Re: lug-bg: SAMBA as Primary Domain Controler ????
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 E biva biva da ne se chete i razbira.. no tova e veche fenomen! Pisaneto po netlogon i profile E SLUZHEBNO i tam ne mozhesh da si slagash filecheta i da si prehvyrliash kakvoto i da e. Tezi raboti traibva da sa ti iasni predi da napravish kakvoto i da e! 1. Profiles sluzhi za syhranenie na localnite profiles na daden potrebitel vyrhu servera. Primerno tam mozhe da se prehvyrli sydyrzhanieto na C:\Documents and Settings\User taka, che potrebitelia ot koiato i stancia v mrezhata da vleze v domaina da ima edin i syshti nastroiki na decktop, registry i t.n.. Ukazvaneto na profiles zapochva oshte v sekciata global na smb.conf: [global] ... netbios name = Samba ... ... ;user profiles and home directory logon home = \\%L\%U\.profile logon drive = H: logon path = \\%L\profiles\%U ... i zavyrshva s sekciata [profiles]: [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 Kakva e celta na cialata tazi shema opisana v smb.conf. Neka az sym potrebitel vlk i imam account v PDC. Pyrviat pyt, kogato se logna v systemata shte byde syzdadena directoria /home/samba/profiles/vlk i v neia shte byde zapisan moiat profile. Kogato sledvashtiat pyt az se logna, moiat profile shte byde izteglen ot \\Samba\profiles\vlk Samba avtomatichno zamestva %L s netbios imeto na PDC, a %U s tekushtoto potrebitelsko ime. Poradi syobrazhenia za sigurnost profiles NE sa chitaemi za vsichki. Vseki profile, koito byde syzdaden se pravi sobstvenost na unix potrebitelia, koito se udostveriava prez Samba, na failovete se izvyrshva chmod 0600, a na directoriite 0700. VNIMANIE! Logon path e specifichen samo za WindowsNT/2000. Za Windows 9x e bezpolezen. 2. Netlogon sluzhi za administrativni zadachi. V nego se postaviat scriptove za izpylnenie v globalen mashtab za mashinite v domaina. Vizh Google samba scripting za detaili (niama i tova da opisvam). Mozhe da se praviat backupi, antivurusni update-i i t.n... Opisanieto na netlogon zapochva v [global]: [global] ... logon script = netlogon.bat ... i zavyrshva v sekciata [netlogon] [netlogon] comment = Network Logon Service path = /home/netlogon read only = yes browseable = no write list = vlk Tuk naprimer e kazano, che potrebiteliat vlk mozhe da postavia scriptove. Traibva da se vnimava koi ima pravo da pishe vyrhu tazi directoria. Vseki postaven tuk izpylnim file, sled login ot strana na user se izteglia i izpylniava na localnata za usera mashina. Ima ciala pleiada virusi (Klez e syshto takyv), koito se prikachat kym Netlogon, ne samo pod Windows PDC, no i pri Samba PDC. Malko za UNIX-side syzdavaneto na directorii za rerursite na Samba. Za Profiles: [EMAIL PROTECTED] vlk]# mkdir /home/samba /home/samba/profiles [EMAIL PROTECTED] vlk]# chmod 1757 /home/samba/profiles Za Netlogon [EMAIL PROTECTED] vlk]# mkdir -m 0775 /home/netlogon [EMAIL PROTECTED] vlk]# chown root.admins /home/netlogon 3. HOMES S definiciata homes se zadava pravo na VSEKI potrebitel da vizhda asociiranata mu v /etc/passwd directoria. Samba ne mozhe (pone na tozi etap) da raboti dobre s virtualni useri i za celta mapva unix potrebitel (ili celi unix grupi, kakto e v Samba 3) kym Windows potrebiteli (ili NT style grupa). [homes] comment = Home Directories browseable = no writeable = yes Taka vseki potrebitel shte mozhe da vizhda svoiata unix directoria pri uspechna authentikacia ot strana na Samba. Pri tova shte vizhda samo svoiata domashna directoria, no ne i chuzhdite, kakto glasi reda browseable = no. Ako se napravi browseable = yes, togava shte se vizhdat vsichki domashni directorii. I t.n... i t.n... Mislete kato pishete! Mislete i kakvo pravite. Shtoto s tozi mode 777 na netlogon share sistemata mozhe da se nareche HackerCity. Vesselin Kolev On Tuesday 11 Mar 2003 09:46, Krasimir Dimitrov wrote: interesnoto e 4e ne dava syob6tenie za gre6ka toes vsi4ko po logvaneto e OK no sled kato se logne potrebitelia go izhvyrlia. ima samo 2 sharing-a i te sa netlogin i profile v momenta te sa sobstvenost na user: nobody group: nogroup s prava 777 po niski privilegii prosto ne znam kak da zadam niakoi da ima idea ??? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+baHQ+48lZPXaa+MRAmc3AKC/KXb1WczJAqeH8T0iitQ5c/J/ngCg0jC3 zAIfr4G0UkU1LfV0R69GXow= =OR+h -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: SAMBA as Primary Domain Controler ????
interesnoto e 4e ne dava syob6tenie za gre6ka toes vsi4ko po logvaneto e OK no sled kato se logne potrebitelia go izhvyrlia. ima samo 2 sharing-a i te sa netlogin i profile v momenta te sa sobstvenost na user: nobody group: nogroup s prava 777 po niski privilegii prosto ne znam kak da zadam niakoi da ima idea ??? -- krasimir On Fri, 7 Mar 2003, Vesselin Kolev wrote: [ The following text is in the iso-8859-1 character set. ] [ Your display is set for the CP1251 character set. ] [ Some characters may be displayed incorrectly. ] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tc:)) taka, kakto si go namislil... ne stava.. Pyrvo: Ako neshto prez samba se sherva za potrebitel, to e nuzhno da se ukazhe za koi. Tova go iziskva strogiat sintaksis na smb.conf. Pravi kolkoto se mozhe po-malko neshta po podrazbirane. Ukazvai vsichko podrobno. Eto ti edin primer na shering [vlk] comment = Vesselin Kolev - File Storage path = /home/vlk valid users = vlk guest ok = no public = no writeable = yes printable = no create mode = 0600 directory mode = 0700 Pyrvo zabelezhi ukazvaneto na user, koito mozhe da dostypva shernatata directoria. Tam mozhe da stoiat i poveche ot edin user, razdeleni s interval. Mozhe po podoben nachin da napravish share dostypen za celi grupi ot potrebiteli, kato ukazvash koi imat pravo da chetat, koi da pishat i koi izonshto mogat da vlizat v tozi share. Sled tova e nuzhno da se opraviat pravata na failovete i directoriite v unix. T.e. koi mozhe da chete i koi da pishe v edna directoria i t.n. V sluchaia vinagi imai predvid, che Samba samo mapva potrebiteli ili grupi ot UNIX, sledovatelno tam, kydeto te shte pishat i chetat shte ima syobraziavane s definiciite za distyp na failovata systema. Pozdravi Vesselin Kolev On Friday 07 Mar 2003 15:22, Krasimir Dimitrov wrote: ami imam edna ma6ina s samba koiato triabva da e Primary Domain Controler klientite polu4avat syob6tenie: The share name was not found. Be sure typed it correctly prilagam faila smb.conf klientite sa pod Win 9x v logovete niama ni6to krasimir -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+aLd4+48lZPXaa+MRAmj+AKDLRgeEy5EBjat4IsOYFYIurjszrgCfdQ4l r5LOta6Klrbc8hQzXROb+3M= =YHV3 -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
lug-bg: SAMBA as Primary Domain Controler ????
ami imam edna ma6ina s samba koiato triabva da e Primary Domain Controler klientite polu4avat syob6tenie: The share name was not found. Be sure typed it correctly prilagam faila smb.conf klientite sa pod Win 9x v logovete niama ni6to krasimir # Samba config file created using SWAT # from 194.141.24.49 (194.141.24.49) # Date: 2003/02/24 11:19:52 # Global parameters [global] netbios name = OADIS workgroup = OADIS0 os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes server string = Samba Server domain logons = yes logon path = \\%N\profiles\%u logon drive = H: # logon home = \\homeserver\%u logon home = \%L\%U\.profiles logon script = logon.cmd [netlogon] path = /usr/local/samba/lib/netlogon read only = No write list = ntadmin [profiles] path = /export/smb/ntprofile read only = no create mask = 0600 directory mask = 0700 [test] path = /tmp read only = no
Re: lug-bg: SAMBA as Primary Domain Controler ????
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tc:)) taka, kakto si go namislil... ne stava.. Pyrvo: Ako neshto prez samba se sherva za potrebitel, to e nuzhno da se ukazhe za koi. Tova go iziskva strogiat sintaksis na smb.conf. Pravi kolkoto se mozhe po-malko neshta po podrazbirane. Ukazvai vsichko podrobno. Eto ti edin primer na shering [vlk] comment = Vesselin Kolev - File Storage path = /home/vlk valid users = vlk guest ok = no public = no writeable = yes printable = no create mode = 0600 directory mode = 0700 Pyrvo zabelezhi ukazvaneto na user, koito mozhe da dostypva shernatata directoria. Tam mozhe da stoiat i poveche ot edin user, razdeleni s interval. Mozhe po podoben nachin da napravish share dostypen za celi grupi ot potrebiteli, kato ukazvash koi imat pravo da chetat, koi da pishat i koi izonshto mogat da vlizat v tozi share. Sled tova e nuzhno da se opraviat pravata na failovete i directoriite v unix. T.e. koi mozhe da chete i koi da pishe v edna directoria i t.n. V sluchaia vinagi imai predvid, che Samba samo mapva potrebiteli ili grupi ot UNIX, sledovatelno tam, kydeto te shte pishat i chetat shte ima syobraziavane s definiciite za distyp na failovata systema. Pozdravi Vesselin Kolev On Friday 07 Mar 2003 15:22, Krasimir Dimitrov wrote: ami imam edna ma6ina s samba koiato triabva da e Primary Domain Controler klientite polu4avat syob6tenie: The share name was not found. Be sure typed it correctly prilagam faila smb.conf klientite sa pod Win 9x v logovete niama ni6to krasimir -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+aLd4+48lZPXaa+MRAmj+AKDLRgeEy5EBjat4IsOYFYIurjszrgCfdQ4l r5LOta6Klrbc8hQzXROb+3M= =YHV3 -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html