1<html> 2<body bgcolor="#ffffff"> 3 4<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" 5hspace="10" align="left" /> 6 7<h1 class="head0">Appendix F. Running Samba on Mac OS X Server</h1> 8 9 10 11<p><a name="INDEX-1"/>Mac OS X Server is an Apple 12operating-system product based on Mac OS X, with the addition of 13administrative tools and server software. One area in which it 14differs from Mac OS X is in the configuration of Samba-based 15services. In this appendix, we'll tell you how to 16set up SMB file and printer shares, enable client user access, and 17monitor activity. Our specific focus is on Mac OS X Server 10.2.</p> 18 19 20 21<div class="sect1"><a name="samba2-APP-F-SECT-1"/> 22 23<h2 class="head1">Setup Procedures</h2> 24 25<p>The first thing to note is that the procedure described in <a href="ch02.html">Chapter 2</a> using System Preferences to enable Samba does 26not apply to Mac OS X Server. Unlike Mac OS X, the Sharing pane of 27System Preferences does not include an option to turn on Windows File 28Sharing. Instead, there is a set of applications to configure, 29activate, and monitor services: Workgroup Manager, Server Settings, 30Server Status, and Open Directory Assistant, all located in the 31directory <em class="filename">/Applications/Utilities</em>.</p> 32 33<a name="samba2-APP-F-NOTE-163"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> 34<p>In addition to being installed with Mac OS X Server, these and other 35administrative applications are included on a separate installation 36CD-ROM sold with the operating system. They can be used to manage Mac 37OS X Server systems remotely from any Mac OS X machine.</p> 38 39<p>For more information, refer to the <em class="citetitle">Mac OS X Server 40Administrator's 41Guide</em><a name="INDEX-2"/>, included as a PDF 42file in the <em class="filename">/Library/Documentation/MacOSXServer</em> 43directory, and also downloadable from Apple 44Computer's web site at <a href="http://www.apple.com/server/">http://www.apple.com/server/</a>.</p> 45</blockquote> 46 47<p>Briefly, the procedure for setting up SMB file and printer shares is 48as follows:</p> 49 50<ol><li> 51<p>Designate share points in Workgroup Manager for file sharing.</p> 52</li><li> 53<p>Set up print queues in Server Settings for printer sharing, and 54activate Printer Service.</p> 55</li><li> 56<p>Configure and activate Windows Services in Server Settings.</p> 57</li><li> 58<p>Activate Password Server and enable SMB authentication in Open 59Directory Assistant.</p> 60</li><li> 61<p>Enable Password Server authentication for user accounts in Workgroup 62Manager.</p> 63</li><li> 64<p>Monitor file and print services with Server Status.</p> 65</li></ol> 66 67<div class="sect2"><a name="samba2-APP-F-SECT-1.1"/> 68 69<h3 class="head2">Sharing Files</h3> 70 71<p><a name="INDEX-3"/><a name="INDEX-4"/>The 72first step to enable SMB file sharing is to designate one or more 73<em class="firstterm">share points</em>. Share points are folders that 74form the root of shared volumes for any of the protocols supported by 75Mac OS X Server: Apple Filesharing Protocol (AFP), Network Filesystem 76(NFS), File Transfer Protocol (FTP), and SMB.</p> 77 78<p>To designate a share point, launch Workgroup Manager. You will be 79prompted for the local or remote server's hostname 80or IP address, as well as for a username and password; this process 81is required by all the Mac OS X Server administrative applications. 82Once Workgroup Manager is open, click the Sharing button in the 83toolbar. The list on the left, under the Share Points tab, displays 84currently defined share points. To add a new one, click the All tab, 85and navigate to the folder you want to share.</p> 86 87<p>On the right, under the General tab, check the box labeled Share this 88item and its contents, change the ownership and permissions if 89desired, then click the Save button. Next, under the Protocols tab, 90select Windows File Settings from the pop-up menu, and ensure that 91the box labeled Share this item using SMB is checked. At this point, 92you can also decide whether to allow guest access to the share, 93change the name of the share displayed to SMB clients, or set 94permissions for files and folders created by SMB clients. Click the 95Save button when you're finished making changes. See 96<a href="appf.html#samba2-APP-F-FIG-1">Figure F-1</a>.</p> 97 98<div class="figure"><a name="samba2-APP-F-FIG-1"/><img src="figs/sam2_af01.gif"/></div><h4 class="head4">Figure F-1. Workgroup Manager: Share Points and Windows File Settings</h4> 99 100 101</div> 102 103 104<div class="sect2"><a name="samba2-APP-F-SECT-1.2"/> 105 106<h3 class="head2">Sharing Printers</h3> 107 108<p><a name="INDEX-5"/><a name="INDEX-6"/>Printer shares are set up 109differently. First, launch Server Settings; under the File & 110Print tab, select Print, then Configure Print Service.... Check the 111box labeled Automatically share new queues for Windows printing. 112Next, click the Print icon again and then Show Print Monitor. Make 113sure the printers you want to share are listed. Printers directly 114attached to the server should have queues created automatically, but 115remote printers you wish to reshare must be added by clicking New 116Queue and discovering or specifying the printers. When 117you're finished, click Save, select the Print icon 118one more time, and select Start Print Service. See <a href="appf.html#samba2-APP-F-FIG-2">Figure F-2</a>.</p> 119 120<div class="figure"><a name="samba2-APP-F-FIG-2"/><img src="figs/sam2_af02.gif"/></div><h4 class="head4">Figure F-2. Server Settings: Print Service</h4> 121 122<a name="samba2-APP-F-NOTE-164"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 123<p>Server Settings will make local printers available for sharing only 124if they're PostScript compatible. Unfortunately, 125many printers, including consumer-grade USB inkjet printers, 126aren't. If you want to make one of these printers 127available to SMB clients, you can still add the share to 128<em class="filename">/etc/smb.conf</em> yourself with a text editor. See 129"Rolling Your Own" later in this 130chapter for instructions and caveats related to making manual changes 131to <em class="filename">smb.conf</em>.</p> 132</blockquote> 133 134 135</div> 136 137 138<div class="sect2"><a name="samba2-APP-F-SECT-1.3"/> 139 140<h3 class="head2">Configuring and Activating Services</h3> 141 142<p><a name="INDEX-7"/>At this point, neither 143the file shares nor the printer shares are available to SMB clients. 144To activate them, click the Windows icon in Server Settings, and 145click Configure Windows Services.... Under the General tab, you can 146set the server's NetBIOS hostname, the workgroup or 147Windows NT domain in which the server resides, and the description 148that gets displayed in a browse list. You can also specify the code 149page for an alternate character set. Finally, you can enable 150boot-time startup of Samba. See <a href="appf.html#samba2-APP-F-FIG-3">Figure F-3</a>.</p> 151 152<div class="figure"><a name="samba2-APP-F-FIG-3"/><img src="figs/sam2_af03.gif"/></div><h4 class="head4">Figure F-3. Server Settings: Windows Services</h4> 153 154<p>The Windows Services Access tab offers options to enable guest access 155and limit the number of simultaneous client connections; under the 156Logging tab, you can specify the verbosity of your logging. With 157options under the Neighborhood tab, you can configure your machine as 158a WINS client or server or have it provide browser services locally 159or across subnets.</p> 160 161<a name="samba2-APP-F-SIDEBAR-1"/><blockquote><table border="1" cellpadding="6"><tr><td> 162<h4 class="head4">Password Server</h4> 163 164<p><a name="INDEX-8"/><a name="INDEX-9"/>Password Server is a feature 165introduced with Mac OS X Server 10.2. In prior versions of Mac OS X 166Server, Windows authentication was handled with Authentication 167Manager, which stored a user's Windows password in 168the <tt class="literal">tim_password</tt> property of the 169user's NetInfo record. This can still be done in 170Version 10.2, although it's strongly discouraged 171because the encrypted password is visible to other users with access 172to the NetInfo domain and can potentially be decrypted.</p> 173 174<p>If you need to use Authentication Manager, use the following 175procedure to enable it:</p> 176 177<ol><li> 178<p>On every machine hosting a domain that will bind into the NetInfo 179hierarchy, execute the command <tt class="literal">tim -init -auto</tt> 180<em class="replaceable">tag</em> for each domain, where 181<em class="replaceable">tag</em> is the name of the 182domain's database.</p> 183</li> 184<li> 185<p>When prompted, provide a password to be used as the encryption key 186for the domain. This key is used to decrypt the Windows passwords and 187is stored in an encrypted file readable only by root, 188<em class="filename">/var/db/netinfo/.tag.tim</em>.</p> 189</li> 190<li> 191<p>Set <tt class="literal">AUTHSERVER=-YES-</tt> in 192<em class="filename">/etc/hostconfig</em>.</p> 193</li> 194<li> 195<p>Start Authentication Manager by invoking <em class="emphasis">tim</em>. 196This is also executed during the boot sequence by the AuthServer 197startup item.</p> 198</li> 199<li> 200<p>Reset the password of each user requiring SMB client access. In Mac 201OS X Server 10.2 or later, make sure the user is set up for Basic 202authentication, not Password Server authentication.</p> 203</li></ol></td></tr></table></blockquote> 204 205<p>When you've finished configuring Windows Services, 206click the Save button, then click the Windows icon in Server 207Settings, and select Start Windows Services. This starts the Samba 208daemons, enabling access from SMB clients.</p> 209 210 211</div> 212 213 214<div class="sect2"><a name="samba2-APP-F-SECT-1.4"/> 215 216<h3 class="head2">Activating Password Server</h3> 217 218<p><a name="INDEX-10"/><a name="INDEX-11"/>Now that 219you've set up file and printer shares, you need to 220make sure users can properly authenticate to access them. In Mac OS X 221Server, this is accomplished with the <a name="INDEX-12"/>Open Directory 222Password Server, a service based on the <a name="INDEX-13"/>Simple Authentication and Security 223Layer (SASL) standard and usable with many different authentication 224protocols, including the LAN Manager and Windows NT LAN Manager 225(NTLM) protocols. This section describes how to support SMB client 226authentication, but for more information on what Password Server does 227and how it works, see the Mac OS X Server 228Administrator's Guide.</p> 229 230<p>To enable Password Server or merely check its settings, start the 231Open Directory Assistant. Unless you wish to change any of the 232settings, just click the right arrow button in the lower-right corner 233of the window until you get to the first Security step. At this 234point, activate Password Server by selecting the option marked 235Password and authentication information will be provided to other 236systems. The next step displays the main administrative account, and 237the one after that gives you a choice of authentication protocols to 238enable (see <a href="appf.html#samba2-APP-F-FIG-4">Figure F-4</a>). Make sure that SMB-NT is 239checked, and check SMB-Lan Manager if you have Windows 95/98/Me or 240older clients. The final step saves the Password Server configuration 241and prompts you to reboot.</p> 242 243<div class="figure"><a name="samba2-APP-F-FIG-4"/><img src="figs/sam2_af04.gif"/></div><h4 class="head4">Figure F-4. Password Server authentication protocols</h4> 244 245 246</div> 247 248 249<div class="sect2"><a name="samba2-APP-F-SECT-1.5"/> 250 251<h3 class="head2">Enabling Password Server</h3> 252 253<p><a name="INDEX-14"/><a name="INDEX-15"/>To enable the 254use of Password Server for a user account, launch Workgroup Manager, 255and click the Accounts button in the toolbar. Under the Users tab on 256the far left (with the silhouette of a single person), select the 257account, and under the Advanced tab on the right, select Password 258Server for the User Password Type (see <a href="appf.html#samba2-APP-F-FIG-5">Figure F-5</a>). 259You are prompted to enter a new user password to be stored in the 260Password Server database. After saving the account configuration, the 261user can authenticate and access shares from an SMB client.</p> 262 263<div class="figure"><a name="samba2-APP-F-FIG-5"/><img src="figs/sam2_af05.gif"/></div><h4 class="head4">Figure F-5. Workgroup Manager: Enabling Password Server authentication</h4> 264 265 266</div> 267 268 269<div class="sect2"><a name="samba2-APP-F-SECT-1.6"/> 270 271<h3 class="head2">Monitoring Services</h3> 272 273<p><a name="INDEX-16"/>Once you've got 274everything working, you'll want to keep an eye on 275things. The Server Status application gives you views into the 276various services provided by Mac OS X Server. For Windows Services, 277you can see the current state of the service, browse the logs 278(located in the directory 279<em class="filename">/Library/Logs/WindowsServices</em>), display and 280terminate individual connections, and view a graph of connections 281over time (see <a href="appf.html#samba2-APP-F-FIG-6">Figure F-6</a>). Similar information is 282provided for Print Service.</p> 283 284<div class="figure"><a name="samba2-APP-F-FIG-6"/><img src="figs/sam2_af06.gif"/></div><h4 class="head4">Figure F-6. Server Status: Windows Services</h4> 285 286 287</div> 288 289 290</div> 291 292 293 294<div class="sect1"><a name="samba2-APP-F-SECT-2"/> 295 296<h2 class="head1">Configuration Details</h2> 297 298<p><a name="INDEX-17"/>Underneath the GUI, a lot of activity 299takes place to offer Windows Services. In the non-Server version of 300Mac OS X, selecting Windows File Sharing sets the 301<tt class="literal">SMBSERVER</tt> parameter in 302<em class="filename">/etc/hostconfig</em> and triggers the Samba startup 303item. In Mac OS X Server, under normal circumstances the Samba 304startup item and the <tt class="literal">SMBSERVER</tt> parameter are never 305used.</p> 306 307<p>Instead, a process named <em class="emphasis">sambadmind</em> generates 308<em class="filename">/etc/smb.conf</em> from the configuration specified 309in Server Settings and Workgroup Manager and handles starting and 310restarting the Samba daemons as necessary. The 311<em class="emphasis">sambadmind</em> process is in turn monitored by 312<em class="emphasis">watchdog</em>, which keeps an eye on certain 313processes and restarts those which fail. The 314<em class="emphasis">watchdog</em> utility is configured in 315<em class="filename">/etc/watchdog.conf</em>, a file similar to a System V 316<em class="filename">inittab</em>, which specifies how the services under 317<em class="emphasis">watchdog</em>'s purview are to be 318treated. For example, the line for <em class="emphasis">sambadmind</em> 319looks like this:</p> 320 321<blockquote><pre class="code">sambadmin:respawn:/usr/sbin/sambadmind -d # SMB Admin daemon</pre></blockquote> 322 323<p>Using a <em class="emphasis">watchdog</em>-monitored process such as 324<em class="emphasis">sambadmind</em> to start the Samba daemons, instead 325of a one-time execution of a startup item, results in more reliable 326service. In Mac OS X Server, if a Samba daemon dies unexpectedly, it 327is quickly restarted. (Examples of other services monitored by 328<em class="emphasis">watchdog</em> are Password Server, Print Service, and 329the Server Settings daemon that allows remote management.)</p> 330 331<p>There's another wrinkle in Mac OS X Server: the 332Samba configuration settings are not written directly to 333<em class="filename">/etc/smb.conf</em>, as they are in the non-Server 334version of Mac OS X. Instead, they're stored in the 335server's local Open Directory domain,<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> from which <em class="emphasis">sambadmind</em> retrieves them 336and regenerates <em class="filename">smb.conf</em>. For example, the Samba 337global parameters are stored in 338<em class="filename">/config/SMBServer</em> (see <a href="appf.html#samba2-APP-F-FIG-7">Figure F-7</a>). Share point information is also kept in Open 339Directory, under <em class="filename">/config/SharePoints</em>, while CUPS 340takes responsibility for printer configuration in 341<em class="filename">/etc/cups/printers.conf</em> (also creating stub 342entries used by Samba in <em class="filename">/etc/printcap</em>).</p> 343 344<div class="figure"><a name="samba2-APP-F-FIG-7"/><img src="figs/sam2_af07.gif"/></div><h4 class="head4">Figure F-7. NetInfo Manager: SMBServer properties</h4> 345 346<p><a href="appf.html#samba2-APP-F-TABLE-1">Table F-1</a> summarizes the association of Windows 347Services settings in the Server Settings application, properties 348stored in Open Directory, and parameters in 349<em class="filename">/etc/smb.conf</em>.</p> 350 351<a name="samba2-APP-F-TABLE-1"/><h4 class="head4">Table F-1. Samba configuration settings in Mac OS X Server</h4><table border="1"> 352 353 354 355 356<tr> 357<th> 358<p>Server Settings graphical element in Windows Services</p> 359</th> 360<th> 361<p>Open Directory property in <em class="filename">/config/SMBServer</em></p> 362</th> 363<th> 364<p>Samba global parameter in<em class="filename">/etc/smb.conf</em></p> 365</th> 366</tr> 367 368 369<tr> 370<td> 371<p>General → Server Name</p> 372</td> 373<td> 374<p><tt class="literal">netbios_name</tt></p> 375</td> 376<td> 377<p><tt class="literal">netbios name</tt></p> 378</td> 379</tr> 380<tr> 381<td> 382<p>General → Workgroup</p> 383</td> 384<td> 385<p><tt class="literal">workgroup</tt></p> 386</td> 387<td> 388<p><tt class="literal">workgroup</tt></p> 389</td> 390</tr> 391<tr> 392<td> 393<p>General → Description</p> 394</td> 395<td> 396<p><tt class="literal">description</tt></p> 397</td> 398<td> 399<p><tt class="literal">server string</tt></p> 400</td> 401</tr> 402<tr> 403<td> 404<p>General → Code Page</p> 405</td> 406<td> 407<p><tt class="literal">code_page</tt></p> 408</td> 409<td> 410<p><tt class="literal">client code page</tt></p> 411</td> 412</tr> 413<tr> 414<td> 415<p>General → Start Windows Services on system startup</p> 416</td> 417<td> 418<p><tt class="literal">auto_start</tt></p> 419</td> 420<td> 421<p>N/A</p> 422</td> 423</tr> 424<tr> 425<td> 426<p>Access → Allow Guest Access</p> 427</td> 428<td> 429<p><tt class="literal">guest_access</tt>, <tt class="literal">map_to_guest</tt></p> 430</td> 431<td> 432<p><tt class="literal">map to guest</tt></p> 433</td> 434</tr> 435<tr> 436<td> 437<p>N/A</p> 438</td> 439<td> 440<p><tt class="literal">guest_account</tt></p> 441</td> 442<td> 443<p><tt class="literal">guest account</tt></p> 444</td> 445</tr> 446<tr> 447<td> 448<p>Access → Maximum client connections</p> 449</td> 450<td> 451<p><tt class="literal">max_connections</tt></p> 452</td> 453<td> 454<p><tt class="literal">max smbd processes</tt></p> 455</td> 456</tr> 457<tr> 458<td> 459<p>Logging → Detail Level</p> 460</td> 461<td> 462<p><tt class="literal">logging</tt></p> 463</td> 464<td> 465<p><tt class="literal">log level</tt></p> 466</td> 467</tr> 468<tr> 469<td> 470<p>Neighborhood → WINS Registration → 471Off</p> 472</td> 473<td> 474<p><tt class="literal">WINS_enabled</tt>, <tt class="literal">WINS_register</tt></p> 475</td> 476<td> 477<p><tt class="literal">wins support</tt></p> 478</td> 479</tr> 480<tr> 481<td> 482<p>Neighborhood → WINS Registration → 483Enable WINS server</p> 484</td> 485<td> 486<p><tt class="literal">WINS_enabled</tt></p> 487</td> 488<td> 489<p><tt class="literal">wins support</tt></p> 490</td> 491</tr> 492<tr> 493<td> 494<p>Neighborhood → WINS Registration → 495Register with WINS server</p> 496</td> 497<td> 498<p><tt class="literal">WINS_register</tt>, <tt class="literal">WINS_address</tt></p> 499</td> 500<td> 501<p><tt class="literal">wins server</tt></p> 502</td> 503</tr> 504<tr> 505<td> 506<p>Neighborhood → Workgroup/Domain Services 507→ Master Browser</p> 508</td> 509<td> 510<p><tt class="literal">Local_Master</tt></p> 511</td> 512<td> 513<p><tt class="literal">local master</tt></p> 514</td> 515</tr> 516<tr> 517<td> 518<p>Neighborhood → Workgroup/Domain Services 519→ Domain Master Browser</p> 520</td> 521<td> 522<p><tt class="literal">Domain_Master</tt></p> 523</td> 524<td> 525<p><tt class="literal">domain master</tt></p> 526</td> 527</tr> 528<tr> 529<td> 530<p>Print → Start Print Service</p> 531</td> 532<td> 533<p><tt class="literal">printing</tt></p> 534</td> 535<td> 536<p>N/A</p> 537</td> 538</tr> 539<tr> 540<td> 541<p>N/A</p> 542</td> 543<td> 544<p><tt class="literal">lprm_command</tt></p> 545</td> 546<td> 547<p><tt class="literal">lprm command</tt></p> 548</td> 549</tr> 550<tr> 551<td> 552<p>N/A</p> 553</td> 554<td> 555<p><tt class="literal">lppause_command</tt></p> 556</td> 557<td> 558<p><tt class="literal">lppause command</tt></p> 559</td> 560</tr> 561<tr> 562<td> 563<p>N/A</p> 564</td> 565<td> 566<p><tt class="literal">lpresume_command</tt></p> 567</td> 568<td> 569<p><tt class="literal">lpresume command</tt></p> 570</td> 571</tr> 572<tr> 573<td> 574<p>N/A</p> 575</td> 576<td> 577<p><tt class="literal">printer_admin</tt></p> 578</td> 579<td> 580<p><tt class="literal">printer admin</tt></p> 581</td> 582</tr> 583<tr> 584<td> 585<p>N/A</p> 586</td> 587<td> 588<p><tt class="literal">encryption</tt></p> 589</td> 590<td> 591<p><tt class="literal">encrypt passwords</tt></p> 592</td> 593</tr> 594<tr> 595<td> 596<p>N/A</p> 597</td> 598<td> 599<p><tt class="literal">coding_system</tt></p> 600</td> 601<td> 602<p><tt class="literal">coding system</tt></p> 603</td> 604</tr> 605<tr> 606<td> 607<p>N/A</p> 608</td> 609<td> 610<p><tt class="literal">log_dir</tt></p> 611</td> 612<td> 613<p>N/A</p> 614</td> 615</tr> 616<tr> 617<td> 618<p>N/A</p> 619</td> 620<td> 621<p><tt class="literal">smb_log</tt></p> 622</td> 623<td> 624<p><tt class="literal">log file</tt></p> 625</td> 626</tr> 627<tr> 628<td> 629<p>N/A</p> 630</td> 631<td> 632<p><tt class="literal">nmb_log</tt></p> 633</td> 634<td> 635<p>N/A</p> 636</td> 637</tr> 638<tr> 639<td> 640<p>N/A</p> 641</td> 642<td> 643<p><tt class="literal">samba_sbindir</tt></p> 644</td> 645<td> 646<p>N/A</p> 647</td> 648</tr> 649<tr> 650<td> 651<p>N/A</p> 652</td> 653<td> 654<p><tt class="literal">samba_bindir</tt></p> 655</td> 656<td> 657<p>N/A</p> 658</td> 659</tr> 660<tr> 661<td> 662<p>N/A</p> 663</td> 664<td> 665<p><tt class="literal">samba_libdir</tt></p> 666</td> 667<td> 668<p>N/A</p> 669</td> 670</tr> 671<tr> 672<td> 673<p>N/A</p> 674</td> 675<td> 676<p><tt class="literal">samba_lockdir</tt></p> 677</td> 678<td> 679<p>N/A</p> 680</td> 681</tr> 682<tr> 683<td> 684<p>N/A</p> 685</td> 686<td> 687<p><tt class="literal">samba_vardir</tt></p> 688</td> 689<td> 690<p>N/A</p> 691</td> 692</tr> 693<tr> 694<td> 695<p>N/A</p> 696</td> 697<td> 698<p><tt class="literal">stop_time</tt></p> 699</td> 700<td> 701<p>N/A <a name="INDEX-19"/></p> 702</td> 703</tr> 704 705</table> 706 707 708</div> 709 710 711 712<div class="sect1"><a name="samba2-APP-F-SECT-3"/> 713 714<h2 class="head1">Rolling Your Own</h2> 715 716<p><a name="INDEX-20"/>When making manual changes to the Samba 717configuration file, take care to block changes initiated from 718graphical applications by invoking this command:</p> 719 720<blockquote><pre class="code"># <tt class="userinput"><b>chflags uchg /etc/smb.conf</b></tt></pre></blockquote> 721 722<p>From that point on, the GUI will be useful only for starting, 723stopping, and monitoring the service—not for configuring it.</p> 724 725<p>If you install your own version of Samba, you can still manage it 726from Server Settings by changing some of the Open Directory 727properties in <em class="filename">/config/SMBServer</em>.</p> 728 729<p>To do this, open NetInfo Manager and modify the 730<tt class="literal">samba_sbindir</tt> and <tt class="literal">samba_bindir</tt> 731properties to match the location of your Samba installation. 732Optionally, you can modify <tt class="literal">samba_libdir</tt>, 733<tt class="literal">samba_vardir</tt>, and 734<tt class="literal">samba_lockdir</tt>. Assuming a default Samba 735installation, you can also change these at the command line with the 736following commands:</p> 737 738<blockquote><pre class="code"># <tt class="userinput"><b>nicl . -create /config/SMBServer samba_sbindir /usr/local/samba/bin</b></tt> 739# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_bindir /usr/local/samba/bin</b></tt> 740# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_libdir /usr/local/samba/lib</b></tt> 741# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_vardir /usr/local/samba/var</b></tt> 742# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_lockdir /usr/local/samba/var/locks</b></tt></pre></blockquote> 743 744<p>You can check your settings with this command:</p> 745 746<blockquote><pre class="code"># <tt class="userinput"><b>nicl . -read /config/SMBServer</b></tt></pre></blockquote> 747 748<p>In Server Settings, select Stop Windows Services, then run this 749command:</p> 750 751<blockquote><pre class="code"># <tt class="userinput"><b>killall sambadmind</b></tt></pre></blockquote> 752 753<p>The <em class="emphasis">watchdog</em> utility restarts 754<em class="emphasis">sambadmind</em> within seconds. Finally, go back to 755Server Settings, and select Start Windows Services.</p> 756 757<p>If you don't modify Open Directory properties to 758match your active Samba installation (because you wish to manage your 759configuration another way), be sure never to activate Windows 760Services from the Server Settings application, or 761you'll wind up with two sets of Samba daemons 762running concurrently. <a name="INDEX-21"/></p> 763 764 765</div> 766 767<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> 768<p><a href="#FNPTR-1">[1]</a> In versions of Mac OS X prior to 10.2, Open Directory domains 769were called NetInfo domains. NetInfo Manager (located in 770<em class="filename">/Applications/Utilities</em>) provides a graphical 771interface to view and modify the contents of Open Directory 772databases. For more information, see the <em class="citetitle">Mac OS X Server 773Administrator's Guide</em>, as well as 774<em class="citetitle">Understanding and Using NetInfo</em>, downloadable 775from the Mac OS X Server resources web page at <a href="http://www.apple.com/server/resources.html">http://www.apple.com/server/resources.html</a>.</p> 776</blockquote> 777 778 779<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4> 780</body></html> 781