Find the answer to your Linux question:
Results 1 to 7 of 7
Hey guys, whats up. Ok, heres my situation i am runing slackware 9.0 and i have samba surving as a PDC on a domain "WILDCATS" is it possible to have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2006
    Posts
    5

    Exclamation slackware duel samba... is it possible?


    Hey guys, whats up.

    Ok, heres my situation i am runing slackware 9.0 and i have samba surving as a PDC on a domain "WILDCATS" is it possible to have samba surve another domain sutch as "TEACHERS" ? See I set this server up at a school and it would be nice to have the student computers on one domain and teachers on another (only teachers not being limited on there accounts in any way...

    I couldn't get roaming profiles to work so i just whent in to gpedit.msc on the windows xp computers(student computers) and prevented changing backgrounds, screen savers, start menu, writing to the c: drive and so on....
    I craked down on them preatty hard...

    The computers are dells, GX280 i beleve is the model number.
    running windows xp pro. w/sp2.

    So, if it is at all possible to set up one server to handle 2 domains i would greatly appreciate it if some one could help me out.

    I need to get this figered out ASAP.

    thanks,
    wayne

  2. #2
    Linux Newbie
    Join Date
    Apr 2005
    Location
    CT --> PA
    Posts
    170
    rather than running two different samba's for this...why not just go and limit the samba login's for the various accounts on one server?
    Chicks dig giant mechanized war machines

  3. #3
    Just Joined!
    Join Date
    Feb 2006
    Posts
    5
    Quote Originally Posted by TheBigPhish
    rather than running two different samba's for this...why not just go and limit the samba login's for the various accounts on one server?
    Ok what it is i Want only the student accounts to login only on a spacific group of computers (Student computers), and the teacher computers do not allow students to login but, only teacher accounts can login(on the teacher computers).

    the reason for this is that for one student are not allowed on teacher systems, second i set all the student computers (using gpedit.msc to lock out the user loged in from changing any settings, but on the teacher systems i don't want to lock them out at all so my solution i thought would be to put them on a second domain... but i don't want to buy a new server...

  4. #4
    Just Joined!
    Join Date
    Feb 2006
    Posts
    3

    I feel your pain!

    The good news is 'YES' dual Samba can be done on two separate networks. ie two network cards.

    First install and configure your nics. (usually static IP)

    Dual Samba infers Dual DHCP so configure your /etc/dhcpd.conf like so

    Code:
    ddns-update-style interim;
    ignore client-updates;
    
    #Modem/Router has static IP 192.168.1.1
    
    #------------------------------------------------------
    # ------------- First subnet declarations -------------
    #------------------------------------------------------
    
    #eth0 has static IP 192.168.1.2
    
    subnet 192.168.1.0 netmask 255.255.255.0 	{
    
    # --- default gateway ---
    	option routers			192.168.1.1;
    	option subnet-mask		255.255.255.0;
    	option broadcast-address	192.168.1.255;
    	
    	option nis-domain		"your.domain.org";
    	option domain-name		"your.domain.org";
    	option domain-name-servers	192.168.1.1, 192.168.1.2;
    	option time-offset		-18000; # Eastern Standard Time
    
    # --- WINS server Address ---	
    	option netbios-name-servers	192.168.1.2;
    
    # --- IP reservations range & lease time ---
    	range dynamic-bootp 192.168.1.10 192.168.1.200;
    	default-lease-time 21600;
    	max-lease-time 43200;
    }
    
    #------------------------------------------------------
    # ------------ Second subnet declarations -------------
    #------------------------------------------------------
    
    #eth1 has static IP 192.168.0.2
    
    subnet 192.168.0.0 netmask 255.255.255.0 	{
    
    # --- default gateway ---
    	option routers			192.168.0.2;
    	option subnet-mask		255.255.255.0;
    	option broadcast-address	192.168.0.255;
    	
    	option nis-domain		"your.domain.org";
    	option domain-name		"your.domain.org";
    	option domain-name-servers	192.168.0.2;
    	option time-offset		-18000; # Eastern Standard Time
    
    # --- WINS server Address ---	
    	option netbios-name-servers	192.168.0.2;
    
    # --- IP reservations range & lease time ---
    	range dynamic-bootp 192.168.0.10 192.168.0.200;
    	default-lease-time 21600;
    	max-lease-time 43200;
    }
    NOTE: Subnet 1 can get an internet connection but subnet 2 won't unless you use iptables or squid
    You may have to set your default gateway too.

    route add default gw 192.168.1.1
    You have to create a file called /etc/dhcpd.interfaces and list your devices ...

    Code:
    # /etc/dhcpd.interfaces
    #
    eth0
    eth1

    NEXT configure /etc/smb.conf , add the following ...

    Code:
    # Configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you must list them
    # here. See the man page for details.
    	interfaces = 192.168.1.2/24 192.168.0.2/24
    I did this on a fedora2 box but the principles are the same on any flavour of linux. Just make sure you have your Samba ports open if you have some sort of firewall.

    137/tcp
    137/udp
    138/tcp
    138/udp
    139/tcp
    139/udp

    Feel free to email me.

    P.S. If you had roaming profiles operational you can create mandatory profiles, simply locate the NTUser.DAT file in the desired profile and rename it to NTUser.MAN

    For MS Windows 9x/Me, it is the User.DAT file that must be renamed to User.MAN to effect a mandatory profile.

    With this method changes can be made but are not uploaded to the roaming profile when logging off.

  5. #5
    Just Joined!
    Join Date
    Feb 2006
    Posts
    5
    sorry havent been online in ages...
    tanks very infomative... what i have is a network using 10.42.1.*

    and i want computers A to have there domain and computers b have there domain... thats the main reson for this duel samba config...

    and i think what your saying is that if i have two net cards and put them on diff domains samba will become the PDC of both domains right?

    this is a large network and i have 3-5x24 10.100 t-base switches and the router is downtown...

    i was hoping i would not have to add another net card... cant i just creat a virtual card ie..

    eth0 = wildcats domain
    eth0:0 = teacher domain

    my main delema is that i we have one computer lab and i want this on domain wildcats

    then teachers are one domain OHS_teach

    -----------------

    and within the next year here we are getting even another computer lab so then this will be the setup:

    Teacher: OHS_Teach
    Lab one: OHS_Lab1
    Lab two: OHS_Lab2

    then a RM domain for all the other misc. computers (old 98, 2000) pcs that teachers have in their rooms... - No PDC on these...

    so:
    eth0 - Ohs_Teach
    eth0:0 - Ohs_Lab1
    eth0:1 - Ohs_Lab2

    and i want students and teachers to login on the labs and teacher computers, students not alowed on teacher computers (will deny logins from these accounts). can you outline how to accomplesh this?

    refrase:
    OHS-Teach Permishions
    allow accounts in group "Teachers" to access on these computers.

    OHS_Lab1 and OHS_Lab2 Permissions
    allow accounts in group "Teachers, nhs2011, nhs2012, and nhs2013" to access on these computers.

    is this within reason...?

    thanks,

  6. #6
    Just Joined!
    Join Date
    Feb 2006
    Posts
    3

    Thumbs up Vlan

    i think what your saying is that if i have two net cards and put them on diff domains samba will become the PDC of both domains right?
    Just to clarify this. I think the best word to use would be subnet rather than domain, because both of these subnets would join the one domain. If you wanted separate domain names I guess you would have to have two PDC's. ie two separate samba servers - maybe two can run on the one machine? I don't know.

    The whole reason I went with two network cards was so I could have two physically separate subnets. So wisecrack hacker student couldn't boot his liveCD, USB drive, floppy or even laptop up and access important characteristics and data of the ADMIN subnet.

    So I don't think you need two domains just one. I'll get back to you on the students not logging in on the teachers machines cause I know it can be done.

    http://www.physiol.ox.ac.uk/Computin...a/ch04_06.html

    I don't see a problem with setting up virtual devices apart from it been less secure, it's just I havn't set these up before let alone with SAMBA.

    There are a few things you'd need to research about doing this and I'd advise you to find a good "Howto: Configure Linux Virtual Local Area Network (VLAN)".

    I just did a quick look and came accross this, maybe it's a start.

    http://www.cyberciti.biz/tips/howto-...work-vlan.html

    Once you've got your VLAN sorted though, i'd say it's just a case of applying the appropriate declarations as above.

    I've got a test bed here and I'll have a look at it in the next couple of days.
    I'm usually pretty quick at sorting things out once I've put my mind to something!

    I can already see the DHCP would have to dish out addresses based on client MAC address or clients would have to have a static address. Cause all clients would be on the same physical device.

    I would like to research this myself - especially how the MAC address is sorted out.
    I'll keep a watch here anyway and post any findings!

    All the Best!

  7. #7
    Just Joined!
    Join Date
    Feb 2006
    Posts
    5
    thanks, a lot of info. I guess the real next question would be:
    Is it possible to load a diffrent startup script according to what group they are apart of?

    so the teacher accounts login and the following drive load using a batch file:
    ( home dir by default -H )
    net use -I teacher share
    netuse -J ____________
    ... and so on

    then the nhs20XX groups load the student drives.


    --------------------

    or since I limited the permitions on the teacher drives to the teacher group
    and student drives to to student groups.
    could i just list them all and if a teacher signed on it would load teacher drives
    and vice versa for students.

    -- ill do some research*

    thanks,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •