1<html>
2<body bgcolor="#ffffff">
3
4<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
5hspace="10" align="left" />
6
7<h1 class="head0">Appendix F. Running Samba on Mac OS X Server</h1>
8
9
10
11<p><a name="INDEX-1"/>Mac OS X Server is an Apple
12operating-system product based on Mac OS X, with the addition of
13administrative tools and server software. One area in which it
14differs from Mac OS X is in the configuration of Samba-based
15services. In this appendix, we'll tell you how to
16set up SMB file and printer shares, enable client user access, and
17monitor activity. Our specific focus is on Mac OS X Server 10.2.</p>
18
19
20
21<div class="sect1"><a name="samba2-APP-F-SECT-1"/>
22
23<h2 class="head1">Setup Procedures</h2>
24
25<p>The first thing to note is that the procedure described in <a href="ch02.html">Chapter 2</a> using System Preferences to enable Samba does
26not apply to Mac OS X Server. Unlike Mac OS X, the Sharing pane of
27System Preferences does not include an option to turn on Windows File
28Sharing. Instead, there is a set of applications to configure,
29activate, and monitor services: Workgroup Manager, Server Settings,
30Server Status, and Open Directory Assistant, all located in the
31directory <em class="filename">/Applications/Utilities</em>.</p>
32
33<a name="samba2-APP-F-NOTE-163"/><blockquote class="note"><h4 class="objtitle">NOTE</h4>
34<p>In addition to being installed with Mac OS X Server, these and other
35administrative applications are included on a separate installation
36CD-ROM sold with the operating system. They can be used to manage Mac
37OS X Server systems remotely from any Mac OS X machine.</p>
38
39<p>For more information, refer to the <em class="citetitle">Mac OS X Server
40Administrator's
41Guide</em><a name="INDEX-2"/>, included as a PDF
42file in the <em class="filename">/Library/Documentation/MacOSXServer</em>
43directory, and also downloadable from Apple
44Computer's web site at <a href="http://www.apple.com/server/">http://www.apple.com/server/</a>.</p>
45</blockquote>
46
47<p>Briefly, the procedure for setting up SMB file and printer shares is
48as follows:</p>
49
50<ol><li>
51<p>Designate share points in Workgroup Manager for file sharing.</p>
52</li><li>
53<p>Set up print queues in Server Settings for printer sharing, and
54activate Printer Service.</p>
55</li><li>
56<p>Configure and activate Windows Services in Server Settings.</p>
57</li><li>
58<p>Activate Password Server and enable SMB authentication in Open
59Directory Assistant.</p>
60</li><li>
61<p>Enable Password Server authentication for user accounts in Workgroup
62Manager.</p>
63</li><li>
64<p>Monitor file and print services with Server Status.</p>
65</li></ol>
66
67<div class="sect2"><a name="samba2-APP-F-SECT-1.1"/>
68
69<h3 class="head2">Sharing Files</h3>
70
71<p><a name="INDEX-3"/><a name="INDEX-4"/>The
72first step to enable SMB file sharing is to designate one or more
73<em class="firstterm">share points</em>. Share points are folders that
74form the root of shared volumes for any of the protocols supported by
75Mac OS X Server: Apple Filesharing Protocol (AFP), Network Filesystem
76(NFS), File Transfer Protocol (FTP), and SMB.</p>
77
78<p>To designate a share point, launch Workgroup Manager. You will be
79prompted for the local or remote server's hostname
80or IP address, as well as for a username and password; this process
81is required by all the Mac OS X Server administrative applications.
82Once Workgroup Manager is open, click the Sharing button in the
83toolbar. The list on the left, under the Share Points tab, displays
84currently defined share points. To add a new one, click the All tab,
85and navigate to the folder you want to share.</p>
86
87<p>On the right, under the General tab, check the box labeled Share this
88item and its contents, change the ownership and permissions if
89desired, then click the Save button. Next, under the Protocols tab,
90select Windows File Settings from the pop-up menu, and ensure that
91the box labeled Share this item using SMB is checked. At this point,
92you can also decide whether to allow guest access to the share,
93change the name of the share displayed to SMB clients, or set
94permissions for files and folders created by SMB clients. Click the
95Save button when you're finished making changes. See
96<a href="appf.html#samba2-APP-F-FIG-1">Figure F-1</a>.</p>
97
98<div class="figure"><a name="samba2-APP-F-FIG-1"/><img src="figs/sam2_af01.gif"/></div><h4 class="head4">Figure F-1. Workgroup Manager: Share Points and Windows File Settings</h4>
99
100
101</div>
102
103
104<div class="sect2"><a name="samba2-APP-F-SECT-1.2"/>
105
106<h3 class="head2">Sharing Printers</h3>
107
108<p><a name="INDEX-5"/><a name="INDEX-6"/>Printer shares are set up
109differently. First, launch Server Settings; under the File &amp;
110Print tab, select Print, then Configure Print Service.... Check the
111box labeled Automatically share new queues for Windows printing.
112Next, click the Print icon again and then Show Print Monitor. Make
113sure the printers you want to share are listed. Printers directly
114attached to the server should have queues created automatically, but
115remote printers you wish to reshare must be added by clicking New
116Queue and discovering or specifying the printers. When
117you're finished, click Save, select the Print icon
118one more time, and select Start Print Service. See <a href="appf.html#samba2-APP-F-FIG-2">Figure F-2</a>.</p>
119
120<div class="figure"><a name="samba2-APP-F-FIG-2"/><img src="figs/sam2_af02.gif"/></div><h4 class="head4">Figure F-2. Server Settings: Print Service</h4>
121
122<a name="samba2-APP-F-NOTE-164"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
123<p>Server Settings will make local printers available for sharing only
124if they're PostScript compatible. Unfortunately,
125many printers, including consumer-grade USB inkjet printers,
126aren't. If you want to make one of these printers
127available to SMB clients, you can still add the share to
128<em class="filename">/etc/smb.conf</em> yourself with a text editor. See
129&quot;Rolling Your Own&quot; later in this
130chapter for instructions and caveats related to making manual changes
131to <em class="filename">smb.conf</em>.</p>
132</blockquote>
133
134
135</div>
136
137
138<div class="sect2"><a name="samba2-APP-F-SECT-1.3"/>
139
140<h3 class="head2">Configuring and Activating Services</h3>
141
142<p><a name="INDEX-7"/>At this point, neither
143the file shares nor the printer shares are available to SMB clients.
144To activate them, click the Windows icon in Server Settings, and
145click Configure Windows Services.... Under the General tab, you can
146set the server's NetBIOS hostname, the workgroup or
147Windows NT domain in which the server resides, and the description
148that gets displayed in a browse list. You can also specify the code
149page for an alternate character set. Finally, you can enable
150boot-time startup of Samba. See <a href="appf.html#samba2-APP-F-FIG-3">Figure F-3</a>.</p>
151
152<div class="figure"><a name="samba2-APP-F-FIG-3"/><img src="figs/sam2_af03.gif"/></div><h4 class="head4">Figure F-3. Server Settings: Windows Services</h4>
153
154<p>The Windows Services Access tab offers options to enable guest access
155and limit the number of simultaneous client connections; under the
156Logging tab, you can specify the verbosity of your logging. With
157options under the Neighborhood tab, you can configure your machine as
158a WINS client or server or have it provide browser services locally
159or across subnets.</p>
160
161<a name="samba2-APP-F-SIDEBAR-1"/><blockquote><table border="1" cellpadding="6"><tr><td>
162<h4 class="head4">Password Server</h4>
163
164<p><a name="INDEX-8"/><a name="INDEX-9"/>Password Server is a feature
165introduced with Mac OS X Server 10.2. In prior versions of Mac OS X
166Server, Windows authentication was handled with Authentication
167Manager, which stored a user's Windows password in
168the <tt class="literal">tim_password</tt> property of the
169user's NetInfo record. This can still be done in
170Version 10.2, although it's strongly discouraged
171because the encrypted password is visible to other users with access
172to the NetInfo domain and can potentially be decrypted.</p>
173
174<p>If you need to use Authentication Manager, use the following
175procedure to enable it:</p>
176
177<ol><li>
178<p>On every machine hosting a domain that will bind into the NetInfo
179hierarchy, execute the command <tt class="literal">tim -init -auto</tt>
180<em class="replaceable">tag</em> for each domain, where
181<em class="replaceable">tag</em> is the name of the
182domain's database.</p>
183</li>
184<li>
185<p>When prompted, provide a password to be used as the encryption key
186for the domain. This key is used to decrypt the Windows passwords and
187is stored in an encrypted file readable only by root,
188<em class="filename">/var/db/netinfo/.tag.tim</em>.</p>
189</li>
190<li>
191<p>Set <tt class="literal">AUTHSERVER=-YES-</tt> in
192<em class="filename">/etc/hostconfig</em>.</p>
193</li>
194<li>
195<p>Start Authentication Manager by invoking <em class="emphasis">tim</em>.
196This is also executed during the boot sequence by the AuthServer
197startup item.</p>
198</li>
199<li>
200<p>Reset the password of each user requiring SMB client access. In Mac
201OS X Server 10.2 or later, make sure the user is set up for Basic
202authentication, not Password Server authentication.</p>
203</li></ol></td></tr></table></blockquote>
204
205<p>When you've finished configuring Windows Services,
206click the Save button, then click the Windows icon in Server
207Settings, and select Start Windows Services. This starts the Samba
208daemons, enabling access from SMB clients.</p>
209
210
211</div>
212
213
214<div class="sect2"><a name="samba2-APP-F-SECT-1.4"/>
215
216<h3 class="head2">Activating Password Server</h3>
217
218<p><a name="INDEX-10"/><a name="INDEX-11"/>Now that
219you've set up file and printer shares, you need to
220make sure users can properly authenticate to access them. In Mac OS X
221Server, this is accomplished with the <a name="INDEX-12"/>Open Directory
222Password Server, a service based on the <a name="INDEX-13"/>Simple Authentication and Security
223Layer (SASL) standard and usable with many different authentication
224protocols, including the LAN Manager and Windows NT LAN Manager
225(NTLM) protocols. This section describes how to support SMB client
226authentication, but for more information on what Password Server does
227and how it works, see the Mac OS X Server
228Administrator's Guide.</p>
229
230<p>To enable Password Server or merely check its settings, start the
231Open Directory Assistant. Unless you wish to change any of the
232settings, just click the right arrow button in the lower-right corner
233of the window until you get to the first Security step. At this
234point, activate Password Server by selecting the option marked
235Password and authentication information will be provided to other
236systems. The next step displays the main administrative account, and
237the one after that gives you a choice of authentication protocols to
238enable (see <a href="appf.html#samba2-APP-F-FIG-4">Figure F-4</a>). Make sure that SMB-NT is
239checked, and check SMB-Lan Manager if you have Windows 95/98/Me or
240older clients. The final step saves the Password Server configuration
241and prompts you to reboot.</p>
242
243<div class="figure"><a name="samba2-APP-F-FIG-4"/><img src="figs/sam2_af04.gif"/></div><h4 class="head4">Figure F-4. Password Server authentication protocols</h4>
244
245
246</div>
247
248
249<div class="sect2"><a name="samba2-APP-F-SECT-1.5"/>
250
251<h3 class="head2">Enabling Password Server</h3>
252
253<p><a name="INDEX-14"/><a name="INDEX-15"/>To enable the
254use of Password Server for a user account, launch Workgroup Manager,
255and click the Accounts button in the toolbar. Under the Users tab on
256the far left (with the silhouette of a single person), select the
257account, and under the Advanced tab on the right, select Password
258Server for the User Password Type (see <a href="appf.html#samba2-APP-F-FIG-5">Figure F-5</a>).
259You are prompted to enter a new user password to be stored in the
260Password Server database. After saving the account configuration, the
261user can authenticate and access shares from an SMB client.</p>
262
263<div class="figure"><a name="samba2-APP-F-FIG-5"/><img src="figs/sam2_af05.gif"/></div><h4 class="head4">Figure F-5. Workgroup Manager: Enabling Password Server authentication</h4>
264
265
266</div>
267
268
269<div class="sect2"><a name="samba2-APP-F-SECT-1.6"/>
270
271<h3 class="head2">Monitoring Services</h3>
272
273<p><a name="INDEX-16"/>Once you've got
274everything working, you'll want to keep an eye on
275things. The Server Status application gives you views into the
276various services provided by Mac OS X Server. For Windows Services,
277you can see the current state of the service, browse the logs
278(located in the directory
279<em class="filename">/Library/Logs/WindowsServices</em>), display and
280terminate individual connections, and view a graph of connections
281over time (see <a href="appf.html#samba2-APP-F-FIG-6">Figure F-6</a>). Similar information is
282provided for Print Service.</p>
283
284<div class="figure"><a name="samba2-APP-F-FIG-6"/><img src="figs/sam2_af06.gif"/></div><h4 class="head4">Figure F-6. Server Status: Windows Services</h4>
285
286
287</div>
288
289
290</div>
291
292
293
294<div class="sect1"><a name="samba2-APP-F-SECT-2"/>
295
296<h2 class="head1">Configuration Details</h2>
297
298<p><a name="INDEX-17"/>Underneath the GUI, a lot of activity
299takes place to offer Windows Services. In the non-Server version of
300Mac OS X, selecting Windows File Sharing sets the
301<tt class="literal">SMBSERVER</tt> parameter in
302<em class="filename">/etc/hostconfig</em> and triggers the Samba startup
303item. In Mac OS X Server, under normal circumstances the Samba
304startup item and the <tt class="literal">SMBSERVER</tt> parameter are never
305used.</p>
306
307<p>Instead, a process named <em class="emphasis">sambadmind</em> generates
308<em class="filename">/etc/smb.conf</em> from the configuration specified
309in Server Settings and Workgroup Manager and handles starting and
310restarting the Samba daemons as necessary. The
311<em class="emphasis">sambadmind</em> process is in turn monitored by
312<em class="emphasis">watchdog</em>, which keeps an eye on certain
313processes and restarts those which fail. The
314<em class="emphasis">watchdog</em> utility is configured in
315<em class="filename">/etc/watchdog.conf</em>, a file similar to a System V
316<em class="filename">inittab</em>, which specifies how the services under
317<em class="emphasis">watchdog</em>'s purview are to be
318treated. For example, the line for <em class="emphasis">sambadmind</em>
319looks like this:</p>
320
321<blockquote><pre class="code">sambadmin:respawn:/usr/sbin/sambadmind -d     # SMB Admin daemon</pre></blockquote>
322
323<p>Using a <em class="emphasis">watchdog</em>-monitored process such as
324<em class="emphasis">sambadmind</em> to start the Samba daemons, instead
325of a one-time execution of a startup item, results in more reliable
326service. In Mac OS X Server, if a Samba daemon dies unexpectedly, it
327is quickly restarted. (Examples of other services monitored by
328<em class="emphasis">watchdog</em> are Password Server, Print Service, and
329the Server Settings daemon that allows remote management.)</p>
330
331<p>There's another wrinkle in Mac OS X Server: the
332Samba configuration settings are not written directly to
333<em class="filename">/etc/smb.conf</em>, as they are in the non-Server
334version of Mac OS X. Instead, they're stored in the
335server's local Open Directory domain,<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> from which <em class="emphasis">sambadmind</em> retrieves them
336and regenerates <em class="filename">smb.conf</em>. For example, the Samba
337global parameters are stored in
338<em class="filename">/config/SMBServer</em> (see <a href="appf.html#samba2-APP-F-FIG-7">Figure F-7</a>). Share point information is also kept in Open
339Directory, under <em class="filename">/config/SharePoints</em>, while CUPS
340takes responsibility for printer configuration in
341<em class="filename">/etc/cups/printers.conf</em> (also creating stub
342entries used by Samba in <em class="filename">/etc/printcap</em>).</p>
343
344<div class="figure"><a name="samba2-APP-F-FIG-7"/><img src="figs/sam2_af07.gif"/></div><h4 class="head4">Figure F-7. NetInfo Manager: SMBServer properties</h4>
345
346<p><a href="appf.html#samba2-APP-F-TABLE-1">Table F-1</a> summarizes the association of Windows
347Services settings in the Server Settings application, properties
348stored in Open Directory, and parameters in
349<em class="filename">/etc/smb.conf</em>.</p>
350
351<a name="samba2-APP-F-TABLE-1"/><h4 class="head4">Table F-1. Samba configuration settings in Mac OS X Server</h4><table border="1">
352
353
354
355
356<tr>
357<th>
358<p>Server Settings graphical element in Windows Services</p>
359</th>
360<th>
361<p>Open Directory property in <em class="filename">/config/SMBServer</em></p>
362</th>
363<th>
364<p>Samba global parameter in<em class="filename">/etc/smb.conf</em></p>
365</th>
366</tr>
367
368
369<tr>
370<td>
371<p>General &rarr; Server Name</p>
372</td>
373<td>
374<p><tt class="literal">netbios_name</tt></p>
375</td>
376<td>
377<p><tt class="literal">netbios name</tt></p>
378</td>
379</tr>
380<tr>
381<td>
382<p>General &rarr; Workgroup</p>
383</td>
384<td>
385<p><tt class="literal">workgroup</tt></p>
386</td>
387<td>
388<p><tt class="literal">workgroup</tt></p>
389</td>
390</tr>
391<tr>
392<td>
393<p>General &rarr; Description</p>
394</td>
395<td>
396<p><tt class="literal">description</tt></p>
397</td>
398<td>
399<p><tt class="literal">server string</tt></p>
400</td>
401</tr>
402<tr>
403<td>
404<p>General &rarr; Code Page</p>
405</td>
406<td>
407<p><tt class="literal">code_page</tt></p>
408</td>
409<td>
410<p><tt class="literal">client code page</tt></p>
411</td>
412</tr>
413<tr>
414<td>
415<p>General &rarr; Start Windows Services on system startup</p>
416</td>
417<td>
418<p><tt class="literal">auto_start</tt></p>
419</td>
420<td>
421<p>N/A</p>
422</td>
423</tr>
424<tr>
425<td>
426<p>Access &rarr; Allow Guest Access</p>
427</td>
428<td>
429<p><tt class="literal">guest_access</tt>, <tt class="literal">map_to_guest</tt></p>
430</td>
431<td>
432<p><tt class="literal">map to guest</tt></p>
433</td>
434</tr>
435<tr>
436<td>
437<p>N/A</p>
438</td>
439<td>
440<p><tt class="literal">guest_account</tt></p>
441</td>
442<td>
443<p><tt class="literal">guest account</tt></p>
444</td>
445</tr>
446<tr>
447<td>
448<p>Access &rarr; Maximum client connections</p>
449</td>
450<td>
451<p><tt class="literal">max_connections</tt></p>
452</td>
453<td>
454<p><tt class="literal">max smbd processes</tt></p>
455</td>
456</tr>
457<tr>
458<td>
459<p>Logging &rarr; Detail Level</p>
460</td>
461<td>
462<p><tt class="literal">logging</tt></p>
463</td>
464<td>
465<p><tt class="literal">log level</tt></p>
466</td>
467</tr>
468<tr>
469<td>
470<p>Neighborhood &rarr; WINS Registration &rarr;
471Off</p>
472</td>
473<td>
474<p><tt class="literal">WINS_enabled</tt>, <tt class="literal">WINS_register</tt></p>
475</td>
476<td>
477<p><tt class="literal">wins support</tt></p>
478</td>
479</tr>
480<tr>
481<td>
482<p>Neighborhood &rarr; WINS Registration &rarr;
483Enable WINS server</p>
484</td>
485<td>
486<p><tt class="literal">WINS_enabled</tt></p>
487</td>
488<td>
489<p><tt class="literal">wins support</tt></p>
490</td>
491</tr>
492<tr>
493<td>
494<p>Neighborhood &rarr; WINS Registration &rarr;
495Register with WINS server</p>
496</td>
497<td>
498<p><tt class="literal">WINS_register</tt>, <tt class="literal">WINS_address</tt></p>
499</td>
500<td>
501<p><tt class="literal">wins server</tt></p>
502</td>
503</tr>
504<tr>
505<td>
506<p>Neighborhood &rarr; Workgroup/Domain Services
507&rarr; Master Browser</p>
508</td>
509<td>
510<p><tt class="literal">Local_Master</tt></p>
511</td>
512<td>
513<p><tt class="literal">local master</tt></p>
514</td>
515</tr>
516<tr>
517<td>
518<p>Neighborhood &rarr; Workgroup/Domain Services
519&rarr; Domain Master Browser</p>
520</td>
521<td>
522<p><tt class="literal">Domain_Master</tt></p>
523</td>
524<td>
525<p><tt class="literal">domain master</tt></p>
526</td>
527</tr>
528<tr>
529<td>
530<p>Print &rarr; Start Print Service</p>
531</td>
532<td>
533<p><tt class="literal">printing</tt></p>
534</td>
535<td>
536<p>N/A</p>
537</td>
538</tr>
539<tr>
540<td>
541<p>N/A</p>
542</td>
543<td>
544<p><tt class="literal">lprm_command</tt></p>
545</td>
546<td>
547<p><tt class="literal">lprm command</tt></p>
548</td>
549</tr>
550<tr>
551<td>
552<p>N/A</p>
553</td>
554<td>
555<p><tt class="literal">lppause_command</tt></p>
556</td>
557<td>
558<p><tt class="literal">lppause command</tt></p>
559</td>
560</tr>
561<tr>
562<td>
563<p>N/A</p>
564</td>
565<td>
566<p><tt class="literal">lpresume_command</tt></p>
567</td>
568<td>
569<p><tt class="literal">lpresume command</tt></p>
570</td>
571</tr>
572<tr>
573<td>
574<p>N/A</p>
575</td>
576<td>
577<p><tt class="literal">printer_admin</tt></p>
578</td>
579<td>
580<p><tt class="literal">printer admin</tt></p>
581</td>
582</tr>
583<tr>
584<td>
585<p>N/A</p>
586</td>
587<td>
588<p><tt class="literal">encryption</tt></p>
589</td>
590<td>
591<p><tt class="literal">encrypt passwords</tt></p>
592</td>
593</tr>
594<tr>
595<td>
596<p>N/A</p>
597</td>
598<td>
599<p><tt class="literal">coding_system</tt></p>
600</td>
601<td>
602<p><tt class="literal">coding system</tt></p>
603</td>
604</tr>
605<tr>
606<td>
607<p>N/A</p>
608</td>
609<td>
610<p><tt class="literal">log_dir</tt></p>
611</td>
612<td>
613<p>N/A</p>
614</td>
615</tr>
616<tr>
617<td>
618<p>N/A</p>
619</td>
620<td>
621<p><tt class="literal">smb_log</tt></p>
622</td>
623<td>
624<p><tt class="literal">log file</tt></p>
625</td>
626</tr>
627<tr>
628<td>
629<p>N/A</p>
630</td>
631<td>
632<p><tt class="literal">nmb_log</tt></p>
633</td>
634<td>
635<p>N/A</p>
636</td>
637</tr>
638<tr>
639<td>
640<p>N/A</p>
641</td>
642<td>
643<p><tt class="literal">samba_sbindir</tt></p>
644</td>
645<td>
646<p>N/A</p>
647</td>
648</tr>
649<tr>
650<td>
651<p>N/A</p>
652</td>
653<td>
654<p><tt class="literal">samba_bindir</tt></p>
655</td>
656<td>
657<p>N/A</p>
658</td>
659</tr>
660<tr>
661<td>
662<p>N/A</p>
663</td>
664<td>
665<p><tt class="literal">samba_libdir</tt></p>
666</td>
667<td>
668<p>N/A</p>
669</td>
670</tr>
671<tr>
672<td>
673<p>N/A</p>
674</td>
675<td>
676<p><tt class="literal">samba_lockdir</tt></p>
677</td>
678<td>
679<p>N/A</p>
680</td>
681</tr>
682<tr>
683<td>
684<p>N/A</p>
685</td>
686<td>
687<p><tt class="literal">samba_vardir</tt></p>
688</td>
689<td>
690<p>N/A</p>
691</td>
692</tr>
693<tr>
694<td>
695<p>N/A</p>
696</td>
697<td>
698<p><tt class="literal">stop_time</tt></p>
699</td>
700<td>
701<p>N/A <a name="INDEX-19"/></p>
702</td>
703</tr>
704
705</table>
706
707
708</div>
709
710
711
712<div class="sect1"><a name="samba2-APP-F-SECT-3"/>
713
714<h2 class="head1">Rolling Your Own</h2>
715
716<p><a name="INDEX-20"/>When making manual changes to the Samba
717configuration file, take care to block changes initiated from
718graphical applications by invoking this command:</p>
719
720<blockquote><pre class="code"># <tt class="userinput"><b>chflags uchg /etc/smb.conf</b></tt></pre></blockquote>
721
722<p>From that point on, the GUI will be useful only for starting,
723stopping, and monitoring the service&mdash;not for configuring it.</p>
724
725<p>If you install your own version of Samba, you can still manage it
726from Server Settings by changing some of the Open Directory
727properties in <em class="filename">/config/SMBServer</em>.</p>
728
729<p>To do this, open NetInfo Manager and modify the
730<tt class="literal">samba_sbindir</tt> and <tt class="literal">samba_bindir</tt>
731properties to match the location of your Samba installation.
732Optionally, you can modify <tt class="literal">samba_libdir</tt>,
733<tt class="literal">samba_vardir</tt>, and
734<tt class="literal">samba_lockdir</tt>. Assuming a default Samba
735installation, you can also change these at the command line with the
736following commands:</p>
737
738<blockquote><pre class="code"># <tt class="userinput"><b>nicl . -create /config/SMBServer samba_sbindir /usr/local/samba/bin</b></tt>
739# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_bindir /usr/local/samba/bin</b></tt>
740# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_libdir /usr/local/samba/lib</b></tt>
741# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_vardir /usr/local/samba/var</b></tt>
742# <tt class="userinput"><b>nicl . -create /config/SMBServer samba_lockdir /usr/local/samba/var/locks</b></tt></pre></blockquote>
743
744<p>You can check your settings with this command:</p>
745
746<blockquote><pre class="code"># <tt class="userinput"><b>nicl . -read /config/SMBServer</b></tt></pre></blockquote>
747
748<p>In Server Settings, select Stop Windows Services, then run this
749command:</p>
750
751<blockquote><pre class="code"># <tt class="userinput"><b>killall sambadmind</b></tt></pre></blockquote>
752
753<p>The <em class="emphasis">watchdog</em> utility restarts
754<em class="emphasis">sambadmind</em> within seconds. Finally, go back to
755Server Settings, and select Start Windows Services.</p>
756
757<p>If you don't modify Open Directory properties to
758match your active Samba installation (because you wish to manage your
759configuration another way), be sure never to activate Windows
760Services from the Server Settings application, or
761you'll wind up with two sets of Samba daemons
762running concurrently. <a name="INDEX-21"/></p>
763
764
765</div>
766
767<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/>
768<p><a href="#FNPTR-1">[1]</a> In versions of Mac OS X prior to 10.2, Open Directory domains
769were called NetInfo domains. NetInfo Manager (located in
770<em class="filename">/Applications/Utilities</em>) provides a graphical
771interface to view and modify the contents of Open Directory
772databases. For more information, see the <em class="citetitle">Mac OS X Server
773Administrator's Guide</em>, as well as
774<em class="citetitle">Understanding and Using NetInfo</em>, downloadable
775from the Mac OS X Server resources web page at <a href="http://www.apple.com/server/resources.html">http://www.apple.com/server/resources.html</a>.</p>
776</blockquote>
777
778
779<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4>
780</body></html>
781