Replacing Windows NT/2000 Server with Linux

By Sebastian Sas ías

About Author:
As a supporting tool for developing technical solutions, he has been using Linux for several years.
His work includes using Linux controllers, signal processing, communication, and network security.
He is proficient in Electronic Automation and computer technology.
He has been committed to free software development under the GNU/GPL protocol.

Abstract:

This article provides a previous LinuxFocus article on how SAMBA is used to share resources on Unix-Windows heterogeneous networks. Specifically, SAMBA is used to run Windows Services.
This is not only because Linux is powerful and flexible, but also because of economic considerations:

This greatly saves the cost of purchasing a Windows server license.
To achieve similar performance, Linux uses less hardware resources (processor and memory) than Windows ).

An appropriate Linux server running SAMBA can replace Windows NT/2000 SERVER. It can generally share directories and provide active directory service (ADS) however, it can be used as the master Domain Controller (PDC), for Windows 2000/NT/98/95 as the client user authentication, sharing resources (directories and printers) and custom user sessions.
This article focuses on these aspects.

Many computer environments are based on the functions provided by Windows servers. Linux servers with SAMBA replace all functions provided by Windows without changing the client.
The following procedure assumes that a machine that has been installed in SAMBA and runs correctly will be used as a server. Readers need basic knowledge about Linux and Windows servers.

--------------------------------------------------------------------------------
Configuration
Follow these steps:

1) create a user to be authenticated on the Primary Domain Server (Linux/Samba.
Using the adduser command, useradd or userconf, you can use some user management tools or graphical interfaces (Webmin, Linuxconf, Yast, etc ).

Make sure that if you only access the Linux/Samba service (If You Want To), you do not have to enter the Linux Command Line. In this way, you only need to set the home directory to/dev/null, set the command line to/bin/false.

2) convert UNIX users to Linux/Samba/Windows users and generate the smbpasswd file.

Cat/etc/passwd | mksmbpasswd. sh>/etc/samba/smbpasswd

Another method is to execute the SAMBA command to create a user and define a password:

Smbadduser
Smbpasswd

These commands are similar to adduser and passwd.

3) edit the SAMBA configuration file (smb. conf). Be sure to add or subtract the following options marked with comment:

Netbios name = SMBServer
Workgroup = THEDOMAIN
Server string = Linux Samba NT Server
Log file =/var/log/samba/% m. log
Max log file = 0
Security = user
Encrypt password = yes
Smb password file =/etc/samba/smbpasswd
Ssl CA certificate =/usr/share/ssl/... (cancel comment)
Socket options = (cancel comment)
Local master = yes
Preferred master = yes
Domain master = yes
Domain logons = yes
Logon script = logon. bat
Wins support = yes

Note:
As a unique login for each user, you must replace the original login script with the "% U. bat" file ). In this way, each user has a "Login description" with its own user name, and % u is also usable. if you want to define which group the user belongs to, you can use % g or % G. The definitions of these parameters and other parameters can be found in the Manual. (Man smb. conf)

4) create shared resources
Edit the smb. conf file, comment out all "shared" examples, and add the following information. If not necessary, do not change it:

[Netlogon]
Comment = Initialization Scripts
Path =/home/netlogon
Read only = yes
Guest OK = yes
Browseable = No

[Home]
Comment = user directory
Path =/home/% u
Browseable = Yes
Writable = Yes

[Public]
Comment = public directory
Path =/home/Public
Browseable = Yes
Writable = Yes
Guest OK = Yes
Create mask = 0777
Force create mask = 0777

Save the smb. conf file.

5) You can use the following command to verify that smb. conf is correct:

Testparm

These commands analyze the smb. conf file and report the error.

6) Use permissions 0754 and 0777 to create the/home/netlogon and/home/public directories respectively.

7) edit the logon description file logon. bat.
Important: Use a DOS/Windows text editor (such as NotePad or edit) to create a logon. BAT files (so the saved text files are compatible with Microsoft). You can also do this on Linux, but you must convert them to the correct text format. You can use the vim command ": Set textmode" to get the file with the Microsoft line terminator.
NET Time smbserver/Y (you can also use:/yes instead of/y)
Net use H: SMBServerhome-y (you can also use:/yes or/y instead of-y)
Net use P: SMBServerpublic-y

8) Add the SMBServer information to The lmhosts file.
Edit the/etc/samba/lmhosts file and add a line about SMBServer information to the/etc/lmhosts file.

SMB server, such as 192.168.0.10 SMBServer

9) restart the SAMBA Background Program (smbd ).

Service smb restart

If the command in your Linux version does not work, you can use the following command:
Ps-auxgx | grep smb
Kill-9 Smbd

10) Use smbclient to verify that the above configuration is correct.

Smbclient-L // SMBServer

If "Password:" is displayed, press "Enter" to display the shared resources of the server.

11) Use a Windows 95/98/NT computer to log on to the THEDOMAIN and use Linux/Samba to create users (see steps 1 and 2 ).

In 95/98/ME, the configuration can be in the following order:

Start => Settings => Control Panel => network => Microsoft Network Customer => properties.

Windows NT/2000 (workstation/Professional Edition) is similar, and the order may be different.

Click the "Start session in Windows NT/2000 Domain" option and write down the domain name thedomain (workgroup ).

An instance of a configuration file
A complete Samba configuration file is listed as follows. This file has passed the test in an inaccessible Linux distribution version. You can modify it to achieve the desired result. Each Command is properly annotated.

Finally, it is recommended to install Webmin Or SWAT for those who want to quickly configure Samba. These tools can make configuration easier.

#===================================================== ================================== #
#/Etc/smb. conf
#------------------------------------------------------#
# Samba main configuration file
# Configure the file skeleton and select the parameters based on your needs.
#------------------------------------------------------#
# Tested systems: Solaris and Linux released versions
# RedHat 6.0, 7.0, and 7.1
# Solaris 7
# Slackware 7.x
# Mandrake 6.1, 7.0, and 8.1
# SuSE 7.2
#------------------------------------------------------#
# Last modification time: 08/12/2001
# Author: Sebastian sasias-sasias@Linuxmail.org
#===================================================== ================================== #
#
# This file is developed in accordance with Samba specifications. See the smb. conf (5) manual.
#
# Obs: After changing this file, use the "testparm" command to test.
#
#======================================== Global Options ==================== ========== #
#
# Total Configuration
#
[Global]
#....................................... .............. #
# Workgroup = Nt-domain-name o workgroup-name, for example, thedomain
# PDC domain
Workgroup = thedomain
#....................................... ............... #
# Name of the Local Machine declared in other machines
NetBIOS name = smbserver
#....................................... ............... #
# This statement will appear in Windows's "Network Neighbor"
Server string = Samba Server de este lugar
#....................................... ............... #
# This line is critical for security reasons. Only a specific computer connection is allowed in the LAN.
# In this example, the network is 192.168.8.0 (Class C network ).
# The loopback interface can be connected.
# For more details, read the smb. conf man manual.
# For example, a resource can be shared only after the specified ip address.
#192.168.8 and 127 (comments later)
; Hosts allow = 192.168.88.127.
#....................................... ............... #
# If you want to automatically load a printer list, you do not need to manually enter the list one by one. You can use:
; Load printers = yes
#....................................... ............... #
# It is possible to overwrite the printcap path.
; Printcap name =/etc/printcap
#....................................... ............... #
# In the SystemV system, printcap must allow the lpstat name attribute.
# Automatically starting from SystemV (such a word! In the spool system to obtain the printer list.
; Printcap name = lpstat
#....................................... ............... #
# If the printer system is non-standard, you must specify the printing system.
# Currently, the supported printing systems include:
# Bsd, sysv, plp, lprng, aix, hpux, qnx
; Printing = bsd
#....................................... ............... #
# If you need a guest account, do not comment out the following line.
# Do you have to add this item to/etc/passwd; otherwise, this user will not be available as a "person.
; Guest account = pcguest
#....................................... ............... #
# The following line indicates that each computer has a different log file,
# Use this file to connect to the SAMBA server.
Log file =/var/log/samba/log. % m
#....................................... ............... #
# Set the log file length limit (unit: Kb ).
Max log size = 50
#....................................... ............... #
# Read security_level.txt for more details
# Password verification method
# User-level security policy = each user has his/her own password (SAMBA password)
Security = user
#....................................... ............... #
# If a server-level security policy is used, the verification process is performed on another machine.
# The "password server" value is used only when server-level security policies are used"
# The password server is the same as the authentication server address ].
; Password server =
#....................................... ............... #
# If you want to use an encrypted password, read ENCRYPTION. TXT In the Samba document,
# Win95.txtand winnt.txt.
# You can use this attribute only by knowing enough information about it.
# Information: an encrypted password can be sent to Win95, Win98, and WinNT.
Encrypt passwords = yes
#....................................... ............... #
# Use the following lines to customize your configuration.
# % M replaces the netbios name of each computer on the network.
; Include =/usr/local/samba/lib/smb. conf. % m
#....................................... ............... #
# When you find documents and some popular "Tips", you will be notified of the following options for better performance.
# Try it!
# Read speed.txt and the manual to learn more details.
Socket options = TCP_NODELAY
#....................................... ............... #
# Samba can be configured with multiple network interfaces.
# If you use multiple network interfaces, you must list them below.
# Read the manual to learn more details.
; Interfaces = 192.168.8.2/24 192.168.12.2/24
#....................................... ............... #
# Browser control options:
# If you do not want samba to be the main browser in the network, set "local master = no ".
Local master = yes
#....................................... ............... #
# At the OS level, the server is elected as the master browser priority setting.
# Generally, the default value may be enough.
; OS level = 33
#....................................... ............... #
# Specify Samba as the main browser in the domain.
# This allows Samba to run domain controllers and be "treated" as a machine in different TCP/IP subnets.
# If you use a Windows NT/2000 Domain Controller, you should not use it.
Domain Master = Yes
#....................................... ............... #
# A more advanced Domain Master makes Samba a local browser at startup,
# This gives it more opportunities (election as the Domain Master ).
# If we have more than two servers, high-level servers will become more popular ",
# Customer opportunities search for a server in a list.
Preferred master = Yes
#....................................... ............... #
# You can use the next entry only when the NT/2000 server is running in a primary domain controller (PDC.
; Domain Controller =
#....................................... ............... #
# If you want to use Samba as the "domain login server" of Windows 9x/me workstation, use the following.
Domain logons = Yes
#....................................... ............... #
# If you use "domain login", you must use a login script,
# Every machine or user in the Windows network.

# The specific login batch processing for each workstation is
; Logon script = % m. bat

# The specific login batch processing for each user is
; Logon script = % U. bat
#....................................... ............... #
# Store sporadic profiles (only valid for Win95 and WinNT)
# % L replace the NetBIOS Name of the server, and % U Replace the username
# If you use it, do not comment out the following Profiles sharing
; Logon path = % LProfiles % U
#....................................... ............... #
# Windows Internet Resolution Server:
# WINS support-inform NMBD to enable its WINS server.
# The WINS protocol converts a machine name to an IP address,
# It works like DNS in TCP/IP.
; Wins support = yes
#....................................... ............... #
# WINS server-inform Samba that The NMBD component is a WINS customer.
# The SAMBA server can be one of the WINS servers or WINS clients,
# But not both of them.
# Here, the wins ip server must be specified.
; Wins server = 192.168.8.1
#....................................... ............... #
# WINS proxy-inform Samba to respond to the name resolution requests of customers without WINS capability,
# This condition is valid only when at least one WINS server exists in the network.
# No by default.
; Wins proxy = yes
#....................................... ............... #
# DNS proxy-Tell Samba whether to resolve NetBIOS Name
# The default value of version 1.9.17 is "yes", which is changed from version 1.9.18 to "no"
# Here we can tell SAMBA to use DNS for name resolution or not.
# Dns proxy = yes
# Dns proxy = no (name resolution will be made by using the file lmhosts)
#....................................... ............... #
# If the drive disk to be logged on is not specified, the Z: Unit will automatically log on.
Logon drive = P:
#....................................... ............... #
# When a login occurs, the script is executed:/etc/samba/netlogon/SAMBA. BAT
# Use netuse to log on to disk units
Logon script = SAMBA. BAT

#==================================== Share Definitions ====================== ========== #

# Private directories for each user
# Unit P:

[Homes]
Comment = Home Directories
Browseable = no
Writable = yes
Readonly = no
Force create mode = 0700
Create mode = 0700
Force directories mode = 0700
Directory mode = 700

#------------------------------------------------------#
# Temporary file directory
# Unit T:

[Tmp]
Comment = Tempora Files
Path =/tmp
Readonly = no
Public = yes
Writable = yes
Force create mode = 0777
Create mode = 0777
Force directories mode = 0777
Directory mode = 0777

#------------------------------------------------------#
# Server CD-ROM
# Unit L:

[Cdrom]
Comment = CD-ROM
Path =/mnt/cdrom
Public = yes
Writable = no

#------------------------------------------------------#
# Group, based on/home/grp. name_group
#/Home/user/group is a link of/home/grp. name_group
# Grp. name_group permission 770
# Unit G:

[Group]
Comment = Directory of Group
Path =/home/% u/group
Writable = yes
Readonly = no
Force create mode = 0770
Create mode = 0770
Force directories mode = 0770
Directory mode = 0770

#------------------------------------------------------#
# This unit stores application software, installation software, and specialized software.
# The permissions of/net and/net/install are 755. For example, root is its owner.
# Unit N:

[Net]
Comment = Directory Net
Path =/net
Writable = yes
Readonly = no
Force create mode = 0750
Create mode = 0750
Force directories mode = 0750
Directory mode = 0750

#------------------------------------------------------#
[Netlogon]
Comment = Logon Services in the Network
Path =/etc/samba/netlogon
Guest OK = yes
Writable = no
Locking = no
Public = no
Browseable = yes
Share modes = no

#------------------------------------------------------#
#===================================================== ================================== #

Final considerations
SAMBA packages and other tools used on Linux are constantly developing. Therefore, some details mentioned here may become useless. In fact, some parameter names in the Development of SAMBA have very little changes in the configuration file, and maintain a more optimized structure.

If you find some unknown parameter error information in SAMBA configuration, you may have two simple solutions:

Read the default smb. conf file. Comments are usually provided for the same line, which can provide information about "parameters that may cause problems.
Read the SAMBA document, starting from the file that describes the latest version change.

Reference: Bibliography and software tools
SAMBA, Official Website: http://www.samba.org
Web site: http://www.webmin.com a remote administration tool for computers running UNIX systems.
GNU project and Free Software Foundation: http://www.gnu.org
An interesting URL where you can get the RPM package: href = http://www.rpmfind.net
LinNeighborhood Web site: href = http://www.bnro.de /~ Mongodjo is an interesting Linux tool that can be used to share resources through the SAMBA network.

Source: Linuxfocus