[Samba] DID IT! Samba 2.2.8a PCD +W2K +SP4
Damiano G. Preatoni
prea at uninsubria.it
Mon Sep 1 17:16:46 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, listers
I managed how to fix the issue caused by upgrading W2k clients to SP4 (no
domain logins, no profiles, no netlogon). It's been a nice week-end as you
can figure... :)
I resume here the steps i've done so far.
SERVER SIDE:
/etc/samba/smb.conf:
[global]
; basic server settings
workgroup = uagb
netbios name = malaussene
server string = %L (Samba %v PDC for UAGB domain)
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
wins support = yes
name resolve order = wins bcast
; security and logging settings
security = user
encrypt passwords = yes
domain logons = yes
log file = /var/log/samba/%m.log
log level = 3
max log size = 50
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
; roaming profiles support
logon home = \\%L\%U\.profile
logon drive = G:
logon path = \\%L\profiles\%U
logon script = logon.bat
; automated machine accounts creation
add user script = /usr/sbin/useradd -d /dev/null -g workstations -s
/bin/false -M %u
; UNIX password synchronization
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
# ==============================================================
[homes]
comment = %u home directory
browseable = no
writeable = yes
[profiles]
comment = UAGB Profile directory (Samba %v PDC)
path = /home/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
[printers]
browseable = no
comment = Printers on %L
path = /var/spool/samba
printable = yes
public = no
writable = no
# "normal" shares follow...
[SCAMBIO]
browseable = yes
comment = UAGB shared directory
only user = no
path = /home/share
public = no
writable = yes
I set permissions (chmod) 1517 on /home/profiles, and set ownership to
root.root.
Each directory in /home/profiles should be chmod 0700, and owned by each user.
I set permissions 0775 to /home/netlogon, and ownership to root.smbadmin
I created a group "smbadmin", and a group "workstations". GIDs are 1000 and
500, but I think it doesn't matter.
The samba server also acts as a caching DNS (see the DNS-HOWTO!)
CLIENT SIDE
login as Administrator
Go to System/Network Identification and place the machine into a WORKGROUP,
(any name will do, just leave the old domain) leaving the domain. Don't waste
your time rebooting.
Go to Control Panel/Network and Dial-up Connections, pick your LAN connection
(should be called "Local Area Connection") and go to the Properties of the
TCP/IP protocol.
Set Preferred DNS: 192.168.1.250 (i.e. the samba server IP, that acts also as
a caching DNS)
Click on "Advanced", go to DNS tab and set "Append primary and connection
specific DNS suffixes" and "Append parent suffixes of the primary DNS
suffix".
Other checkboxes/radiobuttons in this panel should be unchecked.
Go to WINS tab. Set the WINS server IP to the IP of the samba server
(102.168.1.250 in my case).
DISABLE "Enable LMHOSTS lookup"
ENABLE "Enable NEtBIOS over TCP/IP"
I didn't touch the "Options" tab. No IPSEC, No filtering.
Close everything, go back to System/Network Identification
Make sure that, clicking on "More", the domain where your boxes are is
specified. I put in "dipbsf.uninsubria.it", which is my "primary and
connection specific DNS suffixes" in MicroSpeak.
UNCHECK the "Change primary DNS suffix when domain membership changes"
checkbox.
Now click the "Domain" radio button, and rejoin the domain, logging in as any
samba user.
Close everything, and this time reboot.
I advise, after the reboot, to log in as Administrator again, and to launch
(Window/R, or Start/Run) LUSRMGR.MSC and to remove "Domain Users" from the
"Users" group, and adding it instead to the "Power Users" group.
Feel free to ask any question!
Still, I'm really trying to figure a way to convince my boss and my colleagues
to switch to diskless X terminals...
- --
Many aligators will be slain,
but the swamp will remain.
- -----------------------------------------------------------
Damiano G. Preatoni, PhD
Unità di Analisi e Gestione delle Biocenosi
Dipartimento di Biologia Strutturale e Funzionale
Università degli Studi dell'Insubria
Via J.H. Dunant, 3 - 21100 Varese (ITALY)
http://biocenosi.dipbsf.uninsubria.it/
ICQ: 78690321
Odigo: 2645129
- -----------------------------------------------------------
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)
mQGiBD40aw8RBADACOJXSNuMPg9XhNeJxaMHZVHgCFhQkIP8bQf7ySIwjy8mpIrD
MDK7lyN1tClHp863aiFsNSMLe7lQUcAfBvTsB0xenwBu2U3MkOFaSDtoLprNAbHq
M3V5fMYo2hVRdiKYiIFcoR51d3XC/TA/2LjL61oDpUKkVdEJ13t3/pai3wCg41P2
e9pAXBNZPj9dZKcck+GCVIsD/RU/bEsR94df7fvDMn7HCuxtc6PoL+Gr2ADda2Yh
cLlEgFObcxSutQFH82VHG03ynaQ4x8QKf3NhPeMmcT5D/cwdSt9uT+DvzwCE4EMt
B0W39gGllRS/KP1ByLpLR66BKwvH+TRIzfPAf41kZSEx2uLP6vDJO0MgfVupkMgv
17ZxA/wMY7Fgco5T6VMp2O7y8WozXpsgauCqodlpryhj2h1v4PA/mGnnPhZeuAve
wUkZqFrhGWUJqn4bto3fgeKIKcNjmZADLDeyCd1EkzAkEfNM1qi8QiFG4WRwwkS0
4mutKG2mV39Z1CB/3EOK6Rs41DC2MyW0gwgpP69ocdT1nhIqnLQoRGFtaWFubyBH
LiBQcmVhdG9uaSA8cHJlYUB1bmluc3VicmlhLml0PohZBBMRAgAZBQI+NGsPBAsH
AwIDFQIDAxYCAQIeAQIXgAAKCRBmFqXVbV6HRrtGAJ0SbS6+kPfexAVv0FPBTJhg
O1AzUgCeIfTup9PskKkzxm7oDCBA7R4fd3G5AQ0EPjRrEhAEAPBhd6KNwUavukYs
rKAg4Psf8XxS9PwPnqiCusGKHDsIRe9eRH4ts/e6olr8vccHBbpTtj191gQ42GYS
fZhmPUDeZC/H58bL5Rfwpv3zH8nZnu5zBwbFyC6fA1InOW/K0JUfN1gLphGk+wVW
yECOMoAgGTzc+FVPInnFtLWWVGWXAAMFA/9gatgWAk0mAYnRqBg1V0qxicks17/O
GQzFrkiICROfihhjiQd0c37VziUup7tLGl3QQw54Ah2xkbqwIz70lmoeK1Ur7y05
5kqYx2YFGe2JNyLzi3jYZG5j9SKOhXwpEii4mEyUFHm1qUIllm36Hk6233FSyFcw
XU/PCqZXXa583IhGBBgRAgAGBQI+NGsSAAoJEGYWpdVtXodGRrMAn0ydvZjO+uKt
NeE2431kFSchaxUGAKDEfNuuzBiVutwAX/huqYNuaxdiNQ==
=CwKl
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/U37/Zhal1W1eh0YRAilgAJ9jWIAB6FrpE9/xyGuCDDCaGeXJzQCfcRxN
DCwsgJU+bjCTxt/SUO+dgbY=
=CPXg
-----END PGP SIGNATURE-----
More information about the samba
mailing list