Migrazione da Windows NT4 a Samba 3x
Installare Samba su Linux
Creare questo file di configurazione:
cat | sudo tee /etc/smb.conf > /dev/null <<EOFile
[global]
# user and group management
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/bin/net groupmap delete ntgroup="%g" ; /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u" "%g"
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
#
add user script = /usr/sbin/useradd -m "%u"; mkdir -p "/files/homes/%u"; chown %u: "/files/homes/%u"; chmod go-w "/files/homes/%u"
delete user script = /usr/sbin/userdel -r "%u"
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null "%u"
#username map = /etc/samba/user.map
#
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd "%u"
passwd chat = "*Enter new UNIX password*" %n\n "*Retype new UNIX password*" %n\n "*password updated successfully*" .
# Network role parameter
netbios name = GALSERVER
workgroup = GALIMBERTI
server String = "GALServer"
domain master = no
domain logons = yes
wins support = yes
security = user
local master = yes
os level = 99
time server = yes
encrypt passwords = true
logon home = \%L\%U
logon script = user.cmd
logon path = \%L\Profiles\%U
logon drive = P:
# Administrators users
admin users = administrator
printer admin = administrator
# Logging settings
syslog = 0
syslog only = no
log file = /var/log/samba/smbd
#log level = 3
#debug timestamp = yes
# Network binding
interfaces = eth0
bind interfaces only = Yes
# Printing
printing = cups
printcap name = cups
load printers = yes
[printers]
comment = All Printers
path = /tmp
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers Share
path = /var/lib/samba/printers
public = yes
guest ok = yes
browseable = yes
# read only = yes
writable=yes
write list = administrator
[tmp]
path = /tmp
public = yes
guest ok = yes
browseable = yes
read only = yes
[dati]
path = /files/dati
browseable = yes
writable = yes
[profiles]
path = /files/profiles
browseable = yes
writable = yes
[netlogon]
path = /files/netlogon
public = yes
guest ok = yes
browseable = yes
read only = yes
writable = yes
write list = administrator
[install]
path = /files/install
#public = yes
#guest ok = yes
browseable = yes
read only = yes
writable = yes
write list = administrator
[homes]
comment = Home Directory
#valid users = %S
read only = no
browseable = no
path = /files/homes/%S
[homes$]
comment = Home Directories
#valid users = administrator
read only = no
browseable = no
path = /files/homes
[files$]
comment = Administrative Files Share
#valid users = administrator
read only = no
browseable = no
path = /files
[cdrom]
comment = Cdrom
read only = yes
path = /media/cdrom
Verificare il ruolo di PDC :
$ testparm Load smb config files from /etc/samba/smb.conf Processing section "[printers]" ... Loaded services file OK. Server role: ROLE_DOMAIN_BDC Press enter to see a dump of your service definitions
Verificare di pingare con il nome NETBIOS la macchina NT:
ping SERVER
Stoppare SAMBA
sudo /etc/init.d/samba stop
Azzerare tutti i database degli account:
sudo rm -f /var/lib/sambda/*.tdb
Fare il Join nel dominio della macchina linux:
sudo net rpc join -S SERVER -W GALIMBERTI -UAdministrator%Password
Avviare samba
sudo /etc/init.d/samba start
Creare un utente e cancellarlo per creare un databse vuoto:
sudo smbpasswd -a root sudo smbpasswd -x root
Importare utenti ed account macchine:
sudo net rpc vampire -S SERVER -UAdministrator%Password
Non deve esserci nessun errore.
Controllare che gli account siano stati importati:
sudo pdbedit -L
Rimuovere tutti i gruppi unix con queti nomi se presenti:
sudo groupdel Account Operators sudo groupdel Administrators sudo groupdel Backup Operators sudo groupdel Domain Admins sudo groupdel Domain Guests sudo groupdel Domain Users sudo groupdel Guests sudo groupdel Power Users sudo groupdel Print Operators sudo groupdel Replicators sudo groupdel System Operators sudo groupdel Users
Controllare che non ci siano altri gruppi standard di NT creati come gruppi unix:
cat /etc/group
Se ci sono altri gruppi personalizzati, lasciarli.
Mappare i gruppi standard di NT ai gruppi unix:
sudo net groupmap modify ntgroup="Domain Admins" unixgroup=root type=d sudo net groupmap modify ntgroup="Domain Users" unixgroup=users type=d sudo net groupmap modify ntgroup="Domain Guests" unixgroup=nogroup type=d sudo net groupmap modify ntgroup="Account Operators" unixgroup=staff type=b sudo net groupmap modify ntgroup="Administrators" unixgroup=root type=b sudo net groupmap modify ntgroup="Backup Operators" unixgroup=backup type=b sudo net groupmap modify ntgroup="Guests" unixgroup=nogroup type=b sudo net groupmap modify ntgroup="Power Users" unixgroup=staff type=b sudo net groupmap modify ntgroup="Print Operators" unixgroup=lpadmin type=b sudo net groupmap modify ntgroup="Replicators" unixgroup=staff type=b sudo net groupmap modify ntgroup="Users" unixgroup=users type=b
Eco come deve essere la situazione alla fine:
sudo net groupmap list | sort Account Operators (S-1-5-32-548) -> staff Administrators (S-1-5-32-544) -> root Backup Operators (S-1-5-32-551) -> backup Domain Admins (S-1-5-21-529431811-589378722-923749875-512) -> root Domain Guests (S-1-5-21-529431811-589378722-923749875-514) -> nogroup Domain Users (S-1-5-21-529431811-589378722-923749875-513) -> users Guests (S-1-5-32-546) -> nogroup Power Users (S-1-5-32-547) -> staff Print Operators (S-1-5-32-550) -> lpadmin Replicators (S-1-5-32-552) -> staff System Operators (S-1-5-32-549) -> staff Users (S-1-5-32-545) -> users
Scollegare il la macchina NT
Cambiare il parametro:
sudoedit /etc/samba/smb.conf ... domain master = yes
Riavviare samba:
sudo /etc/init.d/samba stop; sudo /etc/init.d/samba start
Verificare il ruolo:
testparm Load smb config files from /etc/samba/smb.conf Processing section "[printers]" ... Loaded services file OK. Server role: ROLE_DOMAIN_PDC
Molto probabilmente il percorso di rete dei profili e delle home sarà sbagliato, mancherà uno "\" iniziale:
sudo pdbedit -Lv Administrator Unix username: Administrator NT username: Administrator Account Flags: [UX ] User SID: S-1-5-21-529431811-589378722-923749875-500 Primary Group SID: S-1-5-21-529431811-589378722-923749875-512 Full Name: Administrator Home Directory: \galserver\Administrator HomeDir Drive: P: Logon Script: Profile Path: \galserver\Profiles\Administrator Domain: GALIMBERTI Account desc: Login ID for administering the server Workstations: Munged dial: bQA6ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAA Logon time: Thu, 22 Feb 2007 20:23:51 GMT Logoff time: Thu, 22 Feb 2007 20:23:51 GMT Kickoff time: 0 Password last set: Thu, 22 Feb 2007 22:37:09 GMT Password can change: Thu, 22 Feb 2007 22:37:09 GMT Password must change: Fri, 06 Apr 2007 22:24:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
DA una macchina >=Win2k, loggarsi come administrator del dominio, usare User Manager per correggere a tutti (selezionando tuti gli user) questi percorsi come
\\GALServer\Profiles\%USERNAME%
e
\\GALServer\%USERNAME%
(si può fare anche con uno script e pdbedit)
Formattare la macchina NT dopo qualche giorno.