LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-31-2004, 06:39 AM   #1
pirx
LQ Newbie
 
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Rep: Reputation: 0
Question Group Policies, Mandatory Profiles (Win9x) and Samba


Hello!

I am using Samba (2.2.7a) as PDC on Mandrake 9.1 and the clients are Windows 95 & 98 machines.

I have created 3 groups in Linux: "students", "teachers" and "smbadmin". When user logs on with his username and password (everyone has his individual user. and pass.), then according to the group to which he belongs to, logon script is being executed. (logon script = %g.bat)

Is it possible, to limit user permissions, what can they do and what cant, on the basis of groups, to which they belong to? "Students" and "teachers" for example would have disabled Control Panel, modifyed Start menu etc., while the users in "smbadmin" could use the system normaly if any changes (installing new programs & such) would be necessiry.

Any help would be very much appreciated and i will post the whole thing in a ZIP file, when it will be finished and ready for use.

Here is also my smb.conf file (just global, netlogon, homes) and one logon script:

smb.conf

[global]
workgroup = dssl
server string = server
interfaces = 192.168.0.2/32
hosts allow = 192.168. 127.
client code page = 852
character set = ISO8859-2

security = user
os level = 256
domain logons = yes
local master = yes
domain master = yes
preferred master = yes
wins support = yes
dns proxy = yes

encrypt passwords = yes
passwd program = /usr/bin/passwd %u
smb passwd file = /etc/samba/smbpasswd
passwd chat = *new password* %n\n *new password* %n\n *success*
unix password sync = yes

logon script = %g.bat
logon home = \\%L\%U\.profile9x
logon path = \\%L\%U\.profilent

log level = 0
log file = /var/log/samba/%m.samba.log
max log size = 1000
debug timestamp = yes

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
locking = no
hide dot files = yes
case sensitive = no
keepalive = 150
username level = 8

time server = yes
dos filetime resolution = yes
dos filetimes = yes

[netlogon]
comment = The domain logon service
path = /etc/samba/netlogon
public = no
writable = no
browsable = no
read only = no
create mask = 0777
admin users = @smbadmin

[homes]
comment = Od %u domac direktorij
browsable = no
valid users = %S
writable = yes
create mask = 0644
directory mask = 0775

valid users = @students @teachers @smbadmin
admin users = @smbadmin


Logon script (students.bat)

net time \\server /set /yes

net use m: /home
net use n: \\server\students
net use o: \\server\everyone

Last edited by pirx; 02-03-2004 at 01:55 AM.
 
Old 01-31-2004, 10:26 AM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Welcome to LQ.

You should be able to use the windows policy editor to choose what permissions users get. Unfortunately some settings require you to logout before the changes occur.
 
Old 01-31-2004, 11:40 AM   #3
pirx
LQ Newbie
 
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for replying and welcoming me

So, it IS possible I was not quite sure about this. Anyway, I also found this useful page:

http://www.microsoft.com/technet/tre...rt2/wrkc08.asp

I have a feeling that things will not go as planned already from the beginning so Ill be around

Seeya

Last edited by pirx; 01-31-2004 at 12:03 PM.
 
Old 02-03-2004, 01:54 AM   #4
pirx
LQ Newbie
 
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Original Poster
Rep: Reputation: 0
I have read what useful options Mandatory Profiles have (customized desktop, shortcuts, start menu and nobody can change/delete them) and Im wondering, if this is the way to create one:

When a user logs in for the first time, Windows informs you about that and asks if it should keep the user settings. After clicking on Yes , profile is being created on the server side: /home/[usernname]/profiles9x

The problem is, I have not found the user.dat in that directory. What was i doing wrong? And even if i would found it, should I rename the user.dat to user.man in Linux or in Windows?

And when I create a profile, with which im pleased, can I copy it to the /etc/skel? As I have understood, every new user im going to create in Linux, he will get the profile settings in his home directory from this location.

Any help is apprechiated

Last edited by pirx; 02-05-2004 at 10:12 AM.
 
Old 02-05-2004, 10:15 AM   #5
pirx
LQ Newbie
 
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Original Poster
Rep: Reputation: 0
anyone?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Managing user Accounts with Group Policies, LDAP AdamSBS Linux - Software 2 08-24-2005 08:10 PM
Group Policies on samba mikepengelly Linux - Networking 3 08-25-2004 09:52 PM
Samba and Win98 Group Policies MurrayL Linux - Software 1 08-20-2004 07:09 AM
How can apply group policies on windows clients from Linux Server linuxeagle Linux - Networking 5 11-17-2003 10:21 AM
How can i use group policies using samba linuxeagle Linux - Networking 0 11-13-2003 11:04 AM


All times are GMT -5. The time now is 10:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration