[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bullseye/HowTo/Samba" by WolfgangSchweer

Debian Wiki wiki at debian.org
Mon Jan 18 20:53:56 GMT 2021 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Bullseye/HowTo/Samba" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Bullseye/HowTo/Samba?action=diff&rev1=2&rev2=3

Comment:
Samba: from NT4-style PDC to 'standalone'; better client access, though

- #pragma section-numbers on
- 
  <<Anchor(Samba)>>
  = Samba in Debian Edu =
  <<TableOfContents(4)>>
  
- /!\ Please read the information provided on the Samba wiki about supported Windows versions, needed registry patches and other procedures before proceeding.
+ Samba has dropped the insecure SMB1 protocol, the option to setup Samba as NT4-style PDC is gone.
  
+ Samba is now configured as ''standalone server'' with modern SBM2/SMB3 support and usershares enabled, see {{{/etc/samba/smb-debian-edu.conf}}} on the main server. This way ordinary users are enabled to provide shares.
- https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
- <<BR>>
- https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
  
- Samba has been fully prepared for use as an NT4-style domain controller. After a machine has joined the domain, this machine can be fully managed with GOsa².
+ For site specific changes, copy /usr/share/debian-edu-config/smb.conf.edu-site to the /etc/samba directory. The settings in ''smb.conf.edu-site'' will override those contained in ''smb-debian-edu.conf''.
  
- == Getting Started ==
+ Please note:
+  * By default, home directories are read only. This can be changed in ''/etc/samba/smb.conf.edu-site''.
+  * Samba passwords are stored using {{{smbpasswd}}} and are updated in case a password is changed using GOsa².
+  * To temporarily disable a user's Samba account, run {{{smbpasswd -d <username>}}}, {{{smbpasswd -e <username>}}} will re-enable it. 
+  * Running {{{chown root:teachers /var/lib/samba/usershares}}} on the main server will disable usershares for 'students'.
  
- This documentation presumes that you have installed the Debian Edu main server and also a Debian Edu workstation. We presume that you have already created some users that can login and use the Debian Edu workstation. We also presume that you have a Windows workstation at hand, so you can test access to the Debian Edu main server from a Windows machine.
+ == Accessing files via Samba ==
  
- After installation of the Debian Edu main server the Samba host \\TJENER should be visible in your Windows Network Neighbourhood. Debian Edu's Windows domain is SKOLELINUX. Use a Windows machine (or a Linux system with smbclient) to browse your Windows/Samba network environment.
+ Connections to a user's home directory and to additional site specific shares (if configured) are possible for devices running Linux, Android, macOS, iOS, iPadOS, Chrome OS or Windows. Other devices like Android based ones require a file manager with SMB2/SMB3 support, also known as LAN access. [[https://play.google.com/store/apps/details?id=com.lonelycatgames.Xplore&hl=en_US&gl=US|X-plore]] or [[https://www.ghisler.com/android.htm|Total Commander with LAN plugin]] might be a good choice.
  
+ Use {{{\\tjener\<username>}}} or {{{smb://tjener/<username>}}} to access the home directory.
-  1. START -> Run command
-  1. enter \\TJENER and press return
-  1. -> a Windows Explorer window should open and show the netlogon share on \\TJENER, and maybe printers you already have configured for printing under Unix/Linux (CUPS queues).
- 
- === Accessing files via Samba ===
- 
- Student and teacher user accounts that have been configured via GOsa² should be able to authenticate against \\TJENER\HOMES or \\TJENER\<username> and access their home directories even with Windows machines '''not''' joined to the Windows SKOLELINUX domain.
- 
-  1. START -> Run command
-  1. enter \\TJENER\HOMES or \\TJENER\<username> and press return
-  1. enter your login credentials (username, password) in the authentication dialog window that appears
-  1. -> a Windows Explorer window should open and show files and folders in your Debian Edu home directory.
- 
- 
- By default only the [homes] and the [netlogon] shares are exported; further share examples for students and teachers can be found in {{{/etc/samba/smb-debian-edu.conf}}} on your Debian Edu main server.
- 
- == Domain Membership ==
- 
- To use Samba on TJENER as a domain controller, your network's Windows workstations have to join the SKOLELINUX domain provided by the Debian Edu main server.
- 
- The first thing you have to do is to enable the SKOLELINUX\Administrator account. This account is not intended for day-to-day usage; its current main purpose is to add Windows machines to the SKOLELINUX domain. To enable this account log on to TJENER as the first user (created during main server installation) and run this command:
- 
-   $ sudo smbpasswd -e Administrator
- 
- The password of SKOLELINUX\Administrator has been preconfigured during the main server's installation. Please use the system's root account when authenticating as SKOLELINUX\Administrator.
- 
- Once you are done with your administrative work make sure to disable the SKOLELINUX\Administrator account again:
- 
-   $ sudo smbpasswd -d Administrator
- 
- === Windows hostname ===
- 
- Make sure your Windows machine has the name that you want to use in the SKOLELINUX domain. If not, rename it first (and then reboot). The NetBIOS host name of the Windows machine will later on be used in GOsa² and cannot be changed there (without breaking the domain membership for this machine).
- 
- == First Domain Logon ==
- 
- Debian Edu ships some logon scripts that pre-configure the Windows user profile on first logon. When logging on to a Windows workstation that has joined the SKOLELINUX domain for the first time the following tasks are run:
- 
-  1. copy the user's Firefox profile to a separate location and register that with Mozilla Firefox on Windows
-  1. set up Web-Proxy and start page in Firefox
-  1. set up Web-Proxy and start page in IE
-  1. add a !MyHome icon to the Desktop that points to drive H: and opens Windows Explorer on double-click
- 
- Other tasks are run on every logon. For further information on this, please refer to the {{{/etc/samba/netlogon}}} folder on your Debian Edu main server.
  
  CategoryPermalink

More information about the debian-edu-commits mailing list