[plug] Samba as NT PDC

Tue May 8 22:45:07 WST 2001

Well, I'm using Samba 2.2 on a RH 6.2 box and it serves to mostly Win98
clients and a couple of Win95 clients.

This is the config for the machine I run:

#======================= Global Settings
=====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = GME

# server string is the equivalent of the NT Description field
   server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 192.168.0. 192.168.1. 127.

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = no

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
   interfaces = 192.168.0.254/24

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = yes

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
   domain logons = yes

   logon script = logon.bat

   dns proxy = no

# Network time server
time server = yes

#============================ Share Definitions
==============================
[homes]
   comment = Home Directories
   path = /home
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no

[public]
   comment = Public stuff
   path = /home/samba
   guest ok = no
   writable = yes
   printable = no
   write list = @staff

******* End of config file.

I'd make a backup of the default config file before copying and pasting
someone else's.  Because it has some useful info in it if you need to setup
other things other than what I use above.  Basically I've got it setup to
share out some directories to certain users (I've editted out some of the
shares) and have a public share that people can use to share files and which
anti-virus software can auto-run from.  Its also got a logon script which
auto mount the drives, set the time to the logon server's clock and also
autoruns virus updates in the background.  But be very careful with carriage
returns between Linux and Windows, it can break things, in particular logon
scripts running from the netlogon share.  Also that config is setup to use
plain text passwords, by default, Windows uses encrypted passwords.  So to
enabled plain text passwords in Win9x, do this:

Go into the registry entry and you have to create a new DWORD value in:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP

You name the new DWORD value "EnablePlainTextPassword" and give it the value
of "1".

Once you've done it on one computer, you can simply export that registry
item and stick it on a disk and import it into all of the workstations.  Oh
and of course Windows will require a restart (just for something different)
to read the registry changes.

You can just copy this into a file with the extension *.reg and you can
import it into the registry:

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP]

"EnablePlainTextPassword"=dword:00000001

I've tried using encrypted passwords before, but it didn't seem to work
properly at all.

Hope that helps.

Regards,

Ben Jensz

----- Original Message -----
From: Brian Tombleson <brian at paradigmit.com.au>
To: <plug at plug.linux.org.au>
Sent: Tuesday, May 08, 2001 10:31 PM
Subject: [plug] Samba as NT PDC

> Hello all Samba Gurus :)
>
> I'm wondering if anyone can offer the commercial service of replacing an
NT4
> PDC with an appropriate Linux/Samba (or alternative) back-end ?
>
> I want to get someone's server off NT but not let the users (Win95
> workstation) see any difference.
>
> I know I could do this as well as can be done, but it would take me too
long
> as I'd have to be doing a lot of learning, but I simply don't want it to
> take that long.  Any takers?
>
> - Brian.
>
>