[Samba] Creating a PDC on a LAN with standalone boxes and PDC-enabled boxes

J.F.Gratton jean-francois.gratton at videotron.ca
Wed Sep 22 10:28:34 MDT 2010


I have here a LAN on where some boxes should connect to a PDC and others not.

Here's a brief description of the important machines.

- main fileserver is oslo ( running on kubuntu 10.04 fully updated
- virtual machine running on oslo, named oslo2 ( running win7 ultimate x64
- main dev machine is lillehammer ( running kubuntu 10.04 fully updated
- main dev virtual machine is lillehammer2 ( running win7 ultimate x64

The fileserver is running Samba (latest packages from ubuntu), and I want Samba there to act as a PDC, as well as allowing non PDC-enabled machines to access some shares. I'd want my virtual machines to be connected to the PDC.

I've modified my smb.conf accordingly (see below), and created some directories (mkdir -p /srv/samba/profiles, /srv/samba/netlogon) . Created my users with smbpasswd -a USER, and my machines with smbpasswd -a -m MACHINE for all machines that should be trusted in the PDC.

All unix users have the same username + uid + gid on all unix boxes.
All users have the same username + password on all boxes (irrespective of the OS involved)

Now, I have a few issues:
- profiles on the fileserver are created in $HOME/profile instead of what I expected, /var/samba/profiles/) .
- sometimes I can't log onto the PDC from the virtual machines, but I can use other host accounts :
instead of using domainname\username on oslo2, for exemple, I can use oslo2\username (local account, I guess), or even lillehammer2\username (... on oslo2 !) . 
- last thing, I want my shares defined in smb.conf to be available to *all* machines, pdc-enabled or not. Is it feasable ?



(below : part of my smb.conf )

        workgroup = APROXYA.NET
        server string = %h
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        logon script = logon.cmd
        logon drive = Z:
        domain logons = Yes
        os level = 33
        preferred master = Auto
        domain master = Yes
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d

        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0775
        directory mask = 0775
        browseable = No
        browsable = No

        comment = Network Logon Service
        path = /srv/samba/netlogon
        guest ok = Yes

        comment = Users profiles
        path = /srv/samba/profiles
        create mask = 0600
        directory mask = 0700
        browseable = No
        browsable = No

        comment = share point
        path = /sharepoint
        read only = No
        create mask = 0775
        directory mask = 0775
sharepoint is one of those shares I want available across the LAN . Other shares have similar properties.

More information about the samba mailing list