[PLUG] Windows/Linux/Samba

David Phillips redhat at crisponions.com
Sat Dec 25 06:40:04 UTC 2004


Thanks for the advice.  I just discovered the samba newsgroup (yeah I am
a little behind in some aspects :-) ).  Luckily from your tips and what
I read, this looks like it should be pretty easy for me.  Fortunately
this server is getting installed on different hardware than my current
server so I should have minimal downtime, and it will also be hosting
almost all my shared files, now i just gotta find the time to do it.  

On Fri, 2004-12-24 at 22:09 -0800, Carla Schroder wrote:
> On Friday 24 December 2004 8:55 pm, David Phillips wrote:
> > I am finally going to try to take that final leap from being windows
> > dependent and move my backend to linux.  I am looking to replace my MS
> > domain controller/mail server with a linux box.  What I am curious about
> > is how to implement windows (for my wife's PC, and i still have some
> > apps I have to use that only work on windows) into my new linux network.
> > I have used samba in the past but in the opposite direction, using it to
> > access windows shares.  How difficult is it to have samba be the "domain
> > controller" for my new network?  Can you still have file level security
> > on the MS machines?  My understanding of samba is it works in the old
> > "workgroup" style of MS networking - which in windows land means no file
> > level security.  
> > 
> 
> Windows NTFS and Linux filesystems operate with different sets of file 
> permissions, which Samba does not try to translate. And FAT filesystems have 
> no access controls at all. To restrict access to files set up Samba shares, 
> then configure access controls on the shares. 
> 
> One option is to set up shared directories on each PC. Then each shared 
> directory has its own Samba share and access controls. Another way is to use 
> Samba as a central file server, and put all shared files on it. Or mix n 
> match.
> 
> It's dead easy to use Samba as a NT4-style domain controller. These are the 
> steps:
> 
> 1. Configure Samba to act as a PDC
> 2. Create a Samba root user account on the Samba box 
> 3. Configure your windows PCs as domain clients
> 4. Set up Windows machine accounts on the Samba box. This is the bit everyone 
> leaves out- each windows PC needs its own Samba account, plus you must log in 
> immediately to establish the trust relationship between Samba and the Windows 
> PC. You'll need the Samba root user for this initial login
> 5. Create human user accounts in Linux on the Samba box, and again in Samba
> 6. Create file and printer shares
> 7. Set up access controls on shares
> 
> Shares can allow/deny access on a per-user basis, or groups. The users must 
> have Samba accounts. The groups are ordinary NIS or /etc/groups. Again, 
> because of the differences in the many Windows and the differences between 
> Windows and Linux, these extra steps are required.
> 
> Windows NT/2000/XP are fairly sane as far as Samba logins go. They send both a 
> login and password, so you can log into Samba as a different user than the 
> Windows user. Windows 95/98/ME default to the Windows user, and lets you send 
> only a password. And of course windows XP home can't connect to any kind of 
> domain, not winderz, not Samba.
> 
> The Samba docs on Samba.org are good. In fact I think they are excessively 
> detailed. And if you had my book you would have all this nailed down in an 
> hour. :)
> 




More information about the PLUG mailing list