diff options
Diffstat (limited to 'docs/textdocs/DOMAIN.txt')
| -rw-r--r-- | docs/textdocs/DOMAIN.txt | 179 |
1 files changed, 0 insertions, 179 deletions
diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt deleted file mode 100644 index b2d8a3f34d2..00000000000 --- a/docs/textdocs/DOMAIN.txt +++ /dev/null @@ -1,179 +0,0 @@ -Contributor: Samba Team -Updated: June 27, 1997 - -Subject: Network Logons and Roving Profiles -=========================================================================== - -Samba supports domain logons, network logon scripts and user profiles. -The support is still experimental, but it seems to work. - -The support is also not complete. Samba does not yet support the -sharing of the SAM database with other systems, or remote administration. -Support for these kind of things should be added sometime in the future. - -The domain support works for WfWg and Win95 clients. Support for Windows -NT and OS/2 clients is still being worked on and is still experimental. - -Using these features you can make your clients verify their logon via -the Samba server, make clients run a batch file when they logon to -the network and download their preferences, desktop and start menu. - - -Configuration Instructions: Network Logons -============================================== - -To use domain logons and profiles you need to do the following: - -1) Setup nmbd and smbd and configure the smb.conf so that Samba is -acting as the master browser. See INSTALL.txt and BROWSING.txt for -details. - -2) create a share called [netlogon] in your smb.conf. This share should -be readable by all users, and probably should not be writeable. This -share will hold your network logon scripts, and the CONFIG.POL file -(Note: for details on the CONFIG.POL file, refer to the Microsoft -Windows NT Administration documentation. The format of these files -is not known, so you will need to use Microsoft tools.) - -For example I have used: - - [netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = yes - -Note that it is important that this share is not writeable by ordinary -users, in a secure environment: ordinary users should not be allowed -to modify or add files that another user's computer would then download -when they log in. - -3) in the [global] section of smb.conf set the following: - - domain logons = yes - logon script = %U.bat - -the choice of batch file is, of course, up to you. The above would -give each user a separate batch file as the %U will be changed to -their username automatically. The other standard % macros may also be -used. You can make the batch files come from a subdirectory by using -soemthing like: - - logon script = scripts\%U.bat - -4) create the batch files to be run when the user logs in. If the batch -file doesn't exist then no batch file will be run. - -In the batch files you need to be careful to use DOS style cr/lf line -endings. If you don't then DOS may get confused. I suggest you use a -DOS editor to remotely edit the files if you don't know how to produce -DOS style files under unix. - -5) Use smbclient with the -U option for some users to make sure that -the \\server\NETLOGON share is available, the batch files are visible -and they are readable by the users. - -6) you will probabaly find that your clients automatically mount the -\\SERVER\NETLOGON share as drive z: while logging in. You can put some -useful programs there to execute from the batch files. - -NOTE: You must be using "security = user" or "security = server" for -domain logons to work correctly. Share level security won't work -correctly. - - - -Configuration Instructions: Setting up Roaming User Profiles -================================================================ - -1) in the [global] section of smb.conf set the following: - - logon path = \\profileserver\profileshare\profilepath\%U - -The default for this option is \\%L\%U, namely \\sambaserver\username, -The \\L%\%U services is created automatically by the [homes] service. - -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. Windows 95 appears to -check that it can see the share and any subdirectories within that share -specified by the logon path option, rather than just connecting straight -away. - -When a user first logs in on Windows 95, the file user.dat is created, -as are folders "start menu", "desktop", "programs" and "nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. - -The user.dat file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.dat file to user.man, -and deny them write access to the file. - -2) On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - -3) On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Press OK, and this time allow the computer to reboot. - -You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist), -user name and user's password. - -Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. - -Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -(the default is \\samba_server\username) and verify that the "desktop", -"start menu", "programs" and "nethood" folders have been created. - -These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). - - -If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". - - -1) instead of logging in under the [user, password, domain] dialog], - press escape. - -2) run the regedit.exe program, and look in: - - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - - [Exit the registry editor]. - -3) WARNING - before deleting the contents of the directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - - This will have the effect of removing the local (read-only hidden - system file) user.dat in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - -4) search for the user's .PWL password-cacheing file in the c:\windows - directory, and delete it. - -5) log off the windows 95 client. - -6) check the contents of the profile path (see "logon path" described - above), and delete the user.dat or user.man file for the user, - making a backup if required. - - -If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. - |