[netlogon] comment = Network Logon Service ;path = /usr/local/samba/lib/netlogon path = /home/samba/netlogon guest ok = yes writable = no share modes = no
Place login.bat scripts in this directory. These .bat files do the drive mappings for server's shared directories and get run as login scripts. Also, do time syncronization. Place "templates" for a particular groups: student.bat, staff.bat, office.bat, in addition to the general generic login.bat. When user account script gets run, ask which group user is in and then copy the group's.bat file into username.bat and you'll probably have the appropriate drive mappings set for that user (you can always edit it and fix things).
student.bat looks like:
net use h: /home net use s: \\ourserver\student net time \\ourserver /set /yes
This maps the student group's shared folder as drive S:
Copy this file to username.bat and when the user logs into the domain,
the drives H:, S:, and Z: will show up in My Computer. Drives H: and
Z: are the same folder.
It's a good idea to have staff be able to access the student shared folder, but students not access the staff folder.
staff.bat:
net use h: /home net use s: \\ourserver\student net use t: \\ourserver\staff net time \\ourserver /set /yes office.bat: net use h: /home net use s: \\ourserver\student net use t: \\ourserver\staff net use o: \\ourserver\office net time \\ourserver /set /yes
Various things can be stored on the server automatically and be loaded
to the local machine each time at login, and then written back automatically
to the user's profile share upon logout. Anything in
C:\Documents and Settings\Username can be included. This is set up by
creating the folders in /home/samba/profiles/username that you want to be
included. For example, Desktop, My Documents, AppData, Internetfiles.
This share is created automatically when the user's account is created. The Z: share is automatically set up by the system. We add the H: home directory share definition, too (so there are two drives pointing to the user's home directory). /home/username
Create a user with the group's name. This will create the group, and the home directory which will be the group's shared directory.
useradd student passwd student (type a password) (this creates /home/student and student group (in /etc/group)) smbpasswd -a student (creates smb user login for student). Create a "stanza" in the smb.conf configuration file for the student shared directory: [student] comment = students stuff path = /home/student ; public = no writable = yes printable = no write list =@student @staff @office ; force group = student ; create mode = 0770 ; directory mode = 0770 create mask = 0770 directory mask = 0770 ; force create mode = 0770 ; force directory mode = 0770 Set the student group's ownership and access properly: chown -R staff.staff /home/staff chmod -R 0770 /home/staff
You may want to create additional folders that are shared by other small groups. Just create a user and group for the folder, add a stanza for it in /etc/samba/smb.conf, and add any users to this group, and add a drive mapping to the login.bat file for the users that will be part of this small group. Set the group ownership (chown -R group.group /home/group) and the access (chmod -R 0770 /home/group). Add a line to username.bat for each user in the group that maps the share to a drive for these users only (e.g. net use r: \\ourserver\sharename where
[sharename] path=/home/sharename ...
smbpasswd -a root (and give root passwd as the password) will add the user root as a samba user. This is the user that will be authorized to add machines to the domain. (Other usernames could be so authorized if you didn't want to give up root password of the server to them.)