1
# French translation for kubuntu-docs
2
# Copyright (c) 2010 Rosetta Contributors and Canonical Ltd 2010
3
# This file is distributed under the same license as the kubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2010.
8
"Project-Id-Version: kubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2011-09-15 02:35-0700\n"
11
"PO-Revision-Date: 2010-03-29 19:45+0000\n"
12
"Last-Translator: Pierre Slamich <pierre.slamich@gmail.com>\n"
13
"Language-Team: French <fr@li.org>\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2011-10-05 10:22+0000\n"
18
"X-Generator: Launchpad (build 14085)\n"
20
#: ../docs/sharing/C/sharing.xml:12(title)
21
msgid "File Sharing in <phrase>Kubuntu</phrase>"
22
msgstr "Partage de fichiers dans <phrase>Kubuntu</phrase>"
24
#: ../docs/sharing/C/sharing.xml:3(title)
25
msgid "Credits and License"
26
msgstr "Remerciements et licence"
28
#: ../docs/sharing/C/sharing.xml:4(para)
30
"This document is maintained by the Ubuntu documentation team "
31
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
32
"the <ulink url=\"help:/kubuntu/contributors.html\">contributors page</ulink>"
34
"Ce document est maintenu par l'équipe de documentation d'Ubuntu "
35
"(https://wiki.ubuntu.com/DocumentationTeam) (en anglais). Pour obtenir la "
36
"liste des personnes ayant contribué, allez voir <ulink "
37
"url=\"help:/kubuntu/contributors.html\">la page des contributeurs (en "
40
#: ../docs/sharing/C/sharing.xml:5(para)
42
"This document is made available under the Creative Commons ShareAlike 2.5 "
45
"Ce document est diffusé sous licence Creative Commons Paternité - Partage à "
46
"l'identique (CC-BY-SA 2.5)."
48
#: ../docs/sharing/C/sharing.xml:6(para)
50
"You are free to modify, extend, and improve the Ubuntu documentation source "
51
"code under the terms of this license. All derivative works must be released "
54
"Vous êtes libre de modifier, de compléter ou d'améliorer le code source de "
55
"la documentation Ubuntu selon les termes de cette licence. Tous les travaux "
56
"dérivés doivent être soumis à cette même licence."
58
#: ../docs/sharing/C/sharing.xml:8(para)
60
"This documentation is distributed in the hope that it will be useful, but "
61
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
62
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
64
"Cette documentation est distribuée dans l'espoir qu'elle sera utile, mais "
65
"SANS AUCUNE GARANTIE de quelque nature que ce soit ; expresse ou implicite, "
66
"y compris, mais sans y être limité, les garanties D'APTITUDE À LA VENTE ou À "
67
"UN BUT PARTICULIER COMME EXPOSÉ DANS L'AVERTISSEMENT. (N.B. : en cas de "
68
"litige, seule la version anglaise fait foi)"
70
#: ../docs/sharing/C/sharing.xml:11(para)
72
"A copy of the license is available here: <ulink "
73
"url=\"help:/kubuntu/copyright.html\">Creative Commons ShareAlike "
76
"Une copie de la licence est disponible ici : <ulink "
77
"url=\"help:/kubuntu/copyright.html\">Licence Creative Commons "
80
#: ../docs/sharing/C/sharing.xml:14(year)
84
#: ../docs/sharing/C/sharing.xml:15(ulink)
85
msgid "Ubuntu Documentation Project"
86
msgstr "projet de documentation d'Ubuntu"
88
#: ../docs/sharing/C/sharing.xml:15(holder)
89
msgid "Canonical Ltd. and members of the <placeholder-1/>"
90
msgstr "Canonical Ltd. et les membres du <placeholder-1/>"
92
#: ../docs/sharing/C/sharing.xml:18(publishername)
93
msgid "The Ubuntu Documentation Project"
94
msgstr "Le projet de documentation Ubuntu"
96
#: ../docs/sharing/C/sharing.xml:15(para)
98
"This document explains how to share files between <phrase>Kubuntu</phrase> "
101
"Ce document explique comment partager des fichiers entre "
102
"<phrase>Kubuntu</phrase> et Windows."
104
#: ../docs/sharing/C/sharing.xml:22(title)
106
msgstr "Introduction"
108
#: ../docs/sharing/C/sharing.xml:24(para)
110
"Computer networks are often comprised of diverse systems. While operating a "
111
"network made up entirely of <phrase>Kubuntu</phrase> desktop and server "
112
"computers would certainly be fun, some network environments will consist of "
113
"<phrase>Kubuntu</phrase> and <trademark "
114
"class=\"registered\">Microsoft</trademark><trademark "
115
"class=\"registered\">Windows</trademark> systems working together. This "
116
"section of the <phrase>Kubuntu</phrase> Server Guide introduces principles "
117
"and tools used for configuring <phrase>Kubuntu</phrase> servers to share "
118
"network resources with Windows computers."
121
#: ../docs/sharing/C/sharing.xml:34(para)
123
"Successfully networking a <phrase>Kubuntu</phrase> system with Windows "
124
"clients involves providing and integrating services common to Windows "
125
"environments. These services support sharing data and information about the "
126
"computers and users on the network, and may be classified into three major "
130
#: ../docs/sharing/C/sharing.xml:43(para)
132
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. The "
133
"Server Message Block (<acronym>SMB</acronym>) protocol is used to facilitate "
134
"sharing files, folders, volumes, and printers throughout the network."
137
#: ../docs/sharing/C/sharing.xml:50(para)
139
"<emphasis role=\"bold\">Directory Services</emphasis>. Vital information is "
140
"shared about the computers and users of the network with such technologies "
141
"as the Lightweight Directory Access Protocol (<acronym>LDAP</acronym>) and "
142
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
145
#: ../docs/sharing/C/sharing.xml:58(para)
147
"<emphasis role=\"bold\">Authentication and Access</emphasis>. It is "
148
"necessary to be able to establish the identity of a computer or user to "
149
"determine the information the computer or user is authorized to access. "
150
"Authentication and access use principles and technologies such as file "
151
"permissions, group policies, and the Kerberos authentication service."
154
#: ../docs/sharing/C/sharing.xml:68(para)
156
"A <phrase>Kubuntu</phrase> system can provide all such capabilities for "
157
"Windows clients and enable sharing network resources with them. One of the "
158
"principal pieces of software included in a <phrase>Kubuntu</phrase> system "
159
"for Windows networking is the Samba suite of <acronym>SMB</acronym> server "
160
"applications and tools."
163
#: ../docs/sharing/C/sharing.xml:75(para)
165
"This section of the <phrase>Kubuntu</phrase> Server Guide will introduce "
166
"some of the ways Samba is commonly used, and how to install and configure "
167
"the necessary packages. Additional detailed documentation and information on "
168
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
172
#: ../docs/sharing/C/sharing.xml:84(title)
173
msgid "Samba File Server"
174
msgstr "Serveur de fichiers Samba"
176
#: ../docs/sharing/C/sharing.xml:86(para)
178
"One of the most common ways to network <phrase>Kubuntu</phrase> and Windows "
179
"computers is to configure Samba as a File Server. This section covers "
180
"setting up a <application>Samba</application> server to share files with "
184
#: ../docs/sharing/C/sharing.xml:92(para)
186
"The server will be configured to share files with any client on the network "
187
"without prompting for a password. If the environment requires stricter "
188
"Access Controls, see <xref linkend=\"samba-fileprint-security\"/>"
191
#: ../docs/sharing/C/sharing.xml:99(title) ../docs/sharing/C/sharing.xml:1299(title)
193
msgstr "Installation"
195
#: ../docs/sharing/C/sharing.xml:101(para)
197
"The first step is to install the <application>samba</application> package. "
198
"From a terminal prompt enter:"
200
"La première étape consiste à installer le paquet "
201
"<application>samba</application>. Dans un terminal saisissez :"
203
#: ../docs/sharing/C/sharing.xml:106(command)
204
msgid "sudo apt-get install samba"
205
msgstr "sudo apt-get install samba"
207
#: ../docs/sharing/C/sharing.xml:109(para)
209
"That's all there is to it. Samba is ready to be configured for file sharing."
211
"C'est tout ce que vous devez faire pour le moment. Samba est prêt à être "
212
"configuré pour le partage de fichiers."
214
#: ../docs/sharing/C/sharing.xml:115(title)
215
msgid "Configuration"
216
msgstr "Configuration"
218
#: ../docs/sharing/C/sharing.xml:117(para)
220
"The main Samba configuration file is located in "
221
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
222
"a significant number of comments in order to document various configuration "
226
#: ../docs/sharing/C/sharing.xml:124(para)
228
"Not all the available options are included in the default configuration "
229
"file. See the <filename>smb.conf</filename><application>man</application> "
230
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
231
"Collection/\">Samba HOWTO Collection</ulink> for more details."
233
"Le fichier de configuration ne contient pas toutes les options disponibles. "
234
"Consultez la page <application>man</application> de "
235
"<filename>smb.conf</filename> ou <ulink "
236
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\"> Samba HOWTO "
237
"Collection (en)</ ulink> pour plus de détails."
239
#: ../docs/sharing/C/sharing.xml:134(para)
241
"Edit the following key/value pairs in the <emphasis>[global]</emphasis> "
242
"section of <filename>/etc/samba/smb.conf</filename>:"
245
#: ../docs/sharing/C/sharing.xml:139(programlisting) ../docs/sharing/C/sharing.xml:737(programlisting) ../docs/sharing/C/sharing.xml:969(programlisting)
249
"workgroup = EXAMPLE\n"
254
#: ../docs/sharing/C/sharing.xml:145(para)
256
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
257
"section, and is commented out by default. Change "
258
"<emphasis>EXAMPLE</emphasis> to match the actual environment."
261
#: ../docs/sharing/C/sharing.xml:154(para)
263
"Create a new section at the bottom of the file, or uncomment one of the "
264
"examples for the directory to be shared:"
267
#: ../docs/sharing/C/sharing.xml:159(programlisting)
272
"comment = Ubuntu File Server Share\n"
273
"path = /srv/samba/share\n"
277
"create mask = 0755\n"
280
#: ../docs/sharing/C/sharing.xml:171(para)
282
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
283
"fit as appropriate."
286
#: ../docs/sharing/C/sharing.xml:177(para)
287
msgid "<emphasis>path:</emphasis> the path to the directory to share."
290
#: ../docs/sharing/C/sharing.xml:180(para)
292
"This example uses <filename>/srv/samba/sharename</filename> because, "
293
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
294
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-2.3. "
295
"html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
296
"specific data should be served. Technically Samba shares can be placed "
297
"anywhere on the filesystem as long as the permissions are correct, but "
298
"adhering to standards is recommended."
301
#: ../docs/sharing/C/sharing.xml:191(para)
303
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
304
"directory using <application>Windows Explorer</application>."
307
#: ../docs/sharing/C/sharing.xml:197(para)
309
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
310
"without supplying a password."
313
#: ../docs/sharing/C/sharing.xml:203(para)
315
"<emphasis>read only:</emphasis> determines if the share is read only or if "
316
"write privileges are granted. Write privileges are allowed only when the "
317
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
318
"is <emphasis>yes</emphasis>, then access to the share is read only."
321
#: ../docs/sharing/C/sharing.xml:208(para)
323
"<emphasis>create mask:</emphasis> determines the permissions new files will "
327
#: ../docs/sharing/C/sharing.xml:218(para)
329
"Now that <application>Samba</application> is configured, the directory needs "
330
"to be created and the permissions changed. From a terminal enter:"
333
#: ../docs/sharing/C/sharing.xml:224(command)
334
msgid "sudo mkdir -p /srv/samba/share"
337
#: ../docs/sharing/C/sharing.xml:225(command)
338
msgid "sudo chown nobody.nogroup /srv/samba/share/"
341
#: ../docs/sharing/C/sharing.xml:229(para)
343
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
344
"directory tree if it doesn't exist. Change the share name to fit the "
348
#: ../docs/sharing/C/sharing.xml:238(para)
350
"Finally, restart the <application>samba</application> services to enable the "
354
#: ../docs/sharing/C/sharing.xml:243(command) ../docs/sharing/C/sharing.xml:398(command) ../docs/sharing/C/sharing.xml:515(command) ../docs/sharing/C/sharing.xml:910(command) ../docs/sharing/C/sharing.xml:1027(command) ../docs/sharing/C/sharing.xml:1148(command)
355
msgid "sudo /etc/init.d/samba restart"
358
#: ../docs/sharing/C/sharing.xml:250(para)
360
"The above configuration gives all access to any client on the local network. "
361
"For a more secure configuration, see <xref linkend=\"samba-fileprint-"
365
#: ../docs/sharing/C/sharing.xml:256(para)
367
"From a Windows client, it should now be possible to browse to the "
368
"<phrase>Kubuntu</phrase> file server and see the shared directory. To check "
369
"that everything is working, try creating a directory from Windows."
372
#: ../docs/sharing/C/sharing.xml:262(para)
374
"To create additional shares, simply create new <emphasis>[dir]</emphasis> "
375
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
376
"<emphasis>Samba</emphasis>. Make sure that the directory to be shared "
377
"actually exists and that the permissions are correct."
380
#: ../docs/sharing/C/sharing.xml:270(title) ../docs/sharing/C/sharing.xml:657(title) ../docs/sharing/C/sharing.xml:1049(title) ../docs/sharing/C/sharing.xml:1269(title)
384
#: ../docs/sharing/C/sharing.xml:274(para) ../docs/sharing/C/sharing.xml:1053(para)
386
"For in depth Samba configurations see the <ulink "
387
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
391
#: ../docs/sharing/C/sharing.xml:280(para) ../docs/sharing/C/sharing.xml:667(para) ../docs/sharing/C/sharing.xml:1059(para)
393
"The guide is also available in <ulink "
394
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
398
#: ../docs/sharing/C/sharing.xml:286(para)
401
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
402
"another good reference."
405
#: ../docs/sharing/C/sharing.xml:297(title)
406
msgid "Securing a Samba File and Print Server"
409
#: ../docs/sharing/C/sharing.xml:300(title)
410
msgid "Samba Security Modes"
413
#: ../docs/sharing/C/sharing.xml:302(para)
415
"There are two security levels available to the Common Internet Filesystem "
416
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
417
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
418
"allows more flexibility, providing four ways of implementing user-level "
419
"security and one way to implement share-level:"
422
#: ../docs/sharing/C/sharing.xml:312(para)
424
"<emphasis>security = user:</emphasis> requires clients to supply a username "
425
"and password to connect to shares. Samba user accounts are separate from "
426
"system accounts, but the <application>libpam-smbpass</application> package "
427
"will sync system users and passwords with the Samba user database."
430
#: ../docs/sharing/C/sharing.xml:320(para)
432
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
433
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
434
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
435
"linkend=\"samba-dc\"/> for further information."
438
#: ../docs/sharing/C/sharing.xml:328(para)
440
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
441
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
442
"integration\"/> for details."
445
#: ../docs/sharing/C/sharing.xml:335(para)
447
"<emphasis>security = server:</emphasis> this mode is left over from before "
448
"Samba could become a member server, and, due to some security issues, should "
449
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
450
"HOWTO-Collection/ServerType. html#id349531\">Server Security</ulink> section "
451
"of the Samba guide for more details."
454
#: ../docs/sharing/C/sharing.xml:345(para)
456
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
457
"without supplying a username and password."
460
#: ../docs/sharing/C/sharing.xml:352(para)
462
"The preferred security mode depends on the environment and what the Samba "
463
"server needs to accomplish."
466
#: ../docs/sharing/C/sharing.xml:359(title)
467
msgid "Security = User"
470
#: ../docs/sharing/C/sharing.xml:361(para)
472
"This section will reconfigure the Samba file and print server, from <xref "
473
"linkend=\"samba-fileserver\"/> and the <ulink type=\"help\" "
474
"url=\"help:/kubuntu/printing/\"> Print Server</ulink>, to require "
478
#: ../docs/sharing/C/sharing.xml:368(para)
480
"First, install the <application>libpam-smbpass</application> package which "
481
"will sync the system users to the Samba user database:"
484
#: ../docs/sharing/C/sharing.xml:374(command)
485
msgid "sudo apt-get install libpam-smbpass"
488
#: ../docs/sharing/C/sharing.xml:378(para)
490
"If the <emphasis>Samba Server</emphasis> task was chosen during "
491
"installation, <application>libpam-smbpass</application> is already installed."
494
#: ../docs/sharing/C/sharing.xml:384(para)
496
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
497
"<emphasis>[share]</emphasis> section change:"
500
#: ../docs/sharing/C/sharing.xml:389(programlisting)
507
#: ../docs/sharing/C/sharing.xml:393(para)
508
msgid "Finally, restart Samba for the new settings to take effect:"
511
#: ../docs/sharing/C/sharing.xml:401(para)
513
"Now when connecting to the shared directories or printers, there will be a "
514
"prompt for a username and password."
517
#: ../docs/sharing/C/sharing.xml:407(para)
519
"To map a network drive to the share, <quote>Reconnect at Logon</quote> "
520
"should be checked, which will require the username and password to be "
521
"entered just once, at least until the password changes."
524
#: ../docs/sharing/C/sharing.xml:416(title)
525
msgid "Share Security"
528
#: ../docs/sharing/C/sharing.xml:418(para)
530
"There are several options available to increase the security for each "
531
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
532
"this section will cover some common options."
535
#: ../docs/sharing/C/sharing.xml:425(title)
539
#: ../docs/sharing/C/sharing.xml:427(para)
541
"Groups define a collection of computers or users which have a common level "
542
"of access to particular network resources and offer a level of granularity "
543
"in controlling access to such resources. For example, if a group <emphasis "
544
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
545
"role=\"italic\">freda</emphasis>, <emphasis "
546
"role=\"italic\">danika</emphasis>, and <emphasis "
547
"role=\"italic\">rob</emphasis> and a second group <emphasis "
548
"role=\"italic\">support</emphasis> is defined and consists of users "
549
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
550
"role=\"italic\">jeremy</emphasis>, and <emphasis "
551
"role=\"italic\">vincent</emphasis>, then certain network resources "
552
"configured to allow access by the <emphasis role=\"italic\">qa</emphasis> "
553
"group will subsequently enable access by freda, danika, and rob, but not "
554
"jeremy or vincent. Since the user <emphasis "
555
"role=\"italic\">danika</emphasis> belongs to both the <emphasis "
556
"role=\"italic\">qa</emphasis> and <emphasis "
557
"role=\"italic\">support</emphasis> groups, she will be able to access "
558
"resources configured for access by both groups, whereas all other users will "
559
"have only access to resources explicitly allowing the group they are part of."
562
#: ../docs/sharing/C/sharing.xml:448(para)
564
"By default Samba looks for the local system groups defined in "
565
"<filename>/etc/group</filename> to determine which users belong to which "
566
"groups. For more information on adding and removing users from groups see "
567
"<ulink type=\"help\" url=\"help:/kubuntu/basics/\"> Basics</ulink>."
570
#: ../docs/sharing/C/sharing.xml:455(para)
572
"When defining groups in the Samba configuration file, "
573
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
574
"preface the group name with an \"@\" symbol. For example, to define a group "
575
"named <emphasis role=\"italic\">sysadmin</emphasis> in a certain section of "
576
"the <filename>/etc/samba/smb.conf</filename>, the group name would be "
577
"entered as <emphasis role=\"bold\">@sysadmin</emphasis>."
580
#: ../docs/sharing/C/sharing.xml:466(title)
581
msgid "File Permissions"
584
#: ../docs/sharing/C/sharing.xml:468(para)
586
"File Permissions define the explicit rights a computer or user has to a "
587
"particular directory, file, or set of files. Such permissions may be defined "
588
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
589
"the explicit permissions of a defined file share."
592
#: ../docs/sharing/C/sharing.xml:475(para)
594
"For example, for a defined Samba share called <emphasis>share</emphasis> and "
595
"the need to give <emphasis role=\"italic\">read-only</emphasis> permissions "
596
"to the group of users known as <emphasis role=\"italic\">qa</emphasis>, "
597
"while allowing write permissions to the share by the group called <emphasis "
598
"role=\"italic\">sysadmin</emphasis> and the user named <emphasis "
599
"role=\"italic\">vincent</emphasis>, then the "
600
"<filename>/etc/samba/smb.conf</filename> file could be edited to add the "
601
"following entries under the <emphasis>[share]</emphasis> entry:"
604
#: ../docs/sharing/C/sharing.xml:486(programlisting)
609
"write list = @sysadmin, vincent\n"
612
#: ../docs/sharing/C/sharing.xml:491(para)
614
"Another possible Samba permission is to declare "
615
"<emphasis>administrative</emphasis> permissions to a particular shared "
616
"resource. Users having administrative permissions may read, write, or modify "
617
"any information contained in the resource where the user has been given "
618
"explicit administrative permissions."
621
#: ../docs/sharing/C/sharing.xml:499(para)
623
"For example, to give the user <emphasis role=\"italic\">melissa</emphasis> "
624
"administrative permissions to the <emphasis role=\"italic\">share</emphasis> "
625
"example, the <filename>/etc/samba/smb.conf</filename> file would be edited "
626
"to add the following line under the <emphasis>[share]</emphasis> entry:"
629
#: ../docs/sharing/C/sharing.xml:506(programlisting)
633
"admin users = melissa\n"
636
#: ../docs/sharing/C/sharing.xml:510(para)
638
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
639
"the changes to take effect:"
642
#: ../docs/sharing/C/sharing.xml:519(para)
644
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
645
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
646
"<emphasis role=\"italic\">security = share</emphasis>"
649
#: ../docs/sharing/C/sharing.xml:526(para)
651
"Now that Samba has been configured to limit which groups have access to the "
652
"shared directory, the filesystem permissions need to be updated."
655
#: ../docs/sharing/C/sharing.xml:531(para)
657
"Traditional Linux file permissions do not map well to Windows NT Access "
658
"Control Lists (ACLs). Fortunately POSIX ACLs are available on "
659
"<phrase>Kubuntu</phrase> servers providing more fine grained control. For "
660
"example, to enable ACLs on <filename>/srv</filename> an EXT3 filesystem, "
661
"edit <filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> "
665
#: ../docs/sharing/C/sharing.xml:539(programlisting)
669
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
674
#: ../docs/sharing/C/sharing.xml:544(para)
675
msgid "Then remount the partition:"
678
#: ../docs/sharing/C/sharing.xml:549(command)
679
msgid "sudo mount -v -o remount /srv"
682
#: ../docs/sharing/C/sharing.xml:553(para)
684
"The above example assumes <filename>/srv</filename> on a separate partition. "
685
"If <filename>/srv</filename>, or wherever the share path is configured, is "
686
"part of the <filename>/</filename> partition, a reboot may be required."
689
#: ../docs/sharing/C/sharing.xml:560(para)
691
"To match the Samba configuration above, the <emphasis>sysadmin</emphasis> "
692
"group will be given read, write, and execute permissions to "
693
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
694
"will be given read and execute permissions, and the files will be owned by "
695
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
698
#: ../docs/sharing/C/sharing.xml:569(command)
699
msgid "sudo chown -R melissa /srv/samba/share/"
702
#: ../docs/sharing/C/sharing.xml:570(command)
703
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
706
#: ../docs/sharing/C/sharing.xml:571(command)
707
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
710
#: ../docs/sharing/C/sharing.xml:575(para)
712
"The <application>setfacl</application> command above gives "
713
"<emphasis>execute</emphasis> permissions to all files in the "
714
"<filename>/srv/samba/share</filename> directory, which may or may not be "
718
#: ../docs/sharing/C/sharing.xml:583(para)
720
"A Windows client will show that the new file permissions are implemented. "
721
"See the <application>acl</application> and "
722
"<application>setfacl</application> man pages for more information on POSIX "
726
#: ../docs/sharing/C/sharing.xml:592(title)
727
msgid "Samba AppArmor Profile"
730
#: ../docs/sharing/C/sharing.xml:594(para)
732
"<phrase>Kubuntu</phrase> comes with the <application>AppArmor</application> "
733
"security module, which provides mandatory access controls. The default "
734
"AppArmor profile for Samba will need to be adapted to the proper "
735
"configuration. For more details on using AppArmor, please refer to the<ulink "
736
"url=\"https://help.ubuntu.com/community/AppArmor\"> wiki</ulink>"
739
#: ../docs/sharing/C/sharing.xml:602(para)
741
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
742
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
743
"of the <application>apparmor-profiles</application> packages. To install the "
744
"package, from a terminal prompt, enter:"
747
#: ../docs/sharing/C/sharing.xml:610(command)
748
msgid "sudo apt-get install apparmor-profiles"
751
#: ../docs/sharing/C/sharing.xml:614(para)
752
msgid "This package contains profiles for several other binaries."
755
#: ../docs/sharing/C/sharing.xml:619(para)
757
"By default the profiles for <application>smbd</application> and "
758
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode, "
759
"allowing Samba to work without modifying the profile, and only logging "
760
"errors. To place the <application>smbd</application> profile into "
761
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
762
"profile will need to be modified to reflect any directories that are shared."
765
#: ../docs/sharing/C/sharing.xml:628(para)
767
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename>, adding information "
768
"for <emphasis>[share]</emphasis> from the file server example:"
771
#: ../docs/sharing/C/sharing.xml:633(programlisting)
775
"/srv/samba/share/ r,\n"
776
"/srv/samba/share/** rwkix,\n"
779
#: ../docs/sharing/C/sharing.xml:638(para)
781
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
784
#: ../docs/sharing/C/sharing.xml:643(command)
785
msgid "sudo aa-enforce /usr/sbin/smbd"
788
#: ../docs/sharing/C/sharing.xml:644(command)
789
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
792
#: ../docs/sharing/C/sharing.xml:647(para)
794
"It is now possible to read, write, and execute files in the shared directory "
795
"as normal, and the <application>smbd</application> binary will have access "
796
"to only the configured files and directories. Be sure to add entries for "
797
"each directory that Samba is configured to share. Any errors will be logged "
798
"to <filename>/var/log/syslog</filename>."
801
#: ../docs/sharing/C/sharing.xml:661(para)
803
"For in depth Samba configurations, see the <ulink "
804
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
808
#: ../docs/sharing/C/sharing.xml:673(para) ../docs/sharing/C/sharing.xml:1065(para)
811
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
812
"also a good reference."
815
#: ../docs/sharing/C/sharing.xml:679(para)
817
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
818
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
822
#: ../docs/sharing/C/sharing.xml:686(para)
824
"For more information on Samba and ACLs, see the <ulink "
825
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
826
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
829
#: ../docs/sharing/C/sharing.xml:697(title)
830
msgid "Samba as a Domain Controller"
833
#: ../docs/sharing/C/sharing.xml:699(para)
835
"Although it cannot act as an Active Directory Primary Domain Controller "
836
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
837
"domain controller. A major advantage of this configuration is the ability to "
838
"centralize user and machine credentials. Samba can also use multiple "
839
"backends to store the user information."
842
#: ../docs/sharing/C/sharing.xml:708(title)
843
msgid "Primary Domain Controller"
846
#: ../docs/sharing/C/sharing.xml:710(para)
848
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
849
"using the default smbpasswd backend."
852
#: ../docs/sharing/C/sharing.xml:718(para)
854
"Install Samba and <application>libpam-smbpass</application> to sync the user "
855
"accounts, by entering the following in a terminal prompt:"
858
#: ../docs/sharing/C/sharing.xml:724(command) ../docs/sharing/C/sharing.xml:958(command)
859
msgid "sudo apt-get install samba libpam-smbpass"
862
#: ../docs/sharing/C/sharing.xml:730(para)
864
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
865
"The <emphasis>security</emphasis> mode should be set to <emphasis "
866
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
867
"should relate to the organization properly:"
870
#: ../docs/sharing/C/sharing.xml:746(para)
872
"In the commented <quote>Domains</quote> section, add or uncomment the "
876
#: ../docs/sharing/C/sharing.xml:750(programlisting)
880
"domain logons = yes\n"
881
"logon path = \\\\%N\\%U\\profile\n"
883
"logon home = \\\\%N\\%U\n"
884
"logon script = logon.cmd\n"
885
"add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
886
"/var/lib/samba -s /bin/false %u\n"
889
#: ../docs/sharing/C/sharing.xml:761(para)
891
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
892
"Samba to act as a domain controller."
895
#: ../docs/sharing/C/sharing.xml:767(para)
897
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
898
"their home directory. It is also possible to configure a "
899
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
903
#: ../docs/sharing/C/sharing.xml:775(para)
905
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
908
#: ../docs/sharing/C/sharing.xml:780(para)
910
"<emphasis>logon home:</emphasis> specifies the home directory location."
913
#: ../docs/sharing/C/sharing.xml:785(para)
915
"<emphasis>logon script:</emphasis> determines the script to be run locally "
916
"once a user has logged in. The script needs to be placed in the "
917
"<emphasis>[netlogon]</emphasis> share."
920
#: ../docs/sharing/C/sharing.xml:792(para)
922
"<emphasis>add machine script:</emphasis> a script that will automatically "
923
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
924
"workstation to join the domain."
927
#: ../docs/sharing/C/sharing.xml:797(para)
929
"In this example, the <emphasis>machines</emphasis> group will need to be "
930
"created using the <application>addgroup</application> utility. See <ulink "
931
"type=\"help\" url=\"help:/kubuntu/basics/\"> Basics</ulink> for details."
934
#: ../docs/sharing/C/sharing.xml:806(para)
936
"If <emphasis>Roaming Profiles</emphasis> will not be used, leave the "
937
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
941
#: ../docs/sharing/C/sharing.xml:816(para)
943
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
944
"role=\"italic\">logon home</emphasis> to be mapped:"
947
#: ../docs/sharing/C/sharing.xml:821(programlisting)
952
"comment = Home Directories\n"
955
"create mask = 0700\n"
956
"directory mask = 0700\n"
960
#: ../docs/sharing/C/sharing.xml:834(para)
962
"When configured as a domain controller, a <emphasis>[netlogon]</emphasis> "
963
"share needs to be configured. To enable the share, uncomment:"
966
#: ../docs/sharing/C/sharing.xml:839(programlisting)
971
"comment = Network Logon Service\n"
972
"path = /srv/samba/netlogon\n"
978
#: ../docs/sharing/C/sharing.xml:849(para)
980
"The original <emphasis>netlogon</emphasis> share path is "
981
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
982
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
983
"2.3. html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
984
"location for site-specific data provided by the system."
987
#: ../docs/sharing/C/sharing.xml:862(para)
989
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
990
"and an empty (for now) <filename>logon.cmd</filename> script file:"
993
#: ../docs/sharing/C/sharing.xml:868(command)
994
msgid "sudo mkdir -p /srv/samba/netlogon"
997
#: ../docs/sharing/C/sharing.xml:869(command)
998
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
1001
#: ../docs/sharing/C/sharing.xml:872(para)
1003
"Any normal Windows logon script commands can be entered in "
1004
"<filename>logon.cmd</filename> to customize the client's environment."
1007
#: ../docs/sharing/C/sharing.xml:880(para)
1009
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
1010
"workstation to the domain, a system group must be mapped to the Windows "
1011
"<emphasis>Domain Admins</emphasis> group. Using the "
1012
"<application>net</application> utility, from a terminal enter:"
1015
#: ../docs/sharing/C/sharing.xml:888(command)
1017
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
1021
#: ../docs/sharing/C/sharing.xml:893(para)
1023
"Change <emphasis role=\"italic\">sysadmin</emphasis> to the preferred group. "
1024
"The user used to join the domain needs to be a member of the "
1025
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1026
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1027
"allows <application>sudo</application> use."
1030
#: ../docs/sharing/C/sharing.xml:905(para)
1031
msgid "Finally, restart Samba to enable the new domain controller:"
1034
#: ../docs/sharing/C/sharing.xml:916(para)
1036
"It is now possible to join Windows clients to the Domain in the same manner "
1037
"as joining them to an NT4 domain running on a Windows server."
1040
#: ../docs/sharing/C/sharing.xml:926(title)
1041
msgid "Backup Domain Controller"
1044
#: ../docs/sharing/C/sharing.xml:928(para)
1046
"With a Primary Domain Controller (PDC) on the network, it is best to have a "
1047
"Backup Domain Controller (BDC) as well. This will allow clients to "
1048
"authenticate in case the PDC becomes unavailable."
1051
#: ../docs/sharing/C/sharing.xml:934(para)
1053
"When configuring Samba as a BDC, there must be a way to sync account "
1054
"information with the PDC. There are multiple ways of accomplishing this, "
1055
"such as <application>scp</application>, <application>rsync</application>, or "
1056
"by using <application>LDAP</application> as the <emphasis>passdb "
1057
"backend</emphasis>."
1060
#: ../docs/sharing/C/sharing.xml:941(para)
1062
"Using LDAP is the most robust way to sync account information, because both "
1063
"domain controllers can use the same information in real time. However, "
1064
"setting up a LDAP server may be overly complicated for a small number of "
1065
"user and computer accounts. See Samba<ulink "
1066
"url=\"http://wiki.samba.org/index.php/Samba_&_LDAP\"> LDAP</ulink> page "
1070
#: ../docs/sharing/C/sharing.xml:953(para)
1072
"First, install <application>samba</application> and <application>libpam-"
1073
"smbpass</application>. From a terminal enter:"
1076
#: ../docs/sharing/C/sharing.xml:964(para)
1078
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1079
"following in the <emphasis>[global]</emphasis>:"
1082
#: ../docs/sharing/C/sharing.xml:978(para)
1083
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1086
#: ../docs/sharing/C/sharing.xml:982(programlisting)
1090
"domain logons = yes\n"
1091
"domain master = no\n"
1094
#: ../docs/sharing/C/sharing.xml:990(para)
1096
"Make sure a user has rights to read the files in "
1097
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1098
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1102
#: ../docs/sharing/C/sharing.xml:997(command)
1103
msgid "sudo chgrp -R admin /var/lib/samba"
1106
#: ../docs/sharing/C/sharing.xml:1003(para)
1108
"Next, sync the user accounts, using <application>scp</application> to copy "
1109
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1112
#: ../docs/sharing/C/sharing.xml:1009(command)
1113
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1116
#: ../docs/sharing/C/sharing.xml:1013(para)
1118
"Replace <emphasis>username</emphasis> with a valid username and "
1119
"<emphasis>pdc</emphasis> with the hostname or IP Address of the actual PDC."
1122
#: ../docs/sharing/C/sharing.xml:1022(para)
1123
msgid "Finally, restart <application>samba</application>:"
1126
#: ../docs/sharing/C/sharing.xml:1033(para)
1128
"Test that the Backup Domain controller is working by stopping the Samba "
1129
"daemon on the PDC, then trying to login to a Windows client joined to the "
1133
#: ../docs/sharing/C/sharing.xml:1038(para)
1135
"If the <emphasis>logon home</emphasis> option has been configured as a "
1136
"directory on the PDC, and the PDC becomes unavailable, access to the user's "
1137
"<emphasis>Home</emphasis> drive will also be unavailable. For this reason, "
1138
"it is best to configure the <emphasis>logon home</emphasis> to reside on a "
1139
"separate file server from the PDC and BDC."
1142
#: ../docs/sharing/C/sharing.xml:1071(para)
1144
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1145
"pdc.html\"> Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1146
"up a Primary Domain Controller."
1149
#: ../docs/sharing/C/sharing.xml:1079(para)
1151
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1152
"Collection/samba-bdc.html\"> Chapter 5</ulink> of the Samba HOWTO Collection "
1153
"explains setting up a Backup Domain Controller."
1156
#: ../docs/sharing/C/sharing.xml:1092(title)
1157
msgid "Samba Active Directory Integration"
1160
#: ../docs/sharing/C/sharing.xml:1095(title)
1161
msgid "Accessing a Samba Share"
1164
#: ../docs/sharing/C/sharing.xml:1097(para)
1166
"Another use for Samba is to integrate into an existing Windows network. Once "
1167
"part of an Active Directory (AD) domain, Samba can provide file and print "
1168
"services to AD users."
1171
#: ../docs/sharing/C/sharing.xml:1103(para)
1173
"The simplest way to join an AD domain is to use <application>Likewise-"
1174
"open</application>. For detailed instructions, see <xref linkend=\"likewise-"
1178
#: ../docs/sharing/C/sharing.xml:1109(para)
1180
"Once part of the domain, enter the following command in the terminal prompt:"
1183
#: ../docs/sharing/C/sharing.xml:1114(command)
1184
msgid "sudo apt-get install samba smbfs smbclient"
1187
#: ../docs/sharing/C/sharing.xml:1117(para)
1189
"Since the <application>likewise-open</application> and "
1190
"<application>samba</application> packages use separate "
1191
"<filename>secrets.tdb</filename> files, a symlink must be created in "
1192
"<filename role=\"directory\">/var/lib/samba</filename>:"
1195
#: ../docs/sharing/C/sharing.xml:1124(command)
1196
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1199
#: ../docs/sharing/C/sharing.xml:1125(command)
1200
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1203
#: ../docs/sharing/C/sharing.xml:1128(para)
1204
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1207
#: ../docs/sharing/C/sharing.xml:1132(programlisting)
1211
"workgroup = EXAMPLE\n"
1214
"realm = EXAMPLE.COM\n"
1216
"idmap backend = lwopen\n"
1217
"idmap uid = 50-9999999999\n"
1218
"idmap gid = 50-9999999999\n"
1221
#: ../docs/sharing/C/sharing.xml:1143(para)
1223
"Restart <application>samba</application> for the new settings to take effect:"
1226
#: ../docs/sharing/C/sharing.xml:1151(para)
1228
"It should now be possible to access any <application>Samba</application> "
1229
"shares from a Windows client. However, be sure to give the appropriate AD "
1230
"users or groups access to the share directory. See <xref linkend=\"samba-"
1231
"fileprint-security\"/> for more details."
1234
#: ../docs/sharing/C/sharing.xml:1162(title)
1235
msgid "Accessing a Windows Share"
1238
#: ../docs/sharing/C/sharing.xml:1164(para)
1240
"Now that the Samba server is part of the Active Directory domain, any "
1241
"Windows server shares can be accessed:"
1244
#: ../docs/sharing/C/sharing.xml:1172(para)
1246
"To mount a Windows file share, enter the following in a terminal prompt:"
1249
#: ../docs/sharing/C/sharing.xml:1176(command)
1250
msgid "mount.cifs //fs01.example.com/share mount_point"
1253
#: ../docs/sharing/C/sharing.xml:1179(para)
1255
"It is also possible to access shares on computers not part of an AD domain, "
1256
"but a username and password must be provided."
1259
#: ../docs/sharing/C/sharing.xml:1187(para)
1261
"To mount the share during boot, place an entry in "
1262
"<filename>/etc/fstab</filename>, for example:"
1265
#: ../docs/sharing/C/sharing.xml:1192(programlisting)
1269
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1273
#: ../docs/sharing/C/sharing.xml:1199(para)
1275
"Another way to copy files from a Windows server is to use the "
1276
"<application>smbclient</application> utility. To list the files in a Windows "
1280
#: ../docs/sharing/C/sharing.xml:1206(command)
1281
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1284
#: ../docs/sharing/C/sharing.xml:1212(para)
1285
msgid "To copy a file from the share, enter:"
1288
#: ../docs/sharing/C/sharing.xml:1217(command)
1289
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1292
#: ../docs/sharing/C/sharing.xml:1220(para)
1294
"This will copy the <filename>file.txt</filename> into the current directory."
1297
#: ../docs/sharing/C/sharing.xml:1227(para)
1298
msgid "And to copy a file to the share:"
1301
#: ../docs/sharing/C/sharing.xml:1232(command)
1302
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1305
#: ../docs/sharing/C/sharing.xml:1235(para)
1307
"This will copy the <filename>/etc/hosts</filename> to "
1308
"<filename>//fs01.example.com/share/hosts</filename>."
1311
#: ../docs/sharing/C/sharing.xml:1242(para)
1313
"The <emphasis>-c</emphasis> option used above allows execution of the "
1314
"<application>smbclient</application> command all at once. This is useful for "
1315
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1316
"></emphasis> prompt, an FTP-like prompt where normal file and directory "
1317
"commands can be executed, simply run the following in Konsole:"
1320
#: ../docs/sharing/C/sharing.xml:1251(command)
1321
msgid "smbclient //fs01.example.com/share -k"
1324
#: ../docs/sharing/C/sharing.xml:1258(para)
1326
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1327
"<emphasis>//192.168.0.5/share</emphasis>, "
1328
"<emphasis>username=steve,password=secret</emphasis>, and "
1329
"<emphasis>file.txt</emphasis> with the proper server IP, hostname, share "
1330
"name, file name, and an actual username and password with rights to the "
1334
#: ../docs/sharing/C/sharing.xml:1271(para)
1336
"For more <application>smbclient</application> options see the man page: "
1337
"<command>man smbclient</command>, also available <ulink "
1338
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1342
#: ../docs/sharing/C/sharing.xml:1277(para)
1344
"The <application>mount.cifs</application><ulink "
1345
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1346
"man page</ulink> is also useful for more detailed information."
1349
#: ../docs/sharing/C/sharing.xml:1288(title)
1350
msgid "Likewise Open"
1353
#: ../docs/sharing/C/sharing.xml:1290(para)
1355
"<application>Likewise Open</application> simplifies the necessary "
1356
"configuration needed to authenticate a Linux machine to an Active Directory "
1357
"domain. Based on <application>winbind</application>, the "
1358
"<application>likewise-open</application> package takes the pain out of "
1359
"integrating <phrase>Kubuntu</phrase> authentication into an existing Windows "
1363
#: ../docs/sharing/C/sharing.xml:1301(para)
1365
"There are two ways to use Likewise Open, <application>likewise-"
1366
"open</application> the command line utility and <application>likewise-open-"
1367
"gui</application>. This section focuses on the command line utility."
1370
#: ../docs/sharing/C/sharing.xml:1308(para)
1372
"To install the <application>likewise-open</application> package, open a "
1373
"terminal prompt and enter:"
1376
#: ../docs/sharing/C/sharing.xml:1313(command)
1377
msgid "sudo apt-get install likewise-open"
1380
#: ../docs/sharing/C/sharing.xml:1316(para)
1382
"Starting with <phrase>Kubuntu</phrase> 9.04, <application>Likewise Open "
1383
"5.0</application> is available in the <emphasis>Universe</emphasis> "
1384
"repository. However, since upgrading from <application>Likewise Open "
1385
"4.1</application> currently requires the system to leave the domain and re-"
1386
"join, a separate package for version five was created."
1389
#: ../docs/sharing/C/sharing.xml:1324(para)
1390
msgid "To install <application>Likewise Open 5.0</application> enter:"
1393
#: ../docs/sharing/C/sharing.xml:1329(command)
1394
msgid "sudo apt-get install likewise-open5"
1397
#: ../docs/sharing/C/sharing.xml:1333(para)
1399
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1400
"will replace it. The domain will have to be rejoined after install."
1403
#: ../docs/sharing/C/sharing.xml:1341(title)
1404
msgid "Joining a Domain"
1407
#: ../docs/sharing/C/sharing.xml:1343(para)
1409
"The main executable file of the <application>likewise-open</application> "
1410
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1411
"join a computer to the domain. Before joining a domain, the following are "
1415
#: ../docs/sharing/C/sharing.xml:1351(para)
1417
"Access to an Active Directory user with appropriate rights to join the "
1421
#: ../docs/sharing/C/sharing.xml:1356(para)
1423
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1424
"being joined. If the AD domain does not match a valid domain such as "
1425
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it is in "
1426
"the form of <emphasis>domainname.local</emphasis>."
1429
#: ../docs/sharing/C/sharing.xml:1364(para)
1431
"DNS for the domain set up properly. In a production AD environment, this is "
1432
"typically the case. Proper Microsoft DNS is needed so that client "
1433
"workstations can determine that the Active Directory domain is available."
1436
#: ../docs/sharing/C/sharing.xml:1369(para)
1438
"If there is not a Windows DNS server on the network, see <xref "
1439
"linkend=\"likewise-open-ms-dns\"/> for details."
1442
#: ../docs/sharing/C/sharing.xml:1377(para)
1443
msgid "To join a domain, from a terminal prompt enter:"
1446
#: ../docs/sharing/C/sharing.xml:1382(command)
1447
msgid "sudo domainjoin-cli join example.com Administrator"
1450
#: ../docs/sharing/C/sharing.xml:1386(para)
1452
"Replace <emphasis>example.com</emphasis> with the proper domain name, and "
1453
"<emphasis>Administrator</emphasis> with the appropriate user name."
1456
#: ../docs/sharing/C/sharing.xml:1392(para)
1458
"There will be a prompt for the user's password. If all goes well, a "
1459
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1462
#: ../docs/sharing/C/sharing.xml:1398(para)
1464
"After joining the domain, it is necessary to reboot before attempting to "
1465
"authenticate against the domain."
1468
#: ../docs/sharing/C/sharing.xml:1404(para)
1470
"After successfully joining an <phrase>Kubuntu</phrase> machine to an Active "
1471
"Directory domain, any valid AD user can be used to authenticate. To login, "
1472
"the user name must be entered as 'domain\\username'. For example to ssh to a "
1473
"server joined to the domain, enter:"
1476
#: ../docs/sharing/C/sharing.xml:1412(command)
1477
msgid "ssh 'example\\steve'@hostname"
1480
#: ../docs/sharing/C/sharing.xml:1416(para)
1482
"If configuring a Desktop, the user name will need to be prefixed with "
1483
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1486
#: ../docs/sharing/C/sharing.xml:1422(para)
1488
"To make likewise-open use a default domain, the following statement can be "
1489
"added to <filename>/etc/samba/lwiauthd.conf</filename>:"
1492
#: ../docs/sharing/C/sharing.xml:1427(programlisting)
1496
"winbind use default domain = yes\n"
1499
#: ../docs/sharing/C/sharing.xml:1431(para)
1500
msgid "Then restart the <application>likewise-open</application> daemons:"
1503
#: ../docs/sharing/C/sharing.xml:1436(command)
1504
msgid "sudo /etc/init.d/likewise-open restart"
1507
#: ../docs/sharing/C/sharing.xml:1440(para)
1509
"Once configured for a <emphasis>default domain</emphasis>, the <emphasis "
1510
"role=\"italic\">'domain\\'</emphasis> is no longer required. Users can login "
1511
"using only their username."
1514
#: ../docs/sharing/C/sharing.xml:1447(para)
1516
"The <application>domainjoin-cli</application> utility can also be used to "
1517
"leave the domain. From a terminal:"
1520
#: ../docs/sharing/C/sharing.xml:1453(command)
1521
msgid "sudo domainjoin-cli leave"
1524
#: ../docs/sharing/C/sharing.xml:1458(title)
1525
msgid "Other Utilities"
1528
#: ../docs/sharing/C/sharing.xml:1460(para)
1530
"The <application>likewise-open</application> package comes with a few other "
1531
"utilities that may be useful for gathering information about the Active "
1532
"Directory environment. These utilities are used to join the machine to the "
1533
"domain, and are the same as those available in the <application>samba-"
1534
"common</application> and <application>winbind</application> packages:"
1537
#: ../docs/sharing/C/sharing.xml:1471(para)
1539
"<application>lwinet</application>: Returns information about the network and "
1543
#: ../docs/sharing/C/sharing.xml:1476(para)
1545
"<application>lwimsg</application>: Allows interaction with the "
1546
"<application>likewise-winbindd</application> daemon."
1549
#: ../docs/sharing/C/sharing.xml:1481(para)
1551
"<application>lwiinfo</application>: Displays information about various parts "
1555
#: ../docs/sharing/C/sharing.xml:1488(para)
1556
msgid "Please refer to each utility's man page specific for details."
1559
#: ../docs/sharing/C/sharing.xml:1494(title)
1560
msgid "Troubleshooting"
1563
#: ../docs/sharing/C/sharing.xml:1498(para)
1565
"If the client has trouble joining the domain, check that the Microsoft DNS "
1566
"is listed first in <filename>/etc/resolv.conf</filename>. For example:"
1569
#: ../docs/sharing/C/sharing.xml:1504(programlisting)
1573
"nameserver 192.168.0.1\n"
1576
#: ../docs/sharing/C/sharing.xml:1509(para)
1578
"For more information when joining a domain, use the <emphasis>--loglevel "
1579
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1580
"<application>domainjoin-cli</application> utility:"
1583
#: ../docs/sharing/C/sharing.xml:1515(command)
1584
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1587
#: ../docs/sharing/C/sharing.xml:1519(para)
1589
"If an Active Directory user has trouble logging in, check the "
1590
"<filename>/var/log/auth.log</filename> for details."
1593
#: ../docs/sharing/C/sharing.xml:1524(para)
1595
"When joining an <phrase>Kubuntu</phrase> Desktop workstation to a domain, it "
1596
"may be necessary to edit <filename>/etc/nsswitch.conf</filename> if the AD "
1597
"domain uses the <emphasis role=\"italic\">.local</emphasis> syntax. In order "
1598
"to join the domain, the <emphasis>\"mdns4\"</emphasis> entry should be "
1599
"removed from the <emphasis>hosts</emphasis> option. For example:"
1602
#: ../docs/sharing/C/sharing.xml:1532(programlisting)
1606
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1609
#: ../docs/sharing/C/sharing.xml:1536(para)
1610
msgid "Change the above to:"
1613
#: ../docs/sharing/C/sharing.xml:1540(programlisting)
1617
"hosts: files dns [NOTFOUND=return]\n"
1620
#: ../docs/sharing/C/sharing.xml:1544(para)
1621
msgid "Then restart networking by entering:"
1624
#: ../docs/sharing/C/sharing.xml:1549(command)
1625
msgid "sudo /etc/init.d/networking restart"
1628
#: ../docs/sharing/C/sharing.xml:1552(para)
1629
msgid "It should now be possible to join the Active Directory domain."
1632
#: ../docs/sharing/C/sharing.xml:1560(title)
1633
msgid "Microsoft DNS"
1636
#: ../docs/sharing/C/sharing.xml:1562(para)
1638
"The following are instructions for installing DNS on an Active Directory "
1639
"domain controller running Windows Server 2003, but the instructions should "
1640
"be similar for other versions:"
1643
#: ../docs/sharing/C/sharing.xml:1572(para)
1646
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1647
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1648
"This will open the <application>Server Role Management</application> utility."
1651
#: ../docs/sharing/C/sharing.xml:1580(para)
1652
msgid "Click <guilabel>Add or remove a role</guilabel>"
1655
#: ../docs/sharing/C/sharing.xml:1581(para) ../docs/sharing/C/sharing.xml:1583(para) ../docs/sharing/C/sharing.xml:1586(para)
1659
#: ../docs/sharing/C/sharing.xml:1582(para)
1660
msgid "Select \"DNS Server\""
1663
#: ../docs/sharing/C/sharing.xml:1584(para)
1664
msgid "Click Next again to proceed"
1667
#: ../docs/sharing/C/sharing.xml:1585(para)
1668
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1671
#: ../docs/sharing/C/sharing.xml:1587(para)
1673
"Make sure \"This server maintains the zone\" is selected and click Next."
1676
#: ../docs/sharing/C/sharing.xml:1588(para)
1677
msgid "Enter the domain name and click Next"
1680
#: ../docs/sharing/C/sharing.xml:1589(para)
1681
msgid "Click Next to \"Allow only secure dynamic updates\""
1684
#: ../docs/sharing/C/sharing.xml:1591(para)
1686
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1687
"should not forward queries\" and click Next."
1690
#: ../docs/sharing/C/sharing.xml:1595(para) ../docs/sharing/C/sharing.xml:1596(para)
1691
msgid "Click Finish"
1694
#: ../docs/sharing/C/sharing.xml:1598(para)
1696
"DNS is now installed and can be further configured using the "
1697
"<application>Microsoft Management Console</application> DNS snap-in."
1700
#: ../docs/sharing/C/sharing.xml:1606(para)
1704
#: ../docs/sharing/C/sharing.xml:1607(para)
1705
msgid "Control Panel"
1708
#: ../docs/sharing/C/sharing.xml:1608(para)
1709
msgid "Network Connections"
1710
msgstr "Connexions réseau"
1712
#: ../docs/sharing/C/sharing.xml:1609(para)
1713
msgid "Right Click \"Local Area Connection\""
1716
#: ../docs/sharing/C/sharing.xml:1610(para)
1717
msgid "Click Properties"
1720
#: ../docs/sharing/C/sharing.xml:1611(para)
1721
msgid "Double click \"Internet Protocol (TCP/IP)\""
1724
#: ../docs/sharing/C/sharing.xml:1612(para)
1725
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1728
#: ../docs/sharing/C/sharing.xml:1613(para)
1730
msgstr "Cliquez sur Ok"
1732
#: ../docs/sharing/C/sharing.xml:1614(para)
1733
msgid "Click Ok again to save the settings"
1734
msgstr "Cliquez à nouveau sur Ok pour sauvegarder les réglages."
1736
#: ../docs/sharing/C/sharing.xml:1603(para)
1738
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1740
"Ensuite, configurez le serveur pour qu'il traite lui-même les requêtes DNS : "
1743
#: ../docs/sharing/C/sharing.xml:1621(title)
1747
#: ../docs/sharing/C/sharing.xml:1623(para)
1749
"Please refer to the <ulink "
1750
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1751
"further information."
1753
"Veuillez consulter la page d'accueil de <ulink "
1754
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> (en anglais) pour "
1755
"plus d'informations."
1757
#: ../docs/sharing/C/sharing.xml:1627(para)
1759
"For more <application>domainjoin-cli</application> options see the man page: "
1760
"<command>man domainjoin-cli</command>."
1763
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
1764
#: ../docs/sharing/C/sharing.xml:0(None)
1765
msgid "translator-credits"
1767
"Launchpad Contributions:\n"
1768
" Pierre Slamich https://launchpad.net/~pierre-slamich"