Allow Windows Clients in Domain Groups to Access Samba Shares:

Pre-reqs: Likewise has been installed and the system already joined to your Active Directory Domain. See Mr. Penn's great post about this:


Next, we need to install Samba on the Linux system:

su

aptitude install samba winbind

Create a directory named 'idmap' under /usr/lib/samba. Create a symbolic link from /usr/lib/samba/idmap/lwicompat_v2.so to /usr/centeris/lib/idmap/lwicompat_v2.so. Do this for version 4 as well:

su
cd /usr/lib/samba
mkdir idmap
cd idmap
ln -s /usr/centeris/lib/idmap/lwicompat_v2.so
ln -s /usr/centeris/lib/idmap/lwicompat_v4.so

Next, confirm the version of Samba you have installed. I have Ubuntu Hardy Heron 8.04 and my version is Version 3.0.28a
smbd -V
Version 3.0.28a

Now we have to edit the Samba configuration file to set the following parameters. If the parameters are not included, add them.
security = ads
workgroup = enter workgroup from /etc/samba/lwiauthd.conf here
realm = enter realm from /etc/samba/lwiauthd.conf here
# use lwicompat_v2 for Samba 3.0.0 to 3.0.24
# idmap backend = lwicompat_v2
#
# use lwicompat_v4 for Samba 3.0.25 and later
idmap backend = lwicompat_v4
idmap uid = 50-9999999999
idmap gid = 50-9999999999
Create a userPrincipalName value for the machine in it's Active Directory account object using the command lwinet:
lwinet ads setmachineupn -U Administrator

should get:
Added userPrincipalName value of host/SAMBA@YOURDOMAIN.LOCAL

On the likewise site I found this special note:
Special note for Ubuntu and Debian only: Ubuntu and Debian store
secrets.tdb in /var/lib/samba so you will need to create a symlink back
to /etc/samba/secrets.tdb.

$ mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig
$ ln –s /etc/samba/secrets.tdb /var/lib/samba/secrets.tdb

To verify:
Start the Samba winbind daemon winbindd
/etc/init.d/winbind start

Use the wbinfo tool to verify various pieces of information. Start by
ensuring that winbindd is honoring the machine trust account
settings:
$ wbinfo -t
checking the trust secret via RPC calls succeeded

Next resolve a name to a SID and that SID to a uid
$ wbinfo -n "DOMAIN\user"
S-1-5-21-1866663475-11234234241-1563435624-1103 User (1)
$ wbinfo -S S-1-5-21-1862675975-116998903123-1366135624-1103
200000

This should match the information returned from getent which is
sent through Likewise Authentication daemon:
$ getent passwd "HCHB\cplunkett"
DOMAIN\:*:39854560:33456401::/home/DOMAIN/:/bin/bash

Next, start up Samba and after you have shared out a folder, try to access a share from smbclient or
a Windows client.
/etc/init.d/samba start

Go to a Windows machine:
\\{name of your linux server}\{name of share}
example: \\samba\test

You can verify the connected user’s using the smbstatus command.
$ smbstatus

Finally, see Mr. Penn's post on how to set up shares
Posted by
9

View comments

Problem:  You have super secret documents in your organization that absolutely cannot be shared accidently in your public SharePoint site.  These files all have similar names.  

So my script iterates through a subsite, looks for files with certain names and if it finds it, throws an eventvwr message.  From there you can use SCOM or similar monitoring tool to alert you.

Did the patches install on my server?  To answer this I wrote briefly a PowerShell script that will look for EventID 19 which to me seems like the Windows Update Agent's entry into the System log as it installs updates.  I made a required parameter which is the computer name you want to run it against.  This works when running against remote computers with and without PowerShell installed.

Ever wonder if an "old" database is still being used?  Here's how to find out in SQL 2005.  This will tell you any active connections.

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using Microsoft.SharePoint;

using Microsoft.SharePoint.Utilities;

using Microsoft.SharePoint.Administration;

using System.Configuration;

/* *********************************************************************************

PURPOSE: to answer the question "How many total documents do I have in the document libraries in my web application?"

Given a SharePoint web application, my code iterates through eac

Use SharePoint Designer and navigate to the root.   Drill-down to _catalogs/masterpage (Master Page Gallery) Open up your .master page you want to edit Look for this section: id="QuickLaunchMenu" DataSourceId="QuickLaunchSiteMap" runat="server" Orientation="Vertical" StaticDisplayLevels="2" ItemWrap="true" MaximumDynamicDisplayLevels="0" StaticSubMenuIndent="0" SkipLinkText="" >
3

While having no problem running my scripts from a cmd line, I had a heck of a time getting my PowerShell script to work from Scheduled Tasks.  My script takes a config filename as a parameter.  Then, I discovered that if I push the current working path on the stack using pushd and pipe that to the command it works.

In a previous post, I outlined Microsoft's article that restoring a MOSS FARM is not supported unless one used either DPM or a manual method.  I don't have access to DPM in my current position so I created the following PowerShell 1.0 script which serves to work-around the problem of being able to restore a MOSS Farm from backup - without DPM - stated in this whitepaper.

Overview:

1.  Reads the XML config file to assign variables

2.

This is a well written article on why perf counters can't be trusted in VMware virtual environments, and here is the same problem explained in Hyper-V.

VMware, being aware of this problem, has added additional perfmon counters for single vCPU (only) Windows guests (no Linux) in an ESX 4 environment.  It's a step forward.

Backup, Recovery, and Disaster Recovery of a MOSS 2007 Farm

Let's start out with an alarming and important notice from Microsoft:

"Important: Although the configuration database and Central Administration content database can be backed up, restoring backups of the configuration database and Central Administration content database taken from a running farm by using the tools built in to SharePoint Products and Technologies or SQL Server is not supported."

You can recover a farm, including the
3

This issue occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address.

You must either disable the loopback check or add the host names that are mapped to the loopback address; the latter is the preferred method.

Method 1: Specify host names

Note Microsoft recommends that you use this method.
About Me
About Me
Plunkett's Blog Archive
Plunkett's Blog Archive
Loading
Dynamic Views theme. Powered by Blogger. Report Abuse.