Help - Search - Members - Calendar
Full Version: Samba Pdc (hughesjr Guide)
Linuxhelp > Support > Technical Support
Robert83
Hi,

I only modified this :
workgroup = AD-UNIVERZAL
netbios name = PDC
server string = Test Domain Controller


when I do this :
CODE
root@master samba]# smbclient -L PDC -U%

I get this error

CODE
Domain=[AD-UNIVERZAL] OS=[Unix] Server=[Samba 3.0.2-6.3E]
tree connect failed: NT_STATUS_ACCESS_DENIED


I added a root user to /var/lib/samba/profiles/root
administrator /var/lib/samba/profiles/administrator
robert /var/lib/samba/profiles/robert
devid /var/lib/samba/profiles/devid

what did I do wrong ?

Sincerely
Robert B
Robert83
Hi,

I'm trying to run that mk_smb_profile script
but it says :

./mk_smb_profile: line 2: syntax error near unexpected token `then'
./mk_smb_profile: line 2: `if[ $1"x" == "x"]; then'

What is wrong ? I double checked your script, and I wrote it down correctly.
Help


and

I created these users administrator (it is root , when I log in and watch samba it goes to profiles/root)
robert
devid

I gave administartor a different password then my root account
I added root to smbpasswd with another passwd rootroot (and is not same as administrator password)

I can login with administrator only if I use password rootroot

I can login with Robert , Devid

but both Robert and Devid aint saving that roaming profile stuff into their profiles directory , root is doing ok .

Another problem is that when I login as robert and I click on users in control panel , it asks for a administrator account

I chose administrator passwd root root and domain ADUNIVERZAL (my current domain) and it won't allow me to do it , this normal?

also since I first used AD-UNIVERZAL domain name and I had problems with it, I changed it to ADUNIVERZAL, and whenever I use SRVGMG and USRMG it defaults to AD-UNIVERZAL, and it's even shown up in network neighbourhood , how to remove it forewer?


Domain Users : can run programs and install programs that don't make system wide changes right?
Domain Admins : nevermind this I had a tiny problem
Sincerely
Robert B
Robert83
Hi,

I think there was a error in your guide, I followed the first post , and

when I made those user profiles directory , I gave write premission only to group and other, while user was not able to write, I just changed that to write and now it's ok,

by the way is it safe that /var/lib/samba/profiles is rwxrwxrwx ?


From now on I will be able to share stuff with simply adding premission to users right ? I mean all the users in my domain from now on will be visible (the ones created with samba) right? and I can use those names to grant deny access to certain shares...

And I guess that I will have to use differnet administrator names, since If I use one than that roaming profile will always screw up stuff, if I use it on win2000 terminal server and some other winxp computers. Win2000 terminal server should log in the same way with multiple users right?

if I use %Ulogon.bat then for example
margit will run margitlogon.bat when she is logging in right?

Sincerely
Robert B
hughesjr
You can't add users from control panel - users ... you have to use the USRMGR.EXE file (User Managers for Domains) ONLY.

The only users that will work are the ones that are in the User Manager for Domains.

The script works for me ... I changed the path to be before the echo statment, try it again this way.

The easist way to do the scripts is to login to the non-gui server (via ssh) from a machine that has a browser and then cut and paste the scripts into vim or nano ... or whatever your are using as a console editor.

in an IF statement, everything is critical ... even the spaces after [ and before ] ... try a cut and paste and see if it clears up the problem.

in your case the
CODE
if[ $1"x" == "x"]; then
needs to be
CODE
if [ $1"x" == "x" ]; then
hughesjr
QUOTE
by the way is it safe that /var/lib/samba/profiles is rwxrwxrwx

Yes ... the individial directories under it are not set that way when they are created.
hughesjr
QUOTE
From now on I will be able to share stuff with simply adding premission to users right ? I mean all the users in my domain from now on will be visible (the ones created with samba) right? and I can use those names to grant deny access to certain shares...


correct...
hughesjr
QUOTE
tree connect failed: NT_STATUS_ACCESS_DENIED


Make sure that IPTABLES is off ... or that you have ports 135-139 and 445 open for tcp and udp in and out from the server and all other computer IPs that will need to connect.

Also, make sure that the user you are logged in with (should be root) has an account as a user in the domain.
hughesjr
QUOTE
Win2000 terminal server should log in the same way with multiple users right?

Personally, I would use the Win2000 terminal server as the PDC of my domain (using ADS), and not use samba at all.

But if you want the terminal server to allow domain logins on it (while using the samba domain), then you must join it to the domain as a member server ... which you should be able to do just like a Win2000 client.
Robert83
Hi,

there is one thing I don't understand....

veto oplock files = /*.doc/*.xls/*.mdb/

why won't you allow caching of these files? , I mean at a time only one user can login with the same user name , or maybe not?


I'm getting really concerned here about this samba stuff (the problem with windows is CAL... smile.gif ), as far as I know it works like a WinNT primary domain controller (that old stuff), how stable is it ? I've been talking on IRC with windows people (and I don't have to tell you, what their opinion about linux is...or samba in general)... they told me that they had disconection problems to the home directories and shares....and logon issues, I had none of those yet...in the test enviroment...it works ok.


To put things really simple :

win2000 and win2003 does not exists

there is only winnt(latest 4.x ?) and samba

if these two are compared are they identical (like whitebox to rhel... or is this a bad way to compare them).

advice needed ( the problem is money,...while I do have tools to bypass that win2000 cal problem, but that is not a solution... )

are there any major (really big!, the ones that make me lose my job) risks with using samba as a PDC?


Sincerely
Robert B
hughesjr
I have not had personally (or seen) any problems with samba using the NT 4 domain controllers ... with the exception of putting groups into groups.

The reason for the veto is that it is recommeded by the Samba Site ... here is the quote:

QUOTE
Additionally, Microsoft Office files are vetoed from opportunistic locking controls. This should help to prevent lock contention related file access problems.
Robert83
Thank you Johnny,

I tested the samba pdc today with

WinXP Pro it managed to get into the domain without any problems (and in the process I also found out the at every first time you must log in with root)

Win2000Pro scared the %#@# out of me, for win2kpro it took 15-30 seconds to login the first time but after that it cooperated with the smb domain really nice.

Win98SE well...I was unable to install this on the NFroce2 512MB ddr 120GB hd 2200XP , I installed winme instead (during the installation a lot of disk write errors came up...well the hardware is to fast for it or something) after it was done, it logged in to the network, and was able to share stuff...I wonder, why is it happening when a user is not allowed to access a share on another computer that it can open up the computer but doing it takes a while 10-20seconds.... hmmm any ideas?


Oh and that roaming profile stuff....well....I had problems using it even between two winxp pro computers, some strange stuff came up on the other xp computer....like desktop.ini in startup menu, and notepad opens up with a path to something in it, well anyway, I guess there is no way disabling that roaming profile stuff...I mean something like if one computer logs in with the user name, no other computer will be ever able to log in with that user name...(I've seen the option for administrator that which computers are allowed to do so...) but I haven't seen that option for normal users (or maybe I overlooked the stuff).

I think this will be a little bit easier then I first thought....and to tell you the truth, the time has come for our company to work in a domain, damn...workgroup is just not for this , I mean if I want to allow specific users only to use a shared drive trough the network, I must add that same user localy at that computer...this is like reaching my right ear with my left arm. Not really convenient(?).

Today I only used 3 computers to loginto the domain, well samba was operating at 2.9% user and 0.7% system (the pc is a 2000XP with 256MB DDR ram) so I guess that a 2000XP with 1GB ram (my current bridge samba file server wins server should be able to serve 30 computers without any problems...what do you think?

Sincerely
Robert B
hughesjr
You might want to bump up the RAM to at least 512mb ... but after that it should handle up to 100 PCs.

I'll see about turning the roaming profiles off ... but with them off, each PC has different files (for example, you have different mail boxes, different documents in my documents, etc.)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.