A.2 Samba in a Windows NT Domain

   

When operating in a Windows NT domain, Samba can act either as a primary domain controller or as a domain member server.

A.2.1 Primary Domain Controller

Setting up Samba as a primary domain controller is more complicated than the other configurations. However, the extra difficulty is offset by having a more secure network and additional features such as logon scripts and roaming profiles. In the following configuration file, we also include support for a Microsoft Dfs share:

 [global]     # Replace "toltec" with the hostname of your system.     netbios name = toltec     # Replace "METRAN" with the name of your Windows NT domain.     workgroup = METRAN     # Run a WINS server     wins support = yes          # Always act as the local master browser     # and domain master browser.  Do not allow     # any other system to take over these roles!     domain master = yes     local master = yes     preferred master = yes     os level = 255     # Perform domain authentication.     security = user     encrypt passwords = yes     domain logons = yes          # The location of user profiles for Windows NT/2000/XP.     logon path = \%L\profiles\%u\%m     # Users' Windows home directories and storage of Win95/98/Me roaming profiles.     logon drive = G:     logon home = \toltec\%u\.win_profile\%m     # The following line is optional because     # Samba always offers NetBIOS time service.     # This causes it to also be advertised:     time server = yes     # The logon script used for all users,     # Relative to [netlogon] share directory.     logon script = logon.bat     # The group identifying administrative users.     # If you have domain users in the Domain Admins     # group, use them here instead of "jay".     domain admin group = root jay     # For adding machine accounts automatically.     # This example works on Linux. For other host     # operating systems, you might need a different     # command.     add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u     # Provide Microsoft Dfs support.     host msdfs = yes # The netlogon share is required for # functioning as the primary domain controller. # Make sure the directory used for the path exists. [netlogon]     path = /usr/local/samba/lib/netlogon     writable = no     browsable = no # The profiles share is for storing # Windows NT/2000/XP roaming profiles. # Use your own path, and make sure # the directory exists. [profiles]     path = /home/samba-ntprof     writable = yes     create mask = 0600     directory mask = 0700     browsable = no [homes]     comment = Home Directory     browsable = no     read only = no     map archive = yes # The Dfs share. # Use your own path, making # sure the directory exists. [dfs]     comment = Dfs share     path = /usr/local/samba/dfs     msdfs root = yes # A shared directory, accessible by all domain users. # Use your own share name and path. [d]     comment = %u's Home Directory     path = /d     create mask = 0700     read only = no 

See Chapter 4 for more information on configuring Samba as a primary domain controller, and see Chapter 8 for more information about setting up a Microsoft Dfs share.

A.2.2 Domain Member Server

In a domain that already has either a Samba PDC or Windows NT/2000 Server PDC, additional Samba servers can be added as domain member servers using the following configuration file:

 [global]     # Replace "mixtec" with the system's hostname.     netbios name = mixtec     # Replace "METRAN" with the name of your domain.     workgroup = METRAN     # Replace "172.16.1.1" with the     # IP address of your WINS server.     wins server = 172.16.1.1     os level = 33          security = domain     encrypt passwords = yes     password server = * # Home directories. [homes]     comment = %u's Home Directory     browsable = no     read only = no     map archive = yes # This is an example printers # share, which works for Linux. [printers]     printable = yes     printing = BSD     print command = /usr/bin/lpr -P%p %s     path = /var/tmp     min print space = 2000 # A shared directory, accessible by all domain users. # Use your own share name and path. [d]     path = /d     create mask = 0755     read only = no 

See Chapter 10 for more information on sharing printers with Samba.

   


Using Samba
Using Samba: A File and Print Server for Linux, Unix & Mac OS X, 3rd Edition
ISBN: 0596007698
EAN: 2147483647
Year: 2003
Pages: 475

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net