I have a samba 3.2.3-0.1-1882 server running on Suse SL11.0. It's out of
the box, just the way YAST builds it.
Pardon the extremely basic level questions here.
The intent for this server is basically just file and print services. (It's
defined as a BDC, I think, because I didn't do that on a previous install
and I couldn't get name service (wins) to work right. Wins works great now,
but I don't know if being a domain controller is the reason. ) I also want
it to do DHCP and maybe DNS for a small network, but those two will come
later.
It works now for offering shares and printers, in my limited testing.
I want to define what shares people can access based on who they log in
as-- if they never get prompted for username/password until they attempt to
access a resource on this Samba server, that's fine.
First basic question: I get a complaint when I run testparm:
Server's Role (logon server) NOT ADVISED with domain-level security
So I'm wondering if my choice of security model is ill-advised, or if
it's
my choice of role I should be questioning. Actually, I don't remember
specifying a server role.
Please advise.
-Tom
My configuration is below.
# Date: 2008-06-06
[global]
workgroup = RIVENDELL
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = L:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
/bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
netbios name = ASIMOV
os level = 65
passdb backend = smbpasswd:/etc/samba/smbpasswd
preferred master = Yes
security = domain
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
-----
268. [Philosophy] "People can and will do things that no one could possibly
believe anyone would do. For examples look at most of human history or the
alt.sex.* hierarchy." --Ken Boucher on human stupidity in sci.nanotech
--... ...-- -.. . -. ----. --.- --.- -...
tpeters@nospam.mixcom.com (remove "nospam") N9QQB (amateur radio)
"HEY YOU" (loud shouting) WEB: http://www.mixweb.com/tpeters
43? 7' 17.2" N by 88? 6' 28.9" W, Elevation 815', Grid
Square EN53wc
WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User 385531