Samba documentation ------------------- The documentation of Samba is moved to an extra package samba-doc. Documented example configuration -------------------------------- The installed sample configuration at /etc/samba/smb.conf is a stripped down version of the full commented and with deactivates examples enriched file as from /usr/share/doc/packages/samba/examples/smb.conf.VENDOR While building the package all comments are removed like running testparm on this file. Samba packaging organisation ---------------------------- The packaging split Samba in several components. This allows you to install only the components you need. The most common package is samba-client which also includes the main configuration file /etc/samba/smb.conf. As a result you can't install samba-winbind or the main Samba package, samba without also installing samba-client. Package name Content samba smb and nmb daemon and utilities, SWAT samba-client smb.conf, client utilities samba-doc documentation samba-pdb Password Database plugins samba-python Python bindings samba-vscan on-access virus scanning VFS modules samba-winbind Name Service Switch resolving names from NT servers ldapsmb Tool to simplify Samba LDAP administration libsmbclient smb client library libsmbclient-devel develelopment files of the smb client library smbfs and nmb service --------------------- If your Linux system should mount a remote SMB/ CIFS share and the remote system is not in the broadcast domain of the Linux system, it might be useful to also activate, configure and start the nmb service. Especially if you use NetBIOS names and not IP addresses of the target. For activation of the nmb service use insserv or the YaST runlevel editor. By this the nmb service is started automatically while the system startup. To configure edit /etc/samba/smb.conf. To start the nmb service by hand call rcnmb start. How to view the Samba package detailed changelog? ------------------------------------------------- If the package is installes type: rpm -q --changelog samba | less If not type: rpm -qp --changelog /path/to/the/samba-*-*.i?86.rpm | less Known Issues ------------ - vscan is build for SuSE Linx versions older than 9.2 without filetype support as libmagic was built without -fPIC - Quota Support does not work - ADS security does not work with win2k3dc and heimdal <0.6 Note about Kerberos-Support with Samba 3 and SuSE Linux / UnitedLinux --------------------------------------------------------------------- Although a lot of effort has been made to make the kerberos-support in Samba 3 less dependent to the MIT-Kerberos implementation, there are still some issues with heimdal: Using Kerberos Authentication with heimdal 0.4e and a WIN2k DC -------------------------------------------------------------- only the DES-CBC-CRC and DES-CBC-MD5 encryption types are supported with tickets obtained from a win2k kdc. this means that: * "administrator" has to change its password after installation to use that account with kerberos * anyone in your ads-domain has to change the password after an in-place-migration from nt4 to create the necessary encryption types of the new password. Using Kerberos Authentication with heimdal 0.4e and a WIN2k3 DC: ---------------------------------------------------------------- this combination currently does not work but might be fixed soon. (des-keys do not work here) Using Kerberos Authentication with heimdal 0.6 (or newer) and a WIN2k DC ------------------------------------------------------------------------ Heimdal 0.6 has better support for the ARCFOUR-HMAC-MD5 encryption type (the one any user in a windows domain already has - without changing their password). Nonetheless some small fixes to heimdal 0.6 are required to make it fully operational (http://www.padl.com/~lukeh/rc4fix.diff). Of course newer builds of heimdal work as well. sample krb5.conf for heimdal-0.4e and win2k dc ---------------------------------------------- [libdefaults] default_realm = MY.REALM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] MY.REALM = { kdc = ads.my.realm kpasswd_server = ads.my.realm } [domain_realm] my.realm = MY.REALM .my.realm = MY.REALM sample krb5.conf for heimdal-0.6 and win2k3 dc ---------------------------------------------- [libdefaults] default_realm = MY.REALM [realms] MY.REALM = { kdc = ads.my.realm kpasswd_server = ads.my.realm } [domain_realm] my.realm = MY.REALM .my.realm = MY.REALM sample domain join ------------------ obtain a ticket granting ticket (tgt) first: mthelena:~ # kinit administrator@MY.REALM check if it has the correct encryption type: mthelena:~ # klist -v now join the domain with your tgt: mthelena:~ # net ads join start all daemons: mthelena:~ # rcsmb start && rcwinbind start try to get a service ticket via smbclient: mthelena:~ # smbclient -L localhost -k -d2 mthelena:~ # klist -v