How to configure WORKGROUP name via DRBL-Winroll ?

How to use auto-setup Network Configuration via DRBL-Winroll ?

1. DRBL-Winroll use DHCP as default for Windows clients
2. Advanced mode : By config file
Make sure CONFIG_NETWORK_MODE = /RDF:C:\cygwin\drbl_winroll-config\client-mac-network.conf in winroll.conf,
then edit c:\cygwin\drbl_winroll-config\client-mac-network.conf

The follow is a sample for client-mac-network.conf :

_DEFAULT_NETWORK	= 192.168.100.254/24 # assign network and netmask
_DEFAULT_GATEWAY	= 192.168.100.254		# assign default gateway
_DEFAULT_DNS		= 168.95.1.1	# DNS, it could be empty, one or many values (use "comma"(,) as separated ) 
_DEFAULT_WINS		= 192.168.100.1	# WINS, it could be empty, one or many values (use "comma"(,) as separated ) 
_DEFAULT_DNS_SUFFIX	= # DNS_SUFFIX, it could be empty,
subnet 10.0.2.0/8 {
	THIS_GATEWAY	= 10.0.2.2 # use 10.0.2.2 as default gateway for this network
	THIS_DNS	= 10.0.1.1	# use 10.0.1.1 as default DNS for this network
	THIS_WINS	= 		# Use nothing as _DEFAULT_WINS value
	# This subnet would inherit the "_DEFAULT_DNS_SUFFIX" value form global settings
	# because no set value for it in this session
}
subnet 192.168.0.0/24 {
	THIS_GATEWAY		= 192.168.0.254
	THIS_DNS			= 192.168.0.1
	#THIS _WINS
	# This subnet would inherit "_DEFAULT_WINS" and 
	# "_DEFAULT_DNS_SUFFIX" value form global settings 
}
[IP Address]
00-00-00-00-00-01 = 192.168.100.11
00-ひく00-ひく00-ひく00-ひく00-ひく02 =わ 10.0.2.30 # it would use settings of subnet 10.0.2.0/8
00-ひく00-ひく00-ひく00-ひく00-ひく03 =わ 192.168.0.7 # it would use settings of subnet 192.168.0.0/24
00-00-00-00-00-04 = dhcp # uses dhcp
00-00-00-00-00-05 = none # skip this NIC

3. There two samples for network cofiguration in c:\cygwin\drbl_winroll-doc\sample\
• client-mac-network.conf.1.sample : For single subnet
• client-mac-network.conf.2.sample : For multiple subnets

How to setup auto-add to AD domain function ?

1. Follow the installation step and input necessary information (AD domain name, valid user account and password)
2. After mass deployment, clients would show the message of domain modification and reboot by themself. As the right image show :

Explanation :

• What to setup : After it added the audo-add to AD function, system would add a batch file "add2ad.bat" in 'c:\cygwin\drbl_winroll-config\'. The contents as the follow:
  netdom join %computername% /domain:[DOMAIN] /userd:[USER] /passwordd:[PASSWORD] /reboot:8
• How to work :Client will execute the batch file untill system is ready (it means to already done for hostname fix, network environment...). If it succeeds, system would delete the batch file automatically for security issue (due to user account and password) and create a new file "c:\cygwin\drbl_winroll-config\add2ad.md5". It records a value that the md5sum result for this machine's phyical address of NIC

Note :

• System use netdom.exe command to do the auto-add to AD function. So, please make sure netdom.exe is ready in it. (Suggest to test if netdom.exe command works under command mode)
Windows XP : please refer here
Windows Vista : please refer here
Windows 7/Server 2008 : please refer here
• For do the mass deployment, please DO NOTadd to AD domain before you image it as a template. It also avoid to reboot it into Windows system after DRBL-winroll installation (Because that will lead to client add to AD domain too)
• Need to renew SID ? Clients don't need to renew SID if it use Windows 2003 (or later) as AD server. It can work fine that clients have different hostname but the same SID in domain. Of course, DRBL-winroll can do it after clients renew SID if necessary

How to setup system monitor service for Windows clients ?

• Client site
1. During installing, it would query if to install system monitor service. Please type "y" then press [Enter] (default by 'No'). The "Munin Node for DRBL-winroll" installer will popup and start to install daemon, show as follow:
   
   Munin Node for DRBL-winroll Installer
2. Follow the steps to complete installation
• Server site
1. For example : use Ubuntu Lucid, suggest to pre-install apache2 to easy view the reports of clients system via web, then install munin package, as the follow
sudo apt-get install apache2 munin munin-node
2. Download DRBL-winroll Server-site package server-site-*.tgz then unpack it.Excute gen_munin_clients_conf.sh to collect clients' informaction as configuration file. As the follow :
$ tar xzf server-site-v167.tgz ; cd server-site ; sudo ./gen_munin_clients_conf.sh
3. Script would get ip/hostname of clients for report via user assignment, then output to a configuration for Munin, named: "munin-winroll-clients.conf" . It would help user to configure and restart crontab in server for supported Linux distribution. As the follow:
   Get ip list from DRBL server [Y/n]y
   Domain name [domain.localdomain]
   Set domain name as : domain.localdomain ...
   Get clients hostname via Munin service ? Default from local /etc/hosts [N/y]
   Still to keep the record if get hostname fail (to use ip as hostname) [N/y]
   get hostname of '192.168.101.1' :PC101
   get hostname of '192.168.101.2' :PC102
   get hostname of '192.168.101.3' :PC103
   Total 3 record(s) done in 'munin-winroll-clients.conf'
   Please copy the file into correct folder for Munin (ex: /etc/munin/munin-conf.d) then restart munin daemon (ex: $ sudo -u munin munin-cron)
   
4. If need, please copy the configuration file into correct directory for Munin server (ex: /etc/munin/munin-conf.d in Ubuntu Lucid ) then restart munin-cron to create necessary data for report. As the follow:
   $ sudo cp munin-winroll-clients.conf /etc/munin/munin-conf.d ; sudo -u munin munin-cron
• Where to view report
It would be easy to view the report by web page via http://localhost/munin on monitor server. By default, Munin report web only be accessible from localhost. Please refer Munin document for details about remote access and security issue.

Note :

• Acknowledge :Thansk to Munin Nodes win32 project. DRBL-winroll do repackage the installer via NSIS. Users can refer the NSIS configuration in ~/drbl-winroll/tool/munin-node-winroll.nsi if needs

How to renew MS Windows SID ?

1. Please choose (and pre-download) your renew sid tool that support to run as command mode, ex:NewSID v4.10; Answer 'y' to setup "SID-check" service, give the full path of tool (an executable file) and the appropriate parameters for it(ex: use '/a /n' for newsid.exe). As the follow :

Setup 'SID-check' service
2. Service would record NIC mac address of Windows machine, it would give a new SID if service discover a new one mac address.
3. For security reason , SID should be given randomly, And service would encode the mac address what it discover via md5sum
4. DRBL-Winroll would startup first time after installation finished if you did setup 'SID-check' service. Please wait until system reboot by itself.

Firt time to start SID-check service after installation and wait until system reboot by itself
Note: Some news about "NewSid Retired ?" [1] [2]

How to make Windows clients to accept the commands form DRBL server automatically ?

0. Switch to root in your DRBL serer. Make sure do "id_rsa" and "id_rsa.pub" exist in /root/.ssh , jump to stpe 3 if yes.
1. Create root's ssh keys (private and public key) , and press [Enter] when it asks "passphrase " ( mean no passphrase)
$ ssh-keygen -d
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fe:56:XX:XX:XX:XX:XX:XX:XX:XX:83:ff:42
root@drbl-server

2. It would create "id_rsa" and "id_rsa.pub" in /root/.ssh, ex:
$ ls /root/.ssh
id_dsa id_dsa.pub

3. "Copy" (ex: use "scp" command or usb flash) id_rsa.pub from DRBL server to Windows and save the file name as "authorized_keys" in Administrator's .ssh folder of cygwin home directory (c:\cygwin\home\administrator\.ssh), ex :
   c:\your\windows\path> copy [path-of-id_dsa.pub] c:\cygwin\home\administrator\.ssh\authorized_keys
   Or use "ssh-copy-id" command on DRBL server to transmit
   sudo ssh-copy-id -i ~/.ssh/id_rsa.pub administrator@[win-client-ip]

Store public key in c:\cygwin\home\administrator\.ssh named as "authorized_keys"
4. you can test the result via to send a command from drbl server to MS-client. It would not ask password if you setup the above steps correctly ,ex:
   
$ ssh administrator@[win-client-ip] ipconfig


5. After all, you can send a command to clients from DRBL server via "/opt/drbl/sbin/dcs" command.

Note :

• Except Windows NT and Windows XP, DRBL-winroll would create a new account "cyg_server" as ssh daemon runner. So, please DO NOT change its password or disable it. That would lead to ssd daemon be out of service.
• For security issue, its password be created by random with 8 strings and be stored in "C:\cygwin\drbl_winroll-config\SSHD_SERVER_PW.txt" file。

Language Support

• DRBL-winroll suppports the follow languages, and thanks the people's effort in language transaltion and testbed report !!
• Traditional Chinese
• English
• French : Joël Gondouin (joel_at_gondouin_net)
• Dutch : Dave Haakenhout (Almere, Netherlands)
• Swedish : Yngve Spång (Systemkonsult AB)
• Spanish : Artz Neo (artzneo_at_linuxmail_org)
• Help us to translate !![How to]

Other

• Text FAQ : [ Chinese ] [English ]
• Web FAQ : Read here
• History : Read here
• Other Tools
• [Stable]
• EZ command sender : EZ-commands
Description: A easy toolkit to send commands from windows client to server
• [Testing]
• User desktop recover tool : winroll-recover
Description: Windows user desktop recover tool. More detail please read inside document.