Please Check this smb.conf

Taking care of your Linux box.

Please Check this smb.conf

Postby najamss » Fri May 30, 2003 8:38 am

Asslamo Alaikum,

I have problem with samba server. I see the linux machine in my network places but when I double click on it the error occurs "THe network path is not found." I'm using WIndows 2000 Server. The following is my Windows machine configuration and Linux machine configuration:

Windows Machine Name is: NETSERVER (its a gateway/proxy machine)
Windows Username: Administrator
Linux Machine name: LINUX1
Domain: PROXY

The following is my smb.conf
***********************************************
# Global parameters

[global]
workgroup = PROXY
netbios name = LINUX1
server string = Linux Server
log level = 3

log file = /var/log/samba/%m.log
max log size = 1000
dns proxy = No
hosts allow = 172.16.0. 172.16.1. 172.16.2. 172.16.5. 127.
printing = lprng
security = share
encrypt passwords = no

[homes]
comment = Home Directories
browseable = Yes
writeable = yes
case sensitive = no
map archive = yes
map system = yes
map hidden = yes

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
browseable = No
public = no
writeable = no

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
min print space = 2000
printable = Yes
browseable = Yes

[shared]
comment = shared drive
path = /home/shared
browseable = yes
writeable = yes
guest ok = Yes
create mask = 777
directory mask = 777
***************************************************
Kindly tell me that can I browse only those windows which are configured in smb.conf ?

I'm waiting for your prompt reply.

Thanking in anticipation.

Best regards,
Najam-us-Saquib Siddiqui
Cell# 0300-6430551
najamss
Cadet
 
Posts: 11
Joined: Mon Apr 21, 2003 12:03 pm
ICQ: 56801219
Website: http://www.najam.tk
WLM: najamss@hotmail.com
Yahoo Messenger: a1opus@yahoo.com
Location: Gujranwala, Pakistan

Try testparm to check your smb.conf

Postby s7r1k3r » Fri May 30, 2003 8:00 pm

Assalam-O-Alaekum!

Try using testparm to check your smb.conf file. It will report to you if there is a problem with your file. Also if the smbd and nmbd daemons are running then enter
smbstatus
to find out if samba is running or not. If all else fails, try user level security.
security = user
and add the users to your linux passwd file. Also use smbadduser to add those uses to smbpasswd file.

ALLAH HAFIZ.
a10n3 s7r1k3r
s7r1k3r
Battalion Quarter Master Havaldaar
 
Posts: 221
Joined: Wed Aug 07, 2002 3:02 pm
Location: Rawalpindi

Check this smb.conf your problem will be solved inshallah

Postby daberkar » Tue Oct 07, 2003 6:27 pm

Configuring Samba as a Windows NT Primary Domain Controller

One of the most important developments over the past two years for GNU/Linux in the enterpise is the increased capabilites of the Samba server package. Samba not only allows GNU/Linux systems and Windows systems to share devices seamlessly, but it can also enable a GNU/Linux system to act as a Primary Domain Controller for a Windows network, something previously reserved for Windows NT server platforms only. Delivering this capability on the stable GNU/Linux platform has made it much easier for large companies to quietly adopt GNU/Linux in the enterprise.

By building into Samba 2.2.x the capacity for a GNU/Linux server to function as a Microsoft Windows NT Primary Domain Controller (PDC), the Samba developers have pushed GNU/Linux into direct competition with Windows NT/2000. In this article, we'll show you how to set up Samba on your GNU/Linux system as a PDC.

Prerequisites:

· Extensive knowledge of Windows networking
· Familiarity with Samba configuration
· Familiarity with Linux and Windows security issues
· Admin rights over all systems on your network

In our demonstration, we'll take a look at a small network configuration with an NT 4.0 workstation, several Microsoft Windows 98/ME machines and one GNU/Linux server using Samba as a Microsoft Windows NT PDC. This configuration can be broken down into three parts: the configuration of the Samba PDC server, the creating of accounts, and then joining the new domain. First, we'll take a look at configuring the Samba server.
The configuration of the Samba PDC server

When configuring Samba to act as an NT Primary Domain Controller, you'll need to make extensive edits to your smb.conf file. First, let's look at the changes you'll make to the global settings for the server.

To start, open smb.conf in your favorite text editor and begin at the top of the file. The following is a commented listing of the global settings you'll need for creating your PDC. Some of the default settings have been pruned out, so don't be alarmed if you don't see a setting from your default smb.conf file. You might want to open another terminal window at this point and view the smb.conf man pages for references.

[global]
# workgroup = Your NT-Domain-Name
workgroup = DEMODOMAIN
#Your PDC identifying comment
server string = Samba/NT PDC
#Your netbios name
netbios name = JERRY

These first three settings establish the PDC server name and the domain it will control. The server string isn't mandatory, but can be helpful in identifying the PDC on the network.

#User-level security is standard for a PDC
security = user
#Encrypted passwords are mandatory
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

These three settings above are mandatory for configuring your PDC. The smbpasswd file should be located in the same directory on your server as the smb.conf file. In this case, the directory specified was created when the RPM Samba package was installed on a Red Hat Linux system. Domain logon users will have user ids in both the /etc/passwd and smbpasswd files. To enable users to change their passwords and keep both the Linux password (/etc/password) and the Samba passwords (smbpasswd) in sync, use the following settings:

unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

Obviously, this is an admin control issue. If you need tight security on your PDC and don't want users to be able to change their passwords, then you can leave these settings out. They're only for the end user's convenience. These four settings are also mandatory as they establish the Samba server as your PDC.

# set these to act as the domain and local browser
preferred master = yes
domain master = yes
local master = yes
os level = 64

These settings determine the priority level of your Samba PDC. The os level setting determines the numerical preference level of the server for Domain elections that are forced by the preferred master setting. By default, the os level should be set to 64 for configuring a PDC. As you can see, these settings will make the server "JERRY" the "master of its domain".

Configuring the server logons for Windows clients

The next group of settings will configure the server to accept network/domain logons for Microsoft Windows clients.

#This one is obvious, and mandatory
domain logons = yes
#You can use 3 different methods for user logon scripts
#You can identify the logon by the name of the user's machine
logon script = %m.bat
#You can identify the logon by the username
logon script = %U.bat
#Or you can have a single common logon script for users
logon script = logon.cmd

You'll notice that you can choose three different ways to identify a user logon. But, you can only use one of the three methods at any given time. In the settings we've just listed, we've configured the PDC with a generic user logon script. When you use this setting, the location of the logon script is in the share you'll create for net logons. Next, we'll discuss the mandatory shares you'll create for your Samba PDC next.
Defining Your Shares

Aside from your network devices that will be shared on your network, you will need to define shares that are specific to your PDC configuration. If you decide to use a generic logon script for all of your domain users, you'll need to create the following share:

[netlogon]
path = /etc/samba/netlogon
writeable = no
write list = ntadmin

The path to this share is where your common user logon script that we defined earlier as logon.cmd will exist. Read/write permissions to this share are set for users on the ntadmin list only. We'll explain the write list in the next section on setting up your user accounts on the PDC. You'll need to define one more share for user profiles, and then you're finished with your smb.conf edits.

The profiles share for your PDC is a separate device created for storing user profiles. The path on the server can be anywhere; we suggest you create a new subdirectory on a file system other than your boot file system. This will allow you to recover user profiles in the case of a boot file system crash. In the following share definition, we've set up the profiles share on the /usr filesystem:

[profiles]
path = /usr/smb/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700

Creating machine trust accounts on your PDC

On a Microsoft Windows NT PDC, machine trust accounts are user accounts owned by a single computer. The machine trust account password is a shared secret that allows for secure communication with the domain controller. Under Microsoft Windows NT, these trusted account passwords are stored in the registry. On a Samba PDC under Linux, these passwords are stored in the same location as your smbpasswd file.
Editor's note: Understanding Microsoft Windows NT security schemes is not absolutely necessary at this point, but a basic grasp of these concepts will help. Machine trust passwords shouldn't be confused with user ids and logons. They are machine identifiers for an NT Domain Controller that identify trusted domain machines to the PDC. Unknown to many network administrators, Microsoft Windows 9x machines, which can only use LanMan type passwords, are not true members of a domain. This is because NT, which uses NT password hashes, doesn't recognize LanMan passwords as trusted. Remember this when you need a tidbit to astound your friends at your next party...

You can create trusted machine accounts on your Samba PDC two ways. The first method is to create manually the password with a known value (such as the lower case netbios name of the machine) before you join the machine to the domain. The other method creates the trusted machine account when the admin joins the machine to the domain. This second method uses the session key of the administrative account as an encryption key for setting the password to a random value. The second method is much more secure than the first method, and is recommended. Currently, Samba requires a Linux user id from which a Microsoft Windows NT system id can be generated. For this reason, you'll need to add a configuration line to your smb.conf file if you want your Samba PDC to add Linux user ids on the fly when users access the server from a trusted machine. In your global settings of the smb.conf file, add the setting:

add user script = /usr/sbin/useradd -d /dev/null -g 100 - /bin/false -M %u

The path shown as /usr/sbin/useradd should point to wherever your system stores the useradd program. This setting as shown will work on most GNU/Linux systems.

To manually add a trusted machine account, you must first create an entry in your /etc/passwd file. For example, let's say you're adding the machine "elaine" manually to your domain. Using your favorite text editor as root, open your /etc/password file and create an entry that looks like this:

elaine$:505:501:NTMachine:/dev/null:/bin/false

The appended "$" to the user "Elaine" in the /etc/passwd entry signifies this as a machine account. The rest of the settings establish the account without a home directory and no shell access. Once you've created this entry, add the user to your smbpasswd file with the following command run as the superuser root:

smbpasswd -s -m elaine

You should then immediately join the machine to the domain with your NT Admin applet.

Conclusion

Samba is an incredibly powerful server software package that extends GNU/Linux machines and their functionality to the enterprise. In this article, we've demonstrated the configuration of Samba on GNU/Linux as a Microsoft Windows NT Primary Domain Controller.


Daberkar
Suhail Tariq Moughal
daberkar
Cadet
 
Posts: 12
Joined: Fri Aug 22, 2003 2:55 pm
WLM: moughal74@hotmail.com
Yahoo Messenger: moughal74@yahoo.com
Location: United Arab Emirates

Re:

Postby LinuxFreaK » Wed Oct 08, 2003 11:31 pm

Dear ALL PLUCian's
Salam,

I think he must check this link http://www.linuxpakistan.net/forum2x/vi ... .php?t=579 . and i thougth i had solved his problem.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Administration

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests

cron