[Samba] Samba 3 & Windows Vista Guide
Just wanted to let everyone know that I put together a guide covering Windows Vista clients within Samba 3 Domains. I still have a few kinks to work out with Roaming profiles, but mostly the guide is somewhat complete. The majority of the guide covers how I had to work around Vista's lack of support of System Policies. Hopefully it helps people confidently deploy Vista within Samba Domains. The article is here: http://www.pcc-services.com/samba/samba-vista.html If anyone has the time or need, feel free to upload it to the Samba Wiki so others can edit / rewrite it to their hearts content :-) Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Yet another Samba How-to
Hi all, Just wanted to let you guys know that I put together a "High Level" Samba How-to that I believe is very informative for "Samba Beginners". I wrote it using Novell's Suse Linux Enterprise Server as part of a book I promised a few clients that I contract for - although I did write it in such a way that it can be used for virtually any GNU/Linux Distribution. I wrote this "on my own time" and I am the sole copyright holder - if the Samba Developers want me to either post it as-is on the Samba Wiki or edit out the SLES parts and post it on the Samba Wiki I would be happy to (when I get the time of course :-) You can access the how-to at: http://www.pcc-services.com/sles/samba.html Anyway, feedback is always welcome. Mike Petersen [EMAIL PROTECTED] [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Some Vista Info reguarding Profiles
Hi All, I just started really looking into deploying Vista in a Domain Environment and here is some info I gathered so far: With Vista, Microsoft Updated their "profiles" to version 2, thus Vista profiles will not co-exist with previous Windows profiles. To alleviate the need to specify a different profile for Vista, Microsoft decided to automatically add a ".V2" to the roaming profile name to ensure it uses a different one than previous versions of Windows. So, if you specify a "logon path = \\server\profiles\%U" the Vista profile will automatically be \\server\profiles\username.V2 and should work as expected. However, in my testing so far, if you delete the user's profile on the server, the workstation will give the "unable to locate the user profile" error. I have yet to figure this out, so for now do not delete a User's Vista profile on the Server. Also note that I have only used the %U wildcard on the "logon path =" directive, I noticed that some actually use that on the profile share itself ...from another email (Jerry Carter) [profiles] preexec = /etc/samba/scripts/create_profile %U %a path = /data/smb/c/profiles/%U/%a comment = Roaming user profile storage create mask = 0600 directory mask = 0700 profile acls = yes [profiles.V2] copy = profiles browseable = no So, I assume that if you use the %U wildcard on the profile share, ensure that you create the profiles.V2 share (and ensure that you differentiate the profiles by Architecture with %a otherwise Vista will not load the profile). Note: if anyone uses a "create_profile" script I would like to take a look at it and see if that would be a better way to implement roaming profiles. Anyway, I read the "Managing Roaming User Data Deployment Guide" for Vista and it looks like the major changes to the profiles are that they added quite a few folders, and moved the "Application Data" to "AppData" which now includes a "Local" directory (they got rid of "Local Settings") and a "Roaming" directory. The "Roaming" directory also includes quite a few directories that were normally within the root of the profile, such as "Cookies", "Nethood", "Printhood", "Recent", "Sendto", "Start Menu" and "Templates". These changes may cause havoc on Folder Redirection. Their guide explains how to do Folder Redirection on certain directories and it is read like you have to jump through hoops. Also of note is that what if you try to redirect the old "Application Data" directory (which now is "Roaming") since the bulk of the profile size is that directory. The roaming directory now includes folders that should not be redirected (such as Cookies which causes an error on logout). I may setup a Win2k3 server just so I can witness firsthand how to manage Folder Redirection with Vista. One thing to definitely note: If you want a "Network Default Profile" for Vista, copy a "Vista Profile" into the netlogon Directory and name it "Default User.V2" - Vista should use that profile instead of the local Default User profile. Once I do further testing I will add everything to the Samba Wiki. BTW: Does anyone know how to force Vista to utilize a System Policy (NTConfig.POL) from the netlogon share ?? Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Notes when changing network IP Addresses
I struggled for this for a few hours, so in case anyone else has this problem in the future: I just switched over a network from public IP addresses to a private subnet (10.100.X.X). After which and I started having problems with our NT Workstations accessing the Backup Domain Controller. So, I looked at the config for our BDC and everything looked fine, except whenever I tried to use any net rpc commands I would always get the "Unable to find a suitable server" error (couldn't rejoin the domain, etc). Upon further investigation I also got those errors on the Primary Domain Controller !?! All the while, all of our Win2K and WinXP clients worked perfectly. So, knowing that when working with a mixed winnt/win2k/winxp network that the WINS Server had to be specified in a win2k server/clients for any winnt clients to access them, I re-read the Network Browsing Chapter of the Samba How-to Collection. It turns out that the WINS Database on the PDC still had the old IP Addresses of the PDC and BDC. So, I stopped the nmb service on the PDC and deleted the wins database and restarted nmb - everything once again started working as it should. Hope this helps a future problem for someone, Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating NTConfig.POL
On Wed, 2007-04-04 at 09:58 -0500, Adam Williams wrote: > I have an NTConfig.POL I created from poledit with the Windows 2000 > Administrator toolkit. It contains my WSUS configuration, and > NTConfig.POL is placed in my [netlogon] share and is being loaded fine > by the clients. Is this still the propery way to create NTConfig.POL > files, or is there a newer utility I should be using? I'm looking at > Vista and it uses .admx templates, which I guess aren't compatible with > the Windows 2000 poledit.exe I'm using. > Yes, that is the proper way to configure Policies until Samba supports GPOs. This summer I will probably create policy templates for Vista to be used with the Policy Editor (they will be in .adm format). Currently I have a few custom templates for the Policy Editor available at: http://www.pcc-services.com/custom_poledit.html I am in the process of updating them to include IE7 policies (among other policies). If you are in need of any policy that is not in these templates, please let me know so I can add them as I update the templates. I have a working IE7 template at: http://files.pcc-services.com/files/samba/ I have run into a few snags that look like they are simply bugs with IE7 and am trying to work with Microsoft to fix them (imagine that), although I don't know if they will be fixed - I think I can create work arounds that should be easy to implement if they aren't fixed. Anyway, if you need any policies you can email me directly - as I want to be finished with a new custom_policy template sometime this month. Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Beta IE7 Policy Template
Hi all, Just finished all of the "annoyance" issues with IE7 and started putting together an IE7 policy template for System Policy Editor. This is just a "beta" release I guess. Get it Here: http://files.pcc-services.com/files/samba/ie7beta1.adm Here is what I included so far: - Always Show Menu bar - Set Menubar to Top Position These two basically make IE7 look more like IE6 - most users will probably beg you to set these. - Set Google as Default Search Can't stand Live Search, this will make Google the default search for the Search Bar - Disable First Run Wizard This one will disable the stupid wizard that EVERY user normally has to go through - Disable Phishing Filter This one disables the Phishing junk altogether - I could add more options to this one, but I think the Phishing filter for IE7 is such a privacy concern that I decided just to disable it. (When enabled every site you go to is transmitted back to Microsoft) - Disable Language Bar When you install IE7 the language bar automatically gets added to the taskbar, this will allow you to turn it off completely (the language bar is also automatically added if you install Office 2003 and above). What needs to be done yet: - I will comment these policies once completed - Setting the default Home Page still does not work The IE6 Policy will not work with IE7, it just goes to some Microsoft Site, still trying to figure this out. - Setting Security Issues I will add policies to disable access to certain "Internet Options" tabs, although I probably won't waste time in going into disabling certain preferences (just disable the whole tab). I am probably going to be gone this weekend, but if you want anything else added to this policy please reply to the list or email me directly. Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updating System Policy Templates / ie7 adm found
On Fri, 2007-03-23 at 02:37 +0100, Robert Schetterer wrote: > Hi Mike, the main question is > how to server the new admx format with a recent samba pdc ( my short > overflow seems that they are stored in a different place, i maybe fail > here), also > i think if you wanna install a mixed setup with winxp and vista > which isnt recommended anyway you have deploy both adms and admxs > configured in the same way, as the complexity with configurations > possible in policies this doesnt seem very easy done. > So anyway the possibility to serve admx (or equal)should be included > in samba 4 as it should work as active dir controller. > So thats the question to the samba gurus. > Maybe at interim reg patches ( or extracted from adms/x) will do the > job, but i think > they have to be different in xp and vista, also the admx migrator should > help. The question right now only becomes "Can Vista read and implement policies from the NTConfig.POL file within the Netlogon share ?". If it can I can create all of the policies anyone would need for Vista, if it will only read Active Directory Policies then we will have to wait until samba implements Group Policy Objects. The file format of adm and admx format doesn't make a difference in this case as you could not load an Active Directory Group Policy ADM file into the System Policy Editor anyway. Thus I created my own templates for Windows 2000 and XP (along with ones specifically for NT4). I personally am not looking forward to Samba implementing Group Policies because No One documents their changes to their networks and finding a stupid policy in a whole Active Directory tree is a royal pain. I really prefer the way of including all the policies in a single file (easy to locate, and someone has to be somewhat knowledgeable to implement policies). > As i understood the format change was made to near the admx programming > language to other programming languages and simplify writing of it. > in my eyes it just another example that windows version are not really > compatible and shot users to upgrade their whole network . > It dosnt make me wonder that m$ dont want you to create adms, > in my eyes the dont wanna people doing free unlicend stuff > anymore, so 2 days ago the pressed some windows friendly sites to get > off their offline update packs for xp from the web. Yeah, don't really know why Microsoft is going this direction. > In the ie7.adm from gruppenrichtlinien.de should be allready some > specials in, like configure search engine ( this what i read in parts > there ) > Sorry i havent a good english site for you. > But i rememeber there where a few unfree tools creating adms, maybe they > upgraded to admx edit I couldn't read that particular site, but it didn't look to give a valid adm file anyway. BTW: I use notepad2 to create the adm files (Free in every sense of the word :-) Thanks again for the info, Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updating System Policy Templates / ie7 adm found
Thanks for all of the links, I can't read German but I did manage to get some info from them. Also thanks for the link to the article on the new admx format - I don't know why MS is changing everything to something x (docx, xlsx and now admx) - I preferred the old format anyway, the Microsoft Engineers just made it extremely confusing reading their policy templates. Which turned out to be just fine for me because unfortunately I cannot base any of my policy template work off of any current Microsoft Templates - I contacted them about it 2 years ago, before I started working on my Custom Policies (just to be sure it was alright) and at first they were OK about it, but after a while I was contacted again to not base any work off of any policies they created (Go figure). So when I created my custom policy templates last time I simply searched the web for any registry settings that people were using to adjust Windows behavior, then implemented those as a policy. For the ones I didn't find I simply ran an Un-installer program to track registry changes to the system as I adjusted settings. This is what I will probably have to do with the IE7 policies since there are very few references to registry settings regarding Internet Explorer 7 yet. Also, for the IE7 policies I am going to try to start doing those at the beginning of next month, the Vista policies will probably have to wait a little longer (especially since no one seems to want to deploy Vista anyway). So if you want any specific policy for IE 7 just let me know and I will try to implement it. I will also try to keep an eye on the mail list. Thanks again, Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Updating System Policy Templates
Hi all, I am going to be in the process of updating my custom system policy templates (probably within a month or two) and I am asking for what policies anyone is in need of to help them deploy samba as a domain controller. Currently I basically have a single template.adm file, a few people have asked me to separate them into a few different files that would serve an overall single purpose - I guess like having a "folder_redirection.adm" file, a "security.adm" file, etc. Any ideas on this ?? I am definitely going to create policies for IE7 - I am planning on creating policies to make it look similar to IE6 instead of the horrible interface it has now. I am also going to create a policy that will allow it to use Google as the default search engine, and I will somehow try to figure out how to enforce the Home Page to a specific site (currently the policy is apparently different than IE6 as it currently doesn't work). Is there anything else that needs to be done for Internet Explorer 7 ? Does anyone need Windows Vista Policies ? Does anyone know if Vista will accept system policies from a Domain Controller ? Does anyone want to donate a copy of Vista to help create these policies (I haven't seen Vista, don't want it, definitely won't pay for it - but I will take the time to create policies for it if it is necessary and if Vista will allow System Policies). In lieu of anyone donating a copy, does anyone know if there is a trial version available that I could use to create the policies ? Finally, I am thinking of creating a few NTConfig.POL files so people can download so they don't have to create their own files. I would just adjust the Default User and Default Computer items and would probably just stick with what people would probably want on their network. This would probably alleviate some of the emails I receive (some people just don't comprehend the whole policy thing - I have heard it all). Does anyone think this is a good or bad idea ? Thanks all - feel free to email me directly on these questions. Mike Petersen [EMAIL PROTECTED] http://www.pcc-services.com/custom_poledit.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New Custom SPE Template for XP boxes
Hello all, I FINALLY created a custom "System Policy Editor" Template so I can control Windows XP machines using NT4's System Policy Editor. For anyone interested I made it available on my old business's website at: http://www.pcc-services.com/custom_poledit.html If you find any errors, or want me to add any policies let me know. (I think these are almost as good as AD policies.) Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Creating Custom System Policy Templates
Thanks for the link, it will save me about a week worth of work ! Robert Schetterer wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > get here for up2date adms > http://www.gruppenrichtlinien.de/Info/Downloads.htm > sorry german > Regards > > Mike Petersen schrieb: > | Has anyone looked into creating custom templates for Microsoft's System > | Policy editor ? I like the idea of managing workstations through the > | NTConfig.POL file, but the included templates are quite a bit outdated. > | Does anyone know if it would be worth-while to take the time and create > | an updated Template to add policies to manage newer features of Windows > | 2000/XP through the NTConfig.POL file, or if it is even possible ? > | > | Currently, if I have to adjust the machine's registries, I just push > it out > | with a Kixtart Script, which means that if I want to adjust any "User" > | registry settings, the user has to be logged in when I run the script. > | I think the System Policy Editor would be a better way to go, as long as > | you keep in mind the "tatoo" effect on the registry. > | > | Does anyone have any info on whether or not this is feasible, or if > | samba will soon support Group Policy Objects (so I won't need to do > | this)? > Or if > | someone already has accomplished this or has any other comments. > | > | Mike Petersen > | [EMAIL PROTECTED] > | > | References: > | Creating Custom Templates for SPE - > | http://www.oreilly.com/catalog/winsyspe/chapter/ch08.html > | > | Microsofts Group Policy Reference Spreadsheet - > | > http://download.microsoft.com/download/a/a/3/aa32239c-3a23-46ef-ba8b-da786e167e5 > | e/PolicySettings.xls > | > | Samba Rocks !! > | > > - -- > Mit freundlichen Gruessen > Best Regards > Robert Schetterer > > robert_at_schetterer.org > Munich / Bavaria / Germany > https://www.schetterer.org > > \** > \* gnupgp > \* public key: > \* https://www.schetterer.org/public.key > \** > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.5 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFCMU0c+Jw+56iSjEkRAnsRAKDF5HXR8ibGED0/fah43n7oJh5hzACgtPrD > 32IDEzvshOtfP1sFHRsr0OY= > =XH4X > -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Creating Custom System Policy Templates
Has anyone looked into creating custom templates for Microsoft's System Policy editor ? I like the idea of managing workstations through the NTConfig.POL file, but the included templates are quite a bit outdated. Does anyone know if it would be worth-while to take the time and create an updated Template to add policies to manage newer features of Windows 2000/XP through the NTConfig.POL file, or if it is even possible ? Currently, if I have to adjust the machine's registries, I just push it out with a Kixtart Script, which means that if I want to adjust any "User" registry settings, the user has to be logged in when I run the script. I think the System Policy Editor would be a better way to go, as long as you keep in mind the "tatoo" effect on the registry. Does anyone have any info on whether or not this is feasible, or if samba will soon support Group Policy Objects (so I won't need to do this)? Or if someone already has accomplished this or has any other comments. Mike Petersen [EMAIL PROTECTED] References: Creating Custom Templates for SPE - http://www.oreilly.com/catalog/winsyspe/chapter/ch08.html Microsofts Group Policy Reference Spreadsheet - http://download.microsoft.com/download/a/a/3/aa32239c-3a23-46ef-ba8b-da786e167e5 e/PolicySettings.xls Samba Rocks !! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba