a SAMBA PDC with Windows 2000 clients [Archived]


Results 1 to 15 of 15

Thread: a SAMBA PDC with Windows 2000 clients [Archived]

  1. #1
    Join Date
    Apr 2002
    Location
    Augusta Georgia USA
    Posts
    38

    a SAMBA PDC with Windows 2000 clients

    I finally got it working!

    Here is my situation:

    All of the PC's on our (former) Workgroup are running Windows 2000 SP2 and I built a server running Mandrake Linux 8.1.

    My task:

    Make the Linux box a PDC for the Windows 2000 PC's to log into. Eventually set up email and a web server on the Linux box as well.

    How I did it:

    First let me say that I went through several HOW-TO's and several newsgroups much like this one and they helped a lot... but they all left out the one important final (at least in my case) step that would enable me to log into the PDC from Windows.

    I installed Linux from the Mandrake CD's that I purchased on-line. I purchased the "server suite" from Mandrake and found out (on my own... no one ever mentioned it, not Mandrake's support, not the documentation, etc...) that I needed to install Mandrake using the 9th CD in the package entitle "Mandrake Server CD".

    If you are trying this yourself and you went through the trouble of buying Mandrake, I highly recommend you install it that way.

    I installed all of the options that were available and pertinent to what I wanted to accomplish EXCEPT for SAMBA.

    I then downloaded the latest SAMBA (v.2.2.4) and installed it. I did it this way because when I attempted to upgrade my previous intallation... it just wouldn't work. Period.

    So now SAMBA was running on my Linux box... now for the fun stuff.

    I edited my /etc/samba/smb.conf file to look like this:

    [global]
    #Basic server settings
    workgroup = mydomainname
    netbios name = myservername
    server string = Primary Domain Server running SAMBA %v
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192


    #PDC and master browser settings
    os level =64
    preferred master = yes
    local master = yes
    domain master = yes
    domain logons = yes
    dns proxy = no

    #Security and logging settings
    security = user
    encrypt passwords = yes
    log file = /var/log/samba/log.%m
    log level = 2
    max log size = 50
    hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
    smb passwd file = /etc/samba/smbpasswd
    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
    *passwd:*all*authentication*tokens*updated*success fully*


    add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u


    # Domain groups:
    domain admin group = root @adm

    #============================ Share Definitions ==============================
    [Projects]
    comment = Project Folders
    path = /data-1/projects
    browseable = yes
    guest ok = no
    writable = yes
    create mask = 0777

    [Temp]
    comment = Temporary Swap Space
    path = /data-1/temp
    browseable = yes
    guest ok = no
    writable = yes
    create mask = 0777

    [Acct]
    comment = Accounting Information
    path = /data-1/acct
    valid users = @Supervisor @adm
    writable = yes
    public = no

    [Main]
    comment = Main Directory
    path = /data-1
    valid users = @adm
    writable = yes
    public = no

    [Apps]
    comment = Applications
    path = /data-1/apps
    public = yes
    writable = no
    write list = @adm

    [Archive]
    comment = Archived Projects
    path = /data-1/archive
    public = yes
    writable = no
    write list = @adm

    [Lib]
    comment = Electronic Library
    path = /data-1/lib
    public = yes
    writable = no
    write list = @adm

    [homes]
    comment = Home Directory for %u
    path = /home/%u
    browseable = no
    writeable = yes

    [netlogon]
    comment = Network Logon Service
    path = /etc/samba/netlogon
    guest ok = yes
    writable = no

    (small side note: if you're trying to do this yourself, you can easily copy my smb.conf file and make whatever changes you need. I have a hard drive mounted on my system as "data-1" and that's where most of my shares are. If all you do is copy this smb.conf file and put it in place you will have a PDC called "myservername" on the "mydomainname" domain... try to be a little more creative than that )

    I could explain what all of that stuff means but I would, instead, recommend that you check out Building and Configuring a SAMBA PDC brought to you by the lovely folks at IBM... the best tutorial out there as it explains almost every entry needed.


    I restarted the SAMBA server and voila! I had a SAMBA PDC!

    Now I just had to get those Windows 2000 machines to log in... and this is where I hit a roadblock.

    I followed the instructions in the Samba HOW-TO Collection for integrating Windows networks with SAMBA.

    I added my username as well as the usernames of the rest of the employees by doing the following in Super User mode:

    # useradd −s /bin/bash −d /home/"userid" −m "userid"
    # passwd "userid"
    Enter Password: <pw>

    # smbpasswd −a "userid"
    Enter Password: <pw>

    Now, according to all of the documentation I could find I should be good to go.

    I have my /etc/samba/smb.conf set up to automatically create the machine accounts when a computer joins the domain for the first time so I should be able to hop over to my W2K machine and log in, right?

    WRONG!

    I could see the shares in Network Neighborhood and I could even map them as drives but I couldn't actually "join" the domain. Every time I tried I would get an error message that either said:

    "Cannot join domain, the credentials supplied conflict with an existing set"

    or

    "Invalid username or password"

    The reason for the first error?

    Remember how I said that I could see the available shares and even map to them? That's the error message you're going to get as a result of doing just that... having a connection to the domain in any way while trying to create your machine trust account.

    When you first log into your SAMBA PDC you will create a "machine trust account" for the machine that you are logging in from. This is different from the "machine account" that you either set up manually or, if you're using a configuration like mine, made "on-the-fly". Simply put, SAMBA requires it.

    The reason for the second error?

    It took me a while to figure it out but this is what I learned:

    In order to create a "machine trust account" with SAMBA you have to join the domain (first time only) with a root-level login/password. I learned that from one of the users here on this forum.

    I tried using my "root" account on my Linux box to join the domain but still got the same error message... so what gives?

    Actually... when you first join the domain you do have to use a root-level login/password... a SAMBA root-level login/password!

    So I went back into Super User mode and did the following:

    # smbpasswd −a root
    Enter Password: <pw>

    I used the same password as my "root" user in Linux and you know what happened next?

    I was able to successfully join all of my Windows 2000 machines to my new SAMBA PDC!


    Things I learned along the way:

    If you want to disable the roaming profiles leave out the [Homes] section of your /etc/samba/smb.conf or, in Windows 2000, right-click the "My Computer" icon, select "Properties" and select the "User Profiles" tab. Select the users name and click on the "Change type" button. Choose "Local Profile".

    Whatever you do, don't give your Domain the same name as your Workgroup... it won't work. Period. If you absolutely have to use the same name, change the workgroup name on the machine you are trying to join with first... reboot... then join the domain.

    Diet Pepsi goes flat in about 10 minutes... so drink it fast.

    If you are going to use roaming profiles, a good policy to implement is to have your users keep a minimal amount of information in their "My Documents" folder and don't put folders full of information on the desktop. Also keep the "Temporary Internet" folders clean. User profiles will send all of the junk you have piled up in your "C:\Documents and Settings\userid" folder to the server when you log out and if you log in from a different machine it will send all of that junk to the new machine. If you have a bunch of crap in those folders it could take quite a while. I had one user who had nearly 300MB of crap in his "My Documents" folder alone... took nearly 15 minutes to log out (oh wait... that was me )

    [ 17 June 2002: Message edited by: Nivuahc ]
    Registered Linux User #324436
    Registered Linux Box #209059

    One by one, the Penguins are taking my sanity...

  2. #2
    Join Date
    Mar 2002
    Location
    Pennsylvania, USA
    Posts
    1,713
    Good job!! I saved the text from your message and will keep it for future reference.
    My eventual plans are to replace my NT 4 PDC with a Samba PDC when I get time. You sure saved me a lot of work.

    That needs to be turned in to a NHF.
    If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.

  3. #3
    Join Date
    Jun 2002
    Location
    West Yorkshire, England
    Posts
    96
    Good Work!!!

    I have been looking to do this for ages and wanted to verify what I had configured. I wasveryafraid to put what i had done to a live situation until I had verification.

    This HAS TO BE A NHF !!!!!

  4. #4
    Join Date
    Apr 2002
    Location
    Augusta Georgia USA
    Posts
    38
    I sent it in yesterday
    Registered Linux User #324436
    Registered Linux Box #209059

    One by one, the Penguins are taking my sanity...

  5. #5
    Join Date
    Apr 2002
    Location
    Augusta Georgia USA
    Posts
    38
    Something else that I learned:

    With the shares that I have outlined above, I had a small problem.

    Most of the users on my system use AutoCAD (we're a small engineering firm) and AutoCAD didn't want to act quite right with my Projects share.

    When a user tries to save a drawing using AutoCAD it, evidently, tries to change the ownership of the file to the user making the changes.

    I tried everything I could think of and eventually settled on adding this line to my Projects share:

    admin users = @Design, @adm

    This allowed all of the users in the Design group as well as the adm group the priveleges to do what they needed and seemed to fix the problem.

    [ 18 June 2002: Message edited by: Nivuahc ]
    Registered Linux User #324436
    Registered Linux Box #209059

    One by one, the Penguins are taking my sanity...

  6. #6
    Join Date
    Jul 2002
    Location
    Dublin, Ireland
    Posts
    30
    Nice job there Nivuahc. You've saved me a lot of time fiddling about with Samba. And that IBM site explains everything in a nice, easy to follow way!
    Thanks again!
    A.
    HEEEE'S not the messiah! He's a very naughty boy!!

  7. #7
    Join Date
    Jul 2002
    Location
    New Jersey
    Posts
    8
    I just reinstalled my NT4 PDC today as a Linux Samba Server too.

    I found a couple of articles by Carla Schroder at networking.earthweb.com and http://networking.earthweb.com/netos...151091,00.html that walked me through step by step.

    One difficulty that took me a little while to figure out though turned out to be a permissions problem in her instructions.

    In her instructions for creating the directories she set up in the smb.conf file, she said to type:
    chown 1757 /home/samba/profiles

    This should have been:
    chmod 1757 /home/samba/profiles

    Once I made that change, I was able to log in and it used remote profiles and everything.

    Then I had to log in on my Win2K system on the local Administrator and copy my old files and directories from the old Documents and Settings folders to the new ones that logging in under a new domain creates. This took care of most of the configuration stuff. Make sure you turn on the "Show hidden files" option under the Folder Options before copying them to the clipboard to be sure you get everything though. There are a whole bunch of hidden folders in there that really make a big difference.

    Now to figure out how to get the system to print to my Canon BJC-6000.

    Anyway, I thought I'd post my experiences as well in case it helps someone.

  8. #8
    Join Date
    Apr 2002
    Location
    Augusta Georgia USA
    Posts
    38
    1. This never got turmed into a NHF (that hurt )

    2. I'll have to update this puppy because a lot has changed in the way I do things since I wrote it way back when.
    Registered Linux User #324436
    Registered Linux Box #209059

    One by one, the Penguins are taking my sanity...

  9. #9
    Join Date
    Mar 2003
    Location
    Southern California
    Posts
    35

    Thumbs up Nice, Very Nice!

    I just could not help jumping in to echo the 'Nice Work' theme. Not only is your post informative, it is very well written (and even entertaining at times). It deserves NHF status.

    I plan on dumping my old NT4 server and elevating my RH8/SAMBA server to PDC soon. Your post will no doubt save me time and effort.

    Thanks again!
    Aristotle (Yes, it is my real name)
    Registered Linux User #309880

  10. #10
    Join Date
    Oct 2002
    Location
    Minneapolis, MN USA
    Posts
    125
    Awesome thread! This is exactly the information I was looking for on my project

  11. #11
    Join Date
    Dec 2002
    Location
    London
    Posts
    162

    2 pence

    I also embarked on this project a couple of months ago. The existing win2k server got it's AD corrupted somehow, so I decided to give Linux a go. Had exactly the same problems as you plus another one.

    There where existing home folders since it was a privious win2k roaming network so I figured I could just use the old folders and the users would never know the difference. Wrong! Tiz seams you have to start with fresh home folders or you get errors at login.

    For those of you planning to migrate keep this in mind.

  12. #12
    Join Date
    Jan 2003
    Posts
    2
    Nivuahc, do you manage to get your logon scripts running perfectly? (if any) i've tried installing samba 3.0.2a from rpms and from source, configured it to be a pdc, succesfully adding machines to the domain but the problem with my setup here is, i can't get the logon scripts to run. Any ideas? I'm running WinXP Pro on client machine and RH 9 as the PDC

  13. #13
    Join Date
    Oct 2000
    Location
    Calgary, Alberta, Canada
    Posts
    8,130

  14. #14
    Join Date
    Oct 2003
    Location
    NW Indiana
    Posts
    29
    Because the good ones never die?

  15. #15
    Join Date
    Jan 2003
    Posts
    2
    lol... i was so desperate and in need of some answers that i didn't look at the date when this thread was posted. I tried samba with pdc 2 years back without any luck.... so this is kinda payback..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •