Chris Mason, On Saturday July 06, 2002 12:54, you said something about: <snip> > 1: When converting a standalone workstation into the domain, how do you > keep the user's settings, bookmarks, etc? When I have them log into the > domain all the settings are those of the default user.
I think others have answered this well enough. > 2: At the moment all workstations get an IP/DNS/gateway via DHCP from > the gateway. > One of the clients requirements is to only allow internet access to > certain users for obvious reasons, as email is handled by the internal > server. > I'm not sure how that can be done. I could make that only certain > workstations, and give no gateway in the dhcp settings, setting it by > hand on the workstations that need it. Any other ideas? One possible solution is to use squid as a transparent proxy and then use NT profiles to set usernames for access. > 3: We have networked printers connected to the network directly with > network interfaces. I'd like to have restricted access to some of the > printers. How can I do that? I'm guessing group permissions but I am not > sure if the HP printers will work with that. You could allow the server to act as a spool control. Either LPD or CUPS can handle spooling for network attached printers and samba can handle the permissions. > 4: How can I set up the named so that the workstations can tell named > what IP they are using? I'm talking about windows dynamic dns updates, I > suppose. I know I often see this in my server logs as named rejects the > updates, will adding "allow updates from 192.168.100" allow the > workstations to add a zone entry for themselves? Do I have to add each > workstation's name to the zone to start? How do you get a Linux > workstation to do the same thing? Would I be better off using the server > for DHCP and can I tie DHCP and DNS together so each IP allocated gets a > name? It's not clear why you would need this. The only time it's important to "find" a machine using a name is when it has resources/services. If you are specifically trying to prevent users from placing things on these systems (ie. the hard drive) then it would seem illogical to need a "friendly name" to locate them as resources. It would seem much easier to simply put static entries such as "ws-100 A 192.168.1.100" and so on. If you are determined to do so, I believe there is some information on ISC's website (or perhaps the ML archives) that goes into this. But, IIRC, you will need the most recent versions of Bind and DHCPD. > 5: I'd like to prevent users getting access to the local hard drive at > all to prevent them from saving documents anywhere except their home > directories, is there a way to do that? You could use window's Profile Manager to make up your profiles (perhaps several for different level people) and have these loaded from the samba server at login. I forget the exact terminology at the moment, but it is something like "Allow access to drives..." and you can restrict both local and network drives. > Finally, if anyone needs any info on setting up a network as I have, let > me know. If you are feeling generous with the information you acquired and have put it into good documentation, you should consider giving back to the community by creating a "HOWTO". There would obviously always be people with the same/similar needs as your own and if you have written something useful and can distribute it, you can have that warm fuzzy feeling of helping your fellow man. If however you are like me, you are still waiting on the "post-it-note-to-docbook" conversion tool before gracing the world with your accumulated knowledge. ;) -- Brian Ashe CTO Dee-Web Software Services, LLC. [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
