source: server/major/samba3.xml@ 5254d12

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!ENTITY samba3-download-http "http://us1.samba.org/samba/ftp/samba-&samba3-version;.tar.gz">
  <!ENTITY samba3-download-ftp  "ftp://ftp.samba.org/pub/samba/samba-&samba3-version;.tar.gz">
  <!ENTITY samba3-md5sum        "39c0cae08fe0224cb003aa0af97d3050">
  <!ENTITY samba3-size          "17.1 MB">
  <!ENTITY samba3-buildsize     "177.4 MB">
  <!ENTITY samba3-time          "2.5 SBU">
]>

<sect1 id="samba3" xreflabel="Samba-&samba3-version;">
  <?dbhtml filename="samba3.html"?>

  <sect1info>
    <othername>$LastChangedBy$</othername>
    <date>$Date$</date>
    <keywordset>
      <keyword role="package">samba-&samba3-version;.tar</keyword>
      <keyword role="ftpdir">samba</keyword>
    </keywordset>
  </sect1info>

  <title>Samba-&samba3-version;</title>

  <indexterm zone="samba3">
    <primary sortas="a-Samba">Samba</primary>
  </indexterm>

  <sect2 role="package">
    <title>Introduction to Samba</title>

    <para>The <application>Samba</application> package provides file and print
    services to SMB/CIFS clients and Windows networking to Linux clients.
    <application>Samba</application> can also be configured as a Windows NT
    4.0 Domain Controller replacement (with caveats working with NT PDC's and
    BDC's), a file/print server acting as a member of a Windows NT 4.0 or
    Active Directory domain and a NetBIOS (rfc1001/1002) nameserver (which
    amongst other things provides LAN browsing support).</para>

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>Download (HTTP): <ulink url="&samba3-download-http;"/></para>
      </listitem>
      <listitem>
        <para>Download (FTP): <ulink url="&samba3-download-ftp;"/></para>
      </listitem>
      <listitem>
        <para>Download MD5 sum: &samba3-md5sum;</para>
      </listitem>
      <listitem>
        <para>Download size: &samba3-size;</para>
      </listitem>
      <listitem>
        <para>Estimated disk space required: &samba3-buildsize;</para>
      </listitem>
      <listitem>
        <para>Estimated build time: &samba3-time;</para>
      </listitem>
    </itemizedlist>

    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>Required patch if you have <application>Heimdal</application>
        installed: <ulink
        url="&patch-root;/samba-&samba3-version;-heimdal-1.patch"/></para>
      </listitem>
    </itemizedlist>

    <bridgehead renderas="sect3">Samba Dependencies</bridgehead>

    <bridgehead renderas="sect4">Optional</bridgehead>
    <para role="optional"><xref linkend="popt"/>,
    <xref linkend="linux-pam"/>,
    <xref linkend="openldap"/>,
    <xref linkend="cups"/>,
    <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
    <xref linkend="libxml2"/>,
    <xref linkend="mysql"/>,
    <xref linkend="postgresql"/>,
    <xref linkend="python"/> and
    <ulink url="http://valgrind.kde.org/">Valgrind</ulink></para>

  </sect2>

  <sect2 role="installation">
    <title>Installation of Samba</title>

    <para>A <application>Samba</application> <filename>include.h</filename>
    header now does checks for C++ reserved names. The package will not build
    if you have <application>Heimdal</application> installed as Heimdal uses
    some of these reserved names inappropriately. If you have
    <application>Heimdal</application> installed, apply the following patch to
    disable these checks and allow the package to compile successfully:</para>

<screen><userinput>patch -Np1 -i ../samba-&samba3-version;-heimdal-1.patch</userinput></screen>

    <para>Install <application>Samba</application> by running the following
    commands:</para>

    <note>
      <para>You may want to run <command>configure</command> with the
      <option>--help</option> parameter. There may be other parameters
      needed to take advantage of the optional dependencies.</para>
    </note>

<screen><userinput>cd source &amp;&amp;
sed -i "60s/lib\[2/lib[1/" python/setup.py &amp;&amp;
./configure \
    --prefix=/usr \
    --sysconfdir=/etc \
    --localstatedir=/var \
    --with-piddir=/var/run \
    --with-fhs \
    --with-smbmount &amp;&amp;
make</userinput></screen>

    <para>This package does not come with a test suite.</para>

    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>

<!-- Commenting out the need for /var/cache/samba as my testing has
     shown me that this directory is not used. Grepping the source
     tree also turns up nothing about 'cache/samba'. -Randy 
<screen role="root"><userinput>install -v -m755 -d /var/cache/samba &amp;&amp;
-->

<screen role="root"><userinput>make install &amp;&amp;
mv -v /usr/lib/samba/libsmbclient.so /usr/lib &amp;&amp;
ln -v -sf ../libsmbclient.so /usr/lib/samba &amp;&amp;
ln -v -sf libsmbclient.so /usr/lib/libsmbclient.so.0 &amp;&amp;

chmod -v 644 /usr/include/libsmbclient.h &amp;&amp;

install -v -m755 nsswitch/libnss_win{s,bind}.so /lib &amp;&amp;
ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2 &amp;&amp;
ln -v -sf libnss_wins.so /lib/libnss_wins.so.2 &amp;&amp;

if [ -f nsswitch/pam_winbind.so ]; then
    install -v -m755 nsswitch/pam_winbind.so /lib/security
fi &amp;&amp;

install -v -m644 ../examples/smb.conf.default /etc/samba &amp;&amp;

install -v -m755 -d /usr/share/doc/samba-&samba3-version; &amp;&amp;
install -v -m644 ../docs/*.pdf /usr/share/doc/samba-&samba3-version; &amp;&amp;
ln -v -s ../../samba/swat  /usr/share/doc/samba-3.0.20b</userinput></screen>

  <para>If you passed the <option>--with-python</option> option to the
  <command>configure</command> script, issue the following command as the
  <systemitem class="username">root</systemitem> user to install the
  <application>Python</application> extensions:</para>

<screen role="root"><userinput>make python_install</userinput></screen>

  </sect2>

  <sect2 role="commands">
    <title>Command Explanations</title>

    <para><command>sed -i "60s/lib\[2/lib[1/" python/setup.py</command>:
    This command is necessary to build the
    <application>Python</application> extensions. The
    <filename>setup.py</filename> file has a bug which causes the build to
    crash. This command fixes the bug.</para>

    <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration
    file directory to avoid the default of
    <filename class="directory">/usr/etc</filename>.</para>

    <para><parameter>--localstatedir=/var</parameter>: Sets the variable
    data directory to avoid the default of
    <filename class="directory">/usr/var</filename>.</para>

    <para><parameter>--with-fhs</parameter>: Assigns all other file paths in
    a manner compliant with the Filesystem Hierarchy Standard (FHS).</para>

    <para><parameter>--with-smbmount</parameter>: Orders the creation of an
    extra binary for use by the <command>mount</command> command so that
    mounting remote SMB (Windows) shares becomes no more complex than
    mounting remote NFS shares.</para>

    <para><option>--with-pam</option>: Use this parameter to link
    <application>Linux-PAM</application> into the build. This
    also builds the <filename class='libraryfile'>pam_winbind.so</filename>
    <application>PAM</application> module. You can find
    instructions on how to configure and use the module by running
    <command>man winbindd</command>.</para>

    <!-- I am convinced that this command is no longer necessary. -Randy
    <para><command>install -v -d /var/cache/samba</command>: This directory is
    needed for proper operation of the <command>smbd</command> and
    <command>nmbd</command> daemons.</para>
    -->

    <para><command>mv -v /usr/lib/samba/libsmbclient.so ...; ln -v -sf
    ../libsmbclient.so ...</command>: The
    <filename class='libraryfile'>libsmbclient.so</filename> library is needed
    by other packages. This command moves it to a location where other packages
    can find it.</para>

    <para><command>install -v -m755 nsswitch/libnss_win{s,bind}.so /lib</command>:
    The nss libraries are not installed by default.  If you intend to use
    winbindd for domain auth, and/or WINS name resolution,
    you need these libraries.</para>

    <para><command>ln -v -sf libnss_winbind.so /lib/libnss_winbind.so.2</command>
    and <command>ln -v -sf libnss_wins.so /lib/libnss_wins.so.2</command>:
    These symlinks are required by glibc to use the NSS
    libraries.</para>

    <para><command>install -v -m644 ../examples/smb.conf.default
    /etc/samba</command>: This copies a default <filename>smb.conf</filename>
    file into <filename>/etc/samba</filename>. This sample configuration will
    not work until you copy it to <filename>/etc/samba/smb.conf</filename> and
    make the appropriate changes for your installation. See the configuration
    section for minimum values which must be set.</para>

  </sect2>

  <sect2 role="configuration">
    <title>Configuring Samba</title>

    <sect3 id="samba3-config">
      <title>Config Files</title>

      <para>/etc/samba/smb.conf</para>

      <indexterm zone="samba3 samba3-config">
        <primary sortas="e-etc-samba-smb.conf">/etc/samba/smb.conf</primary>
      </indexterm>

    </sect3>

    <sect3>
      <title>Mounting Shares by Unprivileged Users</title>

      <para>If it is desired for unprivileged users to directly mount (and
      unmount) SMB shares, the <command>smbmnt</command> and
      <command>smbumount</command> commands must be setuid
      <systemitem class='username'>root</systemitem>. Note that users can
      only mount SMB shares on a mount point owned by that user (requires
      write access also). If desired, change these programs to setuid
      <systemitem class='username'>root</systemitem> by issuing the following
      command as the <systemitem class='username'>root</systemitem>
      user:</para>

<screen role="root"><userinput>chmod -v 4755 /usr/bin/smb{mnt,umount}</userinput></screen>

    </sect3>

    <sect3>
      <title>Printing to SMB Clients</title>

      <para>If you use <application>CUPS</application> for print services,
      and you wish to print to a printer attached to an SMB client, you
      need to create an SMB backend device. To create the device, issue the
      following command as the <systemitem class="username">root</systemitem>
      user:</para>

<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen>

    </sect3>

    <sect3>
      <title>Configuration Information</title>

      <para>Due to the complexity and the many various uses for
      <application>Samba</application>, complete configuration for all the
      package's capabilities is well beyond the scope of the BLFS book. This
      section provides instructions to configure the
      <filename>/etc/samba/smb.conf</filename> file for two common scenarios.
      The complete contents of <filename>/etc/samba/smb.conf</filename> will
      depend on the purpose of <application>Samba</application>
      installation.</para>

      <note>
        <para>You may find it easier to copy the configuration parameters shown
        below into an empty <filename>/etc/samba/smb.conf</filename> file
        instead of copying and editing the default file as mentioned in the
        <quote>Command Explanations</quote> section. How you create/edit the
        <filename>/etc/samba/smb.conf</filename> file will be left up to
        you. Do ensure the file is only writeable by the
        <systemitem class="username">root</systemitem> user (mode 644).</para>
      </note>

      <sect4>
        <title>Scenario 1: Minimal Standalone Client-Only Installation</title>

        <para>Choose this variant if you only want to transfer files using
        <command>smbclient</command>, mount Windows shares and print to Windows
        printers, and don't want to share your files and printers to Windows
        machines.</para>

        <para>A <filename>/etc/samba/smb.conf</filename> file with the following
        three parameters is sufficient:</para>

<screen role='root'><literal>[global]
    workgroup = <replaceable>MYGROUP</replaceable>
    dos charset = <replaceable>cp850</replaceable>
    unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen>

        <para>The values in this example specify that the computer belongs to a
        Windows workgroup named
        <quote><replaceable>MYGROUP</replaceable></quote>, uses the
        <quote><replaceable>cp850</replaceable></quote> character set on the
        wire when talking to MS-DOS and MS Windows 9x, and that the filenames
        are stored in the <quote><replaceable>ISO-8859-1</replaceable></quote>
        encoding on the disk. Adjust these values appropriately for your
        installation. The <quote>unix charset</quote> value must be the same as
        the output of <command>locale charmap</command> when executed with the
        <envar>LANG</envar> variable set to your preferred locale, otherwise the
        <command>ls</command> command may not display correct filenames of
        downloaded files.</para>

        <para>There is no need to run any <application>Samba</application>
        servers in this scenario, thus you don't need to install the provided
        bootscripts.</para>

      </sect4>

      <sect4>
        <title>Scenario 2: Standalone File/Print Server</title>

        <para>Choose this variant if you want to share your files and printers
        to Windows machines in your workgroup in addition to the capabilities
        described in Scenario 1.</para>

        <para>In this case, the <filename>/etc/samba/smb.conf.default</filename>
        file may be a good template to start from. Also add
        <quote>dos charset</quote> and <quote>unix charset</quote> parameters
        to the <quote>[global]</quote> section as described in Scenario 1 in
        order to prevent filename corruption.</para>

        <para>The following configuration file creates a separate share for each
        user's home directory and also makes all printers available to Windows
        machines:</para>

<screen role='root'><literal>[global]
    workgroup = <replaceable>MYGROUP</replaceable>
    dos charset = <replaceable>cp850</replaceable>
    unix charset = <replaceable>ISO-8859-1</replaceable>

[homes]
    comment = Home Directories
    browseable = no
    writable = yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    printable = yes</literal></screen>

        <para>Other parameters you may wish to customize in the
        <quote>[global]</quote> section include:</para>

<screen role='root'><literal>    server string =
    security =
    hosts allow =
    load printers =
    log file =
    max log size =
    socket options =
    local master =</literal></screen>

        <para>Reference the comments in the
        <filename>/etc/samba/smb.conf.default</filename> file for information
        regarding these parameters.</para>

        <para>Since the <command>smbd</command> and <command>nmbd</command>
        daemons are needed in this case, install the <filename>samba</filename>
        bootscript. Be sure to run <command>smbpasswd</command> (with the
        <option>-a</option> option to add users) to enable and
        set passwords for all accounts that need
        <application>Samba</application> access, or use the SWAT web interface
        (see below) to do the same. Using the default
        <application>Samba</application> passdb backend, any user you attempt
        to add will also be required to exist in the
        <filename>/etc/passwd</filename> file.</para>

      </sect4>

      <sect4>
        <title>Advanced Requirements</title>

        <para>More complex scenarios involving domain control or membership are
        possible if the right flags are passed to the ./configure script when
        the package is built. Such setups are advanced topics and cannot be
        adequately covered in BLFS. Many complete books have been written on
        these topics alone. It should be noted, however, that a
        <application>Samba</application> BDC cannot be used as a fallback
        for a Windows PDC, and conversely, a Windows BDC cannot be used as a
        fallback for a <application>Samba</application> PDC. Also in some
        domain membership scenarios, the <command>winbindd</command> daemon and
        the corresponding bootscript are needed.</para>

        <para>There is quite a bit of documentation available which covers many
        of these advanced configurations. Point your web browser to the links
        below to view some of the documentation included with the
        <application>Samba</application> package:</para>

        <itemizedlist spacing='compact'>
          <listitem>
            <para>Using Samba, 2nd Edition; a popular book published by O'Reilly
            <ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
          </listitem>
          <listitem>
            <para>The Official Samba HOWTO and Reference Guide <ulink
            url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
            </para>
          </listitem>
          <listitem>
            <para>Samba-3 by Example
            <ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/>
            </para>
          </listitem>
          <listitem>
            <para>The Samba-3 man Pages
            <ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
          </listitem>
        </itemizedlist>

      </sect4>

    </sect3>

    <sect3 id="samba3-swat-config">
      <title>Configuring SWAT</title>

      <para>The built in SWAT (<application>Samba</application> Web
      Administration Tool) utility can be used for basic configuration of
      the <application>Samba</application> installation, but because it may
      be inconvenient, undesirable or perhaps even impossible to gain
      access to the console, BLFS recommends setting up access to SWAT using
      <application>Stunnel</application>. Without
      <application>Stunnel</application>, the
      <systemitem class="username">root</systemitem> password is transmitted
      in clear text over the wire, and is considered an unacceptable security
      risk. After considering the security implications of using SWAT without
      <application>Stunnel</application>, and you still wish to implement SWAT
      without it, instructions are provided at this end of this section.</para>

      <indexterm zone="samba3 samba3-swat-config">
        <primary sortas="g-SWAT">SWAT</primary>
      </indexterm>

      <sect4>
        <title>Setting up SWAT using Stunnel</title>

        <para>First install, or ensure you have already installed, the
        <xref linkend="stunnel"/> package.</para>

        <para>Next you must add entries to <filename>/etc/services</filename>
        and modify the <command>inetd</command>/<command>xinetd</command>
        configuration.</para>

        <indexterm zone="samba3 samba3-swat-config">
          <primary sortas="e-etc-services">/etc/services</primary>
        </indexterm>

        <indexterm zone="samba3 samba3-swat-config">
          <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
        </indexterm>

        <indexterm zone="samba3 samba3-swat-config">
          <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
        </indexterm>

        <para>Add swat and swat_tunnel entries to
        <filename>/etc/services</filename> with the following commands issued
        as the <systemitem class="username">root</systemitem> user:</para>

<screen role="root"><userinput>echo "swat            901/tcp" &gt;&gt; /etc/services &amp;&amp;
echo "swat_tunnel     902/tcp" &gt;&gt; /etc/services</userinput></screen>

        <para>If <command>inetd</command> is used, the following command will
        add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as
        user <systemitem class="username">root</systemitem>):</para>

<screen role="root"><userinput>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
    &gt;&gt; /etc/inetd.conf</userinput></screen>

        <para>Issue a <command>killall -HUP inetd</command> to reread the
        changed <filename>inetd.conf</filename> file.</para>

        <para>If you use <command>xinetd</command>, the following command will
        create the <application>Samba</application> file as
        <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify
        or remove the <quote>only_from</quote> line to include the desired
        host[s]):</para>

<screen role="root"><userinput>cat &gt;&gt; /etc/xinetd.d/swat_tunnel &lt;&lt; "EOF"
<literal># Begin /etc/xinetd.d/swat_tunnel

service swat_tunnel
{
    port            = 902
    socket_type     = stream
    wait            = no
    only_from       = 127.0.0.1
    user            = root
    server          = /usr/sbin/swat
    log_on_failure  += USERID
}

# End /etc/xinetd.d/swat_tunnel</literal>
EOF</userinput></screen>

        <indexterm zone="samba3 samba3-swat-config">
          <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary>
        </indexterm>

        <para>Issue a <command>killall -HUP xinetd</command> to read the new
        <filename>/etc/xinetd.d/swat_tunnel</filename> file.</para>

        <para>Next, you must add an entry for the swat service to the
        <filename>/etc/stunnel/stunnel.conf</filename> file (as user
        <systemitem class="username">root</systemitem>):</para>

        <indexterm zone="samba3 samba3-swat-config">
          <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
        </indexterm>

<screen role="root"><userinput>cat &gt;&gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF"
<literal>[swat]
accept  = 901
connect = 902</literal>

EOF</userinput></screen>

        <para>Restart the <command>stunnel</command> daemon using the following
        command as the <systemitem class="username">root</systemitem> user:</para>

<screen role="root"><userinput>/etc/rc.d/init.d/stunnel restart</userinput></screen>

      <para>SWAT can be launched by pointing your web browser to
      <uri>https://<replaceable>[CA_DN_field]</replaceable>:901</uri>.
      Substitute the hostname listed in the DN field of the CA certificate
      used with <application>Stunnel</application> for
      <replaceable>[CA_DN_field]</replaceable>.</para>

      </sect4>

      <sect4>
        <title>Setting up SWAT without Stunnel</title>

        <warning>
          <para>BLFS does not recommend using these procedures because of the
          security risk involved. However, in a home network environment and
          disclosure of the <systemitem class='username'>root</systemitem>
          password is an acceptable risk, the following
          instructions are provided for your convenience.</para>
        </warning>

        <para>Add a swat entry to <filename>/etc/services</filename> with the
        following command issued as the
        <systemitem class='username'>root</systemitem> user:</para>

<screen role='root'><userinput>echo "swat            901/tcp" &gt;&gt; /etc/services</userinput></screen>

        <para>If <command>inetd</command> is used, the following command
        issued as the <systemitem class='username'>root</systemitem> user will
        add a swat entry to the <filename>/etc/inetd.conf</filename> file:</para>

<screen role='root'><userinput>echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \
    &gt;&gt; /etc/inetd.conf</userinput></screen>

        <para>Issue a <command>killall -HUP inetd</command> to reread the
        changed <filename>inetd.conf</filename> file.</para>

        <para>If <command>xinetd</command> is used, the following command
        issued as the <systemitem class='username'>root</systemitem> user
        will create an <filename>/etc/xinetd.d/swat</filename> file:</para>

<screen role='root'><userinput>cat &gt;&gt; /etc/xinetd.d/swat &lt;&lt; "EOF"
<literal># Begin /etc/xinetd.d/swat

service swat
{
    port            = 901
    socket_type     = stream
    wait            = no
    only_from       = 127.0.0.1
    user            = root
    server          = /usr/sbin/swat
    log_on_failure  += USERID
}

# End /etc/xinetd.d/swat</literal>
EOF</userinput></screen>

        <para>Issue a <command>killall -HUP xinetd</command> to read the
        new <filename>/etc/xinetd.d/swat</filename> file.</para>

        <para>SWAT can be launched by pointing your web browser to
        http://localhost:901.</para>

      </sect4>

    </sect3>

    <sect3>
      <title/>

      <note>
        <para>If you linked <application>Linux-PAM</application> into the
        <application>Samba</application> build, you'll need to create an
        <filename>/etc/pam.d/samba</filename> file.</para>
      </note>

      <indexterm zone="samba3 samba3-swat-config">
        <primary sortas="e-etc-pam.d-samba">/etc/pam.d/samba</primary>
      </indexterm>

    </sect3>

    <sect3 id="samba3-init">
      <title>Boot Script</title>

      <para>For your convenience, boot scripts have been provided for
      <application>Samba</application>. There are two included in the
      <xref linkend="bootscripts"/> package. The first,
      <filename>samba</filename>, will start the <command>smbd</command>
      and <command>nmbd</command> daemons needed to provide SMB/CIFS
      services. The second script, <filename>winbind</filename>, starts
      the <command>winbindd</command> daemon, used for providing Windows
      domain services to Linux clients.</para>

      <indexterm zone="samba3 samba3-init">
        <primary sortas="f-samba">samba</primary>
      </indexterm>

      <indexterm zone="samba3 samba3-init">
        <primary sortas="f-winbind">winbind</primary>
      </indexterm>

      <para>The default <application>Samba</application> installation uses the
      <systemitem class='username'>nobody</systemitem> user for guest access
      to the server. This can be overridden by setting the
      <option>guest account =</option> parameter in the
      <filename>/etc/samba/smb.conf</filename> file. If you utilize the
      <option>guest account =</option> parameter, ensure this user exists in
      the <filename>/etc/passwd</filename> file. To use the default user,
      issue the following commands as the
      <systemitem class='username'>root</systemitem> user:</para>

<screen><userinput>groupadd -g 99 nogroup &amp;&amp;
useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \
    -s /bin/false -u 99 nobody</userinput></screen>

      <para>Install the <filename>samba</filename> script with the following
      command issued as the <systemitem class="username">root</systemitem>
      user:</para>

<screen role="root"><userinput>make install-samba</userinput></screen>

      <para>If you also need the <filename>winbind</filename>
      script:</para>

<screen role="root"><userinput>make install-winbind</userinput></screen>

    </sect3>

  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Programs</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directories</segtitle>

      <seglistitem>
        <seg>findsmb, mount.smbfs, net, nmbd, nmblookup, ntlm_auth, pdbedit,
        profiles, rpcclient, smbcacls, smbclient, smbcontrol, smbcquotas, smbd,
        smbmnt, smbmount, smbpasswd, smbspool, smbstatus, smbtar, smbtree,
        smbumount, swat, tdbbackup, tdbdump, tdbtool, testparm, testprns,
        wbinfo, and winbindd</seg>
        <seg>libnss_winbind.so, libnss_wins.so, libsmbclient.so, the
        pam_winbind.so PAM library and assorted character set,
        filesystem and support modules.</seg>
        <seg>/etc/samba, /usr/lib/samba, /usr/share/samba, /var/cache/samba,
        and /var/lib/samba</seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="findsmb">
        <term><command>findsmb</command></term>
        <listitem>
          <para>lists information about machines that respond to
          SMB name queries on a subnet.</para>
          <indexterm zone="samba3 findsmb">
            <primary sortas="b-findsmb">findsmb</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="mount.smbfs">
        <term><command>mount.smbfs</command></term>
        <listitem>
          <para>is a symlink to <command>smbmount</command> which provides
          <command>/bin/mount</command> with a way to mount remote Windows
          (or <application>Samba</application>) fileshares.</para>
          <indexterm zone="samba3 mount.smbfs">
            <primary sortas="b-mount.smbfs">mount.smbfs</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="net">
        <term><command>net</command></term>
        <listitem>
          <para>is a tool for administration of
          <application>Samba</application> and remote CIFS servers, similar
          to the <command>net</command> utility for DOS/Windows.</para>
          <indexterm zone="samba3 net">
            <primary sortas="b-net">net</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="nmbd">
        <term><command>nmbd</command></term>
        <listitem>
          <para>is the <application>Samba</application>
          NetBIOS name server.</para>
          <indexterm zone="samba3 nmbd">
            <primary sortas="b-nmbd">nmbd</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="nmblookup">
        <term><command>nmblookup</command></term>
        <listitem>
          <para>is used to query NetBIOS names and map
          them to IP addresses.</para>
          <indexterm zone="samba3 nmblookup">
            <primary sortas="b-nmblookup">nmblookup</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="ntlm_auth">
        <term><command>ntlm_auth</command></term>
        <listitem>
          <para>is a tool to allow external access to Winbind's
          NTLM authentication function.</para>
          <indexterm zone="samba3 ntlm_auth">
            <primary sortas="b-ntlm_auth">ntlm_auth</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="pdbedit">
        <term><command>pdbedit</command></term>
        <listitem>
          <para>is a tool used to manage the SAM database.</para>
          <indexterm zone="samba3 pdbedit">
            <primary sortas="b-pdbedit">pdbedit</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="profiles">
        <term><command>profiles</command></term>
        <listitem>
          <para>is a utility that reports and changes SIDs in Windows
          registry files. It currently only supports Windows NT.</para>
          <indexterm zone="samba3 profiles">
            <primary sortas="b-profiles">profiles</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="rpcclient">
        <term><command>rpcclient</command></term>
        <listitem>
          <para>is used to execute MS-RPC client side functions.</para>
          <indexterm zone="samba3 rpcclient">
            <primary sortas="b-rpcclient">rpcclient</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbcacls">
        <term><command>smbcacls</command></term>
        <listitem>
          <para>is used to manipulate Windows NT access control lists.</para>
          <indexterm zone="samba3 smbcacls">
            <primary sortas="b-smbcacls">smbcacls</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbclient">
        <term><command>smbclient</command></term>
        <listitem>
          <para>is a SMB/CIFS access utility, similar to FTP.</para>
          <indexterm zone="samba3 smbclient">
            <primary sortas="b-smbclient">smbclient</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbcontrol">
        <term><command>smbcontrol</command></term>
        <listitem>
          <para>is used to control running <command>smbd</command>,
          <command>nmbd</command> and <command>winbindd</command>
          daemons.</para>
          <indexterm zone="samba3 smbcontrol">
            <primary sortas="b-smbcontrol">smbcontrol</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbcquotas">
        <term><command>smbcquotas</command></term>
        <listitem>
          <para>is used to manipulate Windows NT quotas on
          SMB file shares.</para>
          <indexterm zone="samba3 smbcquotas">
            <primary sortas="b-smbcquotas">smbcquotas</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbd">
        <term><command>smbd</command></term>
        <listitem>
          <para>is the main <application>Samba</application> daemon which
          provides SMB/CIFS services to clients.</para>
          <indexterm zone="samba3 smbd">
            <primary sortas="b-smbd">smbd</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbmnt">
        <term><command>smbmnt</command></term>
        <listitem>
          <para>is a helper application used by the
          <command>smbmount</command> program to do the actual mounting of
          SMB shares. It can be installed setuid
          <systemitem class='username'>root</systemitem> if you want
          unprivileged users to be able to mount their SMB shares.</para>
          <indexterm zone="samba3 smbmnt">
            <primary sortas="b-smbmnt">smbmnt</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbmount">
        <term><command>smbmount</command></term>
        <listitem>
          <para>is usually invoked as <command>mount.smbfs</command> by the
          <command>mount</command> command when using the
          <parameter>-t smbfs</parameter> option, mounts a Linux SMB
          filesystem.</para>
          <indexterm zone="samba3 smbmount">
            <primary sortas="b-smbmount">smbmount</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbpasswd">
        <term><command>smbpasswd</command></term>
        <listitem>
          <para>changes a user's <application>Samba</application>
          password.</para>
          <indexterm zone="samba3 smbpasswd">
            <primary sortas="b-smbpasswd">smbpasswd</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbspool">
        <term><command>smbspool</command></term>
        <listitem>
          <para>sends a print job to an SMB printer.</para>
          <indexterm zone="samba3 smbspool">
            <primary sortas="b-smbspool">smbspool</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbstatus">
        <term><command>smbstatus</command></term>
        <listitem>
          <para>reports current <application>Samba</application>
          connections.</para>
          <indexterm zone="samba3 smbstatus">
            <primary sortas="b-smbstatus">smbstatus</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbtar">
        <term><command>smbtar</command></term>
        <listitem>
          <para>is a shell script used for backing up SMB/CIFS shares
          directly to Linux tape drives or a file.</para>
          <indexterm zone="samba3 smbtar">
            <primary sortas="b-smbtar">smbtar</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbtree">
        <term><command>smbtree</command></term>
        <listitem>
          <para>is a text-based SMB network browser.</para>
          <indexterm zone="samba3 smbtree">
            <primary sortas="b-smbtree">smbtree</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="smbumount">
        <term><command>smbumount</command></term>
        <listitem>
          <para>is used by unprivileged users to unmount SMB filesystems,
          provided that it is setuid root.</para>
          <indexterm zone="samba3 smbumount">
            <primary sortas="b-smbumount">smbumount</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="swat">
        <term><command>swat</command></term>
        <listitem>
          <para>is the <application>Samba</application> Web Administration
          Tool.</para>
          <indexterm zone="samba3 swat">
            <primary sortas="b-swat">swat</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="tdbbackup">
        <term><command>tdbbackup</command></term>
        <listitem>
          <para>is a tool for backing up or validating the integrity of
          <application>Samba</application> <filename>.tdb</filename>
          files.</para>
          <indexterm zone="samba3 tdbbackup">
            <primary sortas="b-tdbbackup">tdbbackup</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="tdbdump">
        <term><command>tdbdump</command></term>
        <listitem>
          <para> is a tool used to print the contents of a
          <application>Samba</application> <filename>.tdb</filename>
          file.</para>
          <indexterm zone="samba3 tdbdump">
            <primary sortas="b-tdbdump">tdbdump</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="tdbtool">
        <term><command>tdbtool</command></term>
        <listitem>
          <para>is a tool which allows simple database manipulation from the
          command line.</para>
          <indexterm zone="samba3 tdbtool">
            <primary sortas="b-tdbtool">tdbtool</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="testparm">
        <term><command>testparm</command></term>
        <listitem>
          <para>checks an <filename>smb.conf</filename> file for proper
          syntax.</para>
          <indexterm zone="samba3 testparm">
            <primary sortas="b-testparm">testparm</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="testprns">
        <term><command>testprns</command></term>
        <listitem>
          <para>tests printer names.</para>
          <indexterm zone="samba3 testprns">
            <primary sortas="b-testprns">testprns</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="wbinfo">
        <term><command>wbinfo</command></term>
        <listitem>
          <para>queries a running <command>winbindd</command> daemon.</para>
          <indexterm zone="samba3 wbinfo">
            <primary sortas="b-wbinfo">wbinfo</primary>
          </indexterm>
        </listitem>
      </varlistentry>

      <varlistentry id="winbindd">
        <term><command>winbindd</command></term>
        <listitem>
          <para>resolves names from Windows NT servers.</para>
          <indexterm zone="samba3 winbindd">
            <primary sortas="b-winbindd">winbindd</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>