Daulton,
I think you will find very useful information in Chapter 8 of the current
revision of the "Samba-3 by Example" book that can be downloaded from:
http://www.samba.org/samba/docs/Samba-Guide.pdf
If after reading this you still have questions feel free to contact me
directly.
Cheers,
John T.
On Wednesday 20 April 2005 13:24, Daulton Theodore
wrote:> Hi all,
>
> Samba 2.2.8a is currently running on Solaris 8 as a member of a domain. For
> testing purposes I have installed Samba 3.0.10 on a test server (Solaris 9)
> a a member of a Workgroup.
>
> In a couple of weeks we will be upgrading our production server to Solaris
> 9 and are planning on doing a fresh install of Samba 3.0.10 at the same
> time.
>
> I will be saving the following files to be restored after the install:
> etc/passwd, etc/shadow, smb.conf, nt-names, smbpasswd, secrets.tbd, and
> the tbd files in var/locks. Are there any other critical files that I have
> overlooked? Is it necessary to restore the tbd files after the new install?
>
> One of my main concerns has to do with domain membership. The production
> server is currently a member of the domain (as mentioned earlier) so I am
> wondering whether after having restored my saved files and starting the
> daemon my Samba 3 server (same netbios name, ip address, smb.conf..) will
> automatically show up in Windows Explorer as a member or will I have to
> incant 'smbpasswd -j DOM -r PDC'?
>
> Any additional hints/suggestions would be greatly appreciated because I
> would like this to be successful on the first go around. The server is used
> for file sharing and printing so delays would not be appreciated.
>
> Thanks much in advance! I've attached a modified smb.conf.
>
> ============================> # Global parameters
> [globals]
> netbios name = hornbill
> server string = Library's %L %v
> # server string = %L
> workgroup = [domain-name]
> local master = no
> allow hosts = 134.x.x. 134.x.x.
> security = domain
> browsable = yes
>
> password server = [server names]
> machine password timeout = 314496000
> remote announce = 134.x.x.x
> wins server = [wins server name]
>
> # force Samba to bind only to hme0
> interfaces = 134.x.x.222/255.255.255.0
> bind interfaces only = yes
> socket options = SO_KEEPALIVE TCP_NODELAY
> # dead time = 15
> deadtime = 0
>
> # Encrypt all passwords stored in /usr/local/samba.private/smbpasswd
> encrypt passwords = yes
> username map = /usr/local/samba/lib/nt-names
> smb passwd file = /usr/local/samba/private/smbpasswd
>
> # not allowed to log in
> invalid users = root daemon bin sys adm lp listen sshd\
> erl webspirs samba rob jan daulton
>
> writeable = yes
>
> # Debug Logging information
> # lowered from 3 20050302 - dt
> log level = 2
> log file = /usr/local/samba/var/log.%m
> max log size = 2000
> debug timestamp = yes
>
>
> # printing stuff
> printing = SYSV
> load printers = yes
> use client driver = yes
> printer admin = dtheodor
>
>
> # ---------------------------------------
> # Home Directory
> # ---------------------------------------
> [homedir]
> comment = %u
> path = /files1/user/%g/%u
> browseable = yes
> writeable = yes
> create mode = 0700
>
> # ---------------------------------------
> # Departments
> # ---------------------------------------
> [dept]
> comment = %g
> path = /files1/user/%g
> browseable = yes
> writeable = yes
> read only = no
> create mode = 0770
>
> # --------------------------------------
> # All department shares
> # --------------------------------------
> [alldepts]
> comment = All Departments
> path = /files1/user
> browseable = no
> writeable = yes
> hide files = /lost+found/
>
>
> # ------------------------------------
> # Shared directory for each department
> # ------------------------------------
> [deptshr]
> comment = %g Shared Directory
> path = /files1/user/%g/common
> read only = no
> create mask = 0770
> force create mode = 0770
> directory mask = 0770
> writable = yes
> browseable = yes
> invalid users = +circdesk
>
> # --------------------------------------
> # shared directory for ALL staff
> # --------------------------------------
> [libshare]
> comment = Library staff shared directory
> path = /files1/user/common
> browseable = yes
> writeable = yes
> create mask = 0777
> force create mode = 0777
> directory mask = 0777
> valid users = +libsys +libmgmt +libacq +libarc +libcat +libcirc +librs
> +libmdgc +libgift +libcoll +libtrain +libill +libcof +libgis invalid users
> = +circdesk train1 train2 train3 train4 train5 train6 train7 train8 train8
> train10 train11 train12 train13 train14 train15 train16 train17 train18
>
> # ---------------------------------------
> # Training Room
> # ---------------------------------------
> [training]
> comment = Training Shared Directory
> path = /files1/user/libtrain/common
> browseable = yes
> writeable = yes
> create mask = 0777
> force create mode = 0777
> directory mask = 0777
> valid users = +libsys +libmgmt +libacq +libcat +libcirc +librs +libmdgc
> +libgift +libcoll +libtrain +libill +libcof invalid users = circdsk1
>
> # ---------------------------------------
> # Applications folder
> # ---------------------------------------
> [apps]
> comment = applications folder
> path = /files1/apps
> browseable = yes
> writeable = yes
> create mask = 0775
> directory mask = 0775
> hide files = /lost+found/
> valid users = +libsys +libmgmt +libacq +libarc +libcat +libcirc +librs
> +libmdgc +libgift +libcoll +libtrain invalid users = +circdesk
>
> # -------------------------------------
> # Cataloguer's Desktop
> # -------------------------------------
> [catdesk]
> comment = Cataloguer's Desktop
> path = /files1/apps/catdesk
> writeable = yes
> create mask = 0775
> directory mask = 0775
> hide files = /lost+found/
> valid users = +libsys +libmgmt +libacq +libarc +libcat +libcirc +librs
> +libmdgc +libgift +libcoll invalid users = circdsk1 +libtrain
> #
> # -------------------------------------
> # GIS DATA
> # -------------------------------------
> [gis]
> comment = GIS Data
> path = /files1/user/gis
> browseable = yes
> writeable = yes
> create mask = 0754
> force create mode = 0754
> directory mask = 0754
> force directory mode = 0754
> hide files = /lost+found/
> valid users = gisadmin +libgis +libtrain
>
> # -------------------------------------
> # Circle of friends
> # -------------------------------------
> [cof]
> comment = Circle of Friends
> path = /files1/user/cof
> browseable = yes
> writeable = yes
> create mask = 0770
> force create mode = 0770
> directory mask = 0770
> force directory mode = 0770
> force group = libcof
> hide files = /lost+found/
> valid users = friends +libcof
>
> # -------------------------------------
> # Circle of friends
> # -------------------------------------
> [cof2]
> comment = Circle of Friends - libshare
> path = /files1/user/common/cof
> browseable = yes
> writeable = yes
> create mask = 0770
> force create mode = 0770
> directory mask = 0770
> force directory mode = 0770
> force group = libcof
> hide files = /lost+found/
> valid users = friends +libcof
>
> #--------------------------------------
> # Printer definitions
> # --------------------------------------
> [printers]
> comment = Printers
> path = /tmp/smbspool
> # path = /usr/local/samba/spool
> printable = yes
> create mask = 0777
> force create mode = 0777
> browseable = yes
> public = yes
> print ok = yes
> admin users = +libsys smbadmin
>
> --
> ----------------------------------- 0 ------------------------------------
> Daulton Theodore </\ Tel: 613-520-2600 ext. 8352
> Carleton University Library _\\ Fax: 613-520-2750
> Systems Department `/ Net: Daulton_Theodore@carleton.ca
> ---------------------------------- ` -------------------------------------
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.