Differences between revisions 6 and 7
Revision 6 as of 2017-05-25 22:59:08
Size: 7678
Editor: ?PetterReinholdtsen
Comment: Add missing period.
Revision 7 as of 2017-08-08 22:35:58
Size: 7679
Editor: ?PetterReinholdtsen
Comment: Add missing period.
Deletions are marked like this. Additions are marked like this.
Line 90: Line 90:
After the reboot, when you login the first time, click on the "Options >>" button and select the domain SKOLELINUX instead of the local domain ("this computer") After the reboot, when you login the first time, click on the "Options >>" button and select the domain SKOLELINUX instead of the local domain ("this computer").

1. Samba in Debian Edu

/!\ The information in this chapter is outdated. Please read the information provided on the Samba wiki about supported Windows versions, needed registry patches and other procedures. Probably a line containing server max protocol = NT1 needs to be added to the [global] section of /etc/samba/smb-debian-edu.conf on the main server. Please consider updating this chapter if you know how to configure Samba for Debian Edu.

https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains

Samba has been fully prepared for use as an NT4-style domain controller with Windows XP, Windows Vista and Windows 7 as clients. After a machine has joined the domain, this machine can be fully managed with GOsa².

1.1. Getting Started

This documentation presumes that you have installed the Debian Edu main server and maybe also a Debian Edu workstation to verify that working under Debian Edu/Skolelinux works for you. We presume that you have already created some users that can flawlessly use the Debian Edu workstation. We also presume that you have a Windows XP/Vista/7 workstation at hand, so you can test access to the Debian Edu main server from a Windows machine.

After installation of the Debian Edu main server the Samba host \\TJENER should be visible in your Windows Network Neighbourhood. Debian Edu's Windows domain is SKOLELINUX. Use a Windows machine (or a Linux system with smbclient) to browse your Windows/Samba network environment.

  1. START -> Run command

  2. enter \\TJENER and press return
  3. -> a Windows Explorer window should open and show the netlogon share on \\TJENER, and maybe printers you already have configured for printing under Unix/Linux (CUPS queues).

1.1.1. Accessing files via Samba

Student and teacher user accounts that have been configured via GOsa² should be able to authenticate against \\TJENER\HOMES or \\TJENER\<username> and access their home directories with Windows machines not joined to the Windows SKOLELINUX domain.

  1. START -> Run command

  2. enter \\TJENER\HOMES or \\TJENER\<username> and press return

  3. enter your login credentials (username, password) in the authentication dialog window that appears
  4. -> a Windows Explorer window should open and show files and folders in your Debian Edu home directory.

By default only the [homes] and the [netlogon] shares are exported; further share examples for students and teachers can be found in /etc/samba/smb-debian-edu.conf on your Debian Edu main server.

1.2. Domain Membership

To use Samba on TJENER as a domain controller, your network's Windows workstations have to join the SKOLELINUX domain provided by the Debian Edu main server.

The first thing you have to do is to enable the SKOLELINUX\Administrator account. This account is not intended for day-to-day usage; its current main purpose is to add Windows machines to the SKOLELINUX domain. To enable this account log on to TJENER as the first user (created during main server installation) and run this command:

  • $ sudo smbpasswd -e Administrator

The password of SKOLELINUX\Administrator has been preconfigured during the main server's installation. Please use the system's root account when authenticating as SKOLELINUX\Administrator.

Once you are done with your administrative work make sure to disable the SKOLELINUX\Administrator account again:

  • $ sudo smbpasswd -d Administrator

1.2.1. Windows hostname

Make sure your Windows machine has the name that you want to use in the SKOLELINUX domain. If not, rename it first (and then reboot). The NetBIOS host name of the Windows machine will later on be used in GOsa² and cannot be changed there (without breaking the domain membership for this machine).

1.2.2. Joining the SKOLELINUX Domain with Windows XP

Joining Windows XP machines (tested with Service Pack 3) works out of the box.

NOTE: Windows XP Home does not support domain membership; Windows XP Professional is required here.

  1. log on to the Windows XP machine as Administrator (or any other account with Administrator privileges)
  2. click on "Start" then right-click on "Computer" and click on "Properties"
  3. select tab "Computer Name" and click on "Change..."
  4. under "Member of", select the radio button beside "Domain:", type SKOLELINUX and then click "OK"
  5. a pop up box will request to enter credentials of an account with rights to join the domain. Type username SKOLELINUX\Administrator and the root password, click "OK"
  6. a confirmation pop up box will welcome you to the SKOLELINUX domain. Clicking on "OK", will result in having another message informing that a reboot for the machine is required to apply the changes. Click on "OK"

After the reboot, when you login the first time, click on the "Options >>" button and select the domain SKOLELINUX instead of the local domain ("this computer").

If joining the domain has been successful you should then be able to view the host details within GOsa² (under the menu section "Systems").

1.2.3. Joining the SKOLELINUX Domain with Windows Vista/7

Joining Windows Vista/7 machines to the SKOLELINUX domain requires the installation of a registry patch on the Windows Vista/7 client. This patch is provided at this location:

  • \\tjener\netlogon\win7+samba_domain-membership\Win7_Samba3DomainMember.reg

For further information please consult the included README_Win7-Domain-Membership.txt in the same folder. Make sure you apply this patch as a local Administrator of the Windows system.

After applying the above patch and rebooting the client system you should be able to join the SKOLELINUX domain:

  1. click on "Start" then right-click on "Computer" and click on "Properties"
  2. the basic system information page will open. Under "Computer name, domain, and workgroup settings", click on "Change Settings"
  3. on the System Properties page, click on "Change..."
  4. under "Member of", select the radio button beside "Domain:", type SKOLELINUX and then click "OK"
  5. a pop up box will request to enter credentials of an account with rights to join the domain. Type username SKOLELINUX\Administrator and the root password, click "OK"
  6. a confirmation pop up box will welcome you to the SKOLELINUX domain. Clicking on "OK", will result in having another message informing that a reboot for the machine is required to apply the changes. Click on "OK"

After the reboot, when you login the first time, click on the "Options >>" button and select the domain SKOLELINUX instead of the local domain ("this computer").

If joining the domain has been successful you should then be able to view the host details within GOsa² (under the menu section "Systems").

1.3. First Domain Logon

Debian Edu ships some logon scripts that pre-configure the Windows user profile on first logon. When logging on to a Windows workstation that has joined the SKOLELINUX domain for the first time the following tasks are run:

  1. copy the user's Firefox profile to a separate location and register that with Mozilla Firefox on Windows
  2. set up Web-Proxy and start page in Firefox
  3. set up Web-Proxy and start page in IE
  4. add a MyHome icon to the Desktop that points to drive H: and opens Windows Explorer on double-click

Other tasks are run on every logon. For further information on this, please refer to the /etc/samba/netlogon folder on your Debian Edu main server.

CategoryPermalink