PDC NT4 esistente: BET
BDC Samba3 : wowbagger
Vserver campione
: wikkit
campione:
apt-get install rsync vserver-copy wikkit wowbagger cd /vserver/wowbagger vi etc/hostname vi etc/mailname vi etc/ssmtp/ssmtp.conf vi etc/network/interfacesMigrazione filesystem dal server vecchio a quello nuovo: da server fisico (serve capability mount)
mkdir /nt vi /etc/fstab /dev/sda3 /vservers/wikkit/nt xfs defaults 0 0 /dev/sda3 /nt xfs defaults 0 0 mount -a
for i in NETLOGON ADMIN$ REPL$ ADM IPC$ apps_nt utility Users dati ricerca profili presidenza$ dottorandi home do mount -t smbfs -o username=administrator //bet/$i /mnt mkdir /nt/$i cd /mnt tar pcvf - . | (cd /nt/$i ; tar pxf - ) 2> /dev/null cd .. umount /mnt doneConfigurazione
/etc/samba/smb.conf:
vi etc/samba/smb.conf
[global]
workgroup = ASID
netbios name = wowbagger
server string = %h server (Samba %v)
log file = /var/log/samba/log.%m
max log size = 1000
log level = 2
security = domain
encrypt passwords = true
update encrypted = Yes
passdb backend = tdbsam:/etc/samba/private/passdb.tdb
guest account = nobody
auth methods = guest sam
# password server = bet
# password server = dalet
wins support = yes
remote announce = 147.162.35.255
remote browse sync = 147.162.35.255
hosts allow = 147.162.35.0/255.255.255.0
hosts deny = all
#winbind separator = +
#idmap uid = 10000-20000
#winbind gid = 10000-20000
#winbind enum users = yes
#winbind enum groups = yes
domain master = no
local master = no
preferred master = auto
logon path = \\%L\profile\%u
logon drive = h:
# domain logons = yes
[homes]
path = /nt/home/%U
comment = Home Directories
writable = yes
browseable = yes
create mask = 0700
directory mask = 0700
[profile]
path = /nt/profili/%U
comment = profile dir
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
browseable = no
write list = ntadmin
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Aggiunta dei gruppi necessari
for i in didattica dottorandi master print printtesi ricerca staff temptesi tesi do addgroup $i doneRaggiungere il dominio ASID:
net rpc join -S BET -w ASID -U administratorMappatura gruppi NT sui gruppi Linux esistenti
net groupmap modify ntgroup="Account Operators" unixgroup=root net groupmap modify ntgroup="Administrators" unixgroup=root net groupmap modify ntgroup="Backup Operators" unixgroup=bin net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins net groupmap modify ntgroup="Domain Guests" unixgroup=nobody net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Guests" unixgroup=nobody net groupmap modify ntgroup="Power Users" unixgroup=sys net groupmap modify ntgroup="Print Operators" unixgroup=lp net groupmap modify ntgroup="Replicators" unixgroup=daemon net groupmap modify ntgroup="System Operators" unixgroup=sys net groupmap modify ntgroup="Users" unixgroup=usersAcquisizione delgli utenti dal server PDC WinNT
net rpc vampire -S bet -U administratorInstallazione winbind (opzionale) per Single sign-on su dominio NT anche per utenti linux
apt-get instal winbind vi /etc/nsswitch.conf passwd: files winbind group: files winbind shadow: files vi /etc/samba/smb.conf winbind separator = + idmap uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes vi /etc/pam.d/login auth sufficient pam_winbind.so auth sufficient pam_UNIX.so use_first_passA questo punto il BDC Samba
funziona, ma non consente il logon. Per farlo basta aggiungere
domain logons = yesal file
/etc/samba/smb.conf.
Questo permette la condivisione delle share e il logon (compresi i profili)
sul server Samba, MA interferisce col PDC, e crea problemi agli utenti.
Non e' possibile farlo 'in vivo'.
[global]
workgroup = ACHAB
netbios name = ACHAB-PDC
server string = %h server (Samba %v)
log file = /var/log/samba/log.%m
max log size = 1000
log level = 2
security = user
encrypt passwords = true
passdb backend = tdbsam
guest account = nobody
os level = 255
domain master = yes
local master = yes
preferred master = yes
wins support = yes
domain logons = yes
#NT/2000
# Anche se e' raccomandato di non mettere i profili nelle home,
# lo faccio lo stesso. In caso di problemi usare la share [profile]
#logon path = \\%L\homes\.profile
logon path = \\%L\profile\%u
logon drive = p:
#9x/ME
;logon home = \\%N\%U\profile
logon script = STARTUP.BAT
printing = cups
[profile]
path = /nt/profili/%U
comment = profile dir
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[homes]
path = /nt/home/%U
comment = Home Directories
browseable = yes
writable = yes
create mask = 0700
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
browseable = no
write list = ntadmin
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Per aggiungere automaticamente i client, senza necessita' di creare l'account macchina a mano.
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %uPer controllare:
smbclient -U% -L 127.0.0.1 smbstatus
smbpasswddeve essere presente una entry DNS per il nome NETBIOS, se specificato. useradd mmzz net user add mmzz smbpasswd mmzz mkdir /home/mmzz chown mmzz /home/mmzz Creare il profilo di default nella share [netlogon]: verra' usato se sul client non vi sono profili "Defult User"useradd -g macchine -d /dev/null -c "inst1" -s /bin/false inst1$ passwd -l inst1$ smbpasswd -a -m inst1 useradd administrator passwd administrator smbpasswd -a administrator
mkdir /var/lib/samba/netlogon/"Default User"Trust relationship Aggiungere ACHAB su BET come TRUSTING domain
net rpc trustdom establish asid
smbpasswd -a -i ASID New SMB password: Retype new SMB password:aggiungere ACHAB su BET come TRUSTED domain. NOTA: controllare VFS module fake_permissions per bloccare la share Profile.
apt-get install cupsys cupsys-client cupsys-driver-gimpprint cupsomatic-ppd foomatic-db apt-get install lynx lynx http://localhost:631Qualche squallido imbroglietto... Copiamo i driver di Windows, per le prove.
cp -R print\$/WIN40/ /usr/share/cups/drivers/ cp -R /nt/print\$/* /var/lib/samba/printers
groupadd nobody ntadmins net groupmap modify ntgroup="Account Operators" unixgroup=root net groupmap modify ntgroup="Administrators" unixgroup=root net groupmap modify ntgroup="Backup Operators" unixgroup=bin net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins net groupmap modify ntgroup="Domain Guests" unixgroup=nobody net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Guests" unixgroup=nobody net groupmap modify ntgroup="Power Users" unixgroup=sys net groupmap modify ntgroup="Print Operators" unixgroup=lp net groupmap modify ntgroup="Replicators" unixgroup=daemon net groupmap modify ntgroup="System Operators" unixgroup=sys net groupmap modify ntgroup="Users" unixgroup=users
Creazione del Distributed File System: in questo modo se wikkit cade, wowbagger dovrebbe prenderne il posto. mkdir /nt/dfsroot cd /nt/dfsroot ln -s msdfs:wikkit\\dati,wowbagger\\dati dati #ln -s msdfs:wikkit\\homes,wowbagger\\homes homes ln -s msdfs:wikkit\\apps,wowbagger\\apps apps ln -s msdfs:wikkit\\tmp,wowbagger\\tmp tmpAggiungere in
/etc/samba/smb.conf
host msdfs = yes
[rete]
path = /nt/dfsroot
msdfs root= yes
net rpc user e pdbedit
useradd mmzz pdbedit -a -u mmzz -f "Alberto Cammozzo" new password: retype new password: pdbedit -L -u mmzz -vPer cancellare l'utente mmzz
pdbedit -x -u mmzzPer inserire l'account macchina Pc001
useradd pc001$ pdbedit -a -m -u pc001Per elencare tutti gli utenti (inclusi account macchina)
pdbedit -L pdbedit -L -v