OT: Win: Starting a windows enterprise admin group
Bryan O'Neal
Bryan.ONeal at TheONealAndAssociates.com
Fri Aug 27 20:13:53 MST 2010
Definitely start by joining the linux server to the domain,
eliminating local accounts, use Active Directory for authentication
and ACL's for permissions. I can help you with this using WindBind and
Kerberos if you want. Totally set up time for CENT OS 4.5 and above
should be about 15 - 20 min. Start by making sure your servers all use
the same NTP servers and there clocks are in sync - then make sure you
change the windows server Administrator password. Those are usually
the only points left out of most online instructions.
On Fri, Aug 27, 2010 at 8:07 PM, JD Austin <jd at twingeckos.com> wrote:
> House for daily use; I'm coaching them on using their H drive (/home)
> instead of My Documents to keep the profile from blowing up when they're
> remote
> On Fri, Aug 27, 2010 at 19:33, Bryan O'Neal
> <Bryan.ONeal at theonealandassociates.com> wrote:
>>
>> By copied are you just using the samba server as a backup server or
>> are you using it to actually house the roaming profiles during daily
>> use?
>>
>> On Fri, Aug 27, 2010 at 7:21 PM, JD Austin <jd at twingeckos.com> wrote:
>> > I've confirmed that the roaming profiles work for a few test users.
>> >
>> >
>> >
>> >
>> > On Fri, Aug 27, 2010 at 19:16, Bryan O'Neal
>> > <Bryan.ONeal at theonealandassociates.com> wrote:
>> >>
>> >> Just to make sure roaming profile works from a client computer for the
>> >> admin but not for the regular users on the same desktop?
>> >> My first suggestion would to allow browsing and execution on the SAMBA
>> >> and FS level for everyone (save guest) and use ACL's to control user
>> >> access. If you join the samba server to the AD and use kerberos
>> >> tickets to pass authentication the windows server will simply think of
>> >> the samba server as another windows server.
>> >>
>> >>
>> >>
>> >> On Thu, Aug 26, 2010 at 12:56 PM, JD Austin <jd at twingeckos.com> wrote:
>> >> > The netlogon doesn't have permissions listed but profiles does; it
>> >> > seems
>> >> > the
>> >> > group name of the directory was mostly the issue (root):
>> >> > [Profiles]
>> >> > path = /home/e-smith/files/samba/profiles
>> >> > writeable = yes
>> >> > browseable = no
>> >> > create mask = 0600
>> >> > directory mask = 0700
>> >> > csc policy = disable
>> >> > hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>> >> >
>> >> > [netlogon]
>> >> > comment = Network Logon Service
>> >> > path = /home/e-smith/files/samba/netlogon
>> >> > guest ok = yes
>> >> > writable = yes
>> >> > browseable = no
>> >> >
>> >> > SME server uses a bunch of templates and has a system for building
>> >> > the
>> >> > smb.conf file that I'm still learning how to use such as:
>> >> >
>> >> > db configuration setprop smb RecycleBin enabled
>> >> > db configuration setprop smb KeepVersions enabled
>> >> > signal-event group-modify shared
>> >> > signal-event group-modify domain-admins
>> >> > signal-event group-modify domain-users
>> >> >
>> >> > I really hate using a bleeding edge version but I'll make it work :)
>> >> > JD
>> >> > On Thu, Aug 26, 2010 at 12:39, Eric Shubert <ejs at shubes.net> wrote:
>> >> >>
>> >> >> What are the permissions in your smb.conf file?
>> >> >>
>> >> >> (check logon path and [Profiles] in particular)
>> >> >>
>> >> >
>> >> > ---------------------------------------------------
>> >> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> >> > To subscribe, unsubscribe, or to change your mail settings:
>> >> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >> >
>> >> ---------------------------------------------------
>> >> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> >> To subscribe, unsubscribe, or to change your mail settings:
>> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
More information about the PLUG-discuss
mailing list