Profile: Generally set Samba uses a single profile, this file you can find some tag blocks like this: [Global]
Samba has only one profile!
[global]
Printing = BSD
PrintCap Name = / etc / printcap
Load Printers = YES
Guest account = pcguest
Log file = /usr/local/samba/log.%M
[TMP]
Comment = Temporary File Space
PATH = / TMP
oud all = yes
Public = yes
If you use this configuration file to run Samba, on your LAN, those Windows machines can find a TEMP directory in their network neighbors to find a TEMP directory, and write Into. Note: Once you update the Samba configuration file, you have to recover your Samba by using /etc/init.d/samba restart (debian). Profile, "Advanced" parameters First let's take a look at these parameters:
[global]
NetBIOS Name: You can specify the NetBIOS name of your Samba server. This name can be seen by a network neighbor through the Windows machine. If you don't specify, Linux will use its own network name as a NetBIOS name. Invalid Users: The user name list of Samba is not allowed. For example, "root" should not be allowed to access SAMBA. Interfaces: If your Linux server has more than one network card, you want to limit only one network available. Security: Available security mode. If you use security = User, you will require an account on the GNU / Linux server if you don't need a Samba server to manage users, and it is planned to let everyone use the same shared resource, which can be set to: security = share. Workgroup: The name of the workgroup where your Linux server is located. Server String: Simple description of your Linux machine (some strings). Socket Options: Used to regulate the Samba server and let him have a list of fine options. Depending on the situation. Encrypt Passwords: Do you have to use an encrypted port? You must understand that (almost) Every Windows system has different laws! WINS Support: Your Linux server needs to work in WINS? OS Level: OS Level Specifies which server will become a domain controller (Domain Master), a local controller, and so on. Domain Master: Specifies Samba as the primary domain server Local Master: Specifies Samba as a Local Master Server Preferred Master: If there is any other server exists, is Samba a preferred one? Domain Logons: Can Samba manage connection control over a domain? Logon Script: Which script is run when this user starts a session? Logon Path: Where is the startup script file? Logon Home: Where to store user profile? Name Resolve Order: How to use the resource order in the order to query the machine name in the network? DNS Proxy: Does the Samba server are also used as DNS proxy servers? PRESERVE CASE: Keep the file name. Short Preserve Case: Keep the file name. Unix Password Sync: Do you need synchronization of Unix and Windows passwords? Passwd Program: Which program is used to make a password. PASSWD CHAT: What "Agreement" is used to make a password. Max log size: The maximum size of the log file. Section [NetLogon] specifies where Netlogon is.
Section [Profiles]
User Profile file section.
Section [homes]
User Home Directory.
Samba variable
Variable Description Client Variable% A Client System: For example: Win95, WFWG, WinNT, Samba ...% i client IP address% M client NetBIOS name% M client DNS user variable% g user% u main group % H User% U Home Directory% UUnix Current Username Sharing Variable% P Current Shared Root Capital Real Sign Period Current Shared Name Server Variable% Hsamba Server DNS Name% Lsamba Server NetBIOS Name% VSAMBA Version Other Variable% T Current Date And the time uses these variables: If there are some machines in your network run Windows 3.11 and Windows98, you can create two profiles, use one for each system, then% a variables can be used. RESULTS: Our configuration file
OS Level = 34; Domain Management Domain Master = YESLOCAL MASTER = YESPREFERRED MASTER = YES; Domain Connection Management Domain Logons = YES; When is a user login, what script runs?;% G Point to the main group of users Logon script =% g .bat; Where can I find our script? ;% L is the NetBios name logon path =% l etlogon in the Samba server; where to store the user's Profile ?;% U user login logon home =% L% UWINPROFILE; to check the resources to find the machine name ? In which order check the resources to find; THE NAME OF A Machine ?; Note, unlike Windows to send broadcasts on a normal basis, our broadcast is final. Name resolve order = lmhosts host wins bcast; whether Samba must operate in DNS Proxy? DNS proxy = NO; Keep its file name and case preserve case = yesshort preserve case = yes; we must synchronize the password of Windows and Linux? Unix password sync = yes; how to synchronize password passwd program = / usr / bin / passwd% uPasswd chat = * EntersnewsunixScassword: *% n * retypesnewsunixsPassword: *% n.; Log file's maximum size, prevent / var directory: PMax log size = 1000; We are time server: used to synchronize the time of each machine; use this feature by logging in .bat file. Time Server = YES; Specify the location of Netlogon. This will only be used when logging in; so we don't have to make it open. [Netlogon] Path = / home / Netlogon /% GPUBLIC = NOWRITEABLE = NobrowSeable = NO; Each user's home directory [homes] comment = home directoriesbrowseable = no; he can write, right. Read online = NO; Default UNIX umask.create mask = 0700; based on security purposes, this directory is set to 700Directory mask = 0700; sharing FTP, so you can use a special client to be in; network neighbors used [ FTP] path = / home / ftp / pubpublic = yesprintable = NOGUEST OK = yes; temporary directory [TMP] path = / tmppublic = yesprintable = NOGUEST OK = yeswritable = yes; another temporary directory; provided to a specific need for special Space users [bigTemp] path = / home / bigTemppublic = yesprintable = noguest ok = yesvalid users = ericswritable = yes Now, we have some simple to see on the server, what should we do on the server? :
Each user an account SMB.CONF file A directory / home / Netlogon (like the one in my example) should have a .bat file in each user group in this directory (example here) a config.pol file Provide system security policies (also in this directory) config.pol file, find Poledit.exe to find Poledit.exe in Windows CD.
NET USE P: PanTouflehomes
NET USE T: PANTOUFLE MP
NET Time PanToufle / SET / YES
NET USE P: PanTouflehomes
NET USE T: PANTOUFLE MP
NET Time PanToufle / SET / YES
Regedit / s PanToufle
ETLOGON Eachers.Reg
NET USE P: PanTouflehomes
NET USE T: PANTOUFLE MP
NET Time PanToufle / SET / YES
Regedit / s PanToufle
ETLOGONPUPILS.REG
[HKEY_CURRENT_USERSEFTWAREMICROSOFTWINDOWS
CurrentVersionExplorer Shell Folders]
"Personal" = "P:"
[HKEY_CURRENT_USERSEFTWAREMICROSOFTWINDOWS
CurrentVersionExplorer Shell Folders]
"Personal" = "P:"
This file allows automatic mount users personal directory to P: The temporary directory is hidden to T:. At the same time, the system time is also synchronized with the Samba server. Tip: The format of .bat file must be "DOS mode". The best is to generate this file in Notepad, then put it on the server. Develop System Security Strategy (C) (TM) (R)
Using domain controllers can make Windows security are this title! Of course, I borrowed from MS about the documentation of their system security policy tool. Therefore, in order to create a Windows system policy, such as preventing certain users (all?) From running regedit or DOS programs, you have to use POLEDIT above the Windows98 CD. Run POLEDIT to view its help, write down related information ... This article doesn't intend to teach you how to use private software. Once you are ready .pol file, copy it to the Samba server, which is in the path specified in [NetLogon]. Note: For the W9X client, the system policy file must be config.pol ... As for WindowsNT, it should be another name, because I don't have NT can't tell you: '(Ha, don't give me a NT to let me test. In short Thank you very much, your conscience is great: o) Tips: POLEDIT allows you to create user groups and users, but we have not succeeded. Only by default users are put in the account. For example, if I created a "admin" group with POLEDIT, when the user is connected as "ERICS", the regedit is allowed to run the regedit (his main group is "admin"), I have no way to run the regedit: (However, create with Poledit) A "Erics" user is working very well. Because I feel like I use POLEDIT to build 1056 users in this type of work, and the global user management looks more interesting, we "suggest" such a trick: for this In the child, we have solved several questions: 3 config.pol files to the default user, so we also have: /Home/neetlogon/teachers/config.pol/home/netlogon/teachers /TACHERS.BAT/HOME/Netlogon/pupils/config.pol/home/netlogon/pupils/pupils.bat/home/neetlogon/admin/config.pol/home/netlogon/admin/admin.bat This has been modified SMB. The conf file puts this thing in:
MS Network Network Card Driver TCP / IP Support and Only TCP / IP (No ipx or netbios) Files and Printers Sharing Then click "Identification" Tab and then fill in the workgroup name where the machine name and the machine are located. Click "Access Control" and select User-Level Access Control Back to the Configuration Tab and then double-click "Client for MS Network" Don't forget to configure TCP / IP support: Double click: TCP / IPIP address: You want this machine IP (EX: " 192.168.0.2) Subnet mask (EX: 255.255.255.0) WINS configuration:
Activate Wins join the WINS server, IP 192.168.0.1 (Suppose your Samba server is this address) Gateway: If you have a gateway, you specify DNS configuration here: Configuring your DNS About "Tuning / Performance / Good Sense? "At work, due to the use of Windows Profile, the bottleneck quickly appeared. In fact, Profile is filled with things that the MS thinks is important, such as the Cache, Outlook Cache, etc. of IE. Simply put, this means that whenever the user is connected or disconnected, it will be downloaded or uploaded (my profile is very standard, there is a desktop background, IE, Outlook Cache ...). Each user is 10MB in a place with 15 machines ("General" laboratory size), it will be used off 150MB. If this floor has 10 such places ... When you count, you will look at the bell rang. How many users are leaving. Now you can get the result, then run 5 minutes in advance ... (Well, I have to admit that I have done it when I read) ... I have more than 5 minutes. Just like a big city, the big running time is either 10 minutes earlier, or two hours later! Therefore, according to the strategy you implement, hook each user home directory to the P: (as an example, P represents people, personal), and tell them "to save your document to P, don't put it 'My Inside the document, otherwise the file will be lost ", this should be a good way. Next, you have to find a software, let it configure this: put the book to P: Ookmarks.html, etc. I don't even know if there is such a thing in the Windows world! If you know such a solution, write down, share knowledge ~ Problems and suggestions, as supplementation in the same domain, if there may be multiple working groups, how to manage it, will you follow GNU / Linux Samba What happens between occurrence? Is It Possible to have Various Workgroups on the Same Domain, How Can This BE MANAGED, IS IT POSSIBLE TO SHARE THE PROBLEEEN VARIOUS GNU / Linux Samba? (This sentence is bigger, still left, derived). How do I use NT and Samba servers at the same time? NT client configuration: config.pol file There is another name below NT. When only Samba servers (no NT) a real problem: I work on W98 and I want to share my local resources, such as my printer: Show my printer sharing status Next click to add hot news: Someone gave me A solution. Select "Resource Level Access Control" when Windows Control. Thanks to Bruno
