[deployment-guide/comm-rel: 592/727] removed one of the additional resources

Jaromir Hradilek jhradile at fedoraproject.org
Tue Oct 19 13:14:48 UTC 2010


commit 563f2709e400e05e2403afe8af134a992072c652
Author: Martin Prpic <mprpic at redhat.com>
Date:   Mon Sep 6 17:22:09 2010 +0200

    removed one of the additional resources

 en-US/Samba.xml |   90 ++++++++++++++++++++++++++++++++++++++++++-------------
 1 files changed, 69 insertions(+), 21 deletions(-)
---
diff --git a/en-US/Samba.xml b/en-US/Samba.xml
index 6cdb8c0..6ea3e3d 100644
--- a/en-US/Samba.xml
+++ b/en-US/Samba.xml
@@ -328,14 +328,12 @@
         <primary>Samba</primary>
         <secondary>graphical configuration</secondary>
       </indexterm>
-      <para>To configure Samba using a graphical interface, use the <application>Samba Server Configuration Tool</application>. For command line configuration, skip to <xref
-          linkend="s2-samba-configuring-cmdline"/>.</para>
+      <para>
+        To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at <ulink url="http://www.samba.org/samba/GUI/">http://www.samba.org/samba/GUI/</ulink>.
+      </para>
+      <!-- RHEL6 mprpic: system-config-samba deprecated <para>To configure Samba using a graphical interface, use the <application>Samba Server Configuration Tool</application>. For command line configuration, skip to <xref linkend="s2-samba-configuring-cmdline"/>.</para>
       <para>The <application>Samba Server Configuration Tool</application> is a graphical interface for managing Samba shares, users, and basic server settings. It modifies the configuration files in the <filename>/etc/samba/</filename> directory. Any changes to these files not made using the application are preserved.</para>
       <para>To use this application, you must be running the X Window System, have root privileges, and have the <filename>system-config-samba</filename> RPM package installed. To start the <application>Samba Server Configuration Tool</application> from the desktop, go to the <menuchoice><guimenu>System</guimenu> <guimenuitem>Administration</guimenuitem> <guimenuitem>Server Settings</guimenuitem> <guimenuitem>Samba</guimenuitem></menuchoice> on the GNOME panel or type the <command>system-config-samba</command> command at a shell prompt (for example, in an XTerm or a GNOME terminal).</para>
-			<!-- RHEL5:  	ddomingo at redhat.com: above replaces below; changed path to sambatool
-			<para>To use this application, you must be running the X Window System, have root privileges, and have the <filename>system-config-samba</filename> RPM package installed. To start the <application>Samba Server Configuration
-				Tool</application> from the desktop, go to the <guimenu>Main Menu Button</guimenu> (on the Panel) &gt; <guimenuitem>System Settings</guimenuitem> &gt; <guimenuitem>Server Settings</guimenuitem> &gt;
-				<guimenuitem>Samba</guimenuitem> or type the command <command>system-config-samba</command> at a shell prompt (for example, in an XTerm or a GNOME terminal).</para> -->
       <figure
         float="0"
         id="fig-s-c-samba">
@@ -415,9 +413,6 @@
                   <title>Note</title>
                   <para>The <guilabel>Kerberos Realm</guilabel> field must be supplied in all uppercase letters, such as <command>EXAMPLE.COM</command>.</para>
                   <para>Using a Samba server as a domain member in an ADS realm assumes proper configuration of Kerberos, including the <filename>/etc/krb5.conf</filename> file.</para>
-									<!-- RHEL5:  	ddomingo at redhat.com: above replaces below, less awkward
-									<para>Use of your Samba server as a domain member in an ADS realm assumes proper configuration of Kerberos, including the <filename>/etc/krb5.conf</filename> file.</para>
-								 -->
                 </note>
               </listitem>
               <listitem>
@@ -530,14 +525,10 @@
             <para>
               <guilabel>Visible</guilabel> — Grants read-only rights to users for the shared directory.</para>
           </listitem>
-					<!-- RHEL5:   ddomingo at redhat.com: aboves replace below; new gui items
-					<listitem>
-						<para><guilabel>Basic Permissions</guilabel> &mdash; Whether users should only be able to read the files in the shared directory or whether they should be able to read and write to the shared directory.</para>
-					</listitem> -->
         </itemizedlist>
         <para>In the <guilabel>Access</guilabel> tab, select whether to allow only specified users to access the share or whether to allow all Samba users to access the share. If you select to allow access to specific users, select the users from the list of available Samba users.</para>
         <para>The share is added immediately after clicking <guibutton>OK</guibutton>.</para>
-      </section>
+      </section> -->
     </section>
     <section
       id="s2-samba-configuring-cmdline">
@@ -1003,9 +994,71 @@ domain master = Yes
 	profile acls = Yes
 # Other resource shares ... ...
 </screen>
+        <para>To provide a functional PDC system which uses the <command moreinfo="none">tdbsam</command> follow these steps:</para>
+        <orderedlist>
+          <listitem>
+            <para>
+						Use a configuration of the <filename moreinfo="none">smb.conf</filename> file as shown in the example above.
+					</para>
+          </listitem>
+          <listitem>
+            <para>
+            Add the root user to the Samba password database.</para>
+<screen>
+<command moreinfo="none">smbpasswd -a root</command>
+Provide the password here.
+</screen>
+          </listitem>
+          <listitem>
+            <para>
+              Start the <command moreinfo="none">smb</command> service.
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              Make sure all profile, user, and netlogon directories are created.
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              Add groups that users can be members of.
+            </para>
+<screen>
+<command moreinfo="none">groupadd -f users</command>
+<command moreinfo="none">groupadd -f nobody</command>
+<command moreinfo="none">groupadd -f ntadmins</command>
+</screen>
+          </listitem>
+          <listitem>
+            <para>
+              Associate the UNIX groups with their respective Windows groups.
+<screen>
+<command moreinfo="none">net groupmap add ntgroup="Domain Users" unixgroup=users</command>
+<command moreinfo="none">net groupmap add ntgroup="Domain Guests" unixgroup=nobody</command>
+<command moreinfo="none">net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins</command>
+</screen>
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              Grant access rights to a user or a group. For example, to grant the right to add client machines to the domain on a Samba domain controller, to the members to the Domain Admins group, execute the following command:
+<screen>
+<command moreinfo="none">net rpc rights grant 'DOCS\Domain Admins' SetMachineAccountPrivilege -S PDC -U root</command>
+</screen>
+            </para>
+          </listitem>
+        </orderedlist>
+        <para>
+          Keep in mind that Windows systems prefer to have a primary group which is mapped to a domain group such as Domain Users. 
+        </para>
+        <para>
+          Windows groups and users use the same namespace thus not allowing the existence of a group and a user with the same name like in UNIX.
+        </para>
         <note>
-          <title>Note</title>
-          <para>If you need more than one domain controller or have more than 250 users, do <emphasis>not</emphasis> use a <command>tdbsam</command> authentication back end. LDAP is recommended in these cases.</para>
+          <title>Note</title>				
+          <para>
+						If you need more than one domain controller or have more than 250 users, do <emphasis>not</emphasis> use a <command moreinfo="none">tdbsam</command> authentication backend. LDAP is recommended in these cases.
+					</para>
         </note>
       </section>
 			<!-- RHEL5:  	tech edit: cut these!
@@ -2235,11 +2288,6 @@ Press enter to see a dump of your service definitions
         <listitem>
           <para>Samba newsgroups — Samba threaded newsgroups, such as gmane.org, that use the NNTP protocol are also available. This an alternative to receiving mailing list emails.</para>
         </listitem>
-        <listitem>
-          <para>
-            <ulink
-              url="http://sourceforge.net/projects/smbldap-tools/">hhttp://sourceforge.net/projects/smbldap-tools/</ulink> — These are highly recommended for assisting in managing LDAP related resources. The scripts can be found at <command>/usr/share/doc/samba-<replaceable>version_number</replaceable>/LDAP/smbldap-tools</command> or can be downloaded from Sourceforge.</para>
-        </listitem>
       </itemizedlist>
     </section>
   </section>


More information about the docs-commits mailing list