4
"Project-Id-Version: PACKAGE VERSION\n"
5
"Report-Msgid-Bugs-To: \n"
6
"POT-Creation-Date: 2011-09-15 02:35-0700\n"
7
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
"Language-Team: LANGUAGE <LL@li.org>\n"
11
"Content-Type: text/plain; charset=UTF-8\n"
12
"Content-Transfer-Encoding: 8bit\n"
13
"X-Launchpad-Export-Date: 2011-10-05 10:22+0000\n"
14
"X-Generator: Launchpad (build 14085)\n"
16
#: ../docs/sharing/C/sharing.xml:12(title)
17
msgid "File Sharing in <phrase>Kubuntu</phrase>"
20
#: ../docs/sharing/C/sharing.xml:3(title)
21
msgid "Credits and License"
24
#: ../docs/sharing/C/sharing.xml:4(para)
26
"This document is maintained by the Ubuntu documentation team "
27
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
28
"the <ulink url=\"help:/kubuntu/contributors.html\">contributors page</ulink>"
31
#: ../docs/sharing/C/sharing.xml:5(para)
33
"This document is made available under the Creative Commons ShareAlike 2.5 "
37
#: ../docs/sharing/C/sharing.xml:6(para)
39
"You are free to modify, extend, and improve the Ubuntu documentation source "
40
"code under the terms of this license. All derivative works must be released "
44
#: ../docs/sharing/C/sharing.xml:8(para)
46
"This documentation is distributed in the hope that it will be useful, but "
47
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
48
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
51
#: ../docs/sharing/C/sharing.xml:11(para)
53
"A copy of the license is available here: <ulink "
54
"url=\"help:/kubuntu/copyright.html\">Creative Commons ShareAlike "
58
#: ../docs/sharing/C/sharing.xml:14(year)
62
#: ../docs/sharing/C/sharing.xml:15(ulink)
63
msgid "Ubuntu Documentation Project"
66
#: ../docs/sharing/C/sharing.xml:15(holder)
67
msgid "Canonical Ltd. and members of the <placeholder-1/>"
70
#: ../docs/sharing/C/sharing.xml:18(publishername)
71
msgid "The Ubuntu Documentation Project"
74
#: ../docs/sharing/C/sharing.xml:15(para)
76
"This document explains how to share files between <phrase>Kubuntu</phrase> "
80
#: ../docs/sharing/C/sharing.xml:22(title)
84
#: ../docs/sharing/C/sharing.xml:24(para)
86
"Computer networks are often comprised of diverse systems. While operating a "
87
"network made up entirely of <phrase>Kubuntu</phrase> desktop and server "
88
"computers would certainly be fun, some network environments will consist of "
89
"<phrase>Kubuntu</phrase> and <trademark "
90
"class=\"registered\">Microsoft</trademark><trademark "
91
"class=\"registered\">Windows</trademark> systems working together. This "
92
"section of the <phrase>Kubuntu</phrase> Server Guide introduces principles "
93
"and tools used for configuring <phrase>Kubuntu</phrase> servers to share "
94
"network resources with Windows computers."
97
#: ../docs/sharing/C/sharing.xml:34(para)
99
"Successfully networking a <phrase>Kubuntu</phrase> system with Windows "
100
"clients involves providing and integrating services common to Windows "
101
"environments. These services support sharing data and information about the "
102
"computers and users on the network, and may be classified into three major "
106
#: ../docs/sharing/C/sharing.xml:43(para)
108
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. The "
109
"Server Message Block (<acronym>SMB</acronym>) protocol is used to facilitate "
110
"sharing files, folders, volumes, and printers throughout the network."
113
#: ../docs/sharing/C/sharing.xml:50(para)
115
"<emphasis role=\"bold\">Directory Services</emphasis>. Vital information is "
116
"shared about the computers and users of the network with such technologies "
117
"as the Lightweight Directory Access Protocol (<acronym>LDAP</acronym>) and "
118
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
121
#: ../docs/sharing/C/sharing.xml:58(para)
123
"<emphasis role=\"bold\">Authentication and Access</emphasis>. It is "
124
"necessary to be able to establish the identity of a computer or user to "
125
"determine the information the computer or user is authorized to access. "
126
"Authentication and access use principles and technologies such as file "
127
"permissions, group policies, and the Kerberos authentication service."
130
#: ../docs/sharing/C/sharing.xml:68(para)
132
"A <phrase>Kubuntu</phrase> system can provide all such capabilities for "
133
"Windows clients and enable sharing network resources with them. One of the "
134
"principal pieces of software included in a <phrase>Kubuntu</phrase> system "
135
"for Windows networking is the Samba suite of <acronym>SMB</acronym> server "
136
"applications and tools."
139
#: ../docs/sharing/C/sharing.xml:75(para)
141
"This section of the <phrase>Kubuntu</phrase> Server Guide will introduce "
142
"some of the ways Samba is commonly used, and how to install and configure "
143
"the necessary packages. Additional detailed documentation and information on "
144
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
148
#: ../docs/sharing/C/sharing.xml:84(title)
149
msgid "Samba File Server"
152
#: ../docs/sharing/C/sharing.xml:86(para)
154
"One of the most common ways to network <phrase>Kubuntu</phrase> and Windows "
155
"computers is to configure Samba as a File Server. This section covers "
156
"setting up a <application>Samba</application> server to share files with "
160
#: ../docs/sharing/C/sharing.xml:92(para)
162
"The server will be configured to share files with any client on the network "
163
"without prompting for a password. If the environment requires stricter "
164
"Access Controls, see <xref linkend=\"samba-fileprint-security\"/>"
167
#: ../docs/sharing/C/sharing.xml:99(title) ../docs/sharing/C/sharing.xml:1299(title)
171
#: ../docs/sharing/C/sharing.xml:101(para)
173
"The first step is to install the <application>samba</application> package. "
174
"From a terminal prompt enter:"
177
#: ../docs/sharing/C/sharing.xml:106(command)
178
msgid "sudo apt-get install samba"
181
#: ../docs/sharing/C/sharing.xml:109(para)
183
"That's all there is to it. Samba is ready to be configured for file sharing."
186
#: ../docs/sharing/C/sharing.xml:115(title)
187
msgid "Configuration"
190
#: ../docs/sharing/C/sharing.xml:117(para)
192
"The main Samba configuration file is located in "
193
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
194
"a significant number of comments in order to document various configuration "
198
#: ../docs/sharing/C/sharing.xml:124(para)
200
"Not all the available options are included in the default configuration "
201
"file. See the <filename>smb.conf</filename><application>man</application> "
202
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
203
"Collection/\">Samba HOWTO Collection</ulink> for more details."
206
#: ../docs/sharing/C/sharing.xml:134(para)
208
"Edit the following key/value pairs in the <emphasis>[global]</emphasis> "
209
"section of <filename>/etc/samba/smb.conf</filename>:"
212
#: ../docs/sharing/C/sharing.xml:139(programlisting) ../docs/sharing/C/sharing.xml:737(programlisting) ../docs/sharing/C/sharing.xml:969(programlisting)
216
"workgroup = EXAMPLE\n"
221
#: ../docs/sharing/C/sharing.xml:145(para)
223
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
224
"section, and is commented out by default. Change "
225
"<emphasis>EXAMPLE</emphasis> to match the actual environment."
228
#: ../docs/sharing/C/sharing.xml:154(para)
230
"Create a new section at the bottom of the file, or uncomment one of the "
231
"examples for the directory to be shared:"
234
#: ../docs/sharing/C/sharing.xml:159(programlisting)
239
"comment = Ubuntu File Server Share\n"
240
"path = /srv/samba/share\n"
244
"create mask = 0755\n"
247
#: ../docs/sharing/C/sharing.xml:171(para)
249
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
250
"fit as appropriate."
253
#: ../docs/sharing/C/sharing.xml:177(para)
254
msgid "<emphasis>path:</emphasis> the path to the directory to share."
257
#: ../docs/sharing/C/sharing.xml:180(para)
259
"This example uses <filename>/srv/samba/sharename</filename> because, "
260
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
261
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-2.3. "
262
"html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
263
"specific data should be served. Technically Samba shares can be placed "
264
"anywhere on the filesystem as long as the permissions are correct, but "
265
"adhering to standards is recommended."
268
#: ../docs/sharing/C/sharing.xml:191(para)
270
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
271
"directory using <application>Windows Explorer</application>."
274
#: ../docs/sharing/C/sharing.xml:197(para)
276
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
277
"without supplying a password."
280
#: ../docs/sharing/C/sharing.xml:203(para)
282
"<emphasis>read only:</emphasis> determines if the share is read only or if "
283
"write privileges are granted. Write privileges are allowed only when the "
284
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
285
"is <emphasis>yes</emphasis>, then access to the share is read only."
288
#: ../docs/sharing/C/sharing.xml:208(para)
290
"<emphasis>create mask:</emphasis> determines the permissions new files will "
294
#: ../docs/sharing/C/sharing.xml:218(para)
296
"Now that <application>Samba</application> is configured, the directory needs "
297
"to be created and the permissions changed. From a terminal enter:"
300
#: ../docs/sharing/C/sharing.xml:224(command)
301
msgid "sudo mkdir -p /srv/samba/share"
304
#: ../docs/sharing/C/sharing.xml:225(command)
305
msgid "sudo chown nobody.nogroup /srv/samba/share/"
308
#: ../docs/sharing/C/sharing.xml:229(para)
310
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
311
"directory tree if it doesn't exist. Change the share name to fit the "
315
#: ../docs/sharing/C/sharing.xml:238(para)
317
"Finally, restart the <application>samba</application> services to enable the "
321
#: ../docs/sharing/C/sharing.xml:243(command) ../docs/sharing/C/sharing.xml:398(command) ../docs/sharing/C/sharing.xml:515(command) ../docs/sharing/C/sharing.xml:910(command) ../docs/sharing/C/sharing.xml:1027(command) ../docs/sharing/C/sharing.xml:1148(command)
322
msgid "sudo /etc/init.d/samba restart"
325
#: ../docs/sharing/C/sharing.xml:250(para)
327
"The above configuration gives all access to any client on the local network. "
328
"For a more secure configuration, see <xref linkend=\"samba-fileprint-"
332
#: ../docs/sharing/C/sharing.xml:256(para)
334
"From a Windows client, it should now be possible to browse to the "
335
"<phrase>Kubuntu</phrase> file server and see the shared directory. To check "
336
"that everything is working, try creating a directory from Windows."
339
#: ../docs/sharing/C/sharing.xml:262(para)
341
"To create additional shares, simply create new <emphasis>[dir]</emphasis> "
342
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
343
"<emphasis>Samba</emphasis>. Make sure that the directory to be shared "
344
"actually exists and that the permissions are correct."
347
#: ../docs/sharing/C/sharing.xml:270(title) ../docs/sharing/C/sharing.xml:657(title) ../docs/sharing/C/sharing.xml:1049(title) ../docs/sharing/C/sharing.xml:1269(title)
351
#: ../docs/sharing/C/sharing.xml:274(para) ../docs/sharing/C/sharing.xml:1053(para)
353
"For in depth Samba configurations see the <ulink "
354
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
358
#: ../docs/sharing/C/sharing.xml:280(para) ../docs/sharing/C/sharing.xml:667(para) ../docs/sharing/C/sharing.xml:1059(para)
360
"The guide is also available in <ulink "
361
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
365
#: ../docs/sharing/C/sharing.xml:286(para)
368
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
369
"another good reference."
372
#: ../docs/sharing/C/sharing.xml:297(title)
373
msgid "Securing a Samba File and Print Server"
376
#: ../docs/sharing/C/sharing.xml:300(title)
377
msgid "Samba Security Modes"
380
#: ../docs/sharing/C/sharing.xml:302(para)
382
"There are two security levels available to the Common Internet Filesystem "
383
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
384
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
385
"allows more flexibility, providing four ways of implementing user-level "
386
"security and one way to implement share-level:"
389
#: ../docs/sharing/C/sharing.xml:312(para)
391
"<emphasis>security = user:</emphasis> requires clients to supply a username "
392
"and password to connect to shares. Samba user accounts are separate from "
393
"system accounts, but the <application>libpam-smbpass</application> package "
394
"will sync system users and passwords with the Samba user database."
397
#: ../docs/sharing/C/sharing.xml:320(para)
399
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
400
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
401
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
402
"linkend=\"samba-dc\"/> for further information."
405
#: ../docs/sharing/C/sharing.xml:328(para)
407
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
408
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
409
"integration\"/> for details."
412
#: ../docs/sharing/C/sharing.xml:335(para)
414
"<emphasis>security = server:</emphasis> this mode is left over from before "
415
"Samba could become a member server, and, due to some security issues, should "
416
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
417
"HOWTO-Collection/ServerType. html#id349531\">Server Security</ulink> section "
418
"of the Samba guide for more details."
421
#: ../docs/sharing/C/sharing.xml:345(para)
423
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
424
"without supplying a username and password."
427
#: ../docs/sharing/C/sharing.xml:352(para)
429
"The preferred security mode depends on the environment and what the Samba "
430
"server needs to accomplish."
433
#: ../docs/sharing/C/sharing.xml:359(title)
434
msgid "Security = User"
437
#: ../docs/sharing/C/sharing.xml:361(para)
439
"This section will reconfigure the Samba file and print server, from <xref "
440
"linkend=\"samba-fileserver\"/> and the <ulink type=\"help\" "
441
"url=\"help:/kubuntu/printing/\"> Print Server</ulink>, to require "
445
#: ../docs/sharing/C/sharing.xml:368(para)
447
"First, install the <application>libpam-smbpass</application> package which "
448
"will sync the system users to the Samba user database:"
451
#: ../docs/sharing/C/sharing.xml:374(command)
452
msgid "sudo apt-get install libpam-smbpass"
455
#: ../docs/sharing/C/sharing.xml:378(para)
457
"If the <emphasis>Samba Server</emphasis> task was chosen during "
458
"installation, <application>libpam-smbpass</application> is already installed."
461
#: ../docs/sharing/C/sharing.xml:384(para)
463
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
464
"<emphasis>[share]</emphasis> section change:"
467
#: ../docs/sharing/C/sharing.xml:389(programlisting)
474
#: ../docs/sharing/C/sharing.xml:393(para)
475
msgid "Finally, restart Samba for the new settings to take effect:"
478
#: ../docs/sharing/C/sharing.xml:401(para)
480
"Now when connecting to the shared directories or printers, there will be a "
481
"prompt for a username and password."
484
#: ../docs/sharing/C/sharing.xml:407(para)
486
"To map a network drive to the share, <quote>Reconnect at Logon</quote> "
487
"should be checked, which will require the username and password to be "
488
"entered just once, at least until the password changes."
491
#: ../docs/sharing/C/sharing.xml:416(title)
492
msgid "Share Security"
495
#: ../docs/sharing/C/sharing.xml:418(para)
497
"There are several options available to increase the security for each "
498
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
499
"this section will cover some common options."
502
#: ../docs/sharing/C/sharing.xml:425(title)
506
#: ../docs/sharing/C/sharing.xml:427(para)
508
"Groups define a collection of computers or users which have a common level "
509
"of access to particular network resources and offer a level of granularity "
510
"in controlling access to such resources. For example, if a group <emphasis "
511
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
512
"role=\"italic\">freda</emphasis>, <emphasis "
513
"role=\"italic\">danika</emphasis>, and <emphasis "
514
"role=\"italic\">rob</emphasis> and a second group <emphasis "
515
"role=\"italic\">support</emphasis> is defined and consists of users "
516
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
517
"role=\"italic\">jeremy</emphasis>, and <emphasis "
518
"role=\"italic\">vincent</emphasis>, then certain network resources "
519
"configured to allow access by the <emphasis role=\"italic\">qa</emphasis> "
520
"group will subsequently enable access by freda, danika, and rob, but not "
521
"jeremy or vincent. Since the user <emphasis "
522
"role=\"italic\">danika</emphasis> belongs to both the <emphasis "
523
"role=\"italic\">qa</emphasis> and <emphasis "
524
"role=\"italic\">support</emphasis> groups, she will be able to access "
525
"resources configured for access by both groups, whereas all other users will "
526
"have only access to resources explicitly allowing the group they are part of."
529
#: ../docs/sharing/C/sharing.xml:448(para)
531
"By default Samba looks for the local system groups defined in "
532
"<filename>/etc/group</filename> to determine which users belong to which "
533
"groups. For more information on adding and removing users from groups see "
534
"<ulink type=\"help\" url=\"help:/kubuntu/basics/\"> Basics</ulink>."
537
#: ../docs/sharing/C/sharing.xml:455(para)
539
"When defining groups in the Samba configuration file, "
540
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
541
"preface the group name with an \"@\" symbol. For example, to define a group "
542
"named <emphasis role=\"italic\">sysadmin</emphasis> in a certain section of "
543
"the <filename>/etc/samba/smb.conf</filename>, the group name would be "
544
"entered as <emphasis role=\"bold\">@sysadmin</emphasis>."
547
#: ../docs/sharing/C/sharing.xml:466(title)
548
msgid "File Permissions"
551
#: ../docs/sharing/C/sharing.xml:468(para)
553
"File Permissions define the explicit rights a computer or user has to a "
554
"particular directory, file, or set of files. Such permissions may be defined "
555
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
556
"the explicit permissions of a defined file share."
559
#: ../docs/sharing/C/sharing.xml:475(para)
561
"For example, for a defined Samba share called <emphasis>share</emphasis> and "
562
"the need to give <emphasis role=\"italic\">read-only</emphasis> permissions "
563
"to the group of users known as <emphasis role=\"italic\">qa</emphasis>, "
564
"while allowing write permissions to the share by the group called <emphasis "
565
"role=\"italic\">sysadmin</emphasis> and the user named <emphasis "
566
"role=\"italic\">vincent</emphasis>, then the "
567
"<filename>/etc/samba/smb.conf</filename> file could be edited to add the "
568
"following entries under the <emphasis>[share]</emphasis> entry:"
571
#: ../docs/sharing/C/sharing.xml:486(programlisting)
576
"write list = @sysadmin, vincent\n"
579
#: ../docs/sharing/C/sharing.xml:491(para)
581
"Another possible Samba permission is to declare "
582
"<emphasis>administrative</emphasis> permissions to a particular shared "
583
"resource. Users having administrative permissions may read, write, or modify "
584
"any information contained in the resource where the user has been given "
585
"explicit administrative permissions."
588
#: ../docs/sharing/C/sharing.xml:499(para)
590
"For example, to give the user <emphasis role=\"italic\">melissa</emphasis> "
591
"administrative permissions to the <emphasis role=\"italic\">share</emphasis> "
592
"example, the <filename>/etc/samba/smb.conf</filename> file would be edited "
593
"to add the following line under the <emphasis>[share]</emphasis> entry:"
596
#: ../docs/sharing/C/sharing.xml:506(programlisting)
600
"admin users = melissa\n"
603
#: ../docs/sharing/C/sharing.xml:510(para)
605
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
606
"the changes to take effect:"
609
#: ../docs/sharing/C/sharing.xml:519(para)
611
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
612
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
613
"<emphasis role=\"italic\">security = share</emphasis>"
616
#: ../docs/sharing/C/sharing.xml:526(para)
618
"Now that Samba has been configured to limit which groups have access to the "
619
"shared directory, the filesystem permissions need to be updated."
622
#: ../docs/sharing/C/sharing.xml:531(para)
624
"Traditional Linux file permissions do not map well to Windows NT Access "
625
"Control Lists (ACLs). Fortunately POSIX ACLs are available on "
626
"<phrase>Kubuntu</phrase> servers providing more fine grained control. For "
627
"example, to enable ACLs on <filename>/srv</filename> an EXT3 filesystem, "
628
"edit <filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> "
632
#: ../docs/sharing/C/sharing.xml:539(programlisting)
636
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
641
#: ../docs/sharing/C/sharing.xml:544(para)
642
msgid "Then remount the partition:"
645
#: ../docs/sharing/C/sharing.xml:549(command)
646
msgid "sudo mount -v -o remount /srv"
649
#: ../docs/sharing/C/sharing.xml:553(para)
651
"The above example assumes <filename>/srv</filename> on a separate partition. "
652
"If <filename>/srv</filename>, or wherever the share path is configured, is "
653
"part of the <filename>/</filename> partition, a reboot may be required."
656
#: ../docs/sharing/C/sharing.xml:560(para)
658
"To match the Samba configuration above, the <emphasis>sysadmin</emphasis> "
659
"group will be given read, write, and execute permissions to "
660
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
661
"will be given read and execute permissions, and the files will be owned by "
662
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
665
#: ../docs/sharing/C/sharing.xml:569(command)
666
msgid "sudo chown -R melissa /srv/samba/share/"
669
#: ../docs/sharing/C/sharing.xml:570(command)
670
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
673
#: ../docs/sharing/C/sharing.xml:571(command)
674
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
677
#: ../docs/sharing/C/sharing.xml:575(para)
679
"The <application>setfacl</application> command above gives "
680
"<emphasis>execute</emphasis> permissions to all files in the "
681
"<filename>/srv/samba/share</filename> directory, which may or may not be "
685
#: ../docs/sharing/C/sharing.xml:583(para)
687
"A Windows client will show that the new file permissions are implemented. "
688
"See the <application>acl</application> and "
689
"<application>setfacl</application> man pages for more information on POSIX "
693
#: ../docs/sharing/C/sharing.xml:592(title)
694
msgid "Samba AppArmor Profile"
697
#: ../docs/sharing/C/sharing.xml:594(para)
699
"<phrase>Kubuntu</phrase> comes with the <application>AppArmor</application> "
700
"security module, which provides mandatory access controls. The default "
701
"AppArmor profile for Samba will need to be adapted to the proper "
702
"configuration. For more details on using AppArmor, please refer to the<ulink "
703
"url=\"https://help.ubuntu.com/community/AppArmor\"> wiki</ulink>"
706
#: ../docs/sharing/C/sharing.xml:602(para)
708
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
709
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
710
"of the <application>apparmor-profiles</application> packages. To install the "
711
"package, from a terminal prompt, enter:"
714
#: ../docs/sharing/C/sharing.xml:610(command)
715
msgid "sudo apt-get install apparmor-profiles"
718
#: ../docs/sharing/C/sharing.xml:614(para)
719
msgid "This package contains profiles for several other binaries."
722
#: ../docs/sharing/C/sharing.xml:619(para)
724
"By default the profiles for <application>smbd</application> and "
725
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode, "
726
"allowing Samba to work without modifying the profile, and only logging "
727
"errors. To place the <application>smbd</application> profile into "
728
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
729
"profile will need to be modified to reflect any directories that are shared."
732
#: ../docs/sharing/C/sharing.xml:628(para)
734
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename>, adding information "
735
"for <emphasis>[share]</emphasis> from the file server example:"
738
#: ../docs/sharing/C/sharing.xml:633(programlisting)
742
"/srv/samba/share/ r,\n"
743
"/srv/samba/share/** rwkix,\n"
746
#: ../docs/sharing/C/sharing.xml:638(para)
748
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
751
#: ../docs/sharing/C/sharing.xml:643(command)
752
msgid "sudo aa-enforce /usr/sbin/smbd"
755
#: ../docs/sharing/C/sharing.xml:644(command)
756
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
759
#: ../docs/sharing/C/sharing.xml:647(para)
761
"It is now possible to read, write, and execute files in the shared directory "
762
"as normal, and the <application>smbd</application> binary will have access "
763
"to only the configured files and directories. Be sure to add entries for "
764
"each directory that Samba is configured to share. Any errors will be logged "
765
"to <filename>/var/log/syslog</filename>."
768
#: ../docs/sharing/C/sharing.xml:661(para)
770
"For in depth Samba configurations, see the <ulink "
771
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
775
#: ../docs/sharing/C/sharing.xml:673(para) ../docs/sharing/C/sharing.xml:1065(para)
778
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
779
"also a good reference."
782
#: ../docs/sharing/C/sharing.xml:679(para)
784
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
785
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
789
#: ../docs/sharing/C/sharing.xml:686(para)
791
"For more information on Samba and ACLs, see the <ulink "
792
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
793
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
796
#: ../docs/sharing/C/sharing.xml:697(title)
797
msgid "Samba as a Domain Controller"
800
#: ../docs/sharing/C/sharing.xml:699(para)
802
"Although it cannot act as an Active Directory Primary Domain Controller "
803
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
804
"domain controller. A major advantage of this configuration is the ability to "
805
"centralize user and machine credentials. Samba can also use multiple "
806
"backends to store the user information."
809
#: ../docs/sharing/C/sharing.xml:708(title)
810
msgid "Primary Domain Controller"
813
#: ../docs/sharing/C/sharing.xml:710(para)
815
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
816
"using the default smbpasswd backend."
819
#: ../docs/sharing/C/sharing.xml:718(para)
821
"Install Samba and <application>libpam-smbpass</application> to sync the user "
822
"accounts, by entering the following in a terminal prompt:"
825
#: ../docs/sharing/C/sharing.xml:724(command) ../docs/sharing/C/sharing.xml:958(command)
826
msgid "sudo apt-get install samba libpam-smbpass"
829
#: ../docs/sharing/C/sharing.xml:730(para)
831
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
832
"The <emphasis>security</emphasis> mode should be set to <emphasis "
833
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
834
"should relate to the organization properly:"
837
#: ../docs/sharing/C/sharing.xml:746(para)
839
"In the commented <quote>Domains</quote> section, add or uncomment the "
843
#: ../docs/sharing/C/sharing.xml:750(programlisting)
847
"domain logons = yes\n"
848
"logon path = \\\\%N\\%U\\profile\n"
850
"logon home = \\\\%N\\%U\n"
851
"logon script = logon.cmd\n"
852
"add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
853
"/var/lib/samba -s /bin/false %u\n"
856
#: ../docs/sharing/C/sharing.xml:761(para)
858
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
859
"Samba to act as a domain controller."
862
#: ../docs/sharing/C/sharing.xml:767(para)
864
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
865
"their home directory. It is also possible to configure a "
866
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
870
#: ../docs/sharing/C/sharing.xml:775(para)
872
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
875
#: ../docs/sharing/C/sharing.xml:780(para)
877
"<emphasis>logon home:</emphasis> specifies the home directory location."
880
#: ../docs/sharing/C/sharing.xml:785(para)
882
"<emphasis>logon script:</emphasis> determines the script to be run locally "
883
"once a user has logged in. The script needs to be placed in the "
884
"<emphasis>[netlogon]</emphasis> share."
887
#: ../docs/sharing/C/sharing.xml:792(para)
889
"<emphasis>add machine script:</emphasis> a script that will automatically "
890
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
891
"workstation to join the domain."
894
#: ../docs/sharing/C/sharing.xml:797(para)
896
"In this example, the <emphasis>machines</emphasis> group will need to be "
897
"created using the <application>addgroup</application> utility. See <ulink "
898
"type=\"help\" url=\"help:/kubuntu/basics/\"> Basics</ulink> for details."
901
#: ../docs/sharing/C/sharing.xml:806(para)
903
"If <emphasis>Roaming Profiles</emphasis> will not be used, leave the "
904
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
908
#: ../docs/sharing/C/sharing.xml:816(para)
910
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
911
"role=\"italic\">logon home</emphasis> to be mapped:"
914
#: ../docs/sharing/C/sharing.xml:821(programlisting)
919
"comment = Home Directories\n"
922
"create mask = 0700\n"
923
"directory mask = 0700\n"
927
#: ../docs/sharing/C/sharing.xml:834(para)
929
"When configured as a domain controller, a <emphasis>[netlogon]</emphasis> "
930
"share needs to be configured. To enable the share, uncomment:"
933
#: ../docs/sharing/C/sharing.xml:839(programlisting)
938
"comment = Network Logon Service\n"
939
"path = /srv/samba/netlogon\n"
945
#: ../docs/sharing/C/sharing.xml:849(para)
947
"The original <emphasis>netlogon</emphasis> share path is "
948
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
949
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
950
"2.3. html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
951
"location for site-specific data provided by the system."
954
#: ../docs/sharing/C/sharing.xml:862(para)
956
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
957
"and an empty (for now) <filename>logon.cmd</filename> script file:"
960
#: ../docs/sharing/C/sharing.xml:868(command)
961
msgid "sudo mkdir -p /srv/samba/netlogon"
964
#: ../docs/sharing/C/sharing.xml:869(command)
965
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
968
#: ../docs/sharing/C/sharing.xml:872(para)
970
"Any normal Windows logon script commands can be entered in "
971
"<filename>logon.cmd</filename> to customize the client's environment."
974
#: ../docs/sharing/C/sharing.xml:880(para)
976
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
977
"workstation to the domain, a system group must be mapped to the Windows "
978
"<emphasis>Domain Admins</emphasis> group. Using the "
979
"<application>net</application> utility, from a terminal enter:"
982
#: ../docs/sharing/C/sharing.xml:888(command)
984
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
988
#: ../docs/sharing/C/sharing.xml:893(para)
990
"Change <emphasis role=\"italic\">sysadmin</emphasis> to the preferred group. "
991
"The user used to join the domain needs to be a member of the "
992
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
993
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
994
"allows <application>sudo</application> use."
997
#: ../docs/sharing/C/sharing.xml:905(para)
998
msgid "Finally, restart Samba to enable the new domain controller:"
1001
#: ../docs/sharing/C/sharing.xml:916(para)
1003
"It is now possible to join Windows clients to the Domain in the same manner "
1004
"as joining them to an NT4 domain running on a Windows server."
1007
#: ../docs/sharing/C/sharing.xml:926(title)
1008
msgid "Backup Domain Controller"
1011
#: ../docs/sharing/C/sharing.xml:928(para)
1013
"With a Primary Domain Controller (PDC) on the network, it is best to have a "
1014
"Backup Domain Controller (BDC) as well. This will allow clients to "
1015
"authenticate in case the PDC becomes unavailable."
1018
#: ../docs/sharing/C/sharing.xml:934(para)
1020
"When configuring Samba as a BDC, there must be a way to sync account "
1021
"information with the PDC. There are multiple ways of accomplishing this, "
1022
"such as <application>scp</application>, <application>rsync</application>, or "
1023
"by using <application>LDAP</application> as the <emphasis>passdb "
1024
"backend</emphasis>."
1027
#: ../docs/sharing/C/sharing.xml:941(para)
1029
"Using LDAP is the most robust way to sync account information, because both "
1030
"domain controllers can use the same information in real time. However, "
1031
"setting up a LDAP server may be overly complicated for a small number of "
1032
"user and computer accounts. See Samba<ulink "
1033
"url=\"http://wiki.samba.org/index.php/Samba_&_LDAP\"> LDAP</ulink> page "
1037
#: ../docs/sharing/C/sharing.xml:953(para)
1039
"First, install <application>samba</application> and <application>libpam-"
1040
"smbpass</application>. From a terminal enter:"
1043
#: ../docs/sharing/C/sharing.xml:964(para)
1045
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1046
"following in the <emphasis>[global]</emphasis>:"
1049
#: ../docs/sharing/C/sharing.xml:978(para)
1050
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1053
#: ../docs/sharing/C/sharing.xml:982(programlisting)
1057
"domain logons = yes\n"
1058
"domain master = no\n"
1061
#: ../docs/sharing/C/sharing.xml:990(para)
1063
"Make sure a user has rights to read the files in "
1064
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1065
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1069
#: ../docs/sharing/C/sharing.xml:997(command)
1070
msgid "sudo chgrp -R admin /var/lib/samba"
1073
#: ../docs/sharing/C/sharing.xml:1003(para)
1075
"Next, sync the user accounts, using <application>scp</application> to copy "
1076
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1079
#: ../docs/sharing/C/sharing.xml:1009(command)
1080
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1083
#: ../docs/sharing/C/sharing.xml:1013(para)
1085
"Replace <emphasis>username</emphasis> with a valid username and "
1086
"<emphasis>pdc</emphasis> with the hostname or IP Address of the actual PDC."
1089
#: ../docs/sharing/C/sharing.xml:1022(para)
1090
msgid "Finally, restart <application>samba</application>:"
1093
#: ../docs/sharing/C/sharing.xml:1033(para)
1095
"Test that the Backup Domain controller is working by stopping the Samba "
1096
"daemon on the PDC, then trying to login to a Windows client joined to the "
1100
#: ../docs/sharing/C/sharing.xml:1038(para)
1102
"If the <emphasis>logon home</emphasis> option has been configured as a "
1103
"directory on the PDC, and the PDC becomes unavailable, access to the user's "
1104
"<emphasis>Home</emphasis> drive will also be unavailable. For this reason, "
1105
"it is best to configure the <emphasis>logon home</emphasis> to reside on a "
1106
"separate file server from the PDC and BDC."
1109
#: ../docs/sharing/C/sharing.xml:1071(para)
1111
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1112
"pdc.html\"> Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1113
"up a Primary Domain Controller."
1116
#: ../docs/sharing/C/sharing.xml:1079(para)
1118
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1119
"Collection/samba-bdc.html\"> Chapter 5</ulink> of the Samba HOWTO Collection "
1120
"explains setting up a Backup Domain Controller."
1123
#: ../docs/sharing/C/sharing.xml:1092(title)
1124
msgid "Samba Active Directory Integration"
1127
#: ../docs/sharing/C/sharing.xml:1095(title)
1128
msgid "Accessing a Samba Share"
1131
#: ../docs/sharing/C/sharing.xml:1097(para)
1133
"Another use for Samba is to integrate into an existing Windows network. Once "
1134
"part of an Active Directory (AD) domain, Samba can provide file and print "
1135
"services to AD users."
1138
#: ../docs/sharing/C/sharing.xml:1103(para)
1140
"The simplest way to join an AD domain is to use <application>Likewise-"
1141
"open</application>. For detailed instructions, see <xref linkend=\"likewise-"
1145
#: ../docs/sharing/C/sharing.xml:1109(para)
1147
"Once part of the domain, enter the following command in the terminal prompt:"
1150
#: ../docs/sharing/C/sharing.xml:1114(command)
1151
msgid "sudo apt-get install samba smbfs smbclient"
1154
#: ../docs/sharing/C/sharing.xml:1117(para)
1156
"Since the <application>likewise-open</application> and "
1157
"<application>samba</application> packages use separate "
1158
"<filename>secrets.tdb</filename> files, a symlink must be created in "
1159
"<filename role=\"directory\">/var/lib/samba</filename>:"
1162
#: ../docs/sharing/C/sharing.xml:1124(command)
1163
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1166
#: ../docs/sharing/C/sharing.xml:1125(command)
1167
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1170
#: ../docs/sharing/C/sharing.xml:1128(para)
1171
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1174
#: ../docs/sharing/C/sharing.xml:1132(programlisting)
1178
"workgroup = EXAMPLE\n"
1181
"realm = EXAMPLE.COM\n"
1183
"idmap backend = lwopen\n"
1184
"idmap uid = 50-9999999999\n"
1185
"idmap gid = 50-9999999999\n"
1188
#: ../docs/sharing/C/sharing.xml:1143(para)
1190
"Restart <application>samba</application> for the new settings to take effect:"
1193
#: ../docs/sharing/C/sharing.xml:1151(para)
1195
"It should now be possible to access any <application>Samba</application> "
1196
"shares from a Windows client. However, be sure to give the appropriate AD "
1197
"users or groups access to the share directory. See <xref linkend=\"samba-"
1198
"fileprint-security\"/> for more details."
1201
#: ../docs/sharing/C/sharing.xml:1162(title)
1202
msgid "Accessing a Windows Share"
1205
#: ../docs/sharing/C/sharing.xml:1164(para)
1207
"Now that the Samba server is part of the Active Directory domain, any "
1208
"Windows server shares can be accessed:"
1211
#: ../docs/sharing/C/sharing.xml:1172(para)
1213
"To mount a Windows file share, enter the following in a terminal prompt:"
1216
#: ../docs/sharing/C/sharing.xml:1176(command)
1217
msgid "mount.cifs //fs01.example.com/share mount_point"
1220
#: ../docs/sharing/C/sharing.xml:1179(para)
1222
"It is also possible to access shares on computers not part of an AD domain, "
1223
"but a username and password must be provided."
1226
#: ../docs/sharing/C/sharing.xml:1187(para)
1228
"To mount the share during boot, place an entry in "
1229
"<filename>/etc/fstab</filename>, for example:"
1232
#: ../docs/sharing/C/sharing.xml:1192(programlisting)
1236
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1240
#: ../docs/sharing/C/sharing.xml:1199(para)
1242
"Another way to copy files from a Windows server is to use the "
1243
"<application>smbclient</application> utility. To list the files in a Windows "
1247
#: ../docs/sharing/C/sharing.xml:1206(command)
1248
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1251
#: ../docs/sharing/C/sharing.xml:1212(para)
1252
msgid "To copy a file from the share, enter:"
1255
#: ../docs/sharing/C/sharing.xml:1217(command)
1256
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1259
#: ../docs/sharing/C/sharing.xml:1220(para)
1261
"This will copy the <filename>file.txt</filename> into the current directory."
1264
#: ../docs/sharing/C/sharing.xml:1227(para)
1265
msgid "And to copy a file to the share:"
1268
#: ../docs/sharing/C/sharing.xml:1232(command)
1269
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1272
#: ../docs/sharing/C/sharing.xml:1235(para)
1274
"This will copy the <filename>/etc/hosts</filename> to "
1275
"<filename>//fs01.example.com/share/hosts</filename>."
1278
#: ../docs/sharing/C/sharing.xml:1242(para)
1280
"The <emphasis>-c</emphasis> option used above allows execution of the "
1281
"<application>smbclient</application> command all at once. This is useful for "
1282
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1283
"></emphasis> prompt, an FTP-like prompt where normal file and directory "
1284
"commands can be executed, simply run the following in Konsole:"
1287
#: ../docs/sharing/C/sharing.xml:1251(command)
1288
msgid "smbclient //fs01.example.com/share -k"
1291
#: ../docs/sharing/C/sharing.xml:1258(para)
1293
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1294
"<emphasis>//192.168.0.5/share</emphasis>, "
1295
"<emphasis>username=steve,password=secret</emphasis>, and "
1296
"<emphasis>file.txt</emphasis> with the proper server IP, hostname, share "
1297
"name, file name, and an actual username and password with rights to the "
1301
#: ../docs/sharing/C/sharing.xml:1271(para)
1303
"For more <application>smbclient</application> options see the man page: "
1304
"<command>man smbclient</command>, also available <ulink "
1305
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1309
#: ../docs/sharing/C/sharing.xml:1277(para)
1311
"The <application>mount.cifs</application><ulink "
1312
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1313
"man page</ulink> is also useful for more detailed information."
1316
#: ../docs/sharing/C/sharing.xml:1288(title)
1317
msgid "Likewise Open"
1320
#: ../docs/sharing/C/sharing.xml:1290(para)
1322
"<application>Likewise Open</application> simplifies the necessary "
1323
"configuration needed to authenticate a Linux machine to an Active Directory "
1324
"domain. Based on <application>winbind</application>, the "
1325
"<application>likewise-open</application> package takes the pain out of "
1326
"integrating <phrase>Kubuntu</phrase> authentication into an existing Windows "
1330
#: ../docs/sharing/C/sharing.xml:1301(para)
1332
"There are two ways to use Likewise Open, <application>likewise-"
1333
"open</application> the command line utility and <application>likewise-open-"
1334
"gui</application>. This section focuses on the command line utility."
1337
#: ../docs/sharing/C/sharing.xml:1308(para)
1339
"To install the <application>likewise-open</application> package, open a "
1340
"terminal prompt and enter:"
1343
#: ../docs/sharing/C/sharing.xml:1313(command)
1344
msgid "sudo apt-get install likewise-open"
1347
#: ../docs/sharing/C/sharing.xml:1316(para)
1349
"Starting with <phrase>Kubuntu</phrase> 9.04, <application>Likewise Open "
1350
"5.0</application> is available in the <emphasis>Universe</emphasis> "
1351
"repository. However, since upgrading from <application>Likewise Open "
1352
"4.1</application> currently requires the system to leave the domain and re-"
1353
"join, a separate package for version five was created."
1356
#: ../docs/sharing/C/sharing.xml:1324(para)
1357
msgid "To install <application>Likewise Open 5.0</application> enter:"
1360
#: ../docs/sharing/C/sharing.xml:1329(command)
1361
msgid "sudo apt-get install likewise-open5"
1364
#: ../docs/sharing/C/sharing.xml:1333(para)
1366
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1367
"will replace it. The domain will have to be rejoined after install."
1370
#: ../docs/sharing/C/sharing.xml:1341(title)
1371
msgid "Joining a Domain"
1374
#: ../docs/sharing/C/sharing.xml:1343(para)
1376
"The main executable file of the <application>likewise-open</application> "
1377
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1378
"join a computer to the domain. Before joining a domain, the following are "
1382
#: ../docs/sharing/C/sharing.xml:1351(para)
1384
"Access to an Active Directory user with appropriate rights to join the "
1388
#: ../docs/sharing/C/sharing.xml:1356(para)
1390
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1391
"being joined. If the AD domain does not match a valid domain such as "
1392
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it is in "
1393
"the form of <emphasis>domainname.local</emphasis>."
1396
#: ../docs/sharing/C/sharing.xml:1364(para)
1398
"DNS for the domain set up properly. In a production AD environment, this is "
1399
"typically the case. Proper Microsoft DNS is needed so that client "
1400
"workstations can determine that the Active Directory domain is available."
1403
#: ../docs/sharing/C/sharing.xml:1369(para)
1405
"If there is not a Windows DNS server on the network, see <xref "
1406
"linkend=\"likewise-open-ms-dns\"/> for details."
1409
#: ../docs/sharing/C/sharing.xml:1377(para)
1410
msgid "To join a domain, from a terminal prompt enter:"
1413
#: ../docs/sharing/C/sharing.xml:1382(command)
1414
msgid "sudo domainjoin-cli join example.com Administrator"
1417
#: ../docs/sharing/C/sharing.xml:1386(para)
1419
"Replace <emphasis>example.com</emphasis> with the proper domain name, and "
1420
"<emphasis>Administrator</emphasis> with the appropriate user name."
1423
#: ../docs/sharing/C/sharing.xml:1392(para)
1425
"There will be a prompt for the user's password. If all goes well, a "
1426
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1429
#: ../docs/sharing/C/sharing.xml:1398(para)
1431
"After joining the domain, it is necessary to reboot before attempting to "
1432
"authenticate against the domain."
1435
#: ../docs/sharing/C/sharing.xml:1404(para)
1437
"After successfully joining an <phrase>Kubuntu</phrase> machine to an Active "
1438
"Directory domain, any valid AD user can be used to authenticate. To login, "
1439
"the user name must be entered as 'domain\\username'. For example to ssh to a "
1440
"server joined to the domain, enter:"
1443
#: ../docs/sharing/C/sharing.xml:1412(command)
1444
msgid "ssh 'example\\steve'@hostname"
1447
#: ../docs/sharing/C/sharing.xml:1416(para)
1449
"If configuring a Desktop, the user name will need to be prefixed with "
1450
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1453
#: ../docs/sharing/C/sharing.xml:1422(para)
1455
"To make likewise-open use a default domain, the following statement can be "
1456
"added to <filename>/etc/samba/lwiauthd.conf</filename>:"
1459
#: ../docs/sharing/C/sharing.xml:1427(programlisting)
1463
"winbind use default domain = yes\n"
1466
#: ../docs/sharing/C/sharing.xml:1431(para)
1467
msgid "Then restart the <application>likewise-open</application> daemons:"
1470
#: ../docs/sharing/C/sharing.xml:1436(command)
1471
msgid "sudo /etc/init.d/likewise-open restart"
1474
#: ../docs/sharing/C/sharing.xml:1440(para)
1476
"Once configured for a <emphasis>default domain</emphasis>, the <emphasis "
1477
"role=\"italic\">'domain\\'</emphasis> is no longer required. Users can login "
1478
"using only their username."
1481
#: ../docs/sharing/C/sharing.xml:1447(para)
1483
"The <application>domainjoin-cli</application> utility can also be used to "
1484
"leave the domain. From a terminal:"
1487
#: ../docs/sharing/C/sharing.xml:1453(command)
1488
msgid "sudo domainjoin-cli leave"
1491
#: ../docs/sharing/C/sharing.xml:1458(title)
1492
msgid "Other Utilities"
1495
#: ../docs/sharing/C/sharing.xml:1460(para)
1497
"The <application>likewise-open</application> package comes with a few other "
1498
"utilities that may be useful for gathering information about the Active "
1499
"Directory environment. These utilities are used to join the machine to the "
1500
"domain, and are the same as those available in the <application>samba-"
1501
"common</application> and <application>winbind</application> packages:"
1504
#: ../docs/sharing/C/sharing.xml:1471(para)
1506
"<application>lwinet</application>: Returns information about the network and "
1510
#: ../docs/sharing/C/sharing.xml:1476(para)
1512
"<application>lwimsg</application>: Allows interaction with the "
1513
"<application>likewise-winbindd</application> daemon."
1516
#: ../docs/sharing/C/sharing.xml:1481(para)
1518
"<application>lwiinfo</application>: Displays information about various parts "
1522
#: ../docs/sharing/C/sharing.xml:1488(para)
1523
msgid "Please refer to each utility's man page specific for details."
1526
#: ../docs/sharing/C/sharing.xml:1494(title)
1527
msgid "Troubleshooting"
1530
#: ../docs/sharing/C/sharing.xml:1498(para)
1532
"If the client has trouble joining the domain, check that the Microsoft DNS "
1533
"is listed first in <filename>/etc/resolv.conf</filename>. For example:"
1536
#: ../docs/sharing/C/sharing.xml:1504(programlisting)
1540
"nameserver 192.168.0.1\n"
1543
#: ../docs/sharing/C/sharing.xml:1509(para)
1545
"For more information when joining a domain, use the <emphasis>--loglevel "
1546
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1547
"<application>domainjoin-cli</application> utility:"
1550
#: ../docs/sharing/C/sharing.xml:1515(command)
1551
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1554
#: ../docs/sharing/C/sharing.xml:1519(para)
1556
"If an Active Directory user has trouble logging in, check the "
1557
"<filename>/var/log/auth.log</filename> for details."
1560
#: ../docs/sharing/C/sharing.xml:1524(para)
1562
"When joining an <phrase>Kubuntu</phrase> Desktop workstation to a domain, it "
1563
"may be necessary to edit <filename>/etc/nsswitch.conf</filename> if the AD "
1564
"domain uses the <emphasis role=\"italic\">.local</emphasis> syntax. In order "
1565
"to join the domain, the <emphasis>\"mdns4\"</emphasis> entry should be "
1566
"removed from the <emphasis>hosts</emphasis> option. For example:"
1569
#: ../docs/sharing/C/sharing.xml:1532(programlisting)
1573
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1576
#: ../docs/sharing/C/sharing.xml:1536(para)
1577
msgid "Change the above to:"
1580
#: ../docs/sharing/C/sharing.xml:1540(programlisting)
1584
"hosts: files dns [NOTFOUND=return]\n"
1587
#: ../docs/sharing/C/sharing.xml:1544(para)
1588
msgid "Then restart networking by entering:"
1591
#: ../docs/sharing/C/sharing.xml:1549(command)
1592
msgid "sudo /etc/init.d/networking restart"
1595
#: ../docs/sharing/C/sharing.xml:1552(para)
1596
msgid "It should now be possible to join the Active Directory domain."
1599
#: ../docs/sharing/C/sharing.xml:1560(title)
1600
msgid "Microsoft DNS"
1603
#: ../docs/sharing/C/sharing.xml:1562(para)
1605
"The following are instructions for installing DNS on an Active Directory "
1606
"domain controller running Windows Server 2003, but the instructions should "
1607
"be similar for other versions:"
1610
#: ../docs/sharing/C/sharing.xml:1572(para)
1613
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1614
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1615
"This will open the <application>Server Role Management</application> utility."
1618
#: ../docs/sharing/C/sharing.xml:1580(para)
1619
msgid "Click <guilabel>Add or remove a role</guilabel>"
1622
#: ../docs/sharing/C/sharing.xml:1581(para) ../docs/sharing/C/sharing.xml:1583(para) ../docs/sharing/C/sharing.xml:1586(para)
1626
#: ../docs/sharing/C/sharing.xml:1582(para)
1627
msgid "Select \"DNS Server\""
1630
#: ../docs/sharing/C/sharing.xml:1584(para)
1631
msgid "Click Next again to proceed"
1634
#: ../docs/sharing/C/sharing.xml:1585(para)
1635
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1638
#: ../docs/sharing/C/sharing.xml:1587(para)
1640
"Make sure \"This server maintains the zone\" is selected and click Next."
1643
#: ../docs/sharing/C/sharing.xml:1588(para)
1644
msgid "Enter the domain name and click Next"
1647
#: ../docs/sharing/C/sharing.xml:1589(para)
1648
msgid "Click Next to \"Allow only secure dynamic updates\""
1651
#: ../docs/sharing/C/sharing.xml:1591(para)
1653
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1654
"should not forward queries\" and click Next."
1657
#: ../docs/sharing/C/sharing.xml:1595(para) ../docs/sharing/C/sharing.xml:1596(para)
1658
msgid "Click Finish"
1661
#: ../docs/sharing/C/sharing.xml:1598(para)
1663
"DNS is now installed and can be further configured using the "
1664
"<application>Microsoft Management Console</application> DNS snap-in."
1667
#: ../docs/sharing/C/sharing.xml:1606(para)
1671
#: ../docs/sharing/C/sharing.xml:1607(para)
1672
msgid "Control Panel"
1675
#: ../docs/sharing/C/sharing.xml:1608(para)
1676
msgid "Network Connections"
1679
#: ../docs/sharing/C/sharing.xml:1609(para)
1680
msgid "Right Click \"Local Area Connection\""
1683
#: ../docs/sharing/C/sharing.xml:1610(para)
1684
msgid "Click Properties"
1687
#: ../docs/sharing/C/sharing.xml:1611(para)
1688
msgid "Double click \"Internet Protocol (TCP/IP)\""
1691
#: ../docs/sharing/C/sharing.xml:1612(para)
1692
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1695
#: ../docs/sharing/C/sharing.xml:1613(para)
1699
#: ../docs/sharing/C/sharing.xml:1614(para)
1700
msgid "Click Ok again to save the settings"
1703
#: ../docs/sharing/C/sharing.xml:1603(para)
1705
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1708
#: ../docs/sharing/C/sharing.xml:1621(title)
1712
#: ../docs/sharing/C/sharing.xml:1623(para)
1714
"Please refer to the <ulink "
1715
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1716
"further information."
1719
#: ../docs/sharing/C/sharing.xml:1627(para)
1721
"For more <application>domainjoin-cli</application> options see the man page: "
1722
"<command>man domainjoin-cli</command>."
1725
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
1726
#: ../docs/sharing/C/sharing.xml:0(None)
1727
msgid "translator-credits"