Samba als PDC - Batchfile für Netlogon

Aus Bennys Wiki
Wechseln zu: Navigation, Suche


Dieser Artikel MUSS überarbeitet werden


Nachdem mir gerade der Browser gestorben ist und meine 1000 Zeilen Doku gefressen hat, hier nur noch Beispiele zum adaptieren:

Unter Debian /etc/samba/smb.conf

;
; /etc/samba/smb.conf
;
; Sample configuration file for the Samba suite for Debian GNU/Linux
;
; Please see the manual page for smb.conf for detailed description of
;       every parameter.
;

[global]

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

   printing = cups
   printcap name = cups
   #printing = bsd
   #printcap name = /etc/printcap
   load printers = yes
   
;   guest account = nobody
;   invalid users = root

; "security = user" is always a good idea. This will require a Unix account
;       in this server for every user accessing the server.
   security = user

#   domain group map = /etc/samba/private/domaingroup.map
#   domain user map = /etc/samba/private/domainuser.map

#   domain admin users = root
 
   

; Change this for the workgroup your Samba server will part of
   workgroup = DOMAIN

   server string = %h server (Samba %v)

; If you want Samba to log though syslog only then set the following
;       parameter to 'yes'. Please note that logging through syslog in
;       Samba is still experimental.
   syslog only = no
   log level = 3 passdb:5 auth:10 winbind:2
   log file = /var/log/samba/%m.log

; We want Samba to log a minimum amount of information to syslog. Everything
;       should go to /var/log/{smb,nmb} instead. If you want to log through
;       syslog you should set the following parameter to something higher.
   syslog = 0;

; This socket options really speed up Samba under Linux, according to my
;       own tests.
   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

; Passwords are encrypted by default. This way the latest Windows 95 and NT
;       clients can connect to the Samba server with no problems.
   encrypt passwords = true
   passdb backend = smbpasswd

; It's always a good idea to use a WINS server. If you want this server
;       to be the WINS server for your network change the following parameter
;       to "yes". Otherwise leave it as "no" and specify your WINS server
;       below (note: only one Samba server can be the WINS server).
;       Read BROWSING.txt for more details.
wins support = yes

; If this server is not the WINS server then specify who is it and uncomment
;       next line.
;   wins server = 193.196.64.19 
;   192.196.65.19

# Zugriff auf den server einschr<E4>nken
;;   host allow = 192.196.71. 127.
   
# If we receive WINS server info from DHCP, override the options above. 
;;   include = /etc/samba/dhcp.conf
# wir brauchen keinen eigenen wins

; Please read BROWSING.txt and set the next four parameters according
;       to your network setup. There is no valid default so they are commented
;       out.
   os level = 127
   domain master = yes
   local master = yes
   preferred master = yes
   domain logons = yes

; What naming service and in what order should we use to resolve host names
;       to IP addresses
   name resolve order = lmhosts host wins bcast

; This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

; Name mangling options

   preserve case = yes
   short preserve case = yes

; This boolean parameter controlls whether Samba attempts to sync. the Unix
;       password with the SMB password when the encrypted SMB password in the
;       /etc/samba/smbpasswd file is changed.
   unix password sync = false

   add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
; For Unix password sync. to work on a Debian GNU/Linux system, the following
;       parameters must be set (thanks to Augustin Luton
;       <aluton@hybrigenics.fr> for sending the correct chat script for
;       the passwd program in Debian Potato).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .

; The following parameter is useful only if you have the linpopup package
;       installed. The samba maintainer and the linpopup maintainer are
;       working to ease installation and configuration of linpopup and samba.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

; The default maximum log file size is 5 MBytes. That's too big so this
;       next parameter sets it to 1 MByte. Currently, Samba rotates log
;       files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
;       A better solution would be to have Samba rotate the log file upon
;       reception of a signal, but for now on, we have to live with this.
   max log size = 10000

   obey pam restrictions = yes

; Some defaults for winbind (make sure you're not using the ranges
;       for something else.)
;   winbind uid = 10000-20000
;   winbind gid = 10000-20000
;   template shell = /bin/bash

   logon path = \\%L\profiles\%U
   logon drive = H:
   logon home = \\%L\%U\winprofile
   logon script = logon.cmd 

[homes]
   comment = Home Directories
   browseable = no

; By default, the home directories are exported read only. Change next
;       parameter to "no" if you want to be able to write to them.
   read only = no

; File creation mask is set to 0700 for security reasons. If you want to
;       create files with group=rw permissions, set next parameter to 0775.
   create mask = 0600
   security mask = 0600

; Directory creation mask is set to 0700 for security reasons. If you want to
;       create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700
   directory security mask = 0700

[ExampleShare]
   path = /home/share/ExampleShare
   comment = Beispielshare
   public = no
   writeable = yes
   browsable = yes
   create mask = 0660
   force create mode = 0660
   security mask = 0660
   force security mask = 0660
   directory mask = 0770
   force directory mask = 0770
   directory security mask = 0770
   force directory security mask = 0770
   valid users = +hans
   force group = +admins

; share for domain controller
[netlogon]
   path = /home/samba/netlogon
   public = no
   writeable = no
   browsable = yes
   
; share for storing user profiles
[profiles]
   path = /home/samba/profiles
   writeable = yes
   create mask = 0600
   directory mask = 0700
   browsable = yes

[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
#   create mode = 0777
   printer admin = +users root administrator
   valid users = +users root administrator
#   disable spoolss = yes
#   use client driver = yes

; Freigabe für die Druckertreiber
[print$]
   path = /etc/samba/drivers
   browsable = yes
   guest ok = no
   read only = yes
   write list = root, @ntadmin

In dieser Beispielkonfiguration /home/samba/netlogon/logon.cmd

net use S: /DELETE
net use S: \\RechnerName\Share foo /PERSISTENT:NO

Das 4te Argument ist wichtig das falls bereits ein anderes Gerät das Laufwerk benutzt dieses trotzdem überschrieben wird, anstatt foo könnt Ihr auch einen anderen Platzhalter einfügen, ist völlig egal