Solaris 8 as PDC For Win 2K SP2

David Highley dhighley at highley-recommended.com
Mon Oct 22 14:39:02 GMT 2001


Getting Samba 2.2.2 setup as a PDC on Solaris 8 with ISCs DHCP server
version 2.0pl5. We are also using NIS and automounted home directories.
This is not meant to be a replacement for the documentation delivered
with Samba or ISCs DHCP server software.

With this configuration we are networking Windows 98, Windows 98 second
edition, NT 4.0 SP6a, Windows 2000 SP2, RedHat 6.2, and RedHat 7.1.
There are many more settings we would like to experiment with given
time.

First we must thank the very helpful individual who will remain
nameless at his request for educating me on a mistake and some over
looked documentation. He also enlightened me on the meaning of an
acronym that I had been using for a workgroup, in Australia FRED stands
for Flaming Ridiculous Electronic Device.

Now for the details which I hope can help others. We configured Samba
build as follows:
    ./configure  --with-smbwrapper --with-acl-support --with-automount
    Fixed line 603 in Makefile for target bin/smbwrapper.so changing
    the -shared flag to -G.
    make
    su - to root
    cd /etc/init.d
    ./samba stop
    make install
    cd /etc/init.d
    ./samba start

In release 2.2.2 smbsh does not work, but the build problem and smbsh
are fixed in the CVS tree.

Manually added machine accounts to /etc/passwd and /etc/shadow files:
    passwd - dogwood$:x:10006:10000:Machine:/dev/null:/bin/false
    shadow - dogwood$:*LK*:::::::
    group  - machines::10000:      just for admin consistency

Set up the /usr/local/samba/private/smbpasswd file. Make sure you
include the root user, but you should use a different password than used
for logging in as the UNIX root user. Add other users as needed and set
their passwords.

Now for the much needed assistance. We had been trying to get Samba to
work as a PDC since version 2.2.0. All machines Windows NT 4.0 and
Windows 98 were able to work with the PDC, but not Windows 2000 systems.
Windows 2000 systems would return an RPC error at the end of trying to
join the domain. When attempting to use the adduser script the machine
account entries would get created in the /etc/passwd /etc/shadow and
/usr/local/samba/private/smbpasswd files and then error out with the RPC
problem.

We had existing smb.conf files and the line "password server = *" on
the system being set up as a PDC was causing the RPC failure to occur.
So we removed this line as the PDC system was not able to find its self
as the password server. The other helpful information was to make the
following modifications to our dhcpd.conf files:
    - In the subnet section add the following two lines
    option netbios-dd-server 10.2.2.3;
    option netbios-node-type 8;

Restart your dhcp server after making the above changes.

Changing the node type to 8 tells the clients to go to the wins server
before broadcasting, this is documented in a fairly new Samba file
.../samba-2.2.2/docs/textdocs/DHCP-Server-Configuration.txt. Full
documentation is in the man -s 4 dhcp.options that is installed with
ISCs DHCP software. This may not show up on your system as the catman
command shipped with Solaris 8 is broken and does not build the windex
file correctly. The above changes really diminish the number of
broadcast messages sent.

Another thing to know is that its best to run swat to configure the
smb.conf file for reasons that we will not go into here. In fact it may
be best to make a copy of your smb.conf file and then remove it as I
have found that it does not remove some existing lines if you set them
to default in swat. This is one of the areas we would like to experiment
with more as we believe we may still have too many things being set in
the global section.

Oplocks and max open files configuration are still areas for
experimentation especially when using the Configuration Management
product ClearCase.

To join a Windows 2000 system to the domain:
    - logon to the local Administrator account
    - right click on My Computer
    - select Properties
    - Network Identification
    - select Properties
    - select workgroup
    - type in FOO
    - Apply
    - OK
    - Reboot
    - logon to the local Administrator account
    - right click on My Computer
    - select Properties
    - Network Identification
    - select Properties
    - select Domain
    - type in "YOUR DOMAIN"
    - type in root and password
    - Apply
    - OK
    - Reboot

Note: make sure you do not all ready have a machine entry for the system
you are trying to add to the domain in the
/usr/local/samba/private/smbpasswd file.

Below is our working PDC smb.conf file:

# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2001/10/19 13:52:28

# Global parameters
[global]
	workgroup = RECOMMENDED
	netbios name = HEMLOCK
	server string = Samba %v on (%L)
	encrypt passwords = Yes
	username map = /usr/local/samba/lib/users.map
	log file = /usr/local/samba/var/log.%m
	max log size = 50
	time server = Yes
	max open files = 1000
	domain admin group = @Administrators
	logon path = \\%N\profiles\%U
	logon drive = H:
	domain logons = Yes
	os level = 33
	domain master = True
	dns proxy = No
	wins support = Yes
	homedir map = auto.home
	NIS homedir = Yes
	invalid users = daemon bin sys adm lp uucp nuucp listen noaccess lnman lmxadmin lmxguest lmworld ppp
	create mask = 0644

[homes]
	comment = Home Directories
	read only = No
	browseable = No
	oplocks = No
	level2 oplocks = No

[ccase_rls]
	comment = ClearCase Releases
	path = /usr/local/ccase_rls
	write list = @vob
	read only = No

[www]
	comment = ClearCase Releases
	path = /outside/www/dhighley
	write list = dhighley
	read only = No
	guest ok = Yes
	oplocks = No
	level2 oplocks = No

[netlogon]
	comment = Network Logon Service
	path = /usr/local/samba/netlogon
	write list = @Administrators
	guest ok = Yes
	browseable = No

[profiles]
	comment = User profiles
	path = /usr/local/samba/profiles
	read only = No
	create mask = 0600
	directory mask = 0700
	browseable = No

[printers]
	comment = All Printers
	path = /usr/spool/samba
	printable = Yes
	browseable = No




Here is a second samba configured systems smb.conf file:

# Samba config file created using SWAT
# from hemlock.highley-recommended.com (10.2.2.3)
# Date: 2001/10/20 10:59:39

# Global parameters
[global]
	workgroup = RECOMMENDED
	netbios name = SPRUCE
	server string = Samba %v on (%L)
	encrypt passwords = Yes
	password server = *
	username map = /usr/local/samba/lib/users.map
	log file = /usr/local/samba/var/log.%m
	max log size = 50
	time server = Yes
	max open files = 1000
	domain admin group = @Administrators
	logon drive = H:
	preferred master = False
	local master = No
	dns proxy = No
	wins server = 10.2.2.3
	NIS homedir = Yes
	invalid users = daemon bin sys adm lp uucp nuucp listen noaccess lnman lmxadmin lmxguest lmworld ppp
	create mask = 0644

[homes]
	comment = Home Directories
	read only = No
	browseable = No
	oplocks = No
	level2 oplocks = No

[ccase_rls]
	comment = ClearCase Releases
	path = /usr/local/ccase_rls
	write list = @vob
	read only = No
	guest ok = Yes

[vobs]
	comment = ClearCase VOB and View Storage
	path = /vobs
	read list = @vob, @staff
	write list = @vob, @staff
	read only = No
	guest ok = Yes
	oplocks = No
	level2 oplocks = No

[ClearCase]
	comment = ClearCase VOB and View Storage
	path = /ClearCase
	read list = @vob, @staff
	write list = @vob, @staff
	read only = No
	guest ok = Yes
	oplocks = No
	level2 oplocks = No

[www]
	comment = ClearCase Releases
	path = /outside/www
	write list = dhighley
	read only = No
	guest ok = Yes
	oplocks = No
	level2 oplocks = No

[netlogon]
	comment = Network Logon Service
	path = /usr/local/samba/netlogon
	browseable = No

[profiles]
	comment = User profiles
	path = /usr/local/samba/profiles
	read only = No
	create mask = 0600
	directory mask = 0700
	browseable = No

[printers]
	comment = All Printers
	path = /usr/spool/samba
	printable = Yes
	browseable = No



-- 


Regards,

David Highley		      Phone: (206) 669-0081
Highley Recommended, Inc.	FAX: (253) 838-8509
2927 SW 339th Street	      Email: dhighley at highley-recommended.com
Federal Way, WA 98023-7732	WEB: http://www.highley-recommended.com




More information about the samba mailing list