Help - Search - Members - Calendar
Full Version: Samba Question
Linuxhelp > Support > Technical Support
Robert83
Hi,

I would like to ask what would happen if I would say yes to Domain master browser in smb.conf ?

I have three subnets (192.168.0.x , 192.168.1.x , 192.168.2.x) each has it's own Samba master browser, and they
are always complaining about (in nbmd.log) about unable to sync with Domain Master Browser . What to do here?

(my subnets are not able to ping each other because I use a iptables rules that doesn't allow that , so I guess a Domain Master browser also enabled on the same samba computers wouldn't hurt would it ?)

Also the question is, since I have never worked with domains (don't know how to set up a windows domain, yet...) , will Samba need some aditional configuration once Domain Master Browser is enabled, what are the benefits of this?
Will my users still be able to login to windows network the same way they used to , or do I need to change something under windows as well?

Also :
I will do that 120GB hard disk stuff, once someone tells me how to format it using ext3, I want to create a dozen of directories on that disk share it with samba , and put a password on each of them.
Example
dir : Denis
pwd : Denis
how do I add this to my exisiting samba config file (which is very basic, two partitions are shared /share1 /share2).

please help

-------UPDATE--------------
I'm reading this howto http://www.faqs.org/docs/samba/ch04.html , now I know that samba can become the domain controler ... I'm reading
the things I need to know right now, and I'm a little confused,
In the example they only add root and jay to the administrator, what about my other users?
this is what I don't understand how do I tell samba that computer name : denes2k with user name Administrator , password : denes2k is in the domain ? I simply type smbpasswd -a denes2k and type in the passwd denes2k ?
then denes2k can login to the domain?
and if I did understand it correclty if I use this parameter logon script = %u/logon.bat , then it will use custom logon scripts for each user (this is getting better and better) finally I can throw Novell out the window smile.gif ,
but where do I need to put the logon script = %u/logon.bat , what part of smb.conf , and where do I need to put the file ? into which directory (if I follow the example provided on that page) ?
Could you please if you have some time explain a few basic things to me , in a few steps how to set up a domain, how does those security feature work , how do I allow users to see 2 computers, and how do I allow some to see them all, and some users have read only to a share, while others have full access , how to do this?



Sincerely
Robert B
Robert83
Hi,

I have another big problem (or maybe not), well the question is, do I need to have the same user name and password on both linux and windows client computer ?

because there are atleast 10 computers with only Administrator user , and no password , can I use a password only on the samba computer ? or do I need to create new users on those winxp computers as well ? ,

and If I think it right it's the best thing to use that logon script like this logon script = %m.bat (since computers names are always unique ....

I'm planing to change from workgroup to domain on a LAN with 30 computers ( once I get rid of that Novell computer which will hapen in 10 days , once I get that server computer and install win2000 terminal server)

I have 20 win2000,winxp computer and 10 win98 , so what type of password authentication does winxp and win2000 use ? , what do I need to change in win98 registry?

If I understood it correctly once I move to the domain I will have to share the drives of the computers on the domain again , and if I understand correctly, there will be no more password for this share and password for that printer if I tell those clients computers to granc access to the computers I specify right? (these things I specify on the client computers), and these are stored on the samba box ?

the only thing that samba stores is passwords and user names, *.bat files, and some other files , which I dont know, what else is stored on the samba box?

will I still be able to share my drivers on linux the same way as before ?

and another problem domain admin group is removed from Samba 3.0 (as stated at www.samba.org),
what is the command instead of this?

I just created a samba test domain server, and I created a root user passwd root, and robert passwd robert
and the WinXP complains about that the account is not authorized to login from this station, what to do?

Sincerely
Robert B
Termina
EDIT: My post keeps getting cut off. >_< Splitting it into 2 parts...

You do not need the username and pass on both linux and windows computer, just linux. When you log in as the linux user, it will create that user on the XP machine, and make a Desktop/MyDocuments/etc. on the linux machine in their home folder. Windows will then use that desktop/my documents/etc. from the linux machine from now on.

Here's an intresting login.bat script that I found (and used)

QUOTE
@echo off

cls
REM **** Establish shares
net use f: Slavegroups
net use g: Mastergroups
net use h: /home
net use i: Masterdata
net use j: Masterapps

REM **** Synchronize time
net time Master /SET /YES

REM **** Sync Address Book
copy i:outlookmailbox.pab h:mailbox.pab /Y

REM **** Sync LiveUpdate Host file
REM copy i:nortonliveupdt.hst c:progra~1symantecliveup~1liveupdt.hst /Y

REM **** Log total number of executables
dir c:*.exe /s >h:.exe-list


REM **** BEGIN SYSTEM CHECKS
REM **** Check if Laptop
IF EXIST C:WINDOWSAPPLIC~1MICROS~1OUTLOOKOUTLOOK.PST copy c:windowsapplic~1micros~1outlookoutlook.pst h: /y
IF EXIST C:WINDOWSAPPLIC~1MICROS~1OUTLOOKMAILBOX.PAB copy i:outlookmailbox.pab c:windowsapplic~1micros~1outlookmailbox.pab /Y

REM **** Check if SOLOMON user
IF EXIST C:WINDOWSSYSTEMSWIMAPI.DLL net use s: server2apps

REM **** 08-22-2000
REM **** Apply registry patch(es) only if needed
Termina
QUOTE
IF NOT EXIST C:8222000.TXT CALL \MasterNETLOGON8222000.BAT
IF NOT EXIST C:9272000.TXT CALL \MasterNETLOGON9272000.BAT

REM **** END CHECKS
echo COMPLETE


I no longer have the smb.conf I used for it though. XD Damn me and not backing up things. wink.gif

As to what password authentication xp and 2000 needs, I have no idea. XD I do know you have to edit the registry for it to work with a Samba acting as an NT domain server. If I remember correctly, you don't need to edit 98s registry in this case.

As to having to redo the shares with no password on the domain, I don't belive this is true. You should be able to leave your shares alone, and you'd still be able to access them.

Anything stored on the samba server should be automaticly mapped in windows with a login script. =D

You can really store anything you want on the samba box. (For example, when I had a samba NT domain server, I have one folder shared to store applications like firefox, ad aware, XP service pack 1, etc.)

You can still share your linux drives on linux as you did before. Only this time easier because you can automaticly mount them now. wink.gif


I'm sorry, it's been months since I've done this, so I'm probally forgetting quite a bit. =/

If it complains about the account not being authorized to login from this station, try this:

smbpasswd -j <NT_DOMAIN> -r <NT_PDC>

where you remplace <NT_DOMAIN> by your domain name and <NT_PDC> by the NetBIOS name of the PDC. Then you should see some message like "smbpasswd : Joined domain NT_DOMAIN".



There's another way, but I can't seem to find how to do it (it involves doing something much like adding a samba user, only doing something that acually adds the machine name) =/
Robert83
Hi,

here is my current smb.conf file :

CODE
global]

   netbios name = test-server
   workgroup = test-domain
   encrypt passwords = yes
   
   domain master = yes
   local master = yes
   preferred master = yes
   os level = 255
   
   security = user
   domain logons = yes
   
   logon script = %m.bat
   
   time server = yes
   
[netlogon]

   path = /netlogon
   writable = no
   browsable = no
   
[profiles]

   path = /home/samba-ntprof
   browsable = no
   writable = yes
   create mask = 0600
   directory mask = 0700
   
[homes]

   read only = no
   browsable = no
   guest ok = no
   map archive = yes
   
[test]

   read only = no
   browsable = yes
   guest ok = no
   create mask = 0777
   directory mask = 0777


and I add users via smbpasswd -a root
I typed passwd for user root root (for testing only)

I changed the WinXP PRO registry
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000

and when I type root and passwd root

it says user does not exists

what am I doing wrong ?
is there something wrong in my smb.conf file ?

could you please describe in a few steps how to make it work for at least 2 users (1 root) and 1 normal user

pretty please (I'm lost here)

I've tired smpasswd -j MY_DOMAIN -r DEMON
but it says see net join for this functionality, but when I type man net join, I don't really understand what I need to type in...

what I want to do is a simple domina (?) , using logon scripts for users, and maybe some restrictions

Sincerely
Robert B
Robert83
Hi,

it seems to be a winxp pro problem win98 just logged in fine with as root...

what to do with winxp then any ideas anyone ?

and someone please help me get my smb.conf working as it should, there are parts I don't understand...some explanation would be good,what can I do with this?


Sincerely
Robert B
hughesjr
You should not use Linux as you Primary Domain Controller (PDC) for Windows.

You should use your Windows 2000 server as the PDC for Windows.

See this post

The problem is that you can't use windows groups (which is in my opinion a major limitation). I don't normally recommend Linux as the PDC....

but you can.
hughesjr
As you can see from the quote the linked post ... you would have to have all the users in Linux ... in linux groups that mirrror the windows groups ... in smbpasswd ... and on each windows machine.
Robert83
Hi,

but could you please help me set up one ?

I don't really need the group stuff, and don't even need hardcore security, I just want a central computer with logon scripts for the rest of the network... (we still use the dos program for many reasons for atleast one more year, and we can't really afford a Win2003 server with cals for 30 clients now...)

I can still create users , and scripts for them right ?
so that I can map drivers and printers at startup ?

do you know how to create a smb PDC ? , and how to make WinXP and Win2000 work with it?

Sincerely
Robert B
hughesjr
OK ... my next guide will be how to setup a PDC on Whitebox EL...
Robert83
Hi,

I don't know how to thank you, really you do so much for us people biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif

thank you thank you thank you thank you


Sincerely
Robert B biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.