80
80
Mr. Meany also asked if it would be possible for one of the staff to manage
81
81
user accounts from the Windows desktop. That person will be responsible for
83
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2515137"></a>Dissection and Discussion</h2></div></div><div></div></div><p>
83
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2535193"></a>Dissection and Discussion</h2></div></div></div><p>
84
84
What are the key requirements in this business example? A quick review indicates
86
86
</p><div class="itemizedlist"><ul type="disc"><li><p>
87
87
Scalability from 52 to over 100 users in 12 months
89
89
Mobile computing capability
90
<a class="indexterm" name="id2515162"></a>
90
<a class="indexterm" name="id2535218"></a>
92
92
Improved reliability and usability
94
94
Easier administration
95
95
</p></li></ul></div><p>
96
In this instance the installed Linux system is assumed to be a Red Hat Linux 9.0 server
96
In this instance the installed Linux system is assumed to be a Red Hat Linux Fedora Core2 server
97
97
(as in <a href="simple.html#AccountingOffice" title="Accounting Office">???</a>).
99
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2515193"></a>Technical Issues</h3></div></div><div></div></div><p>
100
<a class="indexterm" name="id2515201"></a>
101
<a class="indexterm" name="id2515208"></a>
102
<a class="indexterm" name="id2515214"></a>
103
<a class="indexterm" name="id2515221"></a>
104
<a class="indexterm" name="id2515228"></a>
99
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2535249"></a>Technical Issues</h3></div></div></div><p>
100
<a class="indexterm" name="id2535257"></a>
101
<a class="indexterm" name="id2535264"></a>
102
<a class="indexterm" name="id2535271"></a>
103
<a class="indexterm" name="id2535277"></a>
104
<a class="indexterm" name="id2535284"></a>
105
105
It is time to implement a domain security environment. You will use the <tt class="constant">
106
106
smbpasswd</tt> (default) backend. You should implement a DHCP server. There is no need to
107
107
run DNS at this time, but the system will use WINS. The Domain name will be <tt class="constant">
164
164
Go ahead, buy better notebooks. Wouldn't it be neat if they happened to be
165
165
supplied with anti-virus software? Above all, demonstrate good purchase value and remember
166
166
to make your users happy.
167
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2515426"></a>Implementation</h2></div></div><div></div></div><p><a class="indexterm" name="id2515433"></a>
167
</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2535483"></a>Implementation</h2></div></div></div><p><a class="indexterm" name="id2535489"></a>
168
168
In this example, the assumption is made that this server is being configured from a clean start.
169
169
The alternate approach could be to demonstrate the migration of the system that is documented
170
170
in <a href="simple.html#AcctgNet" title="Implementation">???</a> to meet the new requirements. The decision to treat this case, as with
171
171
future examples, as a new installation is based on the premise that you can determine
172
172
the migration steps from the information provided in the separate chapter on this subject.
173
173
Additionally, a fresh installation makes the example easier to follow.
174
</p><p><a class="indexterm" name="id2515459"></a>
174
</p><p><a class="indexterm" name="id2535516"></a>
175
175
Each user will be given a home directory on the UNIX system, which will be available as a private
176
176
share. Two additional shares will be created, one for the Accounting Department and the other for
177
177
the Financial Services Department. Network users will be given access to these shares by way
178
178
of group membership.
180
<a class="indexterm" name="id2515477"></a>
180
<a class="indexterm" name="id2535533"></a>
181
181
UNIX group membership is the primary mechanism by which Windows Domain users will be granted
182
182
rights and privileges within the Windows environment.
183
</p><p><a class="indexterm" name="id2515491"></a>
183
</p><p><a class="indexterm" name="id2535547"></a>
184
184
The user <span><b class="command">alanm</b></span> will be made the owner of all files. This will be preserved
185
185
by setting the sticky bit (set UID/GID) on the top-level directories.
186
186
</p><div class="figure"><a name="acct2net"></a><p class="title"><b>Figure�3.1.�Abmas Accounting 52 User Network Topology</b></p><div class="mediaobject"><img src="images/acct2net.png" width="351" alt="Abmas Accounting 52 User Network Topology"></div></div><div class="procedure"><ol type="1"><li><p>
187
187
Using UNIX/Linux system tools, name the server <tt class="constant">sleeth</tt>.
189
<a class="indexterm" name="id2515570"></a>
189
<a class="indexterm" name="id2535627"></a>
190
190
Place an entry for the machine <tt class="constant">sleeth</tt> in the <tt class="filename">/etc/hosts</tt>.
191
191
The printers are network attached, so it is desirable that there should be entries for the
192
192
network printers also. An example <tt class="filename">/etc/hosts</tt> file is shown here:
312
312
Users (S-1-5-32-545) -> -1
315
<a class="indexterm" name="id2515936"></a>
316
<a class="indexterm" name="id2515943"></a>
317
<a class="indexterm" name="id2515952"></a>
315
<a class="indexterm" name="id2535987"></a>
316
<a class="indexterm" name="id2535994"></a>
317
<a class="indexterm" name="id2536003"></a>
318
318
For each user who needs to be given a Windows Domain account, make an entry in the
319
319
<tt class="filename">/etc/passwd</tt> file as well as in the Samba password backend.
320
320
Use the system tool of your choice to create the UNIX system accounts and use the Samba
321
321
<span><b class="command">smbpasswd</b></span> program to create the Domain user accounts.
323
<a class="indexterm" name="id2515979"></a>
324
<a class="indexterm" name="id2515986"></a>
325
<a class="indexterm" name="id2515992"></a>
323
<a class="indexterm" name="id2536029"></a>
324
<a class="indexterm" name="id2536036"></a>
325
<a class="indexterm" name="id2536043"></a>
326
326
There are a number of tools for user management under UNIX. Commonly known ones include:
327
327
<span><b class="command">useradd</b></span>, <span><b class="command">adduser</b></span>. In addition to these, there are a plethora of custom
328
328
tools. With the tool of your choice, create a home directory for each user.
351
351
Configure the printers with the IP addresses as shown in <a href="small.html#acct2net" title="Figure�3.1.�Abmas Accounting 52 User Network Topology">???</a>.
352
352
Follow the instructions in the manufacturers' manuals to permit printing to port 9100.
353
353
This allows the CUPS spooler to print using raw mode protocols.
354
<a class="indexterm" name="id2516151"></a>
355
<a class="indexterm" name="id2516158"></a>
354
<a class="indexterm" name="id2536202"></a>
355
<a class="indexterm" name="id2536209"></a>
357
<a class="indexterm" name="id2516171"></a><a class="indexterm" name="id2516180"></a>
357
<a class="indexterm" name="id2536222"></a><a class="indexterm" name="id2536230"></a>
358
358
Configure the CUPS Print Queues as follows:
359
359
</p><pre class="screen">
360
360
<tt class="prompt">root# </tt> lpadmin -p hplj4 -v socket://192.168.1.11:9100 -E
361
361
<tt class="prompt">root# </tt> lpadmin -p hplj6 -v socket://192.168.1.10:9100 -E
362
362
<tt class="prompt">root# </tt> lpadmin -p qms -v socket://192.168.2.10:9100 -E
364
<a class="indexterm" name="id2516215"></a>
364
<a class="indexterm" name="id2536266"></a>
365
365
This creates the necessary print queues with no assigned print filter.
367
<a class="indexterm" name="id2516230"></a>
368
<a class="indexterm" name="id2516237"></a>
369
<a class="indexterm" name="id2516244"></a>
367
<a class="indexterm" name="id2536281"></a>
368
<a class="indexterm" name="id2536287"></a>
369
<a class="indexterm" name="id2536294"></a>
370
370
Edit the file <tt class="filename">/etc/cups/mime.convs</tt> to uncomment the line:
371
371
</p><pre class="screen">
372
372
application/octet-stream application/vnd.cups-raw 0 -
375
<a class="indexterm" name="id2516271"></a>
375
<a class="indexterm" name="id2536322"></a>
376
376
Edit the file <tt class="filename">/etc/cups/mime.types</tt> to uncomment the line:
377
377
</p><pre class="screen">
378
378
application/octet-stream
380
</p></li><li><p><a class="indexterm" name="id2516297"></a>
380
</p></li><li><p><a class="indexterm" name="id2536347"></a>
381
381
Using your favorite system editor, create an <tt class="filename">/etc/dhcpd.conf</tt> with the
382
382
contents as shown in <a href="small.html#dhcp01" title="Example�3.2.�Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">???</a>.
383
</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example�3.2.�Abmas Accounting DHCP Server Configuration File <tt class="filename">/etc/dhcpd.conf</tt></b></p><a class="indexterm" name="id2516335"></a><pre class="screen">
383
</p><div class="example"><a name="dhcp01"></a><p class="title"><b>Example�3.2.�Abmas Accounting DHCP Server Configuration File <tt class="filename">/etc/dhcpd.conf</tt></b></p><a class="indexterm" name="id2536386"></a><pre class="screen">
384
384
default-lease-time 86400;
385
385
max-lease-time 172800;
386
386
default-lease-time 86400;
453
453
</p><pre class="screen">
454
454
hosts: files wins
456
</p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example�3.3.�Accounting Office Network smb.conf File [globals] Section</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[global]</tt></i></td></tr><tr><td><a class="indexterm" name="id2516561"></a><i class="parameter"><tt>
458
workgroup = BILLMORE</tt></i></td></tr><tr><td><a class="indexterm" name="id2516576"></a><i class="parameter"><tt>
460
passwd chat = *New*Password* \</tt></i></td></tr><tr><td><i class="parameter"><tt>%n\n*Re-enter*new*password* %n\n *Password*changed*</tt></i></td></tr><tr><td><a class="indexterm" name="id2516600"></a><i class="parameter"><tt>
462
username map = /etc/samba/smbusers</tt></i></td></tr><tr><td><a class="indexterm" name="id2516616"></a><i class="parameter"><tt>
464
syslog = 0</tt></i></td></tr><tr><td><a class="indexterm" name="id2516632"></a><i class="parameter"><tt>
466
name resolve order = wins bcast hosts</tt></i></td></tr><tr><td><a class="indexterm" name="id2516648"></a><i class="parameter"><tt>
468
printcap name = CUPS</tt></i></td></tr><tr><td><a class="indexterm" name="id2516663"></a><i class="parameter"><tt>
470
show add printer wizard = No</tt></i></td></tr><tr><td><a class="indexterm" name="id2516679"></a><i class="parameter"><tt>
472
add user script = /usr/sbin/useradd -m '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2516696"></a><i class="parameter"><tt>
474
delete user script = /usr/sbin/userdel -r '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2516712"></a><i class="parameter"><tt>
476
add group script = /usr/sbin/groupadd '%g'</tt></i></td></tr><tr><td><a class="indexterm" name="id2516728"></a><i class="parameter"><tt>
478
delete group script = /usr/sbin/groupdel '%g'</tt></i></td></tr><tr><td><a class="indexterm" name="id2516744"></a><i class="parameter"><tt>
480
add user to group script = /usr/sbin/usermod -G '%g' '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2516761"></a><i class="parameter"><tt>
482
add machine script = /usr/sbin/useradd \</tt></i></td></tr><tr><td><i class="parameter"><tt>-s /bin/false -d /dev/null '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2516784"></a><i class="parameter"><tt>
484
logon script = scripts\login.bat</tt></i></td></tr><tr><td><a class="indexterm" name="id2516800"></a><i class="parameter"><tt>
486
logon path = </tt></i></td></tr><tr><td><a class="indexterm" name="id2516816"></a><i class="parameter"><tt>
488
logon drive = X:</tt></i></td></tr><tr><td><a class="indexterm" name="id2516831"></a><i class="parameter"><tt>
490
domain logons = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2516847"></a><i class="parameter"><tt>
492
preferred master = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2516863"></a><i class="parameter"><tt>
494
wins support = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2516879"></a><i class="parameter"><tt>
496
printing = CUPS</tt></i></td></tr></table></div><div class="example"><a name="acct3conf"></a><p class="title"><b>Example�3.4.�Accounting Office Network smb.conf File Services and Shares Section</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><i class="parameter"><tt>[homes]</tt></i></td></tr><tr><td><a class="indexterm" name="id2516917"></a><i class="parameter"><tt>
498
comment = Home Directories</tt></i></td></tr><tr><td><a class="indexterm" name="id2516932"></a><i class="parameter"><tt>
500
valid users = %S</tt></i></td></tr><tr><td><a class="indexterm" name="id2516948"></a><i class="parameter"><tt>
502
read only = No</tt></i></td></tr><tr><td><a class="indexterm" name="id2516964"></a><i class="parameter"><tt>
504
browseable = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[printers]</tt></i></td></tr><tr><td><a class="indexterm" name="id2516988"></a><i class="parameter"><tt>
506
comment = SMB Print Spool</tt></i></td></tr><tr><td><a class="indexterm" name="id2517004"></a><i class="parameter"><tt>
508
path = /var/spool/samba</tt></i></td></tr><tr><td><a class="indexterm" name="id2517020"></a><i class="parameter"><tt>
510
printable = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2517036"></a><i class="parameter"><tt>
512
guest ok = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2517051"></a><i class="parameter"><tt>
514
use client driver = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2517067"></a><i class="parameter"><tt>
516
browseable = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[netlogon]</tt></i></td></tr><tr><td><a class="indexterm" name="id2517092"></a><i class="parameter"><tt>
518
comment = Network Logon Service</tt></i></td></tr><tr><td><a class="indexterm" name="id2517108"></a><i class="parameter"><tt>
520
path = /data/%U</tt></i></td></tr><tr><td><a class="indexterm" name="id2517123"></a><i class="parameter"><tt>
522
valid users = %S</tt></i></td></tr><tr><td><a class="indexterm" name="id2517139"></a><i class="parameter"><tt>
524
read only = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[accounts]</tt></i></td></tr><tr><td><a class="indexterm" name="id2517163"></a><i class="parameter"><tt>
526
comment = Accounting Files</tt></i></td></tr><tr><td><a class="indexterm" name="id2517179"></a><i class="parameter"><tt>
528
path = /data/accounts</tt></i></td></tr><tr><td><a class="indexterm" name="id2517195"></a><i class="parameter"><tt>
530
valid users = %G</tt></i></td></tr><tr><td><a class="indexterm" name="id2517211"></a><i class="parameter"><tt>
532
read only = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[finsvcs]</tt></i></td></tr><tr><td><a class="indexterm" name="id2517235"></a><i class="parameter"><tt>
534
comment = Financial Service Files</tt></i></td></tr><tr><td><a class="indexterm" name="id2517252"></a><i class="parameter"><tt>
536
path = /data/finsvcs</tt></i></td></tr><tr><td><a class="indexterm" name="id2517267"></a><i class="parameter"><tt>
538
valid users = %G</tt></i></td></tr><tr><td><a class="indexterm" name="id2517282"></a><i class="parameter"><tt>
540
read only = No</tt></i></td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2517298"></a>Validation</h3></div></div><div></div></div><p>
456
</p></li></ol></div><div class="example"><a name="acct2conf"></a><p class="title"><b>Example�3.3.�Accounting Office Network smb.conf File [globals] Section</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[global]</tt></i></td></tr><tr><td><a class="indexterm" name="id2536610"></a><i class="parameter"><tt>
458
workgroup = BILLMORE</tt></i></td></tr><tr><td><a class="indexterm" name="id2536626"></a><i class="parameter"><tt>
460
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*</tt></i></td></tr><tr><td><a class="indexterm" name="id2536643"></a><i class="parameter"><tt>
462
username map = /etc/samba/smbusers</tt></i></td></tr><tr><td><a class="indexterm" name="id2536659"></a><i class="parameter"><tt>
464
syslog = 0</tt></i></td></tr><tr><td><a class="indexterm" name="id2536674"></a><i class="parameter"><tt>
466
name resolve order = wins bcast hosts</tt></i></td></tr><tr><td><a class="indexterm" name="id2536690"></a><i class="parameter"><tt>
468
printcap name = CUPS</tt></i></td></tr><tr><td><a class="indexterm" name="id2536705"></a><i class="parameter"><tt>
470
show add printer wizard = No</tt></i></td></tr><tr><td><a class="indexterm" name="id2536720"></a><i class="parameter"><tt>
472
add user script = /usr/sbin/useradd -m '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2536737"></a><i class="parameter"><tt>
474
delete user script = /usr/sbin/userdel -r '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2536753"></a><i class="parameter"><tt>
476
add group script = /usr/sbin/groupadd '%g'</tt></i></td></tr><tr><td><a class="indexterm" name="id2536769"></a><i class="parameter"><tt>
478
delete group script = /usr/sbin/groupdel '%g'</tt></i></td></tr><tr><td><a class="indexterm" name="id2536785"></a><i class="parameter"><tt>
480
add user to group script = /usr/sbin/usermod -G '%g' '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2536801"></a><i class="parameter"><tt>
482
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</tt></i></td></tr><tr><td><a class="indexterm" name="id2536817"></a><i class="parameter"><tt>
484
logon script = scripts\login.bat</tt></i></td></tr><tr><td><a class="indexterm" name="id2536833"></a><i class="parameter"><tt>
486
logon path = </tt></i></td></tr><tr><td><a class="indexterm" name="id2536848"></a><i class="parameter"><tt>
488
logon drive = X:</tt></i></td></tr><tr><td><a class="indexterm" name="id2536863"></a><i class="parameter"><tt>
490
domain logons = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2536879"></a><i class="parameter"><tt>
492
preferred master = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2536894"></a><i class="parameter"><tt>
494
wins support = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2536910"></a><i class="parameter"><tt>
496
printing = CUPS</tt></i></td></tr></table></div><div class="example"><a name="acct3conf"></a><p class="title"><b>Example�3.4.�Accounting Office Network smb.conf File Services and Shares Section</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><i class="parameter"><tt>[homes]</tt></i></td></tr><tr><td><a class="indexterm" name="id2536948"></a><i class="parameter"><tt>
498
comment = Home Directories</tt></i></td></tr><tr><td><a class="indexterm" name="id2536963"></a><i class="parameter"><tt>
500
valid users = %S</tt></i></td></tr><tr><td><a class="indexterm" name="id2536979"></a><i class="parameter"><tt>
502
read only = No</tt></i></td></tr><tr><td><a class="indexterm" name="id2536994"></a><i class="parameter"><tt>
504
browseable = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[printers]</tt></i></td></tr><tr><td><a class="indexterm" name="id2537018"></a><i class="parameter"><tt>
506
comment = SMB Print Spool</tt></i></td></tr><tr><td><a class="indexterm" name="id2537034"></a><i class="parameter"><tt>
508
path = /var/spool/samba</tt></i></td></tr><tr><td><a class="indexterm" name="id2537049"></a><i class="parameter"><tt>
510
printable = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2537065"></a><i class="parameter"><tt>
512
guest ok = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2537080"></a><i class="parameter"><tt>
514
use client driver = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2537096"></a><i class="parameter"><tt>
516
browseable = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[netlogon]</tt></i></td></tr><tr><td><a class="indexterm" name="id2537120"></a><i class="parameter"><tt>
518
comment = Network Logon Service</tt></i></td></tr><tr><td><a class="indexterm" name="id2537136"></a><i class="parameter"><tt>
520
path = /data/%U</tt></i></td></tr><tr><td><a class="indexterm" name="id2537151"></a><i class="parameter"><tt>
522
valid users = %S</tt></i></td></tr><tr><td><a class="indexterm" name="id2537167"></a><i class="parameter"><tt>
524
read only = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[accounts]</tt></i></td></tr><tr><td><a class="indexterm" name="id2537191"></a><i class="parameter"><tt>
526
comment = Accounting Files</tt></i></td></tr><tr><td><a class="indexterm" name="id2537206"></a><i class="parameter"><tt>
528
path = /data/accounts</tt></i></td></tr><tr><td><a class="indexterm" name="id2537222"></a><i class="parameter"><tt>
530
valid users = %G</tt></i></td></tr><tr><td><a class="indexterm" name="id2537237"></a><i class="parameter"><tt>
532
read only = No</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[finsvcs]</tt></i></td></tr><tr><td><a class="indexterm" name="id2537261"></a><i class="parameter"><tt>
534
comment = Financial Service Files</tt></i></td></tr><tr><td><a class="indexterm" name="id2537278"></a><i class="parameter"><tt>
536
path = /data/finsvcs</tt></i></td></tr><tr><td><a class="indexterm" name="id2537292"></a><i class="parameter"><tt>
538
valid users = %G</tt></i></td></tr><tr><td><a class="indexterm" name="id2537308"></a><i class="parameter"><tt>
540
read only = No</tt></i></td></tr></table></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2537323"></a>Validation</h3></div></div></div><p>
541
541
Does everything function as it ought? That is the key question at this point.
542
542
Here are some simple steps to validate your Samba server configuration.
543
</p><div class="procedure"><ol type="1"><li><p><a class="indexterm" name="id2517316"></a>
543
</p><div class="procedure"><ol type="1"><li><p><a class="indexterm" name="id2537341"></a>
544
544
If your <tt class="filename">smb.conf</tt> file has bogus options or parameters, this may cause Samba
545
545
to refuse to start. The first step should always be to validate the contents
546
546
of this file by running:
728
726
transparently access network resources as if logged onto the domain itself. There are some trade-offs
729
727
that mean that as the network is more tightly secured it becomes necessary to modify Windows client
730
728
configuration somewhat.
731
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2517997"></a>Key Points Learned</h3></div></div><div></div></div><p>
729
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2538028"></a>Key Points Learned</h3></div></div></div><p>
732
730
In this network design and implementation exercise, you have created a Windows NT4 style Domain
733
Controller using Samba-3.0.2. As a result of following these guidelines meant that you experienced
731
Controller using Samba-3.0.12. As a result of following these guidelines meant that you experienced
734
732
and implemented several important aspects of Windows networking. In the next chapter of this book,
735
733
you build on the experience gained. These are the highlights from this chapter:
736
734
</p><div class="itemizedlist"><ul type="disc"><li><p>
737
<a class="indexterm" name="id2518018"></a>
735
<a class="indexterm" name="id2538048"></a>
738
736
You implemented a DHCP Server and Microsoft Windows clients were able to obtain all necessary
739
737
network configuration settings from this server.
741
<a class="indexterm" name="id2518031"></a>
739
<a class="indexterm" name="id2538062"></a>
742
740
You created a Windows Domain Controller. You were able to use the network logon service
743
741
and successfully joined Windows 200x/XP Professional clients to the Domain.
745
<a class="indexterm" name="id2518046"></a>
743
<a class="indexterm" name="id2538076"></a>
746
744
You created raw print queues in the CUPS printing system. You maintained a simple
747
745
printing system so that all users can share centrally managed printers. You installed
748
746
native printer drivers on the Windows clients.
752
750
You offered Mobile notebook users a solution that allows them to continue to work
753
751
while away from the office and not connected to the corporate network.
754
</p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2518074"></a>Questions and Answers</h2></div></div><div></div></div><p>
752
</p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2538104"></a>Questions and Answers</h2></div></div></div><p>
755
753
Your new Domain Controller is ready to serve you. What does it mean? Here are some questions and answers that
757
</p><div class="qandaset"><dl><dt> <a href="small.html#id2518092">
755
</p><div class="qandaset"><dl><dt>1. <a href="small.html#id2538118">
758
756
What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
759
</a></dt><dt> <a href="small.html#id2518118">
757
</a></dt><dt>2. <a href="small.html#id2538145">
760
758
Are there any DHCP server configuration parameters in the /etc/dhcpd.conf
761
759
that should be noted in particular?
762
</a></dt><dt> <a href="small.html#id2518150">
760
</a></dt><dt>3. <a href="small.html#id2538177">
763
761
Is it possible to create a Windows Domain account that is specifically called Administrator?
764
</a></dt><dt> <a href="small.html#id2518189">
762
</a></dt><dt>4. <a href="small.html#id2538216">
765
763
Why is it necessary to give the Windows Domain Administrator a UNIX UID of 0?
766
</a></dt><dt> <a href="small.html#id2518231">
764
</a></dt><dt>5. <a href="small.html#id2538257">
767
765
One of my junior staff needs the ability to add machines to the Domain, but I do not want to give him
768
766
root access. How can we do this?
769
</a></dt><dt> <a href="small.html#id2518272">
767
</a></dt><dt>6. <a href="small.html#id2538299">
770
768
Why must I map Windows Domain Groups to UNIX groups?
771
</a></dt><dt> <a href="small.html#id2518300">
769
</a></dt><dt>7. <a href="small.html#id2538326">
772
770
I deleted my root account and now I cannot add it back! What can I do?
773
</a></dt><dt> <a href="small.html#id2518372">
771
</a></dt><dt>8. <a href="small.html#id2538399">
774
772
When I run net groupmap list, it reports a group called Administrators
775
773
as well as Domain Admins. What is the difference between them?
776
</a></dt><dt> <a href="small.html#id2518421">
774
</a></dt><dt>9. <a href="small.html#id2538447">
777
775
What is the effect of changing the name of a Samba server, or of changing the Domain name?
778
</a></dt><dt> <a href="small.html#id2518473">
776
</a></dt><dt>10. <a href="small.html#id2538499">
779
777
How can I manage user accounts from my Windows XP Professional workstation?
780
</a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2518092"></a><a name="id2518094"></a><b></b></td><td align="left" valign="top"><p>
778
</a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2538118"></a><a name="id2538120"></a><b>1.</b></td><td align="left" valign="top"><p>
781
779
What is the key benefit of using DHCP to configure Windows client TCP/IP stacks?
782
780
</p></td></tr><tr class="answer"><td align="left" valign="top"><b></b></td><td align="left" valign="top"><p>
783
781
First and foremost, portability. It means that notebook users can move between