2003-12-15, 01:42 PM
This may be a very useful article to some. I have not tested it fully but intend too.
1. The usual warnings: read them
DO NOT create users/passwords containing capital letters for use with Samba PDC.
DO NOT INTEGRATE THIS IN AN EXISTING NT/SAMBA network without knowing what you are doing.
Read The Fine Manuals at [/url][url=http://www.samba.org]http://www.samba.org
I don't discus switching the clients for domain logons.
I do not know if the WEBDAV link remain's operational
Tested in network with XP and 98
This can be used as a full featured NT 4 server SP3 PDC (I believe NT is a trademark of Microsoft etc..)
This is a good link www.itweek.co.uk/News/1131114 comparing samba and W2k
2. Created extra directories
=======================
profile
netlogon
ls -l
drwxrwxrwx 2 root root 4096 May 15 19:19 netlogon
drwxrwxrwx 3 root root 4096 May 15 19:26 profile
3. This is my /etc/samba/smb.conf
===========================
It's a modified original smb.conf for CC
HOME becomes the DOMAIN, instead of the WORKGROUP
[global]
workgroup = HOME
netbios name = Server1
server string = Server1
interfaces = eth1 192.168.1.1/255.255.255.0
bind interfaces only = Yes
encrypt passwords = Yes
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
;
; use of logonscript add a username.bat in Clarkconnectprofile
logon script = profile%U.bat
;
; Uncomment for debug purposes
; log level = 10
log file = /var/log/samba/log.%m
;
;
; This setting is for XP and W2K. Just copy the map C:Documents and Settingsusername
; to username.domain
; all passwords stored perviously in a pwl file will be lost. Need to re-enter them
;
logon path = C:Documents and Settings%U.HOME
domain logons = Yes
;
; This setting make's you win elections from EVERY ms server.
; Be carefull with it!
;
os level = 99
preferred master = True
domain master = True
dns proxy = No
wins support = Yes
;
; execute from a client the DOS command "net time 192.168.1.1 /set /y
; this will synchronise the time from the client with this from the CC box
time server = Yes
;
; Needed share for netlogon scripts (ref Windows 9.x)
;
[netlogon]
path = /home/netlogon
comment = Logon scripts and policies
create mask = 0644
write list = gedeco
directory mask = 0755
[shared]
comment = Shared Folder
path = /home/shared
read only = No
create mask = 0600
directory mask = 0700
[webdav]
comment = Read Only - Internet Shared Folder
path = /home/webdav/files
guest ok = Yes
[website]
comment = Web Site
path = /var/www
read only = No
create mask = 0755
guest ok = Yes
;
; The exclusive home directory for the autheticated user
;
[home]
comment = User Directory
path = /home/%U
read only = No
; could be used to store profiles. could be slow to use!
;
[profile]
path = /home/profile
read only = No
create mask = 0600
directory mask = 0700
[printers]
path = /tmp
guest ok = Yes
printable = Yes
printing = cups
browseable = No
After applying the /etc/smb.conf restart the service.
service smb restart
4. Adding the user which can join domains.
===================================
Only root can do this in a Samba domain (one of the isue's about samba)
So
smbpasswd -a root
enter the passwords (choose a password other than the "real" root password!!!)
5. Adding Computers to the domain (Windows NT, Windows 2000,XP)
========================================================
root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine nickname" -s /bin/false machine_name$
root# passwd -l machine_name$
root# smbpasswd -a -m machine_name
6. Adding Users
=============
root# useradd myuser
root# smbpasswd -a myuser
(add password)
There's a trick to synchronize linux users and windows users, but it would create a lot of unusefull windows users.
For instance gopher, ftp etc...
7. Windows XP and 2000 registry changing
===================================
This is a MUST!
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters]
"requiresignorseal"=dword:00000000
Cause XP uses default encrypted communication.
8. copying a existing user profile
===========================
This is an example of migrating my profile on my XP desktop. For other MS OS, it might be different.
And I hate to lose my fancy Desktop
C:Documents and Settingsuser to C:Documents and Settingsuser.HOME
(HOME is the DOMAIN name used in smb.conf)
logoff and logon to the domain
YOU NEED TO RE-ENTER PASSWORDS FOR OUTLOOK, websites ETC...
Maybe not the best way, but it was satisfying for my needs.
9. Windows 9x client
=================
No need to add a machine profile (only NT,W2K or XP)
Any proper created user could log on.
10. Extra feature
==============
You could synchronize time using dos command
net time 192.168.1.1 /set /y