[Samba] Samba PDC
Mark Warner
hammerhed at rapidreporting.com
Tue Jul 22 17:33:28 GMT 2003
Thanks, robowarp. I did not know that that particular Windows XP issue was
addressed in Samba 3.
However, as I said, the server is running Debian "Woody", which is Debian's
"stable" branch. As I do not wish to run "unstable" packages, I am sticking
with the Woody packaged version for this particular box, and the XP registry
fixes seem to work just fine.
Thanks,
Mark.
----- Original Message -----
From: <robowarp at gmx.de>
To: "Mark Warner" <hammerhed at rapidreporting.com>
Sent: Friday, July 18, 2003 4:50 PM
Subject: Re: [Samba] Samba PDC
> youre so cool , but your winxp reg patch is not of need,
> at samba 3
> greetz
> > Greetings,
> > This is my first post to this mailing list. I was recently put in
> > charge
> > of replacing the unstable, failing Windows 2000 Domain Controller on my
> > company's network, since I'm the only "certified" (laugh here) one here.
> > So,
> > dreading the prospect of configuring a new Windows 2000 Active Directory
> > server, I began to look at alternatives. Natually, Samba was presented
to
> > me
> > as a viable alternative. Our company being run almost entirely on Open
> > Source software, I thought this would likely work out quite nicely.
> > Our network had 2 Windows 2000 Domain Controllers. One of them was
> > almost exclusively a Domain Controller (read: no other function), so I
> > thought that this would be the most ideal candidate for testing. That,
and
> > the fact that it was failing to the point of needing a reboot about
every
> > 3
> > hours. The other DC also functioned as a MS SQL 7 server for our only
> > non-open source application, GoldMine; a sales and marketing
application.
> > So
> > I demoted the ailing DC, removed it from the Directory, and powered it
> > off.
> > I let it sit for a few days, watching the load on the 2nd DC, making
sure
> > it
> > could handle the added load while I was scrubbing the other server.
Turns
> > out that the "added load" of being the only DC consumed about 2% more
> > resources. So I was good to go.
> > After installing and configuring a basic Debian Woody system, I set
> > out
> > to learn just how Samba worked as a PDC. I found tons of documentation,
> > which helped, but I never found a single sample config script that even
> > began to work for me. I spent at least 2 weeks researching the project.
> > The
> > result was that I was successful in producing a stable, functional
domain
> > controller. That project ended on June 4th, and I migrated the rest of
the
> > network over the following evening. We have a mix of Windows 98 SE,
> > Windows
> > 2000, and Windows XP computers, most of which went smoothly. The Windows
> > XP
> > machines had to have some registry modifications made, which I will make
a
> > note of below.
> > About 2 weeks after the project was completed, our Linux
administrator
> > advised me that I should post our config file onto this mailing list, in
> > case anyone else was in need of a known working smb.conf for a domain
> > controller. So, without further ado, here it is:
> >
> > [global]
> > workgroup = DOMAIN
> > netbios name = SERVER_NAME
> > security = user
> > encrypt passwords = Yes
> > password server = PASSWORD_SERVER
> > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> > /bin/false -M %u
> > logon script = login.bat
> > logon home = \\SERVER_NAME\%U
> > logon drive = U:
> > lm announce = yes
> > lm interval = 120
> > remote announce = 192.168.0.0/24
> > domain logons = Yes
> > os level = 99
> > domain master = yes
> > enhanced browsing = true
> > local master = yes
> > preferred master = true
> > wins support = yes
> > name resolve order = wins lmhosts hosts bcast
> > log file = /var/log/samba/log.%m
> > domain admin group = root administrator
> > invalid users = root
> >
> > [homes]
> > comment = Home Directories
> > browseable = yes
> > read only = no
> > create mask = 0755\
> >
> > [netlogon]
> > comment = Network Logon Service
> > path = /usr/local/samba/netlogon
> > guest ok = yes
> > writable = no
> > share modes = no
> >
> > That's it. Short and sweet.
> >
> > Here are the aforementioned Windows XP registry modifications:
> >
> >
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\req
> > uiresignorseal = 0
> >
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sig
> > nsecurechannel = 0
> >
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sea
> > lsecurechannel = 0
> >
> > That's all of 'em.
> >
> > Thanks for your time, and good luck to those who actually needed this
> > info.
> >
> > -Mark Warner
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> +++ GMX - Mail, Messaging & more http://www.gmx.net +++
>
> Jetzt ein- oder umsteigen und USB-Speicheruhr als Prämie sichern!
More information about the samba
mailing list