JROCK2004
Guru
Joined: 02 Mar 2004
Posts: 450
Location: PA
|
 Posted: Wed Nov 08, 2006 11:34 pm Post subject: My Samba PDC |
 |
|
Ok what my goal is here to put what I have so far and ask a few questions and see if I did this right.
Ok on my server I have a samba PDC running.
I have a profile stuff and net login stuff in
/var/lib/samba/netlogin
/var/lib/samba/profiles
users in windows XP is just fine and can log into domain
Now to questions/problems
ok on one windows machine when I login as root he can do everything as an admin would. but on other machines he cannot. Any ideas?
How do I get my linux clients to join the samba PDC?
Lastly when ever I set up a share drive with samba the users home directories do not get mounted. What could be wrong?
Here is my smb.conf for the server
| Code: |
#======================= Global Settings =====================================
[global]
# 1. Server Naming Options:
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = server
# netbios name is the name you will see in "Network Neighbourhood",
# but defaults to your hostname
netbios name = paserver
# server string is the equivalent of the NT Description field
server string = PDC Samba Server %v
# 2. Printing Options:
# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = cups
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
# Samba 3.x supports the Windows NT-style point-and-print feature. To
# use this, you need to be able to upload print drivers to the samba
# server. The printer admins (or root) may install drivers onto samba.
# Note that this feature uses the print$ share, so you will need to
# enable it below.
# printer admin = @<group> <user>
printer admin = @adm
# This should work well for winbind:
; printer admin = @"Domain Admins"
# 3. Logging Options:
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Set the log (verbosity) level (0 <= log level <= 10)
log level = 3
# 4. Security and Domain Membership Options:
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page. Do not enable this if (tcp/ip) name resolution does
# not work for all the hosts in your network.
hosts allow = 192.168.254.1/15 127.0.0.1/8
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# Allow users to map to guest:
map to guest = bad user
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
# Encrypted passwords are required for any use of samba in a Windows NT domain
# The smbpasswd file is only required by a server doing authentication, thus
# members of a domain do not need one.
encrypt passwords = yes
# 5. Browser Control and Networking Options:
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 65
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# 6. Domain Control Options:
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations or Primary Domain Controller for WinNT and Win2k
domain logons = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
logon script = %U.bat
# Where to store roaming profiles for WinNT and Win2k
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
logon path = \\%L\Profiles\%U
logon drive = H:
# Where to store roaming profiles for Win9x. Be careful with this as it also
# impacts where Win2k finds it's /HOME share
logon home = \\%L\%U\.profile
# The add user script is used by a domain member to add local user accounts
# that have been authenticated by the domain controller, or when adding
# users via the Windows NT Tools (ie User Manager for Domains).
# Scripts for file (passwd, smbpasswd) backend:
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %s
add user to group script = /usr/bin/usermod -G %u %g
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
; set primary group script = /usr/sbin/usermod -g '%g' '%u'
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
passwd program = /usr/bin/passwd %u
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password change*"
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
# Enabling internationalization:
# you can match a Windows code page with a UNIX character set.
# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
# 852 (Czech), 861 (???), 932 (Japanese),
# 936 (Simplified Chin.), 949 (Korean Hangul),
# 950 (Trad. Chin.).
# More detail about code page is in
# "http://www.microsoft.com/globaldev/reference/oslocversion.mspx"
# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
# This is an example for french users:
; dos charset = 850
unix charset = ISO8859-1
profile acls = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
path = /home/%U
browseable = no
valid users = %S
read only = no
guest ok = no
inherit permissions = yes
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = no
read only = yes
browseable = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /var/lib/samba/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @smbusers @root
create mask = 0600
directory mask = 0700
csc policy = disable
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients. On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to swap the 'print command' line below with the commented one.
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
print admin = yes
create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
print command = lpr-cups -P %p -o raw %s -r # using client side printer dr$
; print command = lpr-cups -P %p %s # using cups own drivers (use generic Pos$
# The following two commands are the samba defaults for printing=cups
# change them only if you need different options:
; lpq command = lpq -P %p
; lprm command = cancel %p-%j
# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf
[print$]
path = /etc/samba/drivers
browseable = yes
read only = yes
guest ok = no
write list = root
Now I know this is commented because I did this cause of issue but here is my share
;[public]
; path = /data
; public = yes
; only guest = yes
; writable = yes
; printable = no
|
If you see any errors or changes I should make, let me know. Also answers to my questions would be cool  Thanks |
|
Networking & Security
