
                 template file (see <a class="link" href="unixclients.html#ch9-ldifadd" title="Example 7.2. LDIF IDMAP Add-On Load File File: /etc/openldap/idmap.LDIF">&#8220;LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF&#8221;</a>). You can add the required entries using
 …
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id359538"></a>
                 <a class="indexterm" name="id359549"></a>
+                <a class="indexterm" name="id358066"></a>
+                <a class="indexterm" name="id358077"></a>
                 The system is ready to join the domain. Execute the following:
 </p><pre class="screen">
 …
 <code class="prompt">root# </code> net rpc join -S 'pdc-name' -U administrator%password -d 5
 </pre><p>
                 <a class="indexterm" name="id359616"></a>
                 <a class="indexterm" name="id359623"></a>
                 <a class="indexterm" name="id359629"></a>
                 <a class="indexterm" name="id359636"></a>
+                <a class="indexterm" name="id358143"></a>
+                <a class="indexterm" name="id358150"></a>
+                <a class="indexterm" name="id358157"></a>
+                <a class="indexterm" name="id358164"></a>
                 Note: Use "root" for UNIX/Linux and Samba, use "Administrator" for Windows NT4/200X. If the cause of
                 the failure appears to be related to a rejected or failed NT_SESSION_SETUP*  or an error message that
 …
 </pre><p>
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id359688"></a>
+                <a class="indexterm" name="id358216"></a>
                 Just joining the domain is not quite enough; you must now provide a privileged set
                 of credentials through which <code class="literal">winbindd</code> can interact with the
 …
                 You may now start Samba in the usual manner, and your Samba domain member server
                 is ready for use. Just add shares as required.
                 </p></li></ol></div><div class="example"><a name="ch9-sdmsdc"></a><p class="title"><b>Example 7.1. Samba Domain Member in Samba Domain Using LDAP  <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id359761"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id359773"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id359784"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id359796"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id359807"></a><em class="parameter"><code>log level = 10</code></em></td></tr><tr><td><a class="indexterm" name="id359819"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id359830"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id359842"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id359853"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id359865"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id359876"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id359888"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id359899"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id359911"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id359923"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id359934"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id359946"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id359957"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id359969"></a><em class="parameter"><code>idmap backend = ldap:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id359981"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id359992"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id360004"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360016"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id360027"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id360047"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id360059"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id360070"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id360082"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id360102"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id360114"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id360125"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360137"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360148"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id360169"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id360180"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id360192"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id360204"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch9-ldifadd"></a><p class="title"><b>Example 7.2. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
+                </p></li></ol></div><div class="example"><a name="ch9-sdmsdc"></a><p class="title"><b>Example 7.1. Samba Domain Member in Samba Domain Using LDAP  <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id358288"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id358300"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id358311"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id358323"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id358334"></a><em class="parameter"><code>log level = 10</code></em></td></tr><tr><td><a class="indexterm" name="id358346"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id358357"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id358369"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id358380"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id358392"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id358403"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id358415"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id358426"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id358438"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id358450"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id358461"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id358473"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id358484"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id358496"></a><em class="parameter"><code>idmap backend = ldap:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id358508"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id358519"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id358531"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id358543"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id358554"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id358574"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id358586"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id358598"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id358609"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id358629"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id358641"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id358652"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id358664"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id358675"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id358696"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id358707"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id358719"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id358731"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch9-ldifadd"></a><p class="title"><b>Example 7.2. LDIF IDMAP Add-On Load File  File: /etc/openldap/idmap.LDIF</b></p><div class="example-contents"><pre class="screen">
 dn: ou=Idmap,dc=abmas,dc=biz
 objectClass: organizationalUnit
 …
                 The Samba domain member server must be part of a Windows NT4 Domain, or a Samba Domain.
                 </p></li></ul></div><p>
         <a class="indexterm" name="id360323"></a>
         <a class="indexterm" name="id360329"></a>
         <a class="indexterm" name="id360336"></a>
+        <a class="indexterm" name="id358850"></a>
+        <a class="indexterm" name="id358857"></a>
+        <a class="indexterm" name="id358864"></a>
         Later in the chapter, you can see how to configure a Samba domain member server for a Windows ADS domain.
         Right now your objective is to configure a Samba server that can be a member of a Windows NT4-style
         domain and/or does not use LDAP.
         </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         <a class="indexterm" name="id360349"></a>
+        <a class="indexterm" name="id358877"></a>
         If you use <code class="literal">winbind</code> for identity resolution, make sure that there are no
         duplicate accounts.
         </p><p>
         <a class="indexterm" name="id360366"></a>
+        <a class="indexterm" name="id358894"></a>
         For example, do not have more than one account that has UID=0 in the password database. If there
         is an account called <code class="constant">root</code> in the <code class="filename">/etc/passwd</code> database,
 …
         <code class="constant">root</code>.
         </p><p>
         <a class="indexterm" name="id360400"></a>
         <a class="indexterm" name="id360406"></a>
         <a class="indexterm" name="id360413"></a>
+        <a class="indexterm" name="id358927"></a>
+        <a class="indexterm" name="id358934"></a>
+        <a class="indexterm" name="id358941"></a>
         Winbind will break if there is an account in <code class="filename">/etc/passwd</code> that has
         the same UID as an account that is in LDAP ldapsam (or in tdbsam) but that differs in name only.
         </p></div><p>
         <a class="indexterm" name="id360431"></a>
         <a class="indexterm" name="id360437"></a>
         <a class="indexterm" name="id360444"></a>
         <a class="indexterm" name="id360451"></a>
         <a class="indexterm" name="id360460"></a>
+        <a class="indexterm" name="id358958"></a>
+        <a class="indexterm" name="id358965"></a>
+        <a class="indexterm" name="id358972"></a>
+        <a class="indexterm" name="id358979"></a>
+        <a class="indexterm" name="id358988"></a>
         The following configuration uses CIFS/SMB protocols alone to obtain user and group credentials.
         The winbind information is locally cached in the <code class="filename">winbindd_cache.tdb winbindd_idmap.tdb</code>
 …
         files using the tool <code class="literal">tdbdump</code>, though you may have to build this from the Samba
         source code if it has not been supplied as part of a binary package distribution that you may be using.
         </p><div class="procedure" title="Procedure 7.2. Configuration of Winbind-Based Identity Resolution"><a name="id360484"></a><p class="title"><b>Procedure 7.2. Configuration of Winbind-Based Identity Resolution</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 7.2. Configuration of Winbind-Based Identity Resolution"><a name="id359012"></a><p class="title"><b>Procedure 7.2. Configuration of Winbind-Based Identity Resolution</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Using your favorite text editor, create the <code class="filename">smb.conf</code> file so it has the contents
                 shown in <a class="link" href="unixclients.html#ch0-NT4DSDM" title="Example 7.5. Samba Domain Member Server Using Winbind smb.conf File for NT4 Domain">&#8220;Samba Domain Member Server Using Winbind smb.conf File for NT4 Domain&#8221;</a>.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id360515"></a>
+                <a class="indexterm" name="id359044"></a>
                 Edit the <code class="filename">/etc/nsswitch.conf</code> so it has the entries shown in
                 <a class="link" href="unixclients.html#ch9-sdmnss" title="Example 7.4. NSS using LDAP for Identity Resolution File: /etc/nsswitch.conf">&#8220;NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf&#8221;</a>.
                 </p></li><li class="step" title="Step 3"><p>
                 <a class="indexterm" name="id360540"></a>
+                <a class="indexterm" name="id359069"></a>
                 The system is ready to join the domain. Execute the following:
 </p><pre class="screen">
 …
                 </p></li><li class="step" title="Step 4"><p>
                 <a class="indexterm" name="id360565"></a>
                 <a class="indexterm" name="id360572"></a>
+                <a class="indexterm" name="id359094"></a>
+                <a class="indexterm" name="id359101"></a>
                 Validate operation of <code class="literal">winbind</code> using the <code class="literal">wbinfo</code>
                 tool as follows:
 …
                 This shows that domain groups have been correctly obtained also.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id360624"></a>
                 <a class="indexterm" name="id360631"></a>
                 <a class="indexterm" name="id360637"></a>
+                <a class="indexterm" name="id359153"></a>
+                <a class="indexterm" name="id359159"></a>
+                <a class="indexterm" name="id359166"></a>
                 The next step verifies that NSS is able to obtain this information
                 correctly from <code class="literal">winbind</code> also.
 …
                 </p></li><li class="step" title="Step 6"><p>
                 The Samba member server of a Windows NT4 domain is ready for use.
                 </p></li></ol></div><div class="example"><a name="ch0-NT4DSDM"></a><p class="title"><b>Example 7.5. Samba Domain Member Server Using Winbind <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id360734"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id360745"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id360757"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id360768"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id360780"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id360791"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id360803"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id360814"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id360826"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id360837"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id360849"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id360860"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id360872"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id360883"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id360895"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id360906"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id360918"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id360929"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id360941"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id360953"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id360973"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id360985"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id360996"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id361008"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id361028"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id361040"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id361051"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361062"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361074"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id361094"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361106"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361118"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id361129"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="NT4/Samba Domain with Samba Domain Member Server without NSS Support"><div class="titlepage"><div><div><h3 class="title"><a name="dcwonss"></a>NT4/Samba Domain with Samba Domain Member Server without NSS Support</h3></div></div></div><p>
+                </p></li></ol></div><div class="example"><a name="ch0-NT4DSDM"></a><p class="title"><b>Example 7.5. Samba Domain Member Server Using Winbind <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id359263"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id359274"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id359286"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id359297"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id359309"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id359320"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id359332"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id359343"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id359355"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id359366"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id359378"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id359389"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id359401"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id359412"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id359424"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id359435"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id359447"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id359458"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id359470"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id359482"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id359502"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id359514"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id359525"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id359537"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id359557"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id359569"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id359580"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id359592"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id359603"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id359623"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id359635"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id359647"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id359658"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="NT4/Samba Domain with Samba Domain Member Server without NSS Support"><div class="titlepage"><div><div><h3 class="title"><a name="dcwonss"></a>NT4/Samba Domain with Samba Domain Member Server without NSS Support</h3></div></div></div><p>
         No matter how many UNIX/Linux administrators there may be who believe that a UNIX operating
         system that does not have NSS and PAM support to be outdated, the fact is there
 …
         is found, it is used. If the account is not found, one will be automatically created
         on the local machine so that it can then be used for all access controls.
         </p><div class="procedure" title="Procedure 7.3. Configuration Using Local Accounts Only"><a name="id361165"></a><p class="title"><b>Procedure 7.3. Configuration Using Local Accounts Only</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 7.3. Configuration Using Local Accounts Only"><a name="id359695"></a><p class="title"><b>Procedure 7.3. Configuration Using Local Accounts Only</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Using your favorite text editor, create the <code class="filename">smb.conf</code> file so it has the contents
                 shown in <a class="link" href="unixclients.html#ch0-NT4DSCM" title="Example 7.6. Samba Domain Member Server Using Local Accounts smb.conf File for NT4 Domain">&#8220;Samba Domain Member Server Using Local Accounts smb.conf File for NT4 Domain&#8221;</a>.
                 </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id361197"></a>
+                </p></li><li class="step" title="Step 2"><p><a class="indexterm" name="id359726"></a>
                 The system is ready to join the domain. Execute the following:
 </p><pre class="screen">
 …
                 </p></li><li class="step" title="Step 4"><p>
                 The Samba member server of a Windows NT4 domain is ready for use.
                 </p></li></ol></div><div class="example"><a name="ch0-NT4DSCM"></a><p class="title"><b>Example 7.6. Samba Domain Member Server Using Local Accounts <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id361282"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id361294"></a><em class="parameter"><code>workgroup = MEGANET3</code></em></td></tr><tr><td><a class="indexterm" name="id361305"></a><em class="parameter"><code>netbios name = BSDBOX</code></em></td></tr><tr><td><a class="indexterm" name="id361317"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id361328"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id361340"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id361351"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id361363"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id361374"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -M '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id361386"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id361398"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id361409"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id361421"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id361432"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id361444"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id361455"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id361467"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id361478"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id361490"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id361511"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id361522"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id361534"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id361545"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id361566"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id361577"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id361589"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361600"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361612"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id361632"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361644"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361655"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id361667"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Active Directory Domain with Samba Domain Member Server"><div class="titlepage"><div><div><h3 class="title"><a name="adssdm"></a>Active Directory Domain with Samba Domain Member Server</h3></div></div></div><p>
         <a class="indexterm" name="id361692"></a>
         <a class="indexterm" name="id361701"></a>
         <a class="indexterm" name="id361707"></a>
+                </p></li></ol></div><div class="example"><a name="ch0-NT4DSCM"></a><p class="title"><b>Example 7.6. Samba Domain Member Server Using Local Accounts <code class="filename">smb.conf</code> File for NT4 Domain</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id359812"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id359823"></a><em class="parameter"><code>workgroup = MEGANET3</code></em></td></tr><tr><td><a class="indexterm" name="id359835"></a><em class="parameter"><code>netbios name = BSDBOX</code></em></td></tr><tr><td><a class="indexterm" name="id359846"></a><em class="parameter"><code>security = DOMAIN</code></em></td></tr><tr><td><a class="indexterm" name="id359858"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id359869"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id359881"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id359892"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id359904"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -M '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id359916"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id359927"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id359939"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id359950"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id359962"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id359974"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id359985"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id359997"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id360008"></a><em class="parameter"><code>hosts allow = 192.168.2., 192.168.3., 127.</code></em></td></tr><tr><td><a class="indexterm" name="id360020"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id360040"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id360052"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id360063"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id360075"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id360095"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id360107"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id360118"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360130"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id360141"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id360162"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id360173"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id360185"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id360196"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"></div><div class="sect2" title="Active Directory Domain with Samba Domain Member Server"><div class="titlepage"><div><div><h3 class="title"><a name="adssdm"></a>Active Directory Domain with Samba Domain Member Server</h3></div></div></div><p>
+        <a class="indexterm" name="id360222"></a>
+        <a class="indexterm" name="id360231"></a>
+        <a class="indexterm" name="id360237"></a>
         One of the much-sought-after features new to Samba-3 is the ability to join an Active Directory
         domain using Kerberos protocols. This makes it possible to operate an entire Windows network
 …
         in. For now, we simply focus on how a Samba-3 server can be made a domain member server.
         </p><p>
         <a class="indexterm" name="id361725"></a>
         <a class="indexterm" name="id361732"></a>
         <a class="indexterm" name="id361738"></a>
         <a class="indexterm" name="id361745"></a>
+        <a class="indexterm" name="id360255"></a>
+        <a class="indexterm" name="id360262"></a>
+        <a class="indexterm" name="id360268"></a>
+        <a class="indexterm" name="id360275"></a>
         The diagram in <a class="link" href="unixclients.html#ch9-adsdc" title="Figure 7.3. Active Directory Domain: Samba Member Server">&#8220;Active Directory Domain: Samba Member Server&#8221;</a> demonstrates how Samba-3 interfaces with
         Microsoft Active Directory components. It should be noted that if Microsoft Windows Services
 …
         is known as <code class="constant">w2k3s.london.abmas.biz</code>. In NetBIOS nomenclature, the
         domain name is <code class="constant">LONDON</code> and the server name is <code class="constant">W2K3S</code>.
         </p><div class="figure"><a name="ch9-adsdc"></a><p class="title"><b>Figure 7.3. Active Directory Domain: Samba Member Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap9-ADSDC.png" width="324" alt="Active Directory Domain: Samba Member Server"></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 7.4. Joining a Samba Server as an ADS Domain Member"><a name="id361844"></a><p class="title"><b>Procedure 7.4. Joining a Samba Server as an ADS Domain Member</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id361856"></a>
+        </p><div class="figure"><a name="ch9-adsdc"></a><p class="title"><b>Figure 7.3. Active Directory Domain: Samba Member Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap9-ADSDC.png" width="324" alt="Active Directory Domain: Samba Member Server"></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 7.4. Joining a Samba Server as an ADS Domain Member"><a name="id360374"></a><p class="title"><b>Procedure 7.4. Joining a Samba Server as an ADS Domain Member</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id360385"></a>
                 Before you try to use Samba-3, you want to know for certain that your executables have
                 support for Kerberos and for LDAP. Execute the following to identify whether or
 …
                 support. You are relieved to know that it is safe to progress.
                 </p></li><li class="step" title="Step 2"><p>
                 <a class="indexterm" name="id361938"></a>
                 <a class="indexterm" name="id361947"></a>
                 <a class="indexterm" name="id361954"></a>
                 <a class="indexterm" name="id361960"></a>
                 <a class="indexterm" name="id361970"></a>
                 <a class="indexterm" name="id361979"></a>
                 <a class="indexterm" name="id361986"></a>
                 <a class="indexterm" name="id361993"></a>
                 <a class="indexterm" name="id361999"></a>
+                <a class="indexterm" name="id360468"></a>
+                <a class="indexterm" name="id360477"></a>
+                <a class="indexterm" name="id360484"></a>
+                <a class="indexterm" name="id360490"></a>
+                <a class="indexterm" name="id360499"></a>
+                <a class="indexterm" name="id360508"></a>
+                <a class="indexterm" name="id360515"></a>
+                <a class="indexterm" name="id360522"></a>
+                <a class="indexterm" name="id360529"></a>
                 The next step is to identify which version of the Kerberos libraries have been used.
                 In order to permit Samba-3 to interoperate with Windows 2003 Active Directory, it is
 …
                 Edit or create the NSS control file so it has the contents shown in <a class="link" href="unixclients.html#ch9-sdmnss" title="Example 7.4. NSS using LDAP for Identity Resolution File: /etc/nsswitch.conf">&#8220;NSS using LDAP for Identity Resolution  File: /etc/nsswitch.conf&#8221;</a>.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id362091"></a>
+                <a class="indexterm" name="id360621"></a>
                 Delete the file <code class="filename">/etc/samba/secrets.tdb</code> if it exists. Of course, you
                 do keep a backup, don't you?
 …
 </pre><p>
                 </p></li><li class="step" title="Step 7"><p>
                 <a class="indexterm" name="id362132"></a>
+                <a class="indexterm" name="id360661"></a>
                 Validate your <code class="filename">smb.conf</code> file using <code class="literal">testparm</code> (as you have
                 done previously). Correct all errors reported before proceeding. The command you
 …
                 ADS domain, let's move on.
                 </p></li><li class="step" title="Step 8"><p>
                 <a class="indexterm" name="id362171"></a>
                 <a class="indexterm" name="id362182"></a>
+                <a class="indexterm" name="id360700"></a>
+                <a class="indexterm" name="id360711"></a>
                 This is a good time to double-check everything and then execute the following
                 command when everything you have done has checked out okay:
 …
                 using Kerberos protocols.
                 </p><p>
                 <a class="indexterm" name="id362207"></a>
                 <a class="indexterm" name="id362214"></a>
+                <a class="indexterm" name="id360736"></a>
+                <a class="indexterm" name="id360743"></a>
                 In the event that you receive no output messages, a silent return means that the
                 domain join failed. You should use <code class="literal">ethereal</code> to identify what
 …
                 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                         <a class="indexterm" name="id362233"></a>
+                        <a class="indexterm" name="id360762"></a>
                         Defective or misconfigured DNS name resolution.
                         </p></li><li class="listitem"><p>
                         <a class="indexterm" name="id362247"></a>
+                        <a class="indexterm" name="id360776"></a>
                         Restrictive security settings on the Windows 200x ADS domain controller
                         preventing needed communications protocols. You can check this by searching
 …
                         </p></li></ul></div><p>
                 <a class="indexterm" name="id362275"></a>
                 <a class="indexterm" name="id362286"></a>
                 <a class="indexterm" name="id362293"></a>
+                <a class="indexterm" name="id360804"></a>
+                <a class="indexterm" name="id360815"></a>
+                <a class="indexterm" name="id360821"></a>
                 In any case, never execute the <code class="literal">net rpc join</code> command in an attempt
                 to join the Samba server to the domain, unless you wish not to use the Kerberos
 …
                 Windows Server 200x ADS has been configured appropriately for mixed mode operation.
                 </p></li><li class="step" title="Step 9"><p>
                 <a class="indexterm" name="id362314"></a>
                 <a class="indexterm" name="id362321"></a>
+                <a class="indexterm" name="id360843"></a>
+                <a class="indexterm" name="id360850"></a>
                 If the <code class="literal">tdbdump</code> is installed on your system (not essential),
                 you can look inside the <code class="filename">/etc/samba/secrets.tdb</code> file. If
 …
                 in this book).
                 </p></li><li class="step" title="Step 11"><p>
                 <a class="indexterm" name="id362371"></a>
+                <a class="indexterm" name="id360900"></a>
                 This is a good time to verify that everything is working. First, check that
                 winbind is able to obtain the list of users and groups from the ADS domain controller.
 …
 </pre><p>
                 Excellent. That worked also, as expected.
                 </p></li><li class="step" title="Step 12"><p><a class="indexterm" name="id362412"></a>
+                </p></li><li class="step" title="Step 12"><p><a class="indexterm" name="id360941"></a>
                 Now repeat this via NSS to validate that full identity resolution is
                 functional as required. Execute:
 …
                 This is very pleasing. Everything works as expected.
                 </p></li><li class="step" title="Step 13"><p>
                 <a class="indexterm" name="id362460"></a>
                 <a class="indexterm" name="id362471"></a>
                 <a class="indexterm" name="id362480"></a>
+                <a class="indexterm" name="id360989"></a>
+                <a class="indexterm" name="id361000"></a>
+                <a class="indexterm" name="id361009"></a>
                 You may now perform final verification that communications between Samba-3 winbind and
                 the Active Directory server is using Kerberos protocols. Execute the following:
 …
                 In any case, the output we obtained confirms that all systems are operational.
                 </p></li><li class="step" title="Step 14"><p>
                 <a class="indexterm" name="id362511"></a>
+                <a class="indexterm" name="id361039"></a>
                 There is one more action you elect to take, just because you are paranoid and disbelieving,
                 so you execute the following command:
 …
         Now all is revealed. Your curiosity, as well as that of your team, has been put at ease.
         May this server serve well all who happen upon it.
         </p><div class="example"><a name="ch9-adssdm"></a><p class="title"><b>Example 7.7. Samba Domain Member <code class="filename">smb.conf</code> File for Active Directory Membership</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id362682"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id362694"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id362705"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id362717"></a><em class="parameter"><code>server string = Samba 3.0.20</code></em></td></tr><tr><td><a class="indexterm" name="id362729"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id362740"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id362752"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id362763"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id362775"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id362786"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id362798"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id362809"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id362821"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id362832"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id362844"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id362855"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id362867"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id362878"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id362899"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id362910"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id362922"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id362933"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id362954"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id362965"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id362977"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id362988"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id363000"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id363020"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id363032"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id363043"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id363055"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="sect3" title="IDMAP_RID with Winbind"><div class="titlepage"><div><div><h4 class="title"><a name="id363067"></a>IDMAP_RID with Winbind</h4></div></div></div><p>
         <a class="indexterm" name="id363075"></a>
         <a class="indexterm" name="id363082"></a>
         <a class="indexterm" name="id363088"></a>
         <a class="indexterm" name="id363095"></a>
+        </p><div class="example"><a name="ch9-adssdm"></a><p class="title"><b>Example 7.7. Samba Domain Member <code class="filename">smb.conf</code> File for Active Directory Membership</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id361212"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id361223"></a><em class="parameter"><code>workgroup = LONDON</code></em></td></tr><tr><td><a class="indexterm" name="id361235"></a><em class="parameter"><code>realm = LONDON.ABMAS.BIZ</code></em></td></tr><tr><td><a class="indexterm" name="id361246"></a><em class="parameter"><code>server string = Samba 3.0.20</code></em></td></tr><tr><td><a class="indexterm" name="id361258"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id361269"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id361281"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id361292"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id361304"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id361315"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id361327"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id361338"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id361350"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id361361"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id361373"></a><em class="parameter"><code>template primary group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id361384"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id361396"></a><em class="parameter"><code>winbind separator = +</code></em></td></tr><tr><td><a class="indexterm" name="id361407"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id361428"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id361439"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id361451"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id361462"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id361483"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id361494"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id361506"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361517"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361529"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id361549"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361561"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id361572"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id361584"></a><em class="parameter"><code>write list = root</code></em></td></tr></table></div></div><br class="example-break"><div class="sect3" title="IDMAP_RID with Winbind"><div class="titlepage"><div><div><h4 class="title"><a name="id361596"></a>IDMAP_RID with Winbind</h4></div></div></div><p>
+        <a class="indexterm" name="id361604"></a>
+        <a class="indexterm" name="id361611"></a>
+        <a class="indexterm" name="id361618"></a>
+        <a class="indexterm" name="id361624"></a>
         The <code class="literal">idmap_rid</code> facility is a new tool that, unlike native winbind, creates a
         predictable mapping of MS Windows SIDs to UNIX UIDs and GIDs. The key benefit of this method
 …
         is not compatible with trusted domain implementations.
         </p><p>
         <a class="indexterm" name="id363115"></a>
         <a class="indexterm" name="id363122"></a>
         <a class="indexterm" name="id363128"></a>
         <a class="indexterm" name="id363135"></a>
+        <a class="indexterm" name="id361644"></a>
+        <a class="indexterm" name="id361650"></a>
+        <a class="indexterm" name="id361657"></a>
+        <a class="indexterm" name="id361664"></a>
         This alternate method of SID to UID/GID  mapping can be achieved with the idmap_rid
         plug-in. This plug-in uses the RID of the user SID to derive the UID and GID by adding the
 …
         <em class="parameter"><code>idmap gid</code></em> ranges must be specified.
         </p><p>
         <a class="indexterm" name="id363164"></a>
         <a class="indexterm" name="id363171"></a>
+        <a class="indexterm" name="id361693"></a>
+        <a class="indexterm" name="id361700"></a>
         The idmap_rid facility can be used both for NT4/Samba-style domains as well as with Active Directory.
         To use this with an NT4 domain, the <em class="parameter"><code>realm</code></em> is not used. Additionally the
 …
         </p><p>
         An example <code class="filename">smb.conf</code> file for an ADS domain environment is shown in <a class="link" href="unixclients.html#sbe-idmapridex" title="Example 7.8. Example smb.conf File Using idmap_rid">&#8220;Example smb.conf File Using idmap_rid&#8221;</a>.
         </p><div class="example"><a name="sbe-idmapridex"></a><p class="title"><b>Example 7.8. Example <code class="filename">smb.conf</code> File Using <code class="constant">idmap_rid</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id363243"></a><em class="parameter"><code>workgroup = KPAK</code></em></td></tr><tr><td><a class="indexterm" name="id363254"></a><em class="parameter"><code>netbios name = BIGJOE</code></em></td></tr><tr><td><a class="indexterm" name="id363266"></a><em class="parameter"><code>realm = CORP.KPAK.COM</code></em></td></tr><tr><td><a class="indexterm" name="id363277"></a><em class="parameter"><code>server string = Office Server</code></em></td></tr><tr><td><a class="indexterm" name="id363289"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id363300"></a><em class="parameter"><code>allow trusted domains = No</code></em></td></tr><tr><td><a class="indexterm" name="id363312"></a><em class="parameter"><code>idmap backend = idmap_rid:KPAK=500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id363324"></a><em class="parameter"><code>idmap uid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id363335"></a><em class="parameter"><code>idmap gid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id363347"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id363359"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id363370"></a><em class="parameter"><code>winbind enum users = No</code></em></td></tr><tr><td><a class="indexterm" name="id363382"></a><em class="parameter"><code>winbind enum groups = No</code></em></td></tr><tr><td><a class="indexterm" name="id363393"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id363405"></a><em class="parameter"><code>printer admin = "KPAK\Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
         <a class="indexterm" name="id363420"></a>
         <a class="indexterm" name="id363427"></a>
         <a class="indexterm" name="id363433"></a>
         <a class="indexterm" name="id363440"></a>
+        </p><div class="example"><a name="sbe-idmapridex"></a><p class="title"><b>Example 7.8. Example <code class="filename">smb.conf</code> File Using <code class="constant">idmap_rid</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id361770"></a><em class="parameter"><code>workgroup = KPAK</code></em></td></tr><tr><td><a class="indexterm" name="id361782"></a><em class="parameter"><code>netbios name = BIGJOE</code></em></td></tr><tr><td><a class="indexterm" name="id361793"></a><em class="parameter"><code>realm = CORP.KPAK.COM</code></em></td></tr><tr><td><a class="indexterm" name="id361805"></a><em class="parameter"><code>server string = Office Server</code></em></td></tr><tr><td><a class="indexterm" name="id361816"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id361828"></a><em class="parameter"><code>allow trusted domains = No</code></em></td></tr><tr><td><a class="indexterm" name="id361839"></a><em class="parameter"><code>idmap backend = idmap_rid:KPAK=500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id361851"></a><em class="parameter"><code>idmap uid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id361863"></a><em class="parameter"><code>idmap gid = 500-100000000</code></em></td></tr><tr><td><a class="indexterm" name="id361874"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id361886"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361898"></a><em class="parameter"><code>winbind enum users = No</code></em></td></tr><tr><td><a class="indexterm" name="id361909"></a><em class="parameter"><code>winbind enum groups = No</code></em></td></tr><tr><td><a class="indexterm" name="id361921"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id361932"></a><em class="parameter"><code>printer admin = "KPAK\Domain Admins"</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id361947"></a>
+        <a class="indexterm" name="id361954"></a>
+        <a class="indexterm" name="id361961"></a>
+        <a class="indexterm" name="id361968"></a>
         In a large domain with many users, it is imperative to disable enumeration of users and groups.
         For example, at a site that has 22,000 users in Active Directory the winbind-based user and
 …
         below.
         </p><p>
         <a class="indexterm" name="id363473"></a>
         <a class="indexterm" name="id363480"></a>
+        <a class="indexterm" name="id362001"></a>
+        <a class="indexterm" name="id362007"></a>
         The use of this tool requires configuration of NSS as per the native use of winbind. Edit the
         <code class="filename">/etc/nsswitch.conf</code> so it has the following parameters:
 …
 </pre><p>
                 </p><p>
                 <a class="indexterm" name="id363555"></a>
+                <a class="indexterm" name="id362082"></a>
                 An invalid or failed join can be detected by executing:
 </p><pre class="screen">
 …
                 </p></li><li class="step" title="Step 5"><p>
                 Validate the operation of this configuration by executing:
                 <a class="indexterm" name="id363616"></a>
+                <a class="indexterm" name="id362144"></a>
 </p><pre class="screen">
 <code class="prompt">root# </code> getent passwd administrator
 administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash
 </pre><p>
                 </p></li></ol></div></div><div class="sect3" title="IDMAP Storage in LDAP using Winbind"><div class="titlepage"><div><div><h4 class="title"><a name="id363637"></a>IDMAP Storage in LDAP using Winbind</h4></div></div></div><p>
         <a class="indexterm" name="id363645"></a>
         <a class="indexterm" name="id363652"></a>
+                </p></li></ol></div></div><div class="sect3" title="IDMAP Storage in LDAP using Winbind"><div class="titlepage"><div><div><h4 class="title"><a name="id362164"></a>IDMAP Storage in LDAP using Winbind</h4></div></div></div><p>
+        <a class="indexterm" name="id362172"></a>
+        <a class="indexterm" name="id362179"></a>
         The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains as well as
         with ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any standards-compliant
 …
         </p><p>
         The example in <a class="link" href="unixclients.html#sbeunxa" title="Example 7.9. Typical ADS Style Domain smb.conf File">&#8220;Typical ADS Style Domain smb.conf File&#8221;</a> is for an ADS-style domain.
         </p><div class="example"><a name="sbeunxa"></a><p class="title"><b>Example 7.9. Typical ADS Style Domain <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id363706"></a><em class="parameter"><code>workgroup = SNOWSHOW</code></em></td></tr><tr><td><a class="indexterm" name="id363718"></a><em class="parameter"><code>netbios name = GOODELF</code></em></td></tr><tr><td><a class="indexterm" name="id363729"></a><em class="parameter"><code>realm = SNOWSHOW.COM</code></em></td></tr><tr><td><a class="indexterm" name="id363741"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id363752"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id363764"></a><em class="parameter"><code>log level = 1 ads:10 auth:10 sam:10 rpc:10</code></em></td></tr><tr><td><a class="indexterm" name="id363776"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id363787"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id363799"></a><em class="parameter"><code>ldap suffix = dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id363811"></a><em class="parameter"><code>idmap backend = ldap:ldap://ldap.snowshow.com</code></em></td></tr><tr><td><a class="indexterm" name="id363822"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id363834"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id363846"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id363857"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
         <a class="indexterm" name="id363872"></a>
+        </p><div class="example"><a name="sbeunxa"></a><p class="title"><b>Example 7.9. Typical ADS Style Domain <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id362234"></a><em class="parameter"><code>workgroup = SNOWSHOW</code></em></td></tr><tr><td><a class="indexterm" name="id362245"></a><em class="parameter"><code>netbios name = GOODELF</code></em></td></tr><tr><td><a class="indexterm" name="id362257"></a><em class="parameter"><code>realm = SNOWSHOW.COM</code></em></td></tr><tr><td><a class="indexterm" name="id362268"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id362280"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id362291"></a><em class="parameter"><code>log level = 1 ads:10 auth:10 sam:10 rpc:10</code></em></td></tr><tr><td><a class="indexterm" name="id362303"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id362315"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id362326"></a><em class="parameter"><code>ldap suffix = dc=SNOWSHOW,dc=COM</code></em></td></tr><tr><td><a class="indexterm" name="id362338"></a><em class="parameter"><code>idmap backend = ldap:ldap://ldap.snowshow.com</code></em></td></tr><tr><td><a class="indexterm" name="id362350"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id362361"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id362373"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id362384"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id362399"></a>
         In the case of an NT4 or Samba-3-style domain the <em class="parameter"><code>realm</code></em> is not used, and the
         command used to join the domain is <code class="literal">net rpc join</code>. The above example also demonstrates
 …
         <span class="quote">&#8220;<span class="quote">The Official Samba-3 HOWTO and Reference Guide, Second Edition</span>&#8221;</span> (TOSHARG2).
         </p><p>
         <a class="indexterm" name="id363900"></a>
         <a class="indexterm" name="id363907"></a>
         <a class="indexterm" name="id363914"></a>
+        <a class="indexterm" name="id362428"></a>
+        <a class="indexterm" name="id362434"></a>
+        <a class="indexterm" name="id362441"></a>
         Where MIT kerberos is installed (version 1.3.4 or later), edit the <code class="filename">/etc/krb5.conf</code>
         file so it has the following contents:
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id363986"></a>
         <a class="indexterm" name="id363993"></a>
+        <a class="indexterm" name="id362514"></a>
+        <a class="indexterm" name="id362520"></a>
         You will need the <a class="ulink" href="http://www.padl.com" target="_top">PADL</a> <code class="literal">nss_ldap</code>
         tool set for this solution. Configure the <code class="filename">/etc/ldap.conf</code> file so it has
 …
                 Start the <code class="literal">nmbd</code>, <code class="literal">winbind</code>, and <code class="literal">smbd</code> daemons in the order shown.
                 </p></li></ol></div><p>
         <a class="indexterm" name="id364177"></a>
+        <a class="indexterm" name="id362704"></a>
         Follow the diagnostic procedures shown earlier in this chapter to identify success or failure of the join.
         In many cases a failure is indicated by a silent return to the command prompt with no indication of the
         reason for failure.
         </p></div><div class="sect3" title="IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension"><div class="titlepage"><div><div><h4 class="title"><a name="id364188"></a>IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</h4></div></div></div><p>
         <a class="indexterm" name="id364196"></a>
         <a class="indexterm" name="id364203"></a>
+        </p></div><div class="sect3" title="IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension"><div class="titlepage"><div><div><h4 class="title"><a name="id362716"></a>IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension</h4></div></div></div><p>
+        <a class="indexterm" name="id362724"></a>
+        <a class="indexterm" name="id362731"></a>
         The use of this method is messy. The information provided in this section is for guidance only
         and is very definitely not complete. This method does work; it is used in a number of large sites
 …
         </p><p>
         An example <code class="filename">smb.conf</code> file is shown in <a class="link" href="unixclients.html#sbewinbindex" title="Example 7.10. ADS Membership Using RFC2307bis Identity Resolution smb.conf File">&#8220;ADS Membership Using RFC2307bis Identity Resolution smb.conf File&#8221;</a>.
         </p><div class="example"><a name="sbewinbindex"></a><p class="title"><b>Example 7.10. ADS Membership Using RFC2307bis Identity Resolution <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id364262"></a><em class="parameter"><code>workgroup = BUBBAH</code></em></td></tr><tr><td><a class="indexterm" name="id364274"></a><em class="parameter"><code>netbios name = MADMAX</code></em></td></tr><tr><td><a class="indexterm" name="id364285"></a><em class="parameter"><code>realm = BUBBAH.COM</code></em></td></tr><tr><td><a class="indexterm" name="id364297"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id364308"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id364320"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id364331"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id364343"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id364355"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id364366"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id364378"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
         <a class="indexterm" name="id364393"></a>
+        </p><div class="example"><a name="sbewinbindex"></a><p class="title"><b>Example 7.10. ADS Membership Using RFC2307bis Identity Resolution <code class="filename">smb.conf</code> File</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id362790"></a><em class="parameter"><code>workgroup = BUBBAH</code></em></td></tr><tr><td><a class="indexterm" name="id362801"></a><em class="parameter"><code>netbios name = MADMAX</code></em></td></tr><tr><td><a class="indexterm" name="id362813"></a><em class="parameter"><code>realm = BUBBAH.COM</code></em></td></tr><tr><td><a class="indexterm" name="id362824"></a><em class="parameter"><code>server string = Samba Server</code></em></td></tr><tr><td><a class="indexterm" name="id362836"></a><em class="parameter"><code>security = ADS</code></em></td></tr><tr><td><a class="indexterm" name="id362847"></a><em class="parameter"><code>idmap uid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id362859"></a><em class="parameter"><code>idmap gid = 150000-550000</code></em></td></tr><tr><td><a class="indexterm" name="id362870"></a><em class="parameter"><code>template shell = /bin/bash</code></em></td></tr><tr><td><a class="indexterm" name="id362882"></a><em class="parameter"><code>winbind use default domain = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id362894"></a><em class="parameter"><code>winbind trusted domains only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id362906"></a><em class="parameter"><code>winbind nested groups = Yes</code></em></td></tr></table></div></div><br class="example-break"><p>
+        <a class="indexterm" name="id362920"></a>
         The DMS must be joined to the domain using the usual procedure. Additionally, it is necessary
         to build and install the PADL nss_ldap tool set. Be sure to build this tool set with the
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id364411"></a>
+        <a class="indexterm" name="id362938"></a>
         The following <code class="filename">/etc/nsswitch.conf</code> file contents are required:
 </p><pre class="screen">
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id364434"></a>
         <a class="indexterm" name="id364441"></a>
+        <a class="indexterm" name="id362961"></a>
+        <a class="indexterm" name="id362968"></a>
         The <code class="filename">/etc/ldap.conf</code> file must be configured also. Refer to the PADL documentation
         and source code for nss_ldap instructions.
 …
         The next step involves preparation on the ADS schema. This is briefly discussed in the remaining
         part of this chapter.
         </p><div class="sect4" title="IDMAP, Active Directory, and MS Services for UNIX 3.5"><div class="titlepage"><div><div><h5 class="title"><a name="id364460"></a>IDMAP, Active Directory, and MS Services for UNIX 3.5</h5></div></div></div><p>
                 <a class="indexterm" name="id364468"></a>
+        </p><div class="sect4" title="IDMAP, Active Directory, and MS Services for UNIX 3.5"><div class="titlepage"><div><div><h5 class="title"><a name="id362988"></a>IDMAP, Active Directory, and MS Services for UNIX 3.5</h5></div></div></div><p>
+                <a class="indexterm" name="id362996"></a>
                 The Microsoft Windows Service for UNIX version 3.5 is available for free
                 <a class="ulink" href="http://www.microsoft.com/windows/sfu/" target="_top">download</a>
                 from the Microsoft Web site. You will need to download this tool and install it following
                 Microsoft instructions.
                 </p></div><div class="sect4" title="IDMAP, Active Directory, and AD4UNIX"><div class="titlepage"><div><div><h5 class="title"><a name="id364486"></a>IDMAP, Active Directory, and AD4UNIX</h5></div></div></div><p>
+                </p></div><div class="sect4" title="IDMAP, Active Directory, and AD4UNIX"><div class="titlepage"><div><div><h5 class="title"><a name="id363013"></a>IDMAP, Active Directory, and AD4UNIX</h5></div></div></div><p>
                 Instructions for obtaining and installing the AD4UNIX tool set can be found from the
                 <a class="ulink" href="http://www.geekcomix.com/cgi-bin/classnotes/wiki.pl?LDAP01/An_Alternative_Approach" target="_top">
                 Geekcomix</a> Web site.
                 </p></div></div></div><div class="sect2" title="UNIX/Linux Client Domain Member"><div class="titlepage"><div><div><h3 class="title"><a name="id364506"></a>UNIX/Linux Client Domain Member</h3></div></div></div><p><a class="indexterm" name="id364512"></a>
+                </p></div></div></div><div class="sect2" title="UNIX/Linux Client Domain Member"><div class="titlepage"><div><div><h3 class="title"><a name="id363033"></a>UNIX/Linux Client Domain Member</h3></div></div></div><p><a class="indexterm" name="id363040"></a>
         So far this chapter has been mainly concerned with the provision of file and print
         services for domain member servers. However, an increasing number of UNIX/Linux
 …
         other than a single desktop user. The key demand for desktop systems is to be able
         to log onto any UNIX/Linux or Windows desktop using the same network user credentials.
         </p><p><a class="indexterm" name="id364527"></a>
+        </p><p><a class="indexterm" name="id363054"></a>
         The ability to use a common set of user credential across a variety of network systems
         is generally regarded as a single sign-on (SSO) solution. SSO systems are sold by a
 …
                 </p></li><li class="listitem"><p>
                 Replacement authentication systems
                 </p></li></ul></div><p><a class="indexterm" name="id364566"></a>
+                </p></li></ul></div><p><a class="indexterm" name="id363093"></a>
         There are really four solutions that provide integrated authentication and
         user identity management facilities:
 …
         support via Samba-3.
         </p><p>
         <a class="indexterm" name="id364633"></a>
+        <a class="indexterm" name="id363160"></a>
         On the other hand, if the authentication and identity resolution backend must be provided by
         a Windows NT4-style domain or from an Active Directory Domain that does not have the Microsoft
 …
         situations now follows.
         </p><p>
         <a class="indexterm" name="id364648"></a>
         <a class="indexterm" name="id364655"></a>
         <a class="indexterm" name="id364662"></a>
+        <a class="indexterm" name="id363176"></a>
+        <a class="indexterm" name="id363182"></a>
+        <a class="indexterm" name="id363189"></a>
         To permit users to log on to a Linux system using Windows network credentials, you need to
         configure identity resolution (NSS) and PAM. This means that the basic steps include those
 …
         of shares and printers is generally less important. Often this allows the share specifications
         to be entirely removed from the <code class="filename">smb.conf</code> file. That is obviously an administrator decision.
         </p><div class="sect3" title="NT4 Domain Member"><div class="titlepage"><div><div><h4 class="title"><a name="id364680"></a>NT4 Domain Member</h4></div></div></div><p>
+        </p><div class="sect3" title="NT4 Domain Member"><div class="titlepage"><div><div><h4 class="title"><a name="id363208"></a>NT4 Domain Member</h4></div></div></div><p>
                 The following steps provide a Linux system that users can log onto using
                 Windows NT4 (or Samba-3) domain network credentials:
 …
                         Edit only one file at a time. Carefully validate its operation before attempting
                         to reboot the machine.
                         </p></li></ol></div></div><div class="sect3" title="ADS Domain Member"><div class="titlepage"><div><div><h4 class="title"><a name="id364792"></a>ADS Domain Member</h4></div></div></div><p>
+                        </p></li></ol></div></div><div class="sect3" title="ADS Domain Member"><div class="titlepage"><div><div><h4 class="title"><a name="id363318"></a>ADS Domain Member</h4></div></div></div><p>
                 This procedure should be followed to permit a Linux network client (workstation/desktop)
                 to permit users to log on using Microsoft Active Directory-based user credentials.
 …
 session     sufficient    /lib/security/$ISA/pam_unix.so
 session     sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
 </pre></div></div><br class="example-break"></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id365002"></a>Key Points Learned</h3></div></div></div><p>
+</pre></div></div><br class="example-break"></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id363529"></a>Key Points Learned</h3></div></div></div><p>
                 The addition of UNIX/Linux Samba servers and clients is a common requirement. In this chapter, you
                 learned how to integrate such servers so that the UID/GID mappings they use can be consistent
 …
                         On NSS/PAM enabled UNIX/Linux systems, NSS is responsible for identity management
                         and PAM is responsible for authentication of logon credentials (username and password).
                         </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id365047"></a>Questions and Answers</h2></div></div></div><p>
+                        </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id363573"></a>Questions and Answers</h2></div></div></div><p>
         The following questions were obtained from the mailing list and also from private discussions
         with Windows network administrators.
         </p><div class="qandaset" title="Frequently Asked Questions"><a name="id365057"></a><dl><dt> <a href="unixclients.html#id365063">
+        </p><div class="qandaset" title="Frequently Asked Questions"><a name="id363583"></a><dl><dt> <a href="unixclients.html#id363590">
                 We use NIS for all UNIX accounts. Why do we need winbind?
                 </a></dt><dt> <a href="unixclients.html#id365171">
+                </a></dt><dt> <a href="unixclients.html#id363697">
                 Our IT management people do not like LDAP but are looking at Microsoft Active Directory.
               Which is better?
                 </a></dt><dt> <a href="unixclients.html#id365244">
+                </a></dt><dt> <a href="unixclients.html#id363771">
                 We want to implement a Samba PDC, four Samba BDCs, and 10 Samba servers. Is it possible
                 to use NIS in place of LDAP?
                 </a></dt><dt> <a href="unixclients.html#id365348">
+                </a></dt><dt> <a href="unixclients.html#id363875">
                 Are you suggesting that users should not log on to a domain member server? If so, why?
                 </a></dt><dt> <a href="unixclients.html#id365457">
+                </a></dt><dt> <a href="unixclients.html#id363984">
                 We want to ensure that only users from our own domain plus from trusted domains can use our
                 Samba servers. In the smb.conf file on all servers, we have enabled the winbind
 …
                 cannot access our servers, and users from Windows clients that are not domain members
                 can also access our servers. Is this a Samba bug?
                 </a></dt><dt> <a href="unixclients.html#id365622">
+                </a></dt><dt> <a href="unixclients.html#id364148">
                 What are the benefits of using LDAP for my domain member servers?
                 </a></dt><dt> <a href="unixclients.html#id365797">
+                </a></dt><dt> <a href="unixclients.html#id364323">
                 Is proper DNS operation necessary for Samba-3 plus LDAP? If so, what must I put into
                 my DNS configuration?
                 </a></dt><dt> <a href="unixclients.html#id365944">
+                </a></dt><dt> <a href="unixclients.html#id364471">
                 Our Windows 2003 Server Active Directory domain runs with NetBIOS disabled. Can we
                 use Samba-3 with that configuration?
                 </a></dt><dt> <a href="unixclients.html#id365962">
+                </a></dt><dt> <a href="unixclients.html#id364488">
                 When I tried to execute net ads join, I got no output. It did not work, so
                 I think that it failed. I then executed net rpc join and that worked fine.
                 That is okay, isn't it?
                 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id365063"></a><a name="id365066"></a></td><td align="left" valign="top"><p>
+                </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id363590"></a><a name="id363592"></a></td><td align="left" valign="top"><p>
                 We use NIS for all UNIX accounts. Why do we need winbind?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 <a class="indexterm" name="id365077"></a>
                 <a class="indexterm" name="id365083"></a>
                 <a class="indexterm" name="id365090"></a>
                 <a class="indexterm" name="id365097"></a>
                 <a class="indexterm" name="id365104"></a>
                 <a class="indexterm" name="id365111"></a>
+                <a class="indexterm" name="id363603"></a>
+                <a class="indexterm" name="id363610"></a>
+                <a class="indexterm" name="id363617"></a>
+                <a class="indexterm" name="id363624"></a>
+                <a class="indexterm" name="id363630"></a>
+                <a class="indexterm" name="id363637"></a>
                 You can use NIS for your UNIX accounts. NIS does not store the Windows encrypted
                 passwords that need to be stored in one of the acceptable passdb backends.
 …
                 SIDs from trusted domains to local UID/GID values.
                 </p><p>
                 <a class="indexterm" name="id365135"></a>
                 <a class="indexterm" name="id365142"></a>
+                <a class="indexterm" name="id363662"></a>
+                <a class="indexterm" name="id363669"></a>
                 On a domain member server, you effectively map Windows domain users to local users
                 that are in your NIS database by specifying the <em class="parameter"><code>winbind trusted domains
 …
                 </p><p>
                 As a general rule, it is always a good idea to run winbind on all Samba servers.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365171"></a><a name="id365173"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id363697"></a><a name="id363700"></a></td><td align="left" valign="top"><p>
                 Our IT management people do not like LDAP but are looking at Microsoft Active Directory.
               Which is better?<a class="indexterm" name="id365178"></a>
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365193"></a><a class="indexterm" name="id365204"></a><a class="indexterm" name="id365212"></a>
+              Which is better?<a class="indexterm" name="id363705"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id363719"></a><a class="indexterm" name="id363730"></a><a class="indexterm" name="id363738"></a>
                 Microsoft Active Directory is an LDAP server that is intricately tied to a Kerberos
                 infrastructure. Most IT managers who object to LDAP do so because
 …
                 devise the backup and recovery facilities in a site-dependent manner. LDAP servers
                 in general are seen as a high-energy, high-risk facility.
                 </p><p><a class="indexterm" name="id365227"></a>
+                </p><p><a class="indexterm" name="id363754"></a>
                 Microsoft Active Directory by comparison is easy to install and configure and
                 is supplied with all tools necessary to implement and manage the directory. For sites
 …
                 consider the options. On the other hand, if management just wants a solution that works,
                 Microsoft Active Directory is a good solution.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365244"></a><a name="id365247"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id363771"></a><a name="id363773"></a></td><td align="left" valign="top"><p>
                 We want to implement a Samba PDC, four Samba BDCs, and 10 Samba servers. Is it possible
                 to use NIS in place of LDAP?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365257"></a><a class="indexterm" name="id365265"></a><a class="indexterm" name="id365273"></a><a class="indexterm" name="id365281"></a><a class="indexterm" name="id365289"></a><a class="indexterm" name="id365296"></a><a class="indexterm" name="id365304"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id363784"></a><a class="indexterm" name="id363792"></a><a class="indexterm" name="id363799"></a><a class="indexterm" name="id363807"></a><a class="indexterm" name="id363815"></a><a class="indexterm" name="id363823"></a><a class="indexterm" name="id363831"></a>
                 Yes, it is possible to use NIS in place of LDAP, but there may be problems with keeping
                 the Windows (SMB) encrypted passwords database correctly synchronized across the entire
 …
                 membership secure account password. How can you keep changes that are on remote BDCs
                 synchronized on the PDC?
                 </p><p><a class="indexterm" name="id365318"></a><a class="indexterm" name="id365326"></a><a class="indexterm" name="id365334"></a>
+                </p><p><a class="indexterm" name="id363845"></a><a class="indexterm" name="id363853"></a><a class="indexterm" name="id363860"></a>
                 LDAP is a more elegant solution because it permits centralized storage and management
                 of all network identities (user, group, and machine accounts) together with all information
                 Samba needs to provide to network clients and their users.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365348"></a><a name="id365350"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id363875"></a><a name="id363877"></a></td><td align="left" valign="top"><p>
                 Are you suggesting that users should not log on to a domain member server? If so, why?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365361"></a><a class="indexterm" name="id365369"></a><a class="indexterm" name="id365380"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id363887"></a><a class="indexterm" name="id363895"></a><a class="indexterm" name="id363907"></a>
                 Many UNIX administrators mock the model that the personal computer industry has adopted
                 as normative since the early days of Novell NetWare. The old
 …
                 fears concerning the security and integrity of data. It was a simple and generally
                 effective measure to keep users away from servers, except through mapped drives.
                 </p><p><a class="indexterm" name="id365395"></a><a class="indexterm" name="id365403"></a><a class="indexterm" name="id365410"></a><a class="indexterm" name="id365418"></a><a class="indexterm" name="id365426"></a>
+                </p><p><a class="indexterm" name="id363921"></a><a class="indexterm" name="id363929"></a><a class="indexterm" name="id363937"></a><a class="indexterm" name="id363945"></a><a class="indexterm" name="id363953"></a>
                 UNIX administrators are fully correct in asserting that UNIX servers and workstations
                 are identical in terms of the software that is installed. They correctly assert that
 …
                 Only then can one begin to appraise the best strategy and adopt a site-specific
                 policy that best protects the needs of users and of the organization alike.
                 </p><p><a class="indexterm" name="id365443"></a>
+                </p><p><a class="indexterm" name="id363969"></a>
                 From experience, it is my recommendation to keep general system-level logins to a
                 practical minimum and to eliminate them if possible. This should not be taken as a
                 hard rule, though. The better question is, what works best for the site?
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365457"></a><a name="id365459"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id365462"></a><a class="indexterm" name="id365470"></a><a class="indexterm" name="id365482"></a><a class="indexterm" name="id365490"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id363984"></a><a name="id363986"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id363989"></a><a class="indexterm" name="id363997"></a><a class="indexterm" name="id364008"></a><a class="indexterm" name="id364016"></a>
                 We want to ensure that only users from our own domain plus from trusted domains can use our
                 Samba servers. In the <code class="filename">smb.conf</code> file on all servers, we have enabled the <em class="parameter"><code>winbind
 …
                 cannot access our servers, and users from Windows clients that are not domain members
                 can also access our servers. Is this a Samba bug?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365519"></a><a class="indexterm" name="id365527"></a><a class="indexterm" name="id365534"></a><a class="indexterm" name="id365542"></a><a class="indexterm" name="id365550"></a><a class="indexterm" name="id365558"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id364045"></a><a class="indexterm" name="id364053"></a><a class="indexterm" name="id364061"></a><a class="indexterm" name="id364069"></a><a class="indexterm" name="id364077"></a><a class="indexterm" name="id364084"></a>
                 The manual page for this <em class="parameter"><code>winbind trusted domains only</code></em> parameter says,
                 <span class="quote">&#8220;<span class="quote">This parameter is designed to allow Samba servers that are members of a Samba-controlled
 …
                 of allocating a new UID for him or her.</span>&#8221;</span> This clearly suggests that you are trying
                 to use this parameter inappropriately.
                 </p><p><a class="indexterm" name="id365596"></a>
+                </p><p><a class="indexterm" name="id364122"></a>
                 A far better solution is to use the <em class="parameter"><code>valid users</code></em> by specifying
                 precisely the domain users and groups that should be permitted access to the shares. You could,
 …
         valid users = @"Domain Users", @"OTHERDOMAIN\Domain Users"
 </pre><p>
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365622"></a><a name="id365624"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id364148"></a><a name="id364150"></a></td><td align="left" valign="top"><p>
                 What are the benefits of using LDAP for my domain member servers?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365634"></a><a class="indexterm" name="id365642"></a><a class="indexterm" name="id365650"></a><a class="indexterm" name="id365657"></a><a class="indexterm" name="id365665"></a><a class="indexterm" name="id365673"></a><a class="indexterm" name="id365681"></a><a class="indexterm" name="id365689"></a><a class="indexterm" name="id365696"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id364161"></a><a class="indexterm" name="id364168"></a><a class="indexterm" name="id364176"></a><a class="indexterm" name="id364184"></a><a class="indexterm" name="id364192"></a><a class="indexterm" name="id364199"></a><a class="indexterm" name="id364207"></a><a class="indexterm" name="id364215"></a><a class="indexterm" name="id364223"></a>
                 The key benefit of using LDAP is that the UID of all users and the GID of all groups
                 are globally consistent on domain controllers as well as on domain member servers.
                 This means that it is possible to copy/replicate files across servers without
                 loss of identity.
                 </p><p><a class="indexterm" name="id365710"></a><a class="indexterm" name="id365718"></a><a class="indexterm" name="id365726"></a><a class="indexterm" name="id365734"></a><a class="indexterm" name="id365741"></a><a class="indexterm" name="id365749"></a><a class="indexterm" name="id365761"></a><a class="indexterm" name="id365768"></a>
+                </p><p><a class="indexterm" name="id364236"></a><a class="indexterm" name="id364244"></a><a class="indexterm" name="id364252"></a><a class="indexterm" name="id364260"></a><a class="indexterm" name="id364268"></a><a class="indexterm" name="id364276"></a><a class="indexterm" name="id364287"></a><a class="indexterm" name="id364295"></a>
                 When use is made of account identity resolution via winbind, even when an IDMAP backend
                 is stored in LDAP, the UID/GID on domain member servers is consistent, but differs
 …
                 idmap uid/gid</code></em> in the <code class="filename">smb.conf</code> file. On domain controllers, the UID/GID is
                 that of the POSIX value assigned in the LDAP directory as part of the POSIX account information.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365797"></a><a name="id365799"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id364323"></a><a name="id364325"></a></td><td align="left" valign="top"><p>
                 Is proper DNS operation necessary for Samba-3 plus LDAP? If so, what must I put into
                 my DNS configuration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id365810"></a><a class="indexterm" name="id365821"></a><a class="indexterm" name="id365832"></a><a class="indexterm" name="id365840"></a><a class="indexterm" name="id365847"></a><a class="indexterm" name="id365855"></a><a class="indexterm" name="id365863"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id364336"></a><a class="indexterm" name="id364347"></a><a class="indexterm" name="id364358"></a><a class="indexterm" name="id364366"></a><a class="indexterm" name="id364374"></a><a class="indexterm" name="id364382"></a><a class="indexterm" name="id364389"></a>
                 Samba depends on correctly functioning resolution of hostnames to their IP address. Samba
                 makes no direct DNS lookup calls, but rather redirects all name-to-address calls via the
 …
                 If this fails to resolve, it attempts a DNS lookup, and if that fails, it tries a
                 WINS lookup.
                 </p><p><a class="indexterm" name="id365913"></a><a class="indexterm" name="id365920"></a><a class="indexterm" name="id365928"></a>
+                </p><p><a class="indexterm" name="id364439"></a><a class="indexterm" name="id364447"></a><a class="indexterm" name="id364455"></a>
                 The addition of the WINS-based name lookup makes sense only if NetBIOS over TCP/IP has
                 been enabled on all Windows clients. Where NetBIOS over TCP/IP has been disabled, DNS
 …
                 case, the Windows 200x autoregisters all locator records it needs with its own DNS
                 server or servers.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365944"></a><a name="id365947"></a></td><td align="left" valign="top"><p>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id364471"></a><a name="id364473"></a></td><td align="left" valign="top"><p>
                 Our Windows 2003 Server Active Directory domain runs with NetBIOS disabled. Can we
                 use Samba-3 with that configuration?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
                 Yes.
                 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id365962"></a><a name="id365964"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id365967"></a><a class="indexterm" name="id365982"></a>
+                </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id364488"></a><a name="id364491"></a></td><td align="left" valign="top"><p><a class="indexterm" name="id364494"></a><a class="indexterm" name="id364508"></a>
                 When I tried to execute net ads join, I got no output. It did not work, so
                 I think that it failed. I then executed net rpc join and that worked fine.
                 That is okay, isn't it?
                 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id366004"></a><a class="indexterm" name="id366012"></a>
+                </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id364530"></a><a class="indexterm" name="id364538"></a>
                 No. This is not okay. It means that your Samba-3 client has joined the ADS domain as
                 a Windows NT4 client, and Samba-3 will not be using Kerberos-based authentication.

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/upgrades.html

-              r599
+              r739
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 8. Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id366117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>
 <a class="indexterm" name="id366043"></a>
 <a class="indexterm" name="id366050"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 8. Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id364642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id364726">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id365940">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366596">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id366712">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366809">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366993">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367371">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>
+<a class="indexterm" name="id364568"></a>
+<a class="indexterm" name="id364575"></a>
 It was a little difficult to select an appropriate title for this chapter.
 From email messages on the Samba mailing lists it is clear that many people
 …
 installing a new Samba server to replace an older existing Samba server.
 </p><p>
 <a class="indexterm" name="id366063"></a>
 <a class="indexterm" name="id366070"></a>
+<a class="indexterm" name="id364588"></a>
+<a class="indexterm" name="id364595"></a>
 There has also been much talk about migration of Samba-3 from an smbpasswd
 passdb backend to the use of the tdbsam or ldapsam facilities that are new
 …
 highlighted by an email posting that included the following neat remark:
 </p><div class="blockquote"><blockquote class="blockquote"><p>
 <a class="indexterm" name="id366088"></a>
+<a class="indexterm" name="id364613"></a>
 I like the <span class="quote">&#8220;<span class="quote">net rpc vampire</span>&#8221;</span> on NT4, but that to my surprise does
 not seem to work against a Samba PDC and, if addressed in the Samba to Samba
 context in either book, I could not find it.
 </p></blockquote></div><p>
 <a class="indexterm" name="id366107"></a>
+<a class="indexterm" name="id364633"></a>
 So in response to the significant request for these situations to be better
 documented, this chapter has now been added. User contributions and documentation
 of real-world experiences are a most welcome addition to this chapter.
 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id366117"></a>Introduction</h2></div></div></div><p>
 <a class="indexterm" name="id366125"></a>
 <a class="indexterm" name="id366131"></a>
 <a class="indexterm" name="id366138"></a>
+</p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id364642"></a>Introduction</h2></div></div></div><p>
+<a class="indexterm" name="id364650"></a>
+<a class="indexterm" name="id364657"></a>
+<a class="indexterm" name="id364664"></a>
 A Windows network administrator explained in an email what changes he was
 planning to make and followed with the question: <span class="quote">&#8220;<span class="quote">Anyone done this
 …
 productivity on them.
 </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
 <a class="indexterm" name="id366163"></a>
 <a class="indexterm" name="id366170"></a>
+<a class="indexterm" name="id364688"></a>
+<a class="indexterm" name="id364695"></a>
 Samba makes it possible to upgrade and update configuration files, but it
 is not possible to downgrade the configuration files. Please ensure that
 …
 in the rare event that this may be necessary.
 </p></div><p>
 <a class="indexterm" name="id366182"></a>
 <a class="indexterm" name="id366189"></a>
+<a class="indexterm" name="id364708"></a>
+<a class="indexterm" name="id364714"></a>
 It is prudent also to backup all data files on the server before attempting
 to perform a major upgrade. Many administrators have experienced the consequences
 …
 the precautions taken were inadequate. If a backup was not needed, but was available,
 caution was on the side of the victor.
 </p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id366200"></a>Cautions and Notes</h3></div></div></div><p>
+</p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id364726"></a>Cautions and Notes</h3></div></div></div><p>
         Someone once said, <span class="quote">&#8220;<span class="quote">It is good to be sorry, but better never to need to be!</span>&#8221;</span>
         These are wise words of advice to those contemplating a Samba upgrade or update.
         </p><p>
         <a class="indexterm" name="id366216"></a>
         <a class="indexterm" name="id366223"></a>
         <a class="indexterm" name="id366230"></a>
+        <a class="indexterm" name="id364742"></a>
+        <a class="indexterm" name="id364749"></a>
+        <a class="indexterm" name="id364755"></a>
         This is as good a time as any to define the terms <code class="constant">upgrade</code> and
         <code class="constant">update</code>. The term <code class="constant">upgrade</code> refers to
 …
         is in development.
         </p><p>
         <a class="indexterm" name="id366254"></a>
+        <a class="indexterm" name="id364779"></a>
         The term <code class="constant">update</code> refers to a minor version number installation
         in place of one of the same generation. For example, updating from Samba 3.0.10 to 3.0.14
         is an update. The move from Samba 2.0.7 to 3.0.14 is an upgrade.
         </p><p>
         <a class="indexterm" name="id366269"></a>
+        <a class="indexterm" name="id364795"></a>
         While the use of these terms is an exercise in semantics, what needs to be realized
         is that there are major functional differences between a Samba 2.x release and a Samba
 …
         noone can read it!</span>&#8221;</span> While true, some documentation is an evil necessity.
         It is hoped that this update to the documentation will avoid both extremes.
         </p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id366291"></a>Security Identifiers (SIDs)</h4></div></div></div><p>
         <a class="indexterm" name="id366298"></a>
         <a class="indexterm" name="id366308"></a>
         <a class="indexterm" name="id366315"></a>
         <a class="indexterm" name="id366322"></a>
         <a class="indexterm" name="id366328"></a>
         <a class="indexterm" name="id366337"></a>
+        </p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id364816"></a>Security Identifiers (SIDs)</h4></div></div></div><p>
+        <a class="indexterm" name="id364824"></a>
+        <a class="indexterm" name="id364833"></a>
+        <a class="indexterm" name="id364840"></a>
+        <a class="indexterm" name="id364847"></a>
+        <a class="indexterm" name="id364854"></a>
+        <a class="indexterm" name="id364863"></a>
         Before the days of Windows NT and OS/2, every Windows and DOS networking client
         that used the SMB protocols was an entirely autonomous entity. There was no concept
 …
         Windows NT 3.10.
         </p><p>
         <a class="indexterm" name="id366353"></a>
         <a class="indexterm" name="id366360"></a>
         <a class="indexterm" name="id366367"></a>
         <a class="indexterm" name="id366374"></a>
         <a class="indexterm" name="id366380"></a>
         <a class="indexterm" name="id366387"></a>
+        <a class="indexterm" name="id364879"></a>
+        <a class="indexterm" name="id364886"></a>
+        <a class="indexterm" name="id364893"></a>
+        <a class="indexterm" name="id364900"></a>
+        <a class="indexterm" name="id364906"></a>
+        <a class="indexterm" name="id364913"></a>
         Versions of Samba prior to 1.9 did not make use of a SID. Instead they make exclusive use
         of the username that is embedded in the SessionSetUpAndX component of the connection
         setup process between a Windows client and an SMB/CIFS server.
         </p><p>
         <a class="indexterm" name="id366402"></a>
         <a class="indexterm" name="id366409"></a>
         <a class="indexterm" name="id366415"></a>
+        <a class="indexterm" name="id364927"></a>
+        <a class="indexterm" name="id364934"></a>
+        <a class="indexterm" name="id364941"></a>
         Around November 1997 support was added to Samba-1.9 to handle the Windows security
         RPC-based protocols that implemented support for Samba to store a machine SID. This
         information was stored in a file called <code class="filename">MACHINE.SID.</code>
         </p><p>
         <a class="indexterm" name="id366433"></a>
         <a class="indexterm" name="id366440"></a>
         <a class="indexterm" name="id366446"></a>
+        <a class="indexterm" name="id364958"></a>
+        <a class="indexterm" name="id364965"></a>
+        <a class="indexterm" name="id364972"></a>
         Within the lifetime of the early Samba 2.x series, the machine SID information was
         relocated into a tdb file called <code class="filename">secrets.tdb</code>, which is where
 …
         local machine and its role within a domain security context.
         </p><p>
         <a class="indexterm" name="id366464"></a>
         <a class="indexterm" name="id366474"></a>
         <a class="indexterm" name="id366483"></a>
         <a class="indexterm" name="id366489"></a>
+        <a class="indexterm" name="id364990"></a>
+        <a class="indexterm" name="id364999"></a>
+        <a class="indexterm" name="id365008"></a>
+        <a class="indexterm" name="id365015"></a>
         There are two types of SID, those pertaining to the machine itself and the domain to
         which it may belong, and those pertaining to users and groups within the security
 …
         servers (DMS).
         </p><p>
         <a class="indexterm" name="id366501"></a>
         <a class="indexterm" name="id366508"></a>
         <a class="indexterm" name="id366515"></a>
         <a class="indexterm" name="id366522"></a>
         <a class="indexterm" name="id366529"></a>
         <a class="indexterm" name="id366535"></a>
+        <a class="indexterm" name="id365027"></a>
+        <a class="indexterm" name="id365034"></a>
+        <a class="indexterm" name="id365041"></a>
+        <a class="indexterm" name="id365048"></a>
+        <a class="indexterm" name="id365055"></a>
+        <a class="indexterm" name="id365061"></a>
         When the Samba <code class="literal">smbd</code> daemon is first started, if the <code class="filename">secrets.tdb</code>
         file does not exist, it is created at the first client connection attempt. If this file does
 …
         (hostname) and domain name (workgroup), it will be different.
         </p><p>
         <a class="indexterm" name="id366580"></a>
+        <a class="indexterm" name="id365106"></a>
         The SID is the key used by MS Windows networking for all networking operations. This means
         that when the machine or domain SID changes, all security-encoded objects such as profiles
 …
         be restored to its previous value.
         </p></div><p>
         <a class="indexterm" name="id366598"></a>
         <a class="indexterm" name="id366604"></a>
         <a class="indexterm" name="id366611"></a>
         <a class="indexterm" name="id366617"></a>
         <a class="indexterm" name="id366624"></a>
         <a class="indexterm" name="id366631"></a>
         <a class="indexterm" name="id366638"></a>
         <a class="indexterm" name="id366645"></a>
         <a class="indexterm" name="id366651"></a>
         <a class="indexterm" name="id366658"></a>
+        <a class="indexterm" name="id365124"></a>
+        <a class="indexterm" name="id365131"></a>
+        <a class="indexterm" name="id365137"></a>
+        <a class="indexterm" name="id365144"></a>
+        <a class="indexterm" name="id365151"></a>
+        <a class="indexterm" name="id365157"></a>
+        <a class="indexterm" name="id365164"></a>
+        <a class="indexterm" name="id365171"></a>
+        <a class="indexterm" name="id365178"></a>
+        <a class="indexterm" name="id365184"></a>
         In Samba-3 on a domain controller (PDC or BDC), the domain name controls the domain
         SID. On all prior versions the hostname (computer name, or NetBIOS name) controlled
         the SID. On a standalone server the hostname still controls the SID.
         </p><p>
         <a class="indexterm" name="id366670"></a>
         <a class="indexterm" name="id366679"></a>
+        <a class="indexterm" name="id365196"></a>
+        <a class="indexterm" name="id365205"></a>
         The local machine SID can be backed up using this procedure (Samba-3):
 </p><pre class="screen">
 …
         This is not a reversible process  it is a one-way upgrade.
         </p><p>
         <a class="indexterm" name="id366761"></a>
+        <a class="indexterm" name="id365287"></a>
         In the course of the Samba 2.0.x series the <code class="literal">smbpasswd</code> was modified to
         permit the domain SID to be captured to the <code class="filename">secrets.tdb</code> file by executing:
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id366829"></a>
         <a class="indexterm" name="id366835"></a>
+        <a class="indexterm" name="id365355"></a>
+        <a class="indexterm" name="id365362"></a>
         Domain security information, which includes the domain SID, can be obtained from Samba-2.2.x
         systems by executing:
 …
         case it is ever needed at a later date.
         </p><p>
         <a class="indexterm" name="id366877"></a>
         <a class="indexterm" name="id366884"></a>
         <a class="indexterm" name="id366891"></a>
+        <a class="indexterm" name="id365404"></a>
+        <a class="indexterm" name="id365410"></a>
+        <a class="indexterm" name="id365417"></a>
         Take note that the domain SID is used extensively in Samba. Where LDAP is used for the
         <em class="parameter"><code>passdb backend</code></em>, all user, group, and trust accounts are encoded
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id366922"></a>
         <a class="indexterm" name="id366929"></a>
         <a class="indexterm" name="id366936"></a>
+        <a class="indexterm" name="id365449"></a>
+        <a class="indexterm" name="id365455"></a>
+        <a class="indexterm" name="id365462"></a>
         When the domain SID has changed, roaming profiles cease to be functional. The recovery
         of roaming profiles necessitates resetting of the domain portion of the user SID
 …
         addressed to the creator of the RPM package. The Samba Team do their best to make
         available all the tools needed to manage a Samba-based Windows networking environment.
         </p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id366964"></a>Change of hostname</h4></div></div></div><p>
         <a class="indexterm" name="id366972"></a>
         <a class="indexterm" name="id366981"></a>
+        </p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id365491"></a>Change of hostname</h4></div></div></div><p>
+        <a class="indexterm" name="id365499"></a>
+        <a class="indexterm" name="id365508"></a>
         Samba uses two methods by which the primary NetBIOS machine name (also known as a computer
         name or the hostname) may be determined: If the <code class="filename">smb.conf</code> file contains a
 …
         is changed, be sure to reset the machine SID to the original setting. Otherwise
         there may be serious interoperability and/or operational problems.
         </p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id367023"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>
         <a class="indexterm" name="id367030"></a>
+        </p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id365549"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>
+        <a class="indexterm" name="id365557"></a>
         The domain name of a Samba server is identical to the workgroup name and is
         set in the <code class="filename">smb.conf</code> file using the <em class="parameter"><code>workgroup</code></em> parameter.
         This has been consistent throughout the history of Samba and across all versions.
         </p><p>
         <a class="indexterm" name="id367054"></a>
+        <a class="indexterm" name="id365580"></a>
         Be aware that when the workgroup name is changed, a new SID will be generated.
         The old domain SID can be reset using the procedure outlined earlier in this chapter.
 …
         for network administrators.
         </p><p>
         <a class="indexterm" name="id367081"></a>
+        <a class="indexterm" name="id365608"></a>
         The Samba 1.9.x <code class="filename">smb.conf</code> file may be found either in the <code class="filename">/etc</code>
         directory or in <code class="filename">/usr/local/samba/lib</code>.
 …
         remains located also for Samba 3.0.x installations.
         </p><p>
         <a class="indexterm" name="id367126"></a>
+        <a class="indexterm" name="id365653"></a>
         Samba 2.x introduced the <code class="filename">secrets.tdb</code> file that is also stored in the
         <code class="filename">/etc/samba</code> directory, or in the <code class="filename">/usr/local/samba/lib</code>
         directory subsystem.
         </p><p>
         <a class="indexterm" name="id367154"></a>
+        <a class="indexterm" name="id365681"></a>
         The location at which <code class="literal">smbd</code> expects to find all configuration and control
         files is determined at the time of compilation of Samba. For versions of Samba prior to
 …
         <code class="filename">/usr/local/samba/sbin</code>.
         </p><p>
         <a class="indexterm" name="id367209"></a>
+        <a class="indexterm" name="id365736"></a>
         Samba-3 provides a neat new way to track the location of all control files as well as to
         find the compile-time options used as the Samba package was built. Here  is how the dark
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id367238"></a>
+        <a class="indexterm" name="id365765"></a>
         It is important that both the <code class="filename">smb.conf</code> file and the <code class="filename">secrets.tdb</code>
         be backed up before attempting any upgrade. The <code class="filename">secrets.tdb</code> file
 …
         of Samba. A backup means that it is always possible to revert a failed or problematic
         upgrade.
         </p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id367266"></a>International Language Support</h4></div></div></div><p>
         <a class="indexterm" name="id367273"></a>
         <a class="indexterm" name="id367280"></a>
         <a class="indexterm" name="id367287"></a>
         <a class="indexterm" name="id367294"></a>
+        </p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id365792"></a>International Language Support</h4></div></div></div><p>
+        <a class="indexterm" name="id365800"></a>
+        <a class="indexterm" name="id365807"></a>
+        <a class="indexterm" name="id365814"></a>
+        <a class="indexterm" name="id365821"></a>
         Samba-2.x had no support for Unicode; instead, all national language character-set support in file names
         was done using particular locale codepage mapping techniques. Samba-3 supports Unicode in file names, thus
         providing true internationalization support.
         </p><p>
         <a class="indexterm" name="id367306"></a>
+        <a class="indexterm" name="id365833"></a>
         Non-English users whose national language character set has special characters and who upgrade naively will
         find that many files that have the special characters in the file name will see them garbled and jumbled up.
 …
         that was in use with Samba-2.x using an 8-bit encoding scheme.
         </p><p>
         <a class="indexterm" name="id367320"></a>
+        <a class="indexterm" name="id365846"></a>
         Files that are created with Samba-3 will use UTF-8 encoding. Should the file system ever end up with a
         mix of codepage (unix charset)-encoded file names and UTF-8-encoded file names, the mess will take some
         effort to set straight.
         </p><p>
         <a class="indexterm" name="id367332"></a>
+        <a class="indexterm" name="id365859"></a>
         A very helpful tool is available from Bjorn Jacke's <a class="ulink" href="http://j3e.de/linux/convmv/" target="_top">convmv</a>
         work. Convmv is a tool that can be used to convert file and directory names from one encoding method to
         another. The most common use for this tool is to convert locale-encoded files to UTF-8 Unicode encoding.
         </p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id367349"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id365876"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>
         The smbldap-tools have been maturing rapidly over the past year. With maturation comes change.
         The location of the <code class="filename">smbldap.conf</code> and the <code class="filename">smbldap_bind.conf</code>
 …
         current release should note that the information stored under <code class="constant">NextFreeUnixId</code>
         must now be relocated to the DIT object <code class="constant">sambaDomainName</code>.
         </p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id367413"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>
+        </p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id365940"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>
 Sites that are being upgraded from Samba-2 (or earlier versions) to Samba-3
 may experience little difficulty or may require a lot of effort, depending
 …
         Where it is necessary to upgrade an old Samba installation to Samba-3,
         the following procedure can be followed:
         </p><div class="procedure" title="Procedure 8.1. Upgrading from a Pre-Samba-3 Version"><a name="id367444"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 <a class="indexterm" name="id367455"></a>
                 <a class="indexterm" name="id367462"></a>
                 <a class="indexterm" name="id367468"></a>
+        </p><div class="procedure" title="Procedure 8.1. Upgrading from a Pre-Samba-3 Version"><a name="id365971"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id365982"></a>
+                <a class="indexterm" name="id365988"></a>
+                <a class="indexterm" name="id365995"></a>
                 Stop Samba. This can be done using the appropriate system tool
                 that is particular for each operating system or by executing the
 …
                 back it up to a safe location.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id367546"></a>
                 <a class="indexterm" name="id367553"></a>
                 <a class="indexterm" name="id367560"></a>
                 <a class="indexterm" name="id367567"></a>
+                <a class="indexterm" name="id366073"></a>
+                <a class="indexterm" name="id366080"></a>
+                <a class="indexterm" name="id366087"></a>
+                <a class="indexterm" name="id366094"></a>
                 Find the location of the lock directory. This is the directory
                 in which Samba stores all its tdb control files. The default
 …
                 tdb files to a safe location.
                 </p></li><li class="step" title="Step 6"><p>
                 <a class="indexterm" name="id367601"></a>
+                <a class="indexterm" name="id366128"></a>
                 It is now safe to upgrade the Samba installation. On Linux systems
                 it is not necessary to remove the Samba RPMs because a simple
 …
                 Do not change the workgroup name.
                 </p></li><li class="step" title="Step 10"><p>
                 <a class="indexterm" name="id367650"></a>
+                <a class="indexterm" name="id366178"></a>
                 Execute the <code class="literal">testparm</code> to validate the <code class="filename">smb.conf</code> file.
                 This process will flag any parameters that are no longer supported.
 …
 <code class="prompt">root# </code> testparm -s smb.conf.master &gt; smb.conf
 </pre><p>
         <a class="indexterm" name="id367704"></a>
+        <a class="indexterm" name="id366232"></a>
                 The resulting <code class="filename">smb.conf</code> file will be stripped of all comments
                 and of all nonconforming configuration settings.
                 </p></li><li class="step" title="Step 11"><p>
                 <a class="indexterm" name="id367725"></a>
+                <a class="indexterm" name="id366252"></a>
                 It is now safe to start Samba using the appropriate system tool.
                 Alternately, it is possible to just execute <code class="literal">nmbd</code>,
                 <code class="literal">smbd</code>, and <code class="literal">winbindd</code> for the command
                 line while logged in as the root user.
                 </p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id367754"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>
         <a class="indexterm" name="id367762"></a>
         <a class="indexterm" name="id367769"></a>
         <a class="indexterm" name="id367776"></a>
+                </p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id366282"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>
+        <a class="indexterm" name="id366290"></a>
+        <a class="indexterm" name="id366296"></a>
+        <a class="indexterm" name="id366303"></a>
         Samba 2.x servers that were running as a domain controller (PDC)
         require changes to the configuration of the scripting interface
 …
         users, groups, and trust accounts (machines and interdomain).
         </p><p>
         <a class="indexterm" name="id367788"></a>
+        <a class="indexterm" name="id366315"></a>
         The following parameters are new to Samba-3 and should be correctly configured.
         Please refer to <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> through <a class="link" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network">&#8220;A Distributed 2000-User Network&#8221;</a>
         in this book for examples of use of the new parameters shown here:
         <a class="indexterm" name="id367807"></a>
         <a class="indexterm" name="id367814"></a>
         <a class="indexterm" name="id367821"></a>
         <a class="indexterm" name="id367828"></a>
         <a class="indexterm" name="id367834"></a>
         <a class="indexterm" name="id367841"></a>
         <a class="indexterm" name="id367848"></a>
+        <a class="indexterm" name="id366335"></a>
+        <a class="indexterm" name="id366341"></a>
+        <a class="indexterm" name="id366348"></a>
+        <a class="indexterm" name="id366355"></a>
+        <a class="indexterm" name="id366362"></a>
+        <a class="indexterm" name="id366369"></a>
+        <a class="indexterm" name="id366376"></a>
         </p><p>
         </p><table border="0" summary="Simple list" class="simplelist"><tr><td>add group script</td></tr><tr><td>add machine script</td></tr><tr><td>add user to group script</td></tr><tr><td>delete group script</td></tr><tr><td>delete user from group script</td></tr><tr><td>passdb backend</td></tr><tr><td>set primary group script</td></tr></table><p>
         </p><p>
         <a class="indexterm" name="id367892"></a>
         <a class="indexterm" name="id367898"></a>
+        <a class="indexterm" name="id366419"></a>
+        <a class="indexterm" name="id366426"></a>
         The <em class="parameter"><code>add machine script</code></em> functionality was previously
         handled by the <em class="parameter"><code>add user script</code></em>, which in Samba-3 is
         used exclusively to add user accounts.
         </p><p>
         <a class="indexterm" name="id367921"></a>
         <a class="indexterm" name="id367928"></a>
         <a class="indexterm" name="id367935"></a>
         <a class="indexterm" name="id367942"></a>
         <a class="indexterm" name="id367948"></a>
         <a class="indexterm" name="id367955"></a>
         <a class="indexterm" name="id367962"></a>
         <a class="indexterm" name="id367969"></a>
         <a class="indexterm" name="id367976"></a>
+        <a class="indexterm" name="id366449"></a>
+        <a class="indexterm" name="id366456"></a>
+        <a class="indexterm" name="id366462"></a>
+        <a class="indexterm" name="id366469"></a>
+        <a class="indexterm" name="id366476"></a>
+        <a class="indexterm" name="id366483"></a>
+        <a class="indexterm" name="id366490"></a>
+        <a class="indexterm" name="id366496"></a>
+        <a class="indexterm" name="id366503"></a>
         Where the <em class="parameter"><code>passdb backend</code></em> used is either <code class="constant">smbpasswd</code>
         (the default) or the new <code class="constant">tdbsam</code>, the system interface scripts
 …
         <code class="literal">groupmod</code>, <code class="literal">groupdel</code>, and so on.
         </p><p>
         <a class="indexterm" name="id368035"></a>
         <a class="indexterm" name="id368042"></a>
         <a class="indexterm" name="id368048"></a>
+        <a class="indexterm" name="id366562"></a>
+        <a class="indexterm" name="id366569"></a>
+        <a class="indexterm" name="id366576"></a>
         Where the <em class="parameter"><code>passdb backend</code></em> makes use of an LDAP directory,
         it is necessary either to use the <code class="constant">smbldap-tools</code> provided
         by Idealx or to use an alternate toolset provided by a third
         party or else home-crafted to manage the LDAP directory accounts.
         </p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id368069"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id366596"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>
         Samba version 2.x could be compiled for use either with or without LDAP.
         The LDAP control settings in the <code class="filename">smb.conf</code> file in this old version are
 …
         of all files to the correct locations.
         </p><p>
         <a class="indexterm" name="id368099"></a>
         <a class="indexterm" name="id368106"></a>
+        <a class="indexterm" name="id366627"></a>
+        <a class="indexterm" name="id366634"></a>
         The Samba SAM schema required for Samba-3 is significantly different from that
         used with Samba 2.x. This means that the LDAP directory must be updated
 …
 the DN's with quotation marks.
 </pre><p>
         </p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id368184"></a>Updating a Samba-3 Installation</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id366712"></a>Updating a Samba-3 Installation</h2></div></div></div><p>
 The key concern in this section is to deal with the changes that have been
 affected in Samba-3 between the Samba-3.0.0 release and the current update.
 …
 taken to update Samba-3 versions.
 </p><p>
 <a class="indexterm" name="id368197"></a>
+<a class="indexterm" name="id366725"></a>
 The information in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">&#8220;Location of config files&#8221;</a> would not be necessary if every
 person who has ever produced Samba executable (binary) files could agree on
 …
 Clearly, such agreement is further away than a pipedream.
 </p><p>
 <a class="indexterm" name="id368220"></a>
+<a class="indexterm" name="id366748"></a>
 Vendors and packagers who produce Samba binary installable packages do not,
 as a rule, use the default paths used by the Samba-Team for the location of
 …
 effect.
 </p><p>
 <a class="indexterm" name="id368248"></a>
+<a class="indexterm" name="id366776"></a>
 The best advice for those lacking in code compilation experience is to use
 only vendor (or Samba-Team) provided binary packages. The Samba packages
 …
 that are compatible with the original OS vendor's practices.
 </p><p>
 <a class="indexterm" name="id368261"></a>
 <a class="indexterm" name="id368268"></a>
+<a class="indexterm" name="id366789"></a>
+<a class="indexterm" name="id366796"></a>
 If you are not sure whether a binary package complies with the OS
 vendor's practices, it is better to ask the package maintainer via
 …
 Alternately, just diagnose the paths specified by the binary files following
 the procedure outlined above.
 </p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id368281"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>
+</p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id366809"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>
         The guidance in this section deals with updates to an existing
         Samba-3 server installation.
         </p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id368291"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>
+        </p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id366819"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>
         With the provision that the binary Samba-3 package has been built
         with the same path and feature settings as the existing Samba-3
 …
         and without need to change either the <code class="filename">smb.conf</code> file or, where
         used, the LDAP schema.
         </p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id368310"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>
         <a class="indexterm" name="id368318"></a>
         <a class="indexterm" name="id368324"></a>
+        </p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id366838"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>
+        <a class="indexterm" name="id366846"></a>
+        <a class="indexterm" name="id366852"></a>
         When updating versions of Samba-3 prior to 3.0.6 to 3.0.6 through 3.0.10,
         it is necessary only to update the LDAP schema (where LDAP is used).
 …
         update.
         </p><p>
         <a class="indexterm" name="id368339"></a>
         <a class="indexterm" name="id368346"></a>
         <a class="indexterm" name="id368352"></a>
+        <a class="indexterm" name="id366867"></a>
+        <a class="indexterm" name="id366874"></a>
+        <a class="indexterm" name="id366880"></a>
         Samba-3.0.6 introduced the ability to remember the last <span class="emphasis"><em>n</em></span> number
         of passwords a user has used. This information will work only with
 …
         </p><p>
         After updating the LDAP schema, do not forget to re-index the LDAP database.
         </p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id368384"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>
         <a class="indexterm" name="id368392"></a>
+        </p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id366912"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>
+        <a class="indexterm" name="id366920"></a>
         Samba-3.0.8 introduced changes in how the <em class="parameter"><code>username map</code></em>
         behaves. It also included a change in behavior of <code class="literal">winbindd</code>.
 …
         from versions prior to 3.0.8 to a current version.
         </p><p>
         <a class="indexterm" name="id368421"></a>
+        <a class="indexterm" name="id366949"></a>
         In Samba-3.0.11 a new privileges interface was implemented. Please
         refer to <a class="link" href="happy.html#sbehap-ppc" title="Addition of Machines to the Domain">&#8220;Addition of Machines to the Domain&#8221;</a> for information regarding this new
 …
 back to searching the 'ldap suffix' in some cases.
 </pre><p>
         </p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id368465"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id366993"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>
         The two most likely candidates for replacement of a server are
         domain member servers and domain controllers. Each needs to be
         handled slightly differently.
         </p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id368475"></a>Replacing a Domain Member Server</h4></div></div></div><p>
         <a class="indexterm" name="id368483"></a>
+        </p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id367004"></a>Replacing a Domain Member Server</h4></div></div></div><p>
+        <a class="indexterm" name="id367012"></a>
         Replacement of a domain member server should be done
         using the same procedure as outlined in <a class="link" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients">&#8220;Adding Domain Member Servers and Clients&#8221;</a>.
 …
         change its SID and will necessitate rejoining to the domain.
         </p><p>
         <a class="indexterm" name="id368506"></a>
         <a class="indexterm" name="id368512"></a>
         <a class="indexterm" name="id368519"></a>
         <a class="indexterm" name="id368526"></a>
         <a class="indexterm" name="id368532"></a>
         <a class="indexterm" name="id368539"></a>
+        <a class="indexterm" name="id367034"></a>
+        <a class="indexterm" name="id367041"></a>
+        <a class="indexterm" name="id367047"></a>
+        <a class="indexterm" name="id367054"></a>
+        <a class="indexterm" name="id367061"></a>
+        <a class="indexterm" name="id367068"></a>
         Following a change of hostname (NetBIOS name) it is a good idea on all servers
         to shut down the Samba <code class="literal">smbd</code>, <code class="literal">nmbd</code>, and
 …
         change, but can persist for a longer period of time.
         </p><p>
         <a class="indexterm" name="id368583"></a>
         <a class="indexterm" name="id368589"></a>
         <a class="indexterm" name="id368596"></a>
         <a class="indexterm" name="id368603"></a>
+        <a class="indexterm" name="id367111"></a>
+        <a class="indexterm" name="id367118"></a>
+        <a class="indexterm" name="id367125"></a>
+        <a class="indexterm" name="id367131"></a>
         If the old domain member server had local accounts, it is necessary to create
         on the new domain member server the same accounts with the same UID and GID
 …
         account entries to the new target server.
         </p><p>
         <a class="indexterm" name="id368648"></a>
+        <a class="indexterm" name="id367176"></a>
         Where the user accounts for both UNIX and Samba are stored in LDAP, the new
         target server must be configured to use the <code class="literal">nss_ldap</code> tool set.
         This will automatically ensure that the appropriate user entities are
         available on the new server.
         </p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id368664"></a>Replacing a Domain Controller</h4></div></div></div><p>
         <a class="indexterm" name="id368672"></a>
+        </p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id367193"></a>Replacing a Domain Controller</h4></div></div></div><p>
+        <a class="indexterm" name="id367201"></a>
         In the past, people who replaced a Windows NT4 domain controller typically
         installed a new server, created printers and file shares on it, then migrate across
 …
         should correctly pick up the original SID and preserve all other settings. It is
         sound advice to validate this before turning the system over to users.
         </p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id368842"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id367371"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>
         Yes, it works. The Windows ADMT tool can be used to migrate Samba accounts
         to MS Active Directory.  There are a few pitfalls to be aware of:
         </p><div class="procedure" title="Procedure 8.2. Migration to Active Directory"><a name="id368853"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+        </p><div class="procedure" title="Procedure 8.2. Migration to Active Directory"><a name="id367381"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Administrator password must be THE SAME on the Samba server,
                 the 2003 ADS, and the local Administrator account on the workstations.
 …
                 workstations won't be migrated to the new domain.
                 </p></li><li class="step" title="Step 5"><p>
                 <a class="indexterm" name="id368911"></a>
+                <a class="indexterm" name="id367439"></a>
                 When migrating machines, always test first (using ADMT's test mode)
                 and satisfy all errors before committing the migration. Note that the
 …
                 a test.
                 </p></li></ol></div><p>
         <a class="indexterm" name="id368925"></a>
+        <a class="indexterm" name="id367454"></a>
         There are some significant benefits of using the ADMT, besides just
         migrating user accounts. ADMT can be found on the Windows 2003 CD.

Context Navigation

Legend:

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/Big500users.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/DMSMig.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/DomApps.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ExNetworks.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/HA.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/RefSection.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/apa.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/appendix.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ch14.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/go01.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/happy.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/index.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ix01.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/kerberos.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/net2000users.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/ntmigration.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/nw4migration.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/pr01.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/pr02.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/pr03.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/preface.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/primer.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/secure.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/simple.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/small.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/unixclients.html

branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/upgrades.html

Download in other formats: