Ladislav
OK you asked for it <g>. Here's a blow by blow account of what I do
to set up a PDC with roaming profiles under Samba:
This is all on Mandrake 8.0, check binary paths.
Samba 2.2.2 compiled up from source as follows -
Make sure you have all the dependencies for PAM installed (PAM devel etc)
#./configure \
--prefix=/usr \
--with-fhs \
--libdir=/etc/samba \
--localstatedir=/var \
--with-codepagedir=/usr/share/samba/codepages \
--with-configdir=/etc/samba \
--with-swatdir=/usr/share/swat \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=/usr/share/swat/using_samba
#make && make install
#md /usr/share/samba (if install fails at the codepages stage, then run make
install again)
#md /usr/share/swat (might be needed before make install)
#md /var/samba
#md /etc/samba/private
Now here's the smb.conf:
[root@pgroupwise /root]# cat /etc/samba/smb.conf
# Samba config file created using SWAT
# from NODDY.gkn-whl.co.uk (172.18.12.12)
# Date: 2001/08/23 11:41:28
# Global parameters
[global]
workgroup = WHLDOM
netbios name = WHL-PDC
server string = Samba Server %v
encrypt passwords = Yes
update encrypted = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log level = 1
log file = /var/samba/%m.log
max log size = 50
name resolve order = host wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = lpstat
domain admin group = root, gerdesj
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u
logon drive = Q:
domain logons = Yes
os level = 65
preferred master = True
domain master = True
wins proxy = Yes
wins server = 172.16.40.1
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
path = /home/samba/netlogon
browseable = No
Incidently, I don't seem to have a /home/samba directory so you can probably
ignore the [netlogon] share (Win 9x ???)
Now we need a user or two:
#smbpasswd -a gerdesj (set the password)
#smbpasswd -a root (set password)
Get it up and running, here's my start/stop script:
[root@pgroupwise /root]# cat /etc/rc.d/init.d/smb
#!/bin/sh
#
# Startup script for SAMBA
#
# Source function library.
. /etc/rc.d/init.d/functions
# See how we were called.
case "$1" in
start)
echo -n "Starting samba: "
VARTMP=/var
export VARTMP
daemon smbd -D
daemon nmbd -D
echo
touch /var/lock/subsys/smb
;;
stop)
echo -n "Shutting down samba: "
killproc smbd
killproc nmbd
echo
rm -f /var/lock/subsys/smb
rm -f /var/run/samba/smb.pid
;;
status)
status smb
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status}"
exit 1
esac
exit 0
#chmod u+x /etc/rc.d/init.d/smb
#service smb start
(don't forget to add in rc.d links for your various runlevels)
Get SWAT running:
[root@pgroupwise /root]# cat /etc/xinetd.d/swat
service swat
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/swat
log_on_success += DURATION USERID
log_on_failure += USERID
disable = no
#service xinetd restart
... and sort out PAM so you can login to SWAT:
[root@pgroupwise /root]# cat /etc/pam.d/samba
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
Create a directory in the user's $HOME called profile eg
/home/gerdesj/profile perhaps put it in /etc/skel and all users will get one
when created under Linux.
Setup a temporary user on a PC so that it is "standard". Log out and
in again as an Admin user. Make sure that you can see hidden files and
directories. Right click on My Computer, select Properties and go to the
Profiles section. Copy the profile for the temporary user over the top of
c:\Documents and Settings\Default User
Right now lets get the PC into the domain:
Go to the Network Identification tab of the My Computer properties, and click on
the "Properties" button. Type in your domain name in the Member of
Domain box and click on OK. You will be prompted for a username and password -
THIS MUST BE ROOT !!! and of course the password you entered at the smbpassword
stage. You get the welcome box. Re boot.
On boot up, you can now log in as your non-root user, a new roaming profile will
be copied up to the Linux box from the "local" Default User profile.
I'm not an NT expert so I havn't figured out how to get a
"network/shared" default user profile to work yet.
NB Make sure Win 2000 is SP2. Get the other basics right as well eg DNS and
WINS
Now that should do the trick, sorry if I went into too much detail but you
should be able to exactly recreate a working system from the above. Have fun
and let me know how you get on. I have around 3500 odd NT4 PCs to look after
though we mainly use Novell for file and print. As you can imagine getting
Samba in on the act makes for some pretty impressive cost savings ...
Cheers
Jon Gerdes
>>> Ladislav Kostal <ladislav.kostal@fem.uniag.sk> 08/01/2002
11:55:15 >>>
On Tue, 8 Jan 2002, Jon Gerdes wrote:
> OK, sorry. I can see what you mean. I've never tried to do a domain
logon
> without roaming profiles - they just work. As you say it is a fair
> amount of traffic but you can use the Group Policy editor to limit what
> gets copied - eg. stop the browser cache from being up/downloaded.
You have working roaming profiles??? (I mean - user login, his profile is
downloaded from server, user change something, logouts and profile is
MOVED to server, so nothing remains on local client?) If so, could you be
so kind and send me your smb.conf and other relevant infos?
Thanks much
Ladislav Kostal