Re: [TCLUG:6082] samba 2.0.4 and user mode access control

To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:6082] samba 2.0.4 and user mode access control
From: "Troy Johnson" <troy@minco.com>
Date: Wed, 19 May 1999 09:34:34 -0500
I think these sections of this web page might apply to that version:

	http://samba.anu.edu.au/samba/docs/man/smb.conf.5.html

Sorry if this is too much or not enough detail. And sorry for being a
bastard and not sending my config files like I promised (even _I_ sent
myself a nasty note, but I guess I just become Mr. Hyde when I get
home or something). I _almost_ remembered last night, but no cigar.
Sorry,

Troy

domain logons (G) 

     If set to true, the Samba server will serve Windows 95/98 Domain
logons for the workgroup it is in. For
     more details on setting up this feature see the file DOMAINS.txt
in the Samba documentation directory
     docs/ shipped with the source code. 

     Note that Win95/98 Domain logons are NOT the same as Windows NT
Domain logons. NT Domain logons
     require a Primary Domain Controller (PDC) for the Domain. It is
intended that in a future release Samba will
     be able to provide this functionality for Windows NT clients
also. 

     Default: domain logons = no 


domain master (G) 

     Tell nmbd to enable WAN-wide browse list collation. Setting this
option causes nmbd to claim a special
     domain specific NetBIOS name that identifies it as a domain
master browser for its given workgroup. Local
     master browsers in the same workgroup on broadcast-isolated
subnets will give this nmbd their local
     browse lists, and then ask smbd for a complete copy of the
browse list for the whole wide area network.
     Browser clients will then contact their local master browser,
and will receive the domain-wide browse list,
     instead of just the list for their broadcast-isolated subnet. 

     Note that Windows NT Primary Domain Controllers expect to be
able to claim this workgroup specific
     special NetBIOS name that identifies them as domain master
browsers for that workgroup by default (i.e.
     there is no way to prevent a Windows NT PDC from attempting to
do this). This means that if this parameter
     is set and nmbd claims the special name for a workgroup before a
Windows NT PDC is able to do so then
     cross subnet browsing will behave strangely and may fail. 

     By default ("auto") Samba will attempt to become the domain
master browser only if it is the Primary Domain
     Controller. 

     Default: domain master = auto 
     Example: domain master = no 


local master (G) 

     This option allows nmbd to try and become a local master browser
on a subnet. If set to False then nmbd
     will not attempt to become a local master browser on a subnet
and will also lose in all browsing elections. By
     default this value is set to true. Setting this value to true
doesn't mean that Samba will become the local
     master browser on a subnet, just that nmbd will participate in
elections for local master browser. 

     Setting this value to False will cause nmbd never to become a
local master browser. 

     Default: local master = yes 


logon script (G) 

     This parameter specifies the batch file (.bat) or NT command
file (.cmd) to be downloaded and run on a
     machine when a user successfully logs in. The file must contain
the DOS style cr/lf line endings. Using a
     DOS-style editor to create the file is recommended. 

     The script must be a relative path to the [netlogon] service. If
the [netlogon] service specifies a path of
     /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then
the file that will be downloaded is: 

     /usr/local/samba/netlogon/STARTUP.BAT 

     The contents of the batch file is entirely your choice. A
suggested command would be to add NET TIME
     \\SERVER /SET /YES, to force every machine to synchronize clocks
with the same time server. Another
     use would be to add NET USE U: \\SERVER\UTILS for commonly used
utilities, or NET USE Q:
     \\SERVER\ISO9001_QA for example. 

     Note that it is particularly important not to allow write access
to the [netlogon] share, or to grant users
     write permission on the batch files in a secure environment, as
this would allow the batch files to be arbitrarily
     modified and security to be breached. 

     This option takes the standard substitutions, allowing you to
have separate logon scripts for each user or
     machine. 

     Note that this option is only useful if Samba is set up as a
logon server. 

     Example: logon script = scripts\%U.bat 


logon path (G) 

     This parameter specifies the home directory where roaming
profiles (USER.DAT / USER.MAN files for
     Windows 95/98) are stored. 

     This option takes the standard substitutions, allowing you to
have separate logon scripts for each user or
     machine. It also specifies the directory from which the
"desktop", "start menu", "network
     neighborhood" and "programs" folders, and their contents, are
loaded and displayed on your Windows
     95/98 client. 

     The share and the path must be readable by the user for the
preferences and directories to be loaded onto
     the Windows 95/98 client. The share must be writeable when the
logs in for the first time, in order that the
     Windows 95/98 client can create the user.dat and other
directories. 

     Thereafter, the directories and any of the contents can, if
required, be made read-only. It is not advisable that
     the USER.DAT file be made read-only - rename it to USER.MAN to
achieve the desired effect (a
     MANdatory profile). 

     Windows clients can sometimes maintain a connection to the
[homes] share, even though there is no user
     logged in. Therefore, it is vital that the logon path does not
include a reference to the homes share (i.e. setting
     this parameter to \\%N\HOMES\profile_path will cause problems).


     This option takes the standard substitutions, allowing you to
have separate logon scripts for each user or
     machine. 

     Note that this option is only useful if Samba is set up as a
logon server. 

     Default: logon path = \\%N\%U\profile 

     Example: logon path = \\PROFILESERVER\HOME_DIR\%U\PROFILE 



>>> Ben Luey <lueyb@carleton.edu> 05/18 6:54 PM >>>
Does the new version of samba (2.0.4) support win9x clients being in
user
mode access control and getting a list of users from samba. The only
mention of that fact says that this is a priority and will probably
be in
version 2.0, but this doc is obviously outdated.

Thanks,

Ben


Ben Luey
lueyb@carleton.edu 
ICQ: 19144397

Our system [is] of checks and balances - you send a check and the
balance tilts
your way.   -- Greg Lucas ("California Insider")



---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com

For additional commands, e-mail:
tclug-list-help@listserv.real-time.com

Try our website: http://tclug.real-time.com
Follow-Ups:
- secondary samba server?
  - From: Ben Luey <lueyb@carleton.edu>
Prev by Date: Re: [TCLUG:6083] mozilla build fail
Next by Date: Neal Stephenson on Linux
Prev by thread: Re: [TCLUG:6083] mozilla build fail
Next by thread: secondary samba server?
Index(es):
- Date
- Thread