CFGPack: VERY ADVANCED SAMBA CONFIG (VASC) Date: 05-may-2002 Author: F. Hagethorn Version: 0.1a License: GPL NOTE: This config had been setup on the debian samba package version 2.2.3a-6. Configuration details: - PDC (Primary Domain Controller) configuration - encrypted passwords - roaming profiles for win95 partially, win98 completely and win2k completely (win95 has crappy profile support) - dynamicly created netlogon scripts with userdefinable mounts see etc/samba/defaultshares.conf for driveletter - servershare settings dont forget to add the usershares in smb.conf, see examples at the end - homedir will be mounted under H: - profiledir will be mounted under X: - unix password sync, when a user changes his/her password from windows the unix password will automaticly be changed as well - tuned TCP send and receive buffer size, boost performance, this has been optimized for a 100Mbps switched network. - supports linux, Win9x, Win2k (non, sp1, sp2) clients for more details about this see SAMBA_README.txt - cdrom automounter, when a user accesses //SERVER/cdrom the cdrom will be automaticly mounted. It will also be automaticly unmounted when a user leaves the share. - printers will automagicly be read from /etc/printcap Installation: -- Samba configuration plus samba scripts: Copy the etc/samba dir to your /etc/samba (eg overwrite the default smb.conf) Make sure user & group settings for all files are root.root, and the config files aren't world writable. ( cd /etc/samba; chown root.root * -R; chmod o-w * -R ) For the scripts in /etc/samba/scripts 0700 root.root will be sufficient. -- Create the profile directory: Userprofiles arent stored in their homedirectories but in a dedicated directory in /home, this directory is called.. (tadadumm) profiles so its: mkdir /home/profiles chmod 755 profiles chown root.root profiles The userprofile directories will be created if they log in for the 1st time Configuration: -- SERVER name & WORKGROUP name edit smb.conf and change workgroup = WORKGROUP to whatever you like, same goes for netbios name = SERVER. -- Userdefined shares (eg group shares) I bet you want users to all have access to some default shares. See the last 2 uncommented entries in smb.conf and use these as examples. If you want these shares to be mounted on the windows machines at logon time you must edit defaultshares.conf as well. defaultshares.conf holds some examples on how to do add your own. YOU DONT NEED TO EDIT logon.sh OR BUILD YOUR OWN startup.bat file JUST EDIT defaultshares.conf and smb.conf -- Script configuration Edit scripts.conf and see what you dont like, it has been setup to be secure (only root can read/write to the /var/log/sambascripts.log file) -- More setup notes: Add a group named machines, this is for windows 2000 domain logons. Add the user root with smbpasswd to the system, you may use a different password then you use on the system, this is only for adding a windows 2000 system to the domain (make it a domain member, which must be done before you can logon to the domain with windows 2000). -- Printer driver definitions for automated printer installation Not yet included in this release, i did find a good url where you can figure out how to do it for Win9x clients. see: http://www.jsanten.demon.nl/samba/automatedprinterdriver.htm (Anyone interested in helping me out on this one?)