On Tue, 2004-12-14 at 07:49, Backward Thinker wrote:
> > > dns server set up and the Linux and Mac boxes are all good
> > > but Windows wants the Primary Controller set up.
>
> It "wants" it? What do you mean by this? Does this mean that
> you are running a "pro" version of windows that is capable of
> joining a domain (unlike "home" versions), or that some feature
> or functionality of being part of a domain is required?
>
The Windows versions are either 2000 Pro or XP Pro and are indeed
capable of joining a domain....in the windows sense of the word. I
pretty much understand the capabilities of the DC and the roaming
profiles/permissions and such. I know there's some LDAP stuff too (to
which I really know nothing about nor what the acronym even means).
What I have set up so far is a "fake" internal non-registered/closed
domain that is going to be used for internal mail, LAMP services for
internal forms, proxy content filtering and more. All of this stuff is
implemented with the exception of the mail. For now I could just set
the machine names and add a search myfakedomain.lan to the windows boxes
and I know it will work. Somewhere in the very near future I would like
to have floating profiles for all three platforms though. I have a good
understanding from the Samba docs as to how it gets accomplished for the
Windows clients from a Linux Server as a DC. I'm pretty sure I know how
to set the linux clients to look for the permissions & user prefs from a
linux server. The Mac's are OS X and I haven't even gotten around to
researching them yet.
> > > I have read a few howto's
>
> Assuming Samba 3.0.x, the definitive are http://us1.samba.org/samba/docs/man/Samba-Guide/ and http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
>
> I would start out with the Samba-Guide to learn what a Domain
> provides and determine if that is truly what you want. It can
> get complicated.
Version 3.0.4-SUSE. I'm not sure if my everyday mental model of a
domain lines up with their definition so I'll check it out. What I'm
trying to do in the short term is set every machine name to be
whatever.myfakedomain.lan and get a bunch of internal services online.
Like I said before, most of the work has been done. In the long term,
I'd like to bring online the roaming profiles and central permission
management for all three platforms. I was just trying to get the
_basic_ PDC authentication online right now via Samba. I have read
their official how-to already in reference to setting up the conf file
for PDC. Like I said before, I have had Samba working as a file server
only for 2 years now but that setup was pretty straight forward.
Everybody seems to have a tweak of some sort for the PDC arrangement.
>
> Would need to see your smb.conf... what version of Windows are
> your clients?
>
> ~ Daniel
>
The Windows versions are either 2000 Pro or XP Pro
here's the conf file I'm working with. It has a few paths modified to
the appropriate SuSE paths.
# Global parameters
[global]
netbios name = pdcserv
workgroup = myfakedomain.lan
server string = PDC Samba Server
encrypt passwords = yes
smb passwd file = /etc/samba/smbfile
log level = 0
log file = /var/log/samba/log.%m
max log size = 100
prefered master = yes
local master = yes
domain master = yes
domain logons = yes
time server = yes
os level = 65
security = user
guest ok = no
# To add users on the fly, create a group "smbusers"
# add user script = /usr/sbin/useradd -g smbusers -c "remote smb
user" -d /home/%u -m -s /bin/false %u
# Synchronize the UNIX with the SMB password while changing. Keep in
mind the
# users created with the line above don't have a login shell by default.
unix password sync = Yes
# user roaming profiles path
# logon path = \\%N\profiles\%u
# general logon script (in DOS format)
# logon script = logon.bat
# For a specific logon script per user
logon script = %U.bat
# For a specific logon script per machine
logon script = %m.bat
# To add machine-accounts on the fly.
add user script = /usr/sbin/useradd -g nogroup -c "NT Machine
Account" -d /dev/null -s /bin/false %m$
# Set the home directory location to the users home on this server.
logon home = \\%L\%U
# Store the profiles of Microsoft Windows(r) NT systems in a dot hided
# subdirectory.
logon path = \\%L\%U\.msprofile
# share for domain controller
# Where to store the logon scripts.
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
browseable = No
# Extra share for profiles. Default is the home of the user.
[profiles]
comment = Network Profiles Service
path = /var/lib/samba/profiles/%u
browseable = No
read only = No
create mask = 0600
directory mask = 0700
# For Win2k SP2 clients you need to deactivate NT ACLs; see
README.Win2kSP2.
nt acl support = No
Thanks!!
Mike
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:44:04 EDT