freedomit-glow-buttons-ubuntu


open-source goodness for your desktop

shared code | shared efforts | shared principles | zero purchase cost
talk to Freedom IT today about getting ubuntu onto YOUR computer

It’s free
and open source

Shared code, shared efforts, shared principles. No cost.

KB - Samba Server

Vista (& Mac OSX 10.4+) Client on Samba PDC Network

Print | E-mail
Image Things to check to make sure your Vista client (and Mac OSX 10.4 client) can logon/connect to a Samba PDC (Linux) domain:

Client (Vista) Side:
1. Run secpol.msc and under Local Settings, Security Policies, double-click "Network Security: LAN Manager authentication level" - Set this to "LM and NTLM – use NTLMV2 session security if negotiated".
-> N.B: If you change this remember to REBOOT.

Server (Samba PDC) Side:
1. Make sure the following exist in the global section of /etc/samba/smb.conf:
client ntlmv2 auth = yes  (this, in fact, automatically sets client lm auth = no and client plaintext auth = no)
host msdfs = no (only needed for up to samba 3.0.25 apparently). Image
-> N.B. If you change/add these settings, remember to restart the smbd/nmbd daemons.
IMPORTANT UPDATE: This also allows MAC OSX 10.4 (Tiger) clients to connect as well.

2. The [profiles] share directory (toplevel) needs to be writable by all users who will be storing roaming profiles there (it's NOT enough to have each users directory writable by themselves only - they need to be able to write to the level above)

Remember to check any older clients (XP, etc) after changing the server settings to make sure they can still logon to your domain!
Add new comment

Windows Domain Client on Samba PDC

Print | E-mail
Image Using a Linux samba server as an NT-style Domain controller (PDC) requires that you create a machine account in both the /etc/passwd file and the /etc/samba/smbpasswd file. There is a way to have machines automatically create their accounts (with proper setup in /etc/samba/smb.conf file and NOT covered here), or you can create machine accounts as follows:

useradd -g 100 -d /dev/null -c machinename -s /bin/false machinename$
passwd -l machinename$
smbpasswd -a -m machinename

Note: the $ at the end of the useradd and the passwd commands is mandatory and must not appear at the end of the smbpasswd cmd. machinename is the PC's windows machine name.

Note: you can create a linux shell script to create a machine account. The script should look like:

#!/bin/sh
# addmachine
# add samba machine account to passwd and smbpasswd files
#remove any $ specified on the command line (we will add it when required!)... 
machinename=`echo $1|sed 's/\$//g'`
#set the machinegroup
machinegroup=600
/usr/sbin/useradd -g $machinegroup -d /dev/null -c $machinename -s /bin/false $machinename$
passwd -l $1$
smbpasswd -a -m $1

This file needs to be executable:

chmod 711 addmachine.

It is then invoked as:

addmachine machinename

(e.g. addmachine mypc1)

When you are done, you will see a line in /etc/passwd for machinename$ and a line in /etc/samba/smbpasswd for machinename$

N.B. If you just run useradd without setting the group number to 100, the default dir to the bit bucket (/dev/null) and the default login shell to /bin/false (so that no one can explicitly log into this account and run programs as a regular user), then you will have accounts that people could log into without a password being set. This is not a good idea in general because people could guess the account from knowing PC machine names.
Add new comment

Main Menu

Hmmmmmm.

Ha, Ha, Ha
Free and open source software lets you laugh in the face of recession

address: 42 bryant road, brightwater, nelson | telephone: 64 3 929 5502 | cellular telephone: 64 27 246 3645