[Samba] Creating a PDC on a LAN with standalone boxes and PDC-enabled boxes
J.F.Gratton
jean-francois.gratton at videotron.ca
Wed Sep 22 10:28:34 MDT 2010
Hi,
I have here a LAN on 10.0.0.0/13 where some boxes should connect to a PDC and others not.
Here's a brief description of the important machines.
- main fileserver is oslo (10.2.1.1) running on kubuntu 10.04 fully updated
- virtual machine running on oslo, named oslo2 (10.2.1.101) running win7 ultimate x64
- main dev machine is lillehammer (10.4.2.1) running kubuntu 10.04 fully updated
- main dev virtual machine is lillehammer2 (10.4.2.101) running win7 ultimate x64
The fileserver is running Samba (latest packages from ubuntu), and I want Samba there to act as a PDC, as well as allowing non PDC-enabled machines to access some shares. I'd want my virtual machines to be connected to the PDC.
I've modified my smb.conf accordingly (see below), and created some directories (mkdir -p /srv/samba/profiles, /srv/samba/netlogon) . Created my users with smbpasswd -a USER, and my machines with smbpasswd -a -m MACHINE for all machines that should be trusted in the PDC.
All unix users have the same username + uid + gid on all unix boxes.
All users have the same username + password on all boxes (irrespective of the OS involved)
Now, I have a few issues:
- profiles on the fileserver are created in $HOME/profile instead of what I expected, /var/samba/profiles/) .
- sometimes I can't log onto the PDC from the virtual machines, but I can use other host accounts :
instead of using domainname\username on oslo2, for exemple, I can use oslo2\username (local account, I guess), or even lillehammer2\username (... on oslo2 !) .
- last thing, I want my shares defined in smb.conf to be available to *all* machines, pdc-enabled or not. Is it feasable ?
Thanks,
Jeff
(below : part of my smb.conf )
========================
[global]
workgroup = APROXYA.NET
server string = %h
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
logon script = logon.cmd
logon drive = Z:
domain logons = Yes
os level = 33
preferred master = Auto
domain master = Yes
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0775
directory mask = 0775
browseable = No
browsable = No
[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = Yes
[profiles]
comment = Users profiles
path = /srv/samba/profiles
create mask = 0600
directory mask = 0700
browseable = No
browsable = No
[sharepoint]
comment = share point
path = /sharepoint
read only = No
create mask = 0775
directory mask = 0775
=================================
sharepoint is one of those shares I want available across the LAN . Other shares have similar properties.
More information about the samba
mailing list