Converting a Windoze domain to SMB

Richard Hubbard rhubby at yahoo.com
Fri Sep 30 20:55:06 EDT 2005


A couple of points. 

If their windoze domain _is_ Active directory, you are
going to have to back out the workstations from the
domain first.  

Then, make your samba box a PDC.  Essentially you will
be making a Windows NT 4 domain. (Before you choke on
your coffee, the basics of the nt domains were fine
for small networks.  All they needed was reliable
servers.  I think tux can provide that part!)

There are several places where you can find info on
making a pdc out of samba, 
http://daniel.fiser.cz/?go=samba
a google search on "Schroder samba PDC" or even
easier, get her book _Linux Cookbook_ by Carla
Schroder (O'Reilly) has a chapter on it.

Set up your smb.conf file. One note, a lot of
documentation tells you not to encrypt passwords. 
This is real old stuff.  If you are dealing with
anything newer than windows 95, then you can go with
encrypted passwords.

Set up shares [Netlogon] is where you go if you want
to set up login scripts for the windoze boxen. 
[profiles] is for roaming profiles, a nice touch
("Gee, I thought only M$ did roaming profiles!") and
obviously the home directories (already there in a
standard install smb.conf file)

Add the users to linux, then add them to samba with 
smbpasswd -a <linuxusername>

smbpasswd will prompt for a samba password, which may
or may not be sync'ed with the linux password (your
choice in smb.conf)

The important step is to now add MACHINE accounts to
samba (some sources call these trust accounts). 
Windows XP will not allow any other machine to
authenticate for it unless it 'trusts' the server. 
you  do this by adding the machine accounts. (Schroder
has the command line for this, I've forgotton how to
do it. I think the PDC mini-howto (link above) also
has it)

Once the machines are there, there are a last couple
of quirks with your windows xp configuration. This
link seems pretty complete:
http://www.ccs.uky.edu/docs/samba.htm

once you are there, you are done.  It seems long, but
because most of this stuff takes the same amount of
time in Windows and in Samba, you should be up and
running in no time.

Since Samba will be a pdc, you will not be using
kerberos for authentication, rather you will be using
NTLM authentication (that was that 'encrypted
passwords' stuff above). So you may need other options
if these machines will be exposed to the internet.
Hope this helps
Cheers!
Rich
 

--- vlok stone <vlokstone at yahoo.com> wrote:

> Bob, I have Samb-3 by example in pdf format if you'd
> like it. It has 
> many scenerios that you may find useful. So if you
> or
> anyone else
> wants the file let me know and I'll email to you
> directly.
> 
> 
> --- Cyber Source <peter at thecybersource.com> wrote:
> 
> > I can let you have a smb file that's already setup
> > for PDC and why use 
> > vexira? Clam can scan those shares just fine and
> > it's free.
> > 
> > Robert Meyer wrote:
> > 
> > >I may have to fix my landlord's network, soon. 
> > They have a small network of XP
> > >Pro boxen (can't change those due to apps) but
> > their server appears to have
> > >been hijacked by spambots.
> > >
> > >I may want to convert the $6000 server to Linux
> to
> > solve the problem.  As far
> > >as I can tell, it currently is running Email,
> > Domain control and file serving. 
> > >I haven't done any analysis on their apps, yet.
> > >
> > >Before I get into this, what does it take to
> > convert a bunch of PCs from a
> > >Windows domain (quite possibly using active
> > directory) to a SAMBA environment? 
> > >I've worked a lot with SAMBA but never doing PDC
> > stuff.  Like I said, I can
> > >only convert the server, not the PCs.  I will
> > probably have to set up file
> > >shares but I can get Command Central Vexira to
> > handle scanning for viruses on
> > >the shares.  I may also have to convert them from
> > using Exchange to IMAP but
> > >that's not terribly hard.  I've done Email
> > conversions, before.
> > >
> > >Cheers!
> > >
> > >Bob
> > >
> > >
> > >		
> > >__________________________________ 
> > >Yahoo! Mail - PC Magazine Editors' Choice 2005 
> > >http://mail.yahoo.com
> > >
> > >  
> > >
> > 
> 
> 
> First they ignore you, then they laugh at you, then
> they fight you, then you win
> - Mohandas Gandhi
> 
> 
> 		
> __________________________________ 
> Yahoo! Mail - PC Magazine Editors' Choice 2005 
> http://mail.yahoo.com
> 



		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com



More information about the nflug mailing list