1
# Uyghur translation for kubuntu-docs
2
# Copyright (c) 2010 Rosetta Contributors and Canonical Ltd 2010
3
# This file is distributed under the same license as the kubuntu-docs package.
4
# FIRST AUTHOR <EMAIL@ADDRESS>, 2010.
8
"Project-Id-Version: kubuntu-docs\n"
9
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
10
"POT-Creation-Date: 2011-09-15 02:35-0700\n"
11
"PO-Revision-Date: 2010-06-24 09:06+0000\n"
12
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
"Language-Team: Uyghur <ug@li.org>\n"
15
"Content-Type: text/plain; charset=UTF-8\n"
16
"Content-Transfer-Encoding: 8bit\n"
17
"X-Launchpad-Export-Date: 2011-10-05 10:22+0000\n"
18
"X-Generator: Launchpad (build 14085)\n"
20
#: ../docs/sharing/C/sharing.xml:12(title)
21
msgid "File Sharing in <phrase>Kubuntu</phrase>"
24
#: ../docs/sharing/C/sharing.xml:3(title)
25
msgid "Credits and License"
26
msgstr "تۆھپىكارلار ۋە ئىجازەتنامە"
28
#: ../docs/sharing/C/sharing.xml:4(para)
30
"This document is maintained by the Ubuntu documentation team "
31
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
32
"the <ulink url=\"help:/kubuntu/contributors.html\">contributors page</ulink>"
35
#: ../docs/sharing/C/sharing.xml:5(para)
37
"This document is made available under the Creative Commons ShareAlike 2.5 "
41
#: ../docs/sharing/C/sharing.xml:6(para)
43
"You are free to modify, extend, and improve the Ubuntu documentation source "
44
"code under the terms of this license. All derivative works must be released "
48
#: ../docs/sharing/C/sharing.xml:8(para)
50
"This documentation is distributed in the hope that it will be useful, but "
51
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
52
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
55
#: ../docs/sharing/C/sharing.xml:11(para)
57
"A copy of the license is available here: <ulink "
58
"url=\"help:/kubuntu/copyright.html\">Creative Commons ShareAlike "
62
#: ../docs/sharing/C/sharing.xml:14(year)
66
#: ../docs/sharing/C/sharing.xml:15(ulink)
67
msgid "Ubuntu Documentation Project"
68
msgstr "Ubuntu پۈتۈك قۇرۇلۇشى"
70
#: ../docs/sharing/C/sharing.xml:15(holder)
71
msgid "Canonical Ltd. and members of the <placeholder-1/>"
74
#: ../docs/sharing/C/sharing.xml:18(publishername)
75
msgid "The Ubuntu Documentation Project"
78
#: ../docs/sharing/C/sharing.xml:15(para)
80
"This document explains how to share files between <phrase>Kubuntu</phrase> "
84
#: ../docs/sharing/C/sharing.xml:22(title)
88
#: ../docs/sharing/C/sharing.xml:24(para)
90
"Computer networks are often comprised of diverse systems. While operating a "
91
"network made up entirely of <phrase>Kubuntu</phrase> desktop and server "
92
"computers would certainly be fun, some network environments will consist of "
93
"<phrase>Kubuntu</phrase> and <trademark "
94
"class=\"registered\">Microsoft</trademark><trademark "
95
"class=\"registered\">Windows</trademark> systems working together. This "
96
"section of the <phrase>Kubuntu</phrase> Server Guide introduces principles "
97
"and tools used for configuring <phrase>Kubuntu</phrase> servers to share "
98
"network resources with Windows computers."
101
#: ../docs/sharing/C/sharing.xml:34(para)
103
"Successfully networking a <phrase>Kubuntu</phrase> system with Windows "
104
"clients involves providing and integrating services common to Windows "
105
"environments. These services support sharing data and information about the "
106
"computers and users on the network, and may be classified into three major "
110
#: ../docs/sharing/C/sharing.xml:43(para)
112
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. The "
113
"Server Message Block (<acronym>SMB</acronym>) protocol is used to facilitate "
114
"sharing files, folders, volumes, and printers throughout the network."
117
#: ../docs/sharing/C/sharing.xml:50(para)
119
"<emphasis role=\"bold\">Directory Services</emphasis>. Vital information is "
120
"shared about the computers and users of the network with such technologies "
121
"as the Lightweight Directory Access Protocol (<acronym>LDAP</acronym>) and "
122
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
125
#: ../docs/sharing/C/sharing.xml:58(para)
127
"<emphasis role=\"bold\">Authentication and Access</emphasis>. It is "
128
"necessary to be able to establish the identity of a computer or user to "
129
"determine the information the computer or user is authorized to access. "
130
"Authentication and access use principles and technologies such as file "
131
"permissions, group policies, and the Kerberos authentication service."
134
#: ../docs/sharing/C/sharing.xml:68(para)
136
"A <phrase>Kubuntu</phrase> system can provide all such capabilities for "
137
"Windows clients and enable sharing network resources with them. One of the "
138
"principal pieces of software included in a <phrase>Kubuntu</phrase> system "
139
"for Windows networking is the Samba suite of <acronym>SMB</acronym> server "
140
"applications and tools."
143
#: ../docs/sharing/C/sharing.xml:75(para)
145
"This section of the <phrase>Kubuntu</phrase> Server Guide will introduce "
146
"some of the ways Samba is commonly used, and how to install and configure "
147
"the necessary packages. Additional detailed documentation and information on "
148
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
152
#: ../docs/sharing/C/sharing.xml:84(title)
153
msgid "Samba File Server"
156
#: ../docs/sharing/C/sharing.xml:86(para)
158
"One of the most common ways to network <phrase>Kubuntu</phrase> and Windows "
159
"computers is to configure Samba as a File Server. This section covers "
160
"setting up a <application>Samba</application> server to share files with "
164
#: ../docs/sharing/C/sharing.xml:92(para)
166
"The server will be configured to share files with any client on the network "
167
"without prompting for a password. If the environment requires stricter "
168
"Access Controls, see <xref linkend=\"samba-fileprint-security\"/>"
171
#: ../docs/sharing/C/sharing.xml:99(title) ../docs/sharing/C/sharing.xml:1299(title)
175
#: ../docs/sharing/C/sharing.xml:101(para)
177
"The first step is to install the <application>samba</application> package. "
178
"From a terminal prompt enter:"
181
#: ../docs/sharing/C/sharing.xml:106(command)
182
msgid "sudo apt-get install samba"
185
#: ../docs/sharing/C/sharing.xml:109(para)
187
"That's all there is to it. Samba is ready to be configured for file sharing."
190
#: ../docs/sharing/C/sharing.xml:115(title)
191
msgid "Configuration"
194
#: ../docs/sharing/C/sharing.xml:117(para)
196
"The main Samba configuration file is located in "
197
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
198
"a significant number of comments in order to document various configuration "
202
#: ../docs/sharing/C/sharing.xml:124(para)
204
"Not all the available options are included in the default configuration "
205
"file. See the <filename>smb.conf</filename><application>man</application> "
206
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
207
"Collection/\">Samba HOWTO Collection</ulink> for more details."
210
#: ../docs/sharing/C/sharing.xml:134(para)
212
"Edit the following key/value pairs in the <emphasis>[global]</emphasis> "
213
"section of <filename>/etc/samba/smb.conf</filename>:"
216
#: ../docs/sharing/C/sharing.xml:139(programlisting) ../docs/sharing/C/sharing.xml:737(programlisting) ../docs/sharing/C/sharing.xml:969(programlisting)
220
"workgroup = EXAMPLE\n"
225
#: ../docs/sharing/C/sharing.xml:145(para)
227
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
228
"section, and is commented out by default. Change "
229
"<emphasis>EXAMPLE</emphasis> to match the actual environment."
232
#: ../docs/sharing/C/sharing.xml:154(para)
234
"Create a new section at the bottom of the file, or uncomment one of the "
235
"examples for the directory to be shared:"
238
#: ../docs/sharing/C/sharing.xml:159(programlisting)
243
"comment = Ubuntu File Server Share\n"
244
"path = /srv/samba/share\n"
248
"create mask = 0755\n"
251
#: ../docs/sharing/C/sharing.xml:171(para)
253
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
254
"fit as appropriate."
257
#: ../docs/sharing/C/sharing.xml:177(para)
258
msgid "<emphasis>path:</emphasis> the path to the directory to share."
261
#: ../docs/sharing/C/sharing.xml:180(para)
263
"This example uses <filename>/srv/samba/sharename</filename> because, "
264
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
265
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-2.3. "
266
"html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
267
"specific data should be served. Technically Samba shares can be placed "
268
"anywhere on the filesystem as long as the permissions are correct, but "
269
"adhering to standards is recommended."
272
#: ../docs/sharing/C/sharing.xml:191(para)
274
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
275
"directory using <application>Windows Explorer</application>."
278
#: ../docs/sharing/C/sharing.xml:197(para)
280
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
281
"without supplying a password."
284
#: ../docs/sharing/C/sharing.xml:203(para)
286
"<emphasis>read only:</emphasis> determines if the share is read only or if "
287
"write privileges are granted. Write privileges are allowed only when the "
288
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
289
"is <emphasis>yes</emphasis>, then access to the share is read only."
292
#: ../docs/sharing/C/sharing.xml:208(para)
294
"<emphasis>create mask:</emphasis> determines the permissions new files will "
298
#: ../docs/sharing/C/sharing.xml:218(para)
300
"Now that <application>Samba</application> is configured, the directory needs "
301
"to be created and the permissions changed. From a terminal enter:"
304
#: ../docs/sharing/C/sharing.xml:224(command)
305
msgid "sudo mkdir -p /srv/samba/share"
308
#: ../docs/sharing/C/sharing.xml:225(command)
309
msgid "sudo chown nobody.nogroup /srv/samba/share/"
312
#: ../docs/sharing/C/sharing.xml:229(para)
314
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
315
"directory tree if it doesn't exist. Change the share name to fit the "
319
#: ../docs/sharing/C/sharing.xml:238(para)
321
"Finally, restart the <application>samba</application> services to enable the "
325
#: ../docs/sharing/C/sharing.xml:243(command) ../docs/sharing/C/sharing.xml:398(command) ../docs/sharing/C/sharing.xml:515(command) ../docs/sharing/C/sharing.xml:910(command) ../docs/sharing/C/sharing.xml:1027(command) ../docs/sharing/C/sharing.xml:1148(command)
326
msgid "sudo /etc/init.d/samba restart"
329
#: ../docs/sharing/C/sharing.xml:250(para)
331
"The above configuration gives all access to any client on the local network. "
332
"For a more secure configuration, see <xref linkend=\"samba-fileprint-"
336
#: ../docs/sharing/C/sharing.xml:256(para)
338
"From a Windows client, it should now be possible to browse to the "
339
"<phrase>Kubuntu</phrase> file server and see the shared directory. To check "
340
"that everything is working, try creating a directory from Windows."
343
#: ../docs/sharing/C/sharing.xml:262(para)
345
"To create additional shares, simply create new <emphasis>[dir]</emphasis> "
346
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
347
"<emphasis>Samba</emphasis>. Make sure that the directory to be shared "
348
"actually exists and that the permissions are correct."
351
#: ../docs/sharing/C/sharing.xml:270(title) ../docs/sharing/C/sharing.xml:657(title) ../docs/sharing/C/sharing.xml:1049(title) ../docs/sharing/C/sharing.xml:1269(title)
355
#: ../docs/sharing/C/sharing.xml:274(para) ../docs/sharing/C/sharing.xml:1053(para)
357
"For in depth Samba configurations see the <ulink "
358
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
362
#: ../docs/sharing/C/sharing.xml:280(para) ../docs/sharing/C/sharing.xml:667(para) ../docs/sharing/C/sharing.xml:1059(para)
364
"The guide is also available in <ulink "
365
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
369
#: ../docs/sharing/C/sharing.xml:286(para)
372
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
373
"another good reference."
376
#: ../docs/sharing/C/sharing.xml:297(title)
377
msgid "Securing a Samba File and Print Server"
380
#: ../docs/sharing/C/sharing.xml:300(title)
381
msgid "Samba Security Modes"
384
#: ../docs/sharing/C/sharing.xml:302(para)
386
"There are two security levels available to the Common Internet Filesystem "
387
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
388
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
389
"allows more flexibility, providing four ways of implementing user-level "
390
"security and one way to implement share-level:"
393
#: ../docs/sharing/C/sharing.xml:312(para)
395
"<emphasis>security = user:</emphasis> requires clients to supply a username "
396
"and password to connect to shares. Samba user accounts are separate from "
397
"system accounts, but the <application>libpam-smbpass</application> package "
398
"will sync system users and passwords with the Samba user database."
401
#: ../docs/sharing/C/sharing.xml:320(para)
403
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
404
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
405
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
406
"linkend=\"samba-dc\"/> for further information."
409
#: ../docs/sharing/C/sharing.xml:328(para)
411
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
412
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
413
"integration\"/> for details."
416
#: ../docs/sharing/C/sharing.xml:335(para)
418
"<emphasis>security = server:</emphasis> this mode is left over from before "
419
"Samba could become a member server, and, due to some security issues, should "
420
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
421
"HOWTO-Collection/ServerType. html#id349531\">Server Security</ulink> section "
422
"of the Samba guide for more details."
425
#: ../docs/sharing/C/sharing.xml:345(para)
427
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
428
"without supplying a username and password."
431
#: ../docs/sharing/C/sharing.xml:352(para)
433
"The preferred security mode depends on the environment and what the Samba "
434
"server needs to accomplish."
437
#: ../docs/sharing/C/sharing.xml:359(title)
438
msgid "Security = User"
441
#: ../docs/sharing/C/sharing.xml:361(para)
443
"This section will reconfigure the Samba file and print server, from <xref "
444
"linkend=\"samba-fileserver\"/> and the <ulink type=\"help\" "
445
"url=\"help:/kubuntu/printing/\"> Print Server</ulink>, to require "
449
#: ../docs/sharing/C/sharing.xml:368(para)
451
"First, install the <application>libpam-smbpass</application> package which "
452
"will sync the system users to the Samba user database:"
455
#: ../docs/sharing/C/sharing.xml:374(command)
456
msgid "sudo apt-get install libpam-smbpass"
459
#: ../docs/sharing/C/sharing.xml:378(para)
461
"If the <emphasis>Samba Server</emphasis> task was chosen during "
462
"installation, <application>libpam-smbpass</application> is already installed."
465
#: ../docs/sharing/C/sharing.xml:384(para)
467
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
468
"<emphasis>[share]</emphasis> section change:"
471
#: ../docs/sharing/C/sharing.xml:389(programlisting)
478
#: ../docs/sharing/C/sharing.xml:393(para)
479
msgid "Finally, restart Samba for the new settings to take effect:"
482
#: ../docs/sharing/C/sharing.xml:401(para)
484
"Now when connecting to the shared directories or printers, there will be a "
485
"prompt for a username and password."
488
#: ../docs/sharing/C/sharing.xml:407(para)
490
"To map a network drive to the share, <quote>Reconnect at Logon</quote> "
491
"should be checked, which will require the username and password to be "
492
"entered just once, at least until the password changes."
495
#: ../docs/sharing/C/sharing.xml:416(title)
496
msgid "Share Security"
499
#: ../docs/sharing/C/sharing.xml:418(para)
501
"There are several options available to increase the security for each "
502
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
503
"this section will cover some common options."
506
#: ../docs/sharing/C/sharing.xml:425(title)
510
#: ../docs/sharing/C/sharing.xml:427(para)
512
"Groups define a collection of computers or users which have a common level "
513
"of access to particular network resources and offer a level of granularity "
514
"in controlling access to such resources. For example, if a group <emphasis "
515
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
516
"role=\"italic\">freda</emphasis>, <emphasis "
517
"role=\"italic\">danika</emphasis>, and <emphasis "
518
"role=\"italic\">rob</emphasis> and a second group <emphasis "
519
"role=\"italic\">support</emphasis> is defined and consists of users "
520
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
521
"role=\"italic\">jeremy</emphasis>, and <emphasis "
522
"role=\"italic\">vincent</emphasis>, then certain network resources "
523
"configured to allow access by the <emphasis role=\"italic\">qa</emphasis> "
524
"group will subsequently enable access by freda, danika, and rob, but not "
525
"jeremy or vincent. Since the user <emphasis "
526
"role=\"italic\">danika</emphasis> belongs to both the <emphasis "
527
"role=\"italic\">qa</emphasis> and <emphasis "
528
"role=\"italic\">support</emphasis> groups, she will be able to access "
529
"resources configured for access by both groups, whereas all other users will "
530
"have only access to resources explicitly allowing the group they are part of."
533
#: ../docs/sharing/C/sharing.xml:448(para)
535
"By default Samba looks for the local system groups defined in "
536
"<filename>/etc/group</filename> to determine which users belong to which "
537
"groups. For more information on adding and removing users from groups see "
538
"<ulink type=\"help\" url=\"help:/kubuntu/basics/\"> Basics</ulink>."
541
#: ../docs/sharing/C/sharing.xml:455(para)
543
"When defining groups in the Samba configuration file, "
544
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
545
"preface the group name with an \"@\" symbol. For example, to define a group "
546
"named <emphasis role=\"italic\">sysadmin</emphasis> in a certain section of "
547
"the <filename>/etc/samba/smb.conf</filename>, the group name would be "
548
"entered as <emphasis role=\"bold\">@sysadmin</emphasis>."
551
#: ../docs/sharing/C/sharing.xml:466(title)
552
msgid "File Permissions"
555
#: ../docs/sharing/C/sharing.xml:468(para)
557
"File Permissions define the explicit rights a computer or user has to a "
558
"particular directory, file, or set of files. Such permissions may be defined "
559
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
560
"the explicit permissions of a defined file share."
563
#: ../docs/sharing/C/sharing.xml:475(para)
565
"For example, for a defined Samba share called <emphasis>share</emphasis> and "
566
"the need to give <emphasis role=\"italic\">read-only</emphasis> permissions "
567
"to the group of users known as <emphasis role=\"italic\">qa</emphasis>, "
568
"while allowing write permissions to the share by the group called <emphasis "
569
"role=\"italic\">sysadmin</emphasis> and the user named <emphasis "
570
"role=\"italic\">vincent</emphasis>, then the "
571
"<filename>/etc/samba/smb.conf</filename> file could be edited to add the "
572
"following entries under the <emphasis>[share]</emphasis> entry:"
575
#: ../docs/sharing/C/sharing.xml:486(programlisting)
580
"write list = @sysadmin, vincent\n"
583
#: ../docs/sharing/C/sharing.xml:491(para)
585
"Another possible Samba permission is to declare "
586
"<emphasis>administrative</emphasis> permissions to a particular shared "
587
"resource. Users having administrative permissions may read, write, or modify "
588
"any information contained in the resource where the user has been given "
589
"explicit administrative permissions."
592
#: ../docs/sharing/C/sharing.xml:499(para)
594
"For example, to give the user <emphasis role=\"italic\">melissa</emphasis> "
595
"administrative permissions to the <emphasis role=\"italic\">share</emphasis> "
596
"example, the <filename>/etc/samba/smb.conf</filename> file would be edited "
597
"to add the following line under the <emphasis>[share]</emphasis> entry:"
600
#: ../docs/sharing/C/sharing.xml:506(programlisting)
604
"admin users = melissa\n"
607
#: ../docs/sharing/C/sharing.xml:510(para)
609
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
610
"the changes to take effect:"
613
#: ../docs/sharing/C/sharing.xml:519(para)
615
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
616
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
617
"<emphasis role=\"italic\">security = share</emphasis>"
620
#: ../docs/sharing/C/sharing.xml:526(para)
622
"Now that Samba has been configured to limit which groups have access to the "
623
"shared directory, the filesystem permissions need to be updated."
626
#: ../docs/sharing/C/sharing.xml:531(para)
628
"Traditional Linux file permissions do not map well to Windows NT Access "
629
"Control Lists (ACLs). Fortunately POSIX ACLs are available on "
630
"<phrase>Kubuntu</phrase> servers providing more fine grained control. For "
631
"example, to enable ACLs on <filename>/srv</filename> an EXT3 filesystem, "
632
"edit <filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> "
636
#: ../docs/sharing/C/sharing.xml:539(programlisting)
640
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
645
#: ../docs/sharing/C/sharing.xml:544(para)
646
msgid "Then remount the partition:"
649
#: ../docs/sharing/C/sharing.xml:549(command)
650
msgid "sudo mount -v -o remount /srv"
653
#: ../docs/sharing/C/sharing.xml:553(para)
655
"The above example assumes <filename>/srv</filename> on a separate partition. "
656
"If <filename>/srv</filename>, or wherever the share path is configured, is "
657
"part of the <filename>/</filename> partition, a reboot may be required."
660
#: ../docs/sharing/C/sharing.xml:560(para)
662
"To match the Samba configuration above, the <emphasis>sysadmin</emphasis> "
663
"group will be given read, write, and execute permissions to "
664
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
665
"will be given read and execute permissions, and the files will be owned by "
666
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
669
#: ../docs/sharing/C/sharing.xml:569(command)
670
msgid "sudo chown -R melissa /srv/samba/share/"
673
#: ../docs/sharing/C/sharing.xml:570(command)
674
msgid "sudo chgrp -R sysadmin /srv/samba/share/"
677
#: ../docs/sharing/C/sharing.xml:571(command)
678
msgid "sudo setfacl -R -m g:qa:rx /srv/samba/share/"
681
#: ../docs/sharing/C/sharing.xml:575(para)
683
"The <application>setfacl</application> command above gives "
684
"<emphasis>execute</emphasis> permissions to all files in the "
685
"<filename>/srv/samba/share</filename> directory, which may or may not be "
689
#: ../docs/sharing/C/sharing.xml:583(para)
691
"A Windows client will show that the new file permissions are implemented. "
692
"See the <application>acl</application> and "
693
"<application>setfacl</application> man pages for more information on POSIX "
697
#: ../docs/sharing/C/sharing.xml:592(title)
698
msgid "Samba AppArmor Profile"
701
#: ../docs/sharing/C/sharing.xml:594(para)
703
"<phrase>Kubuntu</phrase> comes with the <application>AppArmor</application> "
704
"security module, which provides mandatory access controls. The default "
705
"AppArmor profile for Samba will need to be adapted to the proper "
706
"configuration. For more details on using AppArmor, please refer to the<ulink "
707
"url=\"https://help.ubuntu.com/community/AppArmor\"> wiki</ulink>"
710
#: ../docs/sharing/C/sharing.xml:602(para)
712
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
713
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
714
"of the <application>apparmor-profiles</application> packages. To install the "
715
"package, from a terminal prompt, enter:"
718
#: ../docs/sharing/C/sharing.xml:610(command)
719
msgid "sudo apt-get install apparmor-profiles"
722
#: ../docs/sharing/C/sharing.xml:614(para)
723
msgid "This package contains profiles for several other binaries."
726
#: ../docs/sharing/C/sharing.xml:619(para)
728
"By default the profiles for <application>smbd</application> and "
729
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode, "
730
"allowing Samba to work without modifying the profile, and only logging "
731
"errors. To place the <application>smbd</application> profile into "
732
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
733
"profile will need to be modified to reflect any directories that are shared."
736
#: ../docs/sharing/C/sharing.xml:628(para)
738
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename>, adding information "
739
"for <emphasis>[share]</emphasis> from the file server example:"
742
#: ../docs/sharing/C/sharing.xml:633(programlisting)
746
"/srv/samba/share/ r,\n"
747
"/srv/samba/share/** rwkix,\n"
750
#: ../docs/sharing/C/sharing.xml:638(para)
752
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
755
#: ../docs/sharing/C/sharing.xml:643(command)
756
msgid "sudo aa-enforce /usr/sbin/smbd"
759
#: ../docs/sharing/C/sharing.xml:644(command)
760
msgid "cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r"
763
#: ../docs/sharing/C/sharing.xml:647(para)
765
"It is now possible to read, write, and execute files in the shared directory "
766
"as normal, and the <application>smbd</application> binary will have access "
767
"to only the configured files and directories. Be sure to add entries for "
768
"each directory that Samba is configured to share. Any errors will be logged "
769
"to <filename>/var/log/syslog</filename>."
772
#: ../docs/sharing/C/sharing.xml:661(para)
774
"For in depth Samba configurations, see the <ulink "
775
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
779
#: ../docs/sharing/C/sharing.xml:673(para) ../docs/sharing/C/sharing.xml:1065(para)
782
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
783
"also a good reference."
786
#: ../docs/sharing/C/sharing.xml:679(para)
788
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
789
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
793
#: ../docs/sharing/C/sharing.xml:686(para)
795
"For more information on Samba and ACLs, see the <ulink "
796
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
797
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
800
#: ../docs/sharing/C/sharing.xml:697(title)
801
msgid "Samba as a Domain Controller"
804
#: ../docs/sharing/C/sharing.xml:699(para)
806
"Although it cannot act as an Active Directory Primary Domain Controller "
807
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
808
"domain controller. A major advantage of this configuration is the ability to "
809
"centralize user and machine credentials. Samba can also use multiple "
810
"backends to store the user information."
813
#: ../docs/sharing/C/sharing.xml:708(title)
814
msgid "Primary Domain Controller"
817
#: ../docs/sharing/C/sharing.xml:710(para)
819
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
820
"using the default smbpasswd backend."
823
#: ../docs/sharing/C/sharing.xml:718(para)
825
"Install Samba and <application>libpam-smbpass</application> to sync the user "
826
"accounts, by entering the following in a terminal prompt:"
829
#: ../docs/sharing/C/sharing.xml:724(command) ../docs/sharing/C/sharing.xml:958(command)
830
msgid "sudo apt-get install samba libpam-smbpass"
833
#: ../docs/sharing/C/sharing.xml:730(para)
835
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
836
"The <emphasis>security</emphasis> mode should be set to <emphasis "
837
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
838
"should relate to the organization properly:"
841
#: ../docs/sharing/C/sharing.xml:746(para)
843
"In the commented <quote>Domains</quote> section, add or uncomment the "
847
#: ../docs/sharing/C/sharing.xml:750(programlisting)
851
"domain logons = yes\n"
852
"logon path = \\\\%N\\%U\\profile\n"
854
"logon home = \\\\%N\\%U\n"
855
"logon script = logon.cmd\n"
856
"add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
857
"/var/lib/samba -s /bin/false %u\n"
860
#: ../docs/sharing/C/sharing.xml:761(para)
862
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
863
"Samba to act as a domain controller."
866
#: ../docs/sharing/C/sharing.xml:767(para)
868
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
869
"their home directory. It is also possible to configure a "
870
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
874
#: ../docs/sharing/C/sharing.xml:775(para)
876
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
879
#: ../docs/sharing/C/sharing.xml:780(para)
881
"<emphasis>logon home:</emphasis> specifies the home directory location."
884
#: ../docs/sharing/C/sharing.xml:785(para)
886
"<emphasis>logon script:</emphasis> determines the script to be run locally "
887
"once a user has logged in. The script needs to be placed in the "
888
"<emphasis>[netlogon]</emphasis> share."
891
#: ../docs/sharing/C/sharing.xml:792(para)
893
"<emphasis>add machine script:</emphasis> a script that will automatically "
894
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
895
"workstation to join the domain."
898
#: ../docs/sharing/C/sharing.xml:797(para)
900
"In this example, the <emphasis>machines</emphasis> group will need to be "
901
"created using the <application>addgroup</application> utility. See <ulink "
902
"type=\"help\" url=\"help:/kubuntu/basics/\"> Basics</ulink> for details."
905
#: ../docs/sharing/C/sharing.xml:806(para)
907
"If <emphasis>Roaming Profiles</emphasis> will not be used, leave the "
908
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
912
#: ../docs/sharing/C/sharing.xml:816(para)
914
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
915
"role=\"italic\">logon home</emphasis> to be mapped:"
918
#: ../docs/sharing/C/sharing.xml:821(programlisting)
923
"comment = Home Directories\n"
926
"create mask = 0700\n"
927
"directory mask = 0700\n"
931
#: ../docs/sharing/C/sharing.xml:834(para)
933
"When configured as a domain controller, a <emphasis>[netlogon]</emphasis> "
934
"share needs to be configured. To enable the share, uncomment:"
937
#: ../docs/sharing/C/sharing.xml:839(programlisting)
942
"comment = Network Logon Service\n"
943
"path = /srv/samba/netlogon\n"
949
#: ../docs/sharing/C/sharing.xml:849(para)
951
"The original <emphasis>netlogon</emphasis> share path is "
952
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
953
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
954
"2.3. html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
955
"location for site-specific data provided by the system."
958
#: ../docs/sharing/C/sharing.xml:862(para)
960
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
961
"and an empty (for now) <filename>logon.cmd</filename> script file:"
964
#: ../docs/sharing/C/sharing.xml:868(command)
965
msgid "sudo mkdir -p /srv/samba/netlogon"
968
#: ../docs/sharing/C/sharing.xml:869(command)
969
msgid "sudo touch /srv/samba/netlogon/logon.cmd"
972
#: ../docs/sharing/C/sharing.xml:872(para)
974
"Any normal Windows logon script commands can be entered in "
975
"<filename>logon.cmd</filename> to customize the client's environment."
978
#: ../docs/sharing/C/sharing.xml:880(para)
980
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
981
"workstation to the domain, a system group must be mapped to the Windows "
982
"<emphasis>Domain Admins</emphasis> group. Using the "
983
"<application>net</application> utility, from a terminal enter:"
986
#: ../docs/sharing/C/sharing.xml:888(command)
988
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
992
#: ../docs/sharing/C/sharing.xml:893(para)
994
"Change <emphasis role=\"italic\">sysadmin</emphasis> to the preferred group. "
995
"The user used to join the domain needs to be a member of the "
996
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
997
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
998
"allows <application>sudo</application> use."
1001
#: ../docs/sharing/C/sharing.xml:905(para)
1002
msgid "Finally, restart Samba to enable the new domain controller:"
1005
#: ../docs/sharing/C/sharing.xml:916(para)
1007
"It is now possible to join Windows clients to the Domain in the same manner "
1008
"as joining them to an NT4 domain running on a Windows server."
1011
#: ../docs/sharing/C/sharing.xml:926(title)
1012
msgid "Backup Domain Controller"
1015
#: ../docs/sharing/C/sharing.xml:928(para)
1017
"With a Primary Domain Controller (PDC) on the network, it is best to have a "
1018
"Backup Domain Controller (BDC) as well. This will allow clients to "
1019
"authenticate in case the PDC becomes unavailable."
1022
#: ../docs/sharing/C/sharing.xml:934(para)
1024
"When configuring Samba as a BDC, there must be a way to sync account "
1025
"information with the PDC. There are multiple ways of accomplishing this, "
1026
"such as <application>scp</application>, <application>rsync</application>, or "
1027
"by using <application>LDAP</application> as the <emphasis>passdb "
1028
"backend</emphasis>."
1031
#: ../docs/sharing/C/sharing.xml:941(para)
1033
"Using LDAP is the most robust way to sync account information, because both "
1034
"domain controllers can use the same information in real time. However, "
1035
"setting up a LDAP server may be overly complicated for a small number of "
1036
"user and computer accounts. See Samba<ulink "
1037
"url=\"http://wiki.samba.org/index.php/Samba_&_LDAP\"> LDAP</ulink> page "
1041
#: ../docs/sharing/C/sharing.xml:953(para)
1043
"First, install <application>samba</application> and <application>libpam-"
1044
"smbpass</application>. From a terminal enter:"
1047
#: ../docs/sharing/C/sharing.xml:964(para)
1049
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1050
"following in the <emphasis>[global]</emphasis>:"
1053
#: ../docs/sharing/C/sharing.xml:978(para)
1054
msgid "In the commented <emphasis>Domains</emphasis> uncomment or add:"
1057
#: ../docs/sharing/C/sharing.xml:982(programlisting)
1061
"domain logons = yes\n"
1062
"domain master = no\n"
1065
#: ../docs/sharing/C/sharing.xml:990(para)
1067
"Make sure a user has rights to read the files in "
1068
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1069
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1073
#: ../docs/sharing/C/sharing.xml:997(command)
1074
msgid "sudo chgrp -R admin /var/lib/samba"
1077
#: ../docs/sharing/C/sharing.xml:1003(para)
1079
"Next, sync the user accounts, using <application>scp</application> to copy "
1080
"the <filename>/var/lib/samba</filename> directory from the PDC:"
1083
#: ../docs/sharing/C/sharing.xml:1009(command)
1084
msgid "sudo scp -r username@pdc:/var/lib/samba /var/lib"
1087
#: ../docs/sharing/C/sharing.xml:1013(para)
1089
"Replace <emphasis>username</emphasis> with a valid username and "
1090
"<emphasis>pdc</emphasis> with the hostname or IP Address of the actual PDC."
1093
#: ../docs/sharing/C/sharing.xml:1022(para)
1094
msgid "Finally, restart <application>samba</application>:"
1097
#: ../docs/sharing/C/sharing.xml:1033(para)
1099
"Test that the Backup Domain controller is working by stopping the Samba "
1100
"daemon on the PDC, then trying to login to a Windows client joined to the "
1104
#: ../docs/sharing/C/sharing.xml:1038(para)
1106
"If the <emphasis>logon home</emphasis> option has been configured as a "
1107
"directory on the PDC, and the PDC becomes unavailable, access to the user's "
1108
"<emphasis>Home</emphasis> drive will also be unavailable. For this reason, "
1109
"it is best to configure the <emphasis>logon home</emphasis> to reside on a "
1110
"separate file server from the PDC and BDC."
1113
#: ../docs/sharing/C/sharing.xml:1071(para)
1115
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1116
"pdc.html\"> Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1117
"up a Primary Domain Controller."
1120
#: ../docs/sharing/C/sharing.xml:1079(para)
1122
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1123
"Collection/samba-bdc.html\"> Chapter 5</ulink> of the Samba HOWTO Collection "
1124
"explains setting up a Backup Domain Controller."
1127
#: ../docs/sharing/C/sharing.xml:1092(title)
1128
msgid "Samba Active Directory Integration"
1131
#: ../docs/sharing/C/sharing.xml:1095(title)
1132
msgid "Accessing a Samba Share"
1135
#: ../docs/sharing/C/sharing.xml:1097(para)
1137
"Another use for Samba is to integrate into an existing Windows network. Once "
1138
"part of an Active Directory (AD) domain, Samba can provide file and print "
1139
"services to AD users."
1142
#: ../docs/sharing/C/sharing.xml:1103(para)
1144
"The simplest way to join an AD domain is to use <application>Likewise-"
1145
"open</application>. For detailed instructions, see <xref linkend=\"likewise-"
1149
#: ../docs/sharing/C/sharing.xml:1109(para)
1151
"Once part of the domain, enter the following command in the terminal prompt:"
1154
#: ../docs/sharing/C/sharing.xml:1114(command)
1155
msgid "sudo apt-get install samba smbfs smbclient"
1158
#: ../docs/sharing/C/sharing.xml:1117(para)
1160
"Since the <application>likewise-open</application> and "
1161
"<application>samba</application> packages use separate "
1162
"<filename>secrets.tdb</filename> files, a symlink must be created in "
1163
"<filename role=\"directory\">/var/lib/samba</filename>:"
1166
#: ../docs/sharing/C/sharing.xml:1124(command)
1167
msgid "sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig"
1170
#: ../docs/sharing/C/sharing.xml:1125(command)
1171
msgid "sudo ln -s /etc/samba/secrets.tdb /var/lib/samba"
1174
#: ../docs/sharing/C/sharing.xml:1128(para)
1175
msgid "Next, edit <filename>/etc/samba/smb.conf</filename> changing:"
1178
#: ../docs/sharing/C/sharing.xml:1132(programlisting)
1182
"workgroup = EXAMPLE\n"
1185
"realm = EXAMPLE.COM\n"
1187
"idmap backend = lwopen\n"
1188
"idmap uid = 50-9999999999\n"
1189
"idmap gid = 50-9999999999\n"
1192
#: ../docs/sharing/C/sharing.xml:1143(para)
1194
"Restart <application>samba</application> for the new settings to take effect:"
1197
#: ../docs/sharing/C/sharing.xml:1151(para)
1199
"It should now be possible to access any <application>Samba</application> "
1200
"shares from a Windows client. However, be sure to give the appropriate AD "
1201
"users or groups access to the share directory. See <xref linkend=\"samba-"
1202
"fileprint-security\"/> for more details."
1205
#: ../docs/sharing/C/sharing.xml:1162(title)
1206
msgid "Accessing a Windows Share"
1209
#: ../docs/sharing/C/sharing.xml:1164(para)
1211
"Now that the Samba server is part of the Active Directory domain, any "
1212
"Windows server shares can be accessed:"
1215
#: ../docs/sharing/C/sharing.xml:1172(para)
1217
"To mount a Windows file share, enter the following in a terminal prompt:"
1220
#: ../docs/sharing/C/sharing.xml:1176(command)
1221
msgid "mount.cifs //fs01.example.com/share mount_point"
1224
#: ../docs/sharing/C/sharing.xml:1179(para)
1226
"It is also possible to access shares on computers not part of an AD domain, "
1227
"but a username and password must be provided."
1230
#: ../docs/sharing/C/sharing.xml:1187(para)
1232
"To mount the share during boot, place an entry in "
1233
"<filename>/etc/fstab</filename>, for example:"
1236
#: ../docs/sharing/C/sharing.xml:1192(programlisting)
1240
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1244
#: ../docs/sharing/C/sharing.xml:1199(para)
1246
"Another way to copy files from a Windows server is to use the "
1247
"<application>smbclient</application> utility. To list the files in a Windows "
1251
#: ../docs/sharing/C/sharing.xml:1206(command)
1252
msgid "smbclient //fs01.example.com/share -k -c \"ls\""
1255
#: ../docs/sharing/C/sharing.xml:1212(para)
1256
msgid "To copy a file from the share, enter:"
1259
#: ../docs/sharing/C/sharing.xml:1217(command)
1260
msgid "smbclient //fs01.example.com/share -k -c \"get file.txt\""
1263
#: ../docs/sharing/C/sharing.xml:1220(para)
1265
"This will copy the <filename>file.txt</filename> into the current directory."
1268
#: ../docs/sharing/C/sharing.xml:1227(para)
1269
msgid "And to copy a file to the share:"
1272
#: ../docs/sharing/C/sharing.xml:1232(command)
1273
msgid "smbclient //fs01.example.com/share -k -c \"put /etc/hosts hosts\""
1276
#: ../docs/sharing/C/sharing.xml:1235(para)
1278
"This will copy the <filename>/etc/hosts</filename> to "
1279
"<filename>//fs01.example.com/share/hosts</filename>."
1282
#: ../docs/sharing/C/sharing.xml:1242(para)
1284
"The <emphasis>-c</emphasis> option used above allows execution of the "
1285
"<application>smbclient</application> command all at once. This is useful for "
1286
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1287
"></emphasis> prompt, an FTP-like prompt where normal file and directory "
1288
"commands can be executed, simply run the following in Konsole:"
1291
#: ../docs/sharing/C/sharing.xml:1251(command)
1292
msgid "smbclient //fs01.example.com/share -k"
1295
#: ../docs/sharing/C/sharing.xml:1258(para)
1297
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1298
"<emphasis>//192.168.0.5/share</emphasis>, "
1299
"<emphasis>username=steve,password=secret</emphasis>, and "
1300
"<emphasis>file.txt</emphasis> with the proper server IP, hostname, share "
1301
"name, file name, and an actual username and password with rights to the "
1305
#: ../docs/sharing/C/sharing.xml:1271(para)
1307
"For more <application>smbclient</application> options see the man page: "
1308
"<command>man smbclient</command>, also available <ulink "
1309
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1313
#: ../docs/sharing/C/sharing.xml:1277(para)
1315
"The <application>mount.cifs</application><ulink "
1316
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1317
"man page</ulink> is also useful for more detailed information."
1320
#: ../docs/sharing/C/sharing.xml:1288(title)
1321
msgid "Likewise Open"
1324
#: ../docs/sharing/C/sharing.xml:1290(para)
1326
"<application>Likewise Open</application> simplifies the necessary "
1327
"configuration needed to authenticate a Linux machine to an Active Directory "
1328
"domain. Based on <application>winbind</application>, the "
1329
"<application>likewise-open</application> package takes the pain out of "
1330
"integrating <phrase>Kubuntu</phrase> authentication into an existing Windows "
1334
#: ../docs/sharing/C/sharing.xml:1301(para)
1336
"There are two ways to use Likewise Open, <application>likewise-"
1337
"open</application> the command line utility and <application>likewise-open-"
1338
"gui</application>. This section focuses on the command line utility."
1341
#: ../docs/sharing/C/sharing.xml:1308(para)
1343
"To install the <application>likewise-open</application> package, open a "
1344
"terminal prompt and enter:"
1347
#: ../docs/sharing/C/sharing.xml:1313(command)
1348
msgid "sudo apt-get install likewise-open"
1351
#: ../docs/sharing/C/sharing.xml:1316(para)
1353
"Starting with <phrase>Kubuntu</phrase> 9.04, <application>Likewise Open "
1354
"5.0</application> is available in the <emphasis>Universe</emphasis> "
1355
"repository. However, since upgrading from <application>Likewise Open "
1356
"4.1</application> currently requires the system to leave the domain and re-"
1357
"join, a separate package for version five was created."
1360
#: ../docs/sharing/C/sharing.xml:1324(para)
1361
msgid "To install <application>Likewise Open 5.0</application> enter:"
1364
#: ../docs/sharing/C/sharing.xml:1329(command)
1365
msgid "sudo apt-get install likewise-open5"
1368
#: ../docs/sharing/C/sharing.xml:1333(para)
1370
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1371
"will replace it. The domain will have to be rejoined after install."
1374
#: ../docs/sharing/C/sharing.xml:1341(title)
1375
msgid "Joining a Domain"
1378
#: ../docs/sharing/C/sharing.xml:1343(para)
1380
"The main executable file of the <application>likewise-open</application> "
1381
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1382
"join a computer to the domain. Before joining a domain, the following are "
1386
#: ../docs/sharing/C/sharing.xml:1351(para)
1388
"Access to an Active Directory user with appropriate rights to join the "
1392
#: ../docs/sharing/C/sharing.xml:1356(para)
1394
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1395
"being joined. If the AD domain does not match a valid domain such as "
1396
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it is in "
1397
"the form of <emphasis>domainname.local</emphasis>."
1400
#: ../docs/sharing/C/sharing.xml:1364(para)
1402
"DNS for the domain set up properly. In a production AD environment, this is "
1403
"typically the case. Proper Microsoft DNS is needed so that client "
1404
"workstations can determine that the Active Directory domain is available."
1407
#: ../docs/sharing/C/sharing.xml:1369(para)
1409
"If there is not a Windows DNS server on the network, see <xref "
1410
"linkend=\"likewise-open-ms-dns\"/> for details."
1413
#: ../docs/sharing/C/sharing.xml:1377(para)
1414
msgid "To join a domain, from a terminal prompt enter:"
1417
#: ../docs/sharing/C/sharing.xml:1382(command)
1418
msgid "sudo domainjoin-cli join example.com Administrator"
1421
#: ../docs/sharing/C/sharing.xml:1386(para)
1423
"Replace <emphasis>example.com</emphasis> with the proper domain name, and "
1424
"<emphasis>Administrator</emphasis> with the appropriate user name."
1427
#: ../docs/sharing/C/sharing.xml:1392(para)
1429
"There will be a prompt for the user's password. If all goes well, a "
1430
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
1433
#: ../docs/sharing/C/sharing.xml:1398(para)
1435
"After joining the domain, it is necessary to reboot before attempting to "
1436
"authenticate against the domain."
1439
#: ../docs/sharing/C/sharing.xml:1404(para)
1441
"After successfully joining an <phrase>Kubuntu</phrase> machine to an Active "
1442
"Directory domain, any valid AD user can be used to authenticate. To login, "
1443
"the user name must be entered as 'domain\\username'. For example to ssh to a "
1444
"server joined to the domain, enter:"
1447
#: ../docs/sharing/C/sharing.xml:1412(command)
1448
msgid "ssh 'example\\steve'@hostname"
1451
#: ../docs/sharing/C/sharing.xml:1416(para)
1453
"If configuring a Desktop, the user name will need to be prefixed with "
1454
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1457
#: ../docs/sharing/C/sharing.xml:1422(para)
1459
"To make likewise-open use a default domain, the following statement can be "
1460
"added to <filename>/etc/samba/lwiauthd.conf</filename>:"
1463
#: ../docs/sharing/C/sharing.xml:1427(programlisting)
1467
"winbind use default domain = yes\n"
1470
#: ../docs/sharing/C/sharing.xml:1431(para)
1471
msgid "Then restart the <application>likewise-open</application> daemons:"
1474
#: ../docs/sharing/C/sharing.xml:1436(command)
1475
msgid "sudo /etc/init.d/likewise-open restart"
1478
#: ../docs/sharing/C/sharing.xml:1440(para)
1480
"Once configured for a <emphasis>default domain</emphasis>, the <emphasis "
1481
"role=\"italic\">'domain\\'</emphasis> is no longer required. Users can login "
1482
"using only their username."
1485
#: ../docs/sharing/C/sharing.xml:1447(para)
1487
"The <application>domainjoin-cli</application> utility can also be used to "
1488
"leave the domain. From a terminal:"
1491
#: ../docs/sharing/C/sharing.xml:1453(command)
1492
msgid "sudo domainjoin-cli leave"
1495
#: ../docs/sharing/C/sharing.xml:1458(title)
1496
msgid "Other Utilities"
1499
#: ../docs/sharing/C/sharing.xml:1460(para)
1501
"The <application>likewise-open</application> package comes with a few other "
1502
"utilities that may be useful for gathering information about the Active "
1503
"Directory environment. These utilities are used to join the machine to the "
1504
"domain, and are the same as those available in the <application>samba-"
1505
"common</application> and <application>winbind</application> packages:"
1508
#: ../docs/sharing/C/sharing.xml:1471(para)
1510
"<application>lwinet</application>: Returns information about the network and "
1514
#: ../docs/sharing/C/sharing.xml:1476(para)
1516
"<application>lwimsg</application>: Allows interaction with the "
1517
"<application>likewise-winbindd</application> daemon."
1520
#: ../docs/sharing/C/sharing.xml:1481(para)
1522
"<application>lwiinfo</application>: Displays information about various parts "
1526
#: ../docs/sharing/C/sharing.xml:1488(para)
1527
msgid "Please refer to each utility's man page specific for details."
1530
#: ../docs/sharing/C/sharing.xml:1494(title)
1531
msgid "Troubleshooting"
1534
#: ../docs/sharing/C/sharing.xml:1498(para)
1536
"If the client has trouble joining the domain, check that the Microsoft DNS "
1537
"is listed first in <filename>/etc/resolv.conf</filename>. For example:"
1540
#: ../docs/sharing/C/sharing.xml:1504(programlisting)
1544
"nameserver 192.168.0.1\n"
1547
#: ../docs/sharing/C/sharing.xml:1509(para)
1549
"For more information when joining a domain, use the <emphasis>--loglevel "
1550
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1551
"<application>domainjoin-cli</application> utility:"
1554
#: ../docs/sharing/C/sharing.xml:1515(command)
1555
msgid "sudo domainjoin-cli --loglevel verbose join example.com Administrator"
1558
#: ../docs/sharing/C/sharing.xml:1519(para)
1560
"If an Active Directory user has trouble logging in, check the "
1561
"<filename>/var/log/auth.log</filename> for details."
1564
#: ../docs/sharing/C/sharing.xml:1524(para)
1566
"When joining an <phrase>Kubuntu</phrase> Desktop workstation to a domain, it "
1567
"may be necessary to edit <filename>/etc/nsswitch.conf</filename> if the AD "
1568
"domain uses the <emphasis role=\"italic\">.local</emphasis> syntax. In order "
1569
"to join the domain, the <emphasis>\"mdns4\"</emphasis> entry should be "
1570
"removed from the <emphasis>hosts</emphasis> option. For example:"
1573
#: ../docs/sharing/C/sharing.xml:1532(programlisting)
1577
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1580
#: ../docs/sharing/C/sharing.xml:1536(para)
1581
msgid "Change the above to:"
1584
#: ../docs/sharing/C/sharing.xml:1540(programlisting)
1588
"hosts: files dns [NOTFOUND=return]\n"
1591
#: ../docs/sharing/C/sharing.xml:1544(para)
1592
msgid "Then restart networking by entering:"
1595
#: ../docs/sharing/C/sharing.xml:1549(command)
1596
msgid "sudo /etc/init.d/networking restart"
1599
#: ../docs/sharing/C/sharing.xml:1552(para)
1600
msgid "It should now be possible to join the Active Directory domain."
1603
#: ../docs/sharing/C/sharing.xml:1560(title)
1604
msgid "Microsoft DNS"
1607
#: ../docs/sharing/C/sharing.xml:1562(para)
1609
"The following are instructions for installing DNS on an Active Directory "
1610
"domain controller running Windows Server 2003, but the instructions should "
1611
"be similar for other versions:"
1614
#: ../docs/sharing/C/sharing.xml:1572(para)
1617
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1618
"</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. "
1619
"This will open the <application>Server Role Management</application> utility."
1622
#: ../docs/sharing/C/sharing.xml:1580(para)
1623
msgid "Click <guilabel>Add or remove a role</guilabel>"
1626
#: ../docs/sharing/C/sharing.xml:1581(para) ../docs/sharing/C/sharing.xml:1583(para) ../docs/sharing/C/sharing.xml:1586(para)
1630
#: ../docs/sharing/C/sharing.xml:1582(para)
1631
msgid "Select \"DNS Server\""
1634
#: ../docs/sharing/C/sharing.xml:1584(para)
1635
msgid "Click Next again to proceed"
1638
#: ../docs/sharing/C/sharing.xml:1585(para)
1639
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1642
#: ../docs/sharing/C/sharing.xml:1587(para)
1644
"Make sure \"This server maintains the zone\" is selected and click Next."
1647
#: ../docs/sharing/C/sharing.xml:1588(para)
1648
msgid "Enter the domain name and click Next"
1651
#: ../docs/sharing/C/sharing.xml:1589(para)
1652
msgid "Click Next to \"Allow only secure dynamic updates\""
1655
#: ../docs/sharing/C/sharing.xml:1591(para)
1657
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1658
"should not forward queries\" and click Next."
1661
#: ../docs/sharing/C/sharing.xml:1595(para) ../docs/sharing/C/sharing.xml:1596(para)
1662
msgid "Click Finish"
1665
#: ../docs/sharing/C/sharing.xml:1598(para)
1667
"DNS is now installed and can be further configured using the "
1668
"<application>Microsoft Management Console</application> DNS snap-in."
1671
#: ../docs/sharing/C/sharing.xml:1606(para)
1675
#: ../docs/sharing/C/sharing.xml:1607(para)
1676
msgid "Control Panel"
1679
#: ../docs/sharing/C/sharing.xml:1608(para)
1680
msgid "Network Connections"
1683
#: ../docs/sharing/C/sharing.xml:1609(para)
1684
msgid "Right Click \"Local Area Connection\""
1687
#: ../docs/sharing/C/sharing.xml:1610(para)
1688
msgid "Click Properties"
1691
#: ../docs/sharing/C/sharing.xml:1611(para)
1692
msgid "Double click \"Internet Protocol (TCP/IP)\""
1695
#: ../docs/sharing/C/sharing.xml:1612(para)
1696
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1699
#: ../docs/sharing/C/sharing.xml:1613(para)
1703
#: ../docs/sharing/C/sharing.xml:1614(para)
1704
msgid "Click Ok again to save the settings"
1707
#: ../docs/sharing/C/sharing.xml:1603(para)
1709
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1712
#: ../docs/sharing/C/sharing.xml:1621(title)
1716
#: ../docs/sharing/C/sharing.xml:1623(para)
1718
"Please refer to the <ulink "
1719
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1720
"further information."
1723
#: ../docs/sharing/C/sharing.xml:1627(para)
1725
"For more <application>domainjoin-cli</application> options see the man page: "
1726
"<command>man domainjoin-cli</command>."
1729
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
1730
#: ../docs/sharing/C/sharing.xml:0(None)
1731
msgid "translator-credits"
1733
"Launchpad Contributions:\n"
1734
" Sahran https://launchpad.net/~sahran"