Categories: CategoryNetwork


config

See example smb.conf in Howto. Server must be: * domain master * must support domain logons [netlogon]

Creating Machine trust accounts

This is need to authenticate client machines. These accounts can be created automatically (recommended). We need the "add user" parameter.

[global]
   # <...remainder of parameters...>
   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
   # or on debian
   add user script = /usr/sbin/adduser --system --home /dev/null --no-create-home --force-badname %u

When adding a client you need a samba-account with root-access rights.

Some special variables:

%u         User Name
%L         NetBIOS name of samba server
%N         NIS server name
%h         Internet host name

You need to create the directories

/home/samba/netlogon
/home/samba/ntprofiles

Samba users need write access to ntprofiles and read-access to netlogon. Create a group samba with necessary permissions and add all samba-users to this group.

logon script

Here is an example logon script logon.cmd:

REM logon script for windows clients
REM

net time \\samba /SET /YES

net use P: \\samba\public /PERSISTENT:NO