Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Samba PDC
#1

This may be a very useful article to some. I have not tested it fully but intend too.

 

 

 

 

1. The usual warnings: read them

 

DO NOT create users/passwords containing capital letters for use with Samba PDC.

DO NOT INTEGRATE THIS IN AN EXISTING NT/SAMBA network without knowing what you are doing.

Read The Fine Manuals at [/url][url=http://www.samba.org]http://www.samba.org

I don't discus switching the clients for domain logons.

I do not know if the WEBDAV link remain's operational

Tested in network with XP and 98

This can be used as a full featured NT 4 server SP3 PDC (I believe NT is a trademark of Microsoft etc..)

 

This is a good link www.itweek.co.uk/News/1131114 comparing samba and W2k

 

2. Created extra directories

=======================

 

profile

netlogon

 

ls -l

drwxrwxrwx 2 root root 4096 May 15 19:19 netlogon

drwxrwxrwx 3 root root 4096 May 15 19:26 profile

 

3. This is my /etc/samba/smb.conf

===========================

 

It's a modified original smb.conf for CC

HOME becomes the DOMAIN, instead of the WORKGROUP

 

 

[global]

workgroup = HOME

netbios name = Server1

server string = Server1

interfaces = eth1 192.168.1.1/255.255.255.0

bind interfaces only = Yes

encrypt passwords = Yes

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

;

; use of logonscript add a username.bat in Clarkconnectprofile

logon script = profile%U.bat

;

; Uncomment for debug purposes

; log level = 10

log file = /var/log/samba/log.%m

;

;

; This setting is for XP and W2K. Just copy the map C:Documents and Settingsusername

; to username.domain

; all passwords stored perviously in a pwl file will be lost. Need to re-enter them

;

logon path = C:Documents and Settings%U.HOME

domain logons = Yes

;

; This setting make's you win elections from EVERY ms server.

; Be carefull with it!

;

os level = 99

preferred master = True

domain master = True

dns proxy = No

wins support = Yes

;

; execute from a client the DOS command "net time 192.168.1.1 /set /y

; this will synchronise the time from the client with this from the CC box

time server = Yes

;

; Needed share for netlogon scripts (ref Windows 9.x)

;

[netlogon]

path = /home/netlogon

comment = Logon scripts and policies

create mask = 0644

write list = gedeco

directory mask = 0755

[shared]

comment = Shared Folder

path = /home/shared

read only = No

create mask = 0600

directory mask = 0700

[webdav]

comment = Read Only - Internet Shared Folder

path = /home/webdav/files

guest ok = Yes

[website]

comment = Web Site

path = /var/www

read only = No

create mask = 0755

guest ok = Yes

;

; The exclusive home directory for the autheticated user

;

[home]

comment = User Directory

path = /home/%U

read only = No

; could be used to store profiles. could be slow to use!

;

[profile]

path = /home/profile

read only = No

create mask = 0600

directory mask = 0700

[printers]

path = /tmp

guest ok = Yes

printable = Yes

printing = cups

browseable = No

 

After applying the /etc/smb.conf restart the service.

 

service smb restart

 

 

4. Adding the user which can join domains.

===================================

 

Only root can do this in a Samba domain (one of the isue's about samba)

 

So

 

smbpasswd -a root

 

enter the passwords (choose a password other than the "real" root password!!!)

 

 

5. Adding Computers to the domain (Windows NT, Windows 2000,XP)

========================================================

 

root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine nickname" -s /bin/false machine_name$

 

root# passwd -l machine_name$

 

root# smbpasswd -a -m machine_name

 

6. Adding Users

=============

 

root# useradd myuser

root# smbpasswd -a myuser

(add password)

There's a trick to synchronize linux users and windows users, but it would create a lot of unusefull windows users.

For instance gopher, ftp etc...

 

7. Windows XP and 2000 registry changing

===================================

 

This is a MUST!

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters]

"requiresignorseal"=dword:00000000

 

Cause XP uses default encrypted communication.

 

8. copying a existing user profile

===========================

 

This is an example of migrating my profile on my XP desktop. For other MS OS, it might be different.

And I hate to lose my fancy Desktop

 

C:Documents and Settingsuser to C:Documents and Settingsuser.HOME

(HOME is the DOMAIN name used in smb.conf)

 

logoff and logon to the domain

YOU NEED TO RE-ENTER PASSWORDS FOR OUTLOOK, websites ETC...

 

Maybe not the best way, but it was satisfying for my needs.

 

 

9. Windows 9x client

=================

 

No need to add a machine profile (only NT,W2K or XP)

Any proper created user could log on.

 

10. Extra feature

==============

 

You could synchronize time using dos command

net time 192.168.1.1 /set /y

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)