"Alex Brett" <alex.brett(a)brettcomputers.co.uk> wrote on 27/01/02
>We currently do not have the correct permissions on the file shares
>as most of them were originally setup by Tiny who installed the
>server and they just set Everyone Full Control. We have been
>going through fixing it but not got very far! He wants Win2K
>because we are having problems with Win2K Workstations
>connecting properly on to the network - it might just be a policy
>thing rather than a server thing - i'm not sure.
Be clever with linux permissions - use features like SGUID (chmod 2xxx
folder) and also your smb.conf settings for the share:
force group = pupils
This will mean that you can then assign permissions to selected groups
with considerable ease. Check that the users are also members of
additional groups as appropriate. Hey presto.
RE: hiding shares from view ...
Make sure the shares on the linux box (apart from netlogon) are marked
browseable = no
They do not then show in the output of net view or the windows explorer
netlogon is a special case, which must be left browseable, or all your
clever policy thingies wont be found correctly. Incidentally, you do
not *have* to put them in netlogon. You can make a new share, whose
name *can* end in a $, leaving the share effectively hidden. You then
need to update the registry on the work stations to do a *manual*
download of the policy (look in the default machine settings via policy
editor, after electing to view the registry). Ensure this holds the
UNC path to the config.pol file (including the file name), e.g.
\\server\hidden$\config.pol. Leave error checking on until you have
got it working.
If you need more info, I can probably go more into chapter and verse.
********* E-Mail Address: aray(a)computerpark.co.uk
Tel: +44 (0) 1536 417155
Fax: +44 (0) 1536 417566
Computer Park Ltd
>From the info I've got it appears that group policies dont work under
samba as samba doesnt tell the windows clients which is the
primary group for a user. I've found a way round it using a separate
netlogon folder for each group and then having a separate config.pol
- however, i occasionally need to add certain computer records to
the policies, and if i had to do this i would have to go through every
config.pol which will take a while, and also, bearing in mind i am
likely to have about 100 groups!
If anybody knows of a patch or anything else to fix this, I would be
>>The other problem he doesn't like is that at the moment if someone
>>plugs a laptop into a network port, it gets assigned an IP by DHCP
>>(thats ok) but then it will be able to do a \\server and bring up all
>>the file shares and get into some of them without logging in at all -
>>will samba make it so file shares will only appear when a user logs
The reason that this is happening is *because* you have share permissions
set to "Everyone". Change them to "Domain Users" instead of "Everyone" and
this will resolve the problem - since your server will then require an
authenticated account for access to those shares.
It won't however solve the issue of poor security due to badly configured
permissions in the first place. The only way to fix this is the hard way -
which you will still have to do if you use samba or upgrade to Win2K.
Personally I'd save some money and a lot of hassle and fix the problem that
you have, which isn't really that hard.
I help my old school out with their computers and i currently have a
Win NT4 server with Win95 clients. I also have one Red Hat Linux
7.1 Server running Squid, DNS and NAT for the internet. I want to
turn the Win NT4 server into another Linux server hopefully running
a Red Hat or a Suse version. The system has to be able to cope
with logins from Win 95 clients, deal with the profiles we currently
use (a config.pol file in netlogon) and provide tight file security
(something we currently do not have with NT4!). From my
experiments with Samba I believe it can do this but is there
anything important I should know. The network admin there is
looking at Win2k but I want to provide him with reasons to go for
linux. Also, as a side-point - is it possible to tie network cards
together to provide greater bandwidth by doing load balancing or
Thanks in advance,
I too have never gotten group policies to work under SAMBA. This is
*probably* due to lack of knowledge on my part, but I too noticed lots of
people with the same problem. I'm going to have another look at this and
then see if there are any updates etc., but if anyone knows how to fix/do
this I'd appreciate it also.
Yes. To all. And then some :-)
As someone has said, place all of your config.pol into a Netlogon share,
making SAMBA the domain logon server. You will need SAMBA 2.2.x but that
shouldn't be a problem. As far as channel bonding goes, I looked into this
some time ago and in theory it is possible but personally I never got to a
solid conclusion about it. Remember, load balancing and channel bonding are
two separate things, so make sure you are implementing the correct method!
SAMBA/Linux as a server will exceed your expectations and security needs
without a shadow of a doubt. You will have more granular security over files
and file permissions, and looking through a book such as "Using SAMBA" by
OReilley will help you with the subtle SAMBA configuration options that will
secure your server from installation and early configuration (something
you'll need being in a school I suspect).
Good luck--let us all know how the decision goes and how the implementation
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> > Have you checked out vmware or Win4Lin to run the
> > Windows stuff (even if the programs will work
> > under Wine.)
> > Personally my preferance is Win4Lin since you can
> > set it up to work as a "shatter proof" Windows
> > on either workstations or thin clients.
> Mark, do you know if Win4Lin run on a dual processor machine?
Since Netraverse have some SMP kernels it certainly
should do, though I've not tested it on an SMP
St. Peter's CofE High School
Phone: +44 1392 204764 X109
Fax: +44 1392 204763
Usually things seem to just work, or they don't. I
could do with a hand here...
I may have this all wrong - I've read the mail
administrators howto, and the users howto and I'm a
little stuck with an intermitant fault...
I've set no mail options anywhere on my system. I have
a cable modem with NTL. I'm trying to automate a mail
message that, for example, mails me a directory
listing from the current working directory. I type:
ls -l | mail johnsonmlw(a)yahoo.com
I was surprised to see it work at all. I was expecting
to have to set some settings. BUT it only works about
1 in 10 times. Odd. If I type it ten times in quick
succession, I only get about one into my
johnsonmlw(a)yahoo.com mail box, and I receive nine
returns from mx1.mail.yahoo.com reporting a "501"
error - data format error.
I'm a complete mail novice - I've always used my yahoo
Any suggestions as to why it only sometimes works, and
whether I should be typing something else?
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
We are a 200 strong(or weak) pupil primary school
that's run a linux server for the past 4 years- which
has never gone wrong (LEA told us it wouldn't work,
after we installed they came down saw it, said it was
great and then still told other schools won't work)
We use very little of the SIMS package because its
useless and the pupil data base we use is crap - its a
great system - they give out updates (about 3 to 4 a
year) that inveriably(or do I mean always) go wrong
then over 300 school secretaries or adminstrators
phone up and try to sort it out (superb way of
I used to complain that the database, budget etc stuff
was old fashioned - but at least in the old days the
old systems worked - people like stuff if it works and
saves them a job or gain some extra benefit - which
SIMS etc doesnt
Can we get something else?
We have about 15 computers that will eventuallly
(shortly) be Linux - although I have to keep Windows
on for some learning software and games (yep A of E
and we have playstations and gameboys - part of the
curriculum old boy - games r good for kids - anybody
that doesn't think so needs to play (work with) the
games - comments/arguments welcome ho! ho!)
recently set up Linux with three thin clients LTSP -
guess what -Linux KDE desktop has worked out EASIER
than windows for staff and children - more options and
more user friendly stuff. It seems to be working great
Can anybody give me some sites with good Linux
software for education - I can't seem to find any -
even off a CD if anybody knows of stuff.
Thanks for listening (??)
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
We are looking to deploy CCM's Facility timetable / scheduler next September
which uses M$ SQL 7 as standard. Does any one out there use this software
with a Linux DB, DB2 and Oracle are the most obvious. My manager is not keen
on MYSQL, but if some one is using it for this successfully it might change
Any information would be useful.
Thanks in advance.
IT System Eng.
James Allen's Girls' School (Registered Charity Number 312750)
East Dulwich Grove
London SE22 8TE
Telephone: +44 (0) 20 8693 1181
Fax: +44 (0) 20 8693 7842
Web site: http://www.jags.org.uk/
This e-mail is for the exclusive and confidential use of the addressee. Any
other distribution, use or reproduction without our prior consent is
unauthorised and strictly prohibited. If you have received this message in
error, please notify the sender by telephone immediately. No engagements
are entered into by the School except by a letter or fax bearing an
authorised employee's or governor's signature.