Success at last.
Tim Deegan
tjd-samba at phlogiston.domainregistry.ie
Thu Aug 10 11:55:17 GMT 2000
Hi,
I'd just like to say a great big thank you to all the Samba and TNG
development team - it's an absolute lifesaver.
For the record, a TNG CVS checkout of the 20th of July is now happily
PDC-ing for me, on Linux 2.2.16/Red Hat 6.2/dual-processor x86 server,
which is also running a Samba 2.0.7 file and print service. Roaming
profiles and passwords transferred fine from my old (NT Server)
domain. Password changing works. Luckily, I haven't had to check
Win9x authentication.
My smb.conf files are below. Password transfers were made much easier
by the pwdump tool (ftp://ftp.samba.org/pub/samba/pwdump/).
Absolutely marvellous. Keep up the good work.
Tim (off to light his NT Server box on fire)
--
Tim Deegan (TJD7-RIPE) I'm not here to speculate
Hostmaster, Sysadmin, Geek on the moral lapses of
tim.deegan at domainregistry.ie men who died in their
http://www.domainregistry.ie/ country's service.
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
# Who am I?
netbios name = FILESERVER
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = OFFICE
# server string is the equivalent of the NT Description field
server string = File and print server
# Deal with case changes
preserve case = yes
short preserve case = yes
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = xxx.xxx.xxx. 127.
# Restrict to appropriate interfaces
interfaces = eth0 lo
bind interfaces only = yes
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
printing = lprng
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba-2/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 2048
# Where to put the locks
lock dir = /var/lock/samba-2
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = domain
password server = MYPDC
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY
#============================ Share Definitions ==============================
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /tmp
browseable = no
guest ok = no
writable = no
printable = yes
valid users = +users
#
# Shared public filespace: the fax log, shared docs, etc.
#
[office]
comment = Common files
path = /usr/groups/office
public = no
writeable = yes
printable = no
force group = users
force create mode = 0770
force directory mode = 0770
valid users = +users
#
# Shared readonly filespace: NT software install files, etc.
#
[noc]
comment = NOC filespace
path = /usr/groups/noc
public = no
printable = no
write list = +noc
valid users = +users
force create mode = 0750
force directory mode = 0750
force security mode = 000
force directory security mode = 000
[homes]
comment = /home/$USER/
browseable = no
public = no
writable = yes
printable = no
valid users = +users
create mode = 0700
directory mode = 0700
force create mode = 0600
force directory mode = 0700
#
# Share to be used for domain users' profiles.
# The %a below means you get a different profile on Win2K than in NT.
#
[profile]
path = /home/profiles/%a
force group = samba
valid users = +users
writeable = yes
printable = no
create mode = 0600
directory mode = 0700
force create mode = 0600
force directory mode = 0700
#
# samba-tng/lib/smb.conf
# ----------------------
#
# config file for using samba TNG as a PDC
#
[global]
# debug level = 100
#NetBIOS name isn't needed if it's the same as the hostname
netbios name = MYPDC
workgroup = OFFICE
server string = PDC for new NT domain (Linux/Samba-TNG)
# Security
hosts allow = xxx.xxx.xxx. 127.
interfaces = eth0:8
bind interfaces only = yes
# Deal with case changes
preserve case = yes
short preserve case = yes
# Keep away from Samba 2.0.x server
log file = /var/log/samba-tng/log.%m
lock dir = /var/lock/samba-tng
# Flat files that map Unix groups to NT type groups.
# These files take the form unix_group = `Windows NT group''
domain group map = /usr/local/samba-tng/private/domaingroup.map
domain alias map = /usr/local/samba-tng/private/domainalias.map
# Domain controllers use user security and we need encrypted
# passwords (see ENCRYPTION.txt)
security = user
domain logons = yes
encrypt passwords = yes
# Browser wars
os level = 60
domain master = yes
preferred master = yes
local master = yes
# No WINS just yet
wins support = no
time server = yes
# User logon land
#
logon script = login.bat
logon drive = Q:
logon home = \\FILESERVER\%U
logon path = \\FILESERVER\profile\%U
# Would prefer to leave all of the fileservice on the 2.0.x server, but
# the netlogon share at least has to go here.
[netlogon]
path = /usr/groups/netlogon
force user = nobody
writable = no
printable = no
public = no
comment = PDC netlogon share
valid users = +users
#
# EOF
#
More information about the samba-ntdom
mailing list