[linux] Samba PDC, wat heb ik nou precies nodig? - Linux en overige clients

vrijdag 29 augustus 2003 14:11

Acties:

Topicstarter

Ik ben al enige tijd bezig om een workstation, die nu als fileserver dient, over te zetten naar een samba server op linux. Daarbij wil ik hem meteen als Primary Domain Controller inzetten.

De huidige situatie is dat er 10 workstations zijn, genaamd alembic1 t/m alembic10. Op elke computer staan dezelfde users met een eigen lokaal profiel.

Wat ik nu wil is dat er op de linux servers dezelfde users komen als op alle workstations nu, zodat de users en passwords op 1 plek bewaard worden.

Wat ik me nu afvraag: Welke users moet ik nu allemaal aanmaken. Heb ik unix users nodig? En moet ik die daarna ook nog met smbpasswd aanmaken?

Oftewel, kan iemand mij uitleggen hoe het precies zit met die users.

Daarnaast vraag ik me ook af hoe ik nu moet inloggen op het domein, want het lijkt er op dat hij wil inloggen met de computernaam (dus alembic6 ofzo) in plaats van de usernaam.

Ik krijg nu de error: " The account used is a computer account. User your global user account or local user account to access this server"

mijn smb.conf is als volgt:

code:

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]
    name resolve order = wins lmhosts bcast
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n
    browse list = yes
    time server = Yes
    hosts allow = 192.168.0.    
    passwd program = /usr/bin/passwd %u
    dns proxy = No
    netbios name = alemserv
    writable = no
    logon script = scripts\%U.bat
    lock dir = /var/lock/samba
    default = global
    remote announce = 192.168.0.255
    local master = yes
    workgroup = Alembic 
    os level = 65
    auto services = printers homes
    printcap name = /etc/printcap
    security = user 
    domain admin group = administrator @adm
    max log size = 1000
    log file = /var/log/samba/log.%m
    smb passwd file = /etc/samba/smbpasswd
    load printers = yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    logon drive = h:
    guest ok = no
    create mask = 0740
    interfaces = eth1 127.0.0.1
    domain master = yes
    username map = /etc/samba/smbusers
    encrypt passwords = yes
    browsable = yes
    wins proxy = yes
    wins support = no
    server string = Alembic FileServer
    unix password sync = yes
    add user script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %m$
    directory mask = 0750
    syslog = 0
    preferred master = yes 
    bind interfaces only = Yes
    domain logons = Yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

[root]
    printable = no
    writeable = yes
    path = /share
    revalidate = yes
    create mask = 0777
    comment = Alle shares
    valid users = administrator
    directory mode = 0777

[... veel shares die er allemaal ongeveerd uitzien zoals root, maar dan een subdir van /share sharen...]

[Profiles]
    comment = Roaming profiles directory 
    path = /share/Profiles 
    read only = No 
    create mask = 0600 
    directory mask = 0700

vrijdag 29 augustus 2003 14:18

Acties:

Oceria

I've been in between....

A small butcher style write up.
Tested on CC 1.0beta, should work on CC 0.91 (same version of samba)

1. The usual warnings: read them

DO NOT create users/passwords containing capital letters for use with Samba PDC.
DO NOT INTEGRATE THIS IN AN EXISTING NT/SAMBA network without knowing what you are doing.
Read The Fine Manuals at http://www.samba.org
I don't discus switching the clients for domain logons.
I do not know if the WEBDAV link remain's operational (not available in CC 1.0beta)
Tested in network with XP and 98
This can be used as a full featured NT 4 server SP3 PDC (I believe NT is a trademark of Microsoft etc..)

This is a good link www.itweek.co.uk/News/1131114 comparing samba and W2k

2. Created extra directories
=======================

profile
netlogon

ls -l
drwxrwxrwx 2 root root 4096 May 15 19:19 netlogon
drwxrwxrwx 3 root root 4096 May 15 19:26 profile

3. This is my /etc/samba/smb.conf
===========================

It's a modified original smb.conf for CC
HOME becomes the DOMAIN, instead of the WORKGROUP

[global]
workgroup = HOME
netbios name = CLARKCONNECT
server string = ClarkConnect Box
interfaces = eth1 192.168.1.1/255.255.255.0
bind interfaces only = Yes
encrypt passwords = Yes
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
;
; use of logonscript add a username.bat in Clarkconnectprofile
logon script = Clarkconnectprofile%U.bat
;
; Uncomment for debug purposes
; log level = 10
log file = /var/log/samba/log.%m
;
;
; This setting is for XP and W2K. Just copy the map C:Documents and Settingsusername
; to username.domain
; all passwords stored perviously in a pwl file will be lost. Need to reenter them
;
logon path = C:Documents and Settings%U.HOME
domain logons = Yes
;
; This setting make's you win elections from EVERY ms server.
; Be carefull with it!
;
os level = 99
preferred master = True
domain master = True
dns proxy = No
wins support = Yes
;
; execute from a client the DOS command "net time 192.168.1.1 /set /y
; this will synchronise the time from the client with this from the CC box
time server = Yes
;
; Needed share for netlogon scripts (ref Windows 9.x)
;
[netlogon]
path = /home/netlogon
comment = Logon scripts and policies
create mask = 0644
write list = gedeco
directory mask = 0755
[shared]
comment = Shared Folder
path = /home/shared
read only = No
create mask = 0600
directory mask = 0700
[webdav]
comment = Read Only - Internet Shared Folder
path = /home/webdav/files
guest ok = Yes
[website]
comment = Web Site
path = /var/www
read only = No
create mask = 0755
guest ok = Yes
;
; The exclusive home directory for the autheticated user
;
[home]
comment = User Directory
path = /home/%U
read only = No
; could be used to store profiles. could be slow to use!
;
[profile]
path = /home/profile
read only = No
create mask = 0600
directory mask = 0700
[printers]
path = /tmp
guest ok = Yes
printable = Yes
printing = cups
browseable = No

After applying the /etc/smb.conf restart the service.

service smb restart

4. Adding the user which can join domains.
===================================

Only root can do this in a Samba domain (one of the isue's about samba)

So

smbpasswd -a root

enter the passwords (choose for another password then the real root !!!)

5. Adding Computers to the domain (Windows NT, Windows 2000,XP)
========================================================

root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine nickname" -s /bin/false machine_name$

root# passwd -l machine_name$

root# smbpasswd -a -m machine_name

6. Adding Users
=============

root# useradd myuser
root# smbpasswd -a myuser
(add password)
There's a trick to synchronize linux users and windows users, but it would create a lot of unusefull windows users.
For instance gopher, ftp etc...

7. Windows XP and 2000 registry changing
===================================

This is a MUST!

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters]
"requiresignorseal"=dword:00000000

Cause XP uses default encrypted communication.

8. copying a existing user profile
===========================

This is an example of migrating my profile on my XP desktop. For other MS OS, it might be different.
And I hate to lose my fancy Desktop

C:Documents and Settingsuser to C:Documents and Settingsuser.HOME
(HOME is the DOMAIN name used in smb.conf)

logoff and logon to the domain
YOU NEED TO REENTER PASSWORDS FOR OUTLOOK, websites ETC...

Maybe not the best way, but it was satisfying for my needs.

9. Windows 9x client
=================

No need to add a machine profile (only NT,W2K or XP)
Any proper created user could log on.

10. Extra feature
==============

You could synchronize time using dos command
net time 192.168.1.1 /set /y

11. references
============

(that's where I grepped my information)
http://hr.uoregon.edu/davidrl/samba.html
http://de.samba.org/samba...docs/Samba-PDC-HOWTO.html
http://linuxfocus.org/English/May2002/article247.shtml

Van Ya-Faq gehaald.
Succes!

Oceria doesn't know where this repeatbutton -repeatbutton is...

maandag 13 oktober 2003 15:46

Acties:

Oceria

I've been in between....

Zoals je ondertussen wel hebt gemerkt werkt deze smb.conf file niet geheel als PDC.
Hieronder staat mijn config file, welke wel werkt. Ik zou zeggen, kijk hem eens door en gebruik wat je nodig hebt

code:

#======================= Global Settings =====================================
[global]
# Global Computer Settings
#
netbios name        = Computer
server string       = Server voor home.lan


# LAN  Settings
#
socket options      = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
bind interfaces only    = yes
interfaces      = eth0 10.0.0.100/255.255.255.0
remote announce = 10.0.0.100/home.lan       # Not  realy needed

# Domain Settings
#
preferred master    = yes
domain master       = yes
local master        = yes
os level        = 65                    # Set to a higher level is election is lost
workgroup       = HOME.LAN
wins support        = yes
dns proxy       = no
add user script     = /user/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
domain logons       = yes
logon path      = C:\Documents and Settings\%U.HOME.LAN
logon home      = /home/%U
#logon script       = /home/netlogon/logon.bat      # no login script yet, make sure you create a valid script and set the proper netlogon settings in smb.conf in the shares section!

# Security Settings
#
smb passwd file     = /etc/samba/smbpasswd
encrypt passwords   = yes
security        = user
writeable       = yes

# Various Settings
#
printcap name       = /etc/printcap
load printers       = yes

#Logging
#
log file        = /var/log/sambalog.%m
max log size        = 50

#==================== Share Defenitions ======================================
[printers]
use client drivers  = yes                   # Does not work for windows 9*, will make windows NT* prompt for driver for printer, instead of chocking ot death
printing        = cups
print command       = lpr -r -P%p -o raw %s
# extra mogelijkheden
# bij het printen
lprm command        = cancel %p-%j           # cancel commando
lpq command     = lpstat -o %p           # status opvragen
printer admin       = root
browseable      = no
printable       = yes
force group     = smbusers              # Comment out if problems occur

[Shared]
comment         = Gezamelijke directory voor home.lan
path            = /home/shared
read only       = no
writable        = yes
create mask     = 0664
directory mask      = 0775
public          = yes
guest ok        = yes
force group     = smbusers

[Home]
comment         = Persoonlijke directory voor %U
path            = /home/%U
read only       = no

[Web root]
Comment         = Root directory voor de websites
path            = /var/www
force group     = nobody 
writable        = yes

Oceria doesn't know where this repeatbutton -repeatbutton is...