[install-guide/f22-branch] UI mode must always be specified for automatic KS installs
by pbokoc
commit a0ba206e7d252212b66f7c4096c99e4454b98c1f
Author: Petr Bokoc <pbokoc(a)redhat.com>
Date: Mon Jul 20 13:24:19 2015 +0200
UI mode must always be specified for automatic KS installs
en-US/Kickstart_Syntax_Reference.xml | 89 ++++++++++++++++++++--------------
1 files changed, 52 insertions(+), 37 deletions(-)
---
diff --git a/en-US/Kickstart_Syntax_Reference.xml b/en-US/Kickstart_Syntax_Reference.xml
index 9be5da7..ba811e7 100644
--- a/en-US/Kickstart_Syntax_Reference.xml
+++ b/en-US/Kickstart_Syntax_Reference.xml
@@ -11,7 +11,7 @@
<important>
<para>
Device names are not guaranteed to be consistent across reboots, which can complicate usage in Kickstart scripts. When a Kickstart option calls for a device node name (such as <literal>sda</literal>), you can instead use any item from <filename>/dev/disk</filename>. For example, instead of:
- </para>
+ </para>
<programlisting><command>part / --fstype=xfs --onpart=sda1</command></programlisting>
<para>
You could use an entry similar to one of the following:
@@ -21,8 +21,8 @@
<command>part / --fstype=xfs --onpart=/dev/disk/by-id/ata-ST3160815AS_6RA0C882-part1</command>
</programlisting>
<para>
- This provides a consistent way to refer to disks that is more meaningful than just <literal>sda</literal>. This is especially useful in large storage environments.
- </para>
+ This provides a consistent way to refer to disks that is more meaningful than just <literal>sda</literal>. This is especially useful in large storage environments.
+ </para>
</important>
<para>
While the general principles of Kickstart installations tend to stay the same, the commands and options can change between major releases. You can use the <command>ksverdiff</command> command to display the differences between two versions of the Kickstart syntax. This is useful when updating an existing Kickstart file to be used with a new release. To display a list of changes in syntax between Fedora &PREVVER; and &PRODVER;, use the following command:
@@ -69,7 +69,7 @@
<section id="sect-kickstart-commands-driverdisk">
<title>driverdisk (optional) - Use a Driver Disk</title>
- <para>
+ <para>
Driver disks can be used during Kickstart installations to provide additional drivers not included by default. You must copy the driver disks's contents to the root directory of a partition on the system's hard drive. Then, you must use the <command>driverdisk</command> command to specify that the installation program should look for a driver disk and its location.
</para>
<programlisting><command>driverdisk <replaceable>partition</replaceable> | --source= | --biospart=</command></programlisting>
@@ -171,7 +171,7 @@
Install from a disk image instead of packages. The image can be the <filename>squashfs.img</filename> file from a live ISO image, or any file system that the installation media can mount. Supported file systems are <systemitem>ext2</systemitem>, <systemitem>ext3</systemitem>, <systemitem>ext4</systemitem>, <systemitem>vfat</systemitem>, and <systemitem>xfs</systemitem>.
</para>
<para>
- This command also supports installation from tar archives of the root file system. In that case, the file name must end with <literal>.tar</literal>, <literal>.tbz</literal>, <literal>.tgz</literal>, <literal>.txz</literal>, <literal>.tar.bz2</literal>, <literal>tar.gz</literal>, or <literal>tar.xz</literal>.
+ This command also supports installation from tar archives of the root file system. In that case, the file name must end with <literal>.tar</literal>, <literal>.tbz</literal>, <literal>.tgz</literal>, <literal>.txz</literal>, <literal>.tar.bz2</literal>, <literal>tar.gz</literal>, or <literal>tar.xz</literal>.
</para>
<programlisting>
<command>install</command>
@@ -464,7 +464,7 @@
<section id="sect-kickstart-commands-autopart">
<title>autopart (optional) - Automatic Partitioning</title>
<para>
- Automatically creates partitions: a root (<filename class="partition">/</filename>) partition (1 GB or larger), a <filename class="partition">swap</filename> partition, and an appropriate <filename class="partition">/boot</filename> partition for the architecture. On large enough drives (50 GB and larger), this also creates a <filename class="partition">/home</filename> partition.
+ Automatically creates partitions: a root (<filename class="partition">/</filename>) partition (1 GB or larger), a <filename class="partition">swap</filename> partition, and an appropriate <filename class="partition">/boot</filename> partition for the architecture. On large enough drives (50 GB and larger), this also creates a <filename class="partition">/home</filename> partition.
</para>
<important>
<para>
@@ -626,7 +626,7 @@
<term><option>--location=</option></term>
<listitem>
<para>
- Specifies where the boot record is written. Valid values are the following:
+ Specifies where the boot record is written. Valid values are the following:
</para>
<itemizedlist>
<listitem>
@@ -715,7 +715,7 @@
<term><option>--disabled</option></term>
<listitem>
<para>
- Do not attempt to install a boot loader. This option overrides all other boot loader configuration; all other boot loader options will be ignored and no boot loader packages will be installed.
+ Do not attempt to install a boot loader. This option overrides all other boot loader configuration; all other boot loader options will be ignored and no boot loader packages will be installed.
</para>
</listitem>
</varlistentry>
@@ -724,7 +724,7 @@
<section id="sect-kickstart-commands-btrfs">
<title>btrfs (optional) - Create Btrfs Volume or Subvolume</title>
- <para>
+ <para>
Create a Btrfs volume or subvolume. For a volume, the syntax is:
</para>
<programlisting>
@@ -855,7 +855,7 @@
<para>
Never specify multipath devices by device names like <literal>mpatha</literal>. Device names such as this are not specific to a particular disk. The disk named <filename>/dev/mpatha</filename> during installation might not be the one that you expect it to be. Therefore, the <command>clearpart</command> command could target the wrong disk.
</para>
- </warning>
+ </warning>
</listitem>
</varlistentry>
<varlistentry>
@@ -901,7 +901,7 @@
<section id="sect-kickstart-commands-fcoe">
<title>fcoe (optional) - Configure Fibre Channel Over Ethernet Devices</title>
- <para>
+ <para>
Specify which FCoE devices should be activated automatically in addition to those discovered by <firstterm>Enhanced Disk Drive Services</firstterm> (EDD).
</para>
<programlisting><command>fcoe --nic=<replaceable>name</replaceable> [--dcp= | --autovlan]</command></programlisting>
@@ -966,7 +966,7 @@
<term><option>--only-use=</option></term>
<listitem>
<para>
- Specifies a list of disks for the installation program to use. All other disks are ignored. For example, to use disk <literal>sda</literal> during installation and ignore all other disks:
+ Specifies a list of disks for the installation program to use. All other disks are ignored. For example, to use disk <literal>sda</literal> during installation and ignore all other disks:
</para>
<programlisting><command>ignoredisk --only-use=sda</command></programlisting>
<para>
@@ -1322,7 +1322,7 @@
<term><option>--profile=</option></term>
<listitem>
<para>
- Specify the configuration profile name to use with thin logical volumes. If used, the name will also be included in the metadata for the given logical volume. By default, the available profiles are <literal>default</literal> and <literal>thin-performance</literal> and are defined in the <filename class="directory">/etc/lvm/profile</filename> directory. See the <systemitem>lvm(8)</systemitem> man page for additional information.
+ Specify the configuration profile name to use with thin logical volumes. If used, the name will also be included in the metadata for the given logical volume. By default, the available profiles are <literal>default</literal> and <literal>thin-performance</literal> and are defined in the <filename class="directory">/etc/lvm/profile</filename> directory. See the <systemitem>lvm(8)</systemitem> man page for additional information.
</para>
</listitem>
</varlistentry>
@@ -1334,7 +1334,7 @@
<command>part pv.01 --size 3000</command>
<command>volgroup myvg pv.01</command>
<command>logvol / --vgname=myvg --size=2000 --name=rootvol</command>
- </programlisting>
+ </programlisting>
</section>
<section id="sect-kickstart-commands-part">
@@ -1848,7 +1848,7 @@
<command>part pv.01 --size 3000</command>
<command>volgroup myvg pv.01</command>
<command>logvol / --vgname=myvg --size=2000 --name=rootvol</command>
- </programlisting>
+ </programlisting>
</section>
<section id="sect-kickstart-commands-zerombr">
@@ -1992,10 +1992,10 @@
<term><option>--service=</option></term>
<listitem>
<para>
- This option provides a higher-level way to allow services through the firewall. Some services (like <systemitem>cups</systemitem>, <systemitem>avahi</systemitem>, etc.) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the <option>--port</option> option, or specify <command>--service=</command> and open them all at once.
+ This option provides a higher-level way to allow services through the firewall. Some services (like <systemitem>cups</systemitem>, <systemitem>avahi</systemitem>, etc.) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the <option>--port</option> option, or specify <command>--service=</command> and open them all at once.
</para>
<para>
- Valid options are anything recognized by the <application>firewall-offline-cmd</application> program in the <package>firewalld</package> package. If <systemitem>firewalld</systemitem> is running, <command>firewall-cmd --get-services</command> will provide a list of known service names.
+ Valid options are anything recognized by the <application>firewall-offline-cmd</application> program in the <package>firewalld</package> package. If <systemitem>firewalld</systemitem> is running, <command>firewall-cmd --get-services</command> will provide a list of known service names.
</para>
</listitem>
</varlistentry>
@@ -2727,7 +2727,7 @@
<section id="sect-kickstart-commands-group">
<title>group (optional) - Create User Group</title>
<para>
- Creates a new user group on the system. If a group with the given name or GID already exists, this command will fail. In addition, the <command>user</command> command can be used to create a new group for the newly created user.
+ Creates a new user group on the system. If a group with the given name or GID already exists, this command will fail. In addition, the <command>user</command> command can be used to create a new group for the newly created user.
</para>
<programlisting><command>group --name=<replaceable>name</replaceable> [--gid=<replaceable>gid</replaceable>]</command></programlisting>
<variablelist>
@@ -3142,9 +3142,14 @@
<section id="sect-kickstart-commands-cmdline">
<title>cmdline (optional) - Perform Installation in Command Line Mode</title>
- <para>
+ <para>
Perform the installation in a completely non-interactive command line mode. Any prompts for interaction halts the install. This mode is useful on IBM System z systems with the x3270 terminal.
</para>
+ <important>
+ <para>
+ For a fully automatic installation, you must either specify one of the available modes (<command>graphical</command>, <command>text</command>, or <command>cmdline</command>) in the Kickstart file, or you must use the <option>console=</option> boot option as described in <xref linkend="sect-boot-options-display" />. Otherwise the system will halt and ask you to choose a mode.
+ </para>
+ </important>
</section>
<section id="sect-kickstart-commands-graphical">
@@ -3152,6 +3157,11 @@
<para>
Perform the installation in graphical mode. This is the default. This command takes no options.
</para>
+ <important>
+ <para>
+ For a fully automatic installation, you must either specify one of the available modes (<command>graphical</command>, <command>text</command>, or <command>cmdline</command>) in the Kickstart file, or you must use the <option>console=</option> boot option as described in <xref linkend="sect-boot-options-display" />. Otherwise the system will halt and ask you to choose a mode.
+ </para>
+ </important>
</section>
<section id="sect-kickstart-commands-logging">
@@ -3268,6 +3278,11 @@
<para>
Perform the Kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.
</para>
+ <important>
+ <para>
+ For a fully automatic installation, you must either specify one of the available modes (<command>graphical</command>, <command>text</command>, or <command>cmdline</command>) in the Kickstart file, or you must use the <option>console=</option> boot option as described in <xref linkend="sect-boot-options-display" />. Otherwise the system will halt and ask you to choose a mode.
+ </para>
+ </important>
</section>
<section id="sect-kickstart-commands-unsupported_hardware">
@@ -3529,7 +3544,7 @@
<command>%ksappend</command> is processed in an initial pass, before any other part of the Kickstart file. Then, this expanded Kickstart file is passed to the rest of <application>Anaconda</application> where all <command>%pre</command> scripts are handled, and then finally the rest of the Kickstart file is processed in order, which includes <command>%include</command> directives.
</para>
<para>
- Therefore, <command>%ksappend</command> provides a way to include a file containing <command>%pre</command> scripts, while <command>%include</command> does not.
+ Therefore, <command>%ksappend</command> provides a way to include a file containing <command>%pre</command> scripts, while <command>%include</command> does not.
</para>
</section>
@@ -3550,7 +3565,7 @@
<important>
<para>
To install a 32-bit package on a 64-bit system, you will need to append the package name with the 32-bit architecture for which the package was built - for example, <package>glibc.i686</package>. The <option>--multilib</option> option also must be specified in the Kickstart file; see the available options below.
- </para>
+ </para>
</important>
<important>
<para>
@@ -3572,7 +3587,7 @@
</programlisting>
<para>
This command will install all packages which are part of the <guilabel>Infrastracture Server</guilabel> environment. All available environments are described in the <filename>comps.xml</filename> file.
- </para>
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -3582,7 +3597,7 @@
Specify groups, one entry to a line, starting with an <literal>@</literal> symbol, and then the full group name or group id as given in the <filename>comps.xml</filename> file. For example:
</para>
<programlisting>
-<command>%packages</command>
+<command>%packages</command>
@X Window System
@Desktop
@Sound and Video
@@ -3592,7 +3607,7 @@
The <literal>Core</literal> and <literal>Base</literal> groups are always selected - it is not necessary to specify them in the <command>%packages</command> section.
</para>
<para>
- The <filename>comps.xml</filename> file also defines groups called <literal>Conflicts (<replaceable>variant</replaceable>)</literal> for each variant of &PRODUCT;. This group contains all packages which are known to cause file conflicts, and is intended to be excluded.
+ The <filename>comps.xml</filename> file also defines groups called <literal>Conflicts (<replaceable>variant</replaceable>)</literal> for each variant of &PRODUCT;. This group contains all packages which are known to cause file conflicts, and is intended to be excluded.
</para>
</listitem>
</varlistentry>
@@ -3603,7 +3618,7 @@
Specify individual packages by name, one entry to a line. You can use the asterisk character (<literal>*</literal>) as a <firstterm>wildcard</firstterm> in package names. For example:
</para>
<programlisting>
-<command>%packages</command>
+<command>%packages</command>
sqlite
curl
aspell
@@ -3622,8 +3637,8 @@ docbook*
Use a leading dash (<literal>-</literal>) to specify packages or groups to exclude from the installation. For example:
</para>
<programlisting>
-<command>%packages</command>
--@Graphical Internet
+<command>%packages</command>
+-@Graphical Internet
-autofs
-ipa*fonts
<command>%end</command>
@@ -3644,7 +3659,7 @@ docbook*
<para>
The following options are available for the <command>%packages</command>. To use an option, append it to the start of the package selection section. For example:
</para>
- <programlisting><command>%packages --multilib --ignoremissing</command></programlisting>
+ <programlisting><command>%packages --multilib --ignoremissing</command></programlisting>
<varlistentry>
<term>
<option>--nocore</option>
@@ -3687,7 +3702,7 @@ docbook*
Normally, on a 64-bit system, only packages for this architecture (marked as <literal>x86_64</literal>) and packages for all architectures (marked as <literal>noarch</literal>) would be installed. When you use this option, packages for 32-bit systems (marked as <literal>i686</literal>) will be automatically installed as well, if available.
</para>
<para>
- This only applies to packages explicitly specified in the <command>%packages</command> section. Packages which are only being installed as dependencies without being specified in the Kickstart file will only be installed in architecture versions in which they are needed, even if they are available for more architectures.
+ This only applies to packages explicitly specified in the <command>%packages</command> section. Packages which are only being installed as dependencies without being specified in the Kickstart file will only be installed in architecture versions in which they are needed, even if they are available for more architectures.
</para>
</listitem>
</varlistentry>
@@ -3791,7 +3806,7 @@ docbook*
</para>
<para>
This section is useful for functions such as installing additional software or configuring an additional name server. The post-install script is run in a chroot environment, therefore, performing tasks such as copying scripts or RPM packages from the installation media do not work by default. You can change this behavior using the <option>--nochroot</option> option as described below.
- </para>
+ </para>
<important>
<para>
If you configured the network with static IP information, including a name server, you can access the network and resolve IP addresses in the <command>%post</command> section. If you configured the network for <systemitem>DHCP</systemitem>, the <filename>/etc/resolv.conf</filename> file has not been completed when the installation executes the <command>%post</command> section. You can access the network, but you cannot resolve IP addresses. Thus, if you are using <systemitem>DHCP</systemitem>, you must specify IP addresses in the <command>%post</command> section.
@@ -3874,19 +3889,19 @@ cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
<programlisting>
<command>clearpart --drives=hda,hdc</command>
<command>zerombr</command>
-# Raid 1 IDE config
-<command>part raid.11 --size 1000 --asprimary --ondrive=hda</command>
+# Raid 1 IDE config
+<command>part raid.11 --size 1000 --asprimary --ondrive=hda</command>
<command>part raid.12 --size 1000 --asprimary --ondrive=hda</command>
<command>part raid.13 --size 2000 --asprimary --ondrive=hda</command>
<command>part raid.14 --size 8000 --ondrive=hda</command>
-<command>part raid.15 --size 16384 --grow --ondrive=hda</command>
+<command>part raid.15 --size 16384 --grow --ondrive=hda</command>
<command>part raid.21 --size 1000 --asprimary --ondrive=hdc</command>
<command>part raid.22 --size 1000 --asprimary --ondrive=hdc</command>
<command>part raid.23 --size 2000 --asprimary --ondrive=hdc</command>
<command>part raid.24 --size 8000 --ondrive=hdc</command>
<command>part raid.25 --size 16384 --grow --ondrive=hdc</command>
-# You can add --spares=x
+# You can add --spares=x
<command>raid / --fstype xfs --device root --level=RAID1 raid.11 raid.21</command>
<command>raid /safe --fstype xfs --device safe --level=RAID1 raid.12 raid.22</command>
<command>raid swap --fstype swap --device swap --level=RAID1 raid.13 raid.23</command>
@@ -3895,7 +3910,7 @@ cp /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
# LVM configuration so that we can resize /var and /usr/local later
<command>volgroup sysvg pv.01</command>
-<command>logvol /var --vgname=sysvg --size=8000 --name=var</command>
+<command>logvol /var --vgname=sysvg --size=8000 --name=var</command>
<command>logvol /var/freespace --vgname=sysvg --size=8000 --name=freespacetouse</command>
<command>logvol /usr/local --vgname=sysvg --size=1 --grow --name=usrlocal</command>
</programlisting>
@@ -3939,13 +3954,13 @@ mymedia=`cat $file/media`
if [ $mymedia == "disk" ] ; then
hds="$hds `basename $file`"
fi
-done
+done
set $hds
numhd=`echo $#`
drive1=`echo $hds | cut -d' ' -f1`
drive2=`echo $hds | cut -d' ' -f2`
-#Write out partition scheme based on whether there are 1 or 2 hard drives
+#Write out partition scheme based on whether there are 1 or 2 hard drives
if [ $numhd == "2" ] ; then
#2 drives
echo "#partitioning scheme generated in %pre for 2 drives" > /tmp/part-include
8 years, 11 months
[libvirt_application_development_guide_using_python] Domains chapter Configuration section - finished this section - added example 41
by David Ashley
commit bd6d803406b9d525560718b58123cd718758ea04
Author: W. David Ashley <w.david.ashley(a)gmail.com>
Date: Wed Jul 15 10:47:42 2015 -0500
Domains chapter
Configuration section
- finished this section
- added example 41
en-US/Guest_Domains.xml | 61 ++++++----------------------------
en-US/extras/Domains-Example-41.xml | 8 ++++
2 files changed, 19 insertions(+), 50 deletions(-)
---
diff --git a/en-US/Guest_Domains.xml b/en-US/Guest_Domains.xml
index 8152f1d..5395e64 100644
--- a/en-US/Guest_Domains.xml
+++ b/en-US/Guest_Domains.xml
@@ -1015,10 +1015,6 @@
<programlisting language="Python"><xi:include href="extras/Domains-Example-39.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
</example>
- <para>
- TBD
- </para>
-
</section>
<section id="libvirt_application_development_guide_using_python-Guest_Domains-Device_Config-Networking">
@@ -1034,15 +1030,6 @@
</section>
- <section id="libvirt_application_development_guide_using_python-Guest_Domains-Device_Config-Filesystems">
- <title>Filesystems</title>
-
- <para>
- TBD
- </para>
-
- </section>
-
<section id="libvirt_application_development_guide_using_python-Guest_Domains-Device_Config-Mice">
<title>Mice, Keyboard & Tablets</title>
@@ -1066,12 +1053,15 @@
driver capabilities from the host OS.
</para>
<important>
- USB devices are only inherited by the guest domain at boot time. USB
- devices can not be inherited from the host after the guest domain has booted.
+ <title>Important</title>
+ <para>
+ USB devices are only inherited by the guest domain at boot time. newly activated USB
+ devices can not be inherited from the host after the guest domain has booted.
+ </para>
</important>
<para>
- Some caveats apply when using USB device passthrough. When a PCI device is
+ Some caveats apply when using USB device passthrough. When a USB device is
directly assigned to a guest, migration will not be possible, without
first hot-unplugging the device from the guest. In addition
libvirt does not guarantee that direct device assignment is secure, leaving
@@ -1128,29 +1118,8 @@
by manually detaching the device and then attempting to perform the
reset operation. If this succeeds, then it will be possible to assign
the device to a guest on its own. If it fails, then it will be necessary
- to co-assign the device will others on the same PCI bus. The section
- documenting node device APIs covers this topic in detail, but as a
- quick demonstration the following code checks whether a PCI device
- (represented by a virNodeDevicePtr object instance) can be reset and
- is thus assignable to a guest
+ to co-assign the device will others on the same PCI bus.
</para>
- <programlisting>
- <![CDATA[
- virNodeDevicePtr dev = ....get virNodeDevicePtr for the PCI device...
-
- if (virNodeDeviceDettach(dev) < 0) {
- fprintf(stderr, "Device cannot be dettached from the host OS drivers\n");
- return;
- }
-
- if (virNodeDeviceReset(dev) < 0) {
- fprintf(stderr, "Device cannot be safely reset without affecting other devices\n");
- return;
- }
-
- fprintf(stderr, "Device is suitable for passthrough to a guest\n");
- ]]>
- </programlisting>
<para>
A PCI device is attached to a guest using the 'hostdevice' element.
@@ -1163,18 +1132,10 @@
This is easiest to see with a short example
</para>
- <programlisting>
- <![CDATA[
- <hostdev mode='subsystem' type='pci' managed='yes'>
- <source>
- <address domain='0x0000'
- bus='0x06'
- slot='0x12'
- function='0x5'/>
- </source>
- </hostdev>
- ]]>
- </programlisting>
+ <example>
+ <title>Get domain's input device information</title>
+ <programlisting language="XML"><xi:include href="extras/Domains-Example-41.xml" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+ </example>
</section>
diff --git a/en-US/extras/Domains-Example-41.xml b/en-US/extras/Domains-Example-41.xml
new file mode 100644
index 0000000..7822b7a
--- /dev/null
+++ b/en-US/extras/Domains-Example-41.xml
@@ -0,0 +1,8 @@
+<hostdev mode='subsystem' type='pci' managed='yes'>
+ <source>
+ <address domain='0x0000'
+ bus='0x06'
+ slot='0x12'
+ function='0x5'/>
+ </source>
+</hostdev>
8 years, 11 months
[system-administrators-guide] Samba - incorporated changes from RHEL.
by Bara Ančincová
commit 1aa37350891169f01c3378ae7517238fedacc08f
Author: Barbora Ančincová <bancinco(a)redhat.com>
Date: Wed Jul 15 12:17:03 2015 +0200
Samba - incorporated changes from RHEL.
en-US/Samba.xml | 2919 ++++++++++++++++++++++++++++---------------------------
1 files changed, 1477 insertions(+), 1442 deletions(-)
---
diff --git a/en-US/Samba.xml b/en-US/Samba.xml
index 8fc2a02..29b04e1 100644
--- a/en-US/Samba.xml
+++ b/en-US/Samba.xml
@@ -1,620 +1,792 @@
<?xml version='1.0'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
]>
-<section id="s1-Samba">
- <title>Samba</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Reference</secondary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <see>Samba</see>
- </indexterm>
- <para>
- <application>Samba</application> is an open source implementation of the <firstterm>server message block</firstterm> (<systemitem class="protocol">SMB</systemitem>) protocol. Modern versions of this protocol are also known as the <firstterm>common Internet file system</firstterm> (<systemitem class="protocol">CIFS</systemitem>) protocol. It allows the networking of Microsoft <trademark class="registered">Windows</trademark>, Linux, UNIX, and other operating systems together, enabling access to Windows-based file and printer shares. Samba's use of <systemitem class="protocol">SMB</systemitem> allows it to appear as a Windows server to Windows clients.</para>
- <note>
- <title>Installing the samba package</title>
- <para>In order to use <application>Samba</application>, first ensure the <package>samba</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>dnf install samba</command></screen>
- <para>For more information on installing packages with DNF, see <xref linkend="sec-Installing"/>.</para>
- </note>
-
- <section
- id="samba-rgs-overview">
- <title>Introduction to Samba</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Introduction</secondary>
- </indexterm>
- <para>Fedora includes Samba version <literal>4.1</literal>:</para>
- <section
- id="s3-samba-abilities">
- <title>Samba Features</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Abilities</secondary>
- </indexterm>
- <para>Samba is a powerful and versatile server application.</para>
- <para>What Samba can do:</para>
- <itemizedlist>
- <listitem>
- <para>Serve directory trees and printers to Linux, UNIX, and Windows clients</para>
- </listitem>
- <listitem>
- <para>Assist in network browsing (with or without NetBIOS)</para>
- </listitem>
- <listitem>
- <para>Authenticate Windows domain logins</para>
- </listitem>
- <listitem>
- <para>Provide <firstterm>Windows Internet Name Service</firstterm> (<systemitem class="service">WINS</systemitem>) name server resolution</para>
- </listitem>
- <listitem>
- <para>Act as a Windows <trademark
- class="registered">NT</trademark>-style <firstterm>Primary Domain Controller</firstterm> (PDC)</para>
- </listitem>
- <listitem>
- <para>Act as a <firstterm>Backup Domain Controller</firstterm> (BDC) for a Samba-based PDC</para>
- </listitem>
- <listitem>
- <para>Act as an Active Directory domain member server</para>
- </listitem>
- <listitem>
- <para>Join a Windows NT/2000/2003/2008 PDC/Windows Server 2012</para>
- </listitem>
- </itemizedlist>
- <para>What Samba cannot do:</para>
- <itemizedlist>
- <listitem>
- <para>Act as a BDC for a Windows PDC (and vice versa)</para>
- </listitem>
- <listitem>
- <para>Act as an Active Directory domain controller</para>
- </listitem>
- </itemizedlist>
- </section>
- </section>
- <section
- id="s2-samba-daemons">
- <title>Samba Daemons and Related Services</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>daemon</secondary>
- </indexterm>
- <para>The following is a brief introduction to the individual Samba daemons and services.</para>
- <section
- id="s3-samba-services">
- <title>Samba Daemons</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>daemon</secondary>
- <tertiary>overview</tertiary>
- </indexterm>
- <para>Samba is comprised of three daemons (<command>smbd</command>, <command>nmbd</command>, and <command>winbindd</command>). Three services (<command>smb</command>, <command>nmb</command>, and <command>winbind</command>) control how the daemons are started, stopped, and other service-related features. These services act as different init scripts. Each daemon is listed in detail below, as well as which specific service has control over it.</para>
- <bridgehead id="s4-samba-daemon-smbd">
- <command>smbd</command>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>daemon</secondary>
- <tertiary>smbd</tertiary>
- </indexterm>
- <para>The <command>smbd</command> server daemon provides file sharing and printing services to Windows clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the <systemitem class="protocol">SMB</systemitem> protocol. The default ports on which the server listens for <systemitem class="protocol">SMB</systemitem> traffic are <systemitem class="protocol">TCP</systemitem> ports <constant>139</constant> and <constant>445</constant>.</para>
- <para>The <command>smbd</command> daemon is controlled by the <command>smb</command> service.</para>
- <bridgehead id="s4-samba-daemon-nmbd">
- <command>nmbd</command>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>daemon</secondary>
- <tertiary>nmbd</tertiary>
- </indexterm>
- <para>The <command>nmbd</command> server daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows-based systems. These systems include Windows 95/98/ME, Windows NT, Windows 2000, Windows XP, and LanManager clients. It also participates in the browsing protocols that make up the Windows <guilabel>Network Neighborhood</guilabel> view. The default port that the server listens to for <systemitem class="protocol">NMB</systemitem> traffic is <systemitem class="protocol">UDP</systemitem> port <systemitem class="constant">137</systemitem>.</para>
- <para>The <command>nmbd</command> daemon is controlled by the <command>nmb</command> service.</para>
- <bridgehead id="s4-samba-daemon-winbindd">
- <command>winbindd</command>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>daemon</secondary>
- <tertiary>winbindd</tertiary>
- </indexterm>
- <para>The <command>winbind</command> service resolves user and group information received from a server running Windows NT, 2000, 2003, Windows Server 2008, or Windows Server 2012. This makes Windows user and group information understandable by UNIX platforms. This is achieved by using Microsoft RPC calls, <firstterm>Pluggable Authentication Modules</firstterm> (PAM), and the <firstterm>Name Service Switch</firstterm> (NSS). This allows Windows NT domain users to appear and operate as UNIX users on a UNIX machine. Though bundled with the Samba distribution, the <command>winbind</command> service is controlled separately from the <command>smb</command> service.</para>
- <para>The <command>winbindd</command> daemon is controlled by the <command>winbind</command> service and does not require the <command>smb</command> service to be started in order to operate. <command>winbindd</command> is also used when Samba is an Active Directory member, and may also be used on a Samba domain controller (to implement nested groups and interdomain trust). Because <command>winbind</command> is a client-side service used to connect to Windows NT-based servers, further discussion of <command>winbind</command> is beyond the scope of this chapter.</para>
- <note>
- <title>Obtaining a list of utilities that are shipped with Samba</title>
- <para>See <xref linkend="s2-samba-programs"/> for a list of utilities included in the Samba distribution.</para>
- </note>
- </section>
- </section>
- <section
- id="s2-samba-connect-share">
- <title>Connecting to a Samba Share</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>share</secondary>
- <tertiary>connecting to with Nautilus</tertiary>
- </indexterm>
- <para>You can use <application>Nautilus</application> to view available Samba shares on your network. To view a list of Samba workgroups and domains on your network, select <menuchoice><guimenu>Applications</guimenu><guisubmenu>Accessories</guisubmenu><guimenuitem>Files</guimenuitem></menuchoice> from the <guimenu>Activities</guimenu> menu, and click <guimenuitem>Browse Network</guimenuitem> at the sidebar.</para>
- <figure id="fig-samba-nautilus-workgroups">
- <title>Browsing a network in Nautilus</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/samba-nautilus-domain.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>Browsing a network in Nautilus</para>
- </textobject>
- </mediaobject>
- </figure>
- <para>An icon appears for each available <systemitem class="protocol">SMB</systemitem> workgroup or domain on the network. Double-click one of the workgroup/domain icons to view a list of computers within the workgroup/domain.</para>
- <para>Each machine within the workgroup is represented by its own icon. Double-click on an icon to view the Samba shares on the machine. If a username and password combination is required, you are prompted for them.</para>
- <para>Alternately, you can also specify the Samba server and sharename in the <guilabel>Location:</guilabel> bar for <application>Nautilus</application> using the following syntax (replace <replaceable>servername</replaceable> and <replaceable>sharename</replaceable> with the appropriate values):</para>
- <screen><command>smb://<replaceable>servername</replaceable>/<replaceable>sharename</replaceable></command></screen>
- <section
- id="s3-samba-connect-share-cmdline">
- <title>Command Line</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>share</secondary>
- <tertiary>connecting to via the command line</tertiary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>
- <command>findsmb</command>
- </secondary>
- </indexterm>
- <indexterm>
- <primary><command>findsmb</command></primary>
- </indexterm>
- <para>To query the network for Samba servers, use the <command>findsmb</command> command. For each server found, it displays its <systemitem class="protocol">IP</systemitem> address, NetBIOS name, workgroup name, operating system, and <systemitem class="protocol">SMB</systemitem> server version.</para>
- <indexterm>
- <primary>Samba</primary>
- <secondary><command>smbclient</command></secondary>
- </indexterm>
- <indexterm>
- <primary><command>smbclient</command></primary>
- </indexterm>
- <para>To connect to a Samba share from a shell prompt, type the following command:</para>
- <screen>~]$ <command>smbclient //<replaceable>hostname</replaceable>/<replaceable>sharename</replaceable> -U <replaceable>username</replaceable></command></screen>
- <para>Replace <replaceable>hostname</replaceable> with the hostname or <systemitem class="protocol">IP</systemitem> address of the Samba server you want to connect to, <replaceable>sharename</replaceable> with the name of the shared directory you want to browse, and <replaceable>username</replaceable> with the Samba username for the system. Enter the correct password or press <keycap>Enter</keycap> if no password is required for the user.</para>
- <para>If you see the <prompt>smb:\></prompt> prompt, you have successfully logged in. Once you are logged in, type <userinput>help</userinput> for a list of commands. If you want to browse the contents of your home directory, replace <replaceable>sharename</replaceable> with your username. If the <command>-U</command> switch is not used, the username of the current user is passed to the Samba server.</para>
- <para>To exit <command>smbclient</command>, type <userinput>exit</userinput> at the <prompt>smb:\></prompt> prompt.</para>
- </section>
- <section
- id="s2-samba-mounting">
- <title>Mounting the Share</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>share</secondary>
- <tertiary>mounting</tertiary>
- </indexterm>
- <para>Sometimes it is useful to mount a Samba share to a directory so that the files in the directory can be treated as if they are part of the local file system.</para>
- <para>To mount a Samba share to a directory, create a directory to mount it to (if it does not already exist), and execute the following command as <systemitem class="username">root</systemitem>:</para>
- <screen>
-<command>~]# mount -t cifs //<replaceable>servername</replaceable>/<replaceable>sharename</replaceable>
- <replaceable>/mnt/point/</replaceable> -o username=<replaceable>username</replaceable>,password=<replaceable>password</replaceable></command></screen>
-
- <para>This command mounts <replaceable>sharename</replaceable> from <replaceable>servername</replaceable> in the local directory <replaceable>/mnt/point/</replaceable>.
- </para>
- <note>
- <title>Installing cifs-utils package</title>
- <para>The <application>mount.cifs</application> utility is a separate RPM (independent from Samba). In order to use <application>mount.cifs</application>, first ensure the <package>cifs-utils</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>dnf install cifs-utils</command></screen>
- <para>For more information on installing packages with DNF, see <xref linkend="sec-Installing"/>.</para>
- <para>
- Note that the <package>cifs-utils</package> package also contains the <application>cifs.upcall</application> binary called by the kernel in order to perform kerberized CIFS mounts. For more information on <application>cifs.upcall</application>, see <command>man cifs.upcall</command>.
- </para>
- </note>
- <para>
- For more information about mounting a samba share, see <command>man mount.cifs</command>.
- </para>
- <warning>
- <title>CIFS servers that require plain text passwords</title>
- <para>
- Some CIFS servers require plain text passwords for authentication. Support for plain text password authentication can be enabled using the following command as <systemitem class="username">root</systemitem>:
- </para>
- <screen>~]# <command>echo 0x37 > /proc/fs/cifs/SecurityFlags</command></screen>
- <para>
- WARNING: This operation can expose passwords by removing password encryption.
- </para>
- </warning>
- </section>
- </section>
- <section
- id="s2-samba-configuring">
- <title>Configuring a Samba Server</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>configuration</secondary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>configuration</secondary>
- <tertiary>default</tertiary>
- </indexterm>
- <para>The default configuration file (<filename>/etc/samba/smb.conf</filename>) allows users to view their home directories as a Samba share. It also shares all printers configured for the system as Samba shared printers. You can attach a printer to the system and print to it from the Windows machines on your network.</para>
- <section
- id="s3-samba-configuring-gui">
- <title>Graphical Configuration</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>graphical configuration</secondary>
- </indexterm>
- <para>
- To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at <ulink url="http://www.samba.org/samba/GUI/">http://www.samba.org/samba/GUI/</ulink>.
- </para>
- </section>
- <section
- id="s3-samba-configuring-cmdline">
- <title>Command Line Configuration</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>configuration</secondary>
- </indexterm>
- <para>Samba uses <filename>/etc/samba/smb.conf</filename> as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the following command, as <systemitem class="username">root</systemitem>:
- <screen>~]# <command>systemctl restart smb.service</command></screen>
- </para>
- <para>To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your <filename>/etc/samba/smb.conf</filename> file:</para>
- <programlisting>workgroup = <replaceable>WORKGROUPNAME</replaceable>
-server string = <replaceable>BRIEF COMMENT ABOUT SERVER</replaceable></programlisting>
- <para>Replace <replaceable>WORKGROUPNAME</replaceable> with the name of the Windows workgroup to which this machine should belong. The <replaceable>BRIEF COMMENT ABOUT SERVER</replaceable> is optional and is used as the Windows comment about the Samba system.</para>
- <para>To create a Samba share directory on your Linux system, add the following section to your <filename>/etc/samba/smb.conf</filename> file (after modifying it to reflect your needs and your system):</para>
- <programlisting>[<replaceable>sharename</replaceable>]
+<section id="sect-Samba">
+ <title>Samba</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Reference</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <see>Samba</see>
+ </indexterm>
+ <para>
+ <application>Samba</application> is the standard open source Windows interoperability suite of programs for Linux. It implements the <firstterm>server message block</firstterm> (<systemitem class="protocol">SMB</systemitem>) protocol. Modern versions of this protocol are also known as the <firstterm>common Internet file system</firstterm> (<systemitem class="protocol">CIFS</systemitem>) protocol. It allows the networking of Microsoft <trademark class="registered">Windows</trademark>, Linux, UNIX, and other operating systems together, enabling access to Windows-based file and printer shares. Samba's use of <systemitem class="protocol">SMB</systemitem> allows it to appear as a Windows server to Windows clients.
+ </para>
+ <note>
+ <title>Installing the samba package</title>
+ <para>
+ In order to use <application>Samba</application>, first ensure the <package>samba</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>dnf install samba</command></screen>
+ <para>
+ For more information on installing packages with DNF, see <xref linkend="sec-Installing"/>.
+ </para>
+ </note>
+ <section id="sect-Samba-Introduction_to_Samba">
+ <title>Introduction to Samba</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Introduction</secondary>
+ </indexterm>
+ <para>
+ Samba is an important component to seamlessly integrate Linux Servers and Desktops into Active Directory (AD) environments. It can function both as a domain controller (NT4-style) or as a regular domain member (AD or NT4-style).
+ </para>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Abilities</secondary>
+ </indexterm>
+ <bridgehead renderas="sect3">What Samba can do:</bridgehead>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Serve directory trees and printers to Linux, UNIX, and Windows clients
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Assist in network browsing (with NetBIOS)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Authenticate Windows domain logins
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Provide <firstterm>Windows Internet Name Service</firstterm> (<systemitem class="service">WINS</systemitem>) name server resolution
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Act as a Windows <trademark class="registered">NT</trademark>-style <firstterm>Primary Domain Controller</firstterm> (PDC)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Act as a <firstterm>Backup Domain Controller</firstterm> (BDC) for a Samba-based PDC
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Act as an Active Directory domain member server
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Join a Windows NT/2000/2003/2008 PDC/Windows Server 2012
+ </para>
+ </listitem>
+ </itemizedlist>
+ <bridgehead renderas="sect3">What Samba cannot do:</bridgehead>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Act as a BDC for a Windows PDC (and vice versa)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Act as an Active Directory domain controller
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section id="sect-Samba_Daemons_and_Related_Services">
+ <title>Samba Daemons and Related Services</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>daemon</secondary>
+ <tertiary>overview</tertiary>
+ </indexterm>
+ <para>
+ Samba is comprised of three daemons (<systemitem class="daemon">smbd</systemitem>, <systemitem class="daemon">nmbd</systemitem>, and <systemitem class="daemon">winbindd</systemitem>). Three services (<systemitem class="service">smb</systemitem>, <systemitem class="service">nmb</systemitem>, and <systemitem class="service">winbind</systemitem>) control how the daemons are started, stopped, and other service-related features. These services act as different init scripts. Each daemon is listed in detail below, as well as which specific service has control over it.
+ </para>
+ <bridgehead id="brid-Samba-Daemons-smbd" renderas="sect3">smbd</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>daemon</secondary>
+ <tertiary>smbd</tertiary>
+ </indexterm>
+ <para>
+ The <systemitem class="daemon">smbd</systemitem> server daemon provides file sharing and printing services to Windows clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the <systemitem class="protocol">SMB</systemitem> protocol. The default ports on which the server listens for <systemitem class="protocol">SMB</systemitem> traffic are <systemitem class="protocol">TCP</systemitem> ports <constant>139</constant> and <constant>445</constant>.
+ </para>
+ <para>
+ The <systemitem class="daemon">smbd</systemitem> daemon is controlled by the <systemitem>smb</systemitem> service.
+ </para>
+ <bridgehead id="brid-Samba-Daemons-nmbd" renderas="sect3">nmbd</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>daemon</secondary>
+ <tertiary>nmbd</tertiary>
+ </indexterm>
+ <para>
+ The <systemitem class="daemon">nmbd</systemitem> server daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows-based systems. These systems include Windows 95/98/ME, Windows NT, Windows 2000, Windows XP, and LanManager clients. It also participates in the browsing protocols that make up the Windows <guilabel>Network Neighborhood</guilabel> view. The default port that the server listens to for <systemitem class="protocol">NMB</systemitem> traffic is <systemitem class="protocol">UDP</systemitem> port <systemitem class="constant">137</systemitem>.
+ </para>
+ <para>
+ The <systemitem class="daemon">nmbd</systemitem> daemon is controlled by the <systemitem>nmb</systemitem> service.
+ </para>
+ <bridgehead id="brid-Samba-Daemons-winbindd" renderas="sect3">winbindd</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>daemon</secondary>
+ <tertiary>winbindd</tertiary>
+ </indexterm>
+ <para>
+ The <systemitem class="daemon">winbind</systemitem> service resolves user and group information received from a server running Windows NT, 2000, 2003, Windows Server 2008, or Windows Server 2012. This makes Windows user and group information understandable by UNIX platforms. This is achieved by using Microsoft RPC calls, <firstterm>Pluggable Authentication Modules</firstterm> (PAM), and the <firstterm>Name Service Switch</firstterm> (NSS). This allows Windows NT domain and Active Directory users to appear and operate as UNIX users on a UNIX machine. Though bundled with the Samba distribution, the <systemitem>winbind</systemitem> service is controlled separately from the <systemitem>smb</systemitem> service.
+ </para>
+ <para>
+ The <systemitem class="daemon">winbind</systemitem> daemon is controlled by the <systemitem>winbind</systemitem> service and does not require the <systemitem>smb</systemitem> service to be started in order to operate. <systemitem class="daemon">winbind</systemitem> is also used when Samba is an Active Directory member, and may also be used on a Samba domain controller (to implement nested groups and interdomain trust). Because <systemitem>winbind</systemitem> is a client-side service used to connect to Windows NT-based servers, further discussion of <systemitem>winbind</systemitem> is beyond the scope of this chapter.
+ </para>
+ <note>
+ <title>Obtaining a list of utilities that are shipped with Samba</title>
+ <para>
+ See <xref linkend="sect-Samba_Distribution_Programs"/> for a list of utilities included in the Samba distribution.
+ </para>
+ </note>
+ </section>
+ <section id="sect-Samba-Connecting_to_a_Samba_Share">
+ <title>Connecting to a Samba Share</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>share</secondary>
+ <tertiary>connecting to with Nautilus</tertiary>
+ </indexterm>
+ <para>
+ You can use either <application>Nautilus</application> or command line to connect to available Samba shares.
+ </para>
+ <procedure id="proc-Samba-Connecting_to_a_Samba_Share_GUI">
+ <title>Connecting to a Samba Share Using Nautilus</title>
+ <step>
+ <para>
+ To view a list of Samba workgroups and domains on your network, select <menuchoice><guimenu>Places</guimenu> <guimenuitem>Network</guimenuitem></menuchoice> from the GNOME panel, and then select the desired network. Alternatively, type <userinput>smb:</userinput> in the <menuchoice><guimenu>File</guimenu> <guimenuitem>Open Location</guimenuitem></menuchoice> bar of <application>Nautilus</application>.
+ </para>
+ <para>
+ <!-- As shown in <xref linkend="fig-samba-nautilus-workgroups"/>,--> An icon appears for each available <systemitem class="protocol">SMB</systemitem> workgroup or domain on the network.
+ </para>
+ <figure float="0" id="fig-samba-nautilus-workgroups">
+ <title>SMB Workgroups in Nautilus</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/samba-nautilus-domain.png" format="PNG" scalefit="1"/>
+ </imageobject>
+ <textobject>
+ <para>SMB Workgroups in Nautilus</para>
+ </textobject>
+ </mediaobject>
+ </figure>
+ </step>
+ <step>
+ <para>
+ Double-click one of the workgroup or domain icon to view a list of computers within the workgroup or domain.
+ </para>
+ <!-- <figure float="0" id="fig-samba-nautilus-machines">
+ <title>SMB Machines in Nautilus</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/mthelena_host.png" format="PNG" scalefit="1"/>
+ </imageobject>
+ <textobject>
+ <para>SMB Machines in Nautilus</para>
+ </textobject>
+ </mediaobject>
+ </figure> -->
+ </step>
+ <step>
+ <para>
+ <!-- As displayed in <xref linkend="fig-samba-nautilus-machines"/>, --> An icon exists for each machine within the workgroup. Double-click on an icon to view the Samba shares on the machine. If a user name and password combination is required, you are prompted for them.
+ </para>
+ <para>
+ Alternately, you can also specify the Samba server and sharename in the <guilabel>Location:</guilabel> bar for <application>Nautilus</application> using the following syntax (replace <replaceable>servername</replaceable> and <replaceable>sharename</replaceable> with the appropriate values):
+ </para>
+ <synopsis><command>smb://<replaceable>servername</replaceable>/<replaceable>sharename</replaceable></command></synopsis>
+ </step>
+ </procedure>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>share</secondary>
+ <tertiary>connecting to via the command line</tertiary>
+ </indexterm>
+ <!-- Hiding this section due to: https://bugzilla.redhat.com/show_bug.cgi?id=1052228#c8
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary><command>findsmb</command></secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>findsmb</command></primary>
+ </indexterm> -->
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary><command>smbclient</command></secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>smbclient</command></primary>
+ </indexterm>
+ <procedure id="proc-Samba-Connecting_to_a_Samba_Share_CLI">
+ <title>Connecting to a Samba Share Using the Command Line</title>
+ <!-- Hiding this section due to: https://bugzilla.redhat.com/show_bug.cgi?id=1052228#c8
+ <step>
+ <para>
+ To query the network for Samba servers, use the <command>findsmb</command> command. For each server found, it displays its <systemitem class="protocol">IP</systemitem> address, NetBIOS name, workgroup name, operating system, and <systemitem class="protocol">SMB</systemitem> server version:
+ </para>
+ <synopsis>~]$ <command>findsmb</command></synopsis>
+ </step> -->
+ <step>
+ <para>
+ To connect to a Samba share from a shell prompt, type the following command:
+ </para>
+ <synopsis><command>~]$ smbclient //<replaceable>hostname</replaceable>/<replaceable>sharename</replaceable> -U <replaceable>username</replaceable></command></synopsis>
+ <para>
+ Replace <replaceable>hostname</replaceable> with the host name or <systemitem class="protocol">IP</systemitem> address of the Samba server you want to connect to, <replaceable>sharename</replaceable> with the name of the shared directory you want to browse, and <replaceable>username</replaceable> with the Samba user name for the system. Enter the correct password or press <keycap>Enter</keycap> if no password is required for the user.
+ </para>
+ <para>
+ If you see the <prompt>smb:\></prompt> prompt, you have successfully logged in. Once you are logged in, type <userinput>help</userinput> for a list of commands. If you want to browse the contents of your home directory, replace <replaceable>sharename</replaceable> with your user name. If the <command>-U</command> switch is not used, the user name of the current user is passed to the Samba server.
+ </para>
+ </step>
+ <step>
+ <para>
+ To exit <command>smbclient</command>, type <userinput>exit</userinput> at the <prompt>smb:\></prompt> prompt.
+ </para>
+ </step>
+ </procedure>
+ </section>
+ <section id="sect-Mounting_the_Samba_Share">
+ <title>Mounting the Share</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>share</secondary>
+ <tertiary>mounting</tertiary>
+ </indexterm>
+ <para>
+ Sometimes it is useful to mount a Samba share to a directory so that the files in the directory can be treated as if they are part of the local file system.
+ </para>
+ <para>
+ To mount a Samba share to a directory, create a directory to mount it to (if it does not already exist), and execute the following command as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen><command>mount -t cifs //<replaceable>servername</replaceable>/<replaceable>sharename</replaceable> <replaceable>/mnt/point/</replaceable> -o username=<replaceable>username</replaceable>,password=<replaceable>password</replaceable></command></screen>
+ <para>
+ This command mounts <replaceable>sharename</replaceable> from <replaceable>servername</replaceable> in the local directory <replaceable>/mnt/point/</replaceable>.
+ </para>
+ <para>
+ For more information about mounting a samba share, see the <citerefentry><refentrytitle>mount.cifs</refentrytitle><manvolnum>8</manvolnum></citerefentry> manual page.
+ </para>
+ <note>
+ <title>Installing cifs-utils package</title>
+ <para>
+ The <application>mount.cifs</application> utility is a separate RPM (independent from Samba). In order to use <application>mount.cifs</application>, first ensure the <package>cifs-utils</package> package is installed on your system by running, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>dnf install cifs-utils</command></screen>
+ <para>
+ For more information on installing packages with DNF, see <xref linkend="sec-Installing"/>.
+ </para>
+ <para>
+ Note that the <package>cifs-utils</package> package also contains the <application>cifs.upcall</application> binary called by the kernel in order to perform kerberized CIFS mounts. For more information on <application>cifs.upcall</application>, see the <citerefentry><refentrytitle>cifs.upcall</refentrytitle><manvolnum>8</manvolnum></citerefentry> manual page.
+ </para>
+ </note>
+ <warning>
+ <title>CIFS servers that require plain text passwords</title>
+ <para>
+ Some CIFS servers require plain text passwords for authentication. Support for plain text password authentication can be enabled using the following command as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>echo 0x37 > /proc/fs/cifs/SecurityFlags</command></screen>
+ <para>
+ WARNING: This operation can expose passwords by removing password encryption.
+ </para>
+ </warning>
+ </section>
+ <section id="sect-Samba-Configuring_a_Samba_Server">
+ <title>Configuring a Samba Server</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>configuration</secondary>
+ <tertiary>default</tertiary>
+ </indexterm>
+ <para>
+ The default configuration file (<filename>/etc/samba/smb.conf</filename>) allows users to view their home directories as a Samba share. It also shares all printers configured for the system as Samba shared printers. You can attach a printer to the system and print to it from the Windows machines on your network.
+ </para>
+ <section id="sect-Samba-GUI_Configuration">
+ <title>Graphical Configuration</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>graphical configuration</secondary>
+ </indexterm>
+ <para>
+ To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at <ulink url="http://www.samba.org/samba/GUI/">http://www.samba.org/samba/GUI/</ulink>.
+ </para>
+ </section>
+ <section id="sect-Samba-Command-Line-Configuration">
+ <title>Command-Line Configuration</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+ <para>
+ Samba uses <filename>/etc/samba/smb.conf</filename> as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the following command, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl restart smb.service</command></screen>
+ <para>
+ To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your <filename>/etc/samba/smb.conf</filename> file:
+ </para>
+<screen>
+workgroup = <replaceable>WORKGROUPNAME</replaceable>
+server string = <replaceable>BRIEF COMMENT ABOUT SERVER</replaceable></screen>
+ <para>
+ Replace <replaceable>WORKGROUPNAME</replaceable> with the name of the Windows workgroup to which this machine should belong. The <replaceable>BRIEF COMMENT ABOUT SERVER</replaceable> is optional and is used as the Windows comment about the Samba system.
+ </para>
+ <para>
+ To create a Samba share directory on your Linux system, add the following section to your <filename>/etc/samba/smb.conf</filename> file (after modifying it to reflect your needs and your system):
+ </para>
+ <example id="exam-Samba-Configuring_Samba_Server">
+ <title>An Example Configuration of a Samba Server</title>
+<screen>
+[<replaceable>sharename</replaceable>]
comment = <replaceable>Insert a comment here</replaceable>
path = <replaceable>/home/share/</replaceable>
valid users = <replaceable>tfox carole</replaceable>
-public = no
writable = yes
-printable = no
-create mask = 0765</programlisting>
- <para>The above example allows the users <command>tfox</command> and <command>carole</command> to read and write to the directory <filename>/home/share</filename>, on the Samba server, from a Samba client.</para>
- </section>
- <section
- id="s3-samba-encrypted-passwords">
- <title>Encrypted Passwords</title>
- <para>Encrypted passwords are enabled by default because it is more secure to use them. To create a user with an encrypted password, use the command <command>smbpasswd -a <replaceable>username</replaceable></command>.</para>
- <indexterm>
- <primary>Samba</primary>
- <secondary>with Windows NT 4.0, 2000, ME, and XP</secondary>
- </indexterm>
- <indexterm>
- <primary>Windows NT 4.0</primary>
- <secondary>connecting to shares using Samba</secondary>
- </indexterm>
- <indexterm>
- <primary>Windows 98</primary>
- <secondary>connecting to shares using Samba</secondary>
- </indexterm>
- <indexterm>
- <primary>Windows 2000</primary>
- <secondary>connecting to shares using Samba</secondary>
- </indexterm>
- <indexterm>
- <primary>Windows ME</primary>
- <secondary>connecting to shares using Samba</secondary>
- </indexterm>
- <indexterm>
- <primary>Windows XP</primary>
- <secondary>connecting to shares using Samba</secondary>
- </indexterm>
-
- <indexterm>
- <primary>Samba</primary>
- <secondary>encrypted passwords</secondary>
- </indexterm>
- </section>
- </section>
- <section
- id="s2-samba-startstop">
- <title>Starting and Stopping Samba</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>service</secondary>
- <tertiary>starting</tertiary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>service</secondary>
- <tertiary>stopping</tertiary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>service</secondary>
- <tertiary>restarting</tertiary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>service</secondary>
- <tertiary>conditional restarting</tertiary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>service</secondary>
- <tertiary>reloading</tertiary>
- </indexterm>
- <para>To start a Samba server, type the following command in a shell prompt, as <systemitem class="username">root</systemitem>:</para>
-<screen>~]# <command>systemctl start smb.service</command></screen>
- <important>
- <title>Setting up a domain member server</title>
- <para>To set up a domain member server, you must first join the domain or Active Directory using the <command>net join</command> command <emphasis>before</emphasis> starting the <command>smb</command> service. Also, it is recommended to run <systemitem class="daemon">winbind</systemitem> before <systemitem class="daemon">smbd</systemitem>.</para>
- </important>
- <para>To stop the server, type the following command in a shell prompt, as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>systemctl stop smb.service</command></screen>
- <para>The <option>restart</option> option is a quick way of stopping and then starting Samba. This is the most reliable way to make configuration changes take effect after editing the configuration file for Samba. Note that the restart option starts the daemon even if it was not running originally.</para>
- <para>To restart the server, type the following command in a shell prompt, as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>systemctl restart smb.service</command></screen>
- <para>The <option>condrestart</option> (<firstterm>conditional restart</firstterm>) option only starts <command>smb</command> on the condition that it is currently running. This option is useful for scripts, because it does not start the daemon if it is not running.</para>
- <note>
- <title>Applying the changes to the configuration</title>
- <para>When the <filename>/etc/samba/smb.conf</filename> file is changed, Samba automatically reloads it after a few minutes. Issuing a manual <command>restart</command> or <command>reload</command> is just as effective.</para>
- </note>
- <para>To conditionally restart the server, type the following command, as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>systemctl condrestart smb.service</command></screen>
- <para>A manual reload of the <filename>/etc/samba/smb.conf</filename> file can be useful in case of a failed automatic reload by the <command>smb</command> service. To ensure that the Samba server configuration file is reloaded without restarting the service, type the following command, as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>systemctl reload smb.service</command></screen>
- <para>By default, the <command>smb</command> service does <emphasis>not</emphasis> start automatically at boot time. To configure Samba to start at boot time, type the following at a shell prompt as <systemitem class="username">root</systemitem>:</para>
- <screen>~]# <command>systemctl enable smb.service</command></screen>
-<para>See <xref linkend="ch-Services_and_Daemons" /> for more information regarding this tool.</para>
- </section>
- <section
- id="s2-samba-servers">
- <title>Samba Server Types and the <filename>smb.conf</filename> File</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Server Types</secondary>
- </indexterm>
- <para>Samba configuration is straightforward. All modifications to Samba are done in the <filename>/etc/samba/smb.conf</filename> configuration file. Although the default <filename>smb.conf</filename> file is well documented, it does not address complex topics such as LDAP, Active Directory, and the numerous domain controller implementations.</para>
- <para>The following sections describe the different ways a Samba server can be configured. Keep in mind your needs and the changes required to the <filename>/etc/samba/smb.conf</filename> file for a successful configuration.</para>
- <section
- id="s3-samba-standalone">
- <title>Stand-alone Server</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>server types</secondary>
- <tertiary>Stand Alone</tertiary>
- </indexterm>
- <para>A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several anonymous share-level security configurations and one user-level security configuration. For more information on share-level and user-level security modes, refer to <xref
- linkend="s2-samba-security-modes"/>.</para>
- <section
- id="s4-samba-standalone-anonreadonly">
- <title>Anonymous Read-Only</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>Anonymous Read Only example</tertiary>
- </indexterm>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement anonymous read-only file sharing. The <command>security = share</command> parameter makes a share anonymous. Note, security levels for a single Samba server cannot be mixed. The <command>security</command> directive is a global Samba parameter located in the <command>[global]</command> configuration section of the <filename>/etc/samba/smb.conf</filename> file.</para>
- <programlisting>[global]
+create mask = 0765</screen>
+ </example>
+ <para>
+ The above example allows the users <command>tfox</command> and <command>carole</command> to read and write to the directory <filename class="directory">/home/share/</filename>, on the Samba server, from a Samba client.
+ </para>
+ </section>
+ <section id="sect-Samba-Encrypted_Passwords">
+ <title>Encrypted Passwords</title>
+ <para>
+ Encrypted passwords are enabled by default because it is more secure to use them. To create a user with an encrypted password, use the <systemitem>smbpasswd</systemitem> utility:
+ </para>
+ <synopsis><command>smbpasswd -a <replaceable>username</replaceable></command></synopsis>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>with Windows NT 4.0, 2000, ME, and XP</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Windows NT 4.0</primary>
+ <secondary>connecting to shares using Samba</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Windows 98</primary>
+ <secondary>connecting to shares using Samba</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Windows 2000</primary>
+ <secondary>connecting to shares using Samba</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Windows ME</primary>
+ <secondary>connecting to shares using Samba</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Windows XP</primary>
+ <secondary>connecting to shares using Samba</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>encrypted passwords</secondary>
+ </indexterm>
+ </section>
+ </section>
+ <section id="sect-Samba-Starting_and_Stopping">
+ <title>Starting and Stopping Samba</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>service</secondary>
+ <tertiary>starting</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>service</secondary>
+ <tertiary>stopping</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>service</secondary>
+ <tertiary>restarting</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>service</secondary>
+ <tertiary>conditional restarting</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>service</secondary>
+ <tertiary>reloading</tertiary>
+ </indexterm>
+ <para>
+ To start a Samba server, type the following command in a shell prompt, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl start smb.service</command></screen>
+ <important>
+ <title>Setting up a domain member server</title>
+ <para>
+ To set up a domain member server, you must first join the domain or Active Directory using the <command>net join</command> command <emphasis>before</emphasis> starting the <systemitem class="service">smb</systemitem> service. Also, it is recommended to run <systemitem class="daemon">winbind</systemitem> before <systemitem class="daemon">smbd</systemitem>.
+ </para>
+ </important>
+ <para>
+ To stop the server, type the following command in a shell prompt, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl stop smb.service</command></screen>
+ <para>
+ The <option>restart</option> option is a quick way of stopping and then starting Samba. This is the most reliable way to make configuration changes take effect after editing the configuration file for Samba. Note that the restart option starts the daemon even if it was not running originally.
+ </para>
+ <para>
+ To restart the server, type the following command in a shell prompt, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl restart smb.service</command></screen>
+ <para>
+ The <option>condrestart</option> (<firstterm>conditional restart</firstterm>) option only starts <systemitem class="service">smb</systemitem> on the condition that it is currently running. This option is useful for scripts, because it does not start the daemon if it is not running.
+ </para>
+ <note>
+ <title>Applying the changes to the configuration</title>
+ <para>
+ When the <filename>/etc/samba/smb.conf</filename> file is changed, Samba automatically reloads it after a few minutes. Issuing a manual <command>restart</command> or <command>reload</command> is just as effective.
+ </para>
+ </note>
+ <para>
+ To conditionally restart the server, type the following command, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl try-restart smb.service</command></screen>
+ <para>
+ A manual reload of the <filename>/etc/samba/smb.conf</filename> file can be useful in case of a failed automatic reload by the <systemitem class="service">smb</systemitem> service. To ensure that the Samba server configuration file is reloaded without restarting the service, type the following command, as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl reload smb.service</command></screen>
+ <para>
+ By default, the <systemitem class="service">smb</systemitem> service does <emphasis>not</emphasis> start automatically at boot time. To configure Samba to start at boot time, type the following at a shell prompt as <systemitem class="username">root</systemitem>:
+ </para>
+ <screen>~]# <command>systemctl enable smb.service</command></screen>
+ <para>
+ See <xref linkend="ch-Services_and_Daemons" /> for more information regarding this tool.
+ </para>
+ </section>
+ <section id="sect-Samba-Server_Types_and_the_smb.conf_File">
+ <title>Samba Server Types and the <filename>smb.conf</filename> File</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Server Types</secondary>
+ </indexterm>
+ <para>
+ Samba configuration is straightforward. All modifications to Samba are done in the <filename>/etc/samba/smb.conf</filename> configuration file. Although the default <filename>smb.conf</filename> file is well documented, it does not address complex topics such as LDAP, Active Directory, and the numerous domain controller implementations.
+ </para>
+ <para>
+ The following sections describe the different ways a Samba server can be configured. Keep in mind your needs and the changes required to the <filename>/etc/samba/smb.conf</filename> file for a successful configuration.
+ </para>
+ <section id="sect-Samba-Standalone_Server">
+ <title>Stand-alone Server</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>server types</secondary>
+ <tertiary>Stand Alone</tertiary>
+ </indexterm>
+ <para>
+ A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several user-level security configurations. For more information on security modes, see <xref linkend="sect-Samba-Security_Modes"/>.
+ </para>
+ <bridgehead id="brid-Samba-Standalone_Anonymous_Read-Only_Server" renderas="sect3">Anonymous Read-Only</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>Anonymous Read Only example</tertiary>
+ </indexterm>
+ <para>
+ The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement anonymous read-only file sharing. Two directives are used to configure anonymous access – <parameter>map to guest = Bad user</parameter> and <parameter>guest account = nobody</parameter>.
+ </para>
+ <example id="exam-Samba-Standalone_Anonymous_Read-Only_Server">
+ <title>An Example Configuration of a Anonymous Read-Only Samba Server</title>
+<screen>[global]
workgroup = DOCS
netbios name = DOCS_SRV
-security = share
+security = user
+guest account = nobody # default value
+map to guest = Bad user
+
[data]
comment = Documentation Samba Server
path = /export
-read only = Yes
-guest only = Yes</programlisting>
- </section>
- <section
- id="s4-samba-standalone-anonreadwrite">
- <title>Anonymous Read/Write</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>Anonymous Read/Write example</tertiary>
- </indexterm>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement anonymous read/write file sharing. To enable anonymous read/write file sharing, set the <command>read only</command> directive to <command>no</command>. The <command>force user</command> and <command>force group</command> directives are also added to enforce the ownership of any newly placed files specified in the share.</para>
- <note>
- <title>Do not use anonymous read/write servers</title>
- <para>Although having an anonymous read/write server is possible, it is not recommended. Any files placed in the share space, regardless of user, are assigned the user/group combination as specified by a generic user (<command>force user</command>) and group (<command>force group</command>) in the <filename>/etc/samba/smb.conf</filename> file.</para>
- </note>
- <programlisting>[global]
+read only = yes
+guest ok = yes</screen>
+ </example>
+ <bridgehead id="brid-Samba-Standalone_Anonymous_Read-Write-Server" renderas="sect3">Anonymous Read/Write</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>Anonymous Read/Write example</tertiary>
+ </indexterm>
+ <para>
+ The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement anonymous read/write file sharing. To enable anonymous read/write file sharing, set the <parameter>read only</parameter> directive to <literal>no</literal>. The <parameter>force user</parameter> and <parameter>force group</parameter> directives are also added to enforce the ownership of any newly placed files specified in the share.
+ </para>
+ <note>
+ <title>Do not use anonymous read/write servers</title>
+ <para>
+ Although having an anonymous read/write server is possible, it is not recommended. Any files placed in the share space, regardless of user, are assigned the user/group combination as specified by a generic user (<parameter>force user</parameter>) and group (<parameter>force group</parameter>) in the <filename>/etc/samba/smb.conf</filename> file.
+ </para>
+ </note>
+ <example id="exam-Samba-Standalone_Anonymous_Read-Write-Server">
+ <title>An Example Configuration of a Anonymous Read/Write Samba Server</title>
+ <screen>
+[global]
workgroup = DOCS
-netbios name = DOCS_SRV
-security = share
+security = user
+guest account = nobody # default value
+map to guest = Bad user
+
[data]
comment = Data
path = /export
-force user = docsbot
-force group = users
-read only = No
-guest ok = Yes</programlisting>
- </section>
- <section
- id="s4-samba-standalone-anonprint">
- <title>Anonymous Print Server</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>Anonymous Print Server example</tertiary>
- </indexterm>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement an anonymous print server. Setting <command>browseable</command> to <command>no</command> as shown does not list the printer in Windows <guilabel>Network Neighborhood</guilabel>. Although hidden from browsing, configuring the printer explicitly is possible. By connecting to <command>DOCS_SRV</command> using NetBIOS, the client can have access to the printer if the client is also part of the <command>DOCS</command> workgroup. It is also assumed that the client has the correct local printer driver installed, as the <command>use client driver</command> directive is set to <command>Yes</command>. In this case, the Samba server has no responsibility for sharing printer drivers to the client.</para>
- <programlisting>[global]
+guest ok = yes
+writeable = yes
+force user = user
+force group = group</screen>
+ </example>
+ <bridgehead id="brid-Samba-Standalone_Anonymous_Print-Server" renderas="sect3">Anonymous Print Server</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>Anonymous Print Server example</tertiary>
+ </indexterm>
+ <para>
+ The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement an anonymous print server. Setting <parameter>browseable</parameter> to <literal>no</literal> as shown does not list the printer in Windows <guilabel>Network Neighborhood</guilabel>. Although hidden from browsing, configuring the printer explicitly is possible. By connecting to <literal>DOCS_SRV</literal> using NetBIOS, the client can have access to the printer if the client is also part of the <literal>DOCS</literal> workgroup. It is also assumed that the client has the correct local printer driver installed, as the <parameter>use client driver</parameter> directive is set to <literal>yes</literal>. In this case, the Samba server has no responsibility for sharing printer drivers to the client.
+ </para>
+ <example id="exam-Samba-Standalone_Anonymous_Print-Server">
+ <title>An Example Configuration of a Anonymous Print Samba Server</title>
+ <screen>
+[global]
workgroup = DOCS
netbios name = DOCS_SRV
-security = share
-printcap name = cups
-disable spools= Yes
-show add printer wizard = No
+security = user
+map to guest = Bad user
printing = cups
+
[printers]
comment = All Printers
path = /var/spool/samba
-guest ok = Yes
-printable = Yes
-use client driver = Yes
-browseable = Yes</programlisting>
- </section>
- <section
- id="s4-samba-standalone-readwriteall">
- <title>Secure Read/Write File and Print Server</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>Secure File and Print Server example</tertiary>
- </indexterm>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a secure read/write print server. Setting the <command>security</command> directive to <command>user</command> forces Samba to authenticate client connections. Notice the <command>[homes]</command> share does not have a <command>force user</command> or <command>force group</command> directive as the <command>[public]</command> share does. The <command>[homes]</command> share uses the authenticated user details for any files created as opposed to the <command>force user</command> and <command>force group</command> in <command>[public]</command>.</para>
- <programlisting>[global]
+guest ok = yes
+printable = yes
+use client driver = yes
+browseable = yes</screen>
+ </example>
+ <bridgehead id="brid-Samba-Standalone_Secure_Read_Write_File_and_Print_Server" renderas="sect3">Secure Read/Write File and Print Server</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>Secure File and Print Server example</tertiary>
+ </indexterm>
+ <para>
+ The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a secure read/write file and print server. Setting the <parameter>security</parameter> directive to <literal>user</literal> forces Samba to authenticate client connections. Notice the <literal>[homes]</literal> share does not have a <parameter>force user</parameter> or <parameter>force group</parameter> directive as the <literal>[public]</literal> share does. The <literal>[homes]</literal> share uses the authenticated user details for any files created as opposed to the <parameter>force user</parameter> and <parameter>force group</parameter> in <literal>[public]</literal>.
+ </para>
+ <example id="exam-Samba-Standalone_Secure_Read_Write_File_and_Print_Server">
+ <title>An Example Configuration of a Secure Read/Write File and Print Samba Server</title>
+ <screen>
+[global]
workgroup = DOCS
netbios name = DOCS_SRV
security = user
printcap name = cups
-disable spools = Yes
-show add printer wizard = No
+disable spools = yes
+show add printer wizard = no
printing = cups
+
[homes]
comment = Home Directories
valid users = %S
-read only = No
-browseable = No
+read only = no
+browseable = no
+
[public]
comment = Data
path = /export
force user = docsbot
force group = users
-guest ok = Yes
+guest ok = yes
+
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = john, ed, @admins
create mask = 0600
-guest ok = Yes
-printable = Yes
-use client driver = Yes
-browseable = Yes</programlisting>
- </section>
- </section>
- <section
- id="s3-samba-domain-member">
- <title>Domain Member Server</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>server types</secondary>
- <tertiary>Domain Member</tertiary>
- </indexterm>
- <para>A domain member, while similar to a stand-alone server, is logged into a domain controller (either Windows or Samba) and is subject to the domain's security rules. An example of a domain member server would be a departmental server running Samba that has a machine account on the Primary Domain Controller (PDC). All of the department's clients still authenticate with the PDC, and desktop profiles and all network policy files are included. The difference is that the departmental server has the ability to control printer and network shares.</para>
- <section
- id="s4-samba-domain-member-ads">
- <title>Active Directory Domain Member Server</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>Active Directory Member Server example</tertiary>
- </indexterm>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement an Active Directory domain member server. In this example, Samba authenticates users for services being run locally but is also a client of the Active Directory. Ensure that your kerberos <command>realm</command> parameter is shown in all caps (for example <command>realm = EXAMPLE.COM</command>). Since Windows 2000/2003/2008 requires Kerberos for Active Directory authentication, the <command>realm</command> directive is required. If Active Directory and Kerberos are running on different servers, the <command>password server</command> directive may be required to help the distinction.</para>
- <programlisting>[global]
+guest ok = yes
+printable = yes
+use client driver = yes
+browseable = yes</screen>
+ </example>
+ </section>
+ <section id="sect-Samba-Domain_Member_Server">
+ <title>Domain Member Server</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>server types</secondary>
+ <tertiary>Domain Member</tertiary>
+ </indexterm>
+ <para>
+ A domain member, while similar to a stand-alone server, is logged into a domain controller (either Windows or Samba) and is subject to the domain's security rules. An example of a domain member server would be a departmental server running Samba that has a machine account on the Primary Domain Controller (PDC). All of the department's clients still authenticate with the PDC, and desktop profiles and all network policy files are included. The difference is that the departmental server has the ability to control printer and network shares.
+ </para>
+ <bridgehead id="brid-Samba_Domain_Member_Server-Active_Directory_Domain_Member_Sever" renderas="sect3">Active Directory Domain Member Server</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>Active Directory Member Server example</tertiary>
+ </indexterm>
+ <para>
+ To implement an Active Directory domain member server, follow procedure below:
+ </para>
+ <procedure id="proc-Samba-Adding_an_AD_Member">
+ <title>Adding a Member Server to an Active Directory Domain</title>
+ <step>
+ <para>
+ Create the <filename>/etc/samba/smb.conf</filename> configuration file on a member server to be added to the Active Directory domain. Add the following lines to the configuration file:
+ </para>
+ <screen>
+[global]
realm = EXAMPLE.COM
security = ADS
encrypt passwords = yes
# Optional. Use only if Samba cannot determine the Kerberos server automatically.
-password server = kerberos.example.com</programlisting>
- <para>In order to join a member server to an Active Directory domain, the following steps must be completed:</para>
- <itemizedlist>
- <listitem>
- <para>Configuration of the <filename>/etc/samba/smb.conf</filename> file on the member server</para>
- </listitem>
- <listitem>
- <para>Configuration of Kerberos, including the <filename>/etc/krb5.conf</filename> file, on the member server</para>
- </listitem>
- <listitem>
- <para>Creation of the machine account on the Active Directory domain server</para>
- </listitem>
- <listitem>
- <para>Association of the member server to the Active Directory domain</para>
- </listitem>
- </itemizedlist>
- <para>To create the machine account and join the Windows 2000/2003/2008 Active Directory, Kerberos must first be initialized for the member server wishing to join the Active Directory domain. To create an administrative Kerberos ticket, type the following command as <systemitem class="username">root</systemitem> on the member server:</para>
- <screen><command>kinit administrator(a)EXAMPLE.COM</command></screen>
- <para>
- The <command>kinit</command> command is a Kerberos initialization script that references the Active Directory administrator account and Kerberos realm. Since Active Directory requires Kerberos tickets, <command>kinit</command> obtains and caches a Kerberos ticket-granting ticket for client/server authentication.</para> <!-- TBD6: link to the Smart Cards Guide -->
- <para>To join an Active Directory server (windows1.example.com), type the following command as <systemitem class="username">root</systemitem> on the member server:</para>
- <screen><command>net ads join -S windows1.example.com -U administrator%password</command></screen>
- <para>Since the machine <command>windows1</command> was automatically found in the corresponding Kerberos realm (the <command>kinit</command> command succeeded), the <command>net</command> command connects to the Active Directory server using its required administrator account and password. This creates the appropriate machine account on the Active Directory and grants permissions to the Samba domain member server to join the domain.</para>
- <note>
- <title>The security option</title>
- <para>Since <command>security = ads</command> and not <command>security = user</command> is used, a local password back end such as <filename>smbpasswd</filename> is not needed. Older clients that do not support <command>security = ads</command> are authenticated as if <command>security = domain</command> had been set. This change does not affect functionality and allows local users not previously in the domain.</para>
- </note>
- </section>
- <section
- id="s4-samba-domain-member-nt4">
- <title>Windows NT4-based Domain Member Server</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>NT4-style Domain Member example</tertiary>
- </indexterm>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a Windows NT4-based domain member server. Becoming a member server of an NT4-based domain is similar to connecting to an Active Directory. The main difference is NT4-based domains do not use Kerberos in their authentication method, making the <filename>/etc/samba/smb.conf</filename> file simpler. In this instance, the Samba member server functions as a pass through to the NT4-based domain server.</para>
- <programlisting>[global]
+password server = kerberos.example.com</screen>
+ <para>
+ With the above configuration, Samba authenticates users for services being run locally but is also a client of the Active Directory. Ensure that your kerberos <parameter>realm</parameter> parameter is shown in all caps (for example <literal>realm = EXAMPLE.COM</literal>). Since Windows 2000/2003/2008 requires Kerberos for Active Directory authentication, the <parameter>realm</parameter> directive is required. If Active Directory and Kerberos are running on different servers, the <parameter>password server</parameter> directive is required to help the distinction.
+ </para>
+ </step>
+ <step>
+ <para>
+ Configure Kerberos on the member server. Create the <filename>/etc/krb5.conf</filename> configuration file with the following content:
+ </para>
+ <screen>
+[logging]
+ default = FILE:/var/log/krb5libs.log
+
+[libdefaults]
+ default_realm = AD.EXAMPLE.COM
+ dns_lookup_realm = true
+ dns_lookup_kdc = true
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ rdns = false
+ forwardable = false
+
+[realms]
+# Define only if DNS lookups are not working
+# AD.EXAMPLE.COM = {
+# kdc = server.ad.example.com
+# admin_server = server.ad.example.com
+# master_kdc = server.ad.example.com
+# }
+
+[domain_realm]
+# Define only if DNS lookups are not working
+# .ad.example.com = AD.EXAMPLE.COM
+# ad.example.com = AD.EXAMPLE.COM</screen>
+ <para>
+ Uncomment the <literal>[realms]</literal> and <literal>[domain_realm]</literal> sections if DNS lookups are not working.
+ </para>
+ <para>
+ For more information on Kerberos, and the <command>/etc/krb5.conf</command> file, see the <citetitle pubwork="section">Using Kerberos</citetitle> section of the <ulink url="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/...">&MAJOROSVER; <citetitle>Managing Single Sign-On and Smart Cards</citetitle></ulink>.
+ </para>
+ </step>
+ <step>
+ <para>
+ To join an Active Directory server, type the following command as <systemitem class="username">root</systemitem> on the member server:
+ </para>
+ <screen>~]# <command>net ads join -U administrator%<replaceable>password</replaceable></command></screen>
+ <para>
+ The <command>net</command> command authenticates as <systemitem class="username">Administrator</systemitem> using the NT LAN Manager (NTLM) protocol and creates the machine account. Then <command>net</command> uses the machine account credentials to authenticate with Kerberos.
+ </para>
+ <note>
+ <title>The security option</title>
+ <para>
+ Since <parameter>security = ads</parameter> and not <parameter>security = user</parameter> is used, a local password back end such as <systemitem>smbpasswd</systemitem> is not needed. Older clients that do not support <parameter>security = ads</parameter> are authenticated as if <parameter>security = domain</parameter> had been set. This change does not affect functionality and allows local users not previously in the domain.
+ </para>
+ </note>
+ </step>
+ </procedure>
+ <bridgehead id="brid-Samba-Domain_Member_Server-Windows_NT4-based_Domain_Memeber_Server" renderas="sect3">Windows NT4-based Domain Member Server</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>NT4-style Domain Member example</tertiary>
+ </indexterm>
+ <para>
+ The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a Windows NT4-based domain member server. Becoming a member server of an NT4-based domain is similar to connecting to an Active Directory. The main difference is NT4-based domains do not use Kerberos in their authentication method, making the <filename>/etc/samba/smb.conf</filename> file simpler. In this instance, the Samba member server functions as a pass through to the NT4-based domain server.
+ </para>
+ <example id="exam-Samba-Domain_Member_Server-Windows_NT4-based_Domain_Memeber_Server">
+ <title>An Example Configuration of Samba Windows NT4-based Domain Member Server</title>
+ <screen>
+[global]
workgroup = DOCS
netbios name = DOCS_SRV
security = domain
+
[homes]
comment = Home Directories
valid users = %S
-read only = No
-browseable = No
+read only = no
+browseable = no
+
[public]
comment = Data
path = /export
force user = docsbot
force group = users
-guest ok = Yes</programlisting>
- <para>Having Samba as a domain member server can be useful in many situations. There are times where the Samba server can have other uses besides file and printer sharing. It may be beneficial to make Samba a domain member server in instances where Linux-only applications are required for use in the domain environment. Administrators appreciate keeping track of all machines in the domain, even if not Windows-based. In the event the Windows-based server hardware is deprecated, it is quite easy to modify the <filename>/etc/samba/smb.conf</filename> file to convert the server to a Samba-based PDC. If Windows NT-based servers are upgraded to Windows 2000/2003/2008, the <filename>/etc/samba/smb.conf</filename> file is easily modifiable to incorporate the infrastructure change to Active Directory if needed.</para>
- <important>
- <title>Make sure you join the domain before starting Samba</title>
- <para>After configuring the <filename>/etc/samba/smb.conf</filename> file, join the domain <emphasis>before</emphasis> starting Samba by typing the following command as <systemitem class="username">root</systemitem>:</para>
- <screen><command>net rpc join -U administrator%password</command></screen>
- </important>
- <para>Note that the <option>-S</option> option, which specifies the domain server hostname, does not need to be stated in the <command>net rpc join</command> command. Samba uses the hostname specified by the <command>workgroup</command> directive in the <filename>/etc/samba/smb.conf</filename> file instead of it being stated explicitly.</para>
- </section>
- </section>
- <section
- id="s3-samba-domain-controller">
- <title>Domain Controller</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>server types</secondary>
- <tertiary>Domain Controller</tertiary>
- </indexterm>
- <para>A domain controller in Windows NT is functionally similar to a Network Information Service (NIS) server in a Linux environment. Domain controllers and NIS servers both host user/group information databases as well as related services. Domain controllers are mainly used for security, including the authentication of users accessing domain resources. The service that maintains the user/group database integrity is called the <firstterm>Security Account Manager</firstterm> (SAM). The SAM database is stored differently between Windows and Linux Samba-based systems, therefore SAM replication cannot be achieved and platforms cannot be mixed in a PDC/BDC environment.</para>
- <para>In a Samba environment, there can be only one PDC and zero or more BDCs.</para>
- <important>
- <title>A mixed Samba/Windows domain controller environment</title>
- <para>Samba cannot exist in a mixed Samba/Windows domain controller environment (Samba cannot be a BDC of a Windows PDC or vice versa). Alternatively, Samba PDCs and BDCs <emphasis>can</emphasis> coexist.</para>
- </important>
- <section
- id="s4-samba-pdc-tdbsam">
- <title>Primary Domain Controller (PDC) using <command>tdbsam</command>
- </title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>PDC using <command>tdbsam</command>
- </tertiary>
- </indexterm>
- <para>The simplest and most common implementation of a Samba PDC uses the new default <command>tdbsam</command> password database back end. Replacing the aging <command>smbpasswd</command> back end, <command>tdbsam</command> has numerous improvements that are explained in more detail in <xref
- linkend="s2-samba-account-info-dbs"/>. The <command>passdb backend</command> directive controls which back end is to be used for the PDC.</para>
- <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a <command>tdbsam</command> password database back end.
- </para>
- <programlisting>[global]
+guest ok = yes</screen>
+ </example>
+ <para>
+ Having Samba as a domain member server can be useful in many situations. There are times where the Samba server can have other uses besides file and printer sharing. It may be beneficial to make Samba a domain member server in instances where Linux-only applications are required for use in the domain environment. Administrators appreciate keeping track of all machines in the domain, even if not Windows-based. In the event the Windows-based server hardware is deprecated, it is quite easy to modify the <filename>/etc/samba/smb.conf</filename> file to convert the server to a Samba-based PDC. If Windows NT-based servers are upgraded to Windows 2000/2003/2008 the <filename>/etc/samba/smb.conf</filename> file is easily modifiable to incorporate the infrastructure change to Active Directory if needed.
+ </para>
+ <important>
+ <title>Make sure you join the domain before starting Samba</title>
+ <para>
+ After configuring the <filename>/etc/samba/smb.conf</filename> file, join the domain <emphasis>before</emphasis> starting Samba by typing the following command as <systemitem class="username">root</systemitem>:
+ </para>
+<screen>~]# <command>net rpc join -U administrator%password</command></screen>
+ </important>
+ <para>
+ Note that the <option>-S</option> option, which specifies the domain server host name, does not need to be stated in the <command>net rpc join</command> command. Samba uses the host name specified by the <parameter>workgroup</parameter> directive in the <filename>/etc/samba/smb.conf</filename> file instead of it being stated explicitly.
+ </para>
+ </section>
+ <section id="sect-Samba-Domain_Controller">
+ <title>Domain Controller</title>
+
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>server types</secondary>
+ <tertiary>Domain Controller</tertiary>
+ </indexterm>
+ <para>
+ A domain controller in Windows NT is functionally similar to a Network Information Service (NIS) server in a Linux environment. Domain controllers and NIS servers both host user and group information databases as well as related services. Domain controllers are mainly used for security, including the authentication of users accessing domain resources. The service that maintains the user and group database integrity is called the <firstterm>Security Account Manager</firstterm> (SAM). The SAM database is stored differently between Windows and Linux Samba-based systems, therefore SAM replication cannot be achieved and platforms cannot be mixed in a PDC/BDC environment.
+ </para>
+ <para>
+ In a Samba environment, there can be only one PDC and zero or more BDCs.
+ </para>
+ <important>
+ <title>A mixed Samba/Windows domain controller environment</title>
+ <para>
+ Samba cannot exist in a mixed Samba/Windows domain controller environment (Samba cannot be a BDC of a Windows PDC or vice versa). Alternatively, Samba PDCs and BDCs <emphasis>can</emphasis> coexist.
+ </para>
+ </important>
+ <bridgehead id="brid-Samba_Domain_Controller-PDC_Using_tdbsam" renderas="sect3">Primary Domain Controller (PDC) Using <systemitem>tdbsam</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>smb.conf</secondary>
+ <tertiary>PDC using <systemitem>tdbsam</systemitem></tertiary>
+ </indexterm>
+ <para>
+ The simplest and most common implementation of a Samba PDC uses the new default <systemitem>tdbsam</systemitem> password database back end. Replacing the aging <systemitem>smbpasswd</systemitem> back end, <systemitem>tdbsam</systemitem> has numerous improvements that are explained in more detail in <xref linkend="sect-Samba-Account_Information-Databases"/>. The <parameter>passdb backend</parameter> directive controls which back end is to be used for the PDC.
+ </para>
+ <para>
+ The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a <systemitem>tdbsam</systemitem> password database back end.
+ </para>
+ <example id="exam-Samba_Domain_Controller-PDC_Using_tdbsam">
+ <title>An Example Configuration of Primary Domain Controller (PDC) Using <systemitem>tdbsam</systemitem></title>
+ <screen>
+[global]
workgroup = DOCS
netbios name = DOCS_SRV
passdb backend = tdbsam
@@ -631,560 +803,481 @@ add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g machines "
# This sets the default profile path.
# Set per user paths with pdbedit
logon drive = H:
-domain logons = Yes
+domain logons = yes
os level = 35
-preferred master = Yes
-domain master = Yes
+preferred master = yes
+domain master = yes
+
[homes]
comment = Home Directories
valid users = %S
- read only = No
+ read only = no
+
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon/scripts
- browseable = No
- read only = No
+ browseable = no
+ read only = no
# For profiles to work, create a user directory under the
# path shown.
-<command>mkdir -p /var/lib/samba/profiles/john</command>
+# mkdir -p /var/lib/samba/profiles/john
+
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
- read only = No
- browseable = No
- guest ok = Yes
- profile acls = Yes
-# Other resource shares ... ...</programlisting>
- <para>To provide a functional PDC system which uses the <command>tdbsam</command> follow these steps:</para>
- <orderedlist>
- <listitem>
- <para>
- Use a configuration of the <filename>smb.conf</filename> file as shown in the example above.
- </para>
- </listitem>
- <listitem>
- <para>
- Add the <systemitem class="username">root</systemitem> user to the Samba password database:</para>
-<screen><command>smbpasswd -a root</command></screen>
- </listitem>
- <listitem>
- <para>
- Start the <command>smb</command> service.
- </para>
- </listitem>
- <listitem>
- <para>
- Make sure all profile, user, and netlogon directories are created.
- </para>
- </listitem>
- <listitem>
- <para>
- Add groups that users can be members of:
- </para>
-<screen><command>groupadd -f users</command>
-<command>groupadd -f nobody</command>
-<command>groupadd -f ntadmins</command></screen>
- </listitem>
- <listitem>
- <para>
- Associate the UNIX groups with their respective Windows groups:
-<screen><command>net groupmap add ntgroup="Domain Users" unixgroup=users</command>
-<command>net groupmap add ntgroup="Domain Guests" unixgroup=nobody</command>
-<command>net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins</command></screen>
- </para>
- </listitem>
- <listitem>
- <para>
- Grant access rights to a user or a group. For example, to grant the right to add client machines to the domain on a Samba domain controller, to the members to the Domain Admins group, execute the following command:
-<screen><command>net rpc rights grant 'DOCS\Domain Admins' SetMachineAccountPrivilege -S PDC -U root</command></screen>
- </para>
- </listitem>
- </orderedlist>
- <para>
- Keep in mind that Windows systems prefer to have a primary group which is mapped to a domain group such as Domain Users.
- </para>
- <para>
- Windows groups and users use the same namespace thus not allowing the existence of a group and a user with the same name like in UNIX.
- </para>
- <note>
- <title>Limitations of the tdbsam authentication back end</title>
- <para>
- If you need more than one domain controller or have more than 250 users, do <emphasis>not</emphasis> use a <command>tdbsam</command> authentication back end. LDAP is recommended in these cases.
- </para>
- </note>
- </section>
- <!-- RHEL5: tech edit: cut these!
- <section id="samba-rgs-pdc-ldap">
- <title>Primary Domain Controller (PDC) using LDAP</title>
- <indexterm significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>PDC using LDAP</tertiary>
- </indexterm>
- <para>The most powerful and versatile implementation of a Samba PDC is its ability to have an LDAP password backend. LDAP is highly scalable. LDAP database servers can be used for redundancy and fail-over by replicating to a Samba BDC. Groups of LDAP PDCs
- and BDCs with load balancing are ideal for an enterprise environment. On the other hand, LDAP configurations are inherently complex to setup and maintain. If SSL is to be incorporated with LDAP, the complexity instantly multiplies. Even so, with
- careful and precise planning, LDAP is an ideal solution for enterprise environments.</para>
- <para>Note the <command>passdb backend</command> directive as well as specific LDAP suffix specifications. Although the Samba configuration for LDAP is straightforward, the installation of OpenLDAP is not trivial. LDAP should be installed
- and configured before any Samba configuration. Also, notice that Samba and LDAP do not need to be on the same server to function. It is highly recommended to separate the two in an enterprise environment.</para>
-<screen>[global]
-workgroup = DOCS
-netbios name = DOCS_SRV
-passdb backend = ldapsam:ldap://ldap.example.com
-username map = /etc/samba/smbusers
-security = user
-add user script = /usr/sbin/useradd -m %u
-delete user script = /usr/sbin/userdel -r %u
-add group script = /usr/sbin/groupadd %g
-delete group script = /usr/sbin/groupdel %g
-add user to group script = /usr/sbin/usermod -G %g %u
-add machine script = \ /usr/sbin/useradd -s /bin/false -d /dev/null \ -g machines %u
-# The following specifies the default logon script
-# Per user logon scripts can be specified in the
-# user account using pdbedit logon script = scripts\logon.bat
-# This sets the default profile path.
-# Set per user paths with pdbedit logon path = \\%L\Profiles\%U
-logon drive = H:
-logon home = \\%L\%U
-domain logons = Yes
-os level = 35
-preferred master = Yes
-domain master = Yes
-ldap suffix = dc=example,dc=com
-ldap machine suffix = ou=People
-ldap user suffix = ou=People
-ldap group suffix = ou=Group
-ldap idmap suffix = ou=People
-ldap admin dn = cn=Manager
-ldap ssl = no
-ldap passwd sync = yes
-idmap uid = 15000-20000
-idmap gid = 15000-20000 ...
+ read only = no
+ browseable = no
+ guest ok = yes
+ profile acls = yes
# Other resource shares ... ...</screen>
+ </example>
+ <para>
+ To provide a functional PDC system which uses <systemitem>tdbsam</systemitem> follow these steps:
+ </para>
+ <procedure id="proc-Samba_Domain_Controller-PDC_Using_tdbsam">
+ <step>
+ <para>
+ Adjust the <filename>smb.conf</filename> configuration file as shown in <xref linkend="exam-Samba_Domain_Controller-PDC_Using_tdbsam" />.
+ </para>
+ </step>
+ <step>
+ <para>
+ Add the <systemitem class="username">root</systemitem> user to the Samba password database. You will be prompted to provide a new Samba password for the <systemitem class="username">root</systemitem> user:
+ </para>
+ <screen>~]# <command>smbpasswd -a root</command>
+New SMB password:</screen>
+ </step>
+ <step>
+ <para>
+ Start the <systemitem>smb</systemitem> service:
+ </para>
+ <screen>~]# <command>service smb start</command></screen>
+ </step>
+ <step>
+ <para>
+ Make sure all profile, user, and netlogon directories are created.
+ </para>
+ </step>
+ <step>
+ <para>
+ Add groups that users can be members of:
+ </para>
+ <screen>~]# <command>groupadd -f users</command>
+~]# <command>groupadd -f nobody</command>
+~]# <command>groupadd -f ntadmins</command></screen>
+ </step>
+ <step>
+ <para>
+ Associate the UNIX groups with their respective Windows groups.
+ </para>
+ <screen>~]# <command>net groupmap add ntgroup="Domain Users" unixgroup=users</command>
+~]# <command>net groupmap add ntgroup="Domain Guests" unixgroup=nobody</command>
+~]# <command>net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins</command></screen>
+ </step>
+ <step>
+ <para>
+ Grant access rights to a user or a group. For example, to grant the right to add client machines to the domain on a Samba domain controller, to the members to the Domain Admins group, execute the following command:
+ </para>
+ <screen>~]# <command>net rpc rights grant 'DOCS\Domain Admins' SetMachineAccountPrivilege -S PDC -U root</command></screen>
+ </step>
+ </procedure>
+ <para>
+ Keep in mind that Windows systems prefer to have a primary group which is mapped to a domain group such as Domain Users.
+ </para>
+ <para>
+ Windows groups and users use the same namespace thus not allowing the existence of a group and a user with the same name like in UNIX.
+ </para>
<note>
- <title>Note</title>
- <para>Implementing LDAP in this <filename>smb.conf</filename> file assumes that a working LDAP server has been successfully installed on <command>ldap.example.com</command>.</para>
+ <title>Limitations of the tdbsam authentication back end</title>
+ <para>
+ If you need more than one domain controller or have more than 250 users, do <emphasis>not</emphasis> use the <systemitem>tdbsam</systemitem> authentication back end. LDAP is recommended in these cases.
+ </para>
</note>
- </section>
- <section id="samba-rgs-bdc-ldap">
- <title>Backup Domain Controller (BDC) using LDAP</title>
- <indexterm significance="normal">
+ <bridgehead id="brid-Samba_Domain_Controller-Primary_Domain_Controller_with_Active_Directory" renderas="sect3">Primary Domain Controller (PDC) with Active Directory</bridgehead>
+ <indexterm>
<primary>Samba</primary>
<secondary>smb.conf</secondary>
- <tertiary>BDC using LDAP</tertiary>
+ <tertiary>PDC using Active Directory</tertiary>
</indexterm>
- <para>A BDC is an integral part of any enterprise Samba/LDAP solution. The <filename>/etc/samba/smb.conf</filename> files between the PDC and BDC are virtually identical except for the <command>domain master</command> directive. Make sure
- the PDC has a value of <command>Yes</command> and the BDC has a value of <command>No</command>. If you have multiple BDCs for a PDC, the <command>os level</command> directive is useful in setting the BDC
- election priority. The higher the value, the higher the server priority for connecting clients.</para>
- <note>
- <title>Note</title>
- <para>A BDC can either use the LDAP database of the PDC or have its own LDAP database. This example uses the LDAP database of the PDC as seen in the <command>passdb backend</command> directive.</para>
- </note>
-<screen>[global]
-workgroup = DOCS
-netbios name = DOCS_SRV2
-passdb backend = ldapsam:ldap://ldap.example.com
-username map = /etc/samba/smbusers
+ <para>
+ Although it is possible for Samba to be a member of an Active Directory, it is not possible for Samba to operate as an Active Directory domain controller.
+ </para>
+ </section>
+ </section>
+ <section id="sect-Samba-Security_Modes">
+ <title>Samba Security Modes</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Security Modes</secondary>
+ </indexterm>
+ <para>
+ There are only two types of security modes for Samba, <firstterm>share-level</firstterm> and <firstterm>user-level</firstterm>, which are collectively known as <emphasis><firstterm>security levels</firstterm></emphasis>. Share-level security is deprecated and has been removed from Samba. Configurations containing this mode need to be migrated to use user-level security. User-level security can be implemented in one of three different ways. The different ways of implementing a security level are called <firstterm>security modes</firstterm>.
+ </para>
+ <section id="sect-Samba_Security_Modes-User_Level">
+ <title>User-Level Security</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Security Modes</secondary>
+ <tertiary>User Level Security</tertiary>
+ </indexterm>
+ <para>
+ User-level security is the default and recommended setting for Samba. Even if the <parameter>security = user</parameter> directive is not listed in the <filename>/etc/samba/smb.conf</filename> file, it is used by Samba. If the server accepts the client's user name and password, the client can then mount multiple shares without specifying a password for each instance. Samba can also accept session-based user name and password requests. The client maintains multiple authentication contexts by using a unique UID for each logon.
+ </para>
+ <para>In the <filename>/etc/samba/smb.conf</filename> file, the <parameter>security = user</parameter> directive that sets user-level security is:
+ </para>
+ <screen>
+[GLOBAL]
+...
security = user
-add user script = /usr/sbin/useradd -m %u
-delete user script = /usr/sbin/userdel -r %u
-add group script = /usr/sbin/groupadd %g
-delete group script = /usr/sbin/groupdel %g
-add user to group script = /usr/sbin/usermod -G %g %u
-add machine script = \ /usr/sbin/useradd -s /bin/false -d /dev/null \ -g machines %u
-# The following specifies the default logon script
-# Per user logon scripts can be specified in the
-# user account using pdbedit logon script = scripts\logon.bat
-# This sets the default profile path.
-# Set per user paths with pdbedit logon path = \\%L\Profiles\%U logon drive = H:
-logon home = \\%L\%U
-domain logons = Yes
-os level = 35
-preferred master = Yes
-domain master = No \
-ldap suffix = dc=example,dc=com
-ldap machine suffix = ou=People
-ldap user suffix = ou=People
-ldap group suffix = ou=Group
-ldap idmap suffix = ou=People
-ldap admin dn = cn=Manager
-ldap ssl = no ldap
-passwd sync = yes
-idmap uid = 15000-20000
-idmap gid = 15000-20000 ...
-# Other resource shares ... ...</screen>
- </section>
- -->
- <section
- id="samba-rgs-pdc-ads">
- <title>Primary Domain Controller (PDC) with Active Directory</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>smb.conf</secondary>
- <tertiary>PDC using Active Directory</tertiary>
- </indexterm>
- <para>Although it is possible for Samba to be a member of an Active Directory, it is not possible for Samba to operate as an Active Directory domain controller.</para>
- </section>
- </section>
- </section>
- <section
- id="s2-samba-security-modes">
- <title>Samba Security Modes</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Security Modes</secondary>
- </indexterm>
- <para>There are only two types of security modes for Samba, <emphasis>share-level</emphasis> and <emphasis>user-level</emphasis>, which are collectively known as <emphasis><firstterm>security levels</firstterm>
- </emphasis>. Share-level security can only be implemented in one way, while user-level security can be implemented in one of four different ways. The different ways of implementing a security level are called <emphasis><firstterm>security modes</firstterm></emphasis>.</para>
- <section
- id="s3-samba-user-level">
- <title>User-Level Security</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Security Modes</secondary>
- <tertiary>User Level Security</tertiary>
- </indexterm>
- <para>User-level security is the default setting for Samba. Even if the <command>security = user</command> directive is not listed in the <filename>/etc/samba/smb.conf</filename> file, it is used by Samba. If the server accepts the client's username/password, the client can then mount multiple shares without specifying a password for each instance. Samba can also accept session-based username/password requests. The client maintains multiple authentication contexts by using a unique UID for each logon.</para>
- <para>In the <filename>/etc/samba/smb.conf</filename> file, the <command>security = user</command> directive that sets user-level security is:</para>
- <programlisting>[GLOBAL]
+...</screen>
+ <bridgehead id="brid-Samba_Security_Modes-Samba_Guest_Shares" renderas="sect3">Samba Guest Shares</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Security Modes</secondary>
+ </indexterm>
+ <para>
+ As mentioned above, share-level security mode is deprecated. To configure a Samba guest share without using the <parameter>security = share</parameter> parameter, follow the procedure below:
+ </para>
+ <procedure id="proc-Samba_Security_Modes-Samba_Guest_Shares">
+ <title>Configuring Samba Guest Shares</title>
+ <step>
+ <para>
+ Create a username map file, in this example <filename>/etc/samba/smbusers</filename>, and add the following line to it:
+ </para>
+ <screen>nobody = guest</screen>
+ </step>
+ <step>
+ <para>
+ Add the following directives to the main section in the <filename>/etc/samba/smb.conf</filename> file. Also, do not use the <parameter>valid users</parameter> directive:
+ </para>
+<screen>
+[GLOBAL]
...
security = user
-...</programlisting>
- <para>The following sections describe other implementations of user-level security.</para>
- <section
- id="s3-samba-domain-security-mode">
- <title>Domain Security Mode (User-Level Security)</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Security Modes</secondary>
- <tertiary>Domain Security Mode</tertiary>
- </indexterm>
- <para>In domain security mode, the Samba server has a machine account (domain security trust account) and causes all authentication requests to be passed through to the domain controllers. The Samba server is made into a domain member server by using the following directives in the <filename>/etc/samba/smb.conf</filename> file:</para>
- <programlisting>[GLOBAL]
+map to guest = Bad User
+username map = <replaceable>/etc/samba/smbusers</replaceable>
+...</screen>
+ <para>
+ The <parameter>username map</parameter> directive provides a path to the username map file specified in the previous step.
+ </para>
+ </step>
+ <step>
+ <para>
+ Add the following directive to the share section in the <filename>/ect/samba/smb.conf</filename> file. Do not use the <parameter>valid users</parameter> directive.
+ </para>
+<screen>[SHARE]
+...
+guest ok = yes
+...</screen>
+ </step>
+ </procedure>
+ <para>
+ The following sections describe other implementations of user-level security.
+ </para>
+ <bridgehead id="brid-Samba_Security_Modes-User_Level-Domain_Security_Mode" renderas="sect3">Domain Security Mode (User-Level Security)</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Security Modes</secondary>
+ <tertiary>Domain Security Mode</tertiary>
+ </indexterm>
+ <para>
+ In domain security mode, the Samba server has a machine account (domain security trust account) and causes all authentication requests to be passed through to the domain controllers. The Samba server is made into a domain member server by using the following directives in the <filename>/etc/samba/smb.conf</filename> file:
+ </para>
+ <screen>
+[GLOBAL]
...
security = domain
workgroup = MARKETING
-...</programlisting>
- </section>
- <section
- id="s3-samba-ads-security-mode">
- <title>Active Directory Security Mode (User-Level Security)</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Security Modes</secondary>
- <tertiary>Active Directory Security Mode</tertiary>
- </indexterm>
- <para>If you have an Active Directory environment, it is possible to join the domain as a native Active Directory member. Even if a security policy restricts the use of NT-compatible authentication protocols, the Samba server can join an ADS using Kerberos. Samba in Active Directory member mode can accept Kerberos tickets.</para>
- <para>In the <filename>/etc/samba/smb.conf</filename> file, the following directives make Samba an Active Directory member server:</para>
- <programlisting>[GLOBAL]
+...</screen>
+ <bridgehead id="brid-Samba_Security_Modes-Active_Directory_Security_Mode" renderas="sect3">Active Directory Security Mode (User-Level Security)</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Security Modes</secondary>
+ <tertiary>Active Directory Security Mode</tertiary>
+ </indexterm>
+ <para>
+ If you have an Active Directory environment, it is possible to join the domain as a native Active Directory member. Even if a security policy restricts the use of NT-compatible authentication protocols, the Samba server can join an ADS using Kerberos. Samba in Active Directory member mode can accept Kerberos tickets.
+ </para>
+ <para>
+ In the <filename>/etc/samba/smb.conf</filename> file, the following directives make Samba an Active Directory member server:
+ </para>
+ <screen>
+[GLOBAL]
...
security = ADS
realm = EXAMPLE.COM
password server = kerberos.example.com
-...</programlisting>
- </section>
- <section
- id="s3-samba-server-security-mode">
- <title>Server Security Mode (User-Level Security)</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Security Modes</secondary>
- <tertiary>Server Security Mode</tertiary>
- </indexterm>
- <para>Server security mode was previously used when Samba was not capable of acting as a domain member server.</para>
- <note>
- <title>Avoid using the server security mode</title>
- <para>It is highly recommended to <emphasis>not</emphasis> use this mode since there are numerous security drawbacks.</para>
- </note>
- <para>In the <filename>/etc/samba/smb.conf</filename>, the following directives enable Samba to operate in server security mode:</para>
- <programlisting>[GLOBAL]
-...
-encrypt passwords = Yes
-security = server
-password server = "NetBIOS_of_Domain_Controller"
-...</programlisting>
- </section>
- </section>
- <section
- id="s3-samba-share-level">
- <title>Share-Level Security</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Security Modes</secondary>
- <tertiary>Share-Level Security</tertiary>
- </indexterm>
- <para>With share-level security, the server accepts only a password without an explicit username from the client. The server expects a password for each share, independent of the username. There have been recent reports that Microsoft Windows clients have compatibility issues with share-level security servers. Samba developers strongly discourage use of share-level security.</para>
- <para>In the <filename>/etc/samba/smb.conf</filename> file, the <command>security = share</command> directive that sets share-level security is:</para>
- <programlisting>[GLOBAL]
-...
-security = share
-...</programlisting>
- </section>
- </section>
- <section
- id="s2-samba-account-info-dbs">
- <title>Samba Account Information Databases</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- </indexterm>
- <para>The latest release of Samba offers many new features including new password database back ends not previously available. Samba version 3.0.0 fully supports all databases used in previous versions of Samba. However, although supported, many back ends may not be suitable for production use.</para>
- <para>The following is a list different back ends you can use with Samba. Other back ends not listed here may also be available.</para>
- <!-- RHEL5: tech review: merge 2 sections!
- <section id="s3-samba-backwardcompat-backends">
- <title>Backward Compatible Backends</title> -->
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Backward Compatible Database Back Ends</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>Plain Text</tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>
- <command>smbpasswd</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>
- <command>ldapsam_compat</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>New Database Back Ends</secondary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>
- <command>tdbsam</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>
- <command>ldapsam</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>
- <command>mysqlsam</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Account Information Databases</secondary>
- <tertiary>
- <command>xmlsam</command>
- </tertiary>
- </indexterm>
- <variablelist>
- <varlistentry>
- <term>Plain Text</term>
- <listitem>
- <para>Plain text back ends are nothing more than the <command>/etc/passwd</command> type back ends. With a plain text back end, all usernames and passwords are sent unencrypted between the client and the Samba server. This method is very unsecure and is not recommended for use by any means. It is possible that different Windows clients connecting to the Samba server with plain text passwords cannot support such an authentication method.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <command>smbpasswd</command>
- </term>
- <listitem>
- <para>A popular back end used in previous Samba packages, the <command>smbpasswd</command> back end utilizes a plain ASCII text layout that includes the MS Windows LanMan and NT account, and encrypted password information. The <command>smbpasswd</command> back end lacks the storage of the Windows NT/2000/2003 SAM extended controls. The <command>smbpasswd</command> back end is not recommended because it does not scale well or hold any Windows information, such as RIDs for NT-based groups. The <command>tdbsam</command> back end solves these issues for use in a smaller database (250 users), but is still not an enterprise-class solution. <!-- RHEL5: tech review: cut!
- <warning>
- <title>Warning</title>
- <para>This type of backend may be deprecated for future releases and replaced by the <command>tdbsam</command> backend, which does include the SAM extended controls.</para>
- </warning> -->
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <command>ldapsam_compat</command>
- </term>
- <listitem>
- <para>The <command>ldapsam_compat</command> back end allows continued OpenLDAP support for use with upgraded versions of Samba. This option is normally used when migrating to Samba 3.0.</para>
- </listitem>
- </varlistentry>
- <!-- RHEL5: tech review: merge!
- </variablelist>
+...</screen>
</section>
- <section id="s3-samba-new-backends">
- <title>New Backends</title>
- <variablelist> -->
- <varlistentry>
- <term>
- <command>tdbsam</command>
- </term>
- <listitem>
- <para>The new default <command>tdbsam</command> password back end provides an ideal database back end for local servers, servers that do not need built-in database replication, and servers that do not require the scalability or complexity of LDAP. The <command>tdbsam</command> back end includes all of the <command>smbpasswd</command> database information as well as the previously-excluded SAM information. The inclusion of the extended SAM data allows Samba to implement the same account and system access controls as seen with Windows NT/2000/2003/2008-based systems.</para>
- <para>The <command>tdbsam</command> back end is recommended for 250 users at most. Larger organizations should require Active Directory or LDAP integration due to scalability and possible network infrastructure concerns.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <command>ldapsam</command>
- </term>
- <listitem>
- <para>The <command>ldapsam</command> back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as an <application>OpenLDAP Server</application>. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. For more information on LDAP, refer to <xref linkend="s1-OpenLDAP" />.</para>
- <para>If you are upgrading from a previous version of Samba to 3.0, note that the OpenLDAP schema file (<filename>/usr/share/doc/samba/LDAP/samba.schema</filename>) has changed. These files contain the <firstterm>attribute syntax definitions</firstterm> and <firstterm>objectclass definitions</firstterm> that the <command>ldapsam</command> back end needs in order to function properly.</para>
- <para>As such, if you are using the <command>ldapsam</command> back end for your Samba server, you will need to configure <command>slapd</command> to include one of these schema file. See <xref
- linkend="s3-ldap-configuration-schema"/> for directions on how to do this.</para>
- <note>
- <title>Make sure the openldap-server package is installed</title>
- <para>You need to have the <filename>openldap-server</filename> package installed if you want to use the <command>ldapsam</command> back end.</para>
- </note>
- </listitem>
- </varlistentry>
- </variablelist>
- </section>
-
- <section
- id="s2-samba-network-browsing">
- <title>Samba Network Browsing</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Network Browsing</secondary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Browsing</secondary>
- </indexterm>
- <para>
- <firstterm>Network browsing</firstterm> enables Windows and Samba servers to appear in the Windows <guilabel>Network Neighborhood</guilabel>. Inside the <guilabel>Network Neighborhood</guilabel>, icons are represented as servers and if opened, the server's shares and printers that are available are displayed.</para>
- <para>Network browsing capabilities require NetBIOS over <systemitem class="protocol">TCP</systemitem>/<systemitem class="protocol">IP</systemitem>. NetBIOS-based networking uses broadcast (<systemitem class="protocol">UDP</systemitem>) messaging to accomplish browse list management. Without NetBIOS and WINS as the primary method for <systemitem class="protocol">TCP</systemitem>/<systemitem class="protocol">IP</systemitem> hostname resolution, other methods such as static files (<filename>/etc/hosts</filename>) or <systemitem class="protocol">DNS</systemitem>, must be used.</para>
- <para>A domain master browser collates the browse lists from local master browsers on all subnets so that browsing can occur between workgroups and subnets. Also, the domain master browser should preferably be the local master browser for its own subnet.</para>
- <section
- id="s3-samba-domain-browsing">
- <title>Domain Browsing</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Network Browsing</secondary>
- <tertiary>Domain Browsing</tertiary>
- </indexterm>
- <para>By default, a Windows server PDC for a domain is also the domain master browser for that domain. A Samba server must <emphasis>not</emphasis> be set up as a domain master server in this type of situation.</para>
- <para>For subnets that do not include the Windows server PDC, a Samba server can be implemented as a local master browser. Configuring the <filename>/etc/samba/smb.conf</filename> file for a local master browser (or no browsing at all) in a domain controller environment is the same as workgroup configuration (see <xref linkend="s2-samba-configuring" />).</para>
- </section>
- <section
- id="s3-samba-wins">
- <title>WINS (Windows Internet Name Server)</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>WINS</secondary>
- </indexterm>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Network Browsing</secondary>
- <tertiary>WINS</tertiary>
- </indexterm>
- <para>Either a Samba server or a Windows NT server can function as a WINS server. When a WINS server is used with NetBIOS enabled, UDP unicasts can be routed which allows name resolution across networks. Without a WINS server, the UDP broadcast is limited to the local subnet and therefore cannot be routed to other subnets, workgroups, or domains. If WINS replication is necessary, do not use Samba as your primary WINS server, as Samba does not currently support WINS replication.</para>
- <para>In a mixed NT/2000/2003/2008 server and Samba environment, it is recommended that you use the Microsoft WINS capabilities. In a Samba-only environment, it is recommended that you use <emphasis>only one</emphasis> Samba server for WINS.</para>
- <para>The following is an example of the <filename>/etc/samba/smb.conf</filename> file in which the Samba server is serving as a WINS server:</para>
- <programlisting>[global]
-wins support = Yes</programlisting>
- <note>
- <title>Using WINS</title>
- <para>All servers (including Samba) should connect to a WINS server to resolve NetBIOS names. Without WINS, browsing only occurs on the local subnet. Furthermore, even if a domain-wide list is somehow obtained, hosts cannot be resolved for the client without WINS.</para>
- </note>
- </section>
- </section>
- <section
- id="s2-samba-cups">
- <title>Samba with CUPS Printing Support</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>CUPS Printing Support</secondary>
- </indexterm>
- <para>Samba allows client machines to share printers connected to the Samba server. In addition, Samba also allows client machines to send documents built in Linux to Windows printer shares. Although there are other printing systems that function with &MAJOROS;, CUPS (Common UNIX Print System) is the recommended printing system due to its close integration with Samba.</para>
- <section
- id="s3-samba-cups-smb.conf">
- <title>Simple <filename>smb.conf</filename> Settings</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>CUPS Printing Support</secondary>
- <tertiary>CUPS smb.conf</tertiary>
- </indexterm>
- <para>The following example shows a very basic <filename>/etc/samba/smb.conf</filename> configuration for CUPS support:</para>
- <programlisting>[global]
-load printers = Yes
+ <section id="sect-Samba_Security_Modes-Share_Level">
+ <title>Share-Level Security</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Security Modes</secondary>
+ <tertiary>Share-Level Security</tertiary>
+ </indexterm>
+ <para>
+ With share-level security, the server accepts only a password without an explicit user name from the client. The server expects a password for each share, independent of the user name. There have been recent reports that Microsoft Windows clients have compatibility issues with share-level security servers. This mode is deprecated and has been removed from Samba. Configurations containing <parameter>security = share</parameter> should be updated to use user-level security. Follow the steps in <xref linkend="proc-Samba_Security_Modes-Samba_Guest_Shares" /> to avoid using the <parameter>security = share</parameter> directive.
+ </para>
+ </section>
+ </section>
+ <section id="sect-Samba-Account_Information-Databases">
+ <title>Samba Account Information Databases</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ </indexterm>
+ <para>
+ The following is a list different back ends you can use with Samba. Other back ends not listed here may also be available.
+ </para>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Backward Compatible Database Back Ends</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary>Plain Text</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary><command>smbpasswd</command></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary><command>ldapsam_compat</command></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>New Database Back Ends</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary><command>tdbsam</command></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary><command>ldapsam</command></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary><command>mysqlsam</command></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Account Information Databases</secondary>
+ <tertiary><command>xmlsam</command></tertiary>
+ </indexterm>
+ <variablelist>
+ <varlistentry>
+ <term>Plain Text</term>
+ <listitem>
+ <para>
+ Plain text back ends are nothing more than the <filename>/etc/passwd</filename> type back ends. With a plain text back end, all user names and passwords are sent unencrypted between the client and the Samba server. This method is very insecure and is not recommended for use by any means. It is possible that different Windows clients connecting to the Samba server with plain text passwords cannot support such an authentication method.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><systemitem>smbpasswd</systemitem></term>
+ <listitem>
+ <para>
+ The <systemitem>smbpasswd</systemitem> back end utilizes a plain ASCII text layout that includes the MS Windows LanMan and NT account, and encrypted password information. The <systemitem>smbpasswd</systemitem> back end lacks the storage of the Windows NT/2000/2003 SAM extended controls. The <systemitem>smbpasswd</systemitem> back end is not recommended because it does not scale well or hold any Windows information, such as RIDs for NT-based groups. The <systemitem>tdbsam</systemitem> back end solves these issues for use in a smaller database (250 users), but is still not an enterprise-class solution.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><systemitem>ldapsam_compat</systemitem></term>
+ <listitem>
+ <para>
+ The <systemitem>ldapsam_compat</systemitem> back end allows continued OpenLDAP support for use with upgraded versions of Samba. </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><systemitem>tdbsam</systemitem></term>
+ <listitem>
+ <para>
+ The default <systemitem>tdbsam</systemitem> password back end provides a database back end for local servers, servers that do not need built-in database replication, and servers that do not require the scalability or complexity of LDAP. The <systemitem>tdbsam</systemitem> back end includes all of the <systemitem>smbpasswd</systemitem> database information as well as the previously-excluded SAM information. The inclusion of the extended SAM data allows Samba to implement the same account and system access controls as seen with Windows NT/2000/2003/2008-based systems.
+ </para>
+ <para>
+ The <systemitem>tdbsam</systemitem> back end is recommended for 250 users at most. Larger organizations should require Active Directory or LDAP integration due to scalability and possible network infrastructure concerns.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><systemitem>ldapsam</systemitem></term>
+ <listitem>
+ <para>
+ The <systemitem>ldapsam</systemitem> back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the <application>Red Hat Directory Server</application> or an <application>OpenLDAP Server</application>. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the <application>Red Hat Directory Server</application>, see the <citetitle pubwork="book"><ulink url="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9....">Red Hat Directory Server 9.0 Deployment Guide</ulink></citetitle>. For more information on LDAP, see <xref linkend="s1-OpenLDAP" />.
+ </para>
+ <para>
+ If you are upgrading from a previous version of Samba to 3.0, note that the OpenLDAP schema file (<filename>/usr/share/doc/samba-<replaceable>version</replaceable>/LDAP/samba.schema</filename>) and the Red Hat Directory Server schema file (<filename>/usr/share/doc/samba-<replaceable>version</replaceable>/LDAP/samba-schema-FDS.ldif</filename>) have changed. These files contain the <firstterm>attribute syntax definitions</firstterm> and <firstterm>objectclass definitions</firstterm> that the <systemitem>ldapsam</systemitem> back end needs in order to function properly.
+ </para>
+ <para>
+ As such, if you are using the <systemitem>ldapsam</systemitem> back end for your Samba server, you will need to configure <systemitem>slapd</systemitem> to include one of these schema file. See <xref linkend="s3-ldap-configuration-schema"/> for directions on how to do this.
+ </para>
+ <note>
+ <title>Make sure the openldap-servers package is installed</title>
+ <para>
+ You need to have the <package>openldap-servers</package> package installed if you want to use the <systemitem>ldapsam</systemitem> back end. To ensure that the package is installed, execute the following command as <systemitem class="username">roots</systemitem>:
+ </para>
+ <screen>~]# <command>yum install openldap-servers</command></screen>
+ </note>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </section>
+ <section id="sect-Samba-Network_Browsing">
+ <title>Samba Network Browsing</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Network Browsing</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Browsing</secondary>
+ </indexterm>
+ <para>
+ <firstterm>Network browsing</firstterm> enables Windows and Samba servers to appear in the Windows <guilabel>Network Neighborhood</guilabel>. Inside the <guilabel>Network Neighborhood</guilabel>, icons are represented as servers and if opened, the server's shares and printers that are available are displayed.
+ </para>
+ <para>
+ Network browsing capabilities require NetBIOS over <systemitem class="protocol">TCP</systemitem>/<systemitem class="protocol">IP</systemitem>. NetBIOS-based networking uses broadcast (<systemitem class="protocol">UDP</systemitem>) messaging to accomplish browse list management. Without NetBIOS and WINS as the primary method for <systemitem class="protocol">TCP</systemitem>/<systemitem class="protocol">IP</systemitem> host name resolution, other methods such as static files (<filename>/etc/hosts</filename>) or <systemitem class="protocol">DNS</systemitem>, must be used.
+ </para>
+ <para>
+ A domain master browser collates the browse lists from local master browsers on all subnets so that browsing can occur between workgroups and subnets. Also, the domain master browser should preferably be the local master browser for its own subnet.
+ </para>
+ <section id="sect-Samba-Domain-Browsing">
+ <title>Domain Browsing</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Network Browsing</secondary>
+ <tertiary>Domain Browsing</tertiary>
+ </indexterm>
+ <para>
+ By default, a Windows server PDC for a domain is also the domain master browser for that domain. A Samba server must <emphasis>not</emphasis> be set up as a domain master server in this type of situation.
+ </para>
+ <para>
+ For subnets that do not include the Windows server PDC, a Samba server can be implemented as a local master browser. Configuring the <filename>/etc/samba/smb.conf</filename> file for a local master browser (or no browsing at all) in a domain controller environment is the same as workgroup configuration (see <xref linkend="sect-Samba-Configuring_a_Samba_Server" />).
+ </para>
+ </section>
+ <section id="sect-Samba-WINS">
+ <title>WINS (Windows Internet Name Server)</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>WINS</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Network Browsing</secondary>
+ <tertiary>WINS</tertiary>
+ </indexterm>
+ <para>
+ Either a Samba server or a Windows NT server can function as a WINS server. When a WINS server is used with NetBIOS enabled, UDP unicasts can be routed which allows name resolution across networks. Without a WINS server, the UDP broadcast is limited to the local subnet and therefore cannot be routed to other subnets, workgroups, or domains. If WINS replication is necessary, do not use Samba as your primary WINS server, as Samba does not currently support WINS replication.
+ </para>
+ <para>
+ In a mixed NT/2000/2003/2008 server and Samba environment, it is recommended that you use the Microsoft WINS capabilities. In a Samba-only environment, it is recommended that you use <emphasis>only one</emphasis> Samba server for WINS.
+ </para>
+ <para>
+ The following is an example of the <filename>/etc/samba/smb.conf</filename> file in which the Samba server is serving as a WINS server:
+ </para>
+ <example id="exam-Samba-WINS">
+ <title>An Example Configuration of WINS Server</title>
+ <screen>
+[global]
+wins support = yes</screen>
+ </example>
+ <note>
+ <title>Using WINS</title>
+ <para>
+ All servers (including Samba) should connect to a WINS server to resolve NetBIOS names. Without WINS, browsing only occurs on the local subnet. Furthermore, even if a domain-wide list is somehow obtained, hosts cannot be resolved for the client without WINS.
+ </para>
+ </note>
+ </section>
+ </section>
+ <section id="sect-Samba_with_CUPS_Printing_Support">
+ <title>Samba with CUPS Printing Support</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>CUPS Printing Support</secondary>
+ </indexterm>
+ <para>
+ Samba allows client machines to share printers connected to the Samba server. In addition, Samba also allows client machines to send documents built in Linux to Windows printer shares. Although there are other printing systems that function with &MAJOROS;, CUPS (Common UNIX Print System) is the recommended printing system due to its close integration with Samba.
+ </para>
+ <section id="sect-Samba-CUPS-smb.conf">
+ <title>Simple <filename>smb.conf</filename> Settings</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>CUPS Printing Support</secondary>
+ <tertiary>CUPS smb.conf</tertiary>
+ </indexterm>
+ <para>
+ The following example shows a very basic <filename>/etc/samba/smb.conf</filename> configuration for CUPS support:
+ </para>
+ <example id="exam-Samba-CUPS-smb.conf">
+ <title>An Example Configuration of Samba with CUPS Support</title>
+ <screen>
+[global]
+load printers = yes
printing = cups
printcap name = cups
[printers]
comment = All Printers
path = /var/spool/samba
-browseable = No
-public = Yes
-guest ok = Yes
-writable = No
-printable = Yes
+browseable = no
+guest ok = yes
+writable = no
+printable = yes
printer admin = @ntadmins
[print$]
comment = Printer Drivers Share
path = /var/lib/samba/drivers
write list = ed, john
-printer admin = ed, john</programlisting>
- <para>Other printing configurations are also possible. To add additional security and privacy for printing confidential documents, users can have their own print spooler not located in a public path. If a job fails, other users would not have access to the file.</para>
- <para>The <command>print$</command> directive contains printer drivers for clients to access if not available locally. The <command>print$</command> directive is optional and may not be required depending on the organization.</para>
- <para>Setting <command>browseable</command> to <command>Yes</command> enables the printer to be viewed in the Windows Network Neighborhood, provided the Samba server is set up correctly in the domain/workgroup.</para>
- </section>
- </section>
- <section
- id="s2-samba-programs">
- <title>Samba Distribution Programs</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- </indexterm>
- <bridgehead id="s3-samba-programs-findsmb">
- <filename>findsmb</filename>
- </bridgehead>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>findsmb</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>findsmb</command> program</primary>
- </indexterm>
- <screen><command>findsmb <replaceable>subnet_broadcast_address</replaceable></command></screen>
- <para>The <command>findsmb</command> program is a Perl script which reports information about <systemitem class="protocol">SMB</systemitem>-aware systems on a specific subnet. If no subnet is specified the local subnet is used. Items displayed include <systemitem class="protocol">IP</systemitem> address, NetBIOS name, workgroup or domain name, operating system, and version.</para>
- <para>The following example shows the output of executing <command>findsmb</command> as any valid user on a system:</para>
- <screen>~]$ <command>findsmb</command>
+printer admin = ed, john</screen>
+ </example>
+ <para>
+ Other printing configurations are also possible. To add additional security and privacy for printing confidential documents, users can have their own print spooler not located in a public path. If a job fails, other users would not have access to the file.
+ </para>
+ <para>
+ The <parameter>print$</parameter> directive contains printer drivers for clients to access if not available locally. The <parameter>print$</parameter> directive is optional and may not be required depending on the organization.
+ </para>
+ <para>
+ Setting <parameter>browseable</parameter> to <literal>yes</literal> enables the printer to be viewed in the Windows Network Neighborhood, provided the Samba server is set up correctly in the domain or workgroup.
+ </para>
+ </section>
+ </section>
+ <section id="sect-Samba_Distribution_Programs">
+ <title>Samba Distribution Programs</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ </indexterm>
+ <!-- [bancinco] commented out as per: https://bugzilla.redhat.com/show_bug.cgi?id=1052228#c8
+
+ <bridgehead id="brid-Samba_Distribution_Programs-findsmb" renderas="sect3"><systemitem>findsmb</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>findsmb</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>findsmb</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>findsmb <replaceable><subnet_broadcast_address></replaceable></command></synopsis>
+ <para>
+ The <systemitem>findsmb</systemitem> program is a Perl script which reports information about <systemitem class="protocol">SMB</systemitem>-aware systems on a specific subnet. If no subnet is specified the local subnet is used. Items displayed include <systemitem class="protocol">IP</systemitem> address, NetBIOS name, workgroup or domain name, operating system, and version. The <command>findsmb</command> command is used in the following format:
+ </para>
+ <para>
+ The following example shows the output of executing <command>findsmb</command> as any valid user on a system:
+ </para>
+ <screen>
+~]$ <command>findsmb</command>
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
-------------------------------------------------------------------
+TODO: Do not forget to remove the spaces from the below!!!
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
10.1.59.25 VERVE [MYGROUP] [Unix] [Samba 3.0.0-15]
10.1.59.26 STATION22 [MYGROUP] [Unix] [Samba 3.0.2-7.FC1]
10.1.56.45 TREK +[WORKGROUP] [Windows 5.0] [Windows 2000 LAN Manager]
@@ -1193,57 +1286,25 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
10.1.57.141 JAWS +[KWIKIMART] [Unix] [Samba 2.2.7a-security-rollup-fix]
10.1.56.159 FRED +[MYGROUP] [Unix] [Samba 3.0.0-14.3E]
10.1.59.192 LEGION *[MYGROUP] [Unix] [Samba 2.2.7-security-rollup-fix]
-10.1.56.205 NANCYN +[MYGROUP] [Unix] [Samba 2.2.7a-security-rollup-fix]</screen>
- <!-- RHEL5: </section> --><!-- RHEL5: peer review: cut!
- <formalpara id="s3-samba-programs-make_smbcodepage">
- <title><filename>make_smbcodepage</filename></title>
- <indexterm significance="normal">
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary><command>make_smbcodepage</command>
- </tertiary>
- </indexterm>
- <indexterm significance="normal">
- <primary><command>make_smbcodepage</command> program</primary>
- </indexterm>
- <para><command>make_smbcodepage <replaceable><c|d> <codepage_number> <inputfile> <outputfile></replaceable></command></para>
- </formalpara>
- <para>The <command>make_smbcodepage</command> program compiles a binary codepage file from a text-format definition. The reverse is also allowed by decompiling a binary codepage file to a text-format definition. This obsolete program is part of the internationalization features of previous versions of Samba which are included by default with the current version of Samba.</para> --><!-- RHEL5: </section> --><!-- RHEL5: tech review: cut!
- <formalpara id="s3-samba-programs-make_unicodemap">
- <title><filename>make_unicodemap</filename></title>
- <indexterm significance="normal">
+10.1.56.205 NANCYN +[MYGROUP] [Unix] [Samba 2.2.7a-security-rollup-fix]</screen> -->
+ <bridgehead id="brid-Samba_Distribution_Programs-net" renderas="sect3"><systemitem>net</systemitem></bridgehead>
+ <indexterm>
<primary>Samba</primary>
<secondary>Programs</secondary>
- <tertiary><command>make_unicodemap</command>
- </tertiary>
+ <tertiary><command>net</command></tertiary>
</indexterm>
- <indexterm significance="normal">
- <primary><command>make_unicodemap</command> program</primary>
+ <indexterm>
+ <primary><command>net</command> program</primary>
</indexterm>
- <para><command>make_unicodemap <replaceable><codepage_number> <inputfile> <outputfile></replaceable></command></para>
- </formalpara>
- <para>The <command>make_unicodemap</command> program compiles binary Unicode files from text files so Samba can display non-ASCII character sets. This obsolete program was part of the internationalization features of previous versions of Samba which are now included with the current release of Samba.</para> --><!-- RHEL5: </section> -->
- <bridgehead id="s3-samba-programs-net">
- <filename>net</filename>
- </bridgehead>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>net</command>
- </tertiary>
- </indexterm>
- <indexterm
- significance="normal">
- <primary>
- <command>net</command> program</primary>
- </indexterm>
- <screen><command>net <replaceable>protocol function misc_options target_options</replaceable></command></screen>
- <para>The <command>net</command> utility is similar to the <command>net</command> utility used for Windows and MS-DOS. The first argument is used to specify the protocol to use when executing a command. The <command><replaceable>protocol</replaceable>
- </command> option can be <command>ads</command>, <command>rap</command>, or <command>rpc</command> for specifying the type of server connection. Active Directory uses <command>ads</command>, Win9x/NT3 uses <command>rap</command>, and Windows NT4/2000/2003/2008 uses <command>rpc</command>. If the protocol is omitted, <command>net</command> automatically tries to determine it.</para>
- <para>The following example displays a list of the available shares for a host named <command>wakko</command>:</para>
- <screen>~]$ <command>net -l share -S wakko</command>
+ <synopsis><command>net <replaceable><protocol> <function> <misc_options> <target_options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>net</systemitem> utility is similar to the <systemitem>net</systemitem> utility used for Windows and MS-DOS. The first argument is used to specify the protocol to use when executing a command. The <option><replaceable>protocol</replaceable></option> option can be <option>ads</option>, <option>rap</option>, or <option>rpc</option> for specifying the type of server connection. Active Directory uses <option>ads</option>, Win9x/NT3 uses <option>rap</option>, and Windows NT4/2000/2003/2008 uses <option>rpc</option>. If the protocol is omitted, <systemitem>net</systemitem> automatically tries to determine it.
+ </para>
+ <para>
+ The following example displays a list of the available shares for a host named <systemitem role="hostname">wakko</systemitem>:
+ </para>
+ <screen>
+~]$ <command>net -l share -S wakko</command>
Password:
Enumerating shared resources (exports) on remote server:
Share name Type Description
@@ -1252,53 +1313,55 @@ data Disk Wakko data share
tmp Disk Wakko tmp share
IPC$ IPC IPC Service (Samba Server)
ADMIN$ IPC IPC Service (Samba Server)</screen>
- <para>The following example displays a list of Samba users for a host named <command>wakko</command>:</para>
- <screen>~]$ <command>net -l user -S wakko</command>
+ <para>
+ The following example displays a list of Samba users for a host named <systemitem role="hostname">wakko</systemitem>:
+ </para>
+ <screen>
+~]$ <command>net -l user -S wakko</command>
root password:
User name Comment
-----------------------------
andriusb Documentation
joe Marketing
lisa Sales</screen>
- <bridgehead id="s3-samba-programs-nmblookup">
- <filename>nmblookup</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>nmblookup</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>nmblookup</command> program</primary>
- </indexterm>
- <screen><command>nmblookup <replaceable>options netbios_name</replaceable></command></screen>
- <para>The <command>nmblookup</command> program resolves NetBIOS names into <systemitem class="protocol">IP</systemitem> addresses. The program broadcasts its query on the local subnet until the target machine replies.</para>
- <para>The following example displays the <systemitem class="protocol">IP</systemitem> address of the NetBIOS name <literal>trek</literal>:</para>
- <screen>
-<userinput>~]$ nmblookup trek</userinput>
+ <bridgehead id="brid-Samba_Distribution_Programs-nmblookup" renderas="sect3"><systemitem>nmblookup</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>nmblookup</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>nmblookup</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>nmblookup <replaceable><options> <netbios_name></replaceable></command></synopsis>
+ <para>
+ The <systemitem>nmblookup</systemitem> program resolves NetBIOS names into <systemitem class="protocol">IP</systemitem> addresses. The program broadcasts its query on the local subnet until the target machine replies.
+ </para>
+ <para>
+ The following example displays the <systemitem class="protocol">IP</systemitem> address of the NetBIOS name <literal>trek</literal>:
+ </para>
+ <screen>
+~]$ <command>nmblookup trek</command>
querying trek on 10.1.59.255
10.1.56.45 trek<00></screen>
- <bridgehead id="s3-samba-programs-pdbedit">
- <filename>pdbedit</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>pdbedit</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>pdbedit</command> program</primary>
- </indexterm>
- <screen><command>pdbedit <replaceable>options</replaceable></command></screen>
- <para>The <command>pdbedit</command> program manages accounts located in the SAM database. All back ends are supported including <filename>smbpasswd</filename>, LDAP, and the <filename>tdb</filename> database library.</para>
- <para>The following are examples of adding, deleting, and listing users:</para>
- <screen>~]$ <command>pdbedit -a kristin</command>
+ <bridgehead id="brid-Samba_Distribution_Programs-pdbedit" renderas="sect3"><systemitem>pdbedit</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>pdbedit</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>pdbedit</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>pdbedit <replaceable><options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>pdbedit</systemitem> program manages accounts located in the SAM database. All back ends are supported including <systemitem>smbpasswd</systemitem>, LDAP, and the <database>tdb</database> database library.
+ </para>
+ <para>
+ The following are examples of adding, deleting, and listing users:
+ </para>
+ <screen>
+~]$ <command>pdbedit -a kristin</command>
new password:
retype new password:
Unix username: kristin
@@ -1320,7 +1383,7 @@ Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Thu, 29 Jan 2004 08:29:28
GMT Password can change: Thu, 29 Jan 2004 08:29:28 GMT
Password must change: Mon, 18 Jan 2038 22:14:07 GMT
-<userinput>~]$ pdbedit -v -L kristin</userinput>
+~]$ <command>pdbedit -v -L kristin</command>
Unix username: kristin
NT username:
Account Flags: [U ]
@@ -1341,161 +1404,134 @@ Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT
Password last set: Thu, 29 Jan 2004 08:29:28 GMT
Password can change: Thu, 29 Jan 2004 08:29:28 GMT
Password must change: Mon, 18 Jan 2038 22:14:07 GMT
-<userinput>~]$ pdbedit -L</userinput>
+~]$ <command>pdbedit -L</command>
andriusb:505:
joe:503:
lisa:504:
kristin:506:
-<userinput>~]$ pdbedit -x joe</userinput>
-<userinput>~]$ pdbedit -L</userinput>
+~]$ <command>pdbedit -x joe</command>
+~]$ <command>pdbedit -L</command>
andriusb:505: lisa:504: kristin:506:</screen>
- <bridgehead id="s3-samba-programs-rpcclient">
- <filename>rpcclient</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>rpcclient</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>rpcclient</command> program</primary>
- </indexterm>
- <screen><command>rpcclient <replaceable>server options</replaceable></command></screen>
- <para>The <command>rpcclient</command> program issues administrative commands using Microsoft RPCs, which provide access to the Windows administration graphical user interfaces (GUIs) for systems management. This is most often used by advanced users that understand the full complexity of Microsoft RPCs.</para>
- <bridgehead id="s3-samba-programs-smbcacls">
- <filename>smbcacls</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbcacls</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbcacls</command> program</primary>
- </indexterm>
- <screen><command>smbcacls <replaceable>//server/share filename options</replaceable></command></screen>
- <para>The <command>smbcacls</command> program modifies Windows ACLs on files and directories shared by a Samba server or a Windows server.</para>
- <bridgehead id="s3-samba-programs-smbclient">
- <filename>smbclient</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbclient</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbclient</command> program</primary>
- </indexterm>
- <screen><command>smbclient <replaceable>//server/share password options</replaceable></command></screen>
- <para>The <command>smbclient</command> program is a versatile UNIX client which provides functionality similar to <command>ftp</command>.</para>
- <bridgehead id="s3-samba-programs-smbcontrol">
- <filename>smbcontrol</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbcontrol</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbcontrol</command> program</primary>
- </indexterm>
- <screen><command>smbcontrol -i <replaceable>options</replaceable></command></screen>
- <screen><command>smbcontrol <replaceable>options destination messagetype parameters</replaceable></command></screen>
- <para>The <command>smbcontrol</command> program sends control messages to running <command>smbd</command>, <command>nmbd</command>, or <command>winbindd</command> daemons. Executing <command>smbcontrol -i</command> runs commands interactively until a blank line or a <parameter>'q'</parameter> is entered.</para>
- <bridgehead id="s3-samba-programs-smbpasswd">
- <filename>smbpasswd</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbpasswd</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbpasswd</command> program</primary>
- </indexterm>
- <screen><command>smbpasswd <replaceable>options username password</replaceable></command></screen>
- <para>The <command>smbpasswd</command> program manages encrypted passwords. This program can be run by a superuser to change any user's password and also by an ordinary user to change their own Samba password.</para>
- <bridgehead id="s3-samba-programs-smbspool">
- <filename>smbspool</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbspool</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbspool</command> program</primary>
- </indexterm>
- <screen><command>smbspool <replaceable>job user title copies options filename</replaceable></command></screen>
- <para>The <command>smbspool</command> program is a CUPS-compatible printing interface to Samba. Although designed for use with CUPS printers, <command>smbspool</command> can work with non-CUPS printers as well.</para>
- <bridgehead id="s3-samba-programs-smbstatus">
- <filename>smbstatus</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbstatus</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbstatus</command> program</primary>
- </indexterm>
- <screen><command>smbstatus <replaceable>options</replaceable></command></screen>
- <para>The <command>smbstatus</command> program displays the status of current connections to a Samba server.</para>
- <bridgehead id="s3-samba-programs-smbtar">
- <filename>smbtar</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>smbtar</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>smbtar</command> program</primary>
- </indexterm>
- <screen><command>smbtar <replaceable>options</replaceable></command></screen>
- <para>The <command>smbtar</command> program performs backup and restores of Windows-based share files and directories to a local tape archive. Though similar to the <command>tar</command> command, the two are not compatible.</para>
- <bridgehead id="s3-samba-programs-testparm">
- <filename>testparm</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>testparm</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>testparm</command> program</primary>
- </indexterm>
- <screen><command>testparm <replaceable>options filename hostname IP_address</replaceable></command></screen>
- <para>The <command>testparm</command> program checks the syntax of the <filename>/etc/samba/smb.conf</filename> file. If your <filename>smb.conf</filename> file is in the default location (<filename>/etc/samba/smb.conf</filename>) you do not need to specify the location. Specifying the host name and <systemitem class="protocol">IP</systemitem> address to the <command>testparm</command> program verifies that the <filename>hosts.allow</filename> and <filename>host.deny</filename> files are configured correctly. The <command>testparm</command> program also displays a summary of your <filename>smb.conf</filename> file and the server's role (stand-alone, domain, etc.) after testing. This is convenient when debugging as it excludes comments and concisely presents information for experienced administrators to read.</para>
- <para>For example:</para>
- <screen>~]$ <command>testparm</command>
+ <bridgehead id="brid-Samba_Distribution_Programs-rpcclient" renderas="sect3"><systemitem>rpcclient</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>rpcclient</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>rpcclient</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>rpcclient <replaceable><server> <options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>rpcclient</systemitem> program issues administrative commands using Microsoft RPCs, which provide access to the Windows administration graphical user interfaces (GUIs) for systems management. This is most often used by advanced users that understand the full complexity of Microsoft RPCs.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbcacls" renderas="sect3"><systemitem>smbcacls</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbcacls</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbcacls</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbcacls <replaceable><//server/share> <filename> <options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbcacls</systemitem> program modifies Windows ACLs on files and directories shared by a Samba server or a Windows server.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbclient" renderas="sect3"><systemitem>smbclient</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbclient</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbclient</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbclient <replaceable><//server/share> <password> <options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbclient</systemitem> program is a versatile UNIX client which provides functionality similar to the <systemitem>ftp</systemitem> utility.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbcontrol" renderas="sect3"><systemitem>smbcontrol</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbcontrol</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbcontrol</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbcontrol -i <replaceable><options></replaceable></command></synopsis>
+ <synopsis><command>smbcontrol <replaceable><options> <destination> <messagetype> <parameters></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbcontrol</systemitem> program sends control messages to running <systemitem class="daemon">smbd</systemitem>, <systemitem class="daemon">nmbd</systemitem>, or <systemitem class="daemon">winbindd</systemitem> daemons. Executing <command>smbcontrol -i</command> runs commands interactively until a blank line or a <parameter>'q'</parameter> is entered.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbpasswd" renderas="sect3"><systemitem>smbpasswd</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbpasswd</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbpasswd</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbpasswd <replaceable><options> <username> <password></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbpasswd</systemitem> program manages encrypted passwords. This program can be run by a superuser to change any user's password and also by an ordinary user to change their own Samba password.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbspool" renderas="sect3"><systemitem>smbspool</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbspool</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbspool</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbspool <replaceable><job> <user> <title> <copies> <options> <filename></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbspool</systemitem> program is a CUPS-compatible printing interface to Samba. Although designed for use with CUPS printers, <command>smbspool</command> can work with non-CUPS printers as well.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbstatus" renderas="sect3"><systemitem>smbstatus</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbstatus</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbstatus</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbstatus <replaceable><options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbstatus</systemitem> program displays the status of current connections to a Samba server.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-smbtar" renderas="sect3"><systemitem>smbtar</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>smbtar</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>smbtar</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>smbtar <replaceable><options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>smbtar</systemitem> program performs backup and restores of Windows-based share files and directories to a local tape archive. Though similar to the <systemitem>tar</systemitem> utility, the two are not compatible.
+ </para>
+ <bridgehead id="brid-Samba_Distribution_Programs-testparm" renderas="sect3"><systemitem>testparm</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>testparm</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>testparm</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>testparm <replaceable><options> <filename> <hostname IP_address></replaceable></command></synopsis>
+ <para>
+ The <systemitem>testparm</systemitem> program checks the syntax of the <filename>/etc/samba/smb.conf</filename> file. If your <filename>smb.conf</filename> file is in the default location (<filename>/etc/samba/smb.conf</filename>) you do not need to specify the location. Specifying the host name and <systemitem class="protocol">IP</systemitem> address to the <systemitem>testparm</systemitem> program verifies that the <filename>hosts.allow</filename> and <filename>host.deny</filename> files are configured correctly. The <systemitem>testparm</systemitem> program also displays a summary of your <filename>smb.conf</filename> file and the server's role (stand-alone, domain, etc.) after testing. This is convenient when debugging as it excludes comments and concisely presents information for experienced administrators to read. For example:
+ </para>
+ <screen>
+~]$ <command>testparm</command>
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
@@ -1513,146 +1549,145 @@ Press enter to see a dump of your service definitions
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
- dns proxy = No
+ dns proxy = no
[homes]
comment = Home Directories
- read only = No
- browseable = No
+ read only = no
+ browseable = no
[printers]
comment = All Printers
path = /var/spool/samba
- printable = Yes
- browseable = No
+ printable = yes
+ browseable = no
[tmp]
comment = Wakko tmp
path = /tmp
- guest only = Yes
+ guest only = yes
[html]
comment = Wakko www
path = /var/www/html
force user = andriusb
force group = users
- read only = No
- guest only = Yes</screen>
-
- <bridgehead id="s3-samba-programs-wbinfo">
- <filename>wbinfo</filename>
- </bridgehead>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Programs</secondary>
- <tertiary>
- <command>wbinfo</command>
- </tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>wbinfo</command> program</primary>
- </indexterm>
- <screen><command>wbinfo <replaceable>options</replaceable></command></screen>
- <para>The <command>wbinfo</command> program displays information from the <command>winbindd</command> daemon. The <command>winbindd</command> daemon must be running for <command>wbinfo</command> to work.</para>
- </section>
- <section
- id="s2-samba-resources">
- <title>Additional Resources</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Additional Resources</secondary>
- </indexterm>
- <para>The following sections give you the means to explore Samba in greater detail.</para>
- <section
- id="s3-samba-resources-installed">
- <title>Installed Documentation</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Additional Resources</secondary>
- <tertiary>installed documentation</tertiary>
- </indexterm>
- <itemizedlist>
- <listitem>
-
- <para>
-<filename>/usr/share/doc/samba/</filename> — All additional files included with the Samba distribution. This includes all helper scripts, sample configuration files, and documentation.</para>
- </listitem>
- </itemizedlist>
- <para>
- See the following manual pages for detailed information about <application>Samba</application>:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <command>smb.conf</command>
- </para>
- </listitem>
- <listitem>
- <para>
- <command>samba</command>
- </para>
- </listitem>
- <listitem>
- <para>
- <command>smbd</command>
- </para>
- </listitem>
- <listitem>
- <para>
- <command>nmbd</command>
- </para>
- </listitem>
- <listitem>
- <para>
- <command>winbind</command>
- </para>
- </listitem>
- </itemizedlist>
- </section>
- <section
- id="s3-samba-resources-published">
- <title>Related Books</title>
- <indexterm
- significance="normal">
- <primary>Samba</primary>
- <secondary>Additional Resources</secondary>
- <tertiary>related books</tertiary>
- </indexterm>
- <itemizedlist>
- <listitem>
- <para>
- <citetitle>The Official Samba-3 HOWTO-Collection</citetitle> by John H. Terpstra and Jelmer R. Vernooij; Prentice Hall — The official Samba-3 documentation as issued by the Samba development team. This is more of a reference guide than a step-by-step guide.</para>
- </listitem>
- <listitem>
- <para>
- <citetitle>Samba-3 by Example</citetitle> by John H. Terpstra; Prentice Hall — This is another official release issued by the Samba development team which discusses detailed examples of OpenLDAP, DNS, DHCP, and printing configuration files. This has step-by-step related information that helps in real-world implementations.</para>
- </listitem>
- <listitem>
- <para>
- <citetitle>Using Samba, 2nd Edition</citetitle> by Jay T's, Robert Eckstein, and David Collier-Brown; O'Reilly — A good resource for novice to advanced users, which includes comprehensive reference material.</para>
- </listitem>
- </itemizedlist>
- </section>
- <section
- id="s3-samba-resources-community">
- <title>Useful Websites</title>
- <indexterm>
- <primary>Samba</primary>
- <secondary>Additional Resources</secondary>
- <tertiary>useful websites</tertiary>
- </indexterm>
- <itemizedlist>
- <listitem>
- <para>
- <ulink
- url="http://www.samba.org/">http://www.samba.org/</ulink> — Homepage for the Samba distribution and all official documentation created by the Samba development team. Many resources are available in HTML and PDF formats, while others are only available for purchase. Although many of these links are not &MAJOROS; specific, some concepts may apply.</para>
- </listitem>
- <listitem>
- <para>
- <ulink
- url="http://us1.samba.org/samba/archives.html">http://samba.org/samba/archives.html </ulink> — Active email lists for the Samba community. Enabling digest mode is recommended due to high levels of list activity.</para>
- </listitem>
- <listitem>
- <para>Samba newsgroups — Samba threaded newsgroups, such as <ulink url="http://www.gmane.org/">www.gmane.org</ulink>, that use the <systemitem class="protocol">NNTP</systemitem> protocol are also available. This an alternative to receiving mailing list emails.</para>
- </listitem>
- </itemizedlist>
- </section>
- </section>
+ read only = no
+ guest only = yes</screen>
+ <bridgehead id="brid-Samba_Distribution_Programs-wbinfo" renderas="sect3"><systemitem>wbinfo</systemitem></bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Programs</secondary>
+ <tertiary><systemitem>wbinfo</systemitem></tertiary>
+ </indexterm>
+ <indexterm>
+ <primary><systemitem>wbinfo</systemitem> program</primary>
+ </indexterm>
+ <synopsis><command>wbinfo <replaceable><options></replaceable></command></synopsis>
+ <para>
+ The <systemitem>wbinfo</systemitem> program displays information from the <systemitem class="daemon">winbindd</systemitem> daemon. The <systemitem class="daemon">winbindd</systemitem> daemon must be running for <systemitem>wbinfo</systemitem> to work.
+ </para>
+ </section>
+<section id="sect-Samba-Resources">
+ <title>Additional Resources</title>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Additional Resources</secondary>
+ </indexterm>
+ <para>
+ The following sections give you the means to explore Samba in greater detail.
+ </para>
+ <bridgehead id="brid-Samba-Resources-Installed_Documentation" renderas="sect3">Installed Documentation</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Additional Resources</secondary>
+ <tertiary>installed documentation</tertiary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <filename>/usr/share/doc/samba-<<replaceable>version-number</replaceable>>/</filename> — All additional files included with the Samba distribution. This includes all helper scripts, sample configuration files, and documentation.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ See the following man pages for detailed information specific <application>Samba</application> features:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <citerefentry><refentrytitle>samba</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <citerefentry><refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <citerefentry><refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+ <!--<bridgehead id="brid-Samba-Resources-Related_Books" renderas="sect3">Related Books</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Additional Resources</secondary>
+ <tertiary>related books</tertiary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <citetitle>The Official Samba-3 HOWTO-Collection</citetitle> by John H. Terpstra and Jelmer R. Vernooij; Prentice Hall — The official Samba-3 documentation as issued by the Samba development team. This is more of a reference guide than a step-by-step guide.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <citetitle>Samba-3 by Example</citetitle> by John H. Terpstra; Prentice Hall — This is another official release issued by the Samba development team which discusses detailed examples of OpenLDAP, DNS, DHCP, and printing configuration files. This has step-by-step related information that helps in real-world implementations.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <citetitle>Using Samba, 2nd Edition</citetitle> by Jay Ts, Robert Eckstein, and David Collier-Brown; O'Reilly — A good resource for novice to advanced users, which includes comprehensive reference material.
+ </para>
+ </listitem>
+ </itemizedlist>-->
+ <bridgehead id="brid-Samba-Resources-Useful_Websites" renderas="sect3">Useful Websites</bridgehead>
+ <indexterm>
+ <primary>Samba</primary>
+ <secondary>Additional Resources</secondary>
+ <tertiary>useful websites</tertiary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <ulink url="http://www.samba.org/">http://www.samba.org/</ulink> — Homepage for the Samba distribution and all official documentation created by the Samba development team. Many resources are available in HTML and PDF formats, while others are only available for purchase. Although many of these links are not &MAJOROS; specific, some concepts may apply.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="https://wiki.samba.org/index.php/User_Documentation">https://wiki.samba.org/index.php/User_Documentation</ulink> — Samba 4.x official documentation.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="http://us1.samba.org/samba/archives.html">http://samba.org/samba/archives.html </ulink> — Active email lists for the Samba community. Enabling digest mode is recommended due to high levels of list activity.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Samba newsgroups — Samba threaded newsgroups, such as <ulink url="http://www.gmane.org/">www.gmane.org</ulink>, that use the <systemitem class="protocol">NNTP</systemitem> protocol are also available. This an alternative to receiving mailing list emails.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
</section>
8 years, 11 months
[libvirt_application_development_guide_using_python] Domain chapter Monitoring performance section - Added examples 36-40 - Added content for device
by David Ashley
commit bc552800e654d3d4a43b5adf99f8b4833ca43f5c
Author: W. David Ashley <w.david.ashley(a)gmail.com>
Date: Tue Jul 14 11:26:35 2015 -0500
Domain chapter
Monitoring performance section
- Added examples 36-40
- Added content for devices, disks, input, and other subsections
en-US/Guest_Domains.xml | 61 +++++++++++++++++++++++++++++++-----
en-US/extras/Domains-Example-36.py | 27 ++++++++++++++++
en-US/extras/Domains-Example-37.py | 25 +++++++++++++++
en-US/extras/Domains-Example-38.py | 33 +++++++++++++++++++
en-US/extras/Domains-Example-39.py | 33 +++++++++++++++++++
en-US/extras/Domains-Example-40.py | 33 +++++++++++++++++++
6 files changed, 204 insertions(+), 8 deletions(-)
---
diff --git a/en-US/Guest_Domains.xml b/en-US/Guest_Domains.xml
index 60ca737..8152f1d 100644
--- a/en-US/Guest_Domains.xml
+++ b/en-US/Guest_Domains.xml
@@ -908,7 +908,7 @@
<title>vCPU Performance</title>
<para>
- To obtain the individual VCPU statistics:
+ To obtain the individual VCPU statistics use the <literal>getCPUStats</literal> method.
</para>
<example>
<title>Get the individual CPU statistics</title>
@@ -918,7 +918,7 @@
The <literal>getCPUStats</literal> takes one parameter, a boolean. When <literal>False</literal>
is used the statistics are reported as an aggregate of all the CPUs. Then <literal>True</literal>
is used then each CPU reports its individual statistics. Either way a <literal>list</literal>
- is returned. The statistics are reported innanoseconds. If a host has four CPUs, there will be
+ is returned. The statistics are reported in nanoseconds. If a host has four CPUs, there will be
four entries in the cpu_stats list.
</para>
<para>
@@ -978,15 +978,29 @@
<title>Device configuration</title>
<para>
- TBD
+ Configuration information for a guest domain can be obtained by using the <literal>XMLSesc</literal>
+ method. This method returns the current description of a domain as an XML data stream.
+ This stream can then be parsed to obtain detailed information about the doamin and all the
+ parts that make up the domain.
+ </para>
+ <para>
+ The following example shows how to obtain soma basic information about the domain.
</para>
+ <example>
+ <title>Get basic domain information from the domain's XML description</title>
+ <programlisting language="Python"><xi:include href="extras/Domains-Example-36.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+ </example>
<section id="libvirt_application_development_guide_using_python-Guest_Domains-Device_Config-Emulator">
<title>Emulator</title>
<para>
- TBD
+ To discover the guest domain's emulator find and display the content of the emulator XML tag.
</para>
+ <example>
+ <title>Get domain's emulator information</title>
+ <programlisting language="Python"><xi:include href="extras/Domains-Example-37.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+ </example>
</section>
@@ -994,6 +1008,14 @@
<title>Disks</title>
<para>
+ To discover the guest domain's disk(s) find and display the content of the emulator XML tag(s).
+ </para>
+ <example>
+ <title>Get domain's disk information</title>
+ <programlisting language="Python"><xi:include href="extras/Domains-Example-39.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+ </example>
+
+ <para>
TBD
</para>
@@ -1003,8 +1025,12 @@
<title>Networking</title>
<para>
- TBD
+ To discover the guest domain's network interfaces find and display the iterface XML tag.
</para>
+ <example>
+ <title>Get domain's network interface information</title>
+ <programlisting language="Python"><xi:include href="extras/Domains-Example-38.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+ </example>
</section>
@@ -1018,11 +1044,15 @@
</section>
<section id="libvirt_application_development_guide_using_python-Guest_Domains-Device_Config-Mice">
- <title>Mice & Tablets</title>
+ <title>Mice, Keyboard & Tablets</title>
<para>
- TBD
+ To discover the guest domain's input devices find and display the input XML tags.
</para>
+ <example>
+ <title>Get domain's input device information</title>
+ <programlisting language="Python"><xi:include href="extras/Domains-Example-40.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
+ </example>
</section>
@@ -1030,7 +1060,22 @@
<title>USB Device Passthrough</title>
<para>
- TBD
+ The USB device passthrough capability allows a physical USB device from
+ the host machine to be assigned directly to a guest machine. The guest
+ OS drivers can use the device hardware directly without relying on any
+ driver capabilities from the host OS.
+ </para>
+ <important>
+ USB devices are only inherited by the guest domain at boot time. USB
+ devices can not be inherited from the host after the guest domain has booted.
+ </important>
+
+ <para>
+ Some caveats apply when using USB device passthrough. When a PCI device is
+ directly assigned to a guest, migration will not be possible, without
+ first hot-unplugging the device from the guest. In addition
+ libvirt does not guarantee that direct device assignment is secure, leaving
+ security policy decisions to the underlying virtualization technology.
</para>
</section>
diff --git a/en-US/extras/Domains-Example-36.py b/en-US/extras/Domains-Example-36.py
new file mode 100644
index 0000000..a7d468e
--- /dev/null
+++ b/en-US/extras/Domains-Example-36.py
@@ -0,0 +1,27 @@
+# Example-36.py
+from __future__ import print_function
+import sys
+import libvirt
+from xml.dom import minidom
+
+domName = 'Fedora22-x86_64-1'
+
+conn = libvirt.open('qemu:///system')
+if conn == None:
+ print('Failed to open connection to qemu:///system', file=sys.stderr)
+ exit(1)
+
+dom = conn.lookupByID(5)
+if dom == None:
+ print('Failed to find the domain '+domName, file=sys.stderr)
+ exit(1)
+
+raw_xml = dom.XMLDesc(0)
+xml = minidom.parseString(raw_xml)
+domainTypes = xml.getElementsByTagName('type')
+for domainType in domainTypes:
+ print(domainType.getAttribute('machine'))
+ print(domainType.getAttribute('arch'))
+
+conn.close()
+exit(0)
diff --git a/en-US/extras/Domains-Example-37.py b/en-US/extras/Domains-Example-37.py
new file mode 100644
index 0000000..019e3b1
--- /dev/null
+++ b/en-US/extras/Domains-Example-37.py
@@ -0,0 +1,25 @@
+# Example-37.py
+from __future__ import print_function
+import sys
+import libvirt
+from xml.dom import minidom
+
+domName = 'Fedora22-x86_64-1'
+
+conn = libvirt.open('qemu:///system')
+if conn == None:
+ print('Failed to open connection to qemu:///system', file=sys.stderr)
+ exit(1)
+
+dom = conn.lookupByID(5)
+if dom == None:
+ print('Failed to find the domain '+domName, file=sys.stderr)
+ exit(1)
+
+raw_xml = dom.XMLDesc(0)
+xml = minidom.parseString(raw_xml)
+domainEmulator = xml.getElementsByTagName('emulator')
+print('emulator: '+domainEmulator[0].firstChild.data)
+
+conn.close()
+exit(0)
diff --git a/en-US/extras/Domains-Example-38.py b/en-US/extras/Domains-Example-38.py
new file mode 100644
index 0000000..e0bccb9
--- /dev/null
+++ b/en-US/extras/Domains-Example-38.py
@@ -0,0 +1,33 @@
+# Example-38.py
+from __future__ import print_function
+import sys
+import libvirt
+from xml.dom import minidom
+
+domName = 'Fedora22-x86_64-1'
+
+conn = libvirt.open('qemu:///system')
+if conn == None:
+ print('Failed to open connection to qemu:///system', file=sys.stderr)
+ exit(1)
+
+dom = conn.lookupByID(1)
+if dom == None:
+ print('Failed to find the domain '+domName, file=sys.stderr)
+ exit(1)
+
+raw_xml = dom.XMLDesc(0)
+xml = minidom.parseString(raw_xml)
+interfaceTypes = xml.getElementsByTagName('interface')
+for interfaceType in interfaceTypes:
+ print('interface: type='+interfaceType.getAttribute('type'))
+ interfaceNodes = interfaceType.childNodes
+ for interfaceNode in interfaceNodes:
+ if interfaceNode.nodeName[0:1] != '#':
+ print(' '+interfaceNode.nodeName)
+ for attr in interfaceNode.attributes.keys():
+ print(' '+interfaceNode.attributes[attr].name+' = '+
+ interfaceNode.attributes[attr].value)
+
+conn.close()
+exit(0)
diff --git a/en-US/extras/Domains-Example-39.py b/en-US/extras/Domains-Example-39.py
new file mode 100644
index 0000000..8adfdcb
--- /dev/null
+++ b/en-US/extras/Domains-Example-39.py
@@ -0,0 +1,33 @@
+# Example-39.py
+from __future__ import print_function
+import sys
+import libvirt
+from xml.dom import minidom
+
+domName = 'Fedora22-x86_64-1'
+
+conn = libvirt.open('qemu:///system')
+if conn == None:
+ print('Failed to open connection to qemu:///system', file=sys.stderr)
+ exit(1)
+
+dom = conn.lookupByID(1)
+if dom == None:
+ print('Failed to find the domain '+domName, file=sys.stderr)
+ exit(1)
+
+raw_xml = dom.XMLDesc(0)
+xml = minidom.parseString(raw_xml)
+diskTypes = xml.getElementsByTagName('disk')
+for diskType in diskTypes:
+ print('disk: type='+diskType.getAttribute('type')+' device='+diskType.getAttribute('device'))
+ diskNodes = diskType.childNodes
+ for diskNode in diskNodes:
+ if diskNode.nodeName[0:1] != '#':
+ print(' '+diskNode.nodeName)
+ for attr in diskNode.attributes.keys():
+ print(' '+diskNode.attributes[attr].name+' = '+
+ diskNode.attributes[attr].value)
+
+conn.close()
+exit(0)
diff --git a/en-US/extras/Domains-Example-40.py b/en-US/extras/Domains-Example-40.py
new file mode 100644
index 0000000..05764dc
--- /dev/null
+++ b/en-US/extras/Domains-Example-40.py
@@ -0,0 +1,33 @@
+# Example-40.py
+from __future__ import print_function
+import sys
+import libvirt
+from xml.dom import minidom
+
+domName = 'Fedora22-x86_64-1'
+
+conn = libvirt.open('qemu:///system')
+if conn == None:
+ print('Failed to open connection to qemu:///system', file=sys.stderr)
+ exit(1)
+
+dom = conn.lookupByID(1)
+if dom == None:
+ print('Failed to find the domain '+domName, file=sys.stderr)
+ exit(1)
+
+raw_xml = dom.XMLDesc(0)
+xml = minidom.parseString(raw_xml)
+devicesTypes = xml.getElementsByTagName('input')
+for inputType in devicesTypes:
+ print('input: type='+inputType.getAttribute('type')+' bus='+inputType.getAttribute('bus'))
+ inputNodes = inputType.childNodes
+ for inputNode in inputNodes:
+ if inputNode.nodeName[0:1] != '#':
+ print(' '+inputNode.nodeName)
+ for attr in inputNode.attributes.keys():
+ print(' '+inputNode.attributes[attr].name+' = '+
+ inputNode.attributes[attr].value)
+
+conn.close()
+exit(0)
8 years, 11 months
[networking-guide] master: typos, and ethtool utility (sounds better) (ed429ba)
by stephenw
Repository : http://git.fedorahosted.org/cgit/docs/networking-guide.git
On branch : master
>---------------------------------------------------------------
commit ed429baad1ecc63a42af148bd037d28624821bce
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Tue Jul 14 17:50:02 2015 +0200
typos, and ethtool utility (sounds better)
>---------------------------------------------------------------
en-US/Configure_Network_Bonding.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/en-US/Configure_Network_Bonding.xml b/en-US/Configure_Network_Bonding.xml
index 8f5073e..25d9239 100644
--- a/en-US/Configure_Network_Bonding.xml
+++ b/en-US/Configure_Network_Bonding.xml
@@ -648,7 +648,7 @@ If you are using <application>NetworkManager</application>, you might need to re
<para>
Bring up the bond on the server as <systemitem class="username">root</systemitem>:
<screen>~]# <command>ifup /etc/sysconfig/network-scripts/ifcfg-bond0</command>
-Determining if ip address 192.168.100.101 is already in use for device bond0...</screen>
+Determining if ip address 192.168.100.100 is already in use for device bond0...</screen>
</para>
</step>
@@ -838,7 +838,7 @@ rtt min/avg/max/mdev = 0.781/0.879/0.977/0.098 ms</screen>
<itemizedlist>
<listitem>
<para>
- If required, perform further tests by removing and replacing network cables one at a time to verify that failover works as expected. Make use the of <application>ethtool</application> to verify which interface is connected to which cable. For example:
+ If required, perform further tests by removing and replacing network cables one at a time to verify that failover works as expected. Make use of the <application>ethtool</application> utility to verify which interface is connected to which cable. For example:
<synopsis>ethtool <option>--identify</option> <replaceable>ifname</replaceable> <replaceable>integer</replaceable></synopsis>
Where <replaceable>integer</replaceable> is the number of times to flash the LED on the network interface.
8 years, 11 months
[libvirt_application_development_guide_using_python] Domains chapter - corrected vergage for the getCPUStats section.
by David Ashley
commit 90fb791e94b300b808059dd17b0552e272ae78c8
Author: W. David Ashley <w.david.ashley(a)gmail.com>
Date: Fri Jul 10 10:47:37 2015 -0500
Domains chapter
- corrected vergage for the getCPUStats section.
en-US/Guest_Domains.xml | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/en-US/Guest_Domains.xml b/en-US/Guest_Domains.xml
index c420958..60ca737 100644
--- a/en-US/Guest_Domains.xml
+++ b/en-US/Guest_Domains.xml
@@ -915,9 +915,11 @@
<programlisting language="Python"><xi:include href="extras/Domains-Example-33.py" parse="text" xmlns:xi="http://www.w3.org/2001/XInclude" /></programlisting>
</example>
<para>
- This way, each CPU reports its usage for the domain (in
- nanoseconds). If a host has four CPUs, there will be
- four entries in the cpu_stats array.
+ The <literal>getCPUStats</literal> takes one parameter, a boolean. When <literal>False</literal>
+ is used the statistics are reported as an aggregate of all the CPUs. Then <literal>True</literal>
+ is used then each CPU reports its individual statistics. Either way a <literal>list</literal>
+ is returned. The statistics are reported innanoseconds. If a host has four CPUs, there will be
+ four entries in the cpu_stats list.
</para>
<para>
<literal>getCPUStats(True)</literal> aggregates the statistics for all
8 years, 11 months
[libvirt_application_development_guide_using_python] Domains chapter - corrected example 34
by David Ashley
commit a3bf6c47a227303e3cd449a3ececf20aef24471d
Author: W. David Ashley <w.david.ashley(a)gmail.com>
Date: Fri Jul 10 10:28:00 2015 -0500
Domains chapter
- corrected example 34
en-US/extras/Domains-Example-34.py | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/en-US/extras/Domains-Example-34.py b/en-US/extras/Domains-Example-34.py
index 2fa4315..9a435c4 100644
--- a/en-US/extras/Domains-Example-34.py
+++ b/en-US/extras/Domains-Example-34.py
@@ -10,15 +10,15 @@ if conn == None:
print('Failed to open connection to qemu:///system', file=sys.stderr)
exit(1)
-dom = conn.lookupByID(6)
+dom = conn.lookupByID(5)
if dom == None:
print('Failed to find the domain '+domName, file=sys.stderr)
exit(1)
stats = dom.getCPUStats(True)
-print('cpu_time: '+stats[0])
-print('system time: '+stats[1])
-print('user time: '+stats[2])
+print('cpu_time: '+str(stats[0]['cpu_time']))
+print('system_time: '+str(stats[0]['system_time']))
+print('user_time: '+str(stats[0]['user_time']))
conn.close()
exit(0)
8 years, 11 months
[libvirt_application_development_guide_using_python] Domains chapter - corrected example 33
by David Ashley
commit f3ec2fcdd3008441f6c5563f277350a54adb0c54
Author: W. David Ashley <w.david.ashley(a)gmail.com>
Date: Fri Jul 10 10:17:02 2015 -0500
Domains chapter
- corrected example 33
en-US/extras/Domains-Example-33.py | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/en-US/extras/Domains-Example-33.py b/en-US/extras/Domains-Example-33.py
index 271cd7f..8079d16 100644
--- a/en-US/extras/Domains-Example-33.py
+++ b/en-US/extras/Domains-Example-33.py
@@ -10,14 +10,14 @@ if conn == None:
print('Failed to open connection to qemu:///system', file=sys.stderr)
exit(1)
-dom = conn.lookupByID(6)
+dom = conn.lookupByID(5)
if dom == None:
print('Failed to find the domain '+domName, file=sys.stderr)
exit(1)
cpu_stats = dom.getCPUStats(False)
for (i, cpu) in enumerate(cpu_stats):
- print('CPU '+i+' Time: '+cpu['cpu_time'] / 1000000000.)
+ print('CPU '+str(i)+' Time: '+str(cpu['cpu_time'] / 1000000000.))
conn.close()
exit(0)
8 years, 11 months
[libvirt_application_development_guide_using_python] Domains chapter - corrected example 31
by David Ashley
commit f89b1143006e29d56a4dfac6cda4336b4b309792
Author: W. David Ashley <w.david.ashley(a)gmail.com>
Date: Fri Jul 10 10:10:37 2015 -0500
Domains chapter
- corrected example 31
en-US/extras/Domains-Example-31.py | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/en-US/extras/Domains-Example-31.py b/en-US/extras/Domains-Example-31.py
index 96ac2e5..b845eac 100644
--- a/en-US/extras/Domains-Example-31.py
+++ b/en-US/extras/Domains-Example-31.py
@@ -16,11 +16,11 @@ if dom == None:
exit(1)
rd_req, rd_bytes, wr_req, wr_bytes, err = dom.blockStats('/path/to/linux-0.2.img')
-print('Read requests issued: '+rd_req)
-print('Bytes read: '+rd_bytes)
-print('Write requests issued: '+wr_req)
-print('Bytes written: '+wr_bytes)
-print('Number of errors: '+err)
+print('Read requests issued: '+str(rd_req))
+print('Bytes read: '+str(rd_bytes))
+print('Write requests issued: '+str(wr_req))
+print('Bytes written: '+str(wr_bytes))
+print('Number of errors: '+str(err))
conn.close()
exit(0)
8 years, 11 months