-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. Advanced Network Management</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.
3.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="winbind.html" title="Chapter 24. Winbind: Use of Domain Accounts"><link rel="next" href="PolicyMgmt.html" title="Chapter 26. System and Account Policies"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 25. Advanced Network Management</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="winbind.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="PolicyMgmt.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="AdvancedNetworkManagement"></a>Chapter 25. Advanced Network Management</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><p class="pubdate">June 15 2005</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2657633">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2657660">Remote Server Administration</a></span></dt><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2657803">Remote Desktop Management</a></span></dt><dd><dl><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2657831">Remote Management from NoMachine.Com</a></span></dt><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2658207">Remote Management with ThinLinc</a></span></dt></dl></dd><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2658392">Network Logon Script Magic</a></span></dt><dd><dl><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2658618">Adding Printers without User Intervention</a></span></dt><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2658661">Limiting Logon Connections</a></span></dt></dl></dd></dl></div><p>
-<a class="indexterm" name="id2657621"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 25. Advanced Network Management</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.
2.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="winbind.html" title="Chapter 24. Winbind: Use of Domain Accounts"><link rel="next" href="PolicyMgmt.html" title="Chapter 26. System and Account Policies"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 25. Advanced Network Management</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="winbind.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="PolicyMgmt.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="AdvancedNetworkManagement"></a>Chapter 25. Advanced Network Management</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><p class="pubdate">June 15 2005</p></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2657588">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2657615">Remote Server Administration</a></span></dt><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2657758">Remote Desktop Management</a></span></dt><dd><dl><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2657787">Remote Management from NoMachine.Com</a></span></dt><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2658163">Remote Management with ThinLinc</a></span></dt></dl></dd><dt><span class="sect1"><a href="AdvancedNetworkManagement.html#id2658348">Network Logon Script Magic</a></span></dt><dd><dl><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2658573">Adding Printers without User Intervention</a></span></dt><dt><span class="sect2"><a href="AdvancedNetworkManagement.html#id2658616">Limiting Logon Connections</a></span></dt></dl></dd></dl></div><p>
+<a class="indexterm" name="id2657576"></a>
This section documents peripheral issues that are of great importance to network
administrators who want to improve network resource access control, to automate the user
environment, and to make their lives a little easier.
-</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2657
633"></a>Features and Benefits</h2></div></div></div><p>
+</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2657
588"></a>Features and Benefits</h2></div></div></div><p>
Often the difference between a working network environment and a well-appreciated one can
best be measured by the <span class="emphasis"><em>little things</em></span> that make everything work more
harmoniously. A key part of every network environment solution is the ability to remotely
</p><p>
This chapter presents information on each of these areas. They are placed here, and not in
other chapters, for ease of reference.
-</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id26576
60"></a>Remote Server Administration</h2></div></div></div><p>“<span class="quote">How do I get User Manager and Server Manager?</span>”</p><p>
-<a class="indexterm" name="id2657673"></a>
-<a class="indexterm" name="id2657680"></a>
-<a class="indexterm" name="id2657687"></a>
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id26576
15"></a>Remote Server Administration</h2></div></div></div><p>“<span class="quote">How do I get User Manager and Server Manager?</span>”</p><p>
+<a class="indexterm" name="id2657628"></a>
+<a class="indexterm" name="id2657635"></a>
+<a class="indexterm" name="id2657642"></a>
Since I do not need to buy an <span class="application">NT4 server</span>, how do I get the User Manager for Domains
and the Server Manager?
</p><p>
-<a class="indexterm" name="id2657705"></a>
-<a class="indexterm" name="id2657712"></a>
+<a class="indexterm" name="id2657660"></a>
+<a class="indexterm" name="id2657667"></a>
Microsoft distributes a version of these tools called <code class="filename">Nexus.exe</code> for installation
on <span class="application">Windows 9x/Me</span> systems. The tools set includes:
</p><div class="itemizedlist"><ul type="disc"><li><p>Server Manager</p></li><li><p>User Manager for Domains</p></li><li><p>Event Viewer</p></li></ul></div><p>
Download the archived file at the Microsoft <a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" target="_top">Nexus</a> link.
</p><p>
-<a class="indexterm" name="id2657766"></a>
-<a class="indexterm" name="id2657773"></a>
-<a class="indexterm" name="id2657780"></a>
+<a class="indexterm" name="id2657721"></a>
+<a class="indexterm" name="id2657728"></a>
+<a class="indexterm" name="id2657735"></a>
The <span class="application">Windows NT 4.0</span> version of the User Manager for
Domains and Server Manager are available from Microsoft
<a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">via ftp</a>.
-</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2657
803"></a>Remote Desktop Management</h2></div></div></div><p>
-<a class="indexterm" name="id2657811"></a>
-<a class="indexterm" name="id2657818"></a>
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2657
758"></a>Remote Desktop Management</h2></div></div></div><p>
+<a class="indexterm" name="id2657766"></a>
+<a class="indexterm" name="id2657773"></a>
There are a number of possible remote desktop management solutions that range from free
through costly. Do not let that put you off. Sometimes the most costly solution is the
most cost effective. In any case, you will need to draw your own conclusions as to which
is the best tool in your network environment.
-</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2657
831"></a>Remote Management from NoMachine.Com</h3></div></div></div><p>
- <a class="indexterm" name="id2657840"></a>
+</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2657
787"></a>Remote Management from NoMachine.Com</h3></div></div></div><p>
+ <a class="indexterm" name="id2657795"></a>
The following information was posted to the Samba mailing list at Apr 3 23:33:50 GMT 2003.
It is presented in slightly edited form (with author details omitted for privacy reasons).
The entire answer is reproduced below with some comments removed.
</p><p>“<span class="quote">
-<a class="indexterm" name="id2657855"></a>
+<a class="indexterm" name="id2657811"></a>
I have a wonderful Linux/Samba server running as PDC for a network. Now I would like to add remote
desktop capabilities so users outside could login to the system and get their desktop up from home or
another country.
</span>”</p><p>“<span class="quote">
-<a class="indexterm" name="id2657870"></a>
-<a class="indexterm" name="id2657878"></a>
-<a class="indexterm" name="id2657884"></a>
-<a class="indexterm" name="id2657891"></a>
+<a class="indexterm" name="id2657826"></a>
+<a class="indexterm" name="id2657833"></a>
+<a class="indexterm" name="id2657839"></a>
+<a class="indexterm" name="id2657846"></a>
Is there a way to accomplish this? Do I need a Windows Terminal server? Do I need to configure it so
it is a member of the domain or a BDC or PDC? Are there any hacks for MS Windows XP to enable remote login
even if the computer is in a domain?
Answer provided: Check out the new offer of “<span class="quote">NX</span>” software from
<a class="ulink" href="http://www.nomachine.com/" target="_top">NoMachine</a>.
</p><p>
-<a class="indexterm" name="id2657922"></a>
-<a class="indexterm" name="id2657928"></a>
-<a class="indexterm" name="id2657935"></a>
+<a class="indexterm" name="id2657877"></a>
+<a class="indexterm" name="id2657884"></a>
+<a class="indexterm" name="id2657891"></a>
It implements an easy-to-use interface to the Remote X protocol as
well as incorporating VNC/RFB and rdesktop/RDP into it, but at a speed
performance much better than anything you may have ever seen.
</p><p>
-<a class="indexterm" name="id2657949"></a>
+<a class="indexterm" name="id2657904"></a>
Remote X is not new at all, but what they did achieve successfully is
a new way of compression and caching technologies that makes the thing
fast enough to run even over slow modem/ISDN connections.
</p><p>
-<a class="indexterm" name="id2657963"></a>
-<a class="indexterm" name="id2657970"></a>
-<a class="indexterm" name="id2657976"></a>
-<a class="indexterm" name="id2657983"></a>
+<a class="indexterm" name="id2657918"></a>
+<a class="indexterm" name="id2657925"></a>
+<a class="indexterm" name="id2657932"></a>
+<a class="indexterm" name="id2657938"></a>
I test drove their (public) Red Hat machine in Italy, over a loaded
Internet connection, with enabled thumbnail previews in KDE konqueror,
which popped up immediately on “<span class="quote">mouse-over</span>”. From inside that (remote X)
To test the performance, I played Pinball. I am proud to announce
that my score was 631,750 points at first try.
</p><p>
-<a class="indexterm" name="id2658002"></a>
-<a class="indexterm" name="id2658009"></a>
-<a class="indexterm" name="id2658015"></a>
-<a class="indexterm" name="id2658022"></a>
+<a class="indexterm" name="id2657957"></a>
+<a class="indexterm" name="id2657964"></a>
+<a class="indexterm" name="id2657971"></a>
+<a class="indexterm" name="id2657978"></a>
NX performs better on my local LAN than any of the other “<span class="quote">pure</span>”
connection methods I use from time to time: TightVNC, rdesktop or
Remote X. It is even faster than a direct crosslink connection between
two nodes.
</p><p>
-<a class="indexterm" name="id2658039"></a>
-<a class="indexterm" name="id2658046"></a>
-<a class="indexterm" name="id2658053"></a>
+<a class="indexterm" name="id2657995"></a>
+<a class="indexterm" name="id2658002"></a>
+<a class="indexterm" name="id2658008"></a>
I even got sound playing from the Remote X app to my local boxes, and
had a working “<span class="quote">copy'n'paste</span>” from an NX window (running a KDE session
in Italy) to my Mozilla mailing agent. These guys are certainly doing
full-screen, and after a short time you forget that it is a remote session
at all).
</p><p>
-<a class="indexterm" name="id2658103"></a>
+<a class="indexterm" name="id2658058"></a>
Now the best thing for last: All the core compression and caching
technologies are released under the GPL and available as source code
to anybody who wants to build on it! These technologies are working,
you can now use a (very inconvenient) command line at no cost,
but you can buy a comfortable (proprietary) NX GUI front end for money.
</p></li><li><p>
-<a class="indexterm" name="id2658166"></a>
-<a class="indexterm" name="id2658172"></a>
-<a class="indexterm" name="id2658179"></a>
-<a class="indexterm" name="id2658186"></a>
-<a class="indexterm" name="id2658193"></a>
+<a class="indexterm" name="id2658122"></a>
+<a class="indexterm" name="id2658128"></a>
+<a class="indexterm" name="id2658135"></a>
+<a class="indexterm" name="id2658142"></a>
+<a class="indexterm" name="id2658148"></a>
NoMachine is encouraging and offering help to OSS/Free Software implementations
for such a front-end too, even if it means competition to them (they have written
to this effect even to the LTSP, KDE, and GNOME developer mailing lists).
- </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2658
207"></a>Remote Management with ThinLinc</h3></div></div></div><p>
+ </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2658
163"></a>Remote Management with ThinLinc</h3></div></div></div><p>
Another alternative for remote access is <span class="emphasis"><em>ThinLinc</em></span> from Cendio.
</p><p>
-<a class="indexterm" name="id2658223"></a>
-<a class="indexterm" name="id2658230"></a>
-<a class="indexterm" name="id2658237"></a>
-<a class="indexterm" name="id2658244"></a>
-<a class="indexterm" name="id2658251"></a>
-<a class="indexterm" name="id2658257"></a>
-<a class="indexterm" name="id2658264"></a>
-<a class="indexterm" name="id2658270"></a>
+<a class="indexterm" name="id2658179"></a>
+<a class="indexterm" name="id2658185"></a>
+<a class="indexterm" name="id2658192"></a>
+<a class="indexterm" name="id2658199"></a>
+<a class="indexterm" name="id2658206"></a>
+<a class="indexterm" name="id2658213"></a>
+<a class="indexterm" name="id2658219"></a>
+<a class="indexterm" name="id2658226"></a>
ThinLinc is a terminal server solution that is available for Linux and Solaris based on standard
protocols such as SSH, TightVNC, NFS and PulseAudio.
</p><p>
-<a class="indexterm" name="id2658283"></a>
-<a class="indexterm" name="id2658290"></a>
+<a class="indexterm" name="id2658238"></a>
+<a class="indexterm" name="id2658245"></a>
ThinLinc an be used both in the LAN environment to implement a Thin Client strategy for an organization, and as
secure remote access solution for people working from remote locations, even over smallband connections.
ThinLinc is free to use for a single concurrent user.
</p><p>
-<a class="indexterm" name="id2658304"></a>
-<a class="indexterm" name="id2658311"></a>
-<a class="indexterm" name="id2658318"></a>
+<a class="indexterm" name="id2658260"></a>
+<a class="indexterm" name="id2658267"></a>
+<a class="indexterm" name="id2658274"></a>
The product can also be used as a frontend to access Windows Terminal Server or Citrix farms, or even Windows
XP machines, securing the connection via the ssh protocol. The client is available both for Linux (supporting
all Linux distributions as well as numerous thin terminals) and for Windows. A Java-based Web client is also
<a class="ulink" href="http://pulseaudio.org" target="_top">PulseAudio</a> , unfsd,
<a class="ulink" href="http://www.python.org" target="_top">Python</a> and
<a class="ulink" href="http://www.rdesktop.org" target="_top">rdesktop</a>.
- </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id26583
92"></a>Network Logon Script Magic</h2></div></div></div><p>
+ </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id26583
48"></a>Network Logon Script Magic</h2></div></div></div><p>
There are several opportunities for creating a custom network startup configuration environment.
</p><div class="itemizedlist"><ul type="disc"><li><p>No Logon Script.</p></li><li><p>Simple universal Logon Script that applies to all users.</p></li><li><p>Use of a conditional Logon Script that applies per-user or per-group attributes.</p></li><li><p>Use of Samba's preexec and postexec functions on access to the NETLOGON share to create
a custom logon script and then execute it.</p></li><li><p>User of a tool such as KixStart.</p></li></ul></div><p>
</p><p>
The following listings are from the genlogon directory.
</p><p>
-<a class="indexterm" name="id2658463"></a>
+<a class="indexterm" name="id2658418"></a>
This is the <code class="filename">genlogon.pl</code> file:
</p><pre class="programlisting">
</pre><p>
</p><p>
Those wishing to use a more elaborate or capable logon processing system should check out these sites:
-</p><div class="itemizedlist"><ul type="disc"><li><p><a class="ulink" href="http://www.craigelachie.org/rhacer/ntlogon" target="_top">http://www.craigelachie.org/rhacer/ntlogon</a></p></li><li><p><a class="ulink" href="http://www.kixtart.org" target="_top">http://www.kixtart.org</a></p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2658
618"></a>Adding Printers without User Intervention</h3></div></div></div><p>
-<a class="indexterm" name="id2658626"></a>
+</p><div class="itemizedlist"><ul type="disc"><li><p><a class="ulink" href="http://www.craigelachie.org/rhacer/ntlogon" target="_top">http://www.craigelachie.org/rhacer/ntlogon</a></p></li><li><p><a class="ulink" href="http://www.kixtart.org" target="_top">http://www.kixtart.org</a></p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2658
573"></a>Adding Printers without User Intervention</h3></div></div></div><p>
+<a class="indexterm" name="id2658582"></a>
Printers may be added automatically during logon script processing through the use of:
</p><pre class="screen">
<code class="prompt">C:\> </code><strong class="userinput"><code>rundll32 printui.dll,PrintUIEntry /?</code></strong>
</pre><p>
See the documentation in the <a class="ulink" href="http://support.microsoft.com/default.asp?scid=kb;en-us;189105" target="_top">Microsoft Knowledge Base article 189105</a>.
-</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id26586
61"></a>Limiting Logon Connections</h3></div></div></div><p>
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id26586
16"></a>Limiting Logon Connections</h3></div></div></div><p>
Sometimes it is necessary to limit the number of concurrent connections to a
Samba shared resource. For example, a site may wish to permit only one network
logon per user.
git.samba.org / abartlet / samba-debian.git / blobdiff