[Email]
© 2004 RMSchneider Limited
|
|
[Email] © 2004 RMSchneider Limited |
|
Books from Amazon. Shop Amazon.co.uk below, and Amazon.com (usa) farther down.
|
Windows
XP and Samba
by This document describes our
experiences in making Windows XP and Samba to work together for
This information is not
easily found in one place, and therefore this page has been created to provide
that information source. The information covered here works for Samba
2.27. We have not yet upgraded to
Samba 3.x. Windows XP Service Pack 1
broke some Samba configurations. See “Failure to Load Roaming Profile after
XP Service Pack 1 Update”. Microsoft plans XP Service Pack 2 for release
in July 2004. It is not yet known by us
the impact of this Service Pack on Samba. Contents
News: 12 May 2004: Microsoft Update Breaks
Samba Summary of XP Client Configurations Use XP Professional not XP Home Network "Sign or Seal" Registry Change Check for Roaming Profile Ownership To Fix Problem with Files being Opened From Samba
Server in "read only" Machine Trust Account Required on Samba Server Failure to Load Roaming Profile after XP Service
Pack 1 Update News: 12 May 2004:
Microsoft Update Breaks Samba
According to The Inquirer,
Microsoft update MS04-012 (KB828741) breaks Samba. The Samba team has released updates. According to the Inquirer,
after applying this Microsoft "fix" to their systems, users that
access Samba file servers - most of which run a version of Unix or Linux -
suddenly found it impossible to
change passwords from windows machines, when prompted to do so as passwords
start expiring. As a result of the operation, they get the friendly
message "You do not have permission to change your password". Described in the Knowledge
Base article KB828741,
the update changes how Windows deals with passwords, plugging a security hole
and breaking critical Samba compatibility in the process See Samba upgrade 3.0.4
and 2.2.9 Introduction
to Samba
Samba is an Open Source/Free Software suite that
provides file and print services to SMB/CIFS clients. SMB is used by Windows machine. For
many organisations, Samba can replace or supplement the use of Windows servers
for file and print services. Samba can
also act as a network domain controller for Windows machines. Samba is freely available
under the GNU General
Public License. Samba is included
with most Linux distributions, and is available from its home page at http://www.samba.org. Samba is also used in Apple OS/X and some
Unix products. Basic
Configuration of Samba
The basic configuration of
Samba is well documented by documents included with Samba, various books,
articles, etc. See Samba Documentation. A particularly good article
about Samba as a Primary Domain Controller by Tom Syroid, is published by Summary
of XP Client Configurations
The following summarises
the special configuration on XP machine required to connect to Samba servers. Use
XP Professional not XP Home
Microsoft XP Home does not
have the required software to enable "joining" a network domain. Microsoft XP Professional does. If you need to have your computer join a domain,
use XP Pro. However, XP Home will work
fine for simple file and printer sharing.
XP Home provides different end-user network utilities for connecting to
network resources. Use of XP Home
utilities is not discussed here simply because we have not seen or used XP
Home. Network
"Sign or Seal" Registry Change
The following registry
entry needs to be changed:
Domain
Member Policies
Check
for Roaming Profile Ownership
Used when Samba is
configured to provide Primary Domain Control. See below for details.
(this is also controlled by
the Registry key:
To
Fix Problem with Files being Opened From Samba Server in "read only"
In the Samba configuration
file (normally /etc/samba/smb.conf on the Linux server), add a global option
By default Samba sets this
"yes". When set "yes" when you open files in
Windows applications, e.g. Excel, Word, etc. the files are opened in "read
only" mode no matter what permissions are applied and controlled by Samba
and the Linux server. I've not yet researched how this
change works or if there are any security implications. However, it does
fix the problem we experienced and is therefore documented here. Machine Trust Account Required on Samba Server
This is fully documented in the
Samba documentation. It is so important it is being re-stated here. For Windows XP, an account for the
"machine" using it's NETBIOS name plus a "$" is required on
the Samba Server in the OS (Linux) and in the Samba password file (smbpasswd). For example, if the XP machine is
named “buckeye”, then the machine account name that you setup on the Linux
machine would be “buckeye$”. Without this account previously
setup on the server, it is impossible for the client XP machine to
"join" the domain nor access any of the Samba resources. Note: as of this writing, I am
not certain if these machine accounts are required, or not, for client machines
that access the Samba server for simple file and print sharing. To be
investigated. "Joining" a Samba Domain
After the XP machine has had its machine trust account setup, you can configure the XP
machine to "join" the Samba domain.
Re-joining
the Domain
If you make changes to the domain
configuration in Samba, it is likely that the XP boxes will no longer be able
to connect to the domain. You will notice this as a problem when you
attempt to login to the domain. You have to re-configure the XP box to
re-join the re-configured domain. This will involve a number of steps with two
re-boots.
Failure to Load Roaming Profile after
|
|
[Feedback] |
(c) 2003-04
RMSchneider Limited |
