Converting a Windoze domain to SMB

Cyber Source peter at thecybersource.com
Fri Sep 30 21:54:05 EDT 2005


This reminds me, turn OFF the digital encryption require settings on the 
xp workstation(s)

Richard Hubbard wrote:

>A couple of points. 
>
>If their windoze domain _is_ Active directory, you are
>going to have to back out the workstations from the
>domain first.  
>
>Then, make your samba box a PDC.  Essentially you will
>be making a Windows NT 4 domain. (Before you choke on
>your coffee, the basics of the nt domains were fine
>for small networks.  All they needed was reliable
>servers.  I think tux can provide that part!)
>
>There are several places where you can find info on
>making a pdc out of samba, 
>http://daniel.fiser.cz/?go=samba
>a google search on "Schroder samba PDC" or even
>easier, get her book _Linux Cookbook_ by Carla
>Schroder (O'Reilly) has a chapter on it.
>
>Set up your smb.conf file. One note, a lot of
>documentation tells you not to encrypt passwords. 
>This is real old stuff.  If you are dealing with
>anything newer than windows 95, then you can go with
>encrypted passwords.
>
>Set up shares [Netlogon] is where you go if you want
>to set up login scripts for the windoze boxen. 
>[profiles] is for roaming profiles, a nice touch
>("Gee, I thought only M$ did roaming profiles!") and
>obviously the home directories (already there in a
>standard install smb.conf file)
>
>Add the users to linux, then add them to samba with 
>smbpasswd -a <linuxusername>
>
>smbpasswd will prompt for a samba password, which may
>or may not be sync'ed with the linux password (your
>choice in smb.conf)
>
>The important step is to now add MACHINE accounts to
>samba (some sources call these trust accounts). 
>Windows XP will not allow any other machine to
>authenticate for it unless it 'trusts' the server. 
>you  do this by adding the machine accounts. (Schroder
>has the command line for this, I've forgotton how to
>do it. I think the PDC mini-howto (link above) also
>has it)
>
>Once the machines are there, there are a last couple
>of quirks with your windows xp configuration. This
>link seems pretty complete:
>http://www.ccs.uky.edu/docs/samba.htm
>
>once you are there, you are done.  It seems long, but
>because most of this stuff takes the same amount of
>time in Windows and in Samba, you should be up and
>running in no time.
>
>Since Samba will be a pdc, you will not be using
>kerberos for authentication, rather you will be using
>NTLM authentication (that was that 'encrypted
>passwords' stuff above). So you may need other options
>if these machines will be exposed to the internet.
>Hope this helps
>Cheers!
>Rich
> 
>
>--- vlok stone <vlokstone at yahoo.com> wrote:
>
>  
>
>>Bob, I have Samb-3 by example in pdf format if you'd
>>like it. It has 
>>many scenerios that you may find useful. So if you
>>or
>>anyone else
>>wants the file let me know and I'll email to you
>>directly.
>>
>>
>>--- Cyber Source <peter at thecybersource.com> wrote:
>>
>>    
>>
>>>I can let you have a smb file that's already setup
>>>for PDC and why use 
>>>vexira? Clam can scan those shares just fine and
>>>it's free.
>>>
>>>Robert Meyer wrote:
>>>
>>>      
>>>
>>>>I may have to fix my landlord's network, soon. 
>>>>        
>>>>
>>>They have a small network of XP
>>>      
>>>
>>>>Pro boxen (can't change those due to apps) but
>>>>        
>>>>
>>>their server appears to have
>>>      
>>>
>>>>been hijacked by spambots.
>>>>
>>>>I may want to convert the $6000 server to Linux
>>>>        
>>>>
>>to
>>    
>>
>>>solve the problem.  As far
>>>      
>>>
>>>>as I can tell, it currently is running Email,
>>>>        
>>>>
>>>Domain control and file serving. 
>>>      
>>>
>>>>I haven't done any analysis on their apps, yet.
>>>>
>>>>Before I get into this, what does it take to
>>>>        
>>>>
>>>convert a bunch of PCs from a
>>>      
>>>
>>>>Windows domain (quite possibly using active
>>>>        
>>>>
>>>directory) to a SAMBA environment? 
>>>      
>>>
>>>>I've worked a lot with SAMBA but never doing PDC
>>>>        
>>>>
>>>stuff.  Like I said, I can
>>>      
>>>
>>>>only convert the server, not the PCs.  I will
>>>>        
>>>>
>>>probably have to set up file
>>>      
>>>
>>>>shares but I can get Command Central Vexira to
>>>>        
>>>>
>>>handle scanning for viruses on
>>>      
>>>
>>>>the shares.  I may also have to convert them from
>>>>        
>>>>
>>>using Exchange to IMAP but
>>>      
>>>
>>>>that's not terribly hard.  I've done Email
>>>>        
>>>>
>>>conversions, before.
>>>      
>>>
>>>>Cheers!
>>>>
>>>>Bob
>>>>
>>>>
>>>>		
>>>>__________________________________ 
>>>>Yahoo! Mail - PC Magazine Editors' Choice 2005 
>>>>http://mail.yahoo.com
>>>>
>>>> 
>>>>
>>>>        
>>>>
>>First they ignore you, then they laugh at you, then
>>they fight you, then you win
>>- Mohandas Gandhi
>>
>>
>>		
>>__________________________________ 
>>Yahoo! Mail - PC Magazine Editors' Choice 2005 
>>http://mail.yahoo.com
>>
>>    
>>
>
>
>
>		
>__________________________________ 
>Yahoo! Mail - PC Magazine Editors' Choice 2005 
>http://mail.yahoo.com
>
>  
>



More information about the nflug mailing list