Most of what can be administered in Samba can be done through the webmin module. You will need some other utilities as well. First, you are going to need a secure way to connect to the Samba box, and a way for your clients to change their password without using webmin. For your Windows boxen, you will need to get a copy of PuTTY, or some other ssh client. This will come in handy as you try and resolve problems from your client machines running Windows. The putty.exe program is only 220KB, so you could put it on a floppy. The premise of these articles is that we are migrating from an NT PDC to a Samba PDC, so there will be two password databases in the interim. The idea is that all users (or you, if you prefer) need to connect up to the samba server and change their password to the correct one. After all users have the correct passwords on the Samba box and all file shares are moved, then we can use the Samba box as a PDC.
To change the password for a user using smbpasswd(this is what you will see from a PuTTY screen):
login as: root Sent username "root" root@ares's password: Last login: Tue Jul 17 16:06:40 2001 from srv-49.signalq.com [root@ares bin]# /usr/local/samba/bin/smbpasswd administrator INFO: Debug class all level = 2 (pid 866 from pid 866) New SMB password: Retype new SMB password: Password changed for user administrator. [root@ares bin]#
For the remainder of this article, our examples will not use the full path. Another cool thing about smbpasswd is that users can change their own passwords using their own account, and they can’t change any other passwords. Smbpasswd will work the same from all clients. Any of you who have messed around with .pwl files know how nasty changing the password for a Windows 95/98 user can be. This utility is required as long as there is an NT domain controller on the network that the client authenticates with. After we switch over to Samba, the decision is up to you.
Testparm is another handy administration tool. Simply run testparm and it will test the validity of your smb.conf file and list your settings. Here is the output of our configuration so far: testparm.txt.
For looking up WINS entries, nmblookup works well:
[root@ares /root]# nmblookup -U ares -R ares -S INFO: Debug class all level = 2 (pid 1028 from pid 1028) added interface ip=10.50.100.54 bcast=10.50.100.255 nmask=255.255.255.0 querying ares on 127.0.0.1 Got a positive name query response from 127.0.0.1 ( 10.50.100.54 ) 10.50.100.54 ares<00> Looking up status of 10.50.100.54 ARES <00> - M ARES <03> - M ARES <20> - M REMOTE1 <00> - M REMOTE1 <1e> - M [root@ares /root]# nmblookup -U ares -R srv-49 -S INFO: Debug class all level = 2 (pid 1029 from pid 1029) added interface ip=10.50.100.54 bcast=10.50.100.255 nmask=255.255.255.0 querying srv-49 on 127.0.0.1 Got a positive name query response from 127.0.0.1 ( 10.50.100.66 ) 10.50.100.66 srv-49<00> Looking up status of 10.50.100.66 CAESAR <00> - M REMOTE1 <00> - M REMOTE1 <1c> - M CAESAR <20> - M REMOTE1 <1b> - M REMOTE1 <1e> - M CAESAR <03> - M REMOTE1 <1d> - M ..__MSBROWSE__. <01> - M ADMINISTRATOR <03> - M [root@ares /root]#