/ Markus Amersdorfer:home / university / about:me /
\ capsaicin - my blog on growing chilis \


Miscellaneous Samba Related Stuff

Have Windows-Clients join a Samba-PDC controlled domain

To be found here.

Have Samba-Clients join a Windows-PDC controlled domain

Debian Woody's Samba 2

Ubuntu Warty's Samba 3

On an Ubuntu Linux 4.10 ("Warty Warthog") machine that uses Samba 3.0.7, I simply followed the instructions in the Samba-HOWTO-Collection.pdf (section 6.3.1 "Joining an NT4-type Domain with Samba-3"):
Adapt smb.conf:

  security = domain
  workgroup = $DOMAIN
  password server = $PDC
  encrypt passwords = yes

Next, simply run the command "net rpc join -S $PDC -UAdministrator", provide the Administrator-password and read the confirmation "Joined domain $DOMAIN".

Note that it is not necessary anymore with Samba 3 to create a machine-account on the Windows-server before joining the domain - this will be done automatically now.

CUPS and Samba providing print services to Windows clients

To be found here.

ACL's controlled by Windows clients using the XFS filesystem

To be found here.

Samba: Access to shares from clients not in the current domain

From "man smb.conf":

allow trusted domains (G)

  This  option  only takes effect when the security option is set to server or domain.
  If it is set to no, then attempts to connect to a resource from a  domain  or  work­
  group  other  than the one which smbdis running in will fail, even if that domain is
  trusted by the remote server doing the authentication.

  This is useful if you only want your Samba server to serve resources to users in the
  domain it is a member of. As an example, suppose that there are two domains DOMA and
  DOMB. DOMB is trusted by DOMA, which contains the Samba server. Under normal circum­
  stances,  a  user  with  an  account in DOMB can then access the resources of a UNIX
  account with the same account name on the Samba server even if they do not  have  an
  account in DOMA. This can make implementing a security boundary difficult.

  Default: allow trusted domains = yes

Miscellaneous interesting Samba options

How to use (a PDC's) Windows passwords for Unix-Logins?

From a mail on the Samba-mailing-list by Andrew Bartlett:

> > Im trying to get a samba pc reading passwords off a windows pdc for
> > authorising user shares.
> > 
> > The howtos all say to use pam_stack.so for this however it does not
> > exist in debian (its a redhat thing).
> > 
> > is there a workaround for this?
> 
> AFAIR "libpam-smb" does what you want.

No, you don't want that...

PAM can only deal with plaintext passwords, and pam_smb is even worse,
as it takes no measures to ensure it is actually talking to the real DC
in the process...

For unix logins, pam_winbind and winbindd are a good combination.  For
SMB logins (to file shares) set Samba into 'security=domain' and join
the domain.

Samba && Debian

If you want more up to date Samba 2.2.x packages for Debian Woody, F. Ionescu posted two links in a mail on the Samba mailing-list. Citing him:

Oh, and since both Debian Sarge and Sid hold Samba 3.0 already (currently (03-08-12) it's Samba 3.0.0beta2), it's most always possible to recompile the Sarge/Sid sources on a Woody-machine...

Samba 3.0

In Linux New Media's Linux Magazin, edition 2/2003, (german) article King of the Castle, the tool "net" is mentioned. it is to be shipped with Samba 3.0 and will allow to migrate a complete NT-securitydatabase to a Samba-PDC by calling "net rpc vampire".

The (german) lead article of edition 9/2003 is all about Samba 3.0: what's new, how to migrate.

Here's a summary of new things in an LWN article about Samba 3.0.

Tutorial: Setting Up Samba 3.x.


Valid XHTML 1.0 Strict Valid CSS! Created with Vim [Blue Ribbon Campaign icon]
© Markus Amersdorfer
last modified: 2010-02-23 15:42:19
8141 hits