Use Linux to replace Windows NT2000 servers

xiaoxiao2021-03-06  85

By Sebastian Sasías

About the Author:

As a support tool for development technology solutions, he has used Linux for several years.

His work includes via Linux control devices, signal processing, communications, and network security.

He is proficient in electronic automation and computer technology.

He has been committed to the development of free software under the GNU / GPL protocol.

Summary:

This article provides programs for the previous LinuxFocus article about Samba for sharing resources in UNIX-Windows heterogeneous networks. In particular, it focuses on running Windows with Samba.

This is not only because Linux is strong and flexible, but also for economic considerations:

Very large saving license fees for purchasing Windows servers.

To achieve similar performance performance, Linux uses fewer hardware resources than Windows (which is processor and memory).

A proper Linux server that runs Samba configuration can replace Windows NT / 2000 servers, which generally share directory, providing Active Directory Service, ADS, but it can be the primary domain controller (PDC), Perform Windows 2000 / NT / 98/95 as a user authentication, shared resource (directory, and printer) and custom user sessions.

This article is mainly focused on these aspects.

Many computer environments are based on the Functions provided by Windows servers. The Linux server with Samba will replace all Windows-based systems without changing the client.

The following steps to be discussed assume that Samba has been installed and running the correct machine will be used as a server. Readers need the basic knowledge of Linux and Windows servers.

-------------------------------------------------- ------------------------------

Configure

Follow these steps:

1) Creating users to be authenticated in the primary domain server (Linux / Samba).

Using the addUser command, UserAdd or UserConf, you can use some user management tools, or a graphical interface (Webmin, LinuxConf, YaST, etc.).

Need to confirm that if the user only enters the Linux / Samba service (if you want), this means that the user does not have to enter the Linux command line, so only the home directory is set to / dev / null, the command line is set to / bin / false.

2) Convert UNIX users to Linux / Samba / Windows users to generate a SMBPASSWD file.

CAT / etc / passwd | mksmbpasswd.sh> / etc / samba / smbpasswd

Another method is to perform the Samba command to create a user and definition password:

SMBADDUSER

SMBPASSWD

These commands and adduser have a similar role as PASSWD.

3) Edit Samba's configuration file (SMB.conf), you have to determine the addition or minus the following marked options with Comment:

NetBIOS Name = SMBServer

Workgroup = thedomain

Server string = linux Samba NT Server

Log file = /var/log/samba/%m.log

Max log file = 0

Security = user

Encrypt Password = YES

SMB Password File = / etc / samba / smbpasswd

SSL CA CERTIFICATE = / usr / share / ssl / .... (cancel comment) Socket Options = (Cancel Comment)

Local Master = YES

preferred master = yes

Domain master = yes

Domain logons = yes

Logon script = logon.bat

Wins Support = YES

note:

To do a unique landing (login) of each user, you need to replace the original "login script" using the "% u.bat" file. Such a "landing description" with your own username is also available.% U can be used. If you want to define the user belong to that group, you can use% g or% g, these parameters, and other parameters Definitions can be found in the manual. (man smb.conf)

4) Create a shared resource

Edit the SMB.conf file and comment all the examples of "Sharing", add the following information, if there is no necessary words, no change:

[Netlogon]

Comment = INITIALIZATION SCRIPTS

Path = / home / Netlogon

oud all = yes

Guest OK = YES

Browseable = no

[home]

Comment = User Directory

PATH = / home /% u

Browseable = yes

Writable = yes

[public]

Comment = Public Directory

PATH = / home / public

Browseable = yes

Writable = yes

Guest OK = YES

Create Mask = 0777

FORCE CREATE MASK = 0777

Save the SMB.conf file.

5) You can use the following command to verify that the smb.conf is correct:

TestParm

These commands analyze the SMB.conf file and report the error discovered.

6) Create / Home / Netlogon and / Home / Public Directory separately, respectively.

7) Edit the logon description file Logon.bat.

Important: Use the DOS / Windows text editor (such as NOTEPAD or EDIT) to create a logon.bat file (so saved text files is a Microsoft-compatible form), you can also do this on Linux but you must convert into The correct text form. You can use the command ": set textmode" such as a vim to get a file with a Microsoft line.

Net Time SMBServer / Y (You can also Use: / yes instead of / y)

NET Use H: SMBServerHome -Y (You Can Also Use: / Yes Or / Y ISTEAD OF -Y)

NET USE P: SMBSERVERPUBLIC -Y

8) Add SMBServer information to the LMHOSTS file.

Edit the / etc / lmhosts file / etc / lmhosts file and join the row of SMBSERVER information.

SMB servers, such as: 192.168.0.10 SMBServer

9) Restart SAMBA's background program (SMBD).

Service SMB Restart

If you don't work in your Linux version, you can use the following command: PS -AUXGX | GREP SMB

Kill -9

SMBD

10) Use SMBClient to verify that the above configuration is correct.

SMBCLIENT -L // SMBServer

If "Password:" is displayed, press the "Enter" button, the resource of the server will be displayed.

11) Use the Windows 95/98 / NT computer to log in to the domain THEDOMAIN, using Linux / Samba created users (see steps 1 and 2).

In 95/98 / me, the configuration can follow the order:

Start => Settings => Control Panel => Network => Microsoft Network Customer => Properties.

The Windows NT / 2000 (Workstation / Professional Edition) is also similar to the usage, the order is not the same.

Click Options "Start Session in Windows NT / 2000 Domain" and Write the Domain Name TheDomain (Workgroup).

An instance of a configuration file

A complete Samba configuration file is listed as follows, this file is tested in the Linux distribution version. The reader can modify it to achieve the result you want. Each of these instructions are properly annotated.

Finally, the suggestion for those who want to quickly configure Samba is to install Webmin or SWAT, which allows you to make it easy.

# ===================================================== =========== #

# /etc/smb.conf

# ------------------------------------------------- ----- #

# Samba main configuration file

#Seand the skeleton of the file, select the parameters according to your needs.

# ------------------------------------------------- ----- #

# Test the system: Solaris system and Linux all release versions

#

RedHat 6.0, 7.0, and 7.1

# Solaris 7

# Slackware 7.x

# Mandrake 6.1, 7.0 and 8.1

# SUSE 7.2

# ------------------------------------------------- ----- #

# Recently change time: 08/12/2001

# Author: Sebastian Sasias - sasias@Linuxmail.org

# ===================================================== =========== ##

# This file is developed in accordance with the Samba specification, please refer to the SMB.CONF (5) manual.

#

# OBS: After changing this file, use the "TestParm" command to test.

#

# ======================================================================================================================================================================================= #

#

#CRF

#

[global]

# ............................................. .... #

# Workgroup = NT-Domain-name o Workgroup-name, such as: the 3Ain

#PPC Domain

Workgroup = thedomain

# ............................................. .....

# Name of this machine declared in other machines

NetBIOS Name = SMBServer

# ............................................. .....

# This statement will appear in Windows "Network Neighbors"

Server string = Samba Server de Este Lugar

# ............................................. .....

# This line is critical because of safety, which is only connected to a specific computer in the local area.

# In this example, it is a network of 192.168.8.0 (C-class network)

The interface of # and "loopback" can be connected.

# More details, please read the SMB.CONF MAN manual.

# P如: Only the address after IP of the specified start can share resources.

# 192.168.8 and 127 (Note)

Hosts allow = 192.168.8. 127.

# ............................................. .....

# If you want to automatically load a list of printers, you don't have to enter a manual entry, you can use:

Load Printers = YES

# ............................................. .....

# 盖 The path to the printcap is possible.

PRINTCAP NAME = / etc / printcap

# ............................................. .....

# In the SYSTEMV system, PrintCap has a list of printer from the SPOOL system from SystemV (such words! :-)) in the SYSTEMV system.

PRINTCAP NAME = LPSTAT

# ............................................. .....

# If the printer system is non-standard, you need to specify what printing system.

# Now supported printing systems:

# BSD, SYSV, PLP, Lprng, AIX, HPUX, QNX

; printing = BSD

# ............................................. .....

# If you need a Guest account, don't comment out of this line below.

# You must join this to / etc / passwd, otherwise this user has no "people" available.

Guest Account = Pcguest

# ............................................. .....

# 下 这 This is why each computer has a different log file.

# Connect by this file and the Samba server.

Log file = /VAR/LOG/SAMBA/LOG.%M

# ............................................. .....

# Set the limit of the Log file length (unit KB).

Max log size = 50

# ............................................. .....

# 阅 s s 细 细 细 细

# Specify how to verify password

# User-level security policy = each user has its own password (Samba password)

Security = user

# ............................................. .....

# If you use a server-level security policy, the verification process is performed on another machine.

# Only use the value "Password Server" only when using the server-level security policy.

# 密码 server is equal to [authentication server address].

Password server =

# ............................................. .....

# If you want to use the encrypted password, read Encryption.txt in the Samba document.

# Win95.txt and winnt.txt.

# You only know enough information to understand this property to use it.

# Information: Win95, Win98 and Winnt can send encrypted passwords.

Encrypt passwords = yes

# ............................................. .....

# Use the following line to customize your configuration.

# On each computer in the network,% m replaces the name of its own NetBIOS.

Include = /usr/local/samba/lib/smb.conf.%M

# ............................................. .....

# You will find that documents and some popular "prompts" will tell you that the following options can get better performance.

# Try!

# Read Speed.txt and Manual to know more details.

Socket options = tcp_nodelay

# ............................................. ..... ## samba can be configured with a variety of network interfaces.

# If you use a variety of network interfaces, you must listed below.

# Read the manual to know more details.

Interfaces = 192.168.8.2/24 192.168.12.2/24

# ............................................. .....

# Browser Control Option:

# If you don't want Samba as the primary browser in the network, set "local master = no".

Local Master = YES

# ............................................. .....

# On the OS level, this server is elected the setting of the primary Browser priority.

# Generally, the default value may be possible.

OS Level = 33

# ............................................. .....

# 主 Host Specifies Samba to become the main Browser in the domain.

# This allows the Samba Run Domain Controller and can be "see" in different TCP / IP subnets.

# If you use a Windows NT / 2000 domain controller, you should not use it.

Domain master = yes

# ............................................. .....

# More advanced domain owners make Samba a local Browser in the startup.

# This makes it more opportunities (elections become domainers).

# If we have more than 2 servers, high-level servers will be more "welcome".

# Customer chance to search for a server in a list.

preferred master = yes

# ............................................. .....

# Only you can use the NT / 2000 server in a primary domain controller (PDC), you can use the following.

Domain controller =

# ............................................. .....

# If you want to regard Samba as a "domain login server" in a Windows 9x / ME station, you have to use the following.

Domain logons = yes

# ............................................. .....

# If you use "domain landing", you must use a landing script,

# Each machine or each user in the Windows network.

# Specific login batch processing of each workstation is

Logon script =% m.bat

# Each user's specific login batch is

Logon script =% u.bat

# ............................................. .....

# 'S PROFILES file (only valid for Win95 and Winnt)

#% L replaces the NetBIOS name of this server,% U replaces the username

# If you use it, you must not comment out the following PROFILES sharing

; logon path =% lprofiles% U

# ............................................. .....

# WDOWS Internet Resolution Server:

# WINS Support - Inform NMBD Enable its WINS server. # WINS protocol converts the machine name into an IP address,

# It works like DNS in TCP / IP.

WINS Support = YES

# ............................................. .....

# WINS Server - Inform Samba's NMBD components to be a customer of Wins.

# Samba server can be one of them: WINS server or WINS client,

# However, it is not possible to be both.

# Here the WINS IP server must be specified.

Wins Server = 192.168.8.1

# ............................................. .....

# WINS Agent - Inform Samba to respond to requests for the name parsing of customers without WINS capabilities,

# This situation is only valid when there is at least one WINS server in the network.

# 缺.

Wins proxy = yes

# ............................................. .....

# DNS agent - Inform Samba Whether to resolve NetBIOS name

# Version 1.9.17 Built-in default is "Yes", from version 1.9.18 to "No"

# Here we can inform Samba name parsing Use DNS or not.

# DNS proxy = yes

# DNS proxy = no (Name Resolution Will Be Made by Using The File Lmhosts)

# ............................................. .....

# If the driver disk login is not specified, z: The unit will automatically log in.

Logon Drive = P:

# ............................................. .....

# When a login appears, this script is executed: /etc/samba/netlogon/samba.bat

# And use "Netuse" to log in to disk unit

Logon script = samba.bat

# ====================== s d definitions ======================= #

# 私人 私 私

# Unit P:

[homes]

Comment = Home Directories

Browseable = no

Writable = yes

Readonly = NO

FORCE CREATE MODE = 0700

Create Mode = 0700

Force Directory Mode = 0700

Directory Mode = 700

# ------------------------------------------------- ----- #

# Temporary Directory

# Unit T:

[TMP]

Comment = Tempora Files

PATH = / TMP

Readonly = NO

Public = yes

Writable = yes

FORCE CREATE MODE = 0777

Create Mode = 0777

Force Directory Mode = 0777

Directory mode = 0777

# ------------------------------------------------- ----- #

# CD-ROM of the server

# Unit L:

[CDROM]

Comment = CD-ROM

Path = / mNT / CDROM

Public = yes

Writable = NO

# ------------------------------------------------- ----- #

# 组, according to /HOME/grp.name_group

# / home / user / group is /Home/grp.name_group a link

# Grp.name_group Use Permissions 770

# Unit G:

[group]

Comment = Directory Of Group

Path = / home /% u / group

Writable = yes

Readonly = NO

FORCE CREATE MODE = 0770

Create Mode = 0770

Force Directory Mode = 0770

Directory mode = 0770

# ------------------------------------------------- ----- #

# This unit stores application software, install software, dedicated software, etc.

# / net and / net / install permissions are 755, such as here, root is its owner

# Unit N:

[net]

Comment = Directory Net

PATH = / NET

Writable = yes

Readonly = NO

FORCE CREATE MODE = 0750

Create Mode = 0750

Force Directory Mode = 0750

Directory mode = 0750

# ------------------------------------------------- ----- #

[Netlogon]

Comment = Logon Services in the network

Path = / etc / samba / Netlogon

Guest OK = YES

Writable = NO

Locking = no

Public = no

Browseable = yes

Share modes = no

# ------------------------------------------------- ----- #

# ===================================================== =========== #

Last consideration

Samba packages and some other tools used on Linux are constantly developing, so some details that may be lecture here will lose utility. In fact, some parameter names in Samba have changed small in the configuration file and maintain a more optimized structure. If you find some unknown parameters in the Samba configuration, you may have 2 simple ways to solve it:

Read the default SMB.conf file, the same lines are generally commented, and some "parameters that may generate problems" can be provided.

Read the Samba documentation, starting with the file that describes the last version of the last version.

Reference: Bibliographic and Software Tools

Samba, official website:

http://www.samba.org

Webmin, official website:

Http://www.webmin.com A Remote Administration Tool for Computers Running UNIX Systems.

GNU Project and Free Software Foundation:

http://www.gnu.org

One interesting website, you can get the RPM package:

href = http://www.rpmfind.net

Linneighborhood website:

href = http://www.bnro.de/~schmidjo, a interesting Linux tool, using it to share resources via "Samba Network".

source:

Linuxfocus

转载请注明原文地址:https://www.9cbs.com/read-122687.html

New Post(0)