1. Samba in Debian Edu

/!\ Please read the information provided on the Samba wiki about supported Windows versions, needed registry patches and other procedures before proceeding.

https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains

Samba has been fully prepared for use as an NT4-style domain controller. After a machine has joined the domain, this machine can be fully managed with GOsa².

1.1. Getting Started

This documentation presumes that you have installed the Debian Edu main server and also a Debian Edu workstation. We presume that you have already created some users that can login and use the Debian Edu workstation. We also presume that you have a Windows workstation at hand, so you can test access to the Debian Edu main server from a Windows machine.

After installation of the Debian Edu main server the Samba host \\TJENER should be visible in your Windows Network Neighbourhood. Debian Edu's Windows domain is SKOLELINUX. Use a Windows machine (or a Linux system with smbclient) to browse your Windows/Samba network environment.

  1. START -> Run command

  2. enter \\TJENER and press return
  3. -> a Windows Explorer window should open and show the netlogon share on \\TJENER, and maybe printers you already have configured for printing under Unix/Linux (CUPS queues).

1.1.1. Accessing files via Samba

Student and teacher user accounts that have been configured via GOsa² should be able to authenticate against \\TJENER\HOMES or \\TJENER\<username> and access their home directories even with Windows machines not joined to the Windows SKOLELINUX domain.

  1. START -> Run command

  2. enter \\TJENER\HOMES or \\TJENER\<username> and press return

  3. enter your login credentials (username, password) in the authentication dialog window that appears
  4. -> a Windows Explorer window should open and show files and folders in your Debian Edu home directory.

By default only the [homes] and the [netlogon] shares are exported; further share examples for students and teachers can be found in /etc/samba/smb-debian-edu.conf on your Debian Edu main server.

1.2. Domain Membership

To use Samba on TJENER as a domain controller, your network's Windows workstations have to join the SKOLELINUX domain provided by the Debian Edu main server.

The first thing you have to do is to enable the SKOLELINUX\Administrator account. This account is not intended for day-to-day usage; its current main purpose is to add Windows machines to the SKOLELINUX domain. To enable this account log on to TJENER as the first user (created during main server installation) and run this command:

The password of SKOLELINUX\Administrator has been preconfigured during the main server's installation. Please use the system's root account when authenticating as SKOLELINUX\Administrator.

Once you are done with your administrative work make sure to disable the SKOLELINUX\Administrator account again:

1.2.1. Windows hostname

Make sure your Windows machine has the name that you want to use in the SKOLELINUX domain. If not, rename it first (and then reboot). The NetBIOS host name of the Windows machine will later on be used in GOsa² and cannot be changed there (without breaking the domain membership for this machine).

1.3. First Domain Logon

Debian Edu ships some logon scripts that pre-configure the Windows user profile on first logon. When logging on to a Windows workstation that has joined the SKOLELINUX domain for the first time the following tasks are run:

  1. copy the user's Firefox profile to a separate location and register that with Mozilla Firefox on Windows
  2. set up Web-Proxy and start page in Firefox
  3. set up Web-Proxy and start page in IE
  4. add a MyHome icon to the Desktop that points to drive H: and opens Windows Explorer on double-click

Other tasks are run on every logon. For further information on this, please refer to the /etc/samba/netlogon folder on your Debian Edu main server.

CategoryPermalink