How to config a Samba-Server as a PDC for the actual subnet? - SMB

This is a discussion on How to config a Samba-Server as a PDC for the actual subnet? - SMB ; At the moment, we use a Samba-Server only for sharing files within our subnet (for example: 192.168.0.0/24). Our subnet is connected by a router (192.168.0.99) to the subnet of our group holding (for example: 192.168.1.0/24). Within this subnet there are ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: How to config a Samba-Server as a PDC for the actual subnet?

  1. How to config a Samba-Server as a PDC for the actual subnet?

    At the moment, we use a Samba-Server only for sharing files within our
    subnet (for example: 192.168.0.0/24).
    Our subnet is connected by a router (192.168.0.99) to the subnet of our
    group holding (for example: 192.168.1.0/24).
    Within this subnet there are several Server-Services installed (PDC, WINS,
    AD, DNS, etc.). Our subnet/clients
    is/are not part of this NT-Domain (only local accounts).

    Now I want to take the next step by setting up our Samba-Server to be the
    PDC, so we can change to central logon
    service, etc.

    Now my questions:
    How can I config the Samba-Server to be the PDC, the WINS-Server and
    (Domain) Browser only for our subnet,
    so that no conflicts between our subnet and the subnet of our group holding
    occur? I don't want to sync browse-lists.

    Can you give me a short explaination and perhaps a snipplet of the
    global-section of the smb.conf.

    Thanks

    Michael

    P.S.: And sure, I read the samba-HowTos and different books, but in this
    "conflict"-questions it confused me more than I want.







  2. Re: How to config a Samba-Server as a PDC for the actual subnet?

    In article , Michael Kempe wrote:
    > Can you give me a short explaination and perhaps a snipplet of the
    > global-section of the smb.conf.


    The following is the smb.conf global section from a working Samba PDC...

    ------------------------------------------------------------------------
    [global]

    ; For debugging problems set to 2 or 3
    debug level = 1

    ; Basic server settings
    netbios name = SERVER1
    workgroup = OUR_DOMAIN
    server string = Samba PDC Server

    ; we should act as the domain and local master browser
    os level = 64
    preferred master = yes
    domain master = yes
    local master = yes

    ; security settings
    security = user

    ; Oplocks are more trouble than they're worth...
    kernel oplocks = no
    level2 oplocks = no

    ; WINS settings
    wins support = yes
    name resolve order = wins bcast lmhosts

    ; encrypted passwords are a requirement for a PDC
    encrypt passwords = yes

    ; support domain logons
    domain logons = yes

    # Where to store roving profiles
    logon path = \\%L\profiles\%U

    ; logon script
    ; logon script = LOGON.BAT ;generic logon script
    logon script = %U.BAT ;individual user logon script

    ; Home directory
    logon home = \\%L\%U
    ; Samba log files
    log file = /var/log/samba/log.%m
    max log size = 100

    ; auto create UNIX machine trust account
    ; SAMBA machine trust accounts are created when adding clients to the domain
    add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -
    M %u

    ; Most people will find that this option gives better performance (speed.txt
    )
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    ; act as time server for domain
    time server = yes

    ; update linux pw when smb pw is changed
    unix password sync = no
    ;passwd program = /usr/bin/passwd %u
    ;passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd: *all*
    authentication*tokens*updated*successfully*

    ; Password database
    passdb backend = tdbsam:/usr/local/samba/lib/passdb.tdb

    ; Samba Superuser(s)
    admin users = @administrators

    ------------------------------------------------------------------------

    A "gotcha" you will probably run into is that when your users log
    into the Samba PDC they will no longer have administrative privileges
    on their own machines unless you add their Samba PDC account to the
    local machine's administrative group, or on your server map a *nix
    group your users are in (such as "users") to the PDC "Domain Admins"
    group.

    I also like to go in on the workstation and change the profile type
    to local, unless roaming profiles are really needed.

    --
    Roger Blake
    (Subtract 10 for email.)

  3. Re: How to config a Samba-Server as a PDC for the actual subnet?

    Hello Roger!

    First let me thank you for your answer. You gave me a very detailed snipplet
    of a smb.conf's global-section.
    Sadly you don't give me a answer how it is with the conflicts between the 2
    Subnets and the Windows-PDC
    in the other subnet.

    I want to configure a Samba-Server only for the subnet, where the server
    self is "member". This subnet should "contain"
    an "isolated" domain with WINS and a browser-Service, where no sync of
    browse-list with other Browse-Server in other
    subnets will happen.

    If I unterstand it right, I only have to set the parameter "domain browser =
    no", so that there will no exchange of browse-list
    as the (domain) master for the whole LAN (all subnets).

    Please help me.

    Michael

    "Roger Blake" schrieb im Newsbeitrag
    news:slrndjolqv.4vq.rogblake10@moog.netaxs.com...
    > In article , Michael Kempe wrote:
    >> Can you give me a short explaination and perhaps a snipplet of the
    >> global-section of the smb.conf.

    >
    > The following is the smb.conf global section from a working Samba PDC...
    >
    > ------------------------------------------------------------------------
    > [global]
    >
    > ; For debugging problems set to 2 or 3
    > debug level = 1
    >
    > ; Basic server settings
    > netbios name = SERVER1
    > workgroup = OUR_DOMAIN
    > server string = Samba PDC Server
    >
    > ; we should act as the domain and local master browser
    > os level = 64
    > preferred master = yes
    > domain master = yes
    > local master = yes
    >
    > ; security settings
    > security = user
    >
    > ; Oplocks are more trouble than they're worth...
    > kernel oplocks = no
    > level2 oplocks = no
    >
    > ; WINS settings
    > wins support = yes
    > name resolve order = wins bcast lmhosts
    >
    > ; encrypted passwords are a requirement for a PDC
    > encrypt passwords = yes
    >
    > ; support domain logons
    > domain logons = yes
    >
    > # Where to store roving profiles
    > logon path = \\%L\profiles\%U
    >
    > ; logon script
    > ; logon script = LOGON.BAT ;generic logon script
    > logon script = %U.BAT ;individual user logon script
    >
    > ; Home directory
    > logon home = \\%L\%U
    > ; Samba log files
    > log file = /var/log/samba/log.%m
    > max log size = 100
    >
    > ; auto create UNIX machine trust account
    > ; SAMBA machine trust accounts are created when adding clients to the
    > domain
    > add user script = /usr/sbin/useradd -d /dev/null -g machines -s
    > /bin/false -
    > M %u
    >
    > ; Most people will find that this option gives better performance
    > (speed.txt
    > )
    > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    >
    > ; act as time server for domain
    > time server = yes
    >
    > ; update linux pw when smb pw is changed
    > unix password sync = no
    > ;passwd program = /usr/bin/passwd %u
    > ;passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:
    > *all*
    > authentication*tokens*updated*successfully*
    >
    > ; Password database
    > passdb backend = tdbsam:/usr/local/samba/lib/passdb.tdb
    >
    > ; Samba Superuser(s)
    > admin users = @administrators
    >
    > ------------------------------------------------------------------------
    >
    > A "gotcha" you will probably run into is that when your users log
    > into the Samba PDC they will no longer have administrative privileges
    > on their own machines unless you add their Samba PDC account to the
    > local machine's administrative group, or on your server map a *nix
    > group your users are in (such as "users") to the PDC "Domain Admins"
    > group.
    >
    > I also like to go in on the workstation and change the profile type
    > to local, unless roaming profiles are really needed.
    >
    > --
    > Roger Blake
    > (Subtract 10 for email.)




  4. Re: How to config a Samba-Server as a PDC for the actual subnet?


    "Michael Kempe" wrote in message
    news:dhjek6$g9m$1@news01.versatel.de...
    > Hello Roger!
    >
    > First let me thank you for your answer. You gave me a very detailed
    > snipplet of a smb.conf's global-section.
    > Sadly you don't give me a answer how it is with the conflicts between the
    > 2 Subnets and the Windows-PDC
    > in the other subnet.
    >
    > I want to configure a Samba-Server only for the subnet, where the server
    > self is "member". This subnet should "contain"
    > an "isolated" domain with WINS and a browser-Service, where no sync of
    > browse-list with other Browse-Server in other
    > subnets will happen.
    >
    > If I unterstand it right, I only have to set the parameter "domain browser
    > = no", so that there will no exchange of browse-list
    > as the (domain) master for the whole LAN (all subnets).
    >


    for AFAIK setting up a samba server as a PDC is described in detail in
    several howto's .. the proposed settings in the smb.conf have to be put is
    as_is or the server will not act as a PDC :-) .. and as per
    definition/documentation your PDC will not span different subnets so you
    will have to set the smb.conf parameters accordingly and IIRC setting
    "domain browser=no" will not make the server a PDC but I could be mistaken
    there
    I have a PDC with 2 nic's and have a remote announce set for the second
    subnet, wether this makes it serve the 2 subnets as a PDC is still not clear
    to me ..
    FWIW



+ Reply to Thread