WINDOWS DOMAIN CONTROLLER

Hong nh Thc inh Vn Phc Nguyn Tun Lim Nguyn nh Thnh

OUT LINE

o o o

Domain Controller Samba Cu hnh Samba nh Primary Domain Controller Kt ni Window client to Domain

DOMAIN CONTROLLER
Domain : l tp hp cc ti khon ngi dng v ti khon my tnh c nhm li vi nhau qun l mt cch tp trung. V cng vic qun l l dnh cho domain controller (b iu khin min) nhm gip vic khai thc ti nguyn tr nn d dng hn.

V D DOMAIN

DOMAIN CONTROLLER

Primary Domain Controller : L mt my ch iu khin trong mt Windows domain.

DOMAIN CONTROLLER
S

khc bit gia ca PDC v mt thnh vin ca Windows Workgroup:

Mt PDC lu gi thng tin ng nhp trn mt c s d liu trung tm trn a cng ca n. iu ny cho php c mt tn truy cp v password chung cho ton h thng khi ng nhp t tt c my tnh trong h thng Trong Windows Workgroup, mi my tnh lu gi tn truy cp v password cc b chng l duy nht cho mi my tnh.

SAMBA

Samba

l mt b tnh nng cho php Linux chia s file v nhng ti nguyn khc nh my in, vi Windows. Chng ny ni v cch a Linux ca bn vo Windows Primary Domain Controller (PDC) hay mt server cho Windows Workgroup.

SAMBA
Mt

trong nhng cu hnh ny cho php bt k ai ti nh cng c th:

Log on vo tt c cc windows ti nh trong khi cc file ca h trn Linux nm trn mt drive Windows. Chia s truy cp n cc my in trn Linux. Cc file chia s ch c th truy cp c bi nhng thnh vin ca nhm ngi dng Linux.

SAMBA
Mc [global] [printer] [homes] M t Cc thng s cu hnh chnh ca Samba Dng cu hnh cc my in Xc nh cch s l khi ngi dng ng nhp

[netlogon]
[profile]

Chia s cho script lu tr ng nhp

Chia s cho thng tin ng nhp ca domain

 /etc/samba/smb.conf

[global]

workgroup = DOMAIN netbios name = NETBIOS_NAME passdb backend = tdbsam add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g

CI T SAMBA NH MT PDC

logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\home\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-20000 idmap gid = 15000-20000

CI T SAMBA NH MT PDC

[homes] comment = Home Directories valid users = %S read only = No browseable = No

CI T SAMBA NH MT PDC

[netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = No browseable = No

CI T SAMBA NH MT PDC

[Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes

KT NI TI PDC T WINS WINDOWS 95/98/ME

First check that Client for Microsoft Networks is installed; if not, install it (Control Panel > Network > Client for Microsoft Networks). To install, place your Windows CD in the drive and select Add from the afforementioned dialog, then: Client > Add... > Microsoft > Client for Microsoft Networks. Make sure Client for Microsoft Networks is the primary network protocol (Control Panel > Network > Primary Network Logon). Next, go to Control Panel > Network > Client for Microsoft Networks > Properties > Logon to NT Domain. If you've employed the add user script option, select the checkbox Create a Computer Account in the Domain; otherwise you'll need to ensure a machine account already exists for the client. Fill in the domain, and click OK.

KT NI TI PDC T WINS WINDOWS NT/2000

Go to Control Panel > Network > Identification > Change option. If the machine is currently configured under the Workgroup option, select the Domain radio button and enter the domain name. Select Create a Computer Account in the Domain as necessary. Now, logon to the domain using the username root and the appropriate password. This is necessary to initialize the "secret" between the server and client machines. From here forward, any authenticated user can logon from this machine. A message should appear welcoming you to the domain_name domain.

KT NI TI PDC T WINS WINDOWS XP

Open the Local Security Policy editor (Start > All Programs > Administrative Tools > Local Security Policy). Locate the entry "Domain member: Digitally encrypt or sign secure channel (always)". Disable it. Locate the entry "Domain member: Disable machine account password changes". Make sure it's disabled as well. Locate the entry "Domain member: Require strong (Windows 2000 or later) session key". Disable it. Next, download the WinXP_SignOrSeal registry patch from www.samba.org or collect it from the Resources section at the end of this tutorial. Apply it by double-clicking and answering Yes to the dialog prompt. Now join the domain the same as you would for Windows NT or 2000. Right-click My Computer, select Properties, Computer Name, and Change. Or click the Network ID button and run the Network Wizard.

THANK YOU