Success at last.

Tim Deegan tjd-samba at phlogiston.domainregistry.ie
Thu Aug 10 11:55:17 GMT 2000 

Hi,

I'd just like to say a great big thank you to all the Samba and TNG
development team - it's an absolute lifesaver.

For the record, a TNG CVS checkout of the 20th of July is now happily
PDC-ing for me, on Linux 2.2.16/Red Hat 6.2/dual-processor x86 server,
which is also running a Samba 2.0.7 file and print service.  Roaming
profiles and passwords transferred fine from my old (NT Server)
domain.  Password changing works.  Luckily, I haven't had to check
Win9x authentication.

My smb.conf files are below.  Password transfers were made much easier
by the pwdump tool (ftp://ftp.samba.org/pub/samba/pwdump/).

Absolutely marvellous.  Keep up the good work.

Tim (off to light his NT Server box on fire)

-- 
Tim Deegan (TJD7-RIPE)                         I'm not here to speculate
Hostmaster, Sysadmin, Geek                        on the moral lapses of
tim.deegan at domainregistry.ie                       men who died in their
http://www.domainregistry.ie/                         country's service.


# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# Who am I?
   netbios name = FILESERVER

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
   workgroup = OFFICE

# server string is the equivalent of the NT Description field
   server string = File and print server

# Deal with case changes
   preserve case = yes
   short preserve case = yes

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = xxx.xxx.xxx. 127.

# Restrict to appropriate interfaces
   interfaces = eth0 lo
   bind interfaces only = yes

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
   printing = lprng

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba-2/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 2048

# Where to put the locks
   lock dir = /var/lock/samba-2

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = domain
   password server = MYPDC

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
   encrypt passwords = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY 


#============================ Share Definitions ==============================
# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /tmp
   browseable = no
   guest ok = no
   writable = no
   printable = yes
   valid users = +users

#
# Shared public filespace: the fax log, shared docs, etc.
#
[office]
   comment = Common files
   path = /usr/groups/office
   public = no
   writeable = yes
   printable = no
   force group = users
   force create mode = 0770
   force directory mode = 0770
   valid users = +users

#
# Shared readonly filespace: NT software install files, etc.
#
[noc]
   comment = NOC filespace
   path = /usr/groups/noc
   public = no
   printable = no
   write list = +noc
   valid users = +users
   force create mode = 0750
   force directory mode = 0750
   force security mode = 000
   force directory security mode = 000

[homes]
   comment = /home/$USER/
   browseable = no
   public = no
   writable = yes
   printable = no
   valid users = +users
   create mode = 0700
   directory mode = 0700
   force create mode = 0600
   force directory mode = 0700

#
# Share to be used for domain users' profiles.
# The %a below means you get a different profile on Win2K than in NT.
#
[profile]
   path = /home/profiles/%a
   force group = samba
   valid users = +users
   writeable = yes
   printable = no
   create mode = 0600
   directory mode = 0700
   force create mode = 0600
   force directory mode = 0700



#
# samba-tng/lib/smb.conf
# ----------------------
#
# config file for using samba TNG as a PDC
#


[global]

# debug level = 100

#NetBIOS name isn't needed if it's the same as the hostname 
netbios name = MYPDC
workgroup = OFFICE
server string = PDC for new NT domain (Linux/Samba-TNG)

# Security
hosts allow = xxx.xxx.xxx. 127.
interfaces = eth0:8
bind interfaces only = yes

# Deal with case changes
preserve case = yes
short preserve case = yes

# Keep away from Samba 2.0.x server
log file = /var/log/samba-tng/log.%m
lock dir = /var/lock/samba-tng

# Flat files that map Unix groups to NT type groups. 
# These files take the form unix_group = `Windows NT group'' 
domain group map = /usr/local/samba-tng/private/domaingroup.map 
domain alias map = /usr/local/samba-tng/private/domainalias.map 

# Domain controllers use user security and we need encrypted 
# passwords (see ENCRYPTION.txt) 
security = user 
domain logons = yes 
encrypt passwords = yes 

# Browser wars
os level = 60
domain master = yes
preferred master = yes
local master = yes

# No WINS just yet
wins support = no
time server = yes 

# User logon land
#
logon script = login.bat 
logon drive = Q:
logon home = \\FILESERVER\%U
logon path = \\FILESERVER\profile\%U

# Would prefer to leave all of the fileservice on the 2.0.x server, but
# the netlogon share at least has to go here.

[netlogon] 
   path = /usr/groups/netlogon 
   force user = nobody
   writable = no 
   printable = no
   public = no 
   comment = PDC netlogon share 
   valid users = +users

#
# EOF
#

More information about the samba-ntdom mailing list