Active Directory on Windows Server 2008

Considerations when Installing a new Windows Server 2008 forest

When you install AD to create the first domain controller in a new Windows Server 2008 forest, you must keep the following considerations in mind:

• You must make forest and domain functional level decisions that determine whether your forest and domain can contain domain controllers that run Windows 2000 Server, Windows Server 2003, or both. To read more about forest and domain functional levels please refer to the links below.
• Domain controllers running the Microsoft Windows NT Server 4.0 operating system are NOT supported with Windows Server 2008.
• Servers running Windows NT Server 4.0 are NOT supported by domain controllers that are running Windows Server 2008, meaning you MUST have additional DCs running Windows 2000/2003 to support older NT 4.0 servers.
• The first Windows Server 2008 domain controller in a forest must be a global catalog server and it cannot be an RODC.

Considerations when Installing a new Windows Server 2008 domain in an existing Windows 2000/2003 forest

When you install AD to create the first domain controller in a new Windows Server 2008 domain, you must keep the following considerations in mind:

• Before you create a new Windows Server 2008 domain in a Windows 2000/2003 forest, you must prepare the forest for Windows Server 2008 by extending the schema (that is, by running ADPREP /forestprep). To read more about ADPREP please refer to the links below or my "Windows Server 2008 ADPREP" article.
• You must make domain functional level decisions that determine whether your domain can contain domain controllers that run Windows 2000 Server, Windows Server 2003, or both. To read more about forest and domain functional levels please refer to the links below.
• I recommend that you host the PDC emulator operations master role in the forest root domain on a domain controller that runs Windows Server 2008. For more information about FSMO Roles, please read my "Understanding FSMO Roles in Active Directory" and "Transferring FSMO Roles" articles.

General considerations

Make sure you read and follow the requirements described in my "Active Directory on Windows Server 2008 Requirements" article.

Installing Active Directory Domain Services (AD-DS)

In Windows Server 2008, unlike previous server operating Systems, there is an additional step that needs to be taken before running DCPROMO to promote the server to Domain Controller and installing Active Directory on it. This step is the installation of Active Directory Domain Services (AD-DS) role on the server. In fact, the AD-DS role is what enables the server to act as a Domain Controller, but you will still need to run DCPROMO the regular way.
AD-DS can be installed in one of 3 methods:

Method 1 – Server Manager/Initial Configuration Tasks

Roles can and should be added from Server Manager (but they can also be initiated from the Initial Configuration Tasks wizard that auto-opens the first time you log on to the server).

1. Open Server Manager by clicking the icon in the Quick Launch toolbar, or from the Administrative Tools folder.
2. Wait till it finishes loading, then click on Roles > Add Roles link.


3. In the Before you begin window, click Next.


4. In the Select Server Roles window, click to select Active Directory Domain Services, and then click Next.


5. In the Active Directory Domain Services window read the provided information if you want to, and then click Next.


6. In the Confirm Installation Selections, read the provided information if you want to, and then click Next.


7. Wait till the process completes.


8. When it ends, click Close.


9. Going back to Server Manager, click on the Active Directory Domain Services link, and note that there's no information linked to it, because the DCPROMO command has not been run yet.


10. Now you can click on the DCPROMO link, or read on.
    1. To run DCPROMO, enter the command in the Run command, or click on the DCPROMO link from Server Manager > Roles > Active Directory Domain Services.
    
    
    2. Depending upon the question if AD-DS was previously installed or not, the Active Directory Domain Services Installation Wizard will appear immediately or after a short while. Click Next.
    
    Note: The Advanced features of DCPROMO will be discussed in a future article.
    
    
    
    3. In the Operating System Compatibility window, read the provided information and click Next.
    
    
    4. In the Choosing Deployment Configuration window, click on "Create a new domain in a new forest" and click Next.
    
    
    5. Enter an appropriate name for the new domain. Make sure you pick the right domain name, as renaming domains is a task you will not wish to perform on a daily basis. Click Next.
    
    Note: Do NOT use single label domain names such as "mydomain" or similar. You MUST pick a full domain name such as "mydomain.local" or "mydomain.com" and so on.
    The wizard will perform checks to see if the domain name is not already in use on the local network.
    
    
    6. Pick the right forest function level. Windows 2000 mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you're creating. Read my "Understanding Windows Server 2008 Active Directory Domain and Forest Functional Levels" article for more information on that.
    
    
    7. Pick the right domain function level. Windows 2000 Native mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the domain you're creating.
    
    Note: If you select "Windows Server 2008" for the forest function level, you will Not be prompted to pick a domain function level. Read more about domain and forest function levels on my "Understanding Windows Server 2008 Active Directory Domain and Forest Functional Levels" article.
    
    8. The wizard will perform checks to see if DNS is properly configured on the local network. In this case, no DNS server has been configured, therefore, the wizard will offer to automatically install DNS on this server.
    
    Note: The first DCs must also be a Global Catalog. Also, the first DCs in a forest cannot be a Read Only Domain controller.
    
    9. It's most likely that you'll get a warning telling you that the server has one or more dynamic IP Addresses. Running IPCONFIG /all will show that this is not the case, because as you can clearly see, I have given the server a static IP Address. So, where did this come from? The answer is IPv6. I did not manually configure the IPv6 Address, hence the warning. In a network where IPv6 is not used, you can safely ignore this warning.
    
    
    10. You'll probably get a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click Yes.
    
    
    11. Next, change the paths for the AD database, log files and SYSVOL folder. For large deployments, carefully plan your DC configuration to get the maximum performance. When satisfied, click Next.
    
    
    12. Enter the password for the Active Directory Recovery Mode. This password must be kept confidential, and because it stays constant while regular domain user passwords expire (based upon the password policy configured for the domain, the default is 42 days), it does not. This password should be complex and at least 7 characters long. I strongly suggest that you do NOT use the regular administrator's password, and that you write it down and securely store it. Click Next.
    
    
    13. In the Summary window review your selections, and if required, save them to an unattend answer file. When satisfied, click Next.
    
    
    14. The wizard will begin creating the Active Directory domain, and when finished, you will need to press Finish and reboot your computer.
    
    Note: You can automate the rebooting process by checking the Reboot on Completion checkbox.
    To automate domain controller installations, you can use an answer file or you can specify unattended installation parameters at the command line. More on that in my "Creating an Unattend Installation File for DCPROMO in Windows Server 2008" article.
    Note: As written in my "Installing Active Directory on Windows 2008 Server Core" article, configuring a Windows Server 2008 Server Core machine REQUIRES you to perform an automated installation of Active Directory on that server, as there is NOT DCPROMO GUI on Server Core.
    Your server now acts as a Domain Controller. Make sure you properly back it up. You can test functionality by using AD management tools such as Active Directory Users and Computers, examine the Event Logs, services and folders and shares that have been created.
    

    Links

    AD DS Installation and Removal Step-by-Step Guide



Method 2 – Servermanagercmd.exe

Servermanagercmd.exe is the command prompt equivalent of the Add Roles and Add Features wizards in Server Manager. Through the use of various command line options, you can quickly and easily add or remove features and roles to or from your server, including the AD-DS role.
To install AD-DS by using Servermanagercmd.exe, simply enter the following command in the Command Prompt window:


Servermanagercmd.exe –I ADDS-Domain-Controller

Let the command run and when it finishes, AD-DS will be installed on the server.


Method 3 – Letting DCPROMO do the job

Oh yes. If you forget to install AD-DS or simply want to skip clicking on some windows, you can run DCPROMO from the Run command and before it is executed, the server will check to see if the AD-DS binaries are installed. Since they are not, they will auto-install.

After you complete the Add Roles Wizard, either click the link to start the Active Directory Domain Services Installation Wizard, or close Server Manager and manually run DCPROMO from the Run command.


Running DCPROMO

After installing the AD-DS role, we need to run DCPROMO to perform the actual Active Directory database and function installation.
Note: This guide assumes this is the first Domain controller in the forest, thus creating a new domain in a new forest. For a guide on how to add additional Domain Controllers to existing domains, please read my upcoming "Installing Additional Windows Server 2008 Domain Controllers in your Existing Active Directory Domain" article.

Commands For Windows XP

Program	Run Command
Accessibility Controls	access.cpl
Accessibility Wizard	accwiz
Add Hardware Wizard	hdwwiz.cpl
Add/Remove Programs	appwiz.cpl
Administrative Tools	control admintools
Adobe Acrobat ( if installed )	acrobat
Adobe Distiller ( if installed )	acrodist
Adobe ImageReady ( if installed )	imageready
Adobe Photoshop ( if installed )	photoshop
Automatic Updates	wuaucpl.cpl
Basic Media Player	mplay32
Bluetooth Transfer Wizard	fsquirt
Calculator	calc
Ccleaner ( if installed )	ccleaner
C: Drive	c:
Certificate Manager	cdrtmgr.msc
Character Map	charmap
Check Disk Utility	chkdsk
Chrome ( if installed )	chrome
Clipboard Viewer	clipbrd
Command Prompt	cmd
Command Prompt	command
Component Services	dcomcnfg
Computer Management	compmgmt.msc
Compare Files	comp
Control Panel	control
Create a shared folder Wizard	shrpubw
Date and Time Properties	timedate.cpl
DDE Shares	ddeshare
Device Manager	devmgmt.msc
Direct X Control Panel ( if installed )	directx.cpl
Direct X Troubleshooter	dxdiag
Disk Cleanup Utility	cleanmgr
Disk Defragment	dfrg.msc
Disk Partition Manager	diskmgmt.msc
Display Properties	control desktop
Display Properties	desk.cpl
Display Properties (w/Appearance Tab Preselected )	control color
Dr. Watson System Troubleshooting Utility	drwtsn32
Driver Verifier Utility	verifier
Ethereal ( if installed )	ethereal
Event Viewer	eventvwr.msc
Files and Settings Transfer Tool	migwiz
File Signature Verification Tool	sigverif
Findfast	findfast.cpl
Firefox	firefox
Folders Properties	control folders
Fonts	fonts
Fonts Folder	fonts
Free Cell Card Game	freecell
Game Controllers	joy.cpl
Group Policy Editor ( xp pro )	gpedit.msc
Hearts Card Game	mshearts
Help and Support	helpctr
Hyperterminal	hypertrm
Hotline Client	hotlineclient
Iexpress Wizard	iexpress
Indexing Service	ciadv.msc
Internet Connection Wizard	icwonn1
Internet Properties	inetcpl.cpl
Internet Setup Wizard	inetwiz
IP Configuration (Display Connection Configuration)	ipconfig /all
IP Configuration (Display DNS Cache Contents)	ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents)	ipconfig /flushdns
IP Configuration (Release All Connections)	ipconfig /release
IP Configuration (Renew All Connections)	ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS)	ipconfig /registerdns
IP Configuration (Display DHCP Class ID)	ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID)	ipconfig /setclassid
Java Control Panel ( if installed )	jpicpl32.cpl
Java Control Panel ( if installed )	javaws
Keyboard Properties	control keyboard
Local Security Settings	secpol.msc
Local Users and Groups	lusrmgr.msc
Logs You Out of Windows	logoff
Malicious Software Removal Tool	mrt
Microsoft Access ( if installed )	access.cpl
Microsoft Chat	winchat
Microsoft Excel ( if installed )	excel
Microsoft Diskpart	diskpart
Microsoft Frontpage ( if installed )	frontpg
Microsoft Movie Maker	moviemk
Microsoft Management Console	mmc
Microsoft Narrator	narrator
Microsoft Paint	mspaint
Microsoft Powerpoint	powerpnt
Microsoft Word ( if installed )	winword
Microsoft Syncronization Tool	mobsync
Minesweeper Game	winmine
Mouse Properties	control mouse
Mouse Properties	main.cpl
MS-Dos Editor	edit
MS-Dos FTP	ftp
Nero ( if installed )	nero
Netmeeting	conf
Network Connections	control netconnections
Network Connections	ncpa.cpl
Network Setup Wizard	netsetup.cpl
Notepad	notepad
Nview Desktop Manager ( if installed )	nvtuicpl.cpl
Object Packager	packager
ODBC Data Source Administrator	odbccp32
ODBC Data Source Administrator	odbccp32.cpl
On Screen Keyboard	osk
Opens AC3 Filter ( if installed )	ac3filter.cpl
Outlook Express	msimn
Paint	pbrush
Password Properties	password.cpl
Performance Monitor	perfmon.msc
Performance Monitor	perfmon
Phone and Modem Options	telephon.cpl
Phone Dialer	dialer
Pinball Game	pinball
Power Configuration	powercfg.cpl
Printers and Faxes	control printers
Printers Folder	printers
Private Characters Editor	eudcedit
Quicktime ( if installed )	quicktime.cpl
Quicktime Player ( if installed )	quicktimeplayer
Real Player ( if installed )	realplay
Regional Settings	intl.cpl
Registry Editor	regedit
Registry Editor	regedit32
Remote Access Phonebook	rasphone
Remote Desktop	mstsc
Removable Storage	ntmsmgr.msc
Removable Storage Operator Requests	ntmsoprq.msc
Resultant Set of Policy ( xp pro )	rsop.msc
Scanners and Cameras	sticpl.cpl
Scheduled Tasks	control schedtasks
Security Center	wscui.cpl
Services	services.msc
Shared Folders	fsmgmt.msc
Sharing Session	rtcshare
Shuts Down Windows	shutdown
Sounds Recorder	sndrec32
Sounds and Audio	mmsys.cpl
Spider Solitare Card Game	spider
SQL Client Configuration	clicongf
System Configuration Editor	sysedit
System Configuration Utility	msconfig
System File Checker Utility ( Scan Immediately )	sfc /scannow
System File Checker Utility ( Scan Once At Next Boot )	sfc /scanonce
System File Checker Utility ( Scan On Every Boot )	sfc /scanboot
System File Checker Utility ( Return to Default Settings)	sfc /revert
System File Checker Utility ( Purge File Cache )	sfc /purgecache
System File Checker Utility ( Set Cache Size to Size x )	sfc /cachesize=x
System Information	msinfo32
System Properties	sysdm.cpl
Task Manager	taskmgr
TCP Tester	tcptest
Telnet Client	telnet
Tweak UI ( if installed )	tweakui
User Account Management	nusrmgr.cpl
Utility Manager	utilman
Volume Serial Number for C:	label
Volume Control	sndvol32
Windows Address Book	wab
Windows Address Book Import Utility	wabmig
Windows Backup Utility ( if installed )	ntbackup
Windows Explorer	explorer
Windows Firewall	firewall.cpl
Windows Installer Details	msiexec
Windows Magnifier	magnify
Windows Management Infrastructure	wmimgmt.msc
Windows Media Player	wmplayer
Windows Messenger	msnsgs
Windows Picture Import Wizard (Need camera connected)	wiaacmgr
Windows System Security Tool	syskey
Windows Script host settings	wscript
Widnows Update Launches	wupdmgr
Windows Version ( shows your windows version )	winver
Windows XP Tour Wizard	tourstart
Wordpad	write
Zoom Utility	igfxzoom

Clearing Your DNS Cache 

Your DNS cache stores the locations (IP addresses) of pages you have recently viewed. If the location of the page changes before the entry in your DNS cache is updated, you will be unable to access the page. 

The methods detailed below allow you to remove old and inaccurate DNS information that may result in 404 errors. 

Windows® XP, 2000, or Vista®

1. Open the Start menu.
2. Go to Run.
   • If you do not see the Run command in Vista, search for "run" in the Search bar.
3. In the Run text box, type: ipconfig /flushdns
4. Press Enter or Return, and your cache will be flushed.

MacOS®

1. Go to Applications.
2. Go to Utilities.
3. Open the Terminal application.
4. Type: dscacheutil -flushcache
5. Press Enter or Return, and your cache will be flushed.

HOW TO: Setup Gmail for Hosted Domains

When you login to your account, you should immediately be greeted by the domain manager; if not, click Manage This Domain on the top right. This is the area where you can add new email users and manage all of the accounts. Upon your first login there should be some info on setting up the MX records. MX records are Mail Exchange records that are part of the DNS zone file that routes your mail from your webhost to Gmail. Google already offers some guides about how to do this for registrars like GoDaddy and Dreamhost but if you use Media Temple I'll show you how you can get everything working.

1. Log into the (mt) Account Center.
2. Click Domains on the left.
3. Under Existing Domains click the Manage icon adjacent to the domain whose email you wish to route to Gmail for hosted domains.
4. Under DNS Zone, click Edit Zone.
5. Delete any records with type MX.
6. Add MX records and get your Zone file to look like the picture below.
7. Save.
8. Wait a day (or at least 10 hours).
9. Send an email to your new account.
10. Check your email at http://mail.google.com/hosted/YOURDOMAIN.com.
11. Do a happy dance when it all works.

For easier pasting, these are the lines you will want to enter - each as an individual MX record. The period at the end of each line is to be included. Again, I must stress this article pertains only to Media Temple users.

• 1 aspmx.l.google.com.
• 5 alt1.aspmx.l.google.com.
• 5 alt2.aspmx.l.google.com.
• 10 aspmx2.googlemail.com.
• 10 aspmx3.googlemail.com.
• 10 aspmx4.googlemail.com.
• 10 aspmx5.googlemail.com.

redhat 5 filezilla install

1) Go to Terminal
2) tar -jxvf FileZilla_[version]_src.tar.bz2
3) cd FileZilla[version]
4) ./configure
5) make install

XAMPP FOR LINUX INSTALLATION

After downloading simply type in the following commands:

1. Go to a Linux shell and login as the system administrator root: su
   
2. Extract the downloaded archive file to /opt: tar xvfz xampp-linux-1.7.4.tar.gz -C /opt
   Warning: Please use only this command to install XAMPP. DON'T use any Microsoft Windows tools to extract the archive, it won't work.
   Warning 2: already installed XAMPP versions get overwritten by this command.
   

That's all. XAMPP is now installed below the /opt/lampp directory.

Step 3: Start

To start XAMPP simply call this command: /opt/lampp/lampp start
You should now see something like this on your screen:
Starting XAMPP 1.7.4...
LAMPP: Starting Apache...
LAMPP: Starting MySQL...
LAMPP started.

Ready. Apache and MySQL are running.
If you get any error messages please take a look at the 

Step 4: Test

OK, that was easy but how can you check that everything really works? Just type in the following URL at your favourite web browser:
http://localhost

A matter of security (A MUST READ!)

As mentioned before, XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.
Here a list of missing security in XAMPP:

1. The MySQL administrator (root) has no password.
2. The MySQL daemon is accessible via network.
3. ProFTPD uses the password "lampp" for user "nobody".
4. PhpMyAdmin is accessible via network.
5. Examples are accessible via network.
6. MySQL and Apache running under the same user (nobody).

To fix most of the security weaknesses simply call the following command:

/opt/lampp/lampp security

It starts a small security check and makes your XAMPP installation quite secure. For example this protects the XAMPP demo pages by a username ('lampp') and password combination.

START AND STOP PARAMITER

tart	Starts XAMPP.
stop	Stops XAMPP.
restart	Stops and starts XAMPP.
startapache	Starts only the Apache.
startssl	Starts the Apache SSL support. This command activates the SSL support permanently, e.g. if you restarts XAMPP in the future SSL will stay activated.
startmysql	Starts only the MySQL database.
startftp	Starts the ProFTPD server. Via FTP you can upload files for your web server (user "nobody", password "lampp"). This command activates the ProFTPD permanently, e.g. if you restarts XAMPP in the future FTP will stay activated.
stopapache	Stops the Apache.
stopssl	Stops the Apache SSL support. This command deactivates the SSL support permanently, e.g. if you restarts XAMPP in the future SSL will stay deactivated.
stopmysql	Stops the MySQL database.
stopftp	Stops the ProFTPD server. This command deactivates the ProFTPD permanently, e.g. if you restarts XAMPP in the future FTP will stay deactivated.
security	Starts a small security check programm.

Important file and folder

/opt/lampp/bin/	The XAMPP commands home. /opt/lampp/bin/mysql calls for example the MySQL monitor.
/opt/lampp/htdocs/	The Apache DocumentRoot directory.
/opt/lampp/etc/httpd.conf	The Apache configuration file.
/opt/lampp/etc/my.cnf	The MySQL configuration file.
/opt/lampp/etc/php.ini	The PHP configuration file.
/opt/lampp/etc/proftpd.conf	The ProFTPD configuration file. (since 0.9.5)
/opt/lampp/phpmyadmin/config.inc.php	The phpMyAdmin configuration file.

o stop XAMPP simply call this command:
/opt/lampp/lampp stop
You should now see:
Stopping LAMPP 1.7.4...
LAMPP: Stopping Apache...
LAMPP: Stopping MySQL...
LAMPP stopped.

And XAMPP for Linux is stopped.

Uninstall

To uninstall XAMPP just type in this command:
rm -rf /opt/lampp
The end.

Samba Configuration File

vim /etc/samba/smb.conf

[global]
workgroup = home
netbios name = fedora
security = share
hosts allow = 192.168.0.0/24
[share]
comment = Home File Server
path = /sharepoint
force user = fileserver901
force group = fileserver901
guest ok = yes
read only = no

testparm /etc/samba/smb.conf

[global] (signifies security parameters)
workgroup = home (names a windows workgroup name)
netbios name = fedora (our netbios name)
security = share (takes on permissions from the share, which we set earlier)
hosts allow = 192.168.0.0/24 (only allows this subnet to connect i.e. 192.168.0.1192.168.0.254)

[share] (Signifies the name of our share when mounted. You can change to anything you like.)
comment = Home File Server (creates share point comments)
path = /sharepoint (The full path the volume you want to share. Note if you want to share more than one volume, copy the “share” section and alter accordingly.)
force user = fileserver901 (forces all users of this mount to become this user and obtain access to whatever this user has access to)
force group = fileserver901 (forces all users of this mount to become this group and obtain access to whatever this group has access to)
guest ok = yes (allows anonymous accounts to access, which is how we can connect without a password)
read only = no (allows us to write to the volume. If you set this to yes, you could make this an anonymous “read” only volume)

Mac OS X Tiger

1. Go to the Finder menu and select “Connect to Server” or press Apple key + “k”.
2. In the server address bar, type in smb://192.168.0.101 (or whatever the address is of your home smb server).
3. Select connect. When the dialog box appears, click on “Ok” for the “share.”
4. A dialog box will appear with a workgroup, name, and password. Just ignore it and press ok again.
5. A volume named share will appear on your desktop.

Windows 2003 Server

(Note: this should be almost identical for most other Windows versions.)

1. Open the Windows Explorer.
2. Type in: \\192.168.0.101\share (or whatever the address is of your home smb server).
3. You now have read/write access to the volume.

Red Hat® Enterprise Linux 5

(Note: this should be identical for any newer Gnome installation.)

1. Go to Places and select “Connect to Server.”
2. Under Service Type, select “Windows Share.”
3. In the server address box, type in 192.168.0.101 (or whatever the address is of your home smb server).
4. In the share box, type share
5. A volume named share will appear on your desktop.

Samba Global

[global]
workgroup = PUTIEVILLE
server string = My Lil Linux Box
hosts allow = 192.168. 127.
log file = /var/log/samba/%m.log
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[Downloads]
comment = Downloads
path = /home/windisk/Downloads
browseable = yes
writable = yes
public = yes
read only = no

[homes]
comment = My Home Directory
browseable = yes
writable = yes
public = yes
read only = no

[printers]
path = /var/spool/samba
public = yes
guest ok = yes
printable = yes
browseable = yes
writable = yes
read only = no 

samba configuration

# This is the main Samba configuration file. You should read the

# smb.conf(5) manual page in order to understand the options listed

# here. Samba has a huge number of configurable options (perhaps too

# many!) most of which are not shown in this example

#

# Any line which starts with a ; (semi-colon) or a # (hash)

# is a comment and is ignored. In this example we will use a #

# for commentry and a ; for parts of the config file that you

# may wish to enable

#

# NOTE: Whenever you modify this file you should run the command "testparm"

# to check that you have not made any basic syntactic errors.

#

#======================= Global Settings =====================================

[global]

                                                                                                                            

# workgroup = NT-Domain-Name or Workgroup-Name

                                                                                                                           

# server string is the equivalent of the NT Description field

        server string = Sambaserver

                                                                                                                           

# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the "loopback" interface. For more examples of the syntax see

# the smb.conf man page

#   hosts allow = 192.168.1. 192.168.1. 127.

                                                                                                                           

# if you want to automatically load your printer list rather

# than setting them up individually then you'll need this

        printcap name = /etc/printcap

        load printers = yes

# It should not be necessary to spell out the print system type unless

# yours is non-standard. Currently supported print systems include:

# bsd, sysv, plp, lprng, aix, hpux, qnx, cups

        printing = cups

                                                                                                                           

# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

;  guest account = pcguest

                                                                                                                           

# this tells Samba to use a separate log file for each machine

# that connects

        log file = /var/log/samba/%m.log

                                                                                                                           

# Put a capping on the size of the log files (in Kb).

        max log size = 0

                                                                                                                            

# Security mode. Most people will want user level security. See

# security_level.txt for details.

        security = SHARE

                                                                                                                            

# Use password server option only with security = server

# The argument list may include:

#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

# or to auto-locate the domain controller/s

#   password server = *

;   password server = <NT-Server-Name>

                                                                                                                           

# Password Level allows matching of _n_ characters of the password for

# all combinations of upper and lower case.

;  password level = 8

;  username level = 8

                                                                                                                           

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

# Do not enable this option unless you have read those documents

        smb passwd file = /etc/samba/smbpasswd

                                                                                                                            

# The following is needed to keep smbclient from spouting spurious errors

# when Samba is built with support for SSL.

;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

                                                                                                                           

# The following are needed to allow password changing from Windows to

# update the Linux system password also.

# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.

# NOTE2: You do NOT need these to allow workstations to change only

#        the encrypted SMB passwords. They allow the Unix password

#        to be kept in sync with the SMB password.

        unix password sync = Yes

        passwd program = /usr/bin/passwd %u

        passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

                                                                                                                            

# You can use PAM's password change control flag for Samba. If

# enabled, then PAM will be used for password changes when requested

# by an SMB client instead of the program listed in passwd program.

# It should be possible to enable this without changing your passwd

# chat parameter for most setups.

                                                                                                                           

        pam password change = yes

                                                                                                                           

# Unix users can map to different SMB User names

;  username map = /etc/samba/smbusers

                                                                                                                            

# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting

;   include = /etc/samba/smb.conf.%m

                                                                                                                           

# This parameter will control whether or not Samba should obey PAM's

# account and session management directives. The default behavior is

# to use PAM for clear text authentication only and to ignore any

# account or session management. Note that Samba always ignores PAM

# for authentication in the case of encrypt passwords = yes

                                                                                                                            

        obey pam restrictions = yes

                                                                                                                            

# Most people will find that this option gives better performance.

# See speed.txt and the manual pages for details

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

                                                                                                                            

# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

#    interfaces = 192.168.1.2/24 192.168.13.2/24

                                                                                                                           

# Configure remote browse list synchronisation here

#  request announcement to, or browse list sync from:

#       a specific host or from / to a whole subnet (see below)

;   remote browse sync = 192.168.3.25 192.168.5.255

# Cause this host to announce itself to local subnets here

;   remote announce = 192.168.1.255 192.168.2.44

                                                                                                                            

# Browser Control Options:

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

;   local master = no

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

;   os level = 33

                                                                                                                            

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

;   domain master = yes

                                                                                                                           

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

;   preferred master = yes

                                                                                                                           

# Enable this if you want Samba to be a domain logon server for

# Windows95 workstations.

;   domain logons = yes

                                                                                                                           

# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

;   logon script = %m.bat

# run a specific logon batch file per username

;   logon script = %U.bat

                                                                                                                            

# Where to store roving profiles (only for Win95 and WinNT)

#        %L substitutes for this servers netbios name, %U is username

#        You must uncomment the [Profiles] share below

;   logon path = \\%L\Profiles\%U

                                                                                                                            

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

;   wins support = yes

                                                                                                                            

# WINS Server - Tells the NMBD components of Samba to be a WINS Client

#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

;   wins server = w.x.y.z

                                                                                                                           

# WINS Proxy - Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one  WINS Server on the network. The default is NO.

;   wins proxy = yes

                                                                                                                           

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The built-in default for versions 1.9.17 is yes,

# this has been changed in version 1.9.18 to no.

        dns proxy = no

                                                                                                                            

# Case Preservation can be handy - system default is _no_

# NOTE: These can be set on a per share basis

;  preserve case = no

;  short preserve case = no

# Default case is normally upper case for all DOS files

;  default case = lower

# Be very careful with case sensitivity - it can break things!

;  case sensitive = no

                                                                                                                            

#============================ Share Definitions ==============================

[homes]

        comment = Home Directories

        browseable = no

        writeable = yes

        valid users = %S

        create mode = 0664

        directory mode = 0775

# If you want users samba doesn't recognize to be mapped to a guest user

; map to guest = bad user

# Un-comment the following and create the netlogon directory for Domain Logons

; [netlogon]

;   comment = Network Logon Service

;   path = /usr/local/samba/lib/netlogon

;   guest ok = yes

;   writable = no

;   share modes = no

                                                                                                                           

                                                                                                                            

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

;[Profiles]

;    path = /usr/local/samba/profiles

;    browseable = no

;    guest ok = yes

                                                                                                                           

                                                                                                                            

# NOTE: If you have a BSD-style print system there is no need to

# specifically define each individual printer

[printers]

        comment = All Printers

        path = /var/spool/samba

        browseable = no

# Set public = yes to allow user 'guest account' to print

        printable = yes

                                                                                                                           

# This one is useful for people to share files

;[tmp]

;   comment = Temporary file space

;   path = /tmp

;   read only = no

;   public = yes

# A publicly accessible directory, but read only, except for people in

# the "staff" group

;[public]

;   comment = Public Stuff

;   path = /home/samba

;   public = yes

;   writable = yes

;   printable = no

;   write list = @staff

                                                                                                                           

# Other examples.

#

# A private printer, usable only by fred. Spool data will be placed in fred's

# home directory. Note that fred must have write access to the spool directory,

# wherever it is.

;[fredsprn]

;   comment = Fred's Printer

;   valid users = fred

;   path = /home/fred

;   printer = freds_printer

;   public = no

;   writable = no

;   printable = yes

                                                                                                                           

# A private directory, usable only by fred. Note that fred requires write

# access to the directory.

;[fredsdir]

;   comment = Fred's Service

;   path = /usr/somewhere/private

;   valid users = fred

;   public = no

;   writable = yes

;   printable = no

# a service which has a different directory for each machine that connects

# this allows you to tailor configurations to incoming machines. You could

# also use the %U option to tailor it by user name.

# The %m gets replaced with the machine name that is connecting.

;[pchome]

;  comment = PC Directories

;  path = /usr/local/pc/%m

;  public = no

;  writable = yes

                                                                                                                            

# A publicly accessible directory, read/write to all users. Note that all files

# created in the directory by users will be owned by the default user, so

# any user with access can delete any other user's files. Obviously this

# directory must be writable by the default user. Another user could of course

# be specified, in which case all files would be owned by that user instead.

;[public]

;   path = /usr/somewhere/else/public

;   public = yes

;   only guest = yes

;   writable = yes

;   printable = no

                                                                                                                           

# The following two entries demonstrate how to share a directory so that two

# users can place files there that will be owned by the specific users. In this

# setup, the directory should be writable by both users and should have the

# sticky bit set on it to prevent abuse. Obviously this could be extended to

# as many users as required.

;[myshare]

;   comment = Mary's and Fred's stuff

;   path = /usr/somewhere/shared

;   valid users = mary fred

;   public = no

;   writable = yes

;   printable = no

;   create mask = 0765

                                                                                                                            

[fileshare]

        path = /opt/fileshare

        guest ok = yes

        writeable = yes

        create mask = 777

                                                                                                   

                                                                                                                           

[htdocs]

        path = /opt/lampp/htdocs

        writeable = yes

        guest ok = yes

        create mask = 777