Samba and Win 95/98/NT: Workgroup or Domain ?

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 12:55:22



I am bringing serveral MS machines down off an NT Domain, and trying to
replace same with Linux Samba.  I am reading through the Samba literature,
and most instruction sets advise to set the Win client to "workgroup."  Does
this matter ?  Can the Win client be set to Domain instead ?  Isn't Samba a
replacement / equivalent to NT Domain ?

Thanks,

-- John

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Dean Thompso » Sat, 03 Mar 2001 12:57:19


Hi John,

Quote:> I am bringing serveral MS machines down off an NT Domain, and trying to
> replace same with Linux Samba.  I am reading through the Samba literature,
> and most instruction sets advise to set the Win client to "workgroup."  
> Does this matter ?  Can the Win client be set to Domain instead ?  Isn't
> Samba a replacement / equivalent to NT Domain ?

If you bring your SAMBA server up as a domain then the Win clients will have
to have their domain name set to whatever the domain name is that the SAMBA
server is going to provide.  However, you will first have to change the Win
clients from being in a domain to a workgroup and then back to the new domain
as Windows has to create a new SID for the domain.

See ya

Dean Thompson

--
+______________________________+____________________________________________+

|   Bach. Computing (Hons)     | ICQ     - 45191180                         |
|   PhD Student                | Office  - <Off-Campus>                     |
|   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
|   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
|   Melbourne, Australia       |                                            |
+------------------------------+--------------------------------------------+

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 13:12:40


Thanks, Dean -- I will try that.  Probably have to give the machines a
different workgroup name to try it.

Also, what is with the smbpasswd file ?  I am given to understand that I
need to add users to this file -- since my Win clients will most likely be
sending encrypted passwords.  The problem is that the smbpasswd file that I
have found on the Linux system is not executable...

-- John


Quote:

> Hi John,

> > I am bringing serveral MS machines down off an NT Domain, and trying to
> > replace same with Linux Samba.  I am reading through the Samba
literature,
> > and most instruction sets advise to set the Win client to "workgroup."
> > Does this matter ?  Can the Win client be set to Domain instead ?  Isn't
> > Samba a replacement / equivalent to NT Domain ?

> If you bring your SAMBA server up as a domain then the Win clients will
have
> to have their domain name set to whatever the domain name is that the
SAMBA
> server is going to provide.  However, you will first have to change the
Win
> clients from being in a domain to a workgroup and then back to the new
domain
> as Windows has to create a new SID for the domain.

> See ya

> Dean Thompson

> --

+______________________________+____________________________________________
+
Quote:> |   Dean Thompson              | E-mail  -


Quote:> |   Bach. Computing (Hons)     | ICQ     - 45191180
|
> |   PhD Student                | Office  - <Off-Campus>
|
> |   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> |   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> |   Melbourne, Australia       |
|

+------------------------------+--------------------------------------------
+
 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Dean Thompso » Sat, 03 Mar 2001 13:23:38


Hi John,

[...]

Quote:

> Also, what is with the smbpasswd file ?  I am given to understand that I
> need to add users to this file -- since my Win clients will most likely be
> sending encrypted passwords.  The problem is that the smbpasswd file that I
> have found on the Linux system is not executable...

With SAMBA you should have a file called smbpasswd which should live in a
directory which is similar to this one: /usr/local/samba/bin/smbpasswd (or
whereever samba is installed).  This file should be executable as it is the
program which is responsible for creating your smbpasswd file which will be
created in a directory like: /usr/local/samba/private/smbpasswd.

As for your question about the password file as opposed to the binary file,
the quick answer is yes, you should create all of your users in this file.  I
am not sure what sort of network structure you are building but I have built
structures where Linux is the master domain controller and serves the domain
for password and file sharing.

Additionally, those users that need access to any UNIX resource (especially
Linux) I use the SMB_AUTH pam which ties their password into the SAMBA
password as well.  This means that you can have your smbpasswd file that samba
maintains be your primary authentication source for all resources.

If you get stuck with the setup, let me know.

See ya

Dean Thompson

--
+______________________________+____________________________________________+

|   Bach. Computing (Hons)     | ICQ     - 45191180                         |
|   PhD Student                | Office  - <Off-Campus>                     |
|   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
|   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
|   Melbourne, Australia       |                                            |
+------------------------------+--------------------------------------------+

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 13:26:00



> Thanks, Dean -- I will try that.  Probably have to give the machines a
> different workgroup name to try it.

> Also, what is with the smbpasswd file ?  I am given to understand that I
> need to add users to this file -- since my Win clients will most likely be
> sending encrypted passwords.  The problem is that the smbpasswd file that
I
> have found on the Linux system is not executable...

> -- John



> > Hi John,

> > > I am bringing serveral MS machines down off an NT Domain, and trying
to
> > > replace same with Linux Samba.  I am reading through the Samba
> literature,
> > > and most instruction sets advise to set the Win client to "workgroup."
> > > Does this matter ?  Can the Win client be set to Domain instead ?
Isn't
> > > Samba a replacement / equivalent to NT Domain ?

> > If you bring your SAMBA server up as a domain then the Win clients will
> have
> > to have their domain name set to whatever the domain name is that the
> SAMBA
> > server is going to provide.  However, you will first have to change the
> Win
> > clients from being in a domain to a workgroup and then back to the new
> domain
> > as Windows has to create a new SID for the domain.

> > See ya

> > Dean Thompson

> > --

+______________________________+____________________________________________
> +
> > |   Dean Thompson              | E-mail  -

> > |   Bach. Computing (Hons)     | ICQ     - 45191180
> |
> > |   PhD Student                | Office  - <Off-Campus>
> |
> > |   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
> |
> > |   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
> |
> > |   Melbourne, Australia       |
> |

+------------------------------+--------------------------------------------

- Show quoted text -

Quote:> +

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 13:51:21


Hi Dean.

Yes, I am attempting to setup Linunx as the PDC with Wins Server in an
(otherwise) Microsoft network.  DHCP is provided by my hardware router, but
the Linux server has a static IP address outside the range of available DHCP
leases.  Believe it or not, this is in my home, so not a big network, but I
suppose up to 8 computers. (I know, some people work on cars <g> ).

The only Samba password file that I find is :  /usr/bin/smbpasswd  I know
the literature indicates otherwise, but this maybe peculiar to 2.0.7.  I do
see a file,   /usr/bin/smbadduser which might manually add the passwords.  I
will check on that as well as the Manual.

fyi -- I am still working on the Linuxconf-web issue.  I just need to get
the shares operational so that I can load the patch you sent me.

-- John


Quote:

> Hi John,

> [...]

> > Also, what is with the smbpasswd file ?  I am given to understand that I
> > need to add users to this file -- since my Win clients will most likely
be
> > sending encrypted passwords.  The problem is that the smbpasswd file
that I
> > have found on the Linux system is not executable...

> With SAMBA you should have a file called smbpasswd which should live in a
> directory which is similar to this one: /usr/local/samba/bin/smbpasswd (or
> whereever samba is installed).  This file should be executable as it is
the
> program which is responsible for creating your smbpasswd file which will
be
> created in a directory like: /usr/local/samba/private/smbpasswd.

> As for your question about the password file as opposed to the binary
file,
> the quick answer is yes, you should create all of your users in this file.
I
> am not sure what sort of network structure you are building but I have
built
> structures where Linux is the master domain controller and serves the
domain
> for password and file sharing.

> Additionally, those users that need access to any UNIX resource
(especially
> Linux) I use the SMB_AUTH pam which ties their password into the SAMBA
> password as well.  This means that you can have your smbpasswd file that
samba
> maintains be your primary authentication source for all resources.

> If you get stuck with the setup, let me know.

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Dean Thompso » Sat, 03 Mar 2001 13:56:37


Hi John,

[...]

Quote:

> The only Samba password file that I find is :  /usr/bin/smbpasswd  I know
> the literature indicates otherwise, but this maybe peculiar to 2.0.7.  I do
> see a file,   /usr/bin/smbadduser which might manually add the passwords.  
> I will check on that as well as the Manual.

Hmm, I have to admit this is a strange setup, normally I don't see files like
this in the standard SAMBA distribution for Samba 2.0.7.  I personally, would
recommend the following:

  * Remove SAMBA 2.0.7 from your system, and get the latest alpha release
     from samba.org for SAMBA2.2.  I have used this before and it is really
     good providing you use a domain name which has an odd number of
     characters in it (although this may have changed now).

If you want, issue the command "file /usr/bin/smbpasswd" and see whether or
not it comes back as a executable.  It should be from where I am sitting.

See ya

Dean Thompson

--
+______________________________+____________________________________________+

|   Bach. Computing (Hons)     | ICQ     - 45191180                         |
|   PhD Student                | Office  - <Off-Campus>                     |
|   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
|   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
|   Melbourne, Australia       |                                            |
+------------------------------+--------------------------------------------+

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 14:46:09


It was exactly as I thought.  In 2.0.7, you execute the command:
    smbadduser    john:john1
        where john is the samba login, and john1 is the unix login

I had to make the /usr/bin/smbpasswd file executable, and the define the
encrypted password file, which is also smbpasswd, but located in /etc/samba.

Looks like it works.  Now, I just need to go back and work on getting a
domain login.

-- John


Quote:

> Hi John,

> [...]

> > The only Samba password file that I find is :  /usr/bin/smbpasswd  I
know
> > the literature indicates otherwise, but this maybe peculiar to 2.0.7.  I
do
> > see a file,   /usr/bin/smbadduser which might manually add the
passwords.
> > I will check on that as well as the Manual.

> Hmm, I have to admit this is a strange setup, normally I don't see files
like
> this in the standard SAMBA distribution for Samba 2.0.7.  I personally,
would
> recommend the following:

>   * Remove SAMBA 2.0.7 from your system, and get the latest alpha release
>      from samba.org for SAMBA2.2.  I have used this before and it is
really
>      good providing you use a domain name which has an odd number of
>      characters in it (although this may have changed now).

> If you want, issue the command "file /usr/bin/smbpasswd" and see whether
or
> not it comes back as a executable.  It should be from where I am sitting.

> See ya

> Dean Thompson

> --

+______________________________+____________________________________________
+
Quote:> |   Dean Thompson              | E-mail  -


Quote:> |   Bach. Computing (Hons)     | ICQ     - 45191180
|
> |   PhD Student                | Office  - <Off-Campus>
|
> |   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> |   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> |   Melbourne, Australia       |
|

+------------------------------+--------------------------------------------
+
 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 15:11:34


Dean -- I am having trouble getting the Win NT Workstation to change back to
a domain.  When I ask for the domain, which the Samba server is now
administering, I get an error:

        Unable to connect to the domain controller for this domain.  Have
your administrator check your computer account on the domain.

Hmm.  Not sure how to add the computer to the (now Samba) domain.

-- John


Quote:

> Hi John,

> > I am bringing serveral MS machines down off an NT Domain, and trying to
> > replace same with Linux Samba.  I am reading through the Samba
literature,
> > and most instruction sets advise to set the Win client to "workgroup."
> > Does this matter ?  Can the Win client be set to Domain instead ?  Isn't
> > Samba a replacement / equivalent to NT Domain ?

> If you bring your SAMBA server up as a domain then the Win clients will
have
> to have their domain name set to whatever the domain name is that the
SAMBA
> server is going to provide.  However, you will first have to change the
Win
> clients from being in a domain to a workgroup and then back to the new
domain
> as Windows has to create a new SID for the domain.

> See ya

> Dean Thompson

> --

+______________________________+____________________________________________
+
Quote:> |   Dean Thompson              | E-mail  -


Quote:> |   Bach. Computing (Hons)     | ICQ     - 45191180
|
> |   PhD Student                | Office  - <Off-Campus>
|
> |   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> |   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> |   Melbourne, Australia       |
|

+------------------------------+--------------------------------------------
+
 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Dean Thompso » Sat, 03 Mar 2001 15:20:54


Hi John,

Quote:> Dean -- I am having trouble getting the Win NT Workstation to change back
> to a domain.  When I ask for the domain, which the Samba server is now
> administering, I get an error:

> Unable to connect to the domain controller for this domain.  Have
> your administrator check your computer account on the domain.

> Hmm.  Not sure how to add the computer to the (now Samba) domain.

Okay, well you will have to add a 'machine' account to your samba password
file.  From memory you can do this by using the "-m" command to smbpasswd (but
I think that is an option under the new version of SAMBA).

Normally you have to create an account in your /etc/passwd file with a "$" at
the end.  So for example, if your WinNT machine is called "work", you would
create an entry in /etc/passwd like the following:
WORK$:x:1000:1001:Work Machine:/dev/null:/bin/false

You then have to add this user to your smbpasswd file with the "$" on the
end.  When I used smbpasswd -m I didn't have to provide a password, but you
may have to provide a username on the system.  Additionally, make sure that
your "root" user also has an entry in the smbpasswd file as this is the user
that SAMBA only accepts when creating a computer account and joining the
domain.

This is where using samba2.2alpha makes it easier to use :)

See ya

Dean Thompson

--
+______________________________+____________________________________________+

|   Bach. Computing (Hons)     | ICQ     - 45191180                         |
|   PhD Student                | Office  - <Off-Campus>                     |
|   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
|   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
|   Melbourne, Australia       |                                            |
+------------------------------+--------------------------------------------+

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Dean Thompso » Sat, 03 Mar 2001 15:29:13


Hi John,

  According to the FAQ, the smbpasswd command does accept the "-m" parameter.
This means that you should be able to add something like this:

   smbpasswd -a -m machineName$  ---> You must have machineName$ in the
                                        /etc/passwd file already however.

  You can then go into Windows NT and say Join a Domain but don't click the
option saying create a computer account.  Apparently Samba 2.0.7 doesn't know
how to deal with that command and hence will cause a failure.

See ya

Dean Thompson

--
+______________________________+____________________________________________+

|   Bach. Computing (Hons)     | ICQ     - 45191180                         |
|   PhD Student                | Office  - <Off-Campus>                     |
|   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
|   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
|   Melbourne, Australia       |                                            |
+------------------------------+--------------------------------------------+

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by John Gil » Sat, 03 Mar 2001 16:52:06


Dean -- That sure sounded like a great idea, but whoops.

I was able to add the machine, etc., and then in NT, chose domain name, and
got a "welcome to the xx domain."  When I go to CTL-ALT-DEL to login, I get
the domain screen, enter my name, domain, pw, and after a few seconds, I get
looped back to the CTL-ALT-DEL screen.

Hmm.

-- JJG


Quote:

> Hi John,

> > Dean -- I am having trouble getting the Win NT Workstation to change
back
> > to a domain.  When I ask for the domain, which the Samba server is now
> > administering, I get an error:

> > Unable to connect to the domain controller for this domain.  Have
> > your administrator check your computer account on the domain.

> > Hmm.  Not sure how to add the computer to the (now Samba) domain.

> Okay, well you will have to add a 'machine' account to your samba password
> file.  From memory you can do this by using the "-m" command to smbpasswd
(but
> I think that is an option under the new version of SAMBA).

> Normally you have to create an account in your /etc/passwd file with a "$"
at
> the end.  So for example, if your WinNT machine is called "work", you
would
> create an entry in /etc/passwd like the following:
> WORK$:x:1000:1001:Work Machine:/dev/null:/bin/false

> You then have to add this user to your smbpasswd file with the "$" on the
> end.  When I used smbpasswd -m I didn't have to provide a password, but
you
> may have to provide a username on the system.  Additionally, make sure
that
> your "root" user also has an entry in the smbpasswd file as this is the
user
> that SAMBA only accepts when creating a computer account and joining the
> domain.

> This is where using samba2.2alpha makes it easier to use :)

> See ya

> Dean Thompson

> --

+______________________________+____________________________________________
+
Quote:> |   Dean Thompson              | E-mail  -


Quote:> |   Bach. Computing (Hons)     | ICQ     - 45191180
|
> |   PhD Student                | Office  - <Off-Campus>
|
> |   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)
|
> |   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077
|
> |   Melbourne, Australia       |
|

+------------------------------+--------------------------------------------
+
 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Dean Thompso » Sat, 03 Mar 2001 17:31:59


Hi John,

Quote:> I was able to add the machine, etc., and then in NT, chose domain name, and
> got a "welcome to the xx domain."  When I go to CTL-ALT-DEL to login, I get
> the domain screen, enter my name, domain, pw, and after a few seconds, I
> get looped back to the CTL-ALT-DEL screen.

Okay, what does the log file of samba say.  It sounds promising but then it
looks like it ended in disappointment with the screen coming back again.  Do
you have encrypted passwords enabled on the samba daemon.

See ya

Dean Thompson

--
+______________________________+____________________________________________+

|   Bach. Computing (Hons)     | ICQ     - 45191180                         |
|   PhD Student                | Office  - <Off-Campus>                     |
|   School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
|   MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
|   Melbourne, Australia       |                                            |
+------------------------------+--------------------------------------------+

 
 
 

Samba and Win 95/98/NT: Workgroup or Domain ?

Post by Mark Bratch » Sat, 03 Mar 2001 20:53:35



>Thanks, Dean -- I will try that.  Probably have to give the machines a
>different workgroup name to try it.

>Also, what is with the smbpasswd file ?  I am given to understand that I
>need to add users to this file -- since my Win clients will most likely be
>sending encrypted passwords.  The problem is that the smbpasswd file that I
>have found on the Linux system is not executable...

Which smbpasswd are you talking about? If it's the one under /etc, then it
is, of course, not executable. It is the file containing the password list.

The executable one should be in a bin directory somewhere.

--
Mark Bratcher
To reply direct, remove both underscores (_) from my email name
---------------------------------------------------------------
Escape from Microsoft's proprietary tentacles: use Linux!

 
 
 

1. Samba / Win 95 / Win 98 Encryption

Running Redhat 6.2. with Samba.  In the Samba Global Setting, when Encrypted
Passwords = No, then the Window 95 computer can the Linux computer  in
Network Neighborhood.  However the Windows 98 computer is unable to see the
Linux computer in the Network Neighborhood.

When Encrpted Passwords = Yes, then the reverse is true. The Windows 98
computer can see the Linux computer in Network Neighborhood, and the Windows
95 computer are unable to see the Linux computer.  Using Find Computer on
the Windows computer does not locate the Linux box.

Any suggestions welcomed.

2. Problem writing a device driver for Nogatech CaptureVision PCMCIA card

3. FIX for problems connecting 95/98/NT to Samba servers

4. ADSL Modem - ITeX Chips Set - Linux Driver?

5. Win 95/98 to Samba

6. RJ45 extender + embedded Linux?

7. Xwindows client for Win NT/95/98

8. Xfree 3.3.6

9. Passwd Server for Win-NT,95,98 & Linux

10. Linux as the file and internet server with win NT/95/98 clients

11. Remote editor for Win-95/98/NT and MacOS clients?

12. Connecting Windows NT and Win 95/98 to SCO 5.0.4

13. Win NT, Win 95, Linux & Samba questions