Add a section about installing, configuring, and starting Samba for

Windows file and printer sharing on FreeBSD.  More information and
specific examples and screenshots should be added here.

Also, add a few more index terms.

Sponsored by:	FreeBSD Mall, Inc.

en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml

@@ -5,6 +5,17 @@
 -->
 
 <chapter id="network-servers">
+  <chapterinfo>
+    <authorgroup>
+      <author>
+        <firstname>Murray</firstname>
+	<surname>Stokely</surname>
+	<contrib>Reorganized by </contrib>
+      </author>
+    </authorgroup>
+    <!-- 23 July 2004 -->
+  </chapterinfo>
+
   <title>Network Servers</title>
 
   <sect1 id="network-servers-synopsis">
@@ -50,6 +61,11 @@
 	<para>How to set up a File Transfer Protocol (FTP) Server.</para>
       </listitem>
 
+      <listitem>
+	<para>How to set up a file and print server for Windows
+	  clients using Samba.</para>
+      </listitem>
+
       <listitem>
 	<para>How to synchronize the time and date, and set up a
 	  time server, with the NTP protocol.</para>
@@ -330,7 +346,7 @@ server-program-arguments</programlisting>
 	      <literal>seqpacket</literal>.  <literal>stream</literal>
 	      must be used for connection-based, TCP daemons, while
 	      <literal>dgram</literal> is used for daemons utilizing
-	      the UDP transport protocol.</para>
+	      the <acronym>UDP</acronym> transport protocol.</para>
 	  </listitem>
 	</varlistentry>
 
@@ -606,6 +622,11 @@ server-program-arguments</programlisting>
         <primary>NFS</primary>
         <secondary>server</secondary>
       </indexterm>
+      <indexterm>
+        <primary>file server</primary>
+        <secondary>unix clients</secondary>
+      </indexterm>
+
       <indexterm>
         <primary><application>portmap</application></primary>
       </indexterm>
@@ -1009,7 +1030,7 @@ Exports list on foobar:
 	sometimes mistaken for this one, when the NFS servers and
 	clients are on different networks.  If that is the case, make
 	<emphasis>certain</emphasis> that your routers are routing the
-	necessary UDP information, or you will not get anywhere, no
+	necessary <acronym>UDP</acronym> information, or you will not get anywhere, no
 	matter what else you are doing.</para>
 
       <para>In the following examples, <hostid>fastws</hostid> is the host
@@ -1788,7 +1809,7 @@ nis_client_enable="YES"</programlisting>
     </sect2>
 
     <sect2>
-      <title>&nis Security</title>
+      <title>NIS Security</title>
 
       <para>In general, any remote user can issue an RPC to
 	&man.ypserv.8; and retrieve the contents of your NIS maps,
@@ -4351,6 +4372,249 @@ Log file format -->
     </sect2>
   </sect1>
 
+  <sect1 id="network-samba">
+    <sect1info>
+      <authorgroup>
+	<author>
+	  <firstname>Murray</firstname>
+	  <surname>Stokely</surname>
+	  <contrib>Contributed by </contrib>
+	</author>
+      </authorgroup>
+    </sect1info>
+    <title>File and Print Services for &microsoft.windows; clients (Samba)</title>
+
+    <indexterm><primary>Samba server</primary></indexterm>
+    <indexterm><primary>Microsoft Windows</primary></indexterm>
+    <indexterm>
+      <primary>file server</primary>
+      <secondary>Windows clients</secondary>
+    </indexterm>
+    <indexterm>
+      <primary>print server</primary>
+      <secondary>Windows clients</secondary>
+    </indexterm>
+
+    <sect2>
+      <title>Overview</title>
+
+      <para><application>Samba</application> is a popular open source
+        software package that provides file and print services for
+        &microsoft.windows; clients.  Such clients can connect to and
+        use FreeBSD filespace as if it was a local disk drive, or
+        FreeBSD printers as if they were local printers.</para>
+
+      <para><application>Samba</application> software packages should
+        be included on your FreeBSD installation media.  If you did
+        not install <application>Samba</application> when you first
+        installed FreeBSD, then you can install it from the <filename
+        role="package">net/samba3</filename> port or package.</para>
+
+<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. -->
+
+    </sect2>
+
+    <sect2>
+      <title>Configuration</title>
+
+      <para>A default <application>Samba</application> configuration
+        file is installed as
+        <filename>/usr/local/etc/smb.conf.default</filename>.  This
+        file must be copied to
+        <filename>/usr/local/etc/smb.conf</filename> and customized
+        before <application>Samba</application> can be used.</para>
+
+      <para>The <filename>smb.conf</filename> file contains runtime
+        configuration information for
+        <application>Samba</application>, such as definitions of the
+        printers and <quote>filesystem shares</quote> that you would
+        like to share with Windows clients.  The
+        <application>Samba</application> package includes a web based
+        tool called <application>swat</application> which provides a
+        simple way of configuring the <filename>smb.conf</filename>
+        file.</para>
+
+      <sect3>
+	<title>Using the Samba Web Administration Tool (SWAT)</title>
+
+	<para>The Samba Web Administration Tool (SWAT) runs as a
+	  daemon from <command>inetd</command>.  Therefore, the
+	  following line in <filename>/etc/inetd.conf</filename>
+	  should be uncommented before <command>swat</command> can be
+	  used to configure <application>Samba</application>:
+
+	<programlisting>swat   stream  tcp     nowait/400      root    /usr/local/sbin/swat</programlisting>
+        <para>As explained in <xref linkend="network-inetd-hangup">, a
+          HangUP Signal must be sent to
+          <application>inetd</application> after this configuration
+          file is changed.</para>
+
+	<para>Once <application>swat</application> has been enabled in
+	  <filename>inetd.conf</filename>, you can use a browser to
+	  connect to <hostid>http://localhost:901</hostid>.  You will
+	  first have to log on with the system root account.</para>
+
+<!-- XXX screenshots go here, loader is creating them -->
+
+	<para>Once you have successfully logged on to the main
+	  <application>Samba</application> configuration page, you can
+	  browse the system documentation, or begin by clicking on the
+	  'Globals' tab.  The Globals section corresponds to the
+	  variables that are set in the <literal>[global]</literal>
+	  section of
+	  <filename>/usr/local/etc/smb.conf</filename>.</para>
+      </sect3>
+
+      <sect3>
+	<title>Global Settings</title>
+
+	<para>Whether you are using <application>swat</application> or
+	  editing <filename>/usr/local/etc/smb.conf</filename>
+	  directly, the first directives you are likely to encounter
+	  when configuring <application>Samba</application>
+	  are:</para>
+
+        <variablelist>
+	  <varlistentry>
+	    <term>workgroup</term>
+
+	    <listitem>
+	      <para>NT Domain-Name or Workgroup-Name for the computers
+	        that will be accessing this server.</para>
+	    </listitem>
+	  </varlistentry>
+
+	  <varlistentry>
+	    <term>netbios name</term>
+	    <indexterm><primary>NetBIOS</primary></indexterm>
+
+	    <listitem>
+	      <para>This sets the NetBIOS name by which a Samba server
+		is known. By default it is the same as the first
+		component of the host's DNS name.</para>
+	    </listitem>
+	  </varlistentry>
+
+	  <varlistentry>
+	    <term>server string</term>
+
+	    <listitem>
+	      <para>This sets the string that will be displayed with
+		the <literal>net view</literal> command and some other
+		networking tools that seek to display descriptive text
+		about the server.</para>
+	    </listitem>
+	  </varlistentry>
+        </variablelist>
+      </sect3>
+
+      <sect3>
+	<title>Security Settings</title>
+
+	<para>Two of the most important settings in
+	  <filename>/usr/local/etc/smb.conf</filename> are the
+	  security model chosen, and the backend password format for
+	  client users.  The following directives control these
+	  options:</para>
+
+        <variablelist>
+	  <varlistentry>
+	    <term>security</term>
+
+	    <listitem>
+	      <para>The two most common options here are
+	        <option>security = share</option> and <option>security
+	        = user</option>.  If your clients use usernames that
+	        are the same as their usernames on your &os; machine
+	        then you will want to use user level security.  This
+	        is the default security policy and it requires clients
+	        to first log on before they can access shared
+	        resources.</para>
+
+	      <para>In share level security, client do not need to log
+	        onto the server with a valid username and password
+	        before attempting to connect to a shared resource.
+	        This was the default security model for older versions
+	        of <application>Samba</application>.</para>
+	    </listitem>
+	  </varlistentry>
+
+	  <varlistentry>
+	    <term>passdb backend</term>
+
+	    <indexterm><primary>NIS+</primary></indexterm>
+	    <indexterm><primary>LDAP</primary></indexterm>
+	    <indexterm><primary>SQL database</primary></indexterm>
+
+	    <listitem>
+	      <para><application>Samba</application> has several
+	        different backend authentication models.  You can
+	        authenticate clients with LDAP, NIS+, a SQL database,
+	        or a modified password file.  The default
+	        authentication method is <option>smbpasswd</option>,
+	        and that is all that will be covered here.</para>
+	    </listitem>
+	  </varlistentry>
+	</variablelist>
+
+	<para>Assuming that the default <option>smbpasswd</option>
+	  backend is used, the
+	  <filename>/usr/local/private/smbpasswd</filename> file must
+	  be created to allow <application>Samba</application> to
+	  authenticate clients.  If you would like to give all of
+	  your Unix user accounts access from Windows clients, use the
+	  following command:</para>
+
+	<screen>&prompt.root; cat /etc/passwd | grep -v "^#" | make_smbpasswd > /usr/local/private/smbpasswd
+&prompt.root; chmod 600 /usr/local/private/smbpasswd</screen>
+
+	<para>Please see the <application>Samba</application>
+	  documentation for additional information about configuration
+	  options.  With the basics outlined here, you should have
+	  everything you need to start running
+	  <application>Samba</application>.</para>
+      </sect3>
+
+    </sect2>
+    <sect2>
+      <title>Starting <application>Samba</application></title>
+
+      <para>To enable <application>Samba</application> when your
+        system boots, add the following line to
+        <filename>/etc/rc.conf</filename>:</para>
+
+      <programlisting>samba_enable="YES"</programlisting>
+
+      <para>You can then start <application>Samba</application> at any
+        time by typing:</para>
+
+      <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/samba.sh start</userinput>
+Starting SAMBA: removing stale tdbs :
+Starting nmbd.
+Starting smbd.</screen>
+
+      <para><application>Samba</application> actually consists of
+        three separate daemons.  You should see that both the
+        <command>nmbd</command> and <command>smbd</command> daemons
+        are started by the <filename>samba.sh</filename> script.  If
+        you enabled winbind name resolution services in
+        <filename>smb.conf</filename>, then you will also see that
+        the <command>winbindd</command> daemon is started.</para>
+
+      <para>You can stop <application>Samba</application> at any time
+        by typing :</para>
+
+      <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/samba.sh stop</userinput></screen>
+
+      <para><application>Samba</application> is a complex software
+        suite with functionality that allows broad integration with
+        &microsoft.windows; networks.  For more information about
+        functionality beyond the basic installation described here,
+        please see <ulink url="http://www.samba.org"></ulink>.</para>
+    </sect2>
+
+  </sect1>
+
   <sect1 id="network-ntp">
     <sect1info>
       <authorgroup>