1
<?xml version="1.0" encoding="utf-8"?>
2
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
3
<!ENTITY % globalent SYSTEM "../../../libs/global.ent">
4
<!-- NAMES --><!ENTITY canonical-name "Canonical Ltd.">
5
<!ENTITY project-name "Ubuntu Documentation Project">
6
<!ENTITY ubuntu "<phrase>Ubuntu</phrase>">
7
<!ENTITY sg-title "Server Guide">
8
<!ENTITY gnome "<phrase>GNOME</phrase>">
9
<!ENTITY kubuntu "<phrase>Kubuntu</phrase>">
10
<!ENTITY kde "<acronym>KDE</acronym>">
11
<!ENTITY kde-full "<phrase>K Desktop Environment</phrase>">
12
<!-- VERSIONS --><!ENTITY distro-version "Lucid Lynx">
13
<!ENTITY distro-rev "10.04">
14
<!ENTITY distro-release-date "April 2010">
15
<!ENTITY distro-short-codename "lucid">
16
<!ENTITY distro-apt-cd-name "Kubuntu 10.04_Lucid_Lynx">
17
<!ENTITY linux-kernel-version "2.6.32">
18
<!ENTITY gcc-version "4.4.3">
19
<!ENTITY glibc-version "2.11.1">
20
<!ENTITY python-version "2.6.4">
21
<!ENTITY kde-version "4.4.2">
22
<!-- <!ENTITY glossary SYSTEM '../common/C/glossary.xml' > --><!-- Footer Text for Kubuntu documentation --><!ENTITY footer-doc-comment "Would you like to make a comment or contribute an update to this page?">
23
<!ENTITY footer-doc-feedback "Send feedback to the ">
24
<!-- LEGAL URLs --><!ENTITY legalnotice SYSTEM "../../../common/legalnotice.xml">
25
<!ENTITY gpl-url '<ulink url="http://www.gnu.org/licenses/gpl.html">GNU General Public License</ulink>'>
26
<!ENTITY cc "http://creativecommons.org/">
27
<!ENTITY cc-attrib '<ulink url="http://creativecommons.org/licenses/by-sa/2.5/">Attribution-ShareAlike 2.5</ulink>'>
28
<!ENTITY cc-fulldeed-url "http://creativecommons.org/licenses/by-sa/2.5/legalcode/">
29
<!ENTITY fdl-url '<ulink url="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</ulink>'>
30
<!ENTITY cc-disclaimer-url "http://creativecommons.org/licenses/disclaimer-popup?lang=en">
31
<!-- CANONICAL URL RESOURCES --><!ENTITY canonical-url "http://www.canonical.com">
32
<!-- OTHER UBUNTU RELATED RESOURCES --><!ENTITY upstart-url "http://upstart.ubuntu.com">
33
<!-- UBUNTU IRC INFORMATION --><!ENTITY irc-network "Freenode">
34
<!ENTITY irc-server "irc.ubuntu.com">
35
<!ENTITY ubuntu-irc "irc.ubuntu.com channel #ubuntu">
36
<!ENTITY kubuntu-irc "irc.ubuntu.com channel #kubuntu">
37
<!ENTITY xubuntu-irc "irc.ubuntu.com channel #xubuntu">
38
<!ENTITY edubuntu-irc "irc.ubuntu.com channel #edubuntu">
39
<!-- UBUNTU URL RESOURCES --><!ENTITY ubuntu-packages "http://packages.ubuntu.com">
40
<!ENTITY ubuntu-dpkgfile "ubuntu5.10.tar">
41
<!ENTITY ubuntu-web "http://www.ubuntu.com">
42
<!ENTITY ubuntu-main "http://www.ubuntu.com">
43
<!ENTITY ubuntu-download "http://www.ubuntu.com/download">
44
<!ENTITY ubuntu-forums "http://www.ubuntu.com/community/forums">
45
<!ENTITY ubuntu-components "http://www.ubuntu.com/ubuntu/components">
46
<!ENTITY ubuntu-lists "http://lists.ubuntu.com">
47
<!ENTITY ubuntu-wiki "http://wiki.ubuntu.com">
48
<!ENTITY ubuntu-bugzilla "https://launchpad.net/distros/ubuntu/+bugs">
49
<!ENTITY ubuntu-doc-bugs "https://launchpad.net/products/ubuntu-doc/+bugs">
50
<!ENTITY ubuntu-support "http://www.ubuntu.com/support">
51
<!ENTITY ubuntu-paidsupport "http://www.ubuntu.com/support/paid">
52
<!ENTITY ubuntu-freesupport "http://www.ubuntu.com/support/free">
53
<!ENTITY ubuntu-comments "http://www.ubuntuforums.org/showthread.php?p=21787">
54
<!ENTITY ubuntu-documentation "http://help.ubuntu.com">
55
<!ENTITY ubuntu-documentation-repos "https://docteam.ubuntu.com/repos/trunk">
56
<!ENTITY ubuntu-doc-team "https://wiki.ubuntu.com/DocumentationTeam">
57
<!ENTITY ubuntu-doc-list "http://lists.ubuntu.com/mailman/listinfo/ubuntu-doc">
58
<!ENTITY ubuntu-shipit "http://shipit.ubuntu.com">
59
<!ENTITY ubuntu-launchpad "https://launchpad.ubuntu.com">
60
<!ENTITY ubuntu-rosetta "https://launchpad.ubuntu.com/rosetta">
61
<!ENTITY ubuntu-planet "http://planet.ubuntu.com">
62
<!ENTITY ubuntu-philosophy "http://www.ubuntu.com/ubuntu/philosophy">
63
<!ENTITY ubuntu-participate "http://www.ubuntu.com/community/participate/">
64
<!ENTITY ubuntu-marketplace "http://www.ubuntu.com/support/marketplace">
65
<!ENTITY ubuntu-hwdb "http://hwdb.ubuntu.com">
66
<!-- UBUNTU WIKI RESOURCES --><!ENTITY wiki-UserDocumentation "https://help.ubuntu.com/community/UserDocumentation">
67
<!ENTITY restricted-formats "https://help.ubuntu.com/community/RestrictedFormats">
68
<!ENTITY wiki-RestrictedFormats "https://help.ubuntu.com/community/RestrictedFormats">
69
<!ENTITY wiki-XChatHowto "https://help.ubuntu.com/community/XChatHowto">
70
<!ENTITY wiki-RootSudo "https://help.ubuntu.com/community/RootSudo">
71
<!ENTITY wiki-HowToGetHelp "https://help.ubuntu.com/community/HowToGetHelp">
72
<!ENTITY transcode "https://help.ubuntu.com/community/DVDRippingandEncoding">
73
<!ENTITY wiki-Wine "https://help.ubuntu.com/community/Wine">
74
<!ENTITY wiki-Cedega "https://help.ubuntu.com/community/Cedega">
75
<!ENTITY wiki-Nano "https://help.ubuntu.com/community/NanoHowto">
76
<!ENTITY wiki-locoteams "https://wiki.ubuntu.com/LoCoTeamList">
77
<!ENTITY wiki-BasicCommands "https://help.ubuntu.com/community/BasicCommands">
78
<!ENTITY wiki-filepermissions "https://help.ubuntu.com/community/FilePermissions">
79
<!-- KUBUNTU URL RESOURCES --><!ENTITY kubuntu-web "http://www.kubuntu.org">
80
<!ENTITY kubuntu-main "http://www.kubuntu.org">
81
<!ENTITY kubuntu-download "http://releases.ubuntu.com/kubuntu/">
82
<!ENTITY kubuntu-packages "http://packages.ubuntu.com/edgy/">
83
<!ENTITY kubuntu-cdpackages-nodefault "http://people.ubuntu.com/~cjwatson/seeds/kubuntu-edgy/ship">
84
<!ENTITY kubuntu-lists "http://lists.ubuntu.com/archives/kubuntu-users/">
85
<!ENTITY kubuntu-lists-users "http://lists.ubuntu.com/mailman/listinfo/kubuntu-users/">
86
<!ENTITY kubuntu-lists-devel "http://lists.ubuntu.com/mailman/listinfo/kubuntu-devel/">
87
<!ENTITY kubuntu-mirrors "http://distrowatch.com/kubuntu">
88
<!ENTITY kubuntu-forums "http://kubuntuforums.net">
89
<!ENTITY kubuntu-wiki "https://wiki.kubuntu.org">
90
<!ENTITY kubuntu-documentation-site "http://www.kubuntu.org/documentation.php">
91
<!ENTITY kubuntu-wiki-UserDocumentation "https://help.ubuntu.com/community/UserDocumentation">
92
<!ENTITY kubuntu-support "http://www.kubuntu.org/support.php">
93
<!-- XUBUNTU URL RESOURCES --><!ENTITY xubuntu-web "http://www.xubuntu.org">
94
<!ENTITY xubuntu-main "http://www.xubuntu.org">
95
<!ENTITY xubuntu-web-help "http://www.xubuntu.org/help">
96
<!-- DEBIAN RESOURCES --><!ENTITY debian-apt "http://www.debian.org/doc/user-manuals#apt-howto">
97
<!-- EXTERNAL URL RESOURCES --><!ENTITY linmodem "http://www.linmodems.org/">
98
<!ENTITY gnome-www "http://www.gnome.org/">
99
<!ENTITY linuxorg "http://www.linux.org/">
100
<!ENTITY ooo "http://www.openoffice.org/">
101
<!ENTITY kde-www "http://www.kde.org/">
102
<!ENTITY lugww "http://lugww.counter.li.org/">
103
<!ENTITY ubuntu-watch "http://distrowatch.com/ubuntu/">
104
<!ENTITY realplayer-download "http://www.real.com/linux/">
105
<!ENTITY nvu-download "http://www.nvu.com/download.html">
106
<!ENTITY sunjava-download "http://java.sun.com/j2se/1.5.0/download.jsp">
107
<!ENTITY xorg "http://www.x.org">
108
<!ENTITY dyndns "http://www.dyndns.org">
109
<!ENTITY shoutcast "http://www.shoutcast.com/">
110
<!ENTITY freedomtoaster "http://www.freedomtoaster.org/">
111
<!ENTITY xfce "http://www.xfce.org/">
112
<!-- ubuntu-screenshots TODO --><!ENTITY kubuntu-screenshots "http://shots.osdir.com/">
113
<!ENTITY mozilla "http://www.mozilla.org/">
114
<!ENTITY mozilla-firefox "http://www.mozilla.org/products/firefox/">
115
<!ENTITY gnu "http://www.gnu.org/">
116
<!ENTITY gnu-philosophy "http://www.gnu.org/philosophy/">
117
<!ENTITY win4lin "http://www.win4lin.com">
118
<!ENTITY codeweavers "http://www.codeweavers.com">
119
<!ENTITY kernel "http://www.kernel.org">
120
<!ENTITY google "http://www.google.com">
121
<!ENTITY kdelook " http://www.kde-look.org">
122
<!ENTITY lulu-store "http://www.lulu.com/ubuntu-doc">
123
<!-- this entity controls the url for addons--><!ENTITY java-download "http://java.sun.com/j2se/1.5.0/download.jsp">
124
<!ENTITY skype-deb "skype_1.2.0.17-1_i386.deb">
125
<!ENTITY skype-download "http://www.skype.com/go/getskype-linux-deb">
126
<!ENTITY scanmodem-gz "scanModem.gz">
127
<!ENTITY scanmodem-url "http://linmodems.technion.ac.il/packages/scanModem.gz">
128
<!ENTITY ext2fs-url "http://www.fs-driver.org/index.html">
129
<!ENTITY mvb-tar "mvb_1.6.tgz">
130
<!ENTITY mvb-url "http://www.xscd.com/pub/mvb/&mvb-tar;">
131
<!-- TLDP --><!ENTITY ldp-pre-install-check "http://tldp.org/HOWTO/Pre-Installation-Checklist/">
132
<!-- LANGUAGES (sorted by two letter code)--><!ENTITY Afar "aa">
133
<!ENTITY Abkhazian "ab">
134
<!ENTITY Afrikaans "af">
135
<!ENTITY Amharic "af">
136
<!ENTITY Arabic "ar">
137
<!ENTITY Assamese "as">
138
<!ENTITY Aymara "ay">
139
<!ENTITY Azerbaijani "az">
140
<!ENTITY Bashkir "ba">
141
<!ENTITY Byelorussian "be">
142
<!ENTITY Bulgarian "bg">
143
<!ENTITY Bihari "bh">
144
<!ENTITY Bislama "bi">
145
<!ENTITY Bangla "bn">
146
<!ENTITY Bengali "bn">
147
<!ENTITY Tibetan "bo">
148
<!ENTITY Breton "br">
149
<!ENTITY Catalan "ca">
150
<!ENTITY Corsican "co">
153
<!ENTITY Danish "da">
154
<!ENTITY German "de">
155
<!ENTITY Bhutani "dz">
157
<!-- <!ENTITY EnglishAmerican 'en'> --><!ENTITY EnglishAmerican "C">
158
<!ENTITY Esperanto "eo">
159
<!ENTITY Spanish "es">
160
<!ENTITY Estonian "et">
161
<!ENTITY Basque "eu">
162
<!ENTITY Persian "fa">
163
<!ENTITY Finnish "fi">
165
<!ENTITY Faeroese "fo">
166
<!ENTITY French "fr">
167
<!ENTITY Frisian "fy">
169
<!ENTITY Gaelic "gd">
170
<!ENTITY ScotsGaelic "gd">
171
<!ENTITY Galician "gl">
172
<!ENTITY Guarani "gn">
173
<!ENTITY Gujarati "gu">
176
<!ENTITY Croatian "hr">
177
<!ENTITY Hungarian "hu">
178
<!ENTITY Armenian "hy">
179
<!ENTITY Interlingua "ia">
180
<!ENTITY Interlingue "ie">
181
<!ENTITY Inupiak "ik">
182
<!ENTITY Indonesian "in">
183
<!ENTITY Icelandic "is">
184
<!ENTITY Italian "it">
185
<!ENTITY Hebrew "iw">
186
<!ENTITY Japanese "ja">
187
<!ENTITY Yiddish "ji">
188
<!ENTITY Javanese "jw">
189
<!ENTITY Georgian "ka">
190
<!ENTITY Kazakh "kk">
191
<!ENTITY Greenlandic "kl">
192
<!ENTITY Cambodian "km">
193
<!ENTITY Kannada "kn">
194
<!ENTITY Korean "ko">
195
<!ENTITY Kashmiri "ks">
196
<!ENTITY Kurdish "ku">
197
<!ENTITY Kirghiz "ky">
199
<!ENTITY Lingala "ln">
200
<!ENTITY Laothian "lo">
201
<!ENTITY Lithuanian "lt">
202
<!ENTITY Latvian "lv">
203
<!ENTITY Lettish "lv">
204
<!ENTITY Malagasy "mg">
206
<!ENTITY Macedonian "mk">
207
<!ENTITY Malayalam "ml">
208
<!ENTITY Mongolian "mn">
209
<!ENTITY Moldavian "mo">
210
<!ENTITY Marathi "mr">
212
<!ENTITY Maltese "mt">
213
<!ENTITY Burmese "my">
215
<!ENTITY Nepali "ne">
217
<!ENTITY Norwegian "no">
218
<!ENTITY Occitan "oc">
222
<!ENTITY Punjabi "pa">
223
<!ENTITY Polish "pl">
224
<!ENTITY Pushto "ps">
225
<!ENTITY Pashto "ps">
226
<!ENTITY Portuguese "pt">
227
<!ENTITY Quechua "qu">
228
<!ENTITY Rhaeto-Romance "rm">
229
<!ENTITY Kirundi "rn">
230
<!ENTITY Romanian "ro">
231
<!ENTITY Russian "ru">
232
<!ENTITY Kinyarwanda "rw">
233
<!ENTITY Sanskrit "sa">
234
<!ENTITY Sindhi "sd">
235
<!ENTITY Sangro "sg">
236
<!ENTITY Serbo-Croatian "sh">
237
<!ENTITY Singhalese "si">
238
<!ENTITY Slovak "sk">
239
<!ENTITY Slovenian "sl">
240
<!ENTITY Samoan "sm">
242
<!ENTITY Somali "so">
243
<!ENTITY Albanian "sq">
244
<!ENTITY Serbian "sr">
245
<!ENTITY Siswati "ss">
246
<!ENTITY Sesotho "st">
247
<!ENTITY Sudanese "su">
248
<!ENTITY Swedish "sv">
249
<!ENTITY Swahili "sw">
251
<!ENTITY Tegulu "te">
254
<!ENTITY Tigrinya "ti">
255
<!ENTITY Turkmen "tk">
256
<!ENTITY Tagalog "tl">
257
<!ENTITY Setswana "tn">
259
<!ENTITY Turkish "tr">
260
<!ENTITY Tsonga "ts">
263
<!ENTITY Ukrainian "uk">
266
<!ENTITY Vietnamese "vi">
267
<!ENTITY Volapuk "vo">
270
<!ENTITY Yoruba "yo">
271
<!ENTITY Chinese "zh">
276
sgml-minimize-attributes:nil
277
sgml-general-insert-case:lower
282
vim: tabstop=2:shiftwidth=2:expandtab:indentexpr=:tw=80:
283
kate: space-indent on; indent-width 2; tab-width 2; indent-mode none;
284
--><!ENTITY % kde-menus-C SYSTEM "../../../libs/kde-menus-C.ent">
285
<!-- Application Launcher Screenshots before Keyboard Shortcuts section --><!-- KEYBOARD SHORTCUTS AT THE VERY END --><!-- KDE MENU Entries Organized as the the show up in the Application Launcher (kickoff) --><!-- APLICATION LAUNCHER MENUS
287
This will help us shorten the amount of typing we have to do for adding new
288
menu items. It is pretty straight forward.
289
--><!-- Common Stuff --><!ENTITY mal "<guimenu>Kickoff Application Launcher</guimenu>">
290
<!ENTITY malapp "&mal;<guisubmenu>Applications</guisubmenu>">
291
<!ENTITY malfav "&mal;<guisubmenu>Favorites</guisubmenu>">
292
<!ENTITY malcmp "&mal;<guisubmenu>Computer</guisubmenu>">
293
<!ENTITY maluse "&mal;<guisubmenu>Recently Used</guisubmenu>">
294
<!ENTITY mallve "&mal;<guisubmenu>Leave</guisubmenu>">
295
<!-- Applications Submenus --><!ENTITY maldev "&malapp;<guisubmenu>Development</guisubmenu>">
296
<!ENTITY maledu "&malapp;<guisubmenu>Education</guisubmenu>">
297
<!ENTITY malgms "&malapp;<guisubmenu>Games</guisubmenu>">
298
<!ENTITY malgrp "&malapp;<guisubmenu>Graphics</guisubmenu>">
299
<!ENTITY malnet "&malapp;<guisubmenu>Internet</guisubmenu>">
300
<!ENTITY malmmd "&malapp;<guisubmenu>Multimedia</guisubmenu>">
301
<!ENTITY maloff "&malapp;<guisubmenu>Office</guisubmenu>">
302
<!ENTITY malset "&malapp;<guisubmenu>Settings</guisubmenu>">
303
<!ENTITY malsys "&malapp;<guisubmenu>System</guisubmenu>">
304
<!ENTITY malutl "&malapp;<guisubmenu>Utilities</guisubmenu>">
305
<!-- COMPUTER --><!ENTITY menusysset "<menuchoice>&malcmp;<guimenuitem>System Settings</guimenuitem></menuchoice>">
306
<!-- APPLICATIONS --><!ENTITY menuhelp "<menuchoice>&malapp;<guimenuitem>Help</guimenuitem></menuchoice>">
307
<!-- Development --><!ENTITY menueclipse "<menuchoice>&maldev;<guimenuitem>Eclipse</guimenuitem></menuchoice>">
308
<!ENTITY menugambas "<menuchoice>&maldev;<guimenuitem>Gambas</guimenuitem></menuchoice>">
309
<!ENTITY menukdevelop "<menuchoice>&maldev;<guimenuitem>KDevelop</guimenuitem></menuchoice>">
310
<!ENTITY menumonodev "<menuchoice>&maldev;<guimenuitem>MonoDevelop</guimenuitem></menuchoice>">
311
<!ENTITY menumonodoc "<menuchoice>&maldev;<guimenuitem>MonoDoc</guimenuitem></menuchoice>">
312
<!ENTITY menuqt4designer "<menuchoice>&maldev;<guimenuitem>Qt4 Designer</guimenuitem></menuchoice>">
313
<!ENTITY menudevhelp "<menuchoice>&maldev;<guimenuitem>Devhelp</guimenuitem></menuchoice>">
314
<!-- Education --><!-- Games --><!--Graphics --><!ENTITY menudigikam "<menuchoice>&malgrp;<guimenuitem>Photo Management</guimenuitem></menuchoice>">
315
<!ENTITY menugimp "<menuchoice>&malgrp;<guimenuitem>Gimp</guimenuitem></menuchoice>">
316
<!ENTITY menugwenview "<menuchoice>&malgrp;<guimenuitem>Image Viewer</guimenuitem></menuchoice>">
317
<!ENTITY menuinkscape "<menuchoice>&malgrp;<guimenuitem>Inkscape</guimenuitem></menuchoice>">
318
<!ENTITY menukooka "<menuchoice>&malgrp;<guimenuitem>Scan & OCR Program</guimenuitem></menuchoice>">
319
<!ENTITY menukpdf "<menuchoice>&malgrp;<guimenuitem>PDF Viewer</guimenuitem></menuchoice>">
320
<!ENTITY menukrita "<menuchoice>&malgrp;<guimenuitem>Painting and Image Editing</guimenuitem></menuchoice>">
321
<!ENTITY menuksnap "<menuchoice>&malgrp;<guimenuitem>Screen Capture Program</guimenuitem></menuchoice>">
322
<!ENTITY menuscribus "<menuchoice>&malgrp;<guimenuitem>Scribus</guimenuitem></menuchoice>">
323
<!ENTITY menuoodraw "<menuchoice>&malgrp;<guimenuitem>Drawing</guimenuitem></menuchoice>">
324
<!ENTITY menublender "<menuchoice>&malgrp;<guimenuitem>Blender</guimenuitem></menuchoice>">
325
<!-- Internet --><!ENTITY menubluechat "<menuchoice>&malnet;<guimenuitem>Bluetooth Chat</guimenuitem></menuchoice>">
326
<!ENTITY menublueobex "<menuchoice>&malnet;<guimenuitem>Bluetooth OBEX Client</guimenuitem></menuchoice>">
327
<!ENTITY menuff "<menuchoice>&malnet;<guimenuitem>Web Browser</guimenuitem></menuchoice>">
328
<!ENTITY menuffinstall "<menuchoice>&malnet;<guimenuitem>Kubuntu Firefox Installer</guimenuitem></menuchoice>">
329
<!ENTITY menukmail "<menuchoice>&malnet;<guimenuitem>Mail Client</guimenuitem></menuchoice>">
330
<!ENTITY menuknetmgr "<menuchoice>&malnet;<guimenuitem>Network Manager</guimenuitem></menuchoice>">
331
<!ENTITY menukonqi "<menuchoice>&malnet;<guimenuitem>Web Browser</guimenuitem></menuchoice>">
332
<!ENTITY menukonv "<menuchoice>&malnet;<guimenuitem>IRC Client</guimenuitem></menuchoice>">
333
<!ENTITY menukopete "<menuchoice>&malnet;<guimenuitem>Instant Messager</guimenuitem></menuchoice>">
334
<!ENTITY menukppp "<menuchoice>&malnet;<guimenuitem>Internet Dial-Up Tool</guimenuitem></menuchoice>">
335
<!ENTITY menukrdc "<menuchoice>&malnet;<guimenuitem>Remote Desktop Connection</guimenuitem></menuchoice>">
336
<!ENTITY menukrfb "<menuchoice>&malnet;<guimenuitem>Desktop Sharing</guimenuitem></menuchoice>">
337
<!ENTITY menuktorrent "<menuchoice>&malnet;<guimenuitem>BitTorrent Client</guimenuitem></menuchoice>">
338
<!ENTITY menuakregator "<menuchoice>&malnet;<guimenuitem>Akregator - RSS Feed Reader</guimenuitem></menuchoice>">
339
<!ENTITY menuquassel "<menuchoice>&malnet;<guimenuitem>IRC Client (Quassel IRC)</guimenuitem></menuchoice>">
340
<!-- Multimedia --><!ENTITY menuk3b "<menuchoice>&malmmd;<guimenuitem>CD & DVD Burning (K3b)</guimenuitem></menuchoice>">
341
<!ENTITY menuamarok "<menuchoice>&malmmd;<guimenuitem>Music Player (Amarok)</guimenuitem></menuchoice>">
342
<!ENTITY menudragon "<menuchoice>&malmmd;<guimenuitem>Video Player (Dragon)</guimenuitem></menuchoice>">
343
<!ENTITY menukino "<menuchoice>&malmmd;<guimenuitem>Kino</guimenuitem></menuchoice>">
344
<!ENTITY menuaudacity "<menuchoice>&malmmd;<guimenuitem>Audacity</guimenuitem></menuchoice>">
345
<!-- Office --><!ENTITY menukontact "<menuchoice>&maloff;<guimenuitem>Personal Information Manager (Kontact)</guimenuitem></menuchoice>">
346
<!ENTITY menuooimpress "<menuchoice>&maloff;<guimenuitem>Presentation (OpenOffice.org Presentation)</guimenuitem></menuchoice>">
347
<!ENTITY menuoocalc "<menuchoice>&maloff;<guimenuitem>Spreadsheet (OpenOffice.org Spreadsheet)</guimenuitem></menuchoice>">
348
<!ENTITY menuoowriter "<menuchoice>&maloff;<guimenuitem>Word Processor (OpenOffice.org Word Processor)</guimenuitem></menuchoice>">
349
<!ENTITY menukmymoney "<menuchoice>&maloff;<guimenuitem>KMyMoney2</guimenuitem></menuchoice>">
350
<!-- Science & Math --><!-- Settings --><!-- System --><!ENTITY menuadept "<menuchoice>&malsys;<guimenuitem>Package Manager (Adept)</guimenuitem></menuchoice>">
351
<!ENTITY menucomputerjanitor "<menuchoice>&malsys;<guimenuitem>Computer Janitor</guimenuitem></menuchoice>">
352
<!ENTITY menudolphin "<menuchoice>&malsys;<guimenuitem>File Manager (Dolphin)</guimenuitem></menuchoice>">
353
<!ENTITY menukpackagekit "<menuchoice>&malsys;<guimenuitem>Software Management (KPackageKit)</guimenuitem></menuchoice>">
354
<!ENTITY menukonsole "<menuchoice>&malsys;<guimenuitem>Terminal (Konsole)</guimenuitem></menuchoice>">
355
<!ENTITY menupartman "<menuchoice>&malsys;<guimenuitem>Partition Editor (KDE Partition Manager)</guimenuitem></menuchoice>">
356
<!ENTITY menuqtparted "<menuchoice>&malsys;<guimenuitem>Partition Manager (QtParted)</guimenuitem></menuchoice>">
357
<!ENTITY menuar "<menuchoice>&malsys;<guimenuitem>Package Manager (Add/Remove)</guimenuitem></menuchoice>">
358
<!ENTITY menujockey "<menuchoice>&malsys;<guimenuitem>Hardware Deivers</guimenuitem></menuchoice>">
359
<!ENTITY menukuser "<menuchoice>&malsys;<guimenuitem>User Manager (KUser)</guimenuitem></menuchoice>">
360
<!ENTITY menuhardwaredrivers "<menuchoice>&malsys;<guimenuitem>Hardware Drivers</guimenuitem></menuchoice>">
361
<!ENTITY menuusbcreator "<menuchoice>&malsys;<guimenuitem>Startup Disk Creator</guimenuitem></menuchoice>">
362
<!-- Utilities --><!ENTITY menukaramba "<menuchoice>&malutl;<guimenuitem>SuperKaramba</guimenuitem></menuchoice>">
363
<!ENTITY menukate "<menuchoice>&malutl;<guimenuitem>Advanced Text Editor (Kate)</guimenuitem></menuchoice>">
364
<!ENTITY menukeep "<menuchoice>&malutl;<guimenuitem>Keep</guimenuitem></menuchoice>">
365
<!-- Lost & Found --><!-- Application Launcher - Leave --><!ENTITY menulogout "<menuchoice>&mallve;<guimenuitem>Logout (End Session)</guimenuitem></menuchoice>">
366
<!ENTITY menulock "<menuchoice>&mallve;<guimenuitem>Lock (Lock the screen)</guimenuitem></menuchoice>">
367
<!-- APPLICATION LAUNCHER IMAGES --><!-- Applications --><!ENTITY a_l_apps '<example><title>Kickoff Application Launcher - Applications</title>
368
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_applications.png" format="PNG" />
369
</imageobject></mediaobject></example>'>
370
<!-- Applications - Development --><!ENTITY a_l_apps_dev '<example><title>Kickoff Application Launcher - Applications - Development</title>
371
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_development.png" format="PNG" /></imageobject></mediaobject></example>'>
372
<!-- Applications - Graphics --><!ENTITY a_l_apps_graphics '<example><title>Kickoff Application Launcher - Applications - Graphics</title>
373
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_graphics.png" format="PNG" /></imageobject></mediaobject></example>'>
374
<!-- Applications - Internet --><!ENTITY a_l_apps_internet '<example><title>Kickoff Application Launcher - Applications - Internet</title>
375
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_internet.png" format="PNG" /></imageobject></mediaobject></example>'>
376
<!-- Applications - Multimedia --><!ENTITY a_l_apps_multi '<example><title>Kickoff Application Launcher - Applications - Multimedia</title>
377
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_multimedia.png" format="PNG" /></imageobject></mediaobject></example>'>
378
<!-- Applications - Office --><!ENTITY a_l_apps_office '<example><title>Kickoff Application Launcher - Applications - Office</title>
379
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_office.png" format="PNG" /></imageobject></mediaobject></example>'>
380
<!-- Applications - Settings --><!ENTITY a_l_apps_settings '<example><title>Kickoff Application Launcher - Applications - Settings</title>
381
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_settings.png" format="PNG" /></imageobject></mediaobject></example>'>
382
<!-- Applications - System --><!ENTITY a_l_apps_system '<example><title>Kickoff Application Launcher - Applications - System</title>
383
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_system.png" format="PNG" /></imageobject></mediaobject></example>'>
384
<!-- Applications - Utilities --><!ENTITY a_l_apps_utils '<example><title>Kickoff Application Launcher - Applications - Utilities</title>
385
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_application_utilities.png" format="PNG" /></imageobject></mediaobject></example>'>
386
<!-- Computer --><!ENTITY a_l_computer '<example><title>Kickoff Application Launcher - Computer</title>
387
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_computer.png" format="PNG" /></imageobject></mediaobject></example>'>
388
<!-- Favorites --><!ENTITY a_l_favs '<example><title>Kickoff Application Launcher - Favorites</title>
389
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_favorites.png" format="PNG" /></imageobject></mediaobject></example>'>
390
<!-- Leave --><!ENTITY a_l_leave '<example><title>Kickoff Application Launcher - Leave</title>
391
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_leave.png" format="PNG" /></imageobject></mediaobject></example>'>
392
<!-- Recently Used --><!ENTITY a_l_used '<example><title>Kickoff Application Launcher - Recently Used</title>
393
<mediaobject><imageobject><imagedata fileref="../../images/C/application_launcher_recently_used.png" format="PNG" /></imageobject></mediaobject></example>'>
394
<!-- END APPLICATION LAUNCHER IMAGES --><!-- KEYBOARD SHORTCUTS --><!ENTITY ctrlaltf1 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F1</keycap></keycombo>">
395
<!ENTITY ctrlaltf2 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F2</keycap></keycombo>">
396
<!ENTITY ctrlaltf3 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F3</keycap></keycombo>">
397
<!ENTITY ctrlaltf4 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F4</keycap></keycombo>">
398
<!ENTITY ctrlaltf5 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F5</keycap></keycombo>">
399
<!ENTITY ctrlaltf6 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F6</keycap></keycombo>">
400
<!ENTITY ctrlaltf7 "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F7</keycap></keycombo>">
401
<!ENTITY ctrlaltbkspc "<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Backspace</keycap></keycombo>">
402
<!ENTITY language "en">
404
<article id="sharing" lang="kubuntu-docs-sharing-fr">
406
<title>Partage de fichiers dans <phrase>Kubuntu</phrase></title>
410
This document explains how to share files between <phrase>Kubuntu</phrase> and Windows.
415
<sect1 id="windows-networking-introduction">
416
<title>Introduction</title>
419
Computer networks are often comprised of diverse systems. While operating a
420
network made up entirely of <phrase>Kubuntu</phrase> desktop and server computers would
421
certainly be fun, some network environments will consist of <phrase>Kubuntu</phrase> and
422
<trademark class="registered">Microsoft</trademark>
423
<trademark class="registered">Windows</trademark> systems working together. This
424
section of the <phrase>Kubuntu</phrase> Server Guide introduces principles and tools used for
425
configuring <phrase>Kubuntu</phrase> servers to share network resources with Windows computers.
429
Successfully networking a <phrase>Kubuntu</phrase> system with Windows clients involves
430
providing and integrating services common to Windows environments. These
431
services support sharing data and information about the computers and users
432
on the network, and may be classified into three major categories:
438
<emphasis role="bold">File and Printer Sharing Services</emphasis>. The
439
Server Message Block (<acronym>SMB</acronym>) protocol is used to facilitate
440
sharing files, folders, volumes, and printers throughout the network.
445
<emphasis role="bold">Directory Services</emphasis>. Vital information is shared
446
about the computers and users of the network with such technologies as the
447
Lightweight Directory Access Protocol (<acronym>LDAP</acronym>) and Microsoft
448
<trademark class="registered">Active Directory</trademark>.
453
<emphasis role="bold">Authentication and Access</emphasis>. It is
454
necessary to be able to establish the identity of a computer or user to
455
determine the information the computer or user is authorized to access.
456
Authentication and access use principles and technologies such as file
457
permissions, group policies, and the Kerberos authentication service.
463
A <phrase>Kubuntu</phrase> system can provide all such capabilities for Windows clients and
464
enable sharing network resources with them. One of the principal pieces of
465
software included in a <phrase>Kubuntu</phrase> system for Windows networking is the Samba
466
suite of <acronym>SMB</acronym> server applications and tools.
470
This section of the <phrase>Kubuntu</phrase> Server Guide will introduce some of the ways Samba
471
is commonly used, and how to install and configure the necessary packages.
472
Additional detailed documentation and information on Samba can be found
473
on the <ulink url="http://www.samba.org">Samba website</ulink>.
477
<sect1 id="samba-fileserver">
478
<title>Serveur de fichiers Samba</title>
481
One of the most common ways to network <phrase>Kubuntu</phrase> and Windows computers is to
482
configure Samba as a File Server. This section covers setting up a
483
<application>Samba</application> server to share files with Windows clients.
487
The server will be configured to share files with any client on the network
488
without prompting for a password. If the environment requires stricter Access
489
Controls, see <xref linkend="samba-fileprint-security"/>
492
<sect2 id="samba-fileserver-installation">
493
<title>Installation</title>
496
The first step is to install the <application>samba</application> package. From a terminal prompt enter:
500
<command>sudo apt-get install samba</command>
504
That's all there is to it. Samba is ready to be configured for file sharing.
508
<sect2 id="samba-fileserver-configuration">
509
<title>Configuration</title>
512
The main Samba configuration file is located in
513
<filename>/etc/samba/smb.conf</filename>. The default configuration file has a
514
significant number of comments in order to document various configuration
519
Not all the available options are included in the default configuration file. See the <filename>smb.conf</filename>
520
<application>man</application> page or the
521
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/">Samba HOWTO Collection</ulink> for more details.
529
Edit the following key/value pairs in the <emphasis>[global]</emphasis> section
530
of <filename>/etc/samba/smb.conf</filename>:
540
The <emphasis>security</emphasis> parameter is farther down in the [global]
541
section, and is commented out by default.
542
Change <emphasis>EXAMPLE</emphasis> to match the actual environment.
549
Create a new section at the bottom of the file, or uncomment one of the
550
examples for the directory to be shared:
555
comment = Ubuntu File Server Share
556
path = /srv/samba/share
566
<emphasis>comment:</emphasis> a short description of the share. Adjust to fit
572
<emphasis>path:</emphasis> the path to the directory to share.
575
This example uses <filename>/srv/samba/sharename</filename> because, according
576
to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>,
577
<ulink url="http://www.pathname.com/fhs/pub/fhs-2.3. html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM">/srv</ulink>
578
is where site-specific data should be served. Technically Samba shares can be
579
placed anywhere on the filesystem as long as the permissions are correct, but
580
adhering to standards is recommended.
585
<emphasis>browsable:</emphasis> enables Windows clients to browse the shared
586
directory using <application>Windows Explorer</application>.
591
<emphasis>guest ok:</emphasis> allows clients to connect to the share without
592
supplying a password.
597
<emphasis>read only:</emphasis> determines if the share is read only or if write privileges are granted. Write privileges are allowed only when the value is <emphasis>no</emphasis>, as is seen in this example. If the value is <emphasis>yes</emphasis>, then access to the share is read only.
602
<emphasis>create mask:</emphasis> determines the permissions new files will have
612
Now that <application>Samba</application> is configured, the directory needs to
613
be created and the permissions changed. From a terminal enter:
617
<command>sudo mkdir -p /srv/samba/share</command>
618
<command>sudo chown nobody.nogroup /srv/samba/share/</command>
623
The <emphasis>-p</emphasis> switch tells mkdir to create the entire directory
624
tree if it doesn't exist. Change the share name to fit the environment.
632
Finally, restart the <application>samba</application> services to enable the new configuration:
636
<command>sudo /etc/init.d/samba restart</command>
644
The above configuration gives all access to any client on the local network. For
645
a more secure configuration, see <xref linkend="samba-fileprint-security"/>.
650
From a Windows client, it should now be possible to browse to the <phrase>Kubuntu</phrase> file
651
server and see the shared directory. To check that everything is working, try
652
creating a directory from Windows.
656
To create additional shares, simply create new <emphasis>[dir]</emphasis>
657
sections in <filename>/etc/samba/smb.conf</filename>, and restart
658
<emphasis>Samba</emphasis>. Make sure that the directory to be shared actually
659
exists and that the permissions are correct.
662
<sect2 id="samba-fileserver-resources">
663
<title>Resources</title>
668
For in depth Samba configurations see the
669
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/">Samba HOWTO Collection</ulink>
674
The guide is also available in
675
<ulink url="http://www.amazon.com/exec/obidos/tg/detail/-/0131882228">printed format</ulink>.
680
O'Reilly's <ulink url="http://www.oreilly.com/catalog/9780596007690/">Using
681
Samba</ulink> is another good reference.
689
<sect1 id="samba-fileprint-security">
690
<title>Securing a Samba File and Print Server</title>
692
<sect2 id="samba-security-mode">
693
<title>Samba Security Modes</title>
696
There are two security levels available to the Common Internet Filesystem (CIFS)
697
network protocol <emphasis>user-level</emphasis> and
698
<emphasis>share-level</emphasis>. Samba's <emphasis>security mode</emphasis>
699
implementation allows more flexibility, providing four ways of implementing
700
user-level security and one way to implement share-level:
706
<emphasis>security = user:</emphasis> requires clients to supply a username and
707
password to connect to shares. Samba user accounts are separate from system
708
accounts, but the <application>libpam-smbpass</application> package will sync
709
system users and passwords with the Samba user database.
714
<emphasis>security = domain:</emphasis> this mode allows the Samba server to
715
appear to Windows clients as a Primary Domain Controller (PDC), Backup Domain
716
Controller (BDC), or a Domain Member Server (DMS). See
717
<xref linkend="samba-dc"/> for further information.
722
<emphasis>security = ADS:</emphasis> allows the Samba server to join an Active
723
Directory domain as a native member. See <xref linkend="samba-ad-integration"/>
729
<emphasis>security = server:</emphasis> this mode is left over from before Samba
730
could become a member server, and, due to some security issues, should not be
731
used. See the <ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType. html#id349531">Server Security</ulink> section of the Samba guide for more
737
<emphasis>security = share:</emphasis> allows clients to connect to shares
738
without supplying a username and password.
744
The preferred security mode depends on the environment and what the Samba
745
server needs to accomplish.
749
<sect2 id="samba-user-security">
750
<title>Security = User</title>
753
This section will reconfigure the Samba file and print server, from <xref linkend="samba-fileserver"/> and the
754
<ulink type="help" url="help:/kubuntu/printing/"> Print Server</ulink>, to
755
require authentication.
759
First, install the <application>libpam-smbpass</application> package which will
760
sync the system users to the Samba user database:
764
<command>sudo apt-get install libpam-smbpass</command>
769
If the <emphasis>Samba Server</emphasis> task was chosen during installation,
770
<application>libpam-smbpass</application> is already installed.
775
Edit <filename>/etc/samba/smb.conf</filename>, and in the
776
<emphasis>[share]</emphasis> section change:
784
Finally, restart Samba for the new settings to take effect:
788
<command>sudo /etc/init.d/samba restart</command>
792
Now when connecting to the shared directories or printers, there will be a
793
prompt for a username and password.
798
To map a network drive to the share, <quote>Reconnect at Logon</quote> should be
799
checked, which will require the username and password to be entered just once,
800
at least until the password changes.
805
<sect2 id="samba-share-security">
806
<title>Share Security</title>
809
There are several options available to increase the security for each individual
810
shared directory. Using the <emphasis>[share]</emphasis> example, this section
811
will cover some common options.
814
<sect3 id="windows-networking-groups">
815
<title>Groups</title>
818
Groups define a collection of computers or users which have a common level of
819
access to particular network resources and offer a level of granularity in
820
controlling access to such resources. For example, if a group
821
<emphasis role="italic">qa</emphasis> is defined and contains the users
822
<emphasis role="italic">freda</emphasis>, <emphasis role="italic">danika</emphasis>, and <emphasis role="italic">rob</emphasis> and
823
a second group <emphasis role="italic">support</emphasis> is defined and
824
consists of users <emphasis role="italic">danika</emphasis>,
825
<emphasis role="italic">jeremy</emphasis>, and <emphasis role="italic">vincent</emphasis>, then certain network resources configured to
826
allow access by the <emphasis role="italic">qa</emphasis> group will
827
subsequently enable access by freda, danika, and rob, but not jeremy or
828
vincent. Since the user <emphasis role="italic">danika</emphasis>
829
belongs to both the <emphasis role="italic">qa</emphasis> and <emphasis role="italic">support</emphasis> groups, she will be able to access resources
830
configured for access by both groups, whereas all other users will have only
831
access to resources explicitly allowing the group they are part of.
836
By default Samba looks for the local system groups defined in
837
<filename>/etc/group</filename> to determine which users belong to which
838
groups. For more information on adding and removing users from groups see
839
<ulink type="help" url="help:/kubuntu/basics/"> Basics</ulink>.
843
When defining groups in the Samba configuration file,
844
<filename>/etc/samba/smb.conf</filename>, the recognized syntax
845
is to preface the group name with an "@" symbol. For example, to define a group
846
named <emphasis role="italic">sysadmin</emphasis> in a certain section of the
847
<filename>/etc/samba/smb.conf</filename>, the group name would be entered as
848
<emphasis role="bold">@sysadmin</emphasis>.
852
<sect3 id="samba-file-permissions">
853
<title>File Permissions</title>
856
File Permissions define the explicit rights a computer or user has to a
857
particular directory, file, or set of files. Such permissions may be defined by
858
editing the <filename>/etc/samba/smb.conf</filename> file and specifying the
859
explicit permissions of a defined file share.
863
For example, for a defined Samba share called <emphasis>share</emphasis> and
864
the need to give <emphasis role="italic">read-only</emphasis> permissions to the
865
group of users known as <emphasis role="italic">qa</emphasis>, while allowing
866
write permissions to the share by the group called
867
<emphasis role="italic">sysadmin</emphasis> and the user named <emphasis role="italic">vincent</emphasis>, then the
868
<filename>/etc/samba/smb.conf</filename> file could be edited to add the
869
following entries under the <emphasis>[share]</emphasis> entry:
874
write list = @sysadmin, vincent
878
Another possible Samba permission is to declare
879
<emphasis>administrative</emphasis> permissions to a particular shared resource.
880
Users having administrative permissions may read, write, or modify any
881
information contained in the resource where the user has been given explicit
882
administrative permissions.
886
For example, to give the user <emphasis role="italic">melissa</emphasis>
887
administrative permissions to the <emphasis role="italic">share</emphasis>
888
example, the <filename>/etc/samba/smb.conf</filename> file would be edited to
889
add the following line under the <emphasis>[share]</emphasis> entry:
893
admin users = melissa
897
After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for the changes to take effect:
901
<command>sudo /etc/init.d/samba restart</command>
906
For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> to
907
work the Samba security mode must <emphasis>not</emphasis> be set to <emphasis role="italic">security = share</emphasis>
912
Now that Samba has been configured to limit which groups have access to the
913
shared directory, the filesystem permissions need to be updated.
917
Traditional Linux file permissions do not map well to Windows NT Access Control
918
Lists (ACLs). Fortunately POSIX ACLs are available on <phrase>Kubuntu</phrase> servers
919
providing more fine grained control. For example, to enable ACLs on
920
<filename>/srv</filename> an EXT3 filesystem, edit
921
<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:
925
UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0
930
Then remount the partition:
934
<command>sudo mount -v -o remount /srv</command>
939
The above example assumes <filename>/srv</filename> on a separate partition. If <filename>/srv</filename>,
940
or wherever the share path is configured, is part of the <filename>/</filename>
941
partition, a reboot may be required.
946
To match the Samba configuration above, the <emphasis>sysadmin</emphasis> group
947
will be given read, write, and execute permissions to
948
<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group will be
949
given read and execute permissions, and the files will be owned by the username
950
<emphasis>melissa</emphasis>. Enter the following in a terminal:
954
<command>sudo chown -R melissa /srv/samba/share/</command>
955
<command>sudo chgrp -R sysadmin /srv/samba/share/</command>
956
<command>sudo setfacl -R -m g:qa:rx /srv/samba/share/</command>
961
The <application>setfacl</application> command above gives
962
<emphasis>execute</emphasis> permissions to all files in the
963
<filename>/srv/samba/share</filename> directory, which may or may not be
969
A Windows client will show that the new file permissions are implemented. See
970
the <application>acl</application> and <application>setfacl</application> man
971
pages for more information on POSIX ACLs.
976
<sect2 id="samba-apparmor">
977
<title>Samba AppArmor Profile</title>
980
<phrase>Kubuntu</phrase> comes with the <application>AppArmor</application> security module,
981
which provides mandatory access controls. The default AppArmor profile for Samba
982
will need to be adapted to the proper configuration. For more details on using
983
AppArmor, please refer to the<ulink url="https://help.ubuntu.com/community/AppArmor"> wiki</ulink>
987
There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> and
988
<filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part of the
989
<application>apparmor-profiles</application> packages. To install the package,
990
from a terminal prompt, enter:
994
<command>sudo apt-get install apparmor-profiles</command>
999
This package contains profiles for several other binaries.
1004
By default the profiles for <application>smbd</application> and
1005
<application>nmbd</application> are in <emphasis>complain</emphasis> mode,
1006
allowing Samba to work without modifying the profile, and only logging errors.
1007
To place the <application>smbd</application> profile into
1008
<emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile
1009
will need to be modified to reflect any directories that are shared.
1013
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename>, adding information for
1014
<emphasis>[share]</emphasis> from the file server example:
1018
/srv/samba/share/ r,
1019
/srv/samba/share/** rwkix,
1023
Now place the profile into <emphasis>enforce</emphasis> and reload it:
1027
<command>sudo aa-enforce /usr/sbin/smbd</command>
1028
<command>cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r</command>
1032
It is now possible to read, write, and execute files in the shared directory as
1033
normal, and the <application>smbd</application> binary will have access to only
1034
the configured files and directories. Be sure to add entries for each directory
1035
that Samba is configured to share. Any errors will be logged to
1036
<filename>/var/log/syslog</filename>.
1040
<sect2 id="samba-security-resources">
1041
<title>Resources</title>
1046
For in depth Samba configurations, see the
1047
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/">Samba HOWTO Collection</ulink>
1052
The guide is also available in
1053
<ulink url="http://www.amazon.com/exec/obidos/tg/detail/-/0131882228">printed format</ulink>.
1058
O'Reilly's <ulink url="http://www.oreilly.com/catalog/9780596007690/">Using
1059
Samba</ulink> is also a good reference.
1064
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to security.
1069
For more information on Samba and ACLs, see the
1070
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id397568">Samba ACLs page
1078
<sect1 id="samba-dc">
1079
<title>Samba as a Domain Controller</title>
1082
Although it cannot act as an Active Directory Primary Domain Controller (PDC), a
1083
Samba server can be configured to appear as a Windows NT4-style domain
1084
controller. A major advantage of this configuration is the ability to
1085
centralize user and machine credentials. Samba can also use multiple backends
1086
to store the user information.
1089
<sect2 id="samba-pdc-smbpasswd">
1090
<title>Primary Domain Controller</title>
1093
This section covers configuring Samba as a Primary Domain Controller (PDC) using
1094
the default smbpasswd backend.
1101
Install Samba and <application>libpam-smbpass</application> to sync the user
1102
accounts, by entering the following in a terminal prompt:
1106
<command>sudo apt-get install samba libpam-smbpass</command>
1113
Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. The
1114
<emphasis>security</emphasis> mode should be set to <emphasis role="italic">user</emphasis>, and the <emphasis>workgroup</emphasis> should
1115
relate to the organization properly:
1128
In the commented <quote>Domains</quote> section, add or uncomment the following:
1133
logon path = \\%N\%U\profile
1135
logon home = \\%N\%U
1136
logon script = logon.cmd
1137
add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d /var/lib/samba -s /bin/false %u
1143
<emphasis>domain logons:</emphasis> provides the netlogon service causing Samba
1144
to act as a domain controller.
1149
<emphasis>logon path:</emphasis> places the user's Windows profile into their
1150
home directory. It is also possible to configure a
1151
<emphasis>[profiles]</emphasis> share placing all profiles under a single
1157
<emphasis>logon drive:</emphasis> specifies the home directory local path.
1162
<emphasis>logon home:</emphasis> specifies the home directory location.
1167
<emphasis>logon script:</emphasis> determines the script to be run locally once
1168
a user has logged in. The script needs to be placed in the
1169
<emphasis>[netlogon]</emphasis> share.
1174
<emphasis>add machine script:</emphasis> a script that will automatically create
1175
the <emphasis>Machine Trust Account</emphasis> needed for a workstation to join
1179
In this example, the <emphasis>machines</emphasis> group will need to be created
1180
using the <application>addgroup</application> utility. See <ulink type="help" url="help:/kubuntu/basics/"> Basics</ulink> for details.
1187
If <emphasis>Roaming Profiles</emphasis> will not be used, leave the
1188
<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options
1197
Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis role="italic">logon home</emphasis> to be mapped:
1202
comment = Home Directories
1206
directory mask = 0700
1214
When configured as a domain controller, a <emphasis>[netlogon]</emphasis> share
1215
needs to be configured. To enable the share, uncomment:
1220
comment = Network Logon Service
1221
path = /srv/samba/netlogon
1229
The original <emphasis>netlogon</emphasis> share path is
1230
<filename>/home/samba/netlogon</filename>, but according to the Filesystem
1231
Hierarchy Standard (FHS), <ulink url="http://www.pathname.com/fhs/pub/fhs-2.3. html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM">/srv</ulink> is the correct location
1232
for site-specific data provided by the system.
1240
Now create the <filename role="directory">netlogon</filename> directory, and an
1241
empty (for now) <filename>logon.cmd</filename> script file:
1245
<command>sudo mkdir -p /srv/samba/netlogon</command>
1246
<command>sudo touch /srv/samba/netlogon/logon.cmd</command>
1250
Any normal Windows logon script commands can be entered in
1251
<filename>logon.cmd</filename> to customize the client's environment.
1258
With <emphasis>root</emphasis> being disabled by default, in order to join a
1259
workstation to the domain, a system group must be mapped to the Windows
1260
<emphasis>Domain Admins</emphasis> group. Using the
1261
<application>net</application> utility, from a terminal enter:
1265
<command>sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin
1266
rid=512 type=d</command>
1271
Change <emphasis role="italic">sysadmin</emphasis> to the preferred group. The
1272
user used to join the domain needs to be a member of the
1273
<emphasis>sysadmin</emphasis> group, as well as a member of the system
1274
<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group allows
1275
<application>sudo</application> use.
1283
Finally, restart Samba to enable the new domain controller:
1287
<command>sudo /etc/init.d/samba restart</command>
1294
It is now possible to join Windows clients to the Domain in the same manner as
1295
joining them to an NT4 domain running on a Windows server.
1302
<sect2 id="samba-bdc-smbpasswd">
1303
<title>Backup Domain Controller</title>
1306
With a Primary Domain Controller (PDC) on the network, it is best to have a
1307
Backup Domain Controller (BDC) as well. This will allow clients to authenticate
1308
in case the PDC becomes unavailable.
1312
When configuring Samba as a BDC, there must be a way to sync account information
1313
with the PDC. There are multiple ways of accomplishing this, such as
1314
<application>scp</application>, <application>rsync</application>, or by using
1315
<application>LDAP</application> as the <emphasis>passdb backend</emphasis>.
1319
Using LDAP is the most robust way to sync account information, because both
1320
domain controllers can use the same information in real time. However, setting
1321
up a LDAP server may be overly complicated for a small number of user and
1322
computer accounts. See Samba<ulink url="http://wiki.samba.org/index.php/Samba_&_LDAP"> LDAP</ulink> page for
1330
First, install <application>samba</application> and <application>libpam-smbpass</application>. From a terminal enter:
1334
<command>sudo apt-get install samba libpam-smbpass</command>
1341
Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the following
1342
in the <emphasis>[global]</emphasis>:
1355
In the commented <emphasis>Domains</emphasis> uncomment or add:
1367
Make sure a user has rights to read the files in <filename>/var/lib/samba</filename>. For example, to allow users in the
1368
<emphasis>admin</emphasis> group to <application>scp</application> the files,
1373
<command>sudo chgrp -R admin /var/lib/samba</command>
1380
Next, sync the user accounts, using <application>scp</application> to copy the
1381
<filename>/var/lib/samba</filename> directory from the PDC:
1385
<command>sudo scp -r username@pdc:/var/lib/samba /var/lib</command>
1390
Replace <emphasis>username</emphasis> with a valid username and
1391
<emphasis>pdc</emphasis> with the hostname or IP Address of the actual PDC.
1399
Finally, restart <application>samba</application>:
1403
<command>sudo /etc/init.d/samba restart</command>
1410
Test that the Backup Domain controller is working by stopping the Samba daemon
1411
on the PDC, then trying to login to a Windows client joined to the domain.
1415
If the <emphasis>logon home</emphasis> option has been configured as a directory
1416
on the PDC, and the PDC becomes unavailable, access to the user's
1417
<emphasis>Home</emphasis> drive will also be unavailable. For this reason,
1418
it is best to configure the <emphasis>logon home</emphasis> to reside on a
1419
separate file server from the PDC and BDC.
1424
<sect2 id="samba-dc-resources">
1425
<title>Resources</title>
1430
For in depth Samba configurations see the
1431
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/">Samba HOWTO Collection</ulink>
1436
The guide is also available in
1437
<ulink url="http://www.amazon.com/exec/obidos/tg/detail/-/0131882228">printed format</ulink>.
1442
O'Reilly's <ulink url="http://www.oreilly.com/catalog/9780596007690/">Using
1443
Samba</ulink> is also a good reference.
1448
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html">
1449
Chapter 4</ulink> of the Samba HOWTO Collection explains setting up a Primary
1455
<ulink url="http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html">
1456
Chapter 5</ulink> of the Samba HOWTO Collection explains setting up a Backup
1465
<sect1 id="samba-ad-integration" status="done">
1466
<title>Samba Active Directory Integration</title>
1468
<sect2 id="ad-integration-samba-share">
1469
<title>Accessing a Samba Share</title>
1472
Another use for Samba is to integrate into an existing Windows network. Once
1473
part of an Active Directory (AD) domain, Samba can provide file and print
1474
services to AD users.
1478
The simplest way to join an AD domain is to use
1479
<application>Likewise-open</application>. For detailed instructions, see <xref linkend="likewise-open"/>.
1483
Once part of the domain, enter the following command in the terminal prompt:
1487
<command>sudo apt-get install samba smbfs smbclient</command>
1491
Since the <application>likewise-open</application> and <application>samba</application> packages use separate
1492
<filename>secrets.tdb</filename> files, a symlink must be created in <filename role="directory">/var/lib/samba</filename>:
1496
<command>sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig</command>
1497
<command>sudo ln -s /etc/samba/secrets.tdb /var/lib/samba</command>
1501
Next, edit <filename>/etc/samba/smb.conf</filename> changing:
1510
idmap backend = lwopen
1511
idmap uid = 50-9999999999
1512
idmap gid = 50-9999999999
1516
Restart <application>samba</application> for the new settings to take effect:
1520
<command>sudo /etc/init.d/samba restart</command>
1524
It should now be possible to access any <application>Samba</application> shares
1525
from a Windows client. However, be sure to give the appropriate AD users or
1526
groups access to the share directory. See <xref linkend="samba-fileprint-security"/> for
1532
<sect2 id="ad-integration-windows-share">
1533
<title>Accessing a Windows Share</title>
1536
Now that the Samba server is part of the Active Directory domain, any Windows
1537
server shares can be accessed:
1544
To mount a Windows file share, enter the following in a terminal prompt:
1547
<command>mount.cifs //fs01.example.com/share mount_point</command>
1551
It is also possible to access shares on computers not part of an AD domain, but
1552
a username and password must be provided.
1559
To mount the share during boot, place an entry in
1560
<filename>/etc/fstab</filename>, for example:
1564
//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0
1571
Another way to copy files from a Windows server is to use the
1572
<application>smbclient</application> utility. To list the files in a Windows
1577
<command>smbclient //fs01.example.com/share -k -c "ls"</command>
1584
To copy a file from the share, enter:
1588
<command>smbclient //fs01.example.com/share -k -c "get file.txt"</command>
1592
This will copy the <filename>file.txt</filename> into the current directory.
1599
And to copy a file to the share:
1603
<command>smbclient //fs01.example.com/share -k -c "put /etc/hosts hosts"</command>
1607
This will copy the <filename>/etc/hosts</filename> to <filename>//fs01.example.com/share/hosts</filename>.
1614
The <emphasis>-c</emphasis> option used above allows execution of the
1615
<application>smbclient</application> command all at once. This is useful for
1616
scripting and minor file operations. To enter the <emphasis>smb:
1617
\></emphasis> prompt, an FTP-like prompt where normal file and directory
1618
commands can be executed, simply run the following in Konsole:
1622
<command>smbclient //fs01.example.com/share -k</command>
1630
Replace all instances of <emphasis>fs01.example.com/share</emphasis>, <emphasis>//192.168.0.5/share</emphasis>,
1631
<emphasis>username=steve,password=secret</emphasis>, and
1632
<emphasis>file.txt</emphasis> with the proper server IP, hostname,
1633
share name, file name, and an actual username and password with rights to the
1639
<sect2 id="ad-integration-resources">
1640
<title>Resources</title>
1643
For more <application>smbclient</application> options see the man page:
1644
<command>man smbclient</command>, also available
1645
<ulink url="http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html">online</ulink>.
1649
The <application>mount.cifs</application>
1650
<ulink url="http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html">man
1651
page</ulink> is also useful for more detailed information.
1657
<sect1 id="likewise-open">
1658
<title>Likewise Open</title>
1661
<application>Likewise Open</application> simplifies the necessary configuration
1662
needed to authenticate a Linux machine to an Active Directory domain. Based on
1663
<application>winbind</application>, the <application>likewise-open</application>
1664
package takes the pain out of integrating <phrase>Kubuntu</phrase> authentication into an
1665
existing Windows network.
1668
<sect2 id="likewise-open-install">
1669
<title>Installation</title>
1672
There are two ways to use Likewise Open,
1673
<application>likewise-open</application> the command line utility and
1674
<application>likewise-open-gui</application>. This section focuses on the
1675
command line utility.
1679
To install the <application>likewise-open</application> package, open a terminal prompt and enter:
1683
<command>sudo apt-get install likewise-open</command>
1687
Starting with <phrase>Kubuntu</phrase> 9.04, <application>Likewise Open 5.0</application> is
1688
available in the <emphasis>Universe</emphasis> repository. However, since
1689
upgrading from <application>Likewise Open 4.1</application> currently requires
1690
the system to leave the domain and re-join, a separate package for version five
1695
To install <application>Likewise Open 5.0</application> enter:
1699
<command>sudo apt-get install likewise-open5</command>
1704
Installing likewise-open5 over an existing likewise-open (4.1) installation will
1705
replace it. The domain will have to be rejoined after install.
1710
<sect2 id="likewise-open-configuration">
1711
<title>Joining a Domain</title>
1714
The main executable file of the <application>likewise-open</application> package
1715
is <filename>/usr/bin/domainjoin-cli</filename>, which is used to join a
1716
computer to the domain. Before joining a domain, the following are needed:
1722
Access to an Active Directory user with appropriate rights to join the domain.
1727
The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain
1728
being joined. If the AD domain does not match a valid domain such as <emphasis role="italic">example.com</emphasis>, it is likely that it is in the form of
1729
<emphasis>domainname.local</emphasis>.
1734
DNS for the domain set up properly. In a production AD environment, this
1735
is typically the case. Proper Microsoft DNS is needed so that client
1736
workstations can determine that the Active Directory domain is available.
1739
If there is not a Windows DNS server on the network, see <xref linkend="likewise-open-ms-dns"/> for details.
1746
To join a domain, from a terminal prompt enter:
1750
<command>sudo domainjoin-cli join example.com Administrator</command>
1755
Replace <emphasis>example.com</emphasis> with the proper domain name, and
1756
<emphasis>Administrator</emphasis> with the appropriate user name.
1761
There will be a prompt for the user's password. If all goes well, a
1762
<emphasis>SUCCESS</emphasis> message should be printed to the console.
1767
After joining the domain, it is necessary to reboot before
1768
attempting to authenticate against the domain.
1773
After successfully joining an <phrase>Kubuntu</phrase> machine to an Active Directory domain,
1774
any valid AD user can be used to authenticate. To login, the user name must be
1775
entered as 'domain\username'. For example to ssh to a server joined to the
1780
<command>ssh 'example\steve'@hostname</command>
1785
If configuring a Desktop, the user name will need to be prefixed with <emphasis role="italic">domain\</emphasis> in the graphical logon as well.
1790
To make likewise-open use a default domain, the following statement can be added
1791
to <filename>/etc/samba/lwiauthd.conf</filename>:
1795
winbind use default domain = yes
1799
Then restart the <application>likewise-open</application> daemons:
1803
<command>sudo /etc/init.d/likewise-open restart</command>
1808
Once configured for a <emphasis>default domain</emphasis>, the <emphasis role="italic">'domain\'</emphasis> is no longer required. Users can login using
1809
only their username.
1814
The <application>domainjoin-cli</application> utility can also be used to leave
1815
the domain. From a terminal:
1819
<command>sudo domainjoin-cli leave</command>
1823
<sect2 id="likewise-open-utilities">
1824
<title>Other Utilities</title>
1827
The <application>likewise-open</application> package comes with a few other
1828
utilities that may be useful for gathering information about the Active
1829
Directory environment. These utilities are used to join the machine to the
1830
domain, and are the same as those available in the
1831
<application>samba-common</application> and <application>winbind</application>
1838
<application>lwinet</application>: Returns information about the network and the domain.
1843
<application>lwimsg</application>: Allows interaction with the <application>likewise-winbindd</application> daemon.
1848
<application>lwiinfo</application>: Displays information about various parts of
1855
Please refer to each utility's man page specific for details.
1859
<sect2 id="likewise-open-troubleshooting">
1860
<title>Troubleshooting</title>
1865
If the client has trouble joining the domain, check that the Microsoft DNS is
1866
listed first in <filename>/etc/resolv.conf</filename>.
1871
nameserver 192.168.0.1
1876
For more information when joining a domain, use the <emphasis>--loglevel verbose</emphasis> or <emphasis>--advanced</emphasis> option of the
1877
<application>domainjoin-cli</application> utility:
1881
<command>sudo domainjoin-cli --loglevel verbose join example.com Administrator</command>
1886
If an Active Directory user has trouble logging in, check the <filename>/var/log/auth.log</filename> for details.
1891
When joining an <phrase>Kubuntu</phrase> Desktop workstation to a domain, it may be necessary
1892
to edit <filename>/etc/nsswitch.conf</filename> if the AD domain uses the
1893
<emphasis role="italic">.local</emphasis> syntax. In order to join the domain,
1894
the <emphasis>"mdns4"</emphasis> entry should be removed from the
1895
<emphasis>hosts</emphasis> option. For example:
1899
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
1903
Change the above to:
1907
hosts: files dns [NOTFOUND=return]
1911
Then restart networking by entering:
1915
<command>sudo /etc/init.d/networking restart</command>
1919
It should now be possible to join the Active Directory domain.
1925
<sect2 id="likewise-open-ms-dns">
1926
<title>Microsoft DNS</title>
1929
The following are instructions for installing DNS on an Active Directory domain
1930
controller running Windows Server 2003, but the instructions should be similar
1934
<!-- Translators: please check http://www.microsoft.com/language/en/us/search.mspx to see how this string is translated in Windows to your language -->
1941
<guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools</guimenuitem><guimenuitem>Manage Your Server</guimenuitem>
1943
This will open the <application>Server Role Management</application> utility.
1946
<listitem><para>Click <guilabel>Add or remove a role</guilabel></para></listitem>
1947
<listitem><para>Click Next</para></listitem>
1948
<listitem><para>Select "DNS Server"</para></listitem>
1949
<listitem><para>Click Next</para></listitem>
1950
<listitem><para>Click Next again to proceed </para></listitem>
1951
<listitem><para>Select "Create a forward lookup zone" if it is not selected.</para></listitem>
1952
<listitem><para>Click Next</para></listitem>
1953
<listitem><para>Make sure "This server maintains the zone" is selected and click Next.</para></listitem>
1954
<listitem><para>Enter the domain name and click Next</para></listitem>
1955
<listitem><para>Click Next to "Allow only secure dynamic updates"</para></listitem>
1958
Enter the IP for DNS servers to forward queries to, or Select "No, it should not forward queries" and click Next.
1961
<listitem><para>Click Finish</para></listitem>
1962
<listitem><para>Click Finish</para></listitem>
1965
DNS is now installed and can be further configured using the <application>Microsoft Management Console</application> DNS snap-in.
1969
<para>Ensuite, configurez le serveur pour qu'il traite lui-même les requêtes DNS : <orderedlist>
1970
<listitem><para>Click Start</para></listitem>
1971
<listitem><para>Control Panel</para></listitem>
1972
<listitem><para>Connexions réseau</para></listitem>
1973
<listitem><para>Right Click "Local Area Connection"</para></listitem>
1974
<listitem><para>Click Properties</para></listitem>
1975
<listitem><para>Double click "Internet Protocol (TCP/IP)"</para></listitem>
1976
<listitem><para>Enter the Server's IP Address as the "Preferred DNS server"</para></listitem>
1977
<listitem><para>Cliquez sur Ok</para></listitem>
1978
<listitem><para>Cliquez à nouveau sur Ok pour sauvegarder les réglages.</para></listitem>
1979
</orderedlist></para>
1983
<sect2 id="likewise-open-references">
1984
<title>References</title>
1986
<para>Veuillez consulter la page d'accueil de <ulink url="http://www.likewisesoftware.com/">Likewise</ulink> (en anglais) pour plus d'informations.</para>
1989
For more <application>domainjoin-cli</application> options see the man page: <command>man domainjoin-cli</command>.
1998
sgml-minimize-attributes:nil
1999
sgml-general-insert-case:lower
2001
sgml-indent-data:nil
2004
vim: tabstop=2:shiftwidth=2:expandtab:indentexpr=:tw=80:
2005
kate: space-indent on; indent-width 2; tab-width 2; indent-mode none;