[Samba] DID IT! Samba 2.2.8a PCD +W2K +SP4

Damiano G. Preatoni prea at uninsubria.it
Mon Sep 1 17:16:46 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, listers

I managed how to fix the issue caused by upgrading W2k clients to SP4 (no 
domain logins, no profiles, no netlogon). It's been a nice week-end as you 
can figure... :)

I resume here the steps i've done so far.

SERVER SIDE:

/etc/samba/smb.conf:

[global]
  ; basic server settings
  workgroup = uagb
  netbios name = malaussene
  server string = %L (Samba %v PDC for UAGB domain)
  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192

  ; PDC and master browser settings
  os level = 64
  preferred master = yes
  local master = yes
  domain master = yes
  wins support = yes
  name resolve order = wins bcast

  ; security and logging settings
  security = user
  encrypt passwords = yes
  domain logons = yes
  log file = /var/log/samba/%m.log
  log level = 3
  max log size = 50
  hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0

  ; roaming profiles support
  logon home = \\%L\%U\.profile
  logon drive = G:
  logon path = \\%L\profiles\%U
  logon script = logon.bat

  ; automated machine accounts creation
  add user script = /usr/sbin/useradd -d /dev/null -g workstations -s 
/bin/false -M %u

  ; UNIX password synchronization
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*

# ==============================================================
[homes]
  comment = %u home directory
  browseable = no
  writeable = yes


[profiles]
  comment = UAGB Profile directory (Samba %v PDC)
  path = /home/profiles
  writeable = yes
  browseable = no
  create mask = 0600
  directory mask = 0700


[netlogon]
  comment = Network Logon Service
  path = /home/netlogon
  guest ok = yes
  writable = no
  share modes = no

[printers]
    browseable = no
    comment = Printers on %L
    path = /var/spool/samba
    printable = yes
    public = no
    writable = no

# "normal" shares follow...

[SCAMBIO]
    browseable = yes
    comment = UAGB shared directory
    only user = no
    path = /home/share
    public = no
    writable = yes



I set permissions (chmod) 1517 on /home/profiles, and set ownership to 
root.root.
Each directory in /home/profiles should be chmod 0700, and owned by each user.

I set permissions 0775 to /home/netlogon, and ownership to root.smbadmin

I created a group "smbadmin", and a group "workstations". GIDs are 1000 and 
500, but I think it doesn't matter.

The samba server also acts as a caching DNS (see the DNS-HOWTO!)

CLIENT SIDE
login as Administrator
Go to System/Network Identification and place the machine into a WORKGROUP,
(any name will do, just leave the old domain) leaving the domain. Don't waste 
your time rebooting.

Go to Control Panel/Network and Dial-up Connections, pick your LAN connection
(should be called "Local Area Connection") and go to the Properties of the 
TCP/IP protocol.
Set Preferred DNS: 192.168.1.250 (i.e. the samba server IP, that acts also as 
a caching DNS)
Click on "Advanced", go to DNS tab and set "Append primary and connection 
specific DNS suffixes" and "Append parent suffixes of the primary DNS 
suffix".
Other checkboxes/radiobuttons in this panel should be unchecked.
Go to WINS tab. Set the WINS server IP to the IP of the samba server 
(102.168.1.250 in my case).
DISABLE "Enable LMHOSTS lookup"
ENABLE "Enable NEtBIOS over TCP/IP"

I didn't touch the "Options" tab. No IPSEC, No filtering.


Close everything, go back to System/Network Identification
Make sure that, clicking on "More", the domain where your boxes are is
specified. I put in "dipbsf.uninsubria.it", which is my "primary and 
connection specific DNS suffixes" in MicroSpeak.
UNCHECK the "Change primary DNS suffix when domain membership changes"
checkbox.

Now click the "Domain" radio button, and rejoin the domain, logging in as any 
samba user.

Close everything, and this time reboot.

I advise, after the reboot, to log in as Administrator again, and to launch
(Window/R, or Start/Run) LUSRMGR.MSC and to remove "Domain Users" from the
"Users" group, and adding it instead to the "Power Users" group.


Feel free to ask any question!


Still, I'm really trying to figure a way to convince my boss and my colleagues 
to switch to diskless X terminals... 


- -- 
Many aligators will be slain,
but the swamp will remain.
- -----------------------------------------------------------
Damiano G. Preatoni, PhD

Unità  di Analisi e Gestione delle Biocenosi
Dipartimento di Biologia Strutturale e Funzionale
Università  degli Studi dell'Insubria
Via J.H. Dunant, 3 - 21100 Varese (ITALY)

http://biocenosi.dipbsf.uninsubria.it/
ICQ: 78690321
Odigo: 2645129
- -----------------------------------------------------------

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (GNU/Linux)

mQGiBD40aw8RBADACOJXSNuMPg9XhNeJxaMHZVHgCFhQkIP8bQf7ySIwjy8mpIrD
MDK7lyN1tClHp863aiFsNSMLe7lQUcAfBvTsB0xenwBu2U3MkOFaSDtoLprNAbHq
M3V5fMYo2hVRdiKYiIFcoR51d3XC/TA/2LjL61oDpUKkVdEJ13t3/pai3wCg41P2
e9pAXBNZPj9dZKcck+GCVIsD/RU/bEsR94df7fvDMn7HCuxtc6PoL+Gr2ADda2Yh
cLlEgFObcxSutQFH82VHG03ynaQ4x8QKf3NhPeMmcT5D/cwdSt9uT+DvzwCE4EMt
B0W39gGllRS/KP1ByLpLR66BKwvH+TRIzfPAf41kZSEx2uLP6vDJO0MgfVupkMgv
17ZxA/wMY7Fgco5T6VMp2O7y8WozXpsgauCqodlpryhj2h1v4PA/mGnnPhZeuAve
wUkZqFrhGWUJqn4bto3fgeKIKcNjmZADLDeyCd1EkzAkEfNM1qi8QiFG4WRwwkS0
4mutKG2mV39Z1CB/3EOK6Rs41DC2MyW0gwgpP69ocdT1nhIqnLQoRGFtaWFubyBH
LiBQcmVhdG9uaSA8cHJlYUB1bmluc3VicmlhLml0PohZBBMRAgAZBQI+NGsPBAsH
AwIDFQIDAxYCAQIeAQIXgAAKCRBmFqXVbV6HRrtGAJ0SbS6+kPfexAVv0FPBTJhg
O1AzUgCeIfTup9PskKkzxm7oDCBA7R4fd3G5AQ0EPjRrEhAEAPBhd6KNwUavukYs
rKAg4Psf8XxS9PwPnqiCusGKHDsIRe9eRH4ts/e6olr8vccHBbpTtj191gQ42GYS
fZhmPUDeZC/H58bL5Rfwpv3zH8nZnu5zBwbFyC6fA1InOW/K0JUfN1gLphGk+wVW
yECOMoAgGTzc+FVPInnFtLWWVGWXAAMFA/9gatgWAk0mAYnRqBg1V0qxicks17/O
GQzFrkiICROfihhjiQd0c37VziUup7tLGl3QQw54Ah2xkbqwIz70lmoeK1Ur7y05
5kqYx2YFGe2JNyLzi3jYZG5j9SKOhXwpEii4mEyUFHm1qUIllm36Hk6233FSyFcw
XU/PCqZXXa583IhGBBgRAgAGBQI+NGsSAAoJEGYWpdVtXodGRrMAn0ydvZjO+uKt
NeE2431kFSchaxUGAKDEfNuuzBiVutwAX/huqYNuaxdiNQ==
=CwKl
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/U37/Zhal1W1eh0YRAilgAJ9jWIAB6FrpE9/xyGuCDDCaGeXJzQCfcRxN
DCwsgJU+bjCTxt/SUO+dgbY=
=CPXg
-----END PGP SIGNATURE-----

More information about the samba mailing list