From 655cd95f005bc6aac2deb3566e493b785e82cd94 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jun 2014 20:20:06 +1200 Subject: [PATCH] docs: Remove most references to Samba-3 and change to just Samba References are kept where the version number makes sense in the context. Andrew Bartlett Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison --- docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml | 6 +- docs-xml/Samba3-ByExample/SBE-500UserNetwork.xml | 6 +- .../Samba3-ByExample/SBE-AddingUNIXClients.xml | 52 +++++++-------- docs-xml/Samba3-ByExample/SBE-Appendix1.xml | 4 +- docs-xml/Samba3-ByExample/SBE-Appendix2.xml | 20 +++--- .../Samba3-ByExample/SBE-DomainAppsSupport.xml | 36 +++++------ docs-xml/Samba3-ByExample/SBE-HighAvailability.xml | 4 +- .../Samba3-ByExample/SBE-KerberosFastStart.xml | 46 +++++++------- docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml | 60 +++++++++--------- docs-xml/Samba3-ByExample/SBE-MigrateNT4Samba3.xml | 74 +++++++++++----------- docs-xml/Samba3-ByExample/SBE-MigrateNW4Samba3.xml | 4 +- .../Samba3-ByExample/SBE-SecureOfficeServer.xml | 18 +++--- .../Samba3-ByExample/SBE-SimpleOfficeServer.xml | 16 ++--- docs-xml/Samba3-ByExample/SBE-TheSmallOffice.xml | 14 ++-- docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml | 42 ++++++------ docs-xml/Samba3-ByExample/SBE-preface.xml | 20 +++--- docs-xml/Samba3-ByExample/index.xml | 14 ++-- docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml | 2 +- docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml | 18 +++--- docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml | 2 +- docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 10 +-- docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml | 14 ++-- docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml | 4 +- docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml | 16 ++--- docs-xml/Samba3-HOWTO/TOSHARG-Install.xml | 6 +- .../Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml | 16 ++--- docs-xml/Samba3-HOWTO/TOSHARG-IntroSMB.xml | 10 +-- docs-xml/Samba3-HOWTO/TOSHARG-NT4Migration.xml | 46 +++++++------- docs-xml/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml | 6 +- docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml | 26 ++++---- docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 24 +++---- docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml | 8 +-- docs-xml/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml | 2 +- .../Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml | 2 +- docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml | 12 ++-- docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml | 16 ++--- docs-xml/Samba3-HOWTO/TOSHARG-Unicode.xml | 4 +- docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml | 4 +- docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml | 4 +- .../Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml | 4 +- docs-xml/Samba3-HOWTO/TOSHARG-preface.xml | 2 +- docs-xml/smbdotconf/base/netbiosname.xml | 4 +- 42 files changed, 349 insertions(+), 349 deletions(-) diff --git a/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml b/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml index e0c3c7cd4db..37c2ee0bc6a 100644 --- a/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml +++ b/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml @@ -572,7 +572,7 @@ productivity. LDAP LDAPbackend SID - When Samba-3 is configured to use an LDAP backend, it stores the domain + When Samba is configured to use an LDAP backend, it stores the domain account information in a directory entry. This account entry contains the domain SID. An unintended but exploitable side effect is that this makes it possible to operate with more than one PDC on a distributed network. @@ -658,7 +658,7 @@ productivity. LDAP UID GID - Samba-3 has the ability to use multiple password (authentication and + Samba has the ability to use multiple password (authentication and identity resolution) backends. The diagram in demonstrates how Samba uses winbind, LDAP, and NIS, the traditional system password database. The diagram only documents the mechanisms for @@ -1271,7 +1271,7 @@ index default sub LDAPBDC - Where Samba-3 is used as a domain controller, the use of LDAP is an + Where Samba is used as a domain controller, the use of LDAP is an essential component to permit the use of BDCs. diff --git a/docs-xml/Samba3-ByExample/SBE-500UserNetwork.xml b/docs-xml/Samba3-ByExample/SBE-500UserNetwork.xml index 64809c8c0ea..6a2c3eea2ce 100644 --- a/docs-xml/Samba3-ByExample/SBE-500UserNetwork.xml +++ b/docs-xml/Samba3-ByExample/SBE-500UserNetwork.xml @@ -4,7 +4,7 @@ The 500-User Office - The Samba-3 networking you explored in covers the finer points of + The Samba networking you explored in covers the finer points of configuration of peripheral services such as DHCP and DNS, and WINS. You experienced implementation of a simple configuration of the services that are important adjuncts to successful deployment of Samba. @@ -1766,7 +1766,7 @@ net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d - Joining a Samba-3 domain member server to a Samba-3 domain + Joining a Samba domain member server to a Samba-3 domain @@ -1936,7 +1936,7 @@ net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d - Unless configured to do otherwise, the default behavior with Samba-3 and Windows XP Professional + Unless configured to do otherwise, the default behavior with Samba and Windows XP Professional clients is to use roaming profiles. diff --git a/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml b/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml index 45a09a8fb1d..f28f4a1085b 100644 --- a/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml +++ b/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml @@ -306,7 +306,7 @@ Domain Memberclient Domain Controller The domain member server and the domain member client are at the center of focus in this chapter. - Configuration of Samba-3 domain controller is covered in earlier chapters, so if your + Configuration of Samba domain controller is covered in earlier chapters, so if your interest is in domain controller configuration, you will not find that here. You will find good oil that helps you to add domain member servers and clients. @@ -1071,12 +1071,12 @@ Joined domain MEGANET2. Active Directoryjoin Kerberos Domain Memberserver - One of the much-sought-after features new to Samba-3 is the ability to join an Active Directory + One of the much-sought-after features new to Samba is the ability to join an Active Directory domain using Kerberos protocols. This makes it possible to operate an entire Windows network without the need to run NetBIOS over TCP/IP and permits more secure networking in general. An exhaustively complete discussion of the protocols is not possible in this book; perhaps a - later book may explore the intricacies of the NetBIOS-less operation that Samba-3 can participate - in. For now, we simply focus on how a Samba-3 server can be made a domain member server. + later book may explore the intricacies of the NetBIOS-less operation that Samba can participate + in. For now, we simply focus on how a Samba server can be made a domain member server. @@ -1084,22 +1084,22 @@ Joined domain MEGANET2. LDAP Identity resolution Kerberos - The diagram in demonstrates how Samba-3 interfaces with + The diagram in demonstrates how Samba interfaces with Microsoft Active Directory components. It should be noted that if Microsoft Windows Services for UNIX (SFU) has been installed and correctly configured, it is possible to use client LDAP - for identity resolution just as can be done with Samba-3 when using an LDAP passdb backend. + for identity resolution just as can be done with Samba when using an LDAP passdb backend. The UNIX tool that you need for this, as in the case of LDAP on UNIX/Linux, is the PADL Software nss_ldap tool-set. Compared with use of winbind and Kerberos, the use of LDAP-based identity resolution is a little less secure. In view of the fact that this solution requires additional software to be installed on the Windows 200x ADS domain controllers, - and that means more management overhead, it is likely that most Samba-3 ADS client sites + and that means more management overhead, it is likely that most Samba ADS client sites may elect to use winbind. - Do not attempt to use this procedure if you are not 100 percent certain that the build of Samba-3 + Do not attempt to use this procedure if you are not 100 percent certain that the build of Samba you are using has been compiled and linked with all the tools necessary for this to work. - Given the importance of this step, you must first validate that the Samba-3 message block + Given the importance of this step, you must first validate that the Samba message block daemon (smbd) has the necessary features. @@ -1123,7 +1123,7 @@ Joined domain MEGANET2. smbd - Before you try to use Samba-3, you want to know for certain that your executables have + Before you try to use Samba, you want to know for certain that your executables have support for Kerberos and for LDAP. Execute the following to identify whether or not this build is perhaps suitable for use: @@ -1201,7 +1201,7 @@ massive:/usr/sbin # smbd -b | grep LDAP SerNet validated The next step is to identify which version of the Kerberos libraries have been used. - In order to permit Samba-3 to interoperate with Windows 2003 Active Directory, it is + In order to permit Samba to interoperate with Windows 2003 Active Directory, it is essential that it has been linked with either MIT Kerberos version 1.3.1 or later, or that it has been linked with Heimdal Kerberos 0.6 plus specific patches. You may identify what version of the MIT Kerberos libraries are installed on your system by @@ -1220,8 +1220,8 @@ massive:/usr/sbin # smbd -b | grep LDAP - From this point on, you are certain that the Samba-3 build you are using has the - necessary capabilities. You can now configure Samba-3 and the NSS. + From this point on, you are certain that the Samba build you are using has the + necessary capabilities. You can now configure Samba and the NSS. @@ -1271,7 +1271,7 @@ massive:/usr/sbin # smbd -b | grep LDAP Using short domain name -- LONDON Joined 'FRAN' to realm 'LONDON.ABMAS.BIZ' - You have successfully made your Samba-3 server a member of the ADS domain + You have successfully made your Samba server a member of the ADS domain using Kerberos protocols. @@ -1420,7 +1420,7 @@ LONDON+DnsUpdateProxy:x:10008: netadsinfo Active Directoryserver Kerberos - You may now perform final verification that communications between Samba-3 winbind and + You may now perform final verification that communications between Samba winbind and the Active Directory server is using Kerberos protocols. Execute the following: &rootprompt; net ads info @@ -1516,7 +1516,7 @@ Permissions: [Read All Properties] -------------- End Of Security Descriptor - And now you have conclusive proof that your Samba-3 ADS domain member server + And now you have conclusive proof that your Samba ADS domain member server called FRAN is able to communicate fully with the ADS domain controllers. @@ -1525,7 +1525,7 @@ Permissions: - Your Samba-3 ADS domain member server is ready for use. During training sessions, + Your Samba ADS domain member server is ready for use. During training sessions, you may be asked what is inside the winbindd_cache.tdb and winbindd_idmap.tdb files. Since curiosity just took hold of you, execute the following: @@ -1813,7 +1813,7 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash ADAM ADS - The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains as well as + The storage of IDMAP information in LDAP can be used with both NT4/Samba-style domains as well as with ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any standards-compliant LDAP server can be used. It is therefore possible to deploy this IDMAP configuration using the Sun iPlanet LDAP server, Novell eDirectory, Microsoft ADS plus ADAM, and so on. @@ -1847,10 +1847,10 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash realm - In the case of an NT4 or Samba-3-style domain the realm is not used, and the + In the case of an NT4 or Samba-style domain the realm is not used, and the command used to join the domain is net rpc join. The above example also demonstrates advanced error reporting techniques that are documented in the chapter called "Reporting Bugs" in - The Official Samba-3 HOWTO and Reference Guide, Second Edition (TOSHARG2). + The Official Samba HOWTO and Reference Guide, Second Edition (TOSHARG2). @@ -2190,7 +2190,7 @@ hosts: files wins You should note that it is possible to use LDAP-based PAM and NSS tools to permit distributed systems logons (SSO), providing user and group accounts are stored in an LDAP directory. This provides logon services for UNIX/Linux users, while Windows users obtain their sign-on - support via Samba-3. + support via Samba. @@ -2218,7 +2218,7 @@ hosts: files wins The following steps provide a Linux system that users can log onto using - Windows NT4 (or Samba-3) domain network credentials: + Windows NT4 (or Samba) domain network credentials: @@ -2751,7 +2751,7 @@ session sufficient /lib/security/$ISA/pam_winbind.so use_first_pass - Is proper DNS operation necessary for Samba-3 plus LDAP? If so, what must I put into + Is proper DNS operation necessary for Samba plus LDAP? If so, what must I put into my DNS configuration? @@ -2813,7 +2813,7 @@ hosts: files dns wins Our Windows 2003 Server Active Directory domain runs with NetBIOS disabled. Can we - use Samba-3 with that configuration? + use Samba with that configuration? @@ -2851,8 +2851,8 @@ hosts: files dns wins authentication - No. This is not okay. It means that your Samba-3 client has joined the ADS domain as - a Windows NT4 client, and Samba-3 will not be using Kerberos-based authentication. + No. This is not okay. It means that your Samba client has joined the ADS domain as + a Windows NT4 client, and Samba will not be using Kerberos-based authentication. diff --git a/docs-xml/Samba3-ByExample/SBE-Appendix1.xml b/docs-xml/Samba3-ByExample/SBE-Appendix1.xml index 1b958b3ef28..8447da61790 100644 --- a/docs-xml/Samba3-ByExample/SBE-Appendix1.xml +++ b/docs-xml/Samba3-ByExample/SBE-Appendix1.xml @@ -50,7 +50,7 @@ Clicking the Network ID button launches the configuration wizard. Do not use this with - Samba-3. If you wish to change the computer name, or join or leave the domain, click the Change button. + Samba. If you wish to change the computer name, or join or leave the domain, click the Change button. See .
The Computer Name Panel.wxpp004
 @@ -76,7 +76,7 @@ - Enter the name root and the root password from your Samba-3 server. See . + Enter the name root and the root password from your Samba server. See .
Computer Name Changes &smbmdash; User name and Password Panelwxpp008
 diff --git a/docs-xml/Samba3-ByExample/SBE-Appendix2.xml b/docs-xml/Samba3-ByExample/SBE-Appendix2.xml index 51d24889f18..dd8ca0398d1 100644 --- a/docs-xml/Samba3-ByExample/SBE-Appendix2.xml +++ b/docs-xml/Samba3-ByExample/SBE-Appendix2.xml @@ -23,7 +23,7 @@ Successful completion of this primer requires two Microsoft Windows 9x/Me Workstations as well as two Microsoft Windows XP Professional Workstations, each equipped with an Ethernet card connected using a hub. Also required is one additional server (either Windows - NT4 Server, Windows 2000 Server, or a Samba-3 on UNIX/Linux server) running a network + NT4 Server, Windows 2000 Server, or a Samba on UNIX/Linux server) running a network sniffer and analysis application (Wireshark is a good choice). All work should be undertaken on a quiet network where there is no other traffic. It is best to use a dedicated hub with only the machines under test connected at the time of the exercises. @@ -118,7 +118,7 @@ - Recommended preparatory reading: The Official Samba-3 HOWTO and Reference Guide, Second + Recommended preparatory reading: The Official Samba HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 9, Network Browsing, and Chapter 3, Server Types and Security Modes. @@ -751,7 +751,7 @@ - Windows 200x/XP Client Interaction with Samba-3 + Windows 200x/XP Client Interaction with Samba By now you may be asking, Why did you choose to work with Windows 9x/Me? @@ -946,7 +946,7 @@ networking operations. Such passwords cannot be provided from the UNIX /etc/passwd database and thus must be stored elsewhere on the UNIX system in a manner that Samba can use. Samba-2.x permitted such encrypted passwords to be stored in the smbpasswd - file or in an LDAP database. Samba-3 permits use of multiple passdb backend + file or in an LDAP database. Samba permits use of multiple passdb backend databases in concurrent deployment. Refer to TOSHARG2, Chapter 10, Account Information Databases. @@ -1142,7 +1142,7 @@ - Is it possible to reduce network broadcast activity with Samba-3? + Is it possible to reduce network broadcast activity with Samba? @@ -1169,7 +1169,7 @@ Use of SMB without NetBIOS is possible only on Windows 200x/XP Professional clients and servers, as - well as with Samba-3. + well as with Samba. @@ -1205,7 +1205,7 @@ - Samba-3 supports Microsoft encrypted passwords. Be advised not to reintroduce plain-text password handling. + Samba supports Microsoft encrypted passwords. Be advised not to reintroduce plain-text password handling. Just create user accounts by running smbpasswd -a 'username' @@ -1231,7 +1231,7 @@ The parameter in the &smb.conf; file that controls this behavior is known as encrypt - passwords. The default setting for this in Samba-3 is Yes (Enabled). + passwords. The default setting for this in Samba is Yes (Enabled). @@ -1242,7 +1242,7 @@ Is it necessary to specify Yes - when Samba-3 is configured as a domain member? + when Samba is configured as a domain member? @@ -1259,7 +1259,7 @@ - Is it necessary to specify a guest account when Samba-3 is configured + Is it necessary to specify a guest account when Samba is configured as a domain member server? diff --git a/docs-xml/Samba3-ByExample/SBE-DomainAppsSupport.xml b/docs-xml/Samba3-ByExample/SBE-DomainAppsSupport.xml index c9ccd433d7b..1dd2f4f2870 100644 --- a/docs-xml/Samba3-ByExample/SBE-DomainAppsSupport.xml +++ b/docs-xml/Samba3-ByExample/SBE-DomainAppsSupport.xml @@ -10,8 +10,8 @@ smbpasswd ldapsam Active Directory - You've come a long way now. You have pretty much mastered Samba-3 for - most uses it can be put to. Up until now, you have cast Samba-3 in the leading + You've come a long way now. You have pretty much mastered Samba for + most uses it can be put to. Up until now, you have cast Samba in the leading role, and where authentication was required, you have used one or another of Samba's many authentication backends (from flat text files with smbpasswd to LDAP directory integration with ldapsam). Now you can design a @@ -42,7 +42,7 @@ - You have decided to set the ball rolling by introducing Samba-3 into the network + You have decided to set the ball rolling by introducing Samba into the network gradually, taking over key services and easing the way to a full migration and, therefore, integration into Abmas's existing business later. @@ -135,9 +135,9 @@ Kerberostoken Functionally, the user's Internet Explorer requests a browsing session with the Squid proxy, for which it offers its AD authentication token. Squid hands off - the authentication request to the Samba-3 authentication helper application + the authentication request to the Samba authentication helper application called ntlm_auth. This helper is a hook into winbind, the - Samba-3 NTLM authentication daemon. Winbind enables UNIX services to authenticate + Samba NTLM authentication daemon. Winbind enables UNIX services to authenticate against Microsoft Windows domains, including Active Directory domains. As Active Directory authentication is a modified Kerberos authentication, winbind is assisted in this by local Kerberos 5 libraries configured to check passwords with the Active @@ -159,7 +159,7 @@ - Configuring, compiling, and then installing the supporting Samba-3 components + Configuring, compiling, and then installing the supporting Samba components @@ -192,7 +192,7 @@ Squid First, your system needs to be prepared and in a known good state to proceed. This consists of making sure that everything the system depends on is present and that everything that could - interfere or conflict with the system is removed. You will be configuring the Squid and Samba-3 + interfere or conflict with the system is removed. You will be configuring the Squid and Samba packages and updating them if necessary. If conflicting packages of these programs are installed, they must be removed. @@ -416,12 +416,12 @@ Password for ADMINISTRATOR@LONDON.ABMAS.BIZ: Active Directory - Samba must be configured to correctly use Active Directory. Samba-3 must be used, since it + Samba must be configured to correctly use Active Directory. Samba must be used, since it has the necessary components to interface with Active Directory. - Securing Samba-3 With ADS Support Steps + Securing Samba With ADS Support Steps Red Hat Linux @@ -429,7 +429,7 @@ Password for ADMINISTRATOR@LONDON.ABMAS.BIZ: Red Hat Fedora Linux MIT KRB5 ntlm_auth - Download the latest stable Samba-3 for Red Hat Linux from the official Samba Team + Download the latest stable Samba for Red Hat Linux from the official Samba Team FTP site. The official Samba Team RPMs for Red Hat Fedora Linux contain the ntlm_auth tool needed, and are linked against MIT KRB5 version 1.3.1 and therefore are ready for use. @@ -523,7 +523,7 @@ LONDON+DnsUpdateProxy Squid ntlm_auth - Squid uses the ntlm_auth helper build with Samba-3. + Squid uses the ntlm_auth helper build with Samba. You may test ntlm_auth with the command: &rootprompt; /usr/bin/ntlm_auth --username=jht @@ -573,7 +573,7 @@ password: XXXXXXXX NSS winbind authentication - For Squid to benefit from Samba-3, NSS must be updated to allow winbind as a valid route to user authentication. + For Squid to benefit from Samba, NSS must be updated to allow winbind as a valid route to user authentication. @@ -624,7 +624,7 @@ group: files winbind Squid Active Directoryauthentication - Squid must be configured correctly to interact with the Samba-3 + Squid must be configured correctly to interact with the Samba components that handle Active Directory authentication. @@ -863,14 +863,14 @@ group: files winbind daemon smbd file and print server - Samba-3 is a file and print server. The core components that provide this functionality are smbd, + Samba is a file and print server. The core components that provide this functionality are smbd, nmbd, and the identity resolver daemon, winbindd. SMB/CIFS smbclient - Samba-3 is an SMB/CIFS client. The core component that provides this is called smbclient. + Samba is an SMB/CIFS client. The core component that provides this is called smbclient. @@ -879,10 +879,10 @@ group: files winbind validation inter-operability authentication - Samba-3 includes a number of helper tools, plug-in modules, utilities, and test and validation facilities. - Samba-3 includes glue modules that help provide interoperability between MS Windows clients and UNIX/Linux + Samba includes a number of helper tools, plug-in modules, utilities, and test and validation facilities. + Samba includes glue modules that help provide interoperability between MS Windows clients and UNIX/Linux servers and clients. It includes Winbind agents that make it possible to authenticate UNIX/Linux access attempts - as well as logins to an SMB/CIFS authentication server backend. Samba-3 includes name service switch (NSS) modules + as well as logins to an SMB/CIFS authentication server backend. Samba includes name service switch (NSS) modules to permit identity resolution via SMB/CIFS servers (Windows NT4/200x, Samba, and a host of other commercial server products). diff --git a/docs-xml/Samba3-ByExample/SBE-HighAvailability.xml b/docs-xml/Samba3-ByExample/SBE-HighAvailability.xml index eb203f0a331..128923b4b54 100644 --- a/docs-xml/Samba3-ByExample/SBE-HighAvailability.xml +++ b/docs-xml/Samba3-ByExample/SBE-HighAvailability.xml @@ -11,9 +11,9 @@ Well, you have reached one of the last chapters of this book. It is customary to attempt to wrap up the theme and contents of a book in what is generally regarded as the chapter that should draw conclusions. This book is a suspense thriller, and since - the plot of the stories told mostly lead you to bigger, better Samba-3 networking + the plot of the stories told mostly lead you to bigger, better Samba networking solutions, it is perhaps appropriate to close this book with a few pertinent comments - regarding some of the things everyone can do to deliver a reliable Samba-3 network. + regarding some of the things everyone can do to deliver a reliable Samba network.
Anonymous diff --git a/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml b/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml index 8f3fc9a5ea0..3bc301c96dc 100644 --- a/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml +++ b/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml @@ -6,9 +6,9 @@ experiment - By this point in the book, you have been exposed to many Samba-3 features and capabilities. + By this point in the book, you have been exposed to many Samba features and capabilities. More importantly, if you have implemented the examples given, you are well on your way to becoming - a Samba-3 networking guru who knows a lot about Microsoft Windows. If you have taken the time to + a Samba networking guru who knows a lot about Microsoft Windows. If you have taken the time to practice, you likely have thought of improvements and scenarios with which you can experiment. You are rather well plugged in to the many flexible ways Samba can be used. @@ -16,7 +16,7 @@ criticism - This is a book about Samba-3. Understandably, its intent is to present it in a positive light. + This is a book about Samba. Understandably, its intent is to present it in a positive light. The casual observer might conclude that this book is one-eyed about Samba. It is &smbmdash; what would you expect? This chapter exposes some criticisms that have been raised concerning the use of Samba. For each criticism, there are good answers and appropriate solutions. @@ -31,7 +31,7 @@ straw-man - This chapter provides a shameless self-promotion of Samba-3. The objections raised were not pulled + This chapter provides a shameless self-promotion of Samba. The objections raised were not pulled out of thin air. They were drawn from comments made by Samba users and from criticism during discussions with Windows network administrators. The tone of the objections reflects as closely as possible that of the original. The case presented is a straw-man example that is designed to @@ -66,11 +66,11 @@ Active Directory You have accepted the fact that Abmas Video Rentals will use Microsoft Active Directory. - The IT team, led by Stan Soroka, is committed to Samba-3 and to maintaining a uniform technology platform. + The IT team, led by Stan Soroka, is committed to Samba and to maintaining a uniform technology platform. Stan Soroka's team voiced its disapproval over the decision to permit this business to continue to operate with a solution that is viewed by Christine and her group as an island of broken technologies. This comment was made by one of Christine's staff as they were installing a new - Samba-3 server at the new business. + Samba server at the new business. @@ -260,7 +260,7 @@ consultant I am experiencing difficulty in handling the sharp push for Kerberos. He claims that Kerberos, OpenLDAP, - plus Samba-3 will seamlessly replace Microsoft Active Directory. I am a little out of my depth with respect + plus Samba will seamlessly replace Microsoft Active Directory. I am a little out of my depth with respect to the feasibility of such a move, but have taken steps to pull both of them into line. With your consent, I would like to hire the services of a well-known Samba consultant to set the record straight. @@ -316,7 +316,7 @@ employment - Samba-3 is a tool. No one is pounding your door to make you use Samba. That is a choice that you are free to + Samba is a tool. No one is pounding your door to make you use Samba. That is a choice that you are free to make or reject. It is likely that your decision to use Samba can greatly benefit your company. The Samba Team obviously believes that the Samba software is a worthy choice. If you hire a consultant to assist with the installation and/or deployment of Samba, or if you hire @@ -722,7 +722,7 @@ The report correctly mentions that Samba did not support the most recent schannel and digital sign'n'seal features of Microsoft Windows NT/200x/XPPro products. This is one of the key features - of the Samba-3 release. Market research reports take so long to generate that they are + of the Samba release. Market research reports take so long to generate that they are seldom a reflection of current practice, and in many respects reports are like a pathology report &smbmdash; they reflect accurately (at best) status at a snapshot in time. Meanwhile, the world moves on. @@ -1769,7 +1769,7 @@ other::r-x schannel - Sign'n'seal (plus schannel support) has been implemented in Samba-3. Beware of potential + Sign'n'seal (plus schannel support) has been implemented in Samba. Beware of potential problems acknowledged by Microsoft as having been fixed but reported by some as still possibly an open issue. @@ -1784,8 +1784,8 @@ other::r-x inter-operability The combination of Kerberos 5, plus OpenLDAP, plus Samba, cannot replace Microsoft - Active Directory. The possibility to do this is not planned in the current Samba-3 - roadmap. Samba-3 does aim to provide further improvements in interoperability so that + Active Directory. The possibility to do this is not planned in the current Samba + roadmap. Samba does aim to provide further improvements in interoperability so that UNIX/Linux systems may be fully integrated into Active Directory domains. @@ -1828,8 +1828,8 @@ other::r-x registry change - No. Samba-3 fully supports Sign'n'seal as well as schannel - operation. The registry change should not be applied when Samba-3 is used as a domain controller. + No. Samba fully supports Sign'n'seal as well as schannel + operation. The registry change should not be applied when Samba is used as a domain controller. @@ -1839,7 +1839,7 @@ other::r-x - Does Samba-3 support Active Directory? + Does Samba support Active Directory? @@ -1848,9 +1848,9 @@ other::r-x Active Directory - Yes. Samba-3 can be a fully participating native mode Active Directory client. Samba-3 does not + Yes. Samba can be a fully participating native mode Active Directory client. Samba-3 does not provide Active Directory services. It cannot be used to replace a Microsoft Active Directory - server implementation. Samba-3 can function as an Active Directory client (workstation) toolkit, + server implementation. Samba can function as an Active Directory client (workstation) toolkit, and it can function as an Active Directory domain member server. @@ -1863,7 +1863,7 @@ other::r-x mixed-mode - When Samba-3 is used with Active Directory, is it necessary to run mixed-mode operation, as was + When Samba is used with Active Directory, is it necessary to run mixed-mode operation, as was necessary with Samba-2? @@ -1873,9 +1873,9 @@ other::r-x native - No. Samba-3 can be used with NetBIOS over TCP/IP disabled, just as can be done with Windows 200x + No. Samba can be used with NetBIOS over TCP/IP disabled, just as can be done with Windows 200x Server and 200x/XPPro client products. It is no longer necessary to run mixed-mode operation, - because Samba-3 can join a native Windows 2003 Server ADS domain. + because Samba can join a native Windows 2003 Server ADS domain. @@ -1908,7 +1908,7 @@ other::r-x share ACLs - Is it mandatory to set share ACLs to get a secure Samba-3 server? + Is it mandatory to set share ACLs to get a secure Samba server? @@ -1925,7 +1925,7 @@ other::r-x security - No. Samba-3 honors UNIX/Linux file system security, supports Windows 200x ACLs, and provides + No. Samba honors UNIX/Linux file system security, supports Windows 200x ACLs, and provides means of securing shares through share definition controls in the &smb.conf; file. The additional support for share-level ACLs is like frosting on the cake. It adds to security but is not essential to it. @@ -2017,7 +2017,7 @@ other::r-x Computer Management - In the book, The Official Samba-3 HOWTO and Reference Guide, you recommended use + In the book, The Official Samba HOWTO and Reference Guide, you recommended use of the Windows NT4 Server Manager (part of the SRVTOOLS.EXE) utility. Why have you mentioned only the use of the Windows 200x/XP MMC Computer Management utility? diff --git a/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml b/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml index 3cacc714ab9..44a8cd97d2f 100644 --- a/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml +++ b/docs-xml/Samba3-ByExample/SBE-MakingHappyUsers.xml @@ -363,7 +363,7 @@ clients is conservative and if followed will minimize problems &smbmdash; but it OpenLDAP The implementation of Samba BDCs necessitates the installation and configuration of LDAP. For this site, you use OpenLDAP, the open source software LDAP server platform. Commercial - LDAP servers in current use with Samba-3 include: + LDAP servers in current use with Samba include: @@ -395,7 +395,7 @@ clients is conservative and if followed will minimize problems &smbmdash; but it A word of caution is fully in order. OpenLDAP is purely an LDAP server, and unlike commercial offerings, it requires that you manually edit the server configuration files and manually initialize the LDAP directory database. OpenLDAP itself has only command-line tools to - help you to get OpenLDAP and Samba-3 running as required, albeit with some learning curve challenges. + help you to get OpenLDAP and Samba running as required, albeit with some learning curve challenges. @@ -447,13 +447,13 @@ clients is conservative and if followed will minimize problems &smbmdash; but it if you find the challenge of learning about LDAP directories, schemas, configuration, and management tools and the creation of shell and Perl scripts a bit challenging. OpenLDAP can be easily customized, though it includes - many ready-to-use schemas. Samba-3 provides an OpenLDAP schema file + many ready-to-use schemas. Samba provides an OpenLDAP schema file that is required for use as a passdb backend. interoperability - For those who are willing to brave the process of installing and configuring LDAP and Samba-3 interoperability, + For those who are willing to brave the process of installing and configuring LDAP and Samba interoperability, there are a few nice Web-based tools that may help you to manage your users and groups more effectively. The Web-based tools you might like to consider include the LDAP Account Manager (LAM) and the Webmin-based @@ -519,7 +519,7 @@ clients is conservative and if followed will minimize problems &smbmdash; but it The solution provided is a minimal approach to getting OpenLDAP running as an identity management directory server for UNIX system accounts as well as for Samba. From the OpenLDAP perspective, UNIX system accounts are stored POSIX schema extensions. Samba provides its own schema to permit storage of account - attributes Samba needs. Samba-3 can use the LDAP backend to store: + attributes Samba needs. Samba can use the LDAP backend to store: @@ -539,7 +539,7 @@ clients is conservative and if followed will minimize problems &smbmdash; but it NSS UID nss_ldap - The use of LDAP with Samba-3 makes it necessary to store UNIX accounts as well as Windows Networking + The use of LDAP with Samba makes it necessary to store UNIX accounts as well as Windows Networking accounts in the LDAP backend. This implies the need to use the PADL LDAP tools. The resolution of the UNIX group name to its GID must be enabled from either the /etc/group @@ -857,7 +857,7 @@ clients is conservative and if followed will minimize problems &smbmdash; but it - This book is about Samba-3, so you can confine the printing style to just the smart + This book is about Samba, so you can confine the printing style to just the smart style of installation. Those interested in further information regarding intelligent printing should review documentation on the Easy Software Products Web site. @@ -1249,12 +1249,12 @@ slapd[12164]: conn=1 fd=10 closed - Samba-3 PDC Server Configuration + Samba PDC Server Configuration DHCP and DNS servers OpenLDAP server PAM and NSS client tools - Samba-3 PDC + Samba PDC Idealx smbldap scripts LDAP initialization Create user and group accounts @@ -1265,7 +1265,7 @@ slapd[12164]: conn=1 fd=10 closed Configuration of user rights and privileges - Samba-3 BDC Server Configuration + Samba BDC Server Configuration DHCP and DNS servers PAM and NSS client tools @@ -1383,8 +1383,8 @@ They could just as well be located under the rdn cn=NextFreeUnixId - Samba-3 and OpenLDAP will have a degree of interdependence that is unavoidable. The method - for bootstrapping the LDAP and Samba-3 configuration is relatively straightforward. If you + Samba and OpenLDAP will have a degree of interdependence that is unavoidable. The method + for bootstrapping the LDAP and Samba configuration is relatively straightforward. If you follow these guidelines, the resulting system should work fine. @@ -1781,7 +1781,7 @@ Press enter to see a dump of your service definitions secrets.tdb smbpasswd - Samba-3 communicates with the LDAP server. The password that it uses to + Samba communicates with the LDAP server. The password that it uses to authenticate to the LDAP server must be stored in the secrets.tdb file. Execute the following to create the new secrets.tdb files and store the password for the LDAP Manager: @@ -1797,7 +1797,7 @@ Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb smbd netgetlocalsid - Samba-3 generates a Windows Security Identifier (SID) only when smbd + Samba generates a Windows Security Identifier (SID) only when smbd has been started. For this reason, you start Samba. After a few seconds delay, execute: @@ -1856,7 +1856,7 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 - Your Samba-3 PDC is now ready to communicate with the LDAP password backend. Let's get on with + Your Samba PDC is now ready to communicate with the LDAP password backend. Let's get on with configuration of the LDAP server. @@ -1925,7 +1925,7 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765 Idealxsmbldap-tools - The Idealx scripts, or equivalent, are necessary to permit Samba-3 to manage accounts + The Idealx scripts, or equivalent, are necessary to permit Samba to manage accounts on the LDAP server. You have chosen the Idealx scripts because they are the best-known LDAP configuration scripts. The use of these scripts will help avoid the necessity to create custom scripts. It is easy to download them from the Idealx @@ -2232,7 +2232,7 @@ writing new configuration file: - At this time, Samba-3 requires that on a PDC all UNIX (POSIX) group accounts that are + At this time, Samba requires that on a PDC all UNIX (POSIX) group accounts that are mapped (linked) to Windows domain group accounts must be in the LDAP database. It does not hurt to have UNIX user and group accounts in both the system files as well as in the LDAP database. From a UNIX system perspective, the NSS resolver checks system files before @@ -2295,7 +2295,7 @@ writing new configuration file: directoryPeople container directoryComputers container In the following examples, as the LDAP database is initialized, we do create a container - for Computer (machine) accounts. In the Samba-3 &smb.conf; files, specific use is made + for Computer (machine) accounts. In the Samba &smb.conf; files, specific use is made of the People container, not the Computers container, for domain member accounts. This is not a mistake; it is a deliberate action that is necessitated by the fact that the resolution of a machine (computer) account to a UID is done via NSS. The only way this can be handled is @@ -2672,7 +2672,7 @@ drwx------ 7 stans Domain Users 568 Dec 17 01:43 stans/ ldapsam pdbedit - The final validation step involves making certain that Samba-3 can obtain the user + The final validation step involves making certain that Samba can obtain the user accounts from the LDAP ldapsam passwd backend. Execute the following command as shown: &rootprompt; pdbedit -Lv chrisr @@ -2757,7 +2757,7 @@ PIOps (S-1-5-21-3504140859-1010554828-2431957765-3005) -> PIOps The server you have so carefully built is now ready for another important step. You - start the Samba-3 server and validate its operation. Execute the following to render all + start the Samba server and validate its operation. Execute the following to render all the processes needed fully operative so that, on system reboot, they are automatically started: @@ -2800,7 +2800,7 @@ Joined domain MEGANET2. smbclient - You may now check Samba-3 operation as follows: + You may now check Samba operation as follows: &rootprompt; smbclient -L massive -U% @@ -2858,9 +2858,9 @@ smb: \> q CUPS - The configuration for Samba-3 to enable CUPS raw-print-through printing has already been + The configuration for Samba to enable CUPS raw-print-through printing has already been taken care of in the &smb.conf; file. The only preparation needed for smart - printing to be possible involves creation of the directories in which Samba-3 stores + printing to be possible involves creation of the directories in which Samba stores Windows printing driver files. @@ -2964,7 +2964,7 @@ application/octet-stream - Samba-3 BDC Configuration + Samba BDC Configuration Configuration of BDC Called: <constant>BLDG1</constant> @@ -3054,7 +3054,7 @@ PIOps:x:1002: smbpasswd - You must now set the LDAP administrative password into the Samba-3 secrets.tdb + You must now set the LDAP administrative password into the Samba secrets.tdb file by executing this command: &rootprompt; smbpasswd -w not24get @@ -3065,7 +3065,7 @@ Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb Now you must obtain the domain SID from the PDC and store it into the secrets.tdb file also. This step is not necessary with an LDAP - passdb backend because Samba-3 obtains the domain SID from the + passdb backend because Samba obtains the domain SID from the sambaDomain object it automatically stores in the LDAP backend. It does not hurt to add the SID to the secrets.tdb, and if you wish to do so, this command can achieve that: @@ -3074,7 +3074,7 @@ Setting stored password for "cn=Manager,dc=abmas,dc=biz" in secrets.tdb Storing SID S-1-5-21-3504140859-1010554828-2431957765 \ for Domain MEGANET2 in secrets.tdb - When configuring a Samba-3 BDC that has an LDAP backend, there is no need to take + When configuring a Samba BDC that has an LDAP backend, there is no need to take any special action to join it to the domain. However, winbind communicates with the domain controller that is running on the localhost and must be able to authenticate, thus requiring that the BDC should be joined to the domain. The process of joining @@ -3094,7 +3094,7 @@ Joined domain MEGANET2. pdbedit - Verify that user and group account resolution works via Samba-3 tools as follows: + Verify that user and group account resolution works via Samba tools as follows: &rootprompt; pdbedit -L root:0:root @@ -3123,7 +3123,7 @@ PIOps (S-1-5-21-3504140859-1010554828-2431957765-3005) -> PIOps The server you have so carefully built is now ready for another important step. Now - start the Samba-3 server and validate its operation. Execute the following to render all + start the Samba server and validate its operation. Execute the following to render all the processes needed fully operative so that, upon system reboot, they are automatically started: @@ -3136,7 +3136,7 @@ PIOps (S-1-5-21-3504140859-1010554828-2431957765-3005) -> PIOps &rootprompt; rcsmb start &rootprompt; rcwinbind start - Samba-3 should now be running and is ready for a quick test. But not quite yet! + Samba should now be running and is ready for a quick test. But not quite yet! diff --git a/docs-xml/Samba3-ByExample/SBE-MigrateNT4Samba3.xml b/docs-xml/Samba3-ByExample/SBE-MigrateNT4Samba3.xml index f7ab1d1c1c1..5e5eccacb27 100644 --- a/docs-xml/Samba3-ByExample/SBE-MigrateNT4Samba3.xml +++ b/docs-xml/Samba3-ByExample/SBE-MigrateNT4Samba3.xml @@ -1,12 +1,12 @@ - Migrating NT4 Domain to Samba-3 + Migrating NT4 Domain to Samba Ever since Microsoft announced that it was discontinuing support for Windows NT4, Samba users started to ask for detailed instructions on how to migrate - from NT4 to Samba-3. This chapter provides background information that should + from NT4 to Samba. This chapter provides background information that should meet these needs. @@ -33,7 +33,7 @@ accountsuser accountsgroup accountsmachine - The migration from NT4 to Samba-3 can involve a number of factors, including + The migration from NT4 to Samba can involve a number of factors, including migration of data to another server, migration of network environment controls such as group policies, and migration of the users, groups, and machine accounts. @@ -42,9 +42,9 @@ accountsDomain It should be pointed out now that it is possible to migrate some systems from - a Windows NT4 domain environment to a Samba-3 domain environment. This is certainly + a Windows NT4 domain environment to a Samba domain environment. This is certainly not possible in every case. It is possible to just migrate the domain accounts - to Samba-3 and then to switch machines, but as a hands-off transition, this is more + to Samba and then to switch machines, but as a hands-off transition, this is more the exception than the rule. Most systems require some tweaking after migration before an environment that is acceptable for immediate use is obtained. @@ -58,7 +58,7 @@ ldapsam passdb backend You are about to migrate an MS Windows NT4 domain accounts database to - a Samba-3 server. The Samba-3 server is using a + a Samba server. The Samba-3 server is using a passdb backend based on LDAP. The ldapsam is ideal because an LDAP backend can be distributed for use with BDCs &smbmdash; generally essential for larger networks. @@ -66,7 +66,7 @@ Your objective is to document the process of migrating user and group accounts - from several NT4 domains into a single Samba-3 LDAP backend database. + from several NT4 domains into a single Samba LDAP backend database. @@ -100,8 +100,8 @@ migrationobjectives disruptive - Before commencing an NT4 to Samba-3 migration, you should consider what your objectives are. - While in some cases it is possible simply to migrate an NT4 domain to a single Samba-3 server, + Before commencing an NT4 to Samba migration, you should consider what your objectives are. + While in some cases it is possible simply to migrate an NT4 domain to a single Samba server, that may not be a good idea from an administration perspective. Since the process involves going through a certain amount of disruptive activity anyhow, why not take this opportunity to review the structure of the network, how Windows clients are controlled and how they @@ -116,9 +116,9 @@ have done little to keep the NT4 server environment up to date with more recent Windows releases, particularly Windows XP Professional. The migration provides opportunity to revise and update roaming profile deployment as well as folder redirection. Given that you must port the - greater network configuration of this from the old NT4 server to the new Samba-3 server. + greater network configuration of this from the old NT4 server to the new Samba server. Do not forget to validate the security descriptors in the profiles share as well as network logon - scripts. Feedback from sites that are migrating to Samba-3 suggests that many are using this + scripts. Feedback from sites that are migrating to Samba suggests that many are using this as a good time to update desktop systems also. In all, the extra effort should constitute no real disruption to users, but rather, with due diligence and care, should make their network experience a much happier one. @@ -130,9 +130,9 @@ strategic active directory - Migration of an NT4 domain user and group database to Samba-3 involves a certain strategic + Migration of an NT4 domain user and group database to Samba involves a certain strategic element. Many sites have asked for instructions regarding merging of multiple NT4 - domains into one Samba-3 LDAP database. It seems that this is viewed as a significant + domains into one Samba LDAP database. It seems that this is viewed as a significant added value compared with the alternative of migration to Windows Server 200x and Active Directory. The diagram in illustrates the effect of migration from a Windows NT4 domain to a Samba domain. @@ -210,7 +210,7 @@ Political Issues - The merging of multiple Windows NT4-style domains into a single LDAP-backend-based Samba-3 + The merging of multiple Windows NT4-style domains into a single LDAP-backend-based Samba domain may be seen by those who had power over them as a loss of prestige or a loss of power. The imposition of a single domain may even be seen as a threat. So in migrating and merging account databases, be consciously aware of the political fall-out in which you @@ -219,7 +219,7 @@ The best advice that can be given to those who set out to merge NT4 domains into a single - Samba-3 domain is to promote (sell) the action as one that reduces costs and delivers + Samba domain is to promote (sell) the action as one that reduces costs and delivers greater network interoperability and manageability. @@ -232,7 +232,7 @@ From feedback on the Samba mailing lists, it seems that most Windows NT4 migrations - to Samba-3 are being performed using a new server or a new installation of a Linux or UNIX + to Samba are being performed using a new server or a new installation of a Linux or UNIX server. If you contemplate doing this, please note that the steps that follow in this chapter assume familiarity with the information that has been previously covered in this book. You are particularly encouraged to be familiar with , @@ -240,7 +240,7 @@ - We present here the steps and example output for two NT4 to Samba-3 domain migrations. The + We present here the steps and example output for two NT4 to Samba domain migrations. The first uses an LDAP-based backend, and the second uses a tdbsam backend. In each case the scripts you specify in the &smb.conf; file for the add user script collection of parameters are used to effect the addition of accounts into the passdb backend. @@ -259,7 +259,7 @@ - Prepare the target Samba-3 server. This involves configuring Samba-3 for + Prepare the target Samba server. This involves configuring Samba-3 for migration to either a tdbsam or an ldapsam backend. @@ -283,7 +283,7 @@ - Upgrade the Samba-3 server from a BDC to a PDC, and validate all account + Upgrade the Samba server from a BDC to a PDC, and validate all account information. @@ -296,7 +296,7 @@ NT4 Migration Using LDAP Backend - In this example, the migration is of an NT4 PDC to a Samba-3 PDC with an LDAP backend. The accounts about + In this example, the migration is of an NT4 PDC to a Samba PDC with an LDAP backend. The accounts about to be migrated are shown in . In this example use is made of the smbldap-tools scripts to add the accounts that are migrated into the ldapsam passdb backend. Four scripts are essential to the migration process. Other scripts will be required @@ -400,7 +400,7 @@ -NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: A +NT4 Migration Samba Server <filename>smb.conf</filename> &smbmdash; Part: A DAMNATION @@ -447,7 +447,7 @@ -NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: B +NT4 Migration Samba Server <filename>smb.conf</filename> &smbmdash; Part: B Application Data @@ -664,7 +664,7 @@ Storing SID S-1-5-21-1385457007-882775198-1210191635 \ Another way to obtain the domain SID from the target NT4 domain that is being - migrated to Samba-3 is by executing the following: + migrated to Samba is by executing the following: &rootprompt; net rpc info -S TRANSGRESSION @@ -911,7 +911,7 @@ Replicators:x:552: Now it is time to join the Samba BDC to the target NT4 domain that is being - migrated to Samba-3 by executing the following: + migrated to Samba by executing the following: &rootprompt; net rpc join -S TRANSGRESSION -U Administrator%not24get merlin:/opt/IDEALX/sbin # net rpc join -S TRANSGRESSION \ @@ -1045,7 +1045,7 @@ Users (S-1-5-32-545) -> Users The final responsibility in the migration process is to create identical - shares and printing resources on the new Samba-3 server, copy all data + shares and printing resources on the new Samba server, copy all data across, set up privileges, and set share and file/directory access controls. @@ -1078,7 +1078,7 @@ Press enter to see a dump of your service definitions Now shut down the old NT4 PDC. Only when the old NT4 PDC and all - NT4 BDCs have been shut down can the Samba-3 PDC be started. + NT4 BDCs have been shut down can the Samba PDC be started. @@ -1088,7 +1088,7 @@ Press enter to see a dump of your service definitions - The configuration of Samba-3 BDC servers can be accomplished now or at any + The configuration of Samba BDC servers can be accomplished now or at any convenient time in the future. Please refer to the carefully detailed process for doing so is outlined in . @@ -1215,7 +1215,7 @@ Creating unix group: 'Users' Migration Steps Using tdbsam - Prepare a Samba-3 server precisely per the instructions shown in . + Prepare a Samba server precisely per the instructions shown in . Set the workgroup name to MEGANET. @@ -1395,7 +1395,7 @@ Users Ordinary users Key Points Learned - Migration of an NT4 PDC database to a Samba-3 PDC is possible. + Migration of an NT4 PDC database to a Samba PDC is possible. @@ -1408,12 +1408,12 @@ Users Ordinary users - Multiple NT4 domains can be merged into a single Samba-3 + Multiple NT4 domains can be merged into a single Samba domain. - The net Samba-3 domain most likely requires some + The net Samba domain most likely requires some administration and updating before going live. @@ -1526,7 +1526,7 @@ Users Ordinary users LDAP database - Samba-3 must be able to tie all user and group account SIDs to a UNIX UID or GID. Samba + Samba must be able to tie all user and group account SIDs to a UNIX UID or GID. Samba does not fabricate the UNIX IDs from thin air, but rather requires them to be located in a suitable place. @@ -1631,7 +1631,7 @@ Users Ordinary users machine I want to change my domain name after I migrate all accounts from an NT4 domain to a - Samba-3 domain. Does it make any sense to migrate the machine accounts in that case? + Samba domain. Does it make any sense to migrate the machine accounts in that case? @@ -1648,7 +1648,7 @@ Users Ordinary users I would recommend not to migrate the machine account. The machine accounts should still work, but there are registry entries on each Windows NT4 and upward client that have a tattoo of the old domain name. If you - unjoin the domain and then rejoin the newly renamed Samba-3 domain, you can be certain to avoid + unjoin the domain and then rejoin the newly renamed Samba domain, you can be certain to avoid this tattooing effect. @@ -1661,7 +1661,7 @@ Users Ordinary users multiple group mappings - After merging multiple NT4 domains into a Samba-3 domain, I lost all multiple group mappings. Why? + After merging multiple NT4 domains into a Samba domain, I lost all multiple group mappings. Why? @@ -1672,7 +1672,7 @@ Users Ordinary users /etc/group - Samba-3 currently does not implement multiple group membership internally. If you use the Windows + Samba currently does not implement multiple group membership internally. If you use the Windows NT4 Domain User Manager to manage accounts and you have an LDAP backend, the multiple group membership is stored in the POSIX groups area. If you use either tdbsam or smbpasswd backend, then multiple group membership is handled through the UNIX groups file. When you dump the user @@ -1752,7 +1752,7 @@ Users Ordinary users vampire - My Windows NT4 PDC has 323,000 user accounts. How long will it take to migrate them to a Samba-3 + My Windows NT4 PDC has 323,000 user accounts. How long will it take to migrate them to a Samba LDAP backend system using the vampire process? diff --git a/docs-xml/Samba3-ByExample/SBE-MigrateNW4Samba3.xml b/docs-xml/Samba3-ByExample/SBE-MigrateNW4Samba3.xml index 2664c771e80..68d82265eb2 100644 --- a/docs-xml/Samba3-ByExample/SBE-MigrateNW4Samba3.xml +++ b/docs-xml/Samba3-ByExample/SBE-MigrateNW4Samba3.xml @@ -1,7 +1,7 @@ - Migrating NetWare Server to Samba-3 + Migrating NetWare Server to Samba Novell @@ -136,7 +136,7 @@ grapple with a similar migration challenge. Let there be no confusion, the information presented in this chapter is provided to demonstrate how Misty dealt with a particular NetWare migration requirement, and - it provides an overall approach to the implementation of a Samba-3 + it provides an overall approach to the implementation of a Samba environment that is significantly divergent from that presented in . diff --git a/docs-xml/Samba3-ByExample/SBE-SecureOfficeServer.xml b/docs-xml/Samba3-ByExample/SBE-SecureOfficeServer.xml index 1f677f03d86..63c934e3feb 100644 --- a/docs-xml/Samba3-ByExample/SBE-SecureOfficeServer.xml +++ b/docs-xml/Samba3-ByExample/SBE-SecureOfficeServer.xml @@ -9,14 +9,14 @@ you designed and built a network that provides a high degree of flexibility, integrity, and dependability. It was enough for the basic needs each was designed to fulfill. In this chapter you address a more complex set of needs. The solution you explore - introduces you to basic features that are specific to Samba-3. + introduces you to basic features that are specific to Samba. You should note that a working and secure solution could be implemented using Samba-2.2.x. - In the exercises presented here, you are gradually using more Samba-3-specific features, + In the exercises presented here, you are gradually using more Samba-specific features, so caution is advised for anyone who tries to use Samba-2.2.x with the guidance here given. - To avoid confusion, this book is all about Samba-3. Let's get the exercises in this + To avoid confusion, this book is all about Samba. Let's get the exercises in this chapter underway. @@ -175,7 +175,7 @@ Many of the conclusions you draw here are obvious. Some requirements are not very clear - or may simply be your means of drawing the most out of Samba-3. Much can be done more simply + or may simply be your means of drawing the most out of Samba. Much can be done more simply than you will demonstrate here, but keep in mind that the network must scale to at least 500 users. This means that some functionality will be overdesigned for the current 130-user environment. @@ -234,7 +234,7 @@ The configuration of Web serving, Web proxy services, electronic mail, and the details of generic antivirus handling are beyond the scope of this book and therefore are not - covered except insofar as this affects Samba-3. + covered except insofar as this affects Samba. @@ -788,7 +788,7 @@ echo -e "\nNAT firewall done.\n" Samba Configuration Steps - Install the Samba-3 binary RPM from the Samba-Team FTP site. Assuming that the binary + Install the Samba binary RPM from the Samba-Team FTP site. Assuming that the binary RPM file is called samba-3.0.20-1.i386.rpm, one way to install this file is as follows: @@ -2461,7 +2461,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds The guideline provided in TOSHARG2, Chapter 10, Section 10.1.2, is to limit the number of accounts in the tdbsam backend to 250. This is the point - at which most networks tend to want backup domain controllers (BDCs). Samba-3 does + at which most networks tend to want backup domain controllers (BDCs). Samba does not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The limitation of 250 users per tdbsam is predicated only on the need for replication, not on the limitsBench tests have shown that tdbsam is a very @@ -2540,11 +2540,11 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds - The default order by which Samba-3 attempts to communicate with MS Windows clients is via port 445 (the TCP port + The default order by which Samba attempts to communicate with MS Windows clients is via port 445 (the TCP port used by Windows clients when NetBIOS-less SMB over TCP/IP is in use). TCP port 139 is the primary port used for NetBIOS over TCP/IP. In this configuration Windows network operations are predicated around NetBIOS over TCP/IP. By specifying the use of only port 139, the intent is to reduce unsuccessful service connection attempts. - The result of this is improved network performance. Where Samba-3 is installed as an Active Directory Domain + The result of this is improved network performance. Where Samba is installed as an Active Directory Domain member, the default behavior is highly beneficial and should not be changed. diff --git a/docs-xml/Samba3-ByExample/SBE-SimpleOfficeServer.xml b/docs-xml/Samba3-ByExample/SBE-SimpleOfficeServer.xml index f25ed5c5e80..8b3038acd29 100644 --- a/docs-xml/Samba3-ByExample/SBE-SimpleOfficeServer.xml +++ b/docs-xml/Samba3-ByExample/SBE-SimpleOfficeServer.xml @@ -18,7 +18,7 @@ This chapter lays the groundwork for understanding the basics of Samba operation. Instead of a bland technical discussion, each principle is demonstrated by way of a real-world scenario for which a working solutionThe examples given mirror those documented - in The Official Samba-3 HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 2, Section 2.3.1. You may gain additional + in The Official Samba HOWTO and Reference Guide, Second Edition (TOSHARG2) Chapter 2, Section 2.3.1. You may gain additional insight from the standalone server configurations covered in TOSHARG2, sections 2.3.1.2 through 2.3.1.4. is fully described. @@ -147,7 +147,7 @@ Samba Server Configuration - Download the Samba-3 RPM packages for Red Hat Fedora Core2 from the Samba + Download the Samba RPM packages for Red Hat Fedora Core2 from the Samba FTP servers. @@ -556,7 +556,7 @@ Password changed directories are created with the same owner and group as the directory in which they are created. Any new directories created still have the same owner, group, and permissions as the directory they are in. This should eliminate all permissions-based file access problems. For - more information on this subject, refer to TOSHARG2The Official Samba-3 HOWTO and + more information on this subject, refer to TOSHARG2The Official Samba HOWTO and Reference Guide, Chapter 15, File, Directory and Share Access Controls. or refer to the UNIX man page for the chmod and the chown commands. @@ -564,7 +564,7 @@ Password changed Install the &smb.conf; file shown in in the /etc/samba directory. This newer &smb.conf; file uses user-mode security - and is more suited to the mode of operation of Samba-3 than the older share-mode security + and is more suited to the mode of operation of Samba than the older share-mode security configuration that was shown in the first edition of this book. @@ -1097,7 +1097,7 @@ C:\WINDOWS: regedit ME-dpwc.reg - Migration from Windows NT4 Workstation System to Samba-3 + Migration from Windows NT4 Workstation System to Samba migration @@ -1113,7 +1113,7 @@ C:\WINDOWS: regedit ME-dpwc.reg - Install the latest Samba-3 binary Red Hat Linux RPM that is available from the + Install the latest Samba binary Red Hat Linux RPM that is available from the Samba FTP site. @@ -1248,8 +1248,8 @@ application/octet-stream - Verify that the files are being copied correctly from the Windows NT4 machine to the Samba-3 server. - This is best done on the Samba-3 server. Check the contents of the directory tree under + Verify that the files are being copied correctly from the Windows NT4 machine to the Samba server. + This is best done on the Samba server. Check the contents of the directory tree under /data by executing the following command: &rootprompt; ls -aR /data diff --git a/docs-xml/Samba3-ByExample/SBE-TheSmallOffice.xml b/docs-xml/Samba3-ByExample/SBE-TheSmallOffice.xml index 625cfed2194..9569013a2e4 100644 --- a/docs-xml/Samba3-ByExample/SBE-TheSmallOffice.xml +++ b/docs-xml/Samba3-ByExample/SBE-TheSmallOffice.xml @@ -173,7 +173,7 @@ The &smb.conf; file you are creating in this exercise can be used with equal effectiveness with Samba-2.2.x series releases. This is deliberate so that in the next chapter it is possible to start with the installation that you have created here, migrate it - to a Samba-3 configuration, and then secure the system further. Configurations following + to a Samba configuration, and then secure the system further. Configurations following this one utilize features that may not be supported in Samba-2.2.x releases. However, you should note that the examples in each chapter start with the assumption that a fresh new installation is being effected. @@ -316,7 +316,7 @@ - Install the Samba-3 binary RPM from the Samba-Team FTP site. + Install the Samba binary RPM from the Samba-Team FTP site. @@ -1138,7 +1138,7 @@ smb: \> q - Samba-3 does not permit a Domain Group to become visible to Domain network clients unless the account + Samba does not permit a Domain Group to become visible to Domain network clients unless the account has a UNIX group account equivalent. The Domain groups that should be given UNIX equivalents are Domain Guests, Domain Users, and Domain Admins. @@ -1221,7 +1221,7 @@ smb: \> q If it becomes necessary to change either the server name or the Domain name, be sure to back up the respective - SID before the change is made. You can back up the SID using the net getlocalsid (Samba-3) + SID before the change is made. You can back up the SID using the net getlocalsid (Samba) or the smbpasswd (Samba-2.2.x). To change the SID, you use the same tool. Be sure to check the man page for this command for detailed instructions regarding the steps involved. @@ -1240,13 +1240,13 @@ smb: \> q - Samba-3 implements a Windows NT4-style security domain architecture. This type of Domain cannot + Samba implements a Windows NT4-style security domain architecture. This type of Domain cannot be managed using tools present on a Windows XP Professional installation. You may download from the Microsoft Web site the SRVTOOLS.EXE package. Extract it into the directory from which you wish to use it. This package extracts the tools: User Manager for Domains, Server Manager, and Event - Viewer. You may use the User Manager for Domains to manage your Samba-3 + Viewer. You may use the User Manager for Domains to manage your Samba Domain user and group accounts. Of course, you do need to be logged on as the Administrator - for the Samba-3 Domain. It may help to log on as the root account. + for the Samba Domain. It may help to log on as the root account. diff --git a/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml b/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml index 239ad3e7c39..8c738c65033 100644 --- a/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml +++ b/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml @@ -1,7 +1,7 @@ -Updating Samba-3 +Updating Samba migrate @@ -16,9 +16,9 @@ installing a new Samba server to replace an older existing Samba server. smbpasswd passdb backend -There has also been much talk about migration of Samba-3 from an smbpasswd +There has also been much talk about migration of Samba from an smbpasswd passdb backend to the use of the tdbsam or ldapsam facilities that are new -to Samba-3. +to Samba. @@ -231,7 +231,7 @@ caution was on the side of the victor. stand-alone server SAS SID - In Samba-3 on a domain controller (PDC or BDC), the domain name controls the domain + In Samba on a domain controller (PDC or BDC), the domain name controls the domain SID. On all prior versions the hostname (computer name, or NetBIOS name) controlled the SID. On a standalone server the hostname still controls the SID. @@ -239,7 +239,7 @@ caution was on the side of the victor. netgetlocalsid netsetlocalsid - The local machine SID can be backed up using this procedure (Samba-3): + The local machine SID can be backed up using this procedure (Samba): &rootprompt; net getlocalsid > /etc/samba/my-local-SID @@ -261,7 +261,7 @@ SID for domain FRODO is: S-1-5-21-726309263-4128913605-1168186429 Where the secrets.tdb file exists and a version of Samba 2.x or later - has been used, there is no specific need to go through this update process. Samba-3 has the + has been used, there is no specific need to go through this update process. Samba has the ability to read the older tdb file and to perform an in-situ update to the latest tdb format. This is not a reversible process &smbmdash; it is a one-way upgrade. @@ -295,7 +295,7 @@ SID for domain FRODO is: S-1-5-21-726309263-4128913605-1168186429 &rootprompt; rpcclient hostname lsaquery -Uroot%password - This can also be done with Samba-3 by executing: + This can also be done with Samba by executing: &rootprompt; net rpc info -Uroot%password Domain Name: MIDEARTH @@ -430,7 +430,7 @@ Num local groups: 0 compile-time - Samba-3 provides a neat new way to track the location of all control files as well as to + Samba provides a neat new way to track the location of all control files as well as to find the compile-time options used as the Samba package was built. Here is how the dark secrets of the internals of the location of control files within Samba executables can be uncovered: @@ -481,7 +481,7 @@ Paths: codepage internationalization Samba-2.x had no support for Unicode; instead, all national language character-set support in file names - was done using particular locale codepage mapping techniques. Samba-3 supports Unicode in file names, thus + was done using particular locale codepage mapping techniques. Samba supports Unicode in file names, thus providing true internationalization support. @@ -495,7 +495,7 @@ Paths: UTF-8 - Files that are created with Samba-3 will use UTF-8 encoding. Should the file system ever end up with a + Files that are created with Samba will use UTF-8 encoding. Should the file system ever end up with a mix of codepage (unix charset)-encoded file names and UTF-8-encoded file names, the mess will take some effort to set straight. @@ -681,7 +681,7 @@ Samba-2.x could be compiled with LDAP support. parameters - The following parameters are new to Samba-3 and should be correctly configured. + The following parameters are new to Samba and should be correctly configured. Please refer to through in this book for examples of use of the new parameters shown here: add group script @@ -709,7 +709,7 @@ Samba-2.x could be compiled with LDAP support. add machine script add user script The add machine script functionality was previously - handled by the add user script, which in Samba-3 is + handled by the add user script, which in Samba is used exclusively to add user accounts. @@ -748,7 +748,7 @@ Samba-2.x could be compiled with LDAP support. Samba version 2.x could be compiled for use either with or without LDAP. The LDAP control settings in the &smb.conf; file in this old version are - completely different (and less complete) than they are with Samba-3. This + completely different (and less complete) than they are with Samba. This means that after migrating the control files, it is necessary to reconfigure the LDAP settings entirely. @@ -911,20 +911,20 @@ the procedure outlined above. - Samba-3 to Samba-3 Updates on the Same Server + Samba to Samba-3 Updates on the Same Server The guidance in this section deals with updates to an existing - Samba-3 server installation. + Samba server installation. Updating from Samba Versions Earlier than 3.0.5 - With the provision that the binary Samba-3 package has been built - with the same path and feature settings as the existing Samba-3 - package that is being updated, an update of Samba-3 versions 3.0.0 + With the provision that the binary Samba package has been built + with the same path and feature settings as the existing Samba + package that is being updated, an update of Samba versions 3.0.0 through 3.0.4 can be updated to 3.0.5 without loss of functionality and without need to change either the &smb.conf; file or, where used, the LDAP schema. @@ -938,9 +938,9 @@ the procedure outlined above. schema LDAPschema - When updating versions of Samba-3 prior to 3.0.6 to 3.0.6 through 3.0.10, + When updating versions of Samba prior to 3.0.6 to 3.0.6 through 3.0.10, it is necessary only to update the LDAP schema (where LDAP is used). - Always use the LDAP schema file that is shipped with the latest Samba-3 + Always use the LDAP schema file that is shipped with the latest Samba update. @@ -1002,7 +1002,7 @@ back to searching the 'ldap suffix' in some cases. - Migrating Samba-3 to a New Server + Migrating Samba to a New Server The two most likely candidates for replacement of a server are diff --git a/docs-xml/Samba3-ByExample/SBE-preface.xml b/docs-xml/Samba3-ByExample/SBE-preface.xml index fe469b83849..d7c873e8aae 100644 --- a/docs-xml/Samba3-ByExample/SBE-preface.xml +++ b/docs-xml/Samba3-ByExample/SBE-preface.xml @@ -15,8 +15,8 @@ This book is your means to the straight path. It provides step-by-step, proven, working examples of Samba deployments. If you want to deploy - Samba-3 with the least effort, or if you want to become an expert at deploying - Samba-3 without having to search through lots of documentation, this + Samba with the least effort, or if you want to become an expert at deploying + Samba without having to search through lots of documentation, this book is the ticket to your destination. @@ -41,7 +41,7 @@ - The focus of attention in this book is Samba-3. Specific notes are made in + The focus of attention in this book is Samba. Specific notes are made in respect of how Samba may be made secure. This book does not attempt to provide detailed information regarding secure operation and configuration of peripheral services and applications such as OpenLDAP, DNS and DHCP, the need for which @@ -74,7 +74,7 @@ environmental contexts, providing documented step-by-step implementations. All example case configuration files, scripts, and other tools are provided on the CD-ROM. This book is descriptive, provides detailed diagrams, and - makes deployment of Samba-3 a breeze. + makes deployment of Samba a breeze. @@ -86,7 +86,7 @@ and enhancements between samba-3.0.2 and samba-3.0.14 (the current release) that necessitate this documentation update. This update has the specific intent to refocus this book so that its guidance can be followed for samba-3.0.20 - and beyond. Further changes are expected as Samba-3 matures further and will + and beyond. Further changes are expected as Samba matures further and will be reflected in future updates. @@ -455,7 +455,7 @@ - Chapter 8 &smbmdash; Updating Samba-3. + Chapter 8 &smbmdash; Updating Samba. This chapter is the result of repeated requests for better documentation of the steps that must be followed when updating or upgrading a Samba server. It attempts to cover @@ -472,7 +472,7 @@ - Chapter 9 &smbmdash; Migrating NT4 Domain to Samba-3. + Chapter 9 &smbmdash; Migrating NT4 Domain to Samba. Another six months have passed. Abmas has acquired yet another company. You will find a way to migrate all users off the old network onto the existing network without loss @@ -491,7 +491,7 @@ Chapter 10 &smbmdash; Migrating NetWare 4.11 Server to Samba. Misty Stanley-Jones has contributed information that summarizes her experience at migration - from a NetWare server to Samba-3. + from a NetWare server to Samba. TechInfo &smbmdash; The documentation provided demonstrates @@ -522,7 +522,7 @@ Chapter 12 &smbmdash; Integrating Additional Services. - The battle is almost over, Samba-3 has won the day. Your team are delighted and now you + The battle is almost over, Samba has won the day. Your team are delighted and now you find yourself at yet another cross-roads. Abmas have acquired a snack food business, you made promises you must keep. IT costs must be reduced, you have new resistance, but you will win again. This time you choose to install the Squid proxy server to validate the @@ -532,7 +532,7 @@ TechInfo &smbmdash; Samba provides the ntlm_auth module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web - and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated + and FTP proxy server. You will configure Samba as well as Squid to deliver authenticated access control using the Active Directory Domain user security credentials. diff --git a/docs-xml/Samba3-ByExample/index.xml b/docs-xml/Samba3-ByExample/index.xml index aaa66a0f409..7650af82dc9 100644 --- a/docs-xml/Samba3-ByExample/index.xml +++ b/docs-xml/Samba3-ByExample/index.xml @@ -90,13 +90,13 @@ the Samba web site. Domain Members, Updating Samba and Migration -This section Samba-3 by Example covers two main topics: How to add -Samba Domain Member Servers and Samba Domain Member Clients to a Samba domain, the other -subject is that of how to migrate from and NT4 Domain, a NetWare server, or from an earlier -Samba version to environments that use the most recent Samba-3 release. - - - +This section Samba-3 by Example covers two main topics: How to add +Samba Domain Member Servers and Samba Domain Member Clients to a Samba domain, the other +subject is that of how to migrate from and NT4 Domain, a NetWare server, or from an earlier +Samba version to environments that use the most recent Samba release. + + + Those who are making use of the chapter on Adding UNIX clients and servers running Samba to a Samba or a Windows networking domain may also benefit by referring to the book The Official Samba-3 HOWTO and Reference Guide. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml index 6096975772d..69ef78cfda2 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -54,7 +54,7 @@ decade-old MS Windows NT operating system. network administrator The purpose of this chapter is to present each of the points of control that are possible with -Samba-3 in the hope that this will help the network administrator to find the optimum method +Samba in the hope that this will help the network administrator to find the optimum method for delivering the best environment for MS Windows desktop users. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml index 9b693686143..18fdad0e771 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml @@ -33,8 +33,8 @@ we will do our best to provide a solution. BDC LDAPslave scalability -Samba-3 can act as a Backup Domain Controller (BDC) to another Samba Primary Domain Controller (PDC). A -Samba-3 PDC can operate with an LDAP account backend. The LDAP backend can be either a common master LDAP +Samba can act as a Backup Domain Controller (BDC) to another Samba Primary Domain Controller (PDC). A +Samba PDC can operate with an LDAP account backend. The LDAP backend can be either a common master LDAP server or a slave server. The use of a slave LDAP server has the benefit that when the master is down, clients may still be able to log onto the network. This effectively gives Samba a high degree of scalability and is an effective solution for large organizations. If you use an LDAP slave server for a PDC, you will need to @@ -47,7 +47,7 @@ you will have stability and operational problems. replicationSAM non-LDAPbackend propagate -It is not possible to run a Samba-3 BDC with a non-LDAP backend, as that backend must allow some form of +It is not possible to run a Samba BDC with a non-LDAP backend, as that backend must allow some form of "two-way" propagation of changes from the BDC to the master. At this time only LDAP delivers the capability to propagate identity database changes from the BDC to the PDC. The BDC can use a slave LDAP server, while it is preferable for the PDC to use as its primary an LDAP master server. @@ -175,8 +175,8 @@ trigger them to obtain the update and then apply that to their own copy of the S SAMdelta file PDC BDC -Samba-3 cannot participate in true SAM replication and is therefore not able to -employ precisely the same protocols used by MS Windows NT4. A Samba-3 BDC will +Samba cannot participate in true SAM replication and is therefore not able to +employ precisely the same protocols used by MS Windows NT4. A Samba BDC will not create SAM update delta files. It will not interoperate with a PDC (NT4 or Samba) to synchronize the SAM from delta files that are held by BDCs. @@ -184,8 +184,8 @@ to synchronize the SAM from delta files that are held by BDCs. PDC BDC -Samba-3 cannot function as a BDC to an MS Windows NT4 PDC, and Samba-3 cannot -function correctly as a PDC to an MS Windows NT4 BDC. Both Samba-3 and MS Windows +Samba cannot function as a BDC to an MS Windows NT4 PDC, and Samba-3 cannot +function correctly as a PDC to an MS Windows NT4 BDC. Both Samba and MS Windows NT4 can function as a BDC to its own type of PDC. @@ -208,7 +208,7 @@ maintenance of domain security as well as in network integrity. In the event that the NT4 PDC should need to be taken out of service, or if it dies, one of the NT4 BDCs can be promoted to a PDC. If this happens while the original NT4 PDC is online, it is automatically demoted to an NT4 BDC. This is an important aspect of domain controller management. The tool that is used to effect a -promotion or a demotion is the Server Manager for Domains. It should be noted that Samba-3 BDCs cannot be +promotion or a demotion is the Server Manager for Domains. It should be noted that Samba BDCs cannot be promoted in this manner because reconfiguration of Samba requires changes to the &smb.conf; file. It is easy enough to manuall change the &smb.conf; file and then restart relevant Samba network services. @@ -619,7 +619,7 @@ shared. The BDC will however depend on local resolution of UIDs and GIDs via NSS ID mapping domain member server idmap backend -Samba-3 has introduced a new ID mapping facility. One of the features of this facility is that it +Samba has introduced a new ID mapping facility. One of the features of this facility is that it allows greater flexibility in how user and group IDs are handled in respect to NT domain user and group SIDs. One of the new facilities provides for explicitly ensuring that UNIX/Linux UID and GID values will be consistent on the PDC, all BDCs, and all domain member servers. The parameter that controls this diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml index f46cc8e1811..0352c06972b 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml @@ -120,7 +120,7 @@ Those who elect to create multiple Samba servers should have the ability to read the Samba source code, and to modify it as needed. This mode of deployment is considered beyond the scope of this book. However, if someone will contribute more comprehensive documentation we will gladly review it, and if it is suitable extend this section of this chapter. Until such documentation becomes available the hosting -of multiple samba servers on a single host is considered not supported for Samba-3 by the Samba Team. +of multiple samba servers on a single host is considered not supported for Samba by the Samba Team. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml index 11f79f7e4da..1c2d5c2b5d5 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml @@ -55,7 +55,7 @@ server) or a Samba server a member of an MS Windows domain security context. ADS domain control Server TypeDomain Member -Samba-3 can join an MS Windows NT4-style domain as a native member server, an +Samba can join an MS Windows NT4-style domain as a native member server, an MS Windows Active Directory domain as a native member server, or a Samba domain control network. Domain membership has many advantages: @@ -193,7 +193,7 @@ as follows: /etc/passwd A corresponding UNIX account, typically stored in /etc/passwd. Work is in progress to allow a simplified mode of operation that does not require UNIX user accounts, but this has not been a feature - of the early releases of Samba-3, and is not currently planned for release either. + of the early releases of Samba, and is not currently planned for release either. @@ -606,7 +606,7 @@ and be fully trusted by it. -Joining an NT4-type Domain with Samba-3 +Joining an NT4-type Domain with Samba Assumptions lists names that are used in the remainder of this chapter. @@ -807,7 +807,7 @@ but in most cases the following will suffice: ADSActive Directory KDC Kerberos -This is a rough guide to setting up Samba-3 with Kerberos authentication against a +This is a rough guide to setting up Samba with Kerberos authentication against a Windows 200x KDC. A familiarity with Kerberos is assumed. @@ -1007,7 +1007,7 @@ On the UNIX/Linux system, this command must be executed by an account that has U kinit netadsjoin When making a Windows client a member of an ADS domain within a complex organization, you -may want to create the machine trust account within a particular organizational unit. Samba-3 permits +may want to create the machine trust account within a particular organizational unit. Samba permits this to be done using the following syntax: &rootprompt; kinit Administrator@your.kerberos.REALM diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml index 13a212b3858..913022e730b 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml @@ -875,16 +875,16 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false A more scalable domain control authentication backend option might use - Microsoft Active Directory or an LDAP-based backend. Samba-3 provides - for both options as a domain member server. As a PDC, Samba-3 is not able to provide + Microsoft Active Directory or an LDAP-based backend. Samba provides + for both options as a domain member server. As a PDC, Samba is not able to provide an exact alternative to the functionality that is available with Active Directory. - Samba-3 can provide a scalable LDAP-based PDC/BDC solution. + Samba can provide a scalable LDAP-based PDC/BDC solution. The tdbsam authentication backend provides no facility to replicate the contents of the database, except by external means (i.e., there is no self-contained protocol - in Samba-3 for Security Account Manager database [SAM] replication). + in Samba for Security Account Manager database [SAM] replication). @@ -897,7 +897,7 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false The engineering office network server we present here is designed to demonstrate use of the new tdbsam password backend. The tdbsam - facility is new to Samba-3. It is designed to provide many user and machine account controls + facility is new to Samba. It is designed to provide many user and machine account controls that are possible with Microsoft Windows NT4. It is safe to use this in smaller networks. @@ -1047,7 +1047,7 @@ net groupmap add ntgroup="QA Team" unixgroup=qateam type=d A Big Organization - In this section we finally get to review in brief a Samba-3 configuration that + In this section we finally get to review in brief a Samba configuration that uses a Lightweight Directory Access (LDAP)-based authentication backend. The main reasons for this choice are to provide the ability to host primary and Backup Domain Control (BDC), as well as to enable a higher degree of @@ -1058,7 +1058,7 @@ net groupmap add ntgroup="QA Team" unixgroup=qateam type=d The Primary Domain Controller - This is an example of a minimal configuration to run a Samba-3 PDC + This is an example of a minimal configuration to run a Samba PDC using an LDAP authentication backend. It is assumed that the operating system has been correctly configured. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml index e2a0abcfd84..300534353cd 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml @@ -406,7 +406,7 @@ - For Samba-3 domain controllers and domain member servers/clients. + For Samba domain controllers and domain member servers/clients. To manage domain member Windows workstations. @@ -489,7 +489,7 @@ When first installed, Windows NT4/200x/XP are preconfigured with certain user, group, and alias entities. Each has a well-known RID. These must be preserved for continued integrity of operation. Samba must be provisioned with certain essential domain groups that require - the appropriate RID value. When Samba-3 is configured to use tdbsam, the essential + the appropriate RID value. When Samba is configured to use tdbsam, the essential domain groups are automatically created. It is the LDAP administrator's responsibility to create (provision) the default NT groups. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml b/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml index 89bdec7f6da..91f7a66ad01 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml @@ -17,7 +17,7 @@ GID The Microsoft Windows operating system has a number of features that impose specific challenges to interoperability with the operating systems on which Samba is implemented. This chapter deals -explicitly with the mechanisms Samba-3 (version 3.0.8 and later) uses to overcome one of the +explicitly with the mechanisms Samba (version 3.0.8 and later) uses to overcome one of the key challenges in the integration of Samba servers into an MS Windows networking environment. This chapter deals with identity mapping (IDMAP) of Windows security identifiers (SIDs) to UNIX UIDs and GIDs. @@ -120,8 +120,8 @@ on Server Types and Security Modes. NT4 SID Active Directory - Samba-3 can act as a Windows NT4 PDC or BDC, thereby providing domain control protocols that - are compatible with Windows NT4. Samba-3 file and print sharing protocols are compatible with + Samba can act as a Windows NT4 PDC or BDC, thereby providing domain control protocols that + are compatible with Windows NT4. Samba file and print sharing protocols are compatible with all versions of MS Windows products. Windows NT4, as with MS Active Directory, extensively makes use of Windows SIDs. @@ -130,7 +130,7 @@ on Server Types and Security Modes. MS Windows SID UID GID - Samba-3 domain member servers and clients must interact correctly with MS Windows SIDs. Incoming + Samba domain member servers and clients must interact correctly with MS Windows SIDs. Incoming Windows SIDs must be translated to local UNIX UIDs and GIDs. Outgoing information from the Samba server must provide to MS Windows clients and servers appropriate SIDs. @@ -235,7 +235,7 @@ on Server Types and Security Modes. server that is a member of a Windows NT4 domain or an ADS domain. A typical example is an appliance like file server on which no local accounts are configured and winbind is used to obtain account credentials from the domain controllers for the - domain. The domain control can be provided by Samba-3, MS Windows NT4, or MS Windows + domain. The domain control can be provided by Samba, MS Windows NT4, or MS Windows Active Directory. @@ -452,7 +452,7 @@ on Server Types and Security Modes. IDMAP information can be written directly to the LDAP server so long as all domain controllers - have access to the master (writable) LDAP server. Samba-3 at this time does not handle LDAP redirects + have access to the master (writable) LDAP server. Samba at this time does not handle LDAP redirects in the IDMAP backend. This means that it is is unsafe to use a slave (replicate) LDAP server with the IDMAP facility. @@ -819,7 +819,7 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash ADAM ADS - The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains and + The storage of IDMAP information in LDAP can be used with both NT4/Samba-style domains and ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any standards-complying LDAP server can be used. It is therefore possible to deploy this IDMAP configuration using the Sun iPlanet LDAP server, Novell eDirectory, Microsoft ADS plus ADAM, @@ -855,7 +855,7 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash realm - In the case of an NT4 or Samba-3-style domain the realm is not used, and the + In the case of an NT4 or Samba-style domain the realm is not used, and the command used to join the domain is net rpc join. The above example also demonstrates advanced error-reporting techniques that are documented in Reporting Bugs. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml index 88e0ed8e13d..3209266602b 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml @@ -123,12 +123,12 @@ TDB Database File Information - This section contains brief descriptions of the databases that are used by Samba-3. + This section contains brief descriptions of the databases that are used by Samba. tdb file locations - The directory in which Samba stores the tdb files is determined by compile-time directives. Samba-3 stores + The directory in which Samba stores the tdb files is determined by compile-time directives. Samba stores tdb files in two locations. The best way to determine these locations is to execute the following command: @@ -136,7 +136,7 @@ PRIVATE_DIR: /etc/samba/private This means that the confidential tdb files are stored in the /etc/samba/private - directory. Samba-3 also uses a number of tdb files that contain more mundane data. The location of + directory. Samba also uses a number of tdb files that contain more mundane data. The location of these files can be found by executing: &rootprompt; smbd -b | grep LOCKDIR diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml b/docs-xml/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml index 3ea527ba5e1..7f9a1c82fa5 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml @@ -27,11 +27,11 @@ trust relationships ADS LDAP-based -Samba-3 supports NT4-style domain trust relationships. This is a feature that many sites -will want to use if they migrate to Samba-3 from an NT4-style domain and do not want to +Samba supports NT4-style domain trust relationships. This is a feature that many sites +will want to use if they migrate to Samba from an NT4-style domain and do not want to adopt Active Directory or an LDAP-based authentication backend. This chapter explains some background information regarding trust relationships and how to create them. It is now -possible for Samba-3 to trust NT4 (and vice versa), as well as to create Samba-to-Samba +possible for Samba to trust NT4 (and vice versa), as well as to create Samba-to-Samba trusts. @@ -74,7 +74,7 @@ trusted domain. scalability trust relationships -Samba-3 can participate in Samba-to-Samba as well as in Samba-to-MS Windows NT4-style +Samba can participate in Samba-to-Samba as well as in Samba-to-MS Windows NT4-style trust relationships. This imparts to Samba scalability similar to that with MS Windows NT4. @@ -84,7 +84,7 @@ trust relationships. This imparts to Samba scalability similar to that with MS W LDAP interdomain trusts ADS -Given that Samba-3 can function with a scalable backend authentication database such as LDAP, and given its +Given that Samba can function with a scalable backend authentication database such as LDAP, and given its ability to run in primary as well as backup domain control modes, the administrator would be well-advised to consider alternatives to the use of interdomain trusts simply because, by the very nature of how trusts function, this system is fragile. That was, after all, a key reason for the development and adoption of @@ -165,7 +165,7 @@ Relationships are explicit and not transitive. New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way by default. Also, all inter-ADS domain trusts are transitive. In the case of the red, white, and blue domains, with Windows 2000 and ADS, the red and blue domains can trust each other. This is an inherent feature of ADS -domains. Samba-3 implements MS Windows NT4-style interdomain trusts and interoperates with MS Windows 200x ADS +domains. Samba implements MS Windows NT4-style interdomain trusts and interoperates with MS Windows 200x ADS security domains in similar manner to MS Windows NT4-style domains. @@ -339,7 +339,7 @@ is at an early stage, so do not be surprised if something does not function as i Windows NT4 Server between domains Each of the procedures described next assumes the peer domain in the trust relationship is controlled by a -Windows NT4 server. However, the remote end could just as well be another Samba-3 domain. It can be clearly +Windows NT4 server. However, the remote end could just as well be another Samba domain. It can be clearly seen, after reading this document, that combining Samba-specific parts of what's written in the following sections leads to trust between domains in a purely Samba environment. @@ -590,7 +590,7 @@ Create a single-sided trust under the NT4 Domain User Manager, then execute: -It works with Samba-3 and NT4 domains, and also with Samba-3 and Windows 200x ADS in mixed mode. +It works with Samba and NT4 domains, and also with Samba-3 and Windows 200x ADS in mixed mode. Both domain controllers, Samba and NT must have the same WINS server; otherwise, the trust will never work. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-IntroSMB.xml b/docs-xml/Samba3-HOWTO/TOSHARG-IntroSMB.xml index dec4638e5b0..4b259057edf 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-IntroSMB.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-IntroSMB.xml @@ -72,7 +72,7 @@ should have no difficulty finding answers to your current concerns also. The real people behind Samba are users like you. You have inspired the developers (the Samba Team) to do more than any of them imagined could or should - be done. User feedback drives Samba development. Samba-3 in particular incorporates + be done. User feedback drives Samba development. Samba in particular incorporates a huge amount of work done as a result of user requests, suggestions and direct code contributions. @@ -132,7 +132,7 @@ should have no difficulty finding answers to your current concerns also. Existing Samba books are largely addressed to the UNIX administrator. From the perspective of this target group the existing books serve - an adequate purpose, with one exception &smbmdash; now that Samba-3 is out + an adequate purpose, with one exception &smbmdash; now that Samba is out they need to be updated! @@ -162,7 +162,7 @@ should have no difficulty finding answers to your current concerns also. General Installation - Designed to help you get Samba-3 running quickly. + Designed to help you get Samba running quickly. The Fast Start chapter is a direct response to requests from Microsoft network administrators for some sample configurations that just work. @@ -181,7 +181,7 @@ should have no difficulty finding answers to your current concerns also. Advanced Configuration The mechanics of network browsing have long been the Achilles heel of - all Microsoft Windows users. Samba-3 introduces new user and machine + all Microsoft Windows users. Samba introduces new user and machine account management facilities, a new way to map UNIX groups and Windows groups, Interdomain trusts, new loadable file system drivers (VFS), and more. New with this document is expanded printing documentation, as well @@ -215,7 +215,7 @@ should have no difficulty finding answers to your current concerns also. -Welcome to Samba-3 and the first published document to help you and your users to enjoy a whole +Welcome to Samba and the first published document to help you and your users to enjoy a whole new world of interoperability between Microsoft Windows and the rest of the world. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-NT4Migration.xml b/docs-xml/Samba3-HOWTO/TOSHARG-NT4Migration.xml index 2688e060ac6..698ff75f06a 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-NT4Migration.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-NT4Migration.xml @@ -6,13 +6,13 @@ April 3, 2003 -Migration from NT4 PDC to Samba-3 PDC +Migration from NT4 PDC to Samba PDC migrate domain control This is a rough guide to assist those wishing to migrate from NT4 domain control to -Samba-3-based domain control. +Samba-based domain control. @@ -27,7 +27,7 @@ and planned for. Then again, good planning will anticipate most show-stopper-typ migration plan -Those wishing to migrate from MS Windows NT4 domain control to a Samba-3 domain control +Those wishing to migrate from MS Windows NT4 domain control to a Samba domain control environment would do well to develop a detailed migration plan. So here are a few pointers to help migration get underway. @@ -38,7 +38,7 @@ help migration get underway. migration process The key objective for most organizations is to make the migration from MS Windows NT4 -to Samba-3 domain control as painless as possible. One of the challenges you may experience +to Samba domain control as painless as possible. One of the challenges you may experience in your migration process may well be convincing management that the new environment should remain in place. Many who have introduced open source technologies have experienced pressure to return to a Microsoft-based platform solution at the first sign of trouble. @@ -46,7 +46,7 @@ pressure to return to a Microsoft-based platform solution at the first sign of t change motivations -Before attempting a migration to a Samba-3-controlled network, make every possible effort to +Before attempting a migration to a Samba-controlled network, make every possible effort to gain all-round commitment to the change. Know precisely why the change is important for the organization. Possible motivations to make a change include: @@ -73,15 +73,15 @@ is important for the organization. Possible motivations to make a change include migration ADS without ADS -Make sure everyone knows that Samba-3 is not MS Windows NT4. Samba-3 offers +Make sure everyone knows that Samba is not MS Windows NT4. Samba-3 offers an alternative solution that is both different from MS Windows NT4 and offers -advantages compared with it. Gain recognition that Samba-3 lacks many of the +advantages compared with it. Gain recognition that Samba lacks many of the features that Microsoft has promoted as core values in migration from MS Windows NT4 to MS Windows 2000 and beyond (with or without Active Directory services). -What are the features that Samba-3 cannot provide? +What are the features that Samba cannot provide? Active Directory Server @@ -99,7 +99,7 @@ What are the features that Samba-3 cannot provide? -The features that Samba-3 does provide and that may be of compelling interest to your site +The features that Samba does provide and that may be of compelling interest to your site include: @@ -134,7 +134,7 @@ include: successful migration -Before migrating a network from MS Windows NT4 to Samba-3, consider all necessary factors. Users +Before migrating a network from MS Windows NT4 to Samba, consider all necessary factors. Users should be educated about changes they may experience so the change will be a welcome one and not become an obstacle to the work they need to do. The following sections explain factors that will help ensure a successful migration. @@ -160,11 +160,11 @@ help ensure a successful migration. master server slave servers multiple domains -Samba-3 can be configured as a domain controller, a backup domain controller (probably best called +Samba can be configured as a domain controller, a backup domain controller (probably best called a secondary controller), a domain member, or a standalone server. The Windows network security domain context should be sized and scoped before implementation. Particular attention needs to be paid to the location of the Primary Domain Controller (PDC) as well as backup controllers (BDCs). -One way in which Samba-3 differs from Microsoft technology is that if one chooses to use an LDAP +One way in which Samba differs from Microsoft technology is that if one chooses to use an LDAP authentication backend, then the same database can be used by several different domains. In a complex organization, there can be a single LDAP database, which itself can be distributed (have a master server and multiple slave servers) that can simultaneously serve multiple domains. @@ -281,9 +281,9 @@ Management. SID NTuser.DAT -Profiles may also be managed using the Samba-3 tool profiles. This tool allows the MS +Profiles may also be managed using the Samba tool profiles. This tool allows the MS Windows NT-style security identifiers (SIDs) that are stored inside the profile -NTuser.DAT file to be changed to the SID of the Samba-3 domain. +NTuser.DAT file to be changed to the SID of the Samba domain. @@ -295,8 +295,8 @@ Windows NT-style security identifiers (SIDs) that are stored inside the profile migrate user migrate group map -It is possible to migrate all account settings from an MS Windows NT4 domain to Samba-3. Before -attempting to migrate user and group accounts, you are STRONGLY advised to create in Samba-3 the +It is possible to migrate all account settings from an MS Windows NT4 domain to Samba. Before +attempting to migrate user and group accounts, you are STRONGLY advised to create in Samba the groups that are present on the MS Windows NT4 domain AND to map them to suitable UNIX/Linux groups. By following this simple advice, all user and group attributes should migrate painlessly. @@ -321,7 +321,7 @@ The approximate migration process is described below. domain controller netlogon share BDC - Samba-3 is set up as a domain controller with netlogon share, profile share, and so on. Configure the &smb.conf; file + Samba is set up as a domain controller with netlogon share, profile share, and so on. Configure the &smb.conf; file to function as a BDC: domain master = No. @@ -414,7 +414,7 @@ generally fit into three basic categories. Following ta There are three basic choices for sites that intend to migrate from MS Windows NT4 -to Samba-3: +to Samba: @@ -472,7 +472,7 @@ being contemplated. Improve on NT4 functionality, enhance management capabilities - Move all accounts from NT4 into Samba-3 + Move all accounts from NT4 into Samba Copy and improve Authentication regime (database location and access) @@ -492,7 +492,7 @@ being contemplated. Identify Needs for: Manageability, Scalability, Security, Availability - Integrate Samba-3, then migrate while users are active, then change of control (swap out) + Integrate Samba, then migrate while users are active, then change of control (swap out) Take advantage of lower maintenance opportunity @@ -502,12 +502,12 @@ being contemplated. -Samba-3 Implementation Choices +Samba Implementation Choices Authentication Database/Backend - Samba-3 can use an external authentication backend: + Samba can use an external authentication backend: @@ -515,7 +515,7 @@ being contemplated. Winbind (external Samba or NT4/200x server). External server could use Active Directory or NT4 domain. Can use pam_mkhomedir.so to autocreate home directories. - Samba-3 can use a local authentication backend: smbpasswd, + Samba can use a local authentication backend: smbpasswd, tdbsam, ldapsam diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml b/docs-xml/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml index d732f3a31dc..8743079bd22 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml @@ -43,7 +43,7 @@ Dynamic-DNS service for NetBIOS networking names. DNS ADS MS Windows 2000 and later versions can be configured to operate with no NetBIOS -over TCP/IP. Samba-3 and later versions also support this mode of operation. +over TCP/IP. Samba and later versions also support this mode of operation. When the use of NetBIOS over TCP/IP has been disabled, the primary means for resolution of MS Windows machine names is via DNS and Active Directory. The following information assumes that your site is running NetBIOS over TCP/IP. @@ -1562,7 +1562,7 @@ document. NetBIOS over TCP/IP DNS/LDAP/ADS name resolution -MS Windows 2000 and later versions, as with Samba-3 and later versions, can be +MS Windows 2000 and later versions, as with Samba and later versions, can be configured to not use NetBIOS over TCP/IP. When configured this way, it is imperative that name resolution (using DNS/LDAP/ADS) be correctly configured and operative. Browsing will not work if name resolution @@ -1745,7 +1745,7 @@ settings; for Samba, this is in the &smb.conf; file. NetBIOS over TCP/IP ADS DNS -It is possible to operate Samba-3 without NetBIOS over TCP/IP. If you do this, be warned that if used outside +It is possible to operate Samba without NetBIOS over TCP/IP. If you do this, be warned that if used outside of MS ADS, this will forgo network browsing support. ADS permits network browsing support through DNS, providing appropriate DNS records are inserted for all Samba servers. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml index 2b12e11f19b..bc5f61489ab 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml @@ -240,7 +240,7 @@ The following functionalities are not provided by Samba-4: groupmapping -Samba-3 implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated +Samba implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated to explain in a short space). This is discussed more fully in Group Mapping: MS Windows and UNIX. @@ -412,7 +412,7 @@ sustainable choice and competition in the FIM market place. identity information Primary domain control, if it is to be scalable to meet the needs of large sites, must therefore be capable of using LDAP. The rapid adoption of OpenLDAP, and Samba configurations that use it, is ample proof that the era -of the directory has started. Samba-3 does not demand the use of LDAP, but the demand for a mechanism by which +of the directory has started. Samba does not demand the use of LDAP, but the demand for a mechanism by which user and group identity information can be distributed makes it an an unavoidable option. @@ -511,7 +511,7 @@ particular logon authentication request. promote demote A Windows NT4 BDC can be promoted to a PDC. If the PDC is online at the time that a BDC is promoted to PDC, -the previous PDC is automatically demoted to a BDC. With Samba-3, this is not an automatic operation; the PDC +the previous PDC is automatically demoted to a BDC. With Samba, this is not an automatic operation; the PDC and BDC must be manually configured, and other appropriate changes also need to be made. @@ -535,8 +535,8 @@ time choices offered are: domaincontrolrole native member -Samba-3 servers can readily be converted to and from domain controller roles through simple changes to the -&smb.conf; file. Samba-3 is capable of acting fully as a native member of a Windows 200x server Active +Samba servers can readily be converted to and from domain controller roles through simple changes to the +&smb.conf; file. Samba is capable of acting fully as a native member of a Windows 200x server Active Directory domain. @@ -550,8 +550,8 @@ domain member server to or from a domain control, and to install or remove activ replicationSAM SAMreplication -New to Samba-3 is the ability to function fully as an MS Windows NT4-style domain controller, -excluding the SAM replication components. However, please be aware that Samba-3 also supports the +New to Samba is the ability to function fully as an MS Windows NT4-style domain controller, +excluding the SAM replication components. However, please be aware that Samba also supports the MS Windows 200x domain control protocols. @@ -604,7 +604,7 @@ information regarding domain membership. -The following are necessary for configuring Samba-3 as an MS Windows NT4-style PDC for MS Windows +The following are necessary for configuring Samba as an MS Windows NT4-style PDC for MS Windows NT4/200x/XP clients: @@ -666,7 +666,7 @@ A domain controller is an SMB/CIFS server that: browse list It is rather easy to configure Samba to provide these. Each Samba domain controller must provide the NETLOGON service that Samba calls the functionality (after the name of the -parameter in the &smb.conf; file). Additionally, one server in a Samba-3 domain must advertise itself as the +parameter in the &smb.conf; file). Additionally, one server in a Samba domain must advertise itself as the domain master browser.See Network Browsing. This causes the PDC to claim a domain-specific NetBIOS name that identifies it as a DMB for its given domain or workgroup. Local master browsers (LMBs) in the same domain or workgroup on @@ -789,7 +789,7 @@ The basic options shown in this example are e This share is used to store user desktop profiles. Each user must have a directory at the root of this share. This directory must be write-enabled for the user and must be globally read-enabled. - Samba-3 has a VFS module called fake_permissions that may be installed on this share. This will + Samba has a VFS module called fake_permissions that may be installed on this share. This will allow a Samba administrator to make the directory read-only to everyone. Of course this is useful only after the profile has been properly created. @@ -1092,7 +1092,7 @@ sure that you have the entry correct for the Machine Trust Account in the Samba PDC. If you added the account using an editor rather than using the smbpasswd utility, make sure that the account name is the machine NetBIOS name with a $ appended to it (i.e., computer_name$). There must be an entry in both the POSIX UNIX system account backend as well as in the -SambaSAMAccount backend. The default backend for Samba-3 (i.e., the parameter passdb +SambaSAMAccount backend. The default backend for Samba (i.e., the parameter passdb backend is not specified in the &smb.conf; file, or if specified is set to smbpasswd, are respectively the /etc/passwd and /etc/samba/smbpasswd (or /usr/local/samba/lib/private/smbpasswd if @@ -1139,7 +1139,7 @@ then try again. After successfully joining the domain, user logons fail with one of two messages: one to the effect that the domain controller cannot be found; the other claims that the account does not exist in the domain or that the password is incorrect. This may be due to incompatible -settings between the Windows client and the Samba-3 server for schannel +settings between the Windows client and the Samba server for schannel (secure channel) settings or smb signing settings. Check your Samba settings for client schannel, server schannel, client signing, server signing by executing: @@ -1155,7 +1155,7 @@ Control Panel. The Policy settings are found in the Local Policies/Security Opti -It is important that these be set consistently with the Samba-3 server settings. +It is important that these be set consistently with the Samba server settings. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml index 456c7ceab49..e301489a255 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml @@ -110,7 +110,7 @@ entities. New Account Storage Systems -Samba-3 introduces a number of new password backend capabilities. +Samba introduces a number of new password backend capabilities. SAM backendtdbsam SAM backendldapsam @@ -137,7 +137,7 @@ Samba-3 introduces a number of new password backend capabilities. The tdbsam password backend stores the old smbpasswd information plus the extended MS Windows NT/200x SAM information into a binary format TDB (trivial database) file. - The inclusion of the extended information makes it possible for Samba-3 + The inclusion of the extended information makes it possible for Samba to implement the same account and system access controls that are possible with MS Windows NT4/200x-based systems. @@ -169,7 +169,7 @@ Samba-3 introduces a number of new password backend capabilities. Samba schema schema file examples/LDAP - Samba-3 has a new and extended LDAP implementation that requires configuration + Samba has a new and extended LDAP implementation that requires configuration of OpenLDAP with a new format Samba schema. The new format schema file is included in the examples/LDAP directory of the Samba distribution. @@ -480,7 +480,7 @@ Samba-3 introduces a number of new password backend capabilities. domain member servers NFS rsync - Samba-3 has a special facility that makes it possible to maintain identical UIDs and GIDs + Samba has a special facility that makes it possible to maintain identical UIDs and GIDs on all servers in a distributed network. A distributed network is one where there exists a PDC, one or more BDCs, and/or one or more domain member servers. Why is this important? This is important if files are being shared over more than one protocol (e.g., NFS) and where @@ -974,7 +974,7 @@ is being added to the net toolset (see parameter is normally a service-level parameter. Since it is included here in the section, it will take effect for all printer shares that are not - defined differently. Samba-3 no longer supports the SOFTQ printing system. + defined differently. Samba no longer supports the SOFTQ printing system. @@ -1092,7 +1092,7 @@ The additional functionality provided by the new SPOOLSS support includes: ADS LDAP -A benefit of updating is that Samba-3 is able to publish its printers to Active Directory (or LDAP). +A benefit of updating is that Samba is able to publish its printers to Active Directory (or LDAP). @@ -1197,7 +1197,7 @@ system, which is responsible for all further processing, as needed. read-write access ACLs These parameters, including the printer driver file parameter, - are now removed and cannot be used in installations of Samba-3. The share name + are now removed and cannot be used in installations of Samba. The share name is now used for the location of downloadable printer drivers. It is taken from the service created by Windows NT PCs when a printer is shared by them. Windows NT print servers always have a @@ -3157,7 +3157,7 @@ follow several paths. Here are possible scenarios for migration: An existing printers.def file (the one specified in the now removed parameter - printer driver file) will no longer work with Samba-3. In 3.0, smbd attempts + printer driver file) will no longer work with Samba. In 3.0, smbd attempts to locate Windows 9x/Me driver files for the printer in and additional settings in the TDB and only there; if it fails, it will not (as 2.2.x used to do) drop down to using a printers.def (and all associated diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml index 48c99c542c4..ff762ad34d7 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml @@ -1174,7 +1174,7 @@ it is necessary to disable roaming profile handling in the registry of each such -With Samba-3, you can have a global profile setting in &smb.conf;, and you can override this by +With Samba, you can have a global profile setting in &smb.conf;, and you can override this by per-user settings using the Domain User Manager (as with MS Windows NT4/200x). In any case, you can configure only one profile per user. That profile can be either: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml b/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml index dc6125e1d60..94f535e3e1d 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml @@ -110,7 +110,7 @@ must be defined in the section of the &smb.conf; rights privileges manage privileges -Currently, the rights supported in Samba-3 are listed in . +Currently, the rights supported in Samba are listed in . The remainder of this chapter explains how to manage and use these privileges on Samba servers. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml index 4d672c6dd18..8fc837de925 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml @@ -64,18 +64,18 @@ So, what are the benefits of the features mentioned in this chapter? domaincontroller - Samba-3 can replace an MS Windows NT4 domain controller. + Samba can replace an MS Windows NT4 domain controller. active directory - Samba-3 offers excellent interoperability with MS Windows NT4-style + Samba offers excellent interoperability with MS Windows NT4-style domains as well as natively with Microsoft Active Directory domains. interdomaintrustrs - Samba-3 permits full NT4-style interdomain trusts. + Samba permits full NT4-style interdomain trusts. @@ -88,7 +88,7 @@ So, what are the benefits of the features mentioned in this chapter? accountdatabasebackends encrypted - Samba-3 permits use of multiple concurrent account database backends. + Samba permits use of multiple concurrent account database backends. (Encrypted passwords that are stored in the account database are in formats that are unique to Windows networking). @@ -96,7 +96,7 @@ So, what are the benefits of the features mentioned in this chapter? replicated The account database backends can be distributed - and replicated using multiple methods. This gives Samba-3 + and replicated using multiple methods. This gives Samba greater flexibility than MS Windows NT4 and in many cases a significantly higher utility than Active Directory domains with MS Windows 200x. @@ -388,7 +388,7 @@ domain members. This is contrary to popular belief. -If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you +If you are using Active Directory, starting with Samba you can join as a native AD member. Why would you want to do that? Your security policy might prohibit the use of NT-compatible authentication protocols. All your machines are running Windows 2000 and above and all use Kerberos. In this case, Samba, as an NT4-style domain, would still require NT-compatible authentication data. Samba in AD-member mode can accept Kerberos diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml b/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml index 6e96ad1e1a3..50c0760f0f2 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml @@ -16,7 +16,7 @@ remote management command-line scripted control -The net command is one of the new features of Samba-3 and is an attempt to provide a useful +The net command is one of the new features of Samba and is an attempt to provide a useful tool for the majority of remote management operations necessary for common tasks. The net tool is flexible by design and is intended for command-line use as well as for scripted control application. @@ -37,7 +37,7 @@ provided should look at the net command before searching else -A Samba-3 administrator cannot afford to gloss over this chapter because to do so will almost certainly cause +A Samba administrator cannot afford to gloss over this chapter because to do so will almost certainly cause the infliction of self-induced pain, agony, and desperation. Be warned: this is an important chapter. @@ -51,7 +51,7 @@ the infliction of self-induced pain, agony, and desperation. Be warned: this is BDC DMS authentication - The tasks that follow the installation of a Samba-3 server, whether standalone or domain member, of a + The tasks that follow the installation of a Samba server, whether standalone or domain member, of a domain controller (PDC or BDC) begins with the need to create administrative rights. Of course, the creation of user and group accounts is essential for both a standalone server and a PDC. In the case of a BDC or a Domain Member server (DMS), domain user and group accounts are obtained from @@ -83,7 +83,7 @@ the infliction of self-induced pain, agony, and desperation. Be warned: this is domain authentication trust accounts net - UNIX systems that are hosting a Samba-3 server that is running as a member (PDC, BDC, or DMS) must have + UNIX systems that are hosting a Samba server that is running as a member (PDC, BDC, or DMS) must have a machine security account in the domain authentication database (or directory). The creation of such security (or trust) accounts is also handled using the net command. @@ -107,7 +107,7 @@ the infliction of self-induced pain, agony, and desperation. Be warned: this is net man pages The overall picture should be clear now: the net command plays a central role - on the Samba-3 stage. This role will continue to be developed. The inclusion of this chapter is + on the Samba stage. This role will continue to be developed. The inclusion of this chapter is evidence of its importance, one that has grown in complexity to the point that it is no longer considered prudent to cover its use fully in the online UNIX man pages. @@ -165,7 +165,7 @@ the infliction of self-induced pain, agony, and desperation. Be warned: this is domaingroups localgroups domain user accounts - Samba-3 recognizes two types of groups: domain groups and local + Samba recognizes two types of groups: domain groups and local groups. Domain groups can contain (have as members) only domain user accounts. Local groups can contain local users, domain users, and domain groups as members. @@ -1069,7 +1069,7 @@ Deleted user account. - A Samba-3 server that is a Windows ADS domain member can execute the following command to detach from the + A Samba server that is a Windows ADS domain member can execute the following command to detach from the domain: netadsleave @@ -1760,7 +1760,7 @@ Computer User name Client Type Opens Idle time Printers and ADS - When Samba-3 is used within an MS Windows ADS environment, printers shared via Samba will not be browseable + When Samba is used within an MS Windows ADS environment, printers shared via Samba will not be browseable until they have been published to the ADS domain. Information regarding published printers may be obtained from the ADS server by executing the net ads print info command following this syntax: netadsprinter info diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Unicode.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Unicode.xml index 440498f53b6..145f6d31a67 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Unicode.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Unicode.xml @@ -38,7 +38,7 @@ is deserving of special mention. codepages Samba-2.x supported a single locale through a mechanism called -codepages. Samba-3 is destined to become a truly transglobal +codepages. Samba is destined to become a truly transglobal file- and printer-sharing platform. @@ -421,7 +421,7 @@ Setting up Japanese charsets is quite difficult. This is mainly because: - To use CAP encoding on Samba-3, you should use the unix charset parameter and VFS + To use CAP encoding on Samba, you should use the unix charset parameter and VFS as in the VFS CAP smb.conf file. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml index 84ee82db576..8b3b835f903 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml @@ -126,7 +126,7 @@ shown in the smb.conf with multiple VFS modulesdefault_quota - This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server. + This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba server. The challenge is that linux filesystems only store quotas for users and groups, but no default quotas. @@ -556,7 +556,7 @@ quotasettings: gid nolimit = no Debian Sarge At the time of this writing, not much testing has been done. I tested the shadow copy VFS module with a specific scenario which was not deployed in a production environment, but more as a proof of concept. The - scenario involved a Samba-3 file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend + scenario involved a Samba file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend you use this as a solution without doing your own due diligence with regard to all the components presented here. That said, following is an basic outline of how I got things going. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml index b7eaa06b539..ae7700fd480 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml @@ -589,7 +589,7 @@ way things are going. winbindd daemon -The latest version of Samba-3 includes a functioning winbindd daemon. Please refer to the main Samba Web page, or better yet, your closest Samba mirror site for instructions on downloading the source code. @@ -633,7 +633,7 @@ needed to compile PAM-aware applications. Winbind /etc/nsswitch.conf PAM is a standard component of most current generation UNIX/Linux systems. Unfortunately, few systems install -the pam-devel libraries that are needed to build PAM-enabled Samba. Additionally, Samba-3 +the pam-devel libraries that are needed to build PAM-enabled Samba. Additionally, Samba may auto-install the Winbind files into their correct locations on your system, so before you get too far down the track, be sure to check if the following configuration is really necessary. You may only need to configure diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml b/docs-xml/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml index 3facb2c35ce..854c58c279d 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml @@ -432,7 +432,7 @@ that are in common use today. These are: Network ID configuration wizard Clicking the Network ID button will launch the configuration wizard. Do not use this with - Samba-3. If you wish to change the computer name or join or leave the domain, click the Change button. + Samba. If you wish to change the computer name or join or leave the domain, click the Change button. See .
The Computer Name Panel.wxpp004
@@ -463,7 +463,7 @@ that are in common use today. These are: root - Enter the name root and the root password from your Samba-3 server. See . + Enter the name root and the root password from your Samba server. See .
Computer Name Changes &smbmdash; Username and Password Panel.wxpp008
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-preface.xml b/docs-xml/Samba3-HOWTO/TOSHARG-preface.xml index 43df53e5232..cda13acdad2 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-preface.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-preface.xml @@ -26,7 +26,7 @@ gain more contented network users. This book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of -Samba-3, and helps to put all of these into a useful framework. +Samba, and helps to put all of these into a useful framework. diff --git a/docs-xml/smbdotconf/base/netbiosname.xml b/docs-xml/smbdotconf/base/netbiosname.xml index d51c4ca0f48..60bc08232d6 100644 --- a/docs-xml/smbdotconf/base/netbiosname.xml +++ b/docs-xml/smbdotconf/base/netbiosname.xml @@ -12,8 +12,8 @@ - There is a bug in Samba-3 that breaks operation of browsing and access to shares if the netbios name - is set to the literal name PIPE. To avoid this problem, do not name your Samba-3 + There is a bug in Samba that breaks operation of browsing and access to shares if the netbios name + is set to the literal name PIPE. To avoid this problem, do not name your Samba server PIPE. -- 2.11.4.GIT