Hi, I've been busy trying to create a full fledge Samba 3.0 based PDC working. Eventually I want to be able to fully transfer the whole domain and file and printer serving from the current windows environment to a Debian/Samba based domain.
It will contain ~50 users, and two interdomain trusts with company's in america. Currently I've got the following setup working for me: 1 server PDC. Adding users and groups is working. Starting work on compiling a new kernel with ACL support and then a LDAP based user-backend because we could eventually migrate all domains to Samba based domains. User replication is then only possible using LDAP. I wanted to share my current findings with the world and figured this would be a good place... If there is a better place: then i'm sorry to waste your time. Please also show me the good place? This SMB.conf and addgroup.sh are working great: # # Sample configuration file for the Samba suite for Debian GNU/Linux. # # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options most of which # are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentary and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command # "testparm" to check that you have not many any basic syntactic # errors. # #======================= Global Settings ======================= [global] panic action = /usr/share/samba/panic-action %d follow symlinks = no netbios name = data workgroup = enterprise server string = %h server (Samba %v) guest account = nobody invalid users = root log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user encrypt passwords = true passdb backend = tdbsam nt acl support = yes host msdfs = yes load printers = no show add printer wizard = no # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY local master = yes os level = 65 domain master = yes preferred master = yes local master = yes domain logons = yes #logon path = \\$L\profiles\%U logon path = ;Disables Roaming Profiles logon drive = M: logon home = \\%L\%U #logon script = kix32.exe admin users = root administrator @ntadmin add machine script = /usr/sbin/adduser --home /dev/null --ingroup machines --shell /bin/false --no-create-home --disabled-login --gecos "SAMBA Machine Account" --force-badname "%u" unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter*new*UNIX*password:* %n\n *Retype*new*UNIX*password:* %n\n *passwd:*password*updated*successfully* passwd chat debug = yes add user script = /usr/sbin/adduser --shell /dev/null --quiet --disabled-login --gecos "Samba user" %u delete user script = /usr/sbin/deluser --remove-home --remove-all-files --backup %u add group script = /etc/samba/addgroup.sh "%g" delete group script = /usr/sbin/delgroup "%g" add user to group script = /usr/sbin/adduser %u "%g" delete user from group script = /usr/sbin/deluser %u "%g" set primary group script = /usr/sbin/usermod -g "%g" %u wins support = yes dns proxy = no preserve case = yes short preserve case = yes #======================= Share Definitions ======================= [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 vfs objects = recycle [netlogon] comment = Network Logon Service ;Needed for a PDC path = /home/samba/netlogon # guest ok = yes writable = no share modes = no write list = @ntadmin browseable = no ;[profiles] ; path = /home/samba/profiles ;This share is needed for roaming profiles ; read only = no ; create mask = 0600 ; directory mask = 0700 ; browseable = no ;[printers] ; comment = All Printers ;Share needed for printer support. ; browseable = no ; path = /tmp ; printable = yes ; public = no ; writable = no ; create mode = 0700 [dfs] #Create dfs root links with: ln -s msdfs:storageA\\shareA linka and ln -s msdfs:serverB\\share,serverC\\share linkb #see also: http://www.samba.org/samba/docs/man/msdfs.html comment = Experimental DFS root share path = /home/dfs msdfs root = yes [cdrom] comment = Data's CD-ROM writable = no locking = no path = /cdrom public = yes preexec = /bin/mount /cdrom postexec = /bin/umount /cdrom addgroup.sh: #!/bin/bash # Add the group using normal system groupadd tool. addgroup smbtmpgrp00 thegid=`cat /etc/group | grep smbtmpgrp00 | cut -d ":" -f3` # Now change the name to what we want for the MS Windows networking end cp /etc/group /etc/group.bak cat /etc/group.bak | sed "s/smbtmpgrp00/$1/g" > /etc/group # Now return the GID as would normally happen. echo $thegid exit 0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
