Author: randy Date: 2005-06-05 16:26:10 -0600 (Sun, 05 Jun 2005) New Revision: 4551
Added: trunk/BOOK/basicnet/netprogs/samba3-client.xml Modified: trunk/BOOK/basicnet/netprogs/netprogs.xml trunk/BOOK/general.ent trunk/BOOK/introduction/welcome/changelog.xml trunk/BOOK/server/major/samba3.xml Log: Added a Samba-client instruction page; updated the Samba server instructions with Alexander's comments; added an Stunnel-less SWAT setup in the Samba server instructions; removed Stunnel as a dependency of Samba server Modified: trunk/BOOK/basicnet/netprogs/netprogs.xml =================================================================== --- trunk/BOOK/basicnet/netprogs/netprogs.xml 2005-06-05 21:06:40 UTC (rev 4550) +++ trunk/BOOK/basicnet/netprogs/netprogs.xml 2005-06-05 22:26:10 UTC (rev 4551) @@ -15,17 +15,18 @@ <application>Tcpwrappers</application> and <application>portmap</application> are support programs for daemons that you may have running on your machine.</para> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="cvs.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="inetutils.xml"/> <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="ncftp.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="ncpfs.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="net-tools.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="ntp.xml"/> <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="openssh-client.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="portmap.xml"/> <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="rsync-client.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="cvs.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="samba3-client.xml"/> <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="subversion.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="tcpwrappers.xml"/> <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="wget.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="tcpwrappers.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="portmap.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="inetutils.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="ncpfs.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="ntp.xml"/> - <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="net-tools.xml"/> </chapter> Added: trunk/BOOK/basicnet/netprogs/samba3-client.xml =================================================================== --- trunk/BOOK/basicnet/netprogs/samba3-client.xml 2005-06-05 21:06:40 UTC (rev 4550) +++ trunk/BOOK/basicnet/netprogs/samba3-client.xml 2005-06-05 22:26:10 UTC (rev 4551) @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" + "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"; [ + <!ENTITY % general-entities SYSTEM "../../general.ent"> + %general-entities; +]> + +<sect1 id="samba3-client"> + <?dbhtml filename="samba3-client.html"?> + + <sect1info> + <othername>$LastChangedBy$</othername> + <date>$Date$</date> + </sect1info> + + <title>Samba-&samba3-version; Client</title> + + <para>The <application>Samba</application> client utilities are used to + transfer files to and from, mount volumes located on or use printers + attached to Windows and other SMB clients. If you want to install these + utilities, the instructions can be found in Chapter 21 – + <xref linkend="samba3"/>. After performing the basic installation, + configure the utilities using the configuration section titled + <quote>Scenario 1: Minimal Standalone Client-Only Installation</quote>.</para> + + <para>Note that if you only want to use these client utilities, you do + <emphasis>not</emphasis> need to run the server daemons and so do not need + the startup script and links. In accordance with good practice, only run the + server daemons if you actually need them. You'll find an explanation of the + services provided by the server daemons in the <xref linkend="samba3"/> + instructions.</para> + +</sect1> Property changes on: trunk/BOOK/basicnet/netprogs/samba3-client.xml ___________________________________________________________________ Name: svn:keywords + LastChangedBy Date Modified: trunk/BOOK/general.ent =================================================================== --- trunk/BOOK/general.ent 2005-06-05 21:06:40 UTC (rev 4550) +++ trunk/BOOK/general.ent 2005-06-05 22:26:10 UTC (rev 4551) @@ -210,18 +210,19 @@ <!ENTITY w3m-version "0.5.1"> <!-- Chapter 18 --> +<!ENTITY cvs-version "1.11.20"> +<!ENTITY inetutils-version "1.4.2"> <!ENTITY ncftp-version "3.1.7"> +<!ENTITY ncpfs-version "2.2.4"> +<!ENTITY net-tools-version "1.60"> +<!ENTITY ntp-version "4.2.0"> <!ENTITY openssh-version "4.1p1"> +<!ENTITY portmap-version "5beta"> <!ENTITY rsync-version "2.6.5"> -<!ENTITY cvs-version "1.11.20"> +<!ENTITY samba3-version "3.0.14a"> <!ENTITY subversion-version "1.1.4"> +<!ENTITY tcpwrappers-version "7.6"> <!ENTITY wget-version "1.9.1"> -<!ENTITY tcpwrappers-version "7.6"> -<!ENTITY portmap-version "5beta"> -<!ENTITY inetutils-version "1.4.2"> -<!ENTITY ncpfs-version "2.2.4"> -<!ENTITY ntp-version "4.2.0"> -<!ENTITY net-tools-version "1.60"> <!-- Chapter 19 --> <!ENTITY traceroute-version "1.4a12"> @@ -245,7 +246,7 @@ <!ENTITY nfs-utils-version "1.0.7"> <!-- openssh (chapter 18) --> <!ENTITY proftpd-version "1.2.10"> -<!ENTITY samba3-version "3.0.14a"> +<!-- samba3 (chapter 18) --> <!ENTITY vsftpd-version "2.0.1"> <!ENTITY xinetd-version "2.3.13"> Modified: trunk/BOOK/introduction/welcome/changelog.xml =================================================================== --- trunk/BOOK/introduction/welcome/changelog.xml 2005-06-05 21:06:40 UTC (rev 4550) +++ trunk/BOOK/introduction/welcome/changelog.xml 2005-06-05 22:26:10 UTC (rev 4551) @@ -25,6 +25,15 @@ <itemizedlist> <listitem> + <para>June 5th, 2005 [randy]: Created Samba client instruction page, + suggested by Alexander Patrakov; added additional configuration text to + the Samba server instructions, submitted by Alexander Patrakov; added + SWAT (without Stunnel) configuration instructions to the Samba server + instructions, suggested by Jim Gifford; removed Stunnel as a dependency + of the Samba package.</para> + </listitem> + + <listitem> <para>June 5th, 2005 [bdubbs]: Integrated system uid and gid values into individual packages.</para> </listitem> Modified: trunk/BOOK/server/major/samba3.xml =================================================================== --- trunk/BOOK/server/major/samba3.xml 2005-06-05 21:06:40 UTC (rev 4550) +++ trunk/BOOK/server/major/samba3.xml 2005-06-05 22:26:10 UTC (rev 4551) @@ -71,8 +71,8 @@ <xref linkend="mysql"/> or <xref linkend="postgresql"/>, <xref linkend="python"/>, <xref linkend="xinetd"/>, - <ulink url="http://valgrind.kde.org/";>Valgrind</ulink> and - <xref linkend="stunnel"/> (used to encrypt access to SWAT)</para> + <xref linkend="xfs"/> and + <ulink url="http://valgrind.kde.org/";>Valgrind</ulink></para> </sect2> @@ -186,64 +186,180 @@ </sect3> <sect3> - <title>Configuration Information</title> + <title>Printing to SMB Clients</title> - <para>The installation commands installed a default configuration file - which you can use as an example to set the values for your system and - network. At a minimum, ensure you set the following value to an - appropriate setting for your network in the - <filename>/etc/samba/smb.conf</filename> configuration file:</para> + <para>If you use <application>CUPS</application> for print services, + and you wish to print to a printer attached to an SMB client, you + need to create an SMB backend device. To create the device, issue the + following command as the <systemitem class="username">root</systemitem> + user:</para> -<screen><literal>workgroup = <replaceable>WORKGROUP</replaceable></literal></screen> +<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen> - <para>Also, for non-English locales, ensure the following values are - set properly in the [global] section:</para> - -<screen><literal>dos charset = <replaceable>cp850</replaceable> -unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen> - </sect3> <sect3> - <title>Configuration Overview and Available Documentation</title> + <title>Configuration Information</title> <para>Due to the complexity and the many various uses for - <application>Samba</application>, complete configuration is well beyond - the scope of the BLFS book. Advanced configurations including setting up - Primary and Backup Domain Controllers are advanced topics and cannot be - adequately covered in BLFS (it should be noted, however, that a - <application>Samba</application> BDC cannot be used as a fallback for a - <application>Windows</application> PDC, and conversely, a - <application>Windows</application> BDC cannot be used as a - fallback for a <application>Samba</application> PDC). Many - complete books have been written on these topics alone.</para> + <application>Samba</application>, complete configuration for all the + package's cababilities is well beyond the scope of the BLFS book. This + section provides instructions to configure the + <filename>/etc/samba/smb.conf</filename> file for two common scenarios. + The complete contents of <filename>/etc/samba/smb.conf</filename> will + depend on the purpose of <application>Samba</application> + installation.</para> - <para>There is quite a bit of documentation available which covers many - of these advanced configurations. Point your web browser to the links - below to view some of the documentation included with the - <application>Samba</application> package:</para> + <note> + <para>You may find it easier to copy the configuration parameters shown + below into an empty <filename>/etc/samba/smb.conf</filename> file + instead of copying and editing the default file as mentioned in the + <quote>Command Explanations</quote> section. How you create/edit the + <filename>/etc/samba/smb.conf</filename> file will be left up to + you. Do ensure the file is only writeable by the + <systemitem class="username">root</systemitem> user (mode 644).</para> + </note> - <itemizedlist spacing='compact'> - <listitem> - <para>Using Samba, 2nd Edition; a popular book published by O'Reilly - <ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para> - </listitem> - <listitem> - <para>The Official Samba HOWTO and Reference Guide <ulink - url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/> - </para> - </listitem> - <listitem> - <para>Samba-3 by Example - <ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/> - </para> - </listitem> - <listitem> - <para>The Samba-3 man Pages - <ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para> - </listitem> - </itemizedlist> + <sect4> + <title>Scenario 1: Minimal Standalone Client-Only Installation</title> + <para>Choose this variant if you only want to transfer files using + <command>smbclient</command>, mount Windows shares and print to Windows + printers, and don't want to share your files and printers to Windows + machines.</para> + + <para>A <filename>/etc/samba/smb.conf</filename> file with the following + three parameters is sufficient:</para> + +<screen role='root'><literal>[global] + workgroup = <replaceable>MYGROUP</replaceable> + dos charset = <replaceable>cp850</replaceable> + unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen> + + <para>The values in this example specify that the computer belongs to a + Windows workgroup named + <quote><replaceable>MYGROUP</replaceable></quote>, uses the + <quote><replaceable>cp850</replaceable></quote> character set on the + wire when talking to MS-DOS and MS Windows 9x, and that the filenames + are stored in the <quote><replaceable>ISO-8859-1</replaceable></quote> + encoding on the disk. Adjust these values appropriately for your + installation. The <quote>unix charset</quote> value must be the same as + the output of <command>locale charmap</command> when executed with the + <envar>LANG</envar> variable set to your preferred locale, otherwise the + <command>ls</command> command may not display correct filenames of + downloaded files.</para> + + <para>There is no need to run any <application>Samba</application> + servers in this scenario, thus you don't need to install the provided + bootscripts.</para> + + </sect4> + + <sect4> + <title>Scenario 2: Standalone File/Print Server</title> + + <para>Choose this variant if you want to share your files and printers + to Windows machines in your workgroup in addition to the capabilities + described in Scenario 1.</para> + + <para>In this case, the <filename>/etc/samba/smb.conf.default</filename> + file may be a good template to start from. Also add + <quote>dos charset</quote> and <quote>unix charset</quote> parameters + to the <quote>[global]</quote> section as described in Scenario 1 in + order to prevent filename corruption.</para> + + <para>The following configuration file creates a separate share for each + user's home directory and also makes all printers available to Windows + machines:</para> + +<screen role='root'><literal>[global] + workgroup = <replaceable>MYGROUP</replaceable> + dos charset = <replaceable>cp850</replaceable> + unix charset = <replaceable>ISO-8859-1</replaceable> + +[homes] + comment = Home Directories + browseable = no + writable = yes + +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no + guest ok = no + printable = yes</literal></screen> + + <para>Other parameters you may wish to customize in the + <quote>[global]</quote> section include:</para> + +<screen role='root'><literal> server string = + security = + hosts allow = + load printers = + log file = + max log size = + socket options = + local master =</literal></screen> + + <para>Reference the comments in the + <filename>/etc/samba/smb.conf.default</filename> file for information + regarding these parameters.</para> + + <para>Since the <command>smbd</command> and <command>nmbd</command> + daemons are needed in this case, install the <filename>samba</filename> + bootscript. Be sure to run <command>smbpasswd</command> (with the + <option>-a</option> option to add users) to enable and + set passwords for all accounts that need + <application>Samba</application> access, or use the SWAT web interface + (see below) to do the same. Using the default + <application>Samba</application> passdb backend, any user you attempt + to add will also be required to exist in the + <filename>/etc/passwd</filename> file.</para> + + </sect4> + + <sect4> + <title>Advanced Requirements</title> + + <para>More complex scenarios involving domain control or membership are + possible if the right flags are passed to the ./configure script when + the package is built. Such setups are advanced topics and cannot be + adequately covered in BLFS. Many complete books have been written on + these topics alone. It should be noted, however, that a + <application>Samba</application> BDC cannot be used as a fallback + for a Windows PDC, and conversely, a Windows BDC cannot be used as a + fallback for a <application>Samba</application> PDC. Also in some + domain mambership scenarios, the <command>winbindd</command> daemon and + the corresponding bootscript are needed.</para> + + <para>There is quite a bit of documentation available which covers many + of these advanced configurations. Point your web browser to the links + below to view some of the documentation included with the + <application>Samba</application> package:</para> + + <itemizedlist spacing='compact'> + <listitem> + <para>Using Samba, 2nd Edition; a popular book published by O'Reilly + <ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para> + </listitem> + <listitem> + <para>The Official Samba HOWTO and Reference Guide <ulink + url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/> + </para> + </listitem> + <listitem> + <para>Samba-3 by Example + <ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/> + </para> + </listitem> + <listitem> + <para>The Samba-3 man Pages + <ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para> + </listitem> + </itemizedlist> + + </sect4> + </sect3> <sect3 id="samba3-swat-config"> @@ -254,50 +370,62 @@ the <application>Samba</application> installation, but because it may be inconvenient, undesireable or perhaps even impossible to gain access to the console, BLFS recommends setting up access to SWAT using - <application>Stunnel</application>.</para> + <application>Stunnel</application>. Without + <application>Stunnel</application>, the + <systemitem class="username">root</systemitem> password is transmitted + in clear text over the wire, and is considered an unacceptable security + risk. After considering the security implications of using SWAT without + <application>Stunnel</application>, and you still wish to implement SWAT + without it, instructions are provided at this end of this section.</para> <indexterm zone="samba3 samba3-swat-config"> <primary sortas="g-SWAT">SWAT</primary> </indexterm> - <para>First you must add entries to <filename>/etc/services</filename> - and modify the <command>inetd</command>/<command>xinetd</command> - configuration.</para> + <sect4> + <title>Setting up SWAT using Stunnel</title> - <indexterm zone="samba3 samba3-swat-config"> - <primary sortas="e-etc-services">/etc/services</primary> - </indexterm> + <para>First install, or ensure you have already installed, the + <xref linkend="stunnel"/> package.</para> - <indexterm zone="samba3 samba3-swat-config"> - <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> - </indexterm> + <para>Next you must add entries to <filename>/etc/services</filename> + and modify the <command>inetd</command>/<command>xinetd</command> + configuration.</para> - <indexterm zone="samba3 samba3-swat-config"> - <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary> - </indexterm> + <indexterm zone="samba3 samba3-swat-config"> + <primary sortas="e-etc-services">/etc/services</primary> + </indexterm> - <para>Add swat and swat_tunnel entries to - <filename>/etc/services</filename> with the following commands issued - as the <systemitem class="username">root</systemitem> user:</para> + <indexterm zone="samba3 samba3-swat-config"> + <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> + </indexterm> + <indexterm zone="samba3 samba3-swat-config"> + <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary> + </indexterm> + + <para>Add swat and swat_tunnel entries to + <filename>/etc/services</filename> with the following commands issued + as the <systemitem class="username">root</systemitem> user:</para> + <screen role="root"><userinput>echo "swat 901/tcp" >> /etc/services && echo "swat_tunnel 902/tcp" >> /etc/services</userinput></screen> - <para>If <command>inetd</command> is used, the following command will - add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as - user <systemitem class="username">root</systemitem>):</para> + <para>If <command>inetd</command> is used, the following command will + add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as + user <systemitem class="username">root</systemitem>):</para> <screen role="root"><userinput>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \ >> /etc/inetd.conf</userinput></screen> - <para>Issue a <command>killall -HUP inetd</command> to reread the - changed <filename>inetd.conf</filename> file.</para> + <para>Issue a <command>killall -HUP inetd</command> to reread the + changed <filename>inetd.conf</filename> file.</para> - <para>If you use <command>xinetd</command>, the following command will - create the <application>Samba</application> file as - <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify - or remove the <quote>only_from</quote> line to include the desired - host[s]):</para> + <para>If you use <command>xinetd</command>, the following command will + create the <application>Samba</application> file as + <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify + or remove the <quote>only_from</quote> line to include the desired + host[s]):</para> <screen role="root"><userinput>cat >> /etc/xinetd.d/swat_tunnel << "EOF" <literal># Begin /etc/xinetd.d/swat_tunnel @@ -316,20 +444,20 @@ # End /etc/xinetd.d/swat_tunnel</literal> EOF</userinput></screen> - <indexterm zone="samba3 samba3-swat-config"> - <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary> - </indexterm> + <indexterm zone="samba3 samba3-swat-config"> + <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary> + </indexterm> - <para>Issue a <command>killall -HUP xinetd</command> to reread the - changed <filename>xinetd.conf</filename> file.</para> + <para>Issue a <command>killall -HUP xinetd</command> to read the new + <filename>/etc/xinetd.d/swat_tunnel</filename> file.</para> - <para>Next, you must add an entry for the swat service to the - <filename>/etc/stunnel/stunnel.conf</filename> file (as user - <systemitem class="username">root</systemitem>):</para> + <para>Next, you must add an entry for the swat service to the + <filename>/etc/stunnel/stunnel.conf</filename> file (as user + <systemitem class="username">root</systemitem>):</para> - <indexterm zone="samba3 samba3-swat-config"> - <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary> - </indexterm> + <indexterm zone="samba3 samba3-swat-config"> + <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary> + </indexterm> <screen role="root"><userinput>cat >> /etc/stunnel/stunnel.conf << "EOF" <literal>[swat] @@ -338,8 +466,8 @@ EOF</userinput></screen> - <para>Restart the <command>stunnel</command> daemon using the following - command as the <systemitem class="username">root</systemitem> user:</para> + <para>Restart the <command>stunnel</command> daemon using the following + command as the <systemitem class="username">root</systemitem> user:</para> <screen role="root"><userinput>/etc/rc.d/init.d/stunnel restart</userinput></screen> @@ -349,6 +477,68 @@ used with <application>Stunnel</application> for <replaceable>[CA_DN_field]</replaceable>.</para> + </sect4> + + <sect4> + <title>Setting up SWAT without Stunnel</title> + + <warning> + <para>BLFS does not recommend using these procedures because of the + security risk involved. However, in a home network environment and + disclosure of the root password is an acceptable risk, the following + instructions are provided for your convenience.</para> + </warning> + + <para>Add a swat entry to <filename>/etc/services</filename> with the + following command issued as the + <systemitem class='username'>root</systemitem> user:</para> + +<screen role='root'><userinput>echo "swat 901/tcp" >> /etc/services</userinput></screen> + + <para>If <command>inetd</command> is used, the following command + issed as the <systemitem class='username'>root</systemitem> user will + add a swat entry to the <filename>/etc/inetd.conf</filename> file:</para> + +<screen role='root'><userinput>echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \ + >> /etc/inetd.conf</userinput></screen> + + <para>Issue a <command>killall -HUP inetd</command> to reread the + changed <filename>inetd.conf</filename> file.</para> + + <para>If <command>xinetd</command> is used, the following command + issued as the <systemitem class='username'>root</systemitem> user + will create an <filename>/etc/xinetd.d/swat</filename> file:</para> + +<screen role='root'><userinput>cat >> /etc/xinetd.d/swat << "EOF" +<literal># Begin /etc/xinetd.d/swat + +service swat +{ + port = 901 + socket_type = stream + wait = no + only_from = 127.0.0.1 + user = root + server = /usr/sbin/swat + log_on_failure += USERID +} + +# End /etc/xinetd.d/swat</literal> +EOF</userinput></screen> + + <para>Issue a <command>killall -HUP xinetd</command> to read the + new <filename>/etc/xinetd.d/swat</filename> file.</para> + + <para>SWAT can be launched by pointing your web browser to + http://localhost:901.</para> + + </sect4> + + </sect3> + + <sect3> + <title/> + <note> <para>If you linked <application>Linux-PAM</application> into the <application>Samba</application> build, you'll need to create an @@ -361,19 +551,6 @@ </sect3> - <sect3> - <title>Printing to SMB Clients</title> - - <para>If you use <application>CUPS</application> for print services, - and you wish to print to a printer attached to an SMB client, you - need to create an SMB backend device. To create the device, issue the - following command as the <systemitem class="username">root</systemitem> - user:</para> - -<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen> - - </sect3> - <sect3 id="samba3-init"> <title>Boot Script</title> @@ -394,6 +571,20 @@ <primary sortas="f-winbind">winbind</primary> </indexterm> + <para>The default <application>Samba</application> installation uses the + <systemitem class='username'>nobody</systemitem> user for guest access + to the server. This can be overridden by setting the + <option>guest account =</option> parameter in the + <filename>/etc/samba/smb.conf</filename> file. If you utilize the + <option>guest account =</option> parameter, ensure this user exists in + the <filename>/etc/passwd</filename> file. To use the default user, + issue the following commands as the + <systemitem class='username'>root</systemitem> user:</para> + +<screen><userinput>groupadd -g 99 nogroup && +useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \ + -s /bin/false -u 99 nobody</userinput></screen> + <para>Install the <filename>samba</filename> script with the following command issued as the <systemitem class="username">root</systemitem> user:</para> -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
