Calling all Samba Pros!
Alice Bag
pluglist at plug.org
Wed May 21 12:38:56 MDT 2003
I've been working on using samba as a PDC (Primary Domain Controller). We
have a bunch of WinXP systems here at work that belong to several different
work groups and I'd like to join them to a NT style domain to make security
and backing up easier. I think I almost have it but it still doesn't work.
To be honest the number of options in the smb.conf is dizzying to me. Just
when I think I have something figured out, there is some other option that
needs set.
As for the registry hacks in XP, I wrote a small program in C# to automate
the process and eliminate the possibility of changing the wrong entries.
I'll be using samba 2.2.7a on RedHat 9. I've read O'Reilly's "Using Samba"
(great book) and a ton of information on the web. The one thing that I still
don't get is what permissions need to be set for the folders that are
shared. Below I have my smb.conf file and a script that I plan on running
when I get the whole thing figured out. I don't have a lot of experience
scripting but I think this will be a lot easier than beginning from scratch
each time I have to start over. My questions are placed in the files with a
"#".
Any other comments on the smb.conf are welcome.
Maybe this will make a good topic for a UUG meeting someday:)
Thanks G
Script follows.
###################################################################
###################################################################
#! /bin/bash
groupadd -g 200 admins
groupadd -g 201 data
groupadd -g 202 developers
groupadd -g 203 engraving
groupadd -g 204 machines
groupadd -g 205 office
groupadd -g 206 shipping
groupadd -g 207 studio
mkdir /disk/save/data
mkdir /disk/save/developers
mkdir /disk/save/engraving
mkdir /disk/save/office
mkdir /disk/save/shipping
mkdir /disk/save/studio
mkdir /home/profiles
mkdir /usr/lib/samba/netlogin
mkdir /var/spool/samba
# IS THIS THE CORRECT OWNER.GROUP?
chown root.data -R /disk/save/data
chown root.developers -R /disk/save/developers
chown root.engraving -R /disk/save/engraving
chown root.office -R /disk/save/office
chown root.shipping -R /disk/save/shipping
chown root.studio -R /disk/save/studio
# ARE THESE THE RIGHT PERMISSIONS?
chmod 0770 /disk/save/data
chmod 0770 /disk/save/developers
chmod 0770 /disk/save/engraving
chmod 0770 /disk/save/office
chmod 0770 /disk/save/shipping
chmod 0770 /disk/save/studio
chmod 0770 /home/profiles
# SHOULD THESE PERMISSIONS BE DIFFERENT?
chmod 0775 /usr/lib/samba/netlogin
chmod 0775 /var/spool/samba
# ADD USERS TO LINUX?
adduser gabe -G admin,data,office
# ADD USERS TO SAMBA?
smbpasswd -a gabe password
service smb stop
service smb start
########
Whole smb.conf follows.
###################################################################
###################################################################
[global]
# Main:
netbios name = DISCO
server string = Samba on Disco
workgroup = CROCK
# Server Info:
browse list = Yes
domain logons = Yes
domain master = Yes
enhanced browsing = Yes
hosts allow = 127.0.0., 10.0.1., 10.0.0.
local master = Yes
os level = 255
preferred master = Yes
security = USER
wins support = Yes
# User Info:
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false
-M %u
logon drive = H:
logon home = \\%L\%U\.profiles
logon path = \\%L\profiles\%U
logon script = logon.bat
# Passwords:
encrypt passwords = Yes
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
passwd program = /usr/bin/passwd %u
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
# Logging
log file = /var/log/samba/%m.log
log level = 0
max log size = 2500
syslog = 1
syslog only = No
timestamp logs = Yes
# Misc
time server = Yes
# Needed to log in users on to the domain.
[netlogin]
browseable = No
path = /usr/lib/samba/netlogin
read only = yes
# Store the profiles in the home directory for easy back-up.
[profiles]
browseable = No
create mask = 0600
directory mask = 0700
path = /home/profiles
profile acls = yes
read only = No
# Let Unix users find there home directories even if not in another share.
[homes]
browseable = No
comment = Home Directory
create mask = 0600
directory mask = 0700
read only = No
# Regular Shares:
[data]
browseable = No
create mask = 0600
directory mask = 0700
force group = data
path = /disk/save/data
read only = No
[developers]
browseable = Yes
create mask = 0600
directory mask = 0700
force group = data
path = /disk/save/developers
read only = No
[engraving]
browseable = Yes
create mask = 0600
directory mask = 0700
force group = data
path = /disk/save/engraving
read only = No
[office]
browseable = Yes
create mask = 0600
directory mask = 0700
force group = office
path = /disk/save/office
read only = No
[shipping]
browseable = Yes
create mask = 0600
directory mask = 0700
force group = studio
path = /disk/save/shipping
read only = No
[studio]
browseable = Yes
create mask = 0600
directory mask = 0700
force group = studio
path = /disk/save/studio
read only = No
# Printer Shares:
[printers]
browseable = Yes
comment = All Printers
path = /var/spool/samba
printable = Yes
########
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
More information about the PLUG
mailing list