View previous topic :: View next topic |
Author |
Message |
Ateo Advocate
Joined: 02 Jun 2003 Posts: 2021 Location: Republic of California
|
Posted: Fri Dec 24, 2004 9:30 pm Post subject: [HOWTO] :: Implement Samba as your PDC |
|
|
NOTE: This HOWTO has been added to gentoo-wiki.com.
How to implement Samba as your PDC (Primary Domain Controller) for your domain
23 December 2004
Version 1.0
Disclaimer: This HOWTO has no guarantee. Use at your own risk. Back up any relevant data before proceding. If you break your system, it's up to you to fix it. Don't blame me (or the Gentoo forums) as I/we bear no responsibility if you are inept with simple procedures. Please read through this HOWTO prior to any attempt at installing your Samba PDC.
Resources:
O'Reilly - Using Samba -- This is a slightly outdated book but it's help is priceless.
samba.org -- Excellent resource for parameter definitions. Not a good resource to learn samba with.
Gentoo Forums Thread #1
Gentoo Forums Thread #2
Synopsis
This HOWTO was created because all of the resources that I encountered were either outdated or simply incorrect. This is my step by step outline that I used to successfully implement a Samba server as my PDC on my local network. This should work for anyone that attempts this implementation.
This HOWTO describes how to implement samba as your PDC so that a) users on your domain authenticate against a central domain controller and b) selected network drives are mapped on login. In addition, this will also explain how to implement a roaming profile. This HOWTO is practical only for domains which employ Windows 2000 professional workstations. I have not attempted nor tested against any other version of Windows. However, I know it can be done, just do some research.
What this HOWTO will do- Allow Windows 2000 clients to authenticate via your samba server
- Provide mapped drives (based on logon scripts)
- Execute a logon script
- Enable use of roaming profiles
Roaming profiles defined: Windows 2000 supports roaming user profiles, which allow certificates to follow users no matter which computer they use to log on. When roaming profiles are enabled, user profiles, including issued certificates and private keys, are stored on the domain controller. The roaming profiles are downloaded to the computer during the logon process for the user.
What this HOWTO will not do- Allow Windows 9x/XP clients to authenticate via your samba server
- Configure your Samba server for print sharing
To my knowledge, Win9x and Xp need different configuration (including registry hacks) thus this HOWTO does not detail configuration for said clients. Plus, who really uses 9x anymore? If you do, upgrade. However, I have been informed this HOWTO also works for 9x/XP workstations but I can't confirm that since neither of those versions of Windows exist on this network/domain.
If you wish to implement print sharing, follow this HOWTO and add only relevant printer information. Don't forget to add cups support when compiling samba.
Step by Step- Configure USE variable in /etc/make.conf
- Install Samba (version 3.0.9 (portage version 3.0.9-r1) as of this writing)
- Configure Samba
- Configure Win2k workstations
- More Samba configuration
- Final steps
USE Flag configuration
These are the flags I've configured on my machine. Make sure that you enable pam (or kerberos/ldap depending on what auth method you wish to employ) and python, the rest are optional, depending on your needs. Enable cups for samba printer sharing. Code: | -acl -cups -debug -doc -kerberos -ldap* -libclamav -mysql -oav +pam -postgres +python -quotas +readline (-selinux) +winbind +xml +xml2 |
For those not using portage, this is the equivilent to compile time options.
Install Samba
Probably the easiest step. It is good practice to always do a pretend/verbose before installing any package. This way you know what is going to be installed (focusing on dependancies, if any). Kick back for a while as it takes about 15-30 minutes to install Samba, depending on hardware/optimizations. It'll take longer if any dependancies need to be installed.
Code: | emerge sync
emerge samba -pv
emerge samba |
Configure Samba
Now we venture into configuring samba. For some, this is easy, for others, it's a pain in the arse as it was for me but at least I learned.
The first file we need to edit is /etc/samba/smb.conf. So fire that up with your favorite text editor. The first section we will configure is the [global] services section, followed by [netlogon], [profiles], [homes] and other services sections. Please note that parameter values reflect my network. You'll need to change some values to meet your criteria.
The [global] service section
netbios name sets the NetBIOS name by which a Samba server is known. This is what you'll see in network neighborhood. workgroup controls what workgroup your server will appear to be in when queried by clients. server string controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view. Code: | netbios name = shadow (choose your own name)
workgroup = YOUR_DOMAIN
server string = PDC [on Gentoo :: Samba server %v] |
hosts allow is a comma, space, or tab delimited set of hosts which are permitted to access a service. security affects how clients respond to Samba and is one of the most important settings in the smb.conf file. encrypt passwords controls whether encrypted passwords will be negotiated with the client. socket options allows you to set socket options to be used when talking with the client. It is for performance fine tuning. If you find more/better options, I'd love to know of them. interfaces allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NBT traffic. bind interfaces allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
Code: | hosts allow = 192.168.4.0/24 127.0.0.0/8
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes |
To make your Samba server the PDC, the following 4 parameters are required. Setting your OS level to 65 ensures your server WILL BE the PDC in a network where there are other DC. local master allows nmbd to try and become a local master browser on a subnet. os level controls what level Samba advertises itself as for browse elections. domain master enables WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given workgroup. preferred master controls if nmbd is a preferred master browser for its workgroup. Code: | local master = yes
os level = 65
domain master = yes
preferred master = yes |
null passwords allows or disallows client access to accounts that have null passwords. hide unreadable prevents clients from seeing the existance of files that cannot be read. hide dot files controls whether files starting with a dot appear as hidden files.
Code: | null passwords = no
hide unreadable = yes
hide dot files = yes |
domain logons dictates whether the Samba server will serve Windows Domain logons for the workgroup it is in. logon script specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. logon path specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are stored. logon drive specifies the local path to which the home directory will be connected and is only used by NT Workstations. logon home specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. Please note that variables %L and %U must be used. They defined the server name and username (respectively). You may specify any drive letter as log as it does not conflict with other drives on your Win2k client.
For logon script, I personally use a static file name. Using %U will require a batch file for each user as %U == the username establishing the connection. Code: |
domain logons = yes
logon script = login.bat OR %U.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\.9xprofile |
wins support controls if the nmbd process in Samba will act as a WINS server. name resolve order s used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses. dns proxy Specifies that nmbd when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server for that name on behalf of the name-querying client. Code: |
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no |
time server determines if nmbd advertises itself as a time server to Windows clients. log file option allows you to override the name of the Samba log file (also known as the debug file). max log size specifies the max size the log file should grow to. smb passwd file sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba. Code: | time server = yes
log file = /var/log/samba3/log.%m
max log size = 50
# location to samba password file
smb passwd file = /etc/samba/private/smbpasswd |
The following are parameters to assist you in adding/deleting users/machines from a client. Please refer to the O'Reilly book listed in sources at the beginning of this HOWTO. Code: |
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
passwd program = /usr/bin/passwd %u
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*" |
unix charset specifies the charset the unix machine Samba runs on uses. Samba needs to know this in order to be able to convert text to the charsets other SMB clients use. Code: | unix charset = ISO8859-1 |
The [SHARE_NAME] services section
This section defines your shares. If you include a parameter within any one of these sections that is defined in the global section it will override the parameter in the global section. I'm not going to get into detail about each and every parameter here. The samba link provided above is a great resource for defining parameters. Use it!
netlogon is the service section of where your Default Profile (for new users) and your login script reside. Make sure the directory is owned and group owned by root and permissions are 755 (chmod -R 0755). Code: | [netlogon]
path = /var/lib/samba/netlogon
public = no
writeable = no
browseable = no |
profiles is the service section for user roaming profiles. Make sure the directory proper is owned and group owned by root. Make sure its permission is 755 (chmod -R 0755). Inside this directory is where you user profiles are located. Make sure the user profile directories themselves are owned by the user and group owned by users. Make sure user directories permission are 770 (chmod -R 0770). Code: | [profiles]
path = /var/lib/samba/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @smbusers @root
create mode = 0600
directory mode = 0700 |
homes defines the users home directory. Nothing special needs to be done to this directive or directory. Code: | [homes]
path = /home/%U
browseable = no
valid users = %S
writable = yes
guest ok = no
inherit permissions = yes |
public is an example of one of my shares. You can define as many as you want. You can name them whatever you want. Code: | [public]
comment = Public Stuff
path = /public
public = yes
writeable = no
browseable = yes
write list = @users
|
Adding users to Samba
The drawback to using samba is that users have to be added twice. Once to your /etc/passwd and once to /etc/samba/private/smbpasswd. I'm going to assume you already have a regular daily user so I'm going to skip the "adduser" unix command. Obviously, and hopefully, root exists on your system. =)
Both of the following commands will prompt you for a password. My suggestion is keep your [Samba] root password that same as your [Unix] system root password. Applying the same to your user password. Keep things simple. Code: | smbpasswd -a your_user
smbpasswd -a root |
Configuring Windows 2000 clients
This is another simple step. Log into your Windows 2000 client locally as Administrator and add your client machine to your domain. This is achieved by right clicking My Computer => Properties => Network Identification => Properties button. You will be prompted for a username/password of an authorised domain user. You'll need to use your root account (the reason root was added to smbpasswd).
After changing your domain, you'll need to reboot (no surprise there). When it reboots, you'll have the fancy login screen with the nice little graphic instructing you to do a "ctrl-alt-del" to get to the actual login screen. If you only see fields for you username and password, click on the "Options" button and a domain dropdown will appear. Your choices should be "computer name\local" AND your new domain.
In order to employ roaming profiles, you need to establish a "Default Profile" on Samba. This requires you to copy the content of C:\Documents and Settings\Default Profile to your samba server. You will need to copy it into the directory specified in your [netlogon] service. This way your users will have a default profile to log into (assuming the usage of roaming profiles).
I suggest making sure the latest service pack is installed.
After adding the client to the domain and rebooting, lets leave this screen as is. We'll come back to it later.
More Samba Configuration
We're almost there.
This step maps your Windows groups to your Unix groups. This is an important step if you want admin rights on your Windows clients once you have logged onto the client authorizing against the PDC.
First, view the list of Windows groups. This way you know what you're mapping. Code: | root@shadow profiles # net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-3885047494-3765334852-1543503842-514) -> nobody
Domain Admins (S-1-5-21-3885047494-3765334852-1543503842-512) -> ntadmins
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> 1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3885047494-3765334852-1543503842-513) -> users
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1 |
As you can see, I've only mapped 3 groups as this is all that I require on my domain. Additionally, I created a Unix group called "ntadmins". Code: | root@shadow profiles # groupadd ntadmins |
After you create your required Unix groups, you need to map them to your Windows groups replacing the ntgroup value with a Windows group listed above and unixgroup is the Unix group you wish to map the Windows group to (remember, the Unix group must already exist). Code: | root@shadow profiles # net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins |
You'll need to perform this command for each Unix group you wish to map. You can now use your new groups for specific group parameters in either your global or service scopes (please review the O'Reilly book).
Final steps
Now that we are done with configuring Samba, let's start it and add it to your default run levels (or whatever run level you choose) Code: | root@shadow profiles # /etc/init.d/samba start
root@shadow profiles # rc-update add samba default |
At this point, you should be able to log into your domain using your username and password (not root). If you wish to use a roaming profile, you'll need to tell the client. This is done by right clicking My Computer => Properties => User Profiles. Select your user and "Change type".
Fin! Have a Godless day!
Addition notes
There are a few things I'm unsure of.- Can Samba be configured to automatically enforce roaming profiles or does this have to be done per client?
- Even with the add user script parameter, how are users added from a Windows client?
Example login.bat script Code: | echo Setting Current Time...
net time \\shadow /set /yes
echo Mapping Network Drives to Domain network server...
net use H: /HOME
net use X: \\shadow\public
net use Y: \\shadow\audio
net use Z: \\shadow\video |
When mapping your home drive, please make sure the letter you specify in logon drive in your global service is the same as net use XXX: /HOME command (where XXX = drive letter). Also, please remember, this is the script I use. Change it to suite your needs.
Known Issues
It's been confirmed that wallpapers don't follow with roaming profiles. The wallpaper does load if already cached on the local computer. I'm not sure where the problem exists.
Change log
1.4 - Found some typos, fixed.
1.3 - Moved HOWTO to gentoo-wiki.com. This thread will no longer be updated.
1.2 - Updated note on USE flags
1.1 - Added known issues
1.0 - HOWTO created
Last edited by Ateo on Mon Apr 18, 2005 10:16 pm; edited 11 times in total |
|
Back to top |
|
|
asiobob Veteran
Joined: 29 Oct 2003 Posts: 1375 Location: Bamboo Creek
|
Posted: Thu Dec 30, 2004 10:46 am Post subject: |
|
|
Ive gotten it work with XP.
I found this post after I had hacked up a config file. I've shown it here, its very rough...and not in production use.
Whilst I have specified a logon script, I do not have one, however my home directory is mounted as Z:
Code: |
[global]
workgroup = stmcprod
netbios name = FRODO
passdb backend = tdbsam
printcap name = cups
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false \
-d /dev/null %u
# Note: The following specifies the default logon script.
# Per user logon scripts can be specified in the user account using pdbedit
logon script = scripts\logon.bat
# This sets the default profile path. Set per user paths with pdbedit
logon path = \\%L\Profiles\%U
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
encrypt passwords = yes
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, sura
guest ok = Yes
browseable = No
# For profiles to work, create a user directory under the path
# shown. i.e., mkdir -p /var/lib/samba/profiles/maryo
[Profiles]
comment = Roaming Profile Share
path = /mnt/spd/ntprofiles
read only = No
profile acls = Yes
|
|
|
Back to top |
|
|
kupo n00b
Joined: 04 Dec 2004 Posts: 54
|
Posted: Thu Dec 30, 2004 10:34 pm Post subject: |
|
|
this has an easy fix
just add:
in [global] |
|
Back to top |
|
|
asiobob Veteran
Joined: 29 Oct 2003 Posts: 1375 Location: Bamboo Creek
|
Posted: Fri Dec 31, 2004 2:55 am Post subject: |
|
|
yeh I know that, I meant that its defined in the smb.conf not when hte script is run.
I'm working on a a few suggestions which I'll pass onto the author next year |
|
Back to top |
|
|
GentooBox Veteran
Joined: 22 Jun 2003 Posts: 1168 Location: Denmark
|
Posted: Sat Jan 01, 2005 9:51 pm Post subject: |
|
|
Nice howto - I really needed this
ASIO_BOB wrote: | yeh I know that, I meant that its defined in the smb.conf not when hte script is run.
I'm working on a a few suggestions which I'll pass onto the author next year |
Dont hold it back ! come with it, i want it ! _________________ Encrypt, lock up everything and duct tape the rest |
|
Back to top |
|
|
Crimson Rider Guru
Joined: 23 Jun 2003 Posts: 462 Location: Delft, the Netherlands
|
Posted: Sun Jan 02, 2005 11:49 am Post subject: |
|
|
I've been working with Samba PDC's for quite a while now, nice howto !
Does anyone know how to implement this with a LDAP backend ? _________________ Code, justify, code - Pitr Dubovich |
|
Back to top |
|
|
blackwhite Apprentice
Joined: 24 Jun 2004 Posts: 250
|
Posted: Wed Jan 05, 2005 6:59 pm Post subject: |
|
|
It is very helping.
How can I apply System Policies on XP clients? It is necessary for public computer lab.
I use Poledit to setup System Policies, but it is just for NT style System Policies, does not fully support all XP System Policies. |
|
Back to top |
|
|
blackwhite Apprentice
Joined: 24 Jun 2004 Posts: 250
|
Posted: Wed Jan 05, 2005 7:01 pm Post subject: |
|
|
Crimson Rider wrote: | I've been working with Samba PDC's for quite a while now, nice howto !
Does anyone know how to implement this with a LDAP backend ? |
You can read this
http://hostopia.samba.org/samba/docs/man/Samba-Guide/ |
|
Back to top |
|
|
asiobob Veteran
Joined: 29 Oct 2003 Posts: 1375 Location: Bamboo Creek
|
|
Back to top |
|
|
whitetux n00b
Joined: 17 Mar 2004 Posts: 20
|
Posted: Mon Jan 24, 2005 5:14 pm Post subject: |
|
|
nice work, a very informative and consolidated how to! |
|
Back to top |
|
|
daff Apprentice
Joined: 02 Jul 2003 Posts: 232 Location: Vienna, Austria
|
Posted: Tue Jan 25, 2005 12:36 am Post subject: |
|
|
Very good HOWTO! Clear and to the point. If only you'd have posted it a few months earlier when I overhauled and reimplemented the domain servers in our company _________________ Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom. |
|
Back to top |
|
|
asiobob Veteran
Joined: 29 Oct 2003 Posts: 1375 Location: Bamboo Creek
|
Posted: Sun Jan 30, 2005 7:48 am Post subject: |
|
|
wallpapers do follow if they are bmp.
If they are jpg for an example what happens is windows converts it to a bmp. Its that bmp that windows then display. Unfortauntely when windows converts the bmp it doesn't save it to the roaming profile hence hte problem.
So as a user if you convert the image to a bmp yourself or set a bmp in the first place then yeh it will work nicely |
|
Back to top |
|
|
GentooBox Veteran
Joined: 22 Jun 2003 Posts: 1168 Location: Denmark
|
Posted: Tue Feb 01, 2005 10:59 am Post subject: |
|
|
1: smbpasswd -la dont work, but smbpasswd -a does
2: I can confirm that if you follow the guide 100% then it also works with Windows XP _________________ Encrypt, lock up everything and duct tape the rest |
|
Back to top |
|
|
Ateo Advocate
Joined: 02 Jun 2003 Posts: 2021 Location: Republic of California
|
Posted: Fri Feb 04, 2005 8:05 pm Post subject: |
|
|
GentooBox wrote: | 1: smbpasswd -la dont work, but smbpasswd -a does
2: I can confirm that if you follow the guide 100% then it also works with Windows XP |
smbpasswd -la root is what I used to add root to samba. This did not work for you? smbpasswd -a <regular_user> is what you use to add regular users.... |
|
Back to top |
|
|
lokelo Tux's lil' helper
Joined: 16 Dec 2002 Posts: 101 Location: Maryland, USA
|
Posted: Tue Mar 15, 2005 1:16 am Post subject: |
|
|
Ateo wrote: | GentooBox wrote: | 1: smbpasswd -la dont work, but smbpasswd -a does
2: I can confirm that if you follow the guide 100% then it also works with Windows XP |
smbpasswd -la root is what I used to add root to samba. This did not work for you? smbpasswd -a <regular_user> is what you use to add regular users.... |
I just tried to use the without success. Should it perhaps be a capital L instead of lowercase? Otherwise great howto. |
|
Back to top |
|
|
batal n00b
Joined: 01 Mar 2005 Posts: 5
|
Posted: Sun Apr 03, 2005 12:07 pm Post subject: |
|
|
same here. -la dose not work. i used -a only instead. what should the parameter ´l´ do? |
|
Back to top |
|
|
Ateo Advocate
Joined: 02 Jun 2003 Posts: 2021 Location: Republic of California
|
Posted: Mon Apr 04, 2005 7:46 pm Post subject: |
|
|
Hmm.
Both of you are correct. I could almost swear I did smbpasswd -la <user> but after going over the smbpasswd man page, there is no -l option.. So, I've corrected the howto.
Thanks for the input. |
|
Back to top |
|
|
Avathar n00b
Joined: 25 Aug 2005 Posts: 2 Location: Sweden, Stockholm
|
Posted: Thu Aug 25, 2005 3:44 pm Post subject: |
|
|
As im slightly new to Samba and its use in authentication in a network i will pop the first question of a pherhaps newbie character.
I have followed this HOWTO to the letter, samba itself is running fine and everything is setup on that end, this was from a very slim gentoo install, but now when ive come to the point where i want to add windows clients to the server ive gotten stuck and cant do just that, i pressume that in the network identification part you choose domain and not workgroup and done just that but get the following error.
Quote: | The following error occured validating the name "nordic".
This condition may be caused by a DNS lookup problem.
For information about troubleshooting common DNS lookup problems, please see the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkId=5171
The Specified domain either does not ecist or could not be contacted. |
My final question is then, does this HOWTO pressume you have BIND+DHCPD running on the server? If so should i configure that in any special way or is it just that i have missed something not so obvius in this HOWTO?
Its a windows 2000 server machine im trying to get into the SAMBA for authentication.
Thankful for any replies to this post.
edit: i know this is a kind of idiot post but still, ive attempted this a few times now and end up on the me being kicked in the nuts by this solution a few times allready. |
|
Back to top |
|
|
Pubare Tux's lil' helper
Joined: 24 Nov 2003 Posts: 81 Location: Lafayette, LA
|
Posted: Sun Aug 28, 2005 1:58 pm Post subject: |
|
|
Could be wrong on some of this, but I don't think you have to have BIND or DHCP running. Since it's a Win2k _server_ machine, make sure that it is NOT set to be a Domain Controller and make sure the functional level is mixed - otherwise it may try to be the ADS DC and not play nice with Samba. If you don't have a DNS server running at all, you would at the least need it pointed to the Samba PDC for WINS with Netbios over TCP enabled - that should suffice for the name lookup (I think). It should be able to at the least communicate with the Samba PDC in "workgroup" mode. If not, make sure that Secure Channel and Digital Signing is not set to "always" in the Win2k security policy. If it still won't talk to the Samba box as a workgroup / stand-alone member, not sure what to tell you.... If it will talk to the Samba box in workgroup mode, but can't join as a domain member, well, still not sure what to tell you...
Probably not much help, but at least a reminder of the basics. |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1217 Location: Motown
|
Posted: Sun Oct 16, 2005 11:53 pm Post subject: Re: [HOWTO] :: Implement Samba as your PDC |
|
|
Ateo wrote: | Code: |
name resolve order = wins lmhosts hosts bcast
|
|
Typo: the value is "host" not "hosts". Should read:
Code: | name resolve order = wins lmhosts host bcast |
Of course if you're not using an lmhosts file you should leave that value out. Also a different order may be more proper:
Code: | name resolve order = host wins bcast | may work better in some cases.
Chris _________________ WYSIWYG - What You See Is What You Grep |
|
Back to top |
|
|
RedJane n00b
Joined: 06 Aug 2006 Posts: 12
|
Posted: Wed Sep 20, 2006 1:05 am Post subject: |
|
|
Ateo wrote: | In order to employ roaming profiles, you need to establish a "Default Profile" on Samba. This requires you to copy the content of C:\Documents and Settings\Default Profile to your samba server. You will need to copy it into the directory specified in your [netlogon] service. This way your users will have a default profile to log into |
THX for the howto... GREAT...,
but I still have a small problem:
I need to copy the content of "C:\Documents and Settings\Default Profile", you mean "C:\Documents and Settings\Default User"?
If so,where exactly do I have to copy the conent of this map "C:\Documents and Settings\Default User" to? /var/lib/samba/profiles/username?
Cause I always get a warning profile not found.
thx |
|
Back to top |
|
|
Ejunkie n00b
Joined: 07 Jan 2005 Posts: 58 Location: 127.0.0.1
|
Posted: Wed Sep 20, 2006 9:37 am Post subject: |
|
|
http://www.gentoo.org/doc/en/ldap-howto.xml
[url]http://gentoo-wiki.com/HOWTO_SAMBA-LDAP_Domain_Controller_(with_Real_Time_antivirus)#Introduction_to_this_HOWTO[/url]
and you have to set the "bind_policy" to "soft" else it won't work
RedJane wrote: | Ateo wrote: | In order to employ roaming profiles, you need to establish a "Default Profile" on Samba. This requires you to copy the content of C:\Documents and Settings\Default Profile to your samba server. You will need to copy it into the directory specified in your [netlogon] service. This way your users will have a default profile to log into |
THX for the howto... GREAT...,
but I still have a small problem:
I need to copy the content of "C:\Documents and Settings\Default Profile", you mean "C:\Documents and Settings\Default User"?
If so,where exactly do I have to copy the conent of this map "C:\Documents and Settings\Default User" to? /var/lib/samba/profiles/username?
Cause I always get a warning profile not found.
thx |
you have to copy "C:\Documents and Settings\Default User" to the netlogon folder on the pdc. and then it shoud work.
nice work what i dont get is why you dont use the acl flag.
Last edited by Ejunkie on Fri Nov 03, 2006 4:12 pm; edited 1 time in total |
|
Back to top |
|
|
mudrii l33t
Joined: 26 Jun 2003 Posts: 789 Location: Singapore
|
Posted: Thu Sep 21, 2006 3:10 am Post subject: |
|
|
Grate How-to just start thinking seriously to move PD do Linux _________________ www.gentoo.ro |
|
Back to top |
|
|
JROCK2004 Guru
Joined: 02 Mar 2004 Posts: 450 Location: PA
|
Posted: Fri Nov 03, 2006 3:10 pm Post subject: |
|
|
Ejunkie wrote: |
http://www.gentoo.org/doc/en/ldap-howto.xml
[url]http://gentoo-wiki.com/HOWTO_SAMBA-LDAP_Domain_Controller_(with_Real_Time_antivirus)#Introduction_to_this_HOWTO[/url]
and you have to set the "bind_policy" to "soft" als it wont work
RedJane wrote: | Ateo wrote: | In order to employ roaming profiles, you need to establish a "Default Profile" on Samba. This requires you to copy the content of C:\Documents and Settings\Default Profile to your samba server. You will need to copy it into the directory specified in your [netlogon] service. This way your users will have a default profile to log into |
THX for the howto... GREAT...,
but I still have a small problem:
I need to copy the content of "C:\Documents and Settings\Default Profile", you mean "C:\Documents and Settings\Default User"?
If so,where exactly do I have to copy the conent of this map "C:\Documents and Settings\Default User" to? /var/lib/samba/profiles/username?
Cause I always get a warning profile not found.
thx |
you have to copy "C:\Documents and Settings\Default User" to the netlogon folder on the pdc. and then it shoud work.
nice work what i dont get is why you dont use the acl flag. |
Do you have to create a dir in netlogin for the username? |
|
Back to top |
|
|
Ejunkie n00b
Joined: 07 Jan 2005 Posts: 58 Location: 127.0.0.1
|
Posted: Fri Nov 03, 2006 4:17 pm Post subject: |
|
|
JROCK2004 wrote: | Ejunkie wrote: |
http://www.gentoo.org/doc/en/ldap-howto.xml
[url]http://gentoo-wiki.com/HOWTO_SAMBA-LDAP_Domain_Controller_(with_Real_Time_antivirus)#Introduction_to_this_HOWTO[/url]
and you have to set the "bind_policy" to "soft" als it wont work
RedJane wrote: | Ateo wrote: | In order to employ roaming profiles, you need to establish a "Default Profile" on Samba. This requires you to copy the content of C:\Documents and Settings\Default Profile to your samba server. You will need to copy it into the directory specified in your [netlogon] service. This way your users will have a default profile to log into |
THX for the howto... GREAT...,
but I still have a small problem:
I need to copy the content of "C:\Documents and Settings\Default Profile", you mean "C:\Documents and Settings\Default User"?
If so,where exactly do I have to copy the conent of this map "C:\Documents and Settings\Default User" to? /var/lib/samba/profiles/username?
Cause I always get a warning profile not found.
thx |
you have to copy "C:\Documents and Settings\Default User" to the netlogon folder on the pdc. and then it shoud work.
nice work what i dont get is why you dont use the acl flag. |
Do you have to create a dir in netlogin for the username? |
there shoud be a dir called netlogon this dir must be shared as netlogon, this dir is for logon scripts and the default user, the default user is the default profile that is given to new users. |
|
Back to top |
|
|
|