smb.conf for DOMAIN LOGONS , PASSWORD CHANGES ETC

amalek_at_amalek.po
Date: 12/24/04 

Date: Fri, 24 Dec 2004 12:51:39 +0000

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm -s" to check that you have not many any basic syntactic
# errors.
#

#======================= Global Settings =======================

[global]
# domain name is CHAPTER3
workgroup = CHAPTER3

# set this server to be the domain Time Server
time server = yes

# passwd chat allows users to change their domain/samba/unix passwords
# from their windows computers. This works !
passwd chat = *New*Password* \
%n\n*Re-enter*new*password* %n\n *password*changed*

# username map creates a one-one between windows names and
# unix names. the only entry is root = Administrator
# Only need this if your unix names and windows names are different,
# which they are not and shouldnt be.
username map = /etc/samba/smbusers

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no

# We want Samba to log a minimum amount of information to syslog.
Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to
log
# through syslog you should set the following parameter to something
higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

#####################

# What naming service and in what order should we use to resolve host
names
# to IP addresses
name resolve order = wins bcast hosts

#####################################################3
# add user script delete user script etc etc
#####################################################3
#
# The following group of commands are used in conjunction
# with an existing NT domain controller PDC.
#
# We've seen that a Unix user is needed for each Windows users allowed
to log on # to the Samba server. In a small organisation, it's not a
problem to add them
# manually and to keep the synchronisation manually also.
# But in large organisations, it's sometimes not easy to perform all
these
# tasks manually, but because Samba is great it has two parameters to
# automatically add and remove Unix users.
#
# These parameters are add user script and delete user script. The
value they take # is the name of a program or a script wich takes a
username as argument
# and creates a Unix account with it. In the value you type in, don't
forget to
# use the macro %u to represent the Unix user.
#
# This leads to something like this :
#
# [global]
# add user script = /usr/sbin/useradd %u -g smbusers
# delete user script = /usr/sbin/userdel %u
#
# Here we use the standard Unix useradd and userdel command to add or
remove # the user. The flag -g is used to give the name of the primary
Unix group of
# the newly created Unix user.
#
# Samba will run the 'add user script' command when a user connect to
it,
# he's authenticated by the PDC and does not have a corresponding Unix
user
# id . The 'delete user script' command is run when a user connect to
Samba
# doesn't exist on the PDC anymore but still have a unix account.
#
# This will maintain the list of Unix users in synchronization with
the Domain user list.
#
# This apply to users which exist in the domain where Samba is located
but also to # any user defined in any domain trusted by the domain
where Samba is found
# (Of course allow trusted domains must be set on yes to be able to
create a unix # account for members of other domains.)

;add user script = /usr/sbin/useradd -m `%u`
;delete user script = /usr/sbin/userdel -r `%u`
;add group script = /usr/sbin/groupadd `%g`
;delete group script = /usr/sbin/groupdel `%g`
;add user to group script = /usr/sbin/usermod -G `%g` `%u`
;add machine script = /usr/sbin/useradd \ -s /bin/false -d /dev/null
`%u`

#######################################
# logon scripts
#######################################
# Each logon script should be stored at the base of the [netlogon]
share.
# For example, if the base of the [netlogon] share is
/export/samba/logon and the # logon script is jeff.bat, the file
should be located at
# /export/samba/logon/jeff.bat. When a user logs on to a domain that
contains a # logon script, he or she will see a small dialog that
informs them that the script is # executing, as well as any output the
script generates in an MS-DOS-like box.
#
# One warning: because these scripts are loaded by Windows and
executed on
# the Windows side, they must consist of DOS formatted
carriage-return/linefeed
# characters instead of Unix carriage returns. It's best to use a DOS-
or
# Windows-based editor to create them.
#
# Here is an example of a logon script that sets the current time to
match that of
# the Samba server and maps two network drives, h and i, to individual
shares on
# the server:
#
# Reset the current time to that shown by the server.
# We must have the "time server = yes" option in the
# smb.conf for this to work.
#
# echo Setting Current Time...
# net time \\hydra /set /yes
#
# Here we map network drives to shares on the Samba
# server
# echo Mapping Network Drives to Samba Server Hydra...
# net use h: \\hydra\data
# net use i: \\hydra\network
#
logon script = logon.bat

###################################
# roaming profiles
###################################
#
# Samba will provide roaming profiles if it is configured for domain
logons and you # provide a tree of directories pointed to by the logon
path option. This option is # # typically used with one of the user
variables, as shown in this example:
#
# [global]
# domain logons = yes
# security = user
# workgroup = SIMPLE
# os level = 34
# local master = yes
# preferred master = yes
# domain master = yes
#
# logon path = \\knoppix\profile\%U
#
# We need to create a new share to support the profiles, which is a
basic disk
# share accessible only by the Samba process' user ( root). This share
must be
# writeable, but should not be browseable. In addition, we must create
a directory
# for each user who wishes to log on (based on how we specified our
logon path
# in the example above), which is accessible only by that user. For an
added
# measure of security, we use the directory mode and create mode
options to
# keep anyone who connects to it from viewing or altering the files
created in
# those directories:
#
# [profile]
# comment = User profiles
# path = /export/samba/profile
# create mode = 0600
# directory mode = 0700
# writable = yes
# browsable = no
#
# Once a user initially logs on, the Windows client will create a
user.dat
# ntuser.dat file - depending on which operating system the client is
running. The
# client then uploads the contents of the desktop, the Start Menu, the
Network
# Neighborhood, and the programs folders in individual folders in the
directory.
# When the user subsequently logs on, those contents will be
downloaded from
# the server and activated for the client machine with which the user
is logging
# on. When he or she logs off, those contents will be uploaded back on
the server # until the next time the user connects.
#
# leaving logon path= blank effectively disables roaming profiles
# roaming profiles are disabled here
logon path =

# automatically maps the users home drive to the letter specified
# works with the [homes] section
logon drive = H:
domain logons = yes
preferred master = yes
wins support = yes

[homes]
valid users = %S
read only = no
browseable = no

[netlogon]
path=/data
writeable = no
browseable = no

[accounts]
path=/data/accounts
valid users = %G
read only = no

[finances]
path=/data/finances
valid users = %G
read only = no

Relevant Pages

  • SMB.CONF without plenken
    ... # This is the main Samba configuration file. ... # unix names. ... # add user script delete user script etc etc ... # Each logon script should be stored at the base of the share. ...
    (alt.os.linux)
  • Problem with Samba on Squeeze
    ... Samba is running but I can't connect to it, and when I do the following test ... Receiving SMB: Server stopped responding ... This will require a Unix account ...
    (Debian-User)
  • Re: Help Needed configuring Samba on Webserver
    ... > with Apache and Samba installed. ... > to be able to do is to have each student have their own directory on the ... Sounds like a good job for a script, but I think you can save yourself ... You can specify all sorts of parameters with "useradd" ...
    (Fedora)
  • connecting printers on samba in a vbs script?
    ... ' add connection to a network printer hpintel on samba ... The problem is that the printer is on samba and I am trying to connect to it ... if I were to run the script as an administrator I ... using the "runas" command to run the script as a domain user. ...
    (microsoft.public.scripting.vbscript)
  • Re: Help Sought with Samba pseudo printer for PDF...
    ... Printing seems to work ... and I'm pretty sure that I'm not asking Samba to use CUPS. ... This is to make sure that your script is really working. ... I'm not out to destroy Microsoft. ...
    (RedHat)