Part III. Advanced Configuration

Valuable Nuts and Bolts Information

+Part III. Advanced Configuration

Part III. Advanced Configuration
Prev		Next

Part III. Advanced Configuration

Valuable Nuts and Bolts Information

Samba has several features that you might want or might not want to use. The chapters in this part each cover specific Samba features.

Table of Contents

9. Important and Critical Change Notes for the Samba 3.x Series

Important Samba-3.2.x Change Notes

Important Samba-3.0.x Change Notes

User and Group Changes
Essential Group Mappings
Passdb Changes
Group Mapping Changes in Samba-3.0.23
LDAP Changes in Samba-3.0.23

10. Network Browsing

Features and Benefits

What Is Browsing?

Discussion

NetBIOS over TCP/IP
TCP/IP without NetBIOS
DNS and Active Directory

How Browsing Functions

Configuring Workgroup Browsing
Domain Browsing Configuration
Forcing Samba to Be the Master
Making Samba the Domain Master
Note about Broadcast Addresses
Multiple Interfaces
Use of the Remote Announce Parameter
Use of the Remote Browse Sync Parameter

WINS: The Windows Internetworking Name Server

WINS Server Configuration
WINS Replication
Static WINS Entries

Helpful Hints

Windows Networking Protocols
Name Resolution Order

Technical Overview of Browsing

Browsing Support in Samba
Problem Resolution
Cross-Subnet Browsing

Common Errors

Flushing the Samba NetBIOS Name Cache
Server Resources Cannot Be Listed
I Get an "Unable to browse the network" Error
Browsing of Shares and Directories is Very Slow
Invalid Cached Share References Affects Network Browsing

11. Account Information Databases

Features and Benefits

Backward Compatibility Account Storage Systems
New Account Storage Systems

Technical Information

Important Notes About Security
Mapping User Identifiers between MS Windows and UNIX
Mapping Common UIDs/GIDs on Distributed Machines
Comments Regarding LDAP
LDAP Directories and Windows Computer Accounts

Account Management Tools

The smbpasswd Tool
The pdbedit Tool

Password Backends

Plaintext
smbpasswd: Encrypted Password Database
tdbsam
ldapsam

Common Errors

Users Cannot Logon
Configuration of auth methods

12. Group Mapping: MS Windows and UNIX

Features and Benefits

Discussion

Warning: User Private Group Problems
Nested Groups: Adding Windows Domain Groups to Windows Local Groups
Important Administrative Information
Default Users, Groups, and Relative Identifiers
Example Configuration

Configuration Scripts

Sample smb.conf Add Group Script
Script to Configure Group Mapping

Common Errors

Adding Groups Fails
Adding Domain Users to the Workstation Power Users Group

13. Remote and Local Management: The Net Command

Overview

Administrative Tasks and Methods

UNIX and Windows Group Management

Adding, Renaming, or Deletion of Group Accounts
Manipulating Group Memberships
Nested Group Support

UNIX and Windows User Management

Adding User Accounts
Deletion of User Accounts
Managing User Accounts
User Mapping

Administering User Rights and Privileges

Managing Trust Relationships

Machine Trust Accounts
Interdomain Trusts

Managing Security Identifiers (SIDS)

Share Management

Creating, Editing, and Removing Shares
Creating and Changing Share ACLs
Share, Directory, and File Migration
Printer Migration

Controlling Open Files

Session and Connection Management

Printers and ADS

Manipulating the Samba Cache

Managing IDMAP UID/SID Mappings

Creating an IDMAP Database Dump File
Restoring the IDMAP Database Dump File

Other Miscellaneous Operations

14. Identity Mapping (IDMAP)

Samba Server Deployment Types and IDMAP

Standalone Samba Server
Domain Member Server or Domain Member Client
Primary Domain Controller
Backup Domain Controller

Examples of IDMAP Backend Usage

Default Winbind TDB
IDMAP_RID with Winbind
IDMAP Storage in LDAP Using Winbind
IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension

15. User Rights and Privileges

Rights Management Capabilities

Using the net rpc rights Utility
Description of Privileges
Privileges Suppored by Windows 2000 Domain Controllers

The Administrator Domain SID

Common Errors

What Rights and Privileges Will Permit Windows Client Administration?

16. File, Directory, and Share Access Controls

Features and Benefits

File System Access Controls

MS Windows NTFS Comparison with UNIX File Systems
Managing Directories
File and Directory Access Control

Share Definition Access Controls

User- and Group-Based Controls
File and Directory Permissions-Based Controls
Miscellaneous Controls

Access Controls on Shares

Share Permissions Management

MS Windows Access Control Lists and UNIX Interoperability

Managing UNIX Permissions Using NT Security Dialogs
Viewing File Security on a Samba Share
Viewing File Ownership
Viewing File or Directory Permissions
Modifying File or Directory Permissions
Interaction with the Standard Samba create mask Parameters
Interaction with the Standard Samba File Attribute Mapping
Windows NT/200X ACLs and POSIX ACLs Limitations

Common Errors

Users Cannot Write to a Public Share
File Operations Done as root with force user Set
MS Word with Samba Changes Owner of File

17. File and Record Locking

Features and Benefits

Discussion

Opportunistic Locking Overview

Samba Oplocks Control

Example Configuration

MS Windows Oplocks and Caching Controls

Workstation Service Entries
Server Service Entries

Persistent Data Corruption

Common Errors

locking.tdb Error Messages
Problems Saving Files in MS Office on Windows XP
Long Delays Deleting Files over Network with XP SP1

Additional Reading

18. Securing Samba

Introduction

Features and Benefits

Technical Discussion of Protective Measures and Issues

Using Host-Based Protection
User-Based Protection
Using Interface Protection
Using a Firewall
Using IPC$ Share-Based Denials
NTLMv2 Security

Upgrading Samba

Common Errors

Smbclient Works on Localhost, but the Network Is Dead
Why Can Users Access Other Users' Home Directories?

19. Interdomain Trust Relationships

Features and Benefits

Trust Relationship Background

Native MS Windows NT4 Trusts Configuration

Creating an NT4 Domain Trust
Completing an NT4 Domain Trust
Interdomain Trust Facilities

Configuring Samba NT-Style Domain Trusts

Samba as the Trusted Domain
Samba as the Trusting Domain

NT4-Style Domain Trusts with Windows 2000

Common Errors

Browsing of Trusted Domain Fails
Problems with LDAP ldapsam and Older Versions of smbldap-tools

20. Hosting a Microsoft Distributed File System Tree

Features and Benefits

Common Errors

MSDFS UNIX Path Is Case-Critical

21. Classical Printing Support

Features and Benefits

Technical Introduction

Client to Samba Print Job Processing
Printing-Related Configuration Parameters

Simple Print Configuration

Verifying Configuration with testparm
Rapid Configuration Validation

Extended Printing Configuration

Detailed Explanation Settings

Printing Developments Since Samba-2.2

Point'n'Print Client Drivers on Samba Servers
The Obsoleted [printer$] Section
Creating the [print$] Share
[print$] Stanza Parameters
The [print$] Share Directory

Installing Drivers into [print$]

Add Printer Wizard Driver Installation
Installing Print Drivers Using rpcclient

Client Driver Installation Procedure

First Client Driver Installation
Setting Device Modes on New Printers
Additional Client Driver Installation
Always Make First Client Connection as root or printer admin

Other Gotchas

Setting Default Print Options for Client Drivers
Supporting Large Numbers of Printers
Adding New Printers with the Windows NT APW
Error Message: Cannot connect under a different Name
Take Care When Assembling Driver Files
Samba and Printer Ports
Avoiding Common Client Driver Misconfiguration

The Imprints Toolset

What Is Imprints?
Creating Printer Driver Packages
The Imprints Server
The Installation Client

Adding Network Printers without User Interaction

The addprinter Command

Migration of Classical Printing to Samba

Publishing Printer Information in Active Directory or LDAP

Common Errors

I Give My Root Password but I Do Not Get Access
My Print Jobs Get Spooled into the Spooling Directory, but Then Get Lost

22. CUPS Printing Support

Introduction

Features and Benefits
Overview

Basic CUPS Support Configuration

Linking smbd with libcups.so
Simple smb.conf Settings for CUPS
More Complex CUPS smb.conf Settings

Advanced Configuration

Central Spooling vs. Peer-to-Peer Printing
Raw Print Serving: Vendor Drivers on Windows Clients
Installation of Windows Client Drivers
Explicitly Enable raw Printing for application/octet-stream
Driver Upload Methods

Advanced Intelligent Printing with PostScript Driver Download

GDI on Windows, PostScript on UNIX
Windows Drivers, GDI, and EMF
UNIX Printfile Conversion and GUI Basics
PostScript and Ghostscript
Ghostscript: The Software RIP for Non-PostScript Printers
PostScript Printer Description (PPD) Specification
Using Windows-Formatted Vendor PPDs
CUPS Also Uses PPDs for Non-PostScript Printers

The CUPS Filtering Architecture

MIME Types and CUPS Filters
MIME Type Conversion Rules
Filtering Overview
Prefilters
pstops
pstoraster
imagetops and imagetoraster
rasterto [printers specific]
CUPS Backends
The Role of cupsomatic/foomatic
The Complete Picture
mime.convs
Raw Printing
application/octet-stream Printing
PostScript Printer Descriptions for Non-PostScript Printers
cupsomatic/foomatic-rip Versus Native CUPS Printing
Examples for Filtering Chains
Sources of CUPS Drivers/PPDs
Printing with Interface Scripts

Network Printing (Purely Windows)

From Windows Clients to an NT Print Server
Driver Execution on the Client
Driver Execution on the Server

Network Printing (Windows Clients and UNIX/Samba Print -- cgit v1.2.3