[Samba] Samba PDC

Mark Warner hammerhed at rapidreporting.com
Tue Jul 22 17:33:28 GMT 2003 

Thanks, robowarp. I did not know that that particular Windows XP issue was
addressed in Samba 3.
However, as I said, the server is running Debian "Woody", which is Debian's
"stable" branch. As I do not wish to run "unstable" packages, I am sticking
with the Woody packaged version for this particular box, and the XP registry
fixes seem to work just fine.

Thanks,
Mark.

----- Original Message ----- 
From: <robowarp at gmx.de>
To: "Mark Warner" <hammerhed at rapidreporting.com>
Sent: Friday, July 18, 2003 4:50 PM
Subject: Re: [Samba] Samba PDC


> youre so cool , but your winxp reg patch is not of need,
> at samba 3
> greetz
> > Greetings,
> >     This is my first post to this mailing list. I was recently put in
> > charge
> > of replacing the unstable, failing Windows 2000 Domain Controller on my
> > company's network, since I'm the only "certified" (laugh here) one here.
> > So,
> > dreading the prospect of configuring a new Windows 2000 Active Directory
> > server, I began to look at alternatives. Natually, Samba was presented
to
> > me
> > as a viable alternative. Our company being run almost entirely on Open
> > Source software, I thought this would likely work out quite nicely.
> >     Our network had 2 Windows 2000 Domain Controllers. One of them was
> > almost exclusively a Domain Controller (read: no other function), so I
> > thought that this would be the most ideal candidate for testing. That,
and
> > the fact that it was failing to the point of needing a reboot about
every
> > 3
> > hours. The other DC also functioned as a MS SQL 7 server for our only
> > non-open source application, GoldMine; a sales and marketing
application.
> > So
> > I demoted the ailing DC, removed it from the Directory, and powered it
> > off.
> > I let it sit for a few days, watching the load on the 2nd DC, making
sure
> > it
> > could handle the added load while I was scrubbing the other server.
Turns
> > out that the "added load" of being the only DC consumed about 2% more
> > resources. So I was good to go.
> >     After installing and configuring a basic Debian Woody system, I set
> > out
> > to learn just how Samba worked as a PDC. I found tons of documentation,
> > which helped, but I never found a single sample config script that even
> > began to work for me. I spent at least 2 weeks researching the project.
> > The
> > result was that I was successful in producing a stable, functional
domain
> > controller. That project ended on June 4th, and I migrated the rest of
the
> > network over the following evening. We have a mix of Windows 98 SE,
> > Windows
> > 2000, and Windows XP computers, most of which went smoothly. The Windows
> > XP
> > machines had to have some registry modifications made, which I will make
a
> > note of below.
> >     About 2 weeks after the project was completed, our Linux
administrator
> > advised me that I should post our config file onto this mailing list, in
> > case anyone else was in need of a known working smb.conf for a domain
> > controller. So, without further ado, here it is:
> >
> > [global]
> >      workgroup = DOMAIN
> >      netbios name = SERVER_NAME
> >      security = user
> >      encrypt passwords = Yes
> >      password server = PASSWORD_SERVER
> >      add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> > /bin/false -M %u
> >      logon script = login.bat
> >      logon home = \\SERVER_NAME\%U
> >      logon drive = U:
> >      lm announce = yes
> >      lm interval = 120
> >      remote announce = 192.168.0.0/24
> >      domain logons = Yes
> >      os level = 99
> >      domain master = yes
> >      enhanced browsing = true
> >      local master = yes
> >      preferred master = true
> >      wins support = yes
> >      name resolve order = wins lmhosts hosts bcast
> >      log file = /var/log/samba/log.%m
> >      domain admin group = root administrator
> >      invalid users = root
> >
> > [homes]
> >      comment = Home Directories
> >      browseable = yes
> >      read only = no
> >      create mask = 0755\
> >
> > [netlogon]
> >      comment = Network Logon Service
> >      path = /usr/local/samba/netlogon
> >      guest ok = yes
> >      writable = no
> >      share modes = no
> >
> > That's it. Short and sweet.
> >
> > Here are the aforementioned Windows XP registry modifications:
> >
> >
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\req
> > uiresignorseal = 0
> >
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sig
> > nsecurechannel = 0
> >
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sea
> > lsecurechannel = 0
> >
> > That's all of 'em.
> >
> > Thanks for your time, and good luck to those who actually needed this
> > info.
> >
> > -Mark Warner
> >
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
> -- 
> +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
>
> Jetzt ein- oder umsteigen und USB-Speicheruhr als Prämie sichern!

More information about the samba mailing list