- Timestamp:
- Jan 15, 2010, 8:21:06 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/nw4migration.html
r218 r368 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Migrating NetWare Server to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 4.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"><link rel="next" href="RefSection.html" title="Part III. Reference Section"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Migrating NetWare Server to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ntmigration.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="RefSection.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="nw4migration"></a>Chapter 10. Migrating NetWare Server to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="nw4migration.html#id2606030">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606147">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606260">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606337">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2606527">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2606536">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></div><p>2 <a class="indexterm" name="id26 05876"></a>3 <a class="indexterm" name="id26 05882"></a>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 10. Migrating NetWare Server to Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"><link rel="next" href="RefSection.html" title="Part III. Reference Section"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 10. Migrating NetWare Server to Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ntmigration.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="RefSection.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 10. Migrating NetWare Server to Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="nw4migration"></a>Chapter 10. Migrating NetWare Server to Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="nw4migration.html#id2612089">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2612206">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2612318">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2612395">Technical Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="nw4migration.html#id2612585">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="nw4migration.html#id2612594">NetWare Migration Using LDAP Backend</a></span></dt></dl></dd></dl></div><p> 2 <a class="indexterm" name="id2611934"></a> 3 <a class="indexterm" name="id2611941"></a> 4 4 Novell is a company any seasoned IT manager has to admire. It has become increasingly 5 5 Linux-friendly and is emerging out of a deep regression that almost saw the company … … 9 9 Meanwhile, there can be no denying that Novell is a Linux company. 10 10 </p><p> 11 <a class="indexterm" name="id26 05900"></a>12 <a class="indexterm" name="id26 05907"></a>13 <a class="indexterm" name="id26 05914"></a>14 <a class="indexterm" name="id26 05920"></a>11 <a class="indexterm" name="id2611959"></a> 12 <a class="indexterm" name="id2611965"></a> 13 <a class="indexterm" name="id2611972"></a> 14 <a class="indexterm" name="id2611979"></a> 15 15 Whatever flavor of Linux is preferred in your environment, whether Red Hat, Debian, 16 16 Gentoo, Mandrake, or SUSE (Novell), the information in this chapter should be read with … … 18 18 in this chapter should provide something of value. 19 19 </p><p> 20 <a class="indexterm" name="id26 05936"></a>20 <a class="indexterm" name="id2611994"></a> 21 21 Contributions to this chapter were made by Misty Stanley-Jones, a UNIX administrator of many 22 22 years who surfaced on the Samba mailing list with a barrage of questions and who 23 23 regularly helps other administrators to solve thorny Samba migration questions. 24 24 </p><p> 25 <a class="indexterm" name="id26 05950"></a>26 <a class="indexterm" name="id26 05957"></a>27 <a class="indexterm" name="id26 05963"></a>28 <a class="indexterm" name="id26 05970"></a>25 <a class="indexterm" name="id2612009"></a> 26 <a class="indexterm" name="id2612015"></a> 27 <a class="indexterm" name="id2612022"></a> 28 <a class="indexterm" name="id2612029"></a> 29 29 One wonders how many NetWare servers remain in active service. Many are being migrated 30 30 to Samba on Linux. Red Hat Linux, SUSE Linux 9.x, and SUSE Linux Enterprise Server 9 are … … 50 50 original documentation contributed by Misty, the Courier-IMAP package had been built 51 51 directly from the original source tarball. 52 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606030"></a>Introduction</h2></div></div></div><p>53 <a class="indexterm" name="id26 06038"></a>52 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2612089"></a>Introduction</h2></div></div></div><p> 53 <a class="indexterm" name="id2612096"></a> 54 54 Misty Stanley-Jones was recruited by Abmas to administer a network that had 55 55 not received much attention for some years and was much in need of a makeover. … … 58 58 </p><p> 59 59 A site survey turned up the following details for the old NetWare server: 60 </p><table class="simplelist" border="0" summary="Simplelist"><tr><td><p>200 MHz MMX processor</p></td></tr><tr><td><p>512K RAM</p></td></tr><tr><td><p>24 GB disk space in RAID1</p></td></tr><tr><td><p>Novell 4.11 patched to service pack 7</p></td></tr><tr><td><p>60+ users</p></td></tr><tr><td><p>7 network-attached printers</p></td></tr></table><p>60 </p><table border="0" summary="Simple list" class="simplelist"><tr><td><p>200 MHz MMX processor</p></td></tr><tr><td><p>512K RAM</p></td></tr><tr><td><p>24 GB disk space in RAID1</p></td></tr><tr><td><p>Novell 4.11 patched to service pack 7</p></td></tr><tr><td><p>60+ users</p></td></tr><tr><td><p>7 network-attached printers</p></td></tr></table><p> 61 61 The company had outgrown this server several years before and was dealing with 62 62 severe growing pains. Some of the problems experienced were: 63 </p><div class="itemizedlist"><ul type="disc"><li><p>Very slow performance</p></li><li><p>Available storage hovering around the 5% range</p><div class="itemizedlist"><ul type="circle"><li><p>Extremely slow print spooling.</p></li><li><p>63 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Very slow performance</p></li><li class="listitem"><p>Available storage hovering around the 5% range</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem"><p>Extremely slow print spooling.</p></li><li class="listitem"><p> 64 64 Users storing information on their local hard 65 65 drives, causing backup integrity problems 66 66 </p></li></ul></div></li></ul></div><p> 67 <a class="indexterm" name="id26 06133"></a>67 <a class="indexterm" name="id2612192"></a> 68 68 At one point disk space had filled up to 100 percent, causing the payroll database 69 69 to become corrupt. This caused the accounting department to be down for over … … 71 71 server was created with very poor security and design considerations from 72 72 a discarded desktop PC. 73 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2606147"></a>Assignment Tasks</h3></div></div></div><p>73 </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id2612206"></a>Assignment Tasks</h3></div></div></div><p> 74 74 Misty has provided this summary of her migration experience in the hope 75 75 that it will help someone to avoid the challenges she faced. Perhaps her … … 90 90 the overall information more useful to you. 91 91 </p><p> 92 <a class="indexterm" name="id26 06184"></a>92 <a class="indexterm" name="id2612243"></a> 93 93 After management reviewed a cost-benefit report as well as an estimated 94 94 time-to-completion, approval was given proceed with the solution proposed. 95 95 The server was built from purchased components. The total project cost 96 96 was $3,000. A brief description of the configuration follows: 97 </p><table class="simplelist" border="0" summary="Simplelist"><tr><td>97 </p><table border="0" summary="Simple list" class="simplelist"><tr><td> 98 98 <p>3.0 GHz P4 Processor</p> 99 99 </td></tr><tr><td> … … 112 112 The new system has operated for 6 months without problems. Over the past months 113 113 much attention has been focused on cleaning up desktops and user profiles. 114 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606260"></a>Dissection and Discussion</h2></div></div></div><p>115 <a class="indexterm" name="id26 06268"></a>116 <a class="indexterm" name="id26 06275"></a>117 <a class="indexterm" name="id26 06282"></a>118 <a class="indexterm" name="id26 06288"></a>114 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2612318"></a>Dissection and Discussion</h2></div></div></div><p> 115 <a class="indexterm" name="id2612326"></a> 116 <a class="indexterm" name="id2612333"></a> 117 <a class="indexterm" name="id2612340"></a> 118 <a class="indexterm" name="id2612347"></a> 119 119 A decision to use LDAP was made even though I knew nothing about LDAP except that 120 I had been reading the book “<span class="quote">LDAP System Administration,</span>”by Gerald Carter.120 I had been reading the book <span class="quote">“<span class="quote">LDAP System Administration,</span>”</span> by Gerald Carter. 121 121 LDAP seemed to provide some of the functionality of Novell's e-Directory Services 122 122 and would provide centralized authentication and identity management. 123 123 </p><p> 124 <a class="indexterm" name="id26 06307"></a>125 <a class="indexterm" name="id26 06314"></a>126 <a class="indexterm" name="id26 06321"></a>124 <a class="indexterm" name="id2612366"></a> 125 <a class="indexterm" name="id2612373"></a> 126 <a class="indexterm" name="id2612379"></a> 127 127 Building the LDAP database took a while and a lot of trial and error. Following 128 the guidance I obtained from “<span class="quote">LDAP System129 Administration,</span>” I installed OpenLDAP (from RPM; later I compiled128 the guidance I obtained from <span class="quote">“<span class="quote">LDAP System 129 Administration,</span>”</span> I installed OpenLDAP (from RPM; later I compiled 130 130 a more current version from source) and built my initial LDAP tree. 131 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2606337"></a>Technical Issues</h3></div></div></div><p>132 <a class="indexterm" name="id26 06344"></a>133 <a class="indexterm" name="id26 06351"></a>134 <a class="indexterm" name="id26 06358"></a>135 <a class="indexterm" name="id26 06365"></a>136 <a class="indexterm" name="id26 06372"></a>137 <a class="indexterm" name="id26 06379"></a>138 <a class="indexterm" name="id26 06385"></a>139 <a class="indexterm" name="id26 06392"></a>140 <a class="indexterm" name="id26 06399"></a>131 </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2612395"></a>Technical Issues</h3></div></div></div><p> 132 <a class="indexterm" name="id2612403"></a> 133 <a class="indexterm" name="id2612410"></a> 134 <a class="indexterm" name="id2612417"></a> 135 <a class="indexterm" name="id2612424"></a> 136 <a class="indexterm" name="id2612430"></a> 137 <a class="indexterm" name="id2612437"></a> 138 <a class="indexterm" name="id2612444"></a> 139 <a class="indexterm" name="id2612451"></a> 140 <a class="indexterm" name="id2612458"></a> 141 141 The first challenge was to create a company white pages, followed by manually 142 142 entering everything from the printed company directory. This used only the inetOrgPerson … … 147 147 and SMTP. 148 148 </p><p> 149 Because a decision was made to use Courier-IMAP the schema “<span class="quote">authldap.schema</span>”149 Because a decision was made to use Courier-IMAP the schema <span class="quote">“<span class="quote">authldap.schema</span>”</span> 150 150 from the Courier-IMAP source, tarball is necessary to resolve Courier-specific LDAP directory 151 151 needs. Where the Courier-IMAP file provided by SUSE is used, this file is named … … 184 184 echo "userPassword: $userPassword" 185 185 done 186 </pre></div></div><br class="example-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>186 </pre></div></div><br class="example-break"><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 187 187 188 188 The PADL MigrationTools are recommended for migration of the UNIX account information into … … 190 190 aliases, hosts, netgroups, networks, protocols, PRCs, and services from the existing ASCII text 191 191 files (or from a name service such as NIS). This too set can be obtained from the <a class="ulink" href="http://www.padl.com" target="_top">PADL Web site</a>. 192 </p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606527"></a>Implementation</h2></div></div></div><p>193 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2606536"></a>NetWare Migration Using LDAP Backend</h3></div></div></div><p>192 </p></div></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2612585"></a>Implementation</h2></div></div></div><p> 193 </p><div class="sect2" title="NetWare Migration Using LDAP Backend"><div class="titlepage"><div><div><h3 class="title"><a name="id2612594"></a>NetWare Migration Using LDAP Backend</h3></div></div></div><p> 194 194 The following software must be installed on the SUSE Linux Enterprise Server to perform 195 195 this migration: 196 </p><table class="simplelist" border="0" summary="Simplelist"><tr><td><p>courier-imap</p></td></tr><tr><td><p>courier-imap-ldap</p></td></tr><tr><td><p>nss_ldap</p></td></tr><tr><td><p>openldap2-client</p></td></tr><tr><td><p>openldap2-devel (only for Samba compilation)</p></td></tr><tr><td><p>openldap2</p></td></tr><tr><td><p>pam_ldap</p></td></tr><tr><td><p>samba-3.0.20 or later</p></td></tr><tr><td><p>samba-client-3.0.20 or later</p></td></tr><tr><td><p>samba-winbind-3.0.20 or later</p></td></tr><tr><td><p>smbldap-tools Version 0.9.1</p></td></tr></table><p>196 </p><table border="0" summary="Simple list" class="simplelist"><tr><td><p>courier-imap</p></td></tr><tr><td><p>courier-imap-ldap</p></td></tr><tr><td><p>nss_ldap</p></td></tr><tr><td><p>openldap2-client</p></td></tr><tr><td><p>openldap2-devel (only for Samba compilation)</p></td></tr><tr><td><p>openldap2</p></td></tr><tr><td><p>pam_ldap</p></td></tr><tr><td><p>samba-3.0.20 or later</p></td></tr><tr><td><p>samba-client-3.0.20 or later</p></td></tr><tr><td><p>samba-winbind-3.0.20 or later</p></td></tr><tr><td><p>smbldap-tools Version 0.9.1</p></td></tr></table><p> 197 197 Each software application must be carefully configured in preparation for migration. 198 198 The configuration files used at Abmas are provided as a guide and should be modified 199 199 to meet needs at your site. 200 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2606611"></a>LDAP Server Configuration</h4></div></div></div><p>200 </p><div class="sect3" title="LDAP Server Configuration"><div class="titlepage"><div><div><h4 class="title"><a name="id2612670"></a>LDAP Server Configuration</h4></div></div></div><p> 201 201 The <code class="filename">/etc/openldap/slapd.conf</code> file Misty used is shown here: 202 202 </p><pre class="programlisting"> … … 363 363 </pre><p> 364 364 </p><p> 365 <a class="indexterm" name="id26 06803"></a>365 <a class="indexterm" name="id2612861"></a> 366 366 The <code class="filename">/etc/ldap.conf</code> file used is listed in <a class="link" href="nw4migration.html#ch8ldap" title="Example 10.2. NSS LDAP Control File /etc/ldap.conf">“NSS LDAP Control File /etc/ldap.conf”</a>. 367 367 </p><div class="example"><a name="ch8ldap"></a><p class="title"><b>Example 10.2. NSS LDAP Control File /etc/ldap.conf</b></p><div class="example-contents"><pre class="screen"> … … 417 417 </pre><p> 418 418 </p><p> 419 <a class="indexterm" name="id26 06887"></a>420 <a class="indexterm" name="id26 06893"></a>419 <a class="indexterm" name="id2612945"></a> 420 <a class="indexterm" name="id2612952"></a> 421 421 In my setup, users authenticate via PAM and NSS using LDAP-based accounts. 422 422 The configuration file that controls the behavior of the PAM <code class="literal">pam_unix2</code> … … 459 459 password: use_ldap 460 460 session: none 461 </pre></div></div><br class="example-break"><a class="indexterm" name="id26 06976"></a><a class="indexterm" name="id2606983"></a><a class="indexterm" name="id2606990"></a><div class="itemizedlist"><ul type="disc"><li><p>461 </pre></div></div><br class="example-break"><a class="indexterm" name="id2613035"></a><a class="indexterm" name="id2613041"></a><a class="indexterm" name="id2613048"></a><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> 462 462 If your LDAP database goes down, nobody can authenticate except for root. 463 </p></li><li ><p>463 </p></li><li class="listitem"><p> 464 464 If failover is configured incorrectly, weird behavior can occur. For example, 465 465 DNS can fail to resolve. … … 469 469 </p><p> 470 470 The following services authenticate using LDAP: 471 </p><a class="indexterm" name="id26 07026"></a><a class="indexterm" name="id2607033"></a><a class="indexterm" name="id2607039"></a><table class="simplelist" border="0" summary="Simplelist"><tr><td><p>UNIX login/ssh</p></td></tr><tr><td><p>Postfix (SMTP)</p></td></tr><tr><td><p>Courier-IMAP/IMAPS/POP3/POP3S</p></td></tr></table><p>472 <a class="indexterm" name="id26 07068"></a>473 <a class="indexterm" name="id26 07075"></a>471 </p><a class="indexterm" name="id2613084"></a><a class="indexterm" name="id2613091"></a><a class="indexterm" name="id2613098"></a><table border="0" summary="Simple list" class="simplelist"><tr><td><p>UNIX login/ssh</p></td></tr><tr><td><p>Postfix (SMTP)</p></td></tr><tr><td><p>Courier-IMAP/IMAPS/POP3/POP3S</p></td></tr></table><p> 472 <a class="indexterm" name="id2613127"></a> 473 <a class="indexterm" name="id2613134"></a> 474 474 Companywide white pages can be searched using an LDAP client 475 475 such as the one in the Windows Address Book. 476 476 </p><p> 477 <a class="indexterm" name="id26 07087"></a>478 <a class="indexterm" name="id26 07094"></a>477 <a class="indexterm" name="id2613146"></a> 478 <a class="indexterm" name="id2613153"></a> 479 479 Having gained a solid understanding of LDAP and a relatively workable LDAP tree 480 480 thus far, it was time to configure Samba. I compiled the latest stable Samba and … … 483 483 </p><p> 484 484 The Samba <code class="filename">smb.conf</code> file was configured as shown in <a class="link" href="nw4migration.html#ch8smbconf" title="Example 10.4. Samba Configuration File smb.conf Part A">“Samba Configuration File smb.conf Part A”</a>. 485 </p><div class="example"><a name="ch8smbconf"></a><p class="title"><b>Example 10.4. Samba Configuration File smb.conf Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2607164"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2607176"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2607188"></a><em class="parameter"><code>server string = Corp File Server</code></em></td></tr><tr><td><a class="indexterm" name="id2607200"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id2607212"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607224"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2607236"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2607247"></a><em class="parameter"><code>log file = /data/samba/log/%m.log</code></em></td></tr><tr><td><a class="indexterm" name="id2607259"></a><em class="parameter"><code>name resolve order = wins host bcast</code></em></td></tr><tr><td><a class="indexterm" name="id2607271"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607283"></a><em class="parameter"><code>printcap name = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2607295"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607307"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2607318"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2607331"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2607343"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2607356"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2607369"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2607382"></a><em class="parameter"><code>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"</code></em></td></tr><tr><td><a class="indexterm" name="id2607395"></a><em class="parameter"><code>logon script = logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2607406"></a><em class="parameter"><code>logon path = \\%L\profiles\%U\%a</code></em></td></tr><tr><td><a class="indexterm" name="id2607418"></a><em class="parameter"><code>logon drive = H:</code></em></td></tr><tr><td><a class="indexterm" name="id2607430"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2607442"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607453"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607465"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2607477"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2607489"></a><em class="parameter"><code>ldap idmap suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2607501"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2607513"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607525"></a><em class="parameter"><code>ldap suffix = ou=MEGANET2,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2607537"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id2607549"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2607561"></a><em class="parameter"><code>admin users = root, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607573"></a><em class="parameter"><code>printer admin = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607585"></a><em class="parameter"><code>force printername = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf2"></a><p class="title"><b>Example 10.5. Samba Configuration File smb.conf Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2607624"></a><em class="parameter"><code>comment = Network logon service</code></em></td></tr><tr><td><a class="indexterm" name="id2607636"></a><em class="parameter"><code>path = /data/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2607648"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2607660"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2607680"></a><em class="parameter"><code>comment = Roaming Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2607692"></a><em class="parameter"><code>path = /data/samba/profiles/</code></em></td></tr><tr><td><a class="indexterm" name="id2607704"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607716"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2607727"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2607739"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2607760"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2607771"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2607783"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607794"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2607806"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2607818"></a><em class="parameter"><code>hide files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2607830"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[software]</code></em></td></tr><tr><td><a class="indexterm" name="id2607850"></a><em class="parameter"><code>comment = Software for %a computers</code></em></td></tr><tr><td><a class="indexterm" name="id2607862"></a><em class="parameter"><code>path = /data/samba/shares/software/%a</code></em></td></tr><tr><td><a class="indexterm" name="id2607874"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[public]</code></em></td></tr><tr><td><a class="indexterm" name="id2607894"></a><em class="parameter"><code>comment = Public Files</code></em></td></tr><tr><td><a class="indexterm" name="id2607906"></a><em class="parameter"><code>path = /data/samba/shares/public</code></em></td></tr><tr><td><a class="indexterm" name="id2607918"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2607930"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[PDF]</code></em></td></tr><tr><td><a class="indexterm" name="id2607950"></a><em class="parameter"><code>comment = Location of documents printed to PDFCreator printer</code></em></td></tr><tr><td><a class="indexterm" name="id2607963"></a><em class="parameter"><code>path = /data/samba/shares/pdf</code></em></td></tr><tr><td><a class="indexterm" name="id2607974"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf3"></a><p class="title"><b>Example 10.6. Samba Configuration File smb.conf Part C</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[EVERYTHING]</code></em></td></tr><tr><td><a class="indexterm" name="id2608013"></a><em class="parameter"><code>comment = All shares</code></em></td></tr><tr><td><a class="indexterm" name="id2608025"></a><em class="parameter"><code>path = /data/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2608037"></a><em class="parameter"><code>valid users = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2608049"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[CDROM]</code></em></td></tr><tr><td><a class="indexterm" name="id2608069"></a><em class="parameter"><code>comment = CD-ROM on MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2608081"></a><em class="parameter"><code>path = /mnt</code></em></td></tr><tr><td><a class="indexterm" name="id2608092"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2608113"></a><em class="parameter"><code>comment = Printer Drivers Share</code></em></td></tr><tr><td><a class="indexterm" name="id2608125"></a><em class="parameter"><code>path = /data/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2608136"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id2608148"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2608169"></a><em class="parameter"><code>comment = All Printers</code></em></td></tr><tr><td><a class="indexterm" name="id2608180"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id2608192"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2608204"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608215"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[acct_hp8500]</code></em></td></tr><tr><td><a class="indexterm" name="id2608236"></a><em class="parameter"><code>comment = "Accounting Color Laser Printer"</code></em></td></tr><tr><td><a class="indexterm" name="id2608248"></a><em class="parameter"><code>path = /data/samba/spool/private</code></em></td></tr><tr><td><a class="indexterm" name="id2608260"></a><em class="parameter"><code>valid users = @acct, @acct_admin, @hr, "@Domain Admins",@Receptionist, dwayne, terri, danae, jerry</code></em></td></tr><tr><td><a class="indexterm" name="id2608273"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2608284"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608296"></a><em class="parameter"><code>copy = printers</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[plotter]</code></em></td></tr><tr><td><a class="indexterm" name="id2608316"></a><em class="parameter"><code>comment = Engineering Plotter</code></em></td></tr><tr><td><a class="indexterm" name="id2608328"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id2608340"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2608352"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608363"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2608375"></a><em class="parameter"><code>copy = printers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf4"></a><p class="title"><b>Example 10.7. Samba Configuration File smb.conf Part D</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[APPS]</code></em></td></tr><tr><td><a class="indexterm" name="id2608414"></a><em class="parameter"><code>path = /data/samba/shares/Apps</code></em></td></tr><tr><td><a class="indexterm" name="id2608426"></a><em class="parameter"><code>force group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2608438"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT]</code></em></td></tr><tr><td><a class="indexterm" name="id2608459"></a><em class="parameter"><code>path = /data/samba/shares/Accounting</code></em></td></tr><tr><td><a class="indexterm" name="id2608471"></a><em class="parameter"><code>valid users = @acct, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2608483"></a><em class="parameter"><code>force group = acct</code></em></td></tr><tr><td><a class="indexterm" name="id2608494"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608506"></a><em class="parameter"><code>create mask = 0660</code></em></td></tr><tr><td><a class="indexterm" name="id2608517"></a><em class="parameter"><code>directory mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT_ADMIN]</code></em></td></tr><tr><td><a class="indexterm" name="id2608538"></a><em class="parameter"><code>path = /data/samba/shares/Acct_Admin</code></em></td></tr><tr><td><a class="indexterm" name="id2608550"></a><em class="parameter"><code>valid users = @âacct_adminâ</code></em></td></tr><tr><td><a class="indexterm" name="id2608563"></a><em class="parameter"><code>force group = acct_admin</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[HR_PR]</code></em></td></tr><tr><td><a class="indexterm" name="id2608584"></a><em class="parameter"><code>path = /data/samba/shares/HR_PR</code></em></td></tr><tr><td><a class="indexterm" name="id2608595"></a><em class="parameter"><code>valid users = @hr, @acct_admin</code></em></td></tr><tr><td><a class="indexterm" name="id2608607"></a><em class="parameter"><code>force group = hr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ENGR]</code></em></td></tr><tr><td><a class="indexterm" name="id2608628"></a><em class="parameter"><code>path = /data/samba/shares/Engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608640"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id2608652"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608664"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608675"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[DATA]</code></em></td></tr><tr><td><a class="indexterm" name="id2608696"></a><em class="parameter"><code>path = /data/samba/shares/DATA</code></em></td></tr><tr><td><a class="indexterm" name="id2608708"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id2608720"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608732"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608743"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2608755"></a><em class="parameter"><code>copy = engr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf5"></a><p class="title"><b>Example 10.8. Samba Configuration File smb.conf Part E</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[X]</code></em></td></tr><tr><td><a class="indexterm" name="id2608794"></a><em class="parameter"><code>path = /data/samba/shares/X</code></em></td></tr><tr><td><a class="indexterm" name="id2608805"></a><em class="parameter"><code>valid users = @engr, @acct</code></em></td></tr><tr><td><a class="indexterm" name="id2608817"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2608829"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608840"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2608852"></a><em class="parameter"><code>copy = engr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[NETWORK]</code></em></td></tr><tr><td><a class="indexterm" name="id2608872"></a><em class="parameter"><code>path = /data/samba/shares/network</code></em></td></tr><tr><td><a class="indexterm" name="id2608884"></a><em class="parameter"><code>valid users = "@Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2608896"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2608908"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2608919"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[UTILS]</code></em></td></tr><tr><td><a class="indexterm" name="id2608940"></a><em class="parameter"><code>path = /data/samba/shares/Utils</code></em></td></tr><tr><td><a class="indexterm" name="id2608952"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[SYS]</code></em></td></tr><tr><td><a class="indexterm" name="id2608972"></a><em class="parameter"><code>path = /data/samba/shares/SYS</code></em></td></tr><tr><td><a class="indexterm" name="id2608984"></a><em class="parameter"><code>valid users = chad</code></em></td></tr><tr><td><a class="indexterm" name="id2608996"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2609008"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><p>486 <a class="indexterm" name="id26 09022"></a>487 <a class="indexterm" name="id26 09029"></a>488 <a class="indexterm" name="id26 09036"></a>485 </p><div class="example"><a name="ch8smbconf"></a><p class="title"><b>Example 10.4. Samba Configuration File smb.conf Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2613222"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2613234"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2613246"></a><em class="parameter"><code>server string = Corp File Server</code></em></td></tr><tr><td><a class="indexterm" name="id2613258"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://localhost</code></em></td></tr><tr><td><a class="indexterm" name="id2613270"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2613282"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2613294"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2613306"></a><em class="parameter"><code>log file = /data/samba/log/%m.log</code></em></td></tr><tr><td><a class="indexterm" name="id2613318"></a><em class="parameter"><code>name resolve order = wins host bcast</code></em></td></tr><tr><td><a class="indexterm" name="id2613330"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2613341"></a><em class="parameter"><code>printcap name = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2613353"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2613365"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2613377"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2613389"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2613402"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2613415"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</code></em></td></tr><tr><td><a class="indexterm" name="id2613428"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</code></em></td></tr><tr><td><a class="indexterm" name="id2613441"></a><em class="parameter"><code>add machine script = /usr/local/sbin/smbldap-useradd -w "%m"</code></em></td></tr><tr><td><a class="indexterm" name="id2613453"></a><em class="parameter"><code>logon script = logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2613465"></a><em class="parameter"><code>logon path = \\%L\profiles\%U\%a</code></em></td></tr><tr><td><a class="indexterm" name="id2613477"></a><em class="parameter"><code>logon drive = H:</code></em></td></tr><tr><td><a class="indexterm" name="id2613488"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2613500"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2613512"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2613524"></a><em class="parameter"><code>ldap admin dn = cn=Manager,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2613536"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2613548"></a><em class="parameter"><code>ldap idmap suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2613560"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2613572"></a><em class="parameter"><code>ldap passwd sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2613584"></a><em class="parameter"><code>ldap suffix = ou=MEGANET2,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2613596"></a><em class="parameter"><code>ldap ssl = no</code></em></td></tr><tr><td><a class="indexterm" name="id2613607"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2613619"></a><em class="parameter"><code>admin users = root, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2613631"></a><em class="parameter"><code>printer admin = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2613643"></a><em class="parameter"><code>force printername = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf2"></a><p class="title"><b>Example 10.5. Samba Configuration File smb.conf Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2613683"></a><em class="parameter"><code>comment = Network logon service</code></em></td></tr><tr><td><a class="indexterm" name="id2613695"></a><em class="parameter"><code>path = /data/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2613706"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2613718"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2613739"></a><em class="parameter"><code>comment = Roaming Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2613751"></a><em class="parameter"><code>path = /data/samba/profiles/</code></em></td></tr><tr><td><a class="indexterm" name="id2613762"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2613774"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2613786"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2613798"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2613818"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2613830"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2613841"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2613853"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2613865"></a><em class="parameter"><code>veto files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2613876"></a><em class="parameter"><code>hide files = desktop.ini</code></em></td></tr><tr><td><a class="indexterm" name="id2613888"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[software]</code></em></td></tr><tr><td><a class="indexterm" name="id2613909"></a><em class="parameter"><code>comment = Software for %a computers</code></em></td></tr><tr><td><a class="indexterm" name="id2613920"></a><em class="parameter"><code>path = /data/samba/shares/software/%a</code></em></td></tr><tr><td><a class="indexterm" name="id2613932"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[public]</code></em></td></tr><tr><td><a class="indexterm" name="id2613953"></a><em class="parameter"><code>comment = Public Files</code></em></td></tr><tr><td><a class="indexterm" name="id2613965"></a><em class="parameter"><code>path = /data/samba/shares/public</code></em></td></tr><tr><td><a class="indexterm" name="id2613977"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2613988"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[PDF]</code></em></td></tr><tr><td><a class="indexterm" name="id2614009"></a><em class="parameter"><code>comment = Location of documents printed to PDFCreator printer</code></em></td></tr><tr><td><a class="indexterm" name="id2614021"></a><em class="parameter"><code>path = /data/samba/shares/pdf</code></em></td></tr><tr><td><a class="indexterm" name="id2614033"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf3"></a><p class="title"><b>Example 10.6. Samba Configuration File smb.conf Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[EVERYTHING]</code></em></td></tr><tr><td><a class="indexterm" name="id2614072"></a><em class="parameter"><code>comment = All shares</code></em></td></tr><tr><td><a class="indexterm" name="id2614084"></a><em class="parameter"><code>path = /data/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2614095"></a><em class="parameter"><code>valid users = "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2614107"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[CDROM]</code></em></td></tr><tr><td><a class="indexterm" name="id2614128"></a><em class="parameter"><code>comment = CD-ROM on MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2614139"></a><em class="parameter"><code>path = /mnt</code></em></td></tr><tr><td><a class="indexterm" name="id2614151"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2614171"></a><em class="parameter"><code>comment = Printer Drivers Share</code></em></td></tr><tr><td><a class="indexterm" name="id2614183"></a><em class="parameter"><code>path = /data/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2614195"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id2614207"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2614227"></a><em class="parameter"><code>comment = All Printers</code></em></td></tr><tr><td><a class="indexterm" name="id2614239"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id2614251"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2614262"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2614274"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[acct_hp8500]</code></em></td></tr><tr><td><a class="indexterm" name="id2614294"></a><em class="parameter"><code>comment = "Accounting Color Laser Printer"</code></em></td></tr><tr><td><a class="indexterm" name="id2614306"></a><em class="parameter"><code>path = /data/samba/spool/private</code></em></td></tr><tr><td><a class="indexterm" name="id2614318"></a><em class="parameter"><code>valid users = @acct, @acct_admin, @hr, "@Domain Admins",@Receptionist, dwayne, terri, danae, jerry</code></em></td></tr><tr><td><a class="indexterm" name="id2614331"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2614343"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2614354"></a><em class="parameter"><code>copy = printers</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[plotter]</code></em></td></tr><tr><td><a class="indexterm" name="id2614375"></a><em class="parameter"><code>comment = Engineering Plotter</code></em></td></tr><tr><td><a class="indexterm" name="id2614387"></a><em class="parameter"><code>path = /data/samba/spool</code></em></td></tr><tr><td><a class="indexterm" name="id2614399"></a><em class="parameter"><code>create mask = 0644</code></em></td></tr><tr><td><a class="indexterm" name="id2614410"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2614422"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2614434"></a><em class="parameter"><code>copy = printers</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf4"></a><p class="title"><b>Example 10.7. Samba Configuration File smb.conf Part D</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[APPS]</code></em></td></tr><tr><td><a class="indexterm" name="id2614473"></a><em class="parameter"><code>path = /data/samba/shares/Apps</code></em></td></tr><tr><td><a class="indexterm" name="id2614485"></a><em class="parameter"><code>force group = "Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2614497"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT]</code></em></td></tr><tr><td><a class="indexterm" name="id2614517"></a><em class="parameter"><code>path = /data/samba/shares/Accounting</code></em></td></tr><tr><td><a class="indexterm" name="id2614529"></a><em class="parameter"><code>valid users = @acct, "@Domain Admins"</code></em></td></tr><tr><td><a class="indexterm" name="id2614541"></a><em class="parameter"><code>force group = acct</code></em></td></tr><tr><td><a class="indexterm" name="id2614553"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2614564"></a><em class="parameter"><code>create mask = 0660</code></em></td></tr><tr><td><a class="indexterm" name="id2614576"></a><em class="parameter"><code>directory mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ACCT_ADMIN]</code></em></td></tr><tr><td><a class="indexterm" name="id2614597"></a><em class="parameter"><code>path = /data/samba/shares/Acct_Admin</code></em></td></tr><tr><td><a class="indexterm" name="id2614609"></a><em class="parameter"><code>valid users = @âacct_adminâ</code></em></td></tr><tr><td><a class="indexterm" name="id2614621"></a><em class="parameter"><code>force group = acct_admin</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[HR_PR]</code></em></td></tr><tr><td><a class="indexterm" name="id2614642"></a><em class="parameter"><code>path = /data/samba/shares/HR_PR</code></em></td></tr><tr><td><a class="indexterm" name="id2614654"></a><em class="parameter"><code>valid users = @hr, @acct_admin</code></em></td></tr><tr><td><a class="indexterm" name="id2614666"></a><em class="parameter"><code>force group = hr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[ENGR]</code></em></td></tr><tr><td><a class="indexterm" name="id2614686"></a><em class="parameter"><code>path = /data/samba/shares/Engr</code></em></td></tr><tr><td><a class="indexterm" name="id2614698"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id2614711"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2614722"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2614734"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[DATA]</code></em></td></tr><tr><td><a class="indexterm" name="id2614754"></a><em class="parameter"><code>path = /data/samba/shares/DATA</code></em></td></tr><tr><td><a class="indexterm" name="id2614766"></a><em class="parameter"><code>valid users = @engr, @receptionist, @truss, "@Domain Admins", cheri</code></em></td></tr><tr><td><a class="indexterm" name="id2614779"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2614790"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2614802"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2614813"></a><em class="parameter"><code>copy = engr</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch8smbconf5"></a><p class="title"><b>Example 10.8. Samba Configuration File smb.conf Part E</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[X]</code></em></td></tr><tr><td><a class="indexterm" name="id2614852"></a><em class="parameter"><code>path = /data/samba/shares/X</code></em></td></tr><tr><td><a class="indexterm" name="id2614864"></a><em class="parameter"><code>valid users = @engr, @acct</code></em></td></tr><tr><td><a class="indexterm" name="id2614876"></a><em class="parameter"><code>force group = engr</code></em></td></tr><tr><td><a class="indexterm" name="id2614887"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2614899"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2614910"></a><em class="parameter"><code>copy = engr</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[NETWORK]</code></em></td></tr><tr><td><a class="indexterm" name="id2614931"></a><em class="parameter"><code>path = /data/samba/shares/network</code></em></td></tr><tr><td><a class="indexterm" name="id2614943"></a><em class="parameter"><code>valid users = "@Domain Users"</code></em></td></tr><tr><td><a class="indexterm" name="id2614955"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2614966"></a><em class="parameter"><code>create mask = 0770</code></em></td></tr><tr><td><a class="indexterm" name="id2614978"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[UTILS]</code></em></td></tr><tr><td><a class="indexterm" name="id2614998"></a><em class="parameter"><code>path = /data/samba/shares/Utils</code></em></td></tr><tr><td><a class="indexterm" name="id2615010"></a><em class="parameter"><code>write list = "@Domain Admins"</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[SYS]</code></em></td></tr><tr><td><a class="indexterm" name="id2615031"></a><em class="parameter"><code>path = /data/samba/shares/SYS</code></em></td></tr><tr><td><a class="indexterm" name="id2615043"></a><em class="parameter"><code>valid users = chad</code></em></td></tr><tr><td><a class="indexterm" name="id2615054"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2615066"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><p> 486 <a class="indexterm" name="id2615081"></a> 487 <a class="indexterm" name="id2615088"></a> 488 <a class="indexterm" name="id2615094"></a> 489 489 Most of these shares are only used by one company group, but they are required 490 490 because of some ancient Qbasic and Rbase applications were that written expecting 491 491 their own drive letters. 492 492 </p><p> 493 <a class="indexterm" name="id26 09049"></a>494 <a class="indexterm" name="id26 09056"></a>495 <a class="indexterm" name="id26 09063"></a>493 <a class="indexterm" name="id2615108"></a> 494 <a class="indexterm" name="id2615115"></a> 495 <a class="indexterm" name="id2615122"></a> 496 496 Note: During the process of building the new server, I kept data files 497 497 up to date with the Novell server via use of <code class="literal">rsync</code>. … … 557 557 <code class="prompt">root# </code> smbpasswd -w verysecret 558 558 </pre><p> 559 where “<span class="quote">verysecret</span>”is replaced by the LDAP bind password.560 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>559 where <span class="quote">“<span class="quote">verysecret</span>”</span> is replaced by the LDAP bind password. 560 </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 561 561 The Idealx smbldap-tools package can be configured using a script called 562 562 <code class="literal">configure.pl</code> that is provided as part of the tool. See <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a> … … 740 740 smbpasswd="/usr/bin/smbpasswd" 741 741 </pre></div></div><br class="example-break"><p> 742 <a class="indexterm" name="id26 09525"></a>742 <a class="indexterm" name="id2615584"></a> 743 743 Note: I chose not to take advantage of the TLS capability of this. 744 744 Eventually I may go back and tweak it. Also, I chose not to take advantage … … 814 814 </pre><p> 815 815 </p><p> 816 <a class="indexterm" name="id26 09626"></a>817 <a class="indexterm" name="id26 09633"></a>818 <a class="indexterm" name="id26 09640"></a>819 <a class="indexterm" name="id26 09647"></a>820 <a class="indexterm" name="id26 09654"></a>816 <a class="indexterm" name="id2615685"></a> 817 <a class="indexterm" name="id2615692"></a> 818 <a class="indexterm" name="id2615699"></a> 819 <a class="indexterm" name="id2615706"></a> 820 <a class="indexterm" name="id2615712"></a> 821 821 With the LDAP directory now initialized, it was time to create the Windows and POSIX 822 822 (UNIX) group accounts as well as the mappings from Windows groups to UNIX groups. … … 826 826 try to do this by hand. 827 827 </p><p> 828 <a class="indexterm" name="id26 09676"></a>829 <a class="indexterm" name="id26 09683"></a>830 <a class="indexterm" name="id26 09690"></a>828 <a class="indexterm" name="id2615735"></a> 829 <a class="indexterm" name="id2615742"></a> 830 <a class="indexterm" name="id2615749"></a> 831 831 After I had my group mappings in place, I added users to the groups (the users 832 832 don't really have to exist yet). I used the <code class="literal">smbldap-groupmod</code> … … 834 834 attributes to the group entries in LDAP. 835 835 </p><p> 836 <a class="indexterm" name="id26 09711"></a>837 <a class="indexterm" name="id26 09718"></a>838 <a class="indexterm" name="id26 09724"></a>836 <a class="indexterm" name="id2615769"></a> 837 <a class="indexterm" name="id2615776"></a> 838 <a class="indexterm" name="id2615783"></a> 839 839 The most monumental task of all was adding the sambaSamAccount information to each 840 840 already existent posixAccount entry. I did it one at a time as I moved people onto … … 843 843 <code class="prompt">root# </code> smbldap-usermod -a -P username 844 844 </pre><p> 845 <a class="indexterm" name="id26 09747"></a>846 <a class="indexterm" name="id26 09754"></a>847 <a class="indexterm" name="id26 09761"></a>845 <a class="indexterm" name="id2615806"></a> 846 <a class="indexterm" name="id2615812"></a> 847 <a class="indexterm" name="id2615819"></a> 848 848 I completed that step for every user after asking the person what his or her current 849 849 NetWare password was. The wiser way to have done it would probably have been to dump the … … 852 852 <code class="prompt">root# </code> slapcat > somefile.ldif 853 853 </pre><p> 854 <a class="indexterm" name="id26 09784"></a>855 <a class="indexterm" name="id26 09791"></a>854 <a class="indexterm" name="id2615843"></a> 855 <a class="indexterm" name="id2615850"></a> 856 856 Then update the LDIF file created by using a Perl script to parse and add the 857 857 appropriate attributes and objectClasses to each entry, followed by re-importing … … 934 934 </pre><p> 935 935 </p><p> 936 <a class="indexterm" name="id26 09906"></a>936 <a class="indexterm" name="id2615965"></a> 937 937 So now I could log on with a test user from the machine w2kengrspare. It was all well and 938 938 good, but that user was in no groups yet and so had pretty boring access. I fixed that … … 943 943 I also did not have to do a logon script per user or per group. 944 944 </p><p> 945 <a class="indexterm" name="id26 09931"></a>945 <a class="indexterm" name="id2615989"></a> 946 946 I downloaded Kixtart and put the following files in my netlogon share: 947 947 </p><pre class="screen"> … … 955 955 </pre><p> 956 956 </p><p> 957 <a class="indexterm" name="id26 09962"></a>957 <a class="indexterm" name="id2616020"></a> 958 958 I then wrote the <code class="filename">logon.kix</code> file that is shown in 959 959 <a class="link" href="nw4migration.html#ch8kix" title="Example 10.15. Kixtart Control File File: logon.kix">“Kixtart Control File File: logon.kix”</a>. I chose to keep it all in one file, but it … … 1138 1138 so it was easier to do it by hand. 1139 1139 </p><p> 1140 <a class="indexterm" name="id261 0258"></a>1140 <a class="indexterm" name="id2616317"></a> 1141 1141 At this point I was able to add the users. This is the part that really falls 1142 1142 into upgrade. I moved the users over one group at a time, starting with the … … 1152 1152 struggled with the most effective way to do it. Here is the method that worked 1153 1153 for every one of my users on Windows NT, 2000, and XP: 1154 </p><div class="procedure"><ol type="1"><li><p>1154 </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 1155 1155 Log in as the user on the domain. This creates the local copy 1156 1156 of the user's profile and copies it to the server as he or she logs out. 1157 </p></li><li ><p>1157 </p></li><li class="step" title="Step 2"><p> 1158 1158 Reboot the computer and log in as the local machine administrator. 1159 </p></li><li ><p>1159 </p></li><li class="step" title="Step 3"><p> 1160 1160 Right-click My Computer, click Properties, and navigate to the 1161 1161 user profiles tab (varies per version of Windows). 1162 </p></li><li ><p>1162 </p></li><li class="step" title="Step 4"><p> 1163 1163 Select the user's local profile <code class="constant">(COMPUTERNAME\username)</code>, 1164 1164 and click the <code class="literal">Copy To</code> button. 1165 </p></li><li ><p>1165 </p></li><li class="step" title="Step 5"><p> 1166 1166 In the next dialog, copy it directly to the profiles share on the 1167 1167 Samba server (in my case \\PDCname\profiles\user\<architecture>. 1168 1168 You will have had to make a connection to the share as that 1169 1169 user (e.g., Windows Explorer type \\PDCname\profiles\username). 1170 </p></li><li ><p>1170 </p></li><li class="step" title="Step 6"><p> 1171 1171 When the copy is complete (it can take a while) log out, and log back in 1172 1172 as the user. All of his or her settings and all contents of My Documents, 1173 1173 Favorites, and the registry should have been copied successfully. 1174 </p></li><li ><p>1174 </p></li><li class="step" title="Step 7"><p> 1175 1175 If it doesn't look right (the dead giveaway is the desktop background), 1176 1176 shut down the computer without logging out (power cycle) and try logging … … 1179 1179 </p></li></ol></div><p> 1180 1180 Words to the Wise: 1181 </p><div class="itemizedlist"><ul type="disc"><li><p>1181 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> 1182 1182 If the user was anything other than a standard user on his or her system 1183 1183 before, you will save yourself some headaches by giving him or her identical … … 1187 1187 before logging on as that user for the first time. Otherwise the user will 1188 1188 have trouble with permissions on his or her registry keys. 1189 </p></li><li ><p>1189 </p></li><li class="listitem"><p> 1190 1190 If any application was installed for the user only, rather than for 1191 1191 the entire system, it will probably not work without being reinstalled.
Note:
See TracChangeset
for help on using the changeset viewer.
