Stop Microsoft
Operating Systems => Linux and UNIX => Topic started by: Stryker on 24 October 2002, 03:08
-
I hate the win2k server. I'm switching it to redhat 7.3 with samba 2.2. All goes well except I am needing to either have GPOs or poledit working for win2k and winxp clients. Does anyone here have any experience in deploying security to windows machine from samba?
-
I have done it for configuring proxy settings. It should work the same as it does on Win servers. Just place the policy files on a Samba share and configure the client to point to those policy files. Or am I missing something in your question?
Just did a search and would these links help?
http://mts.wmich.edu/samba/ (http://mts.wmich.edu/samba/)
http://mts.wmich.edu/samba/AccessSecurity.html (http://mts.wmich.edu/samba/AccessSecurity.html)
[ October 23, 2002: Message edited by: void main ]
-
I've read through those links, they mention gpedit, but they do not really say how samba can use it. By security i mean little things like disabling the run menu or disable the control panel and such. This would be done through poledit or gpedit. But I'm not sure how to go about setting it up for a samba server.
-
How do you set it up for a Win2k server? Unless I've missed something the policies are applied to the client, not the server, and those policies can be stored in policy files which reside on the server and pointed to by the client. In this case it doesn't matter if the server is Win2k or Samba, the client wouldn't know the difference.
I certainly could be missing something but that is the way I used to do it. If I am missing something it would help me greatly to get a detailed example of how you currently apply policies to your clients.
-
quote:
Originally posted by void main:
How do you set it up for a Win2k server? Unless I've missed something the policies are applied to the client, not the server, and those policies can be stored in policy files which reside on the server and pointed to by the client. In this case it doesn't matter if the server is Win2k or Samba, the client wouldn't know the difference.
I certainly could be missing something but that is the way I used to do it. If I am missing something it would help me greatly to get a detailed example of how you currently apply policies to your clients.
in win2k you'd open "domain users and computers" and right click on the list that holds the computers you wish to manage, then you'd go to properties, go to the second tab, and click on "group policy editor" and set it up. These settings are either applied during boot or during logon, depending on which you set. So the win2k server has to serve these somehow, i'd like samba to do the same.
-
Hmmm, are you using NT Domains or AD?
-
quote:
Originally posted by void main:
Hmmm, are you using NT Domains or AD?
it's AD (i hate it so badly). So to correct myself earlier it would be "Active Directory users and computers". There was a time when i had poledit files working with win2k and winxp but for some reason they aren't working anymore. not after i reformatted the clients. I've always hated gpedit, but if it's the only thing that'll work for 2k/xp then i don't have much of a choice.
-
Well since you are using AD I'm afraid I don't have a lot of personal experience. I do have a lot of NT Domain experience. And correct me if I am wrong but I would think all you would have to do is set up your Samba server as a PDC and dump the policies in the \NETLOGON share correct?
But since you are using AD I would have to do further research. I know that Samba does have some AD support but I don't know to what extent. Of course you could convert your clients over to NT domains. Depending on how many clients you have would determine the pain in the ass level. Obviously it would be best to test in a lab environment before doing anything harsh. (http://smile.gif)
[ October 24, 2002: Message edited by: void main ]
-
quote:
Originally posted by void main:
Well since you are using AD I'm afraid I don't have a lot of personal experience. I do have a lot of NT Domain experience. And correct me if I am wrong but I would think all you would have to do is set up your Samba server as a PDC and dump the policies in the \NETLOGON share correct?
But since you are using AD I would have to do further research. I know that Samba does have some AD support but I don't know to what extent. Of course you could convert your clients over to NT domains. Depending on how many clients you have would determine the pain in the ass level. Obviously it would be best to test in a lab environment before doing anything harsh. (http://smile.gif)
[ October 24, 2002: Message edited by: void main ]
Well NT will work as well, i've tried dumping ntconfig.pol into /netlogon but it had no affect on the win2k and winxp machines. With win2k it did a little bit, it only messed up the administrator's account. Is there some way to have the clients stop looking for AD and go along with nt so that i can use samba?
-
Check these out:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/mHTML/TrinityOS-m.html (http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/mHTML/TrinityOS-m.html)
http://kerstbol.lifl.fr/localdoc/TrinityOS/TrinityOS-c-8.html (http://kerstbol.lifl.fr/localdoc/TrinityOS/TrinityOS-c-8.html)
This one is sort of basic:
http://www.antipope.org/charlie/linux/shopper/155.office-2.html (http://www.antipope.org/charlie/linux/shopper/155.office-2.html)
This one looks VERY helpful, but it's in Dutch!
Go here:
http://www.tranexp.com:2000/InterTran (http://www.tranexp.com:2000/InterTran)
And enter
http://www.sjoerd-visser.demon.nl/net-linux/samba.html (http://www.sjoerd-visser.demon.nl/net-linux/samba.html)
Into the URL Box.
Select Dutch as the first language, and English in the second box. It's a very rough translation, but it's very funny! "One Fart 2000 Pentium VI" Somehow Windows got translated into Fart. LOL! :D :D :D
Hope those help. If not, I'll look some more.
-
quote:
Originally posted by The_Muffin_Man/B0b:
Check these out:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/mHTML/TrinityOS-m.html (http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/mHTML/TrinityOS-m.html)
http://kerstbol.lifl.fr/localdoc/TrinityOS/TrinityOS-c-8.html (http://kerstbol.lifl.fr/localdoc/TrinityOS/TrinityOS-c-8.html)
This one is sort of basic:
http://www.antipope.org/charlie/linux/shopper/155.office-2.html (http://www.antipope.org/charlie/linux/shopper/155.office-2.html)
This one looks VERY helpful, but it's in Dutch!
Go here:
http://www.tranexp.com:2000/InterTran (http://www.tranexp.com:2000/InterTran)
And enter
http://www.sjoerd-visser.demon.nl/net-linux/samba.html (http://www.sjoerd-visser.demon.nl/net-linux/samba.html)
Into the URL Box.
Select Dutch as the first language, and English in the second box. It's a very rough translation, but it's very funny! "One Fart 2000 Pentium VI" Somehow Windows got translated into Fart. LOL! :D :D :D
Hope those help. If not, I'll look some more.
Actually those seem pretty good for securing my linux boxes. There was some stuff on samba but none to go as deep as deploying policies to 2k/xp machines.
the dutch page was quite entertaining.