- 266,439 hits
Anything about Ubuntu, Centos, openSuSe and Fedora
This guide will help to install and configure a SAMBA Windows File Server that acts as a PDC using tbsam, Although it is suggested to have it configured with LDAP authtentication backend, many small office still cater this kind of configuration.
Here’s the details:
1. Install the Samba File Server and necessary packages.
#> yum groupinstall "Windows File Server"
2. Prepare the necessary directories needed for netlogon.
#> mkdir -p /home/samba/netlogon
3. For new users to have a directory called profile in their home directory, add a folder called “profiles” in the /etc/skel. For existing users, just add the folder “profiles” to their home directories and change the ownership to their corresponding owners.
4. Backup the existing /etc/samba/smb.conf file first before using the configuration below:
[global] #Server Declaration workgroup = MYDOMAIN netbios name = FILESERVER001 server string = File Server %v #Security Properties security = user domain master = yes preferred master = yes local master = yes domain logons = yes wins support = yes os level = 65 name resolve order = wins bcast hosts #Login Configurations logon path = \\%L\%U\profiles logon drive = H: logon home = \\%L\%U logon script = logon.bat #User Scripts add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -a -G '%g' '%u' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' add user script = /usr/sbin/useradd -m -G users '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u' delete user script = /usr/sbin/userdel -r '%u' idmap uid = 1000 - 20000 idmap gid = 1000 - 20000 #Passwords passdb backend = tdbsam:/etc/samba/passdb.tdb passwd program = /usr/bin/passwd '%u' passwd chat = "*Enter\snew\sUnix\spassword:*" %n\n "*retype\snew\sUnix\spassword:" %n\n. "*updated successfuly*" passwd chat debug = yes encrypt passwords = yes unix password sync = yes enable privileges = yes username map = /etc/samba/smbusers # Log File log file = /var/log/samba/%m.log log level = 3 max log size = 50 #Other Configurations socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printing = cups printcap name = cups show add printer wizard = No #============================ Share Definitions ============================== [netlogon] path = /home/samba/netlogon admin users = root guest ok = yes browsable = no valid users = %U read only = no admin users = Administrator [profiles] path = /home/%U/profiles create mode = 0600 directory mode = 0700 profile acls = Yes read only = No [homes] comment = Home Directories browseable = no writeable = yes valid users = %S create mode = 777 directory mode = 777 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes
5. Modify the /etc/nsswitch.conf, your hosts line should look like this:
hosts: files wins dns
6. Modify the /etc/samba/smbusers, the root usermap should look like this:
root = administrator Administrator admin
7. Link SAMBA and Linux user groups, from root access, execute the following commands:
#> net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d #> net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d #> net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
After each commands, the system should response with the following message.
Successfully added group Domain ... to the mapping db as a domain group
8. To additional groups, perform the following:
#> groupadd <linux group> #> net groupmap add ntgroup="<windows group>" unixgroup=<linux group> type=d
Note: the rid value should be the succeeding number of the previously entered value.
9. Add root to the samba users, to be used in domain authentication on windows workstations.
#> smbpasswd -a root #> smbpasswd -e root
10. Check your configurations and verify that you have entered the correct settings.
11.Restart the samba service, also start the winbind service it not yet running.
#> service smb restart #> service winbind start
12. Test the Administrator access first
#> smbclient -L localhost -U enter the root password
12. To add new users, you can use the basic commands:
#> useradd -m -G users <username> #> passwd <username> #> smbpasswd -a <username>
Also note that new users and groups should be in range from 1000 to 20000, else modify the idmap declarations in /etc/samba/smb.conf.
13. Restart the samba service again, and check of the new user will be authenticated when accessing the samba shares.
$> smbclient -L localhost -U <username> enter the <username's> password
14. Configure the windows workstation and join them to your new samba file server using the details below:
Domainname: MYDOMAIN Administrator Account: Administrator Password: <your root password>
I got three sets of USB External Hard Drive I’m using for my system backup. Need it to have a hotplug capability to have multiple copies of backup. The backup operations are done midnight of the schedule date.
Here’s my list:
The previous problem I’ve encoutered is that I need to manually mount them as:
/backup/daily /backup/weekly /backup/monthly
My backup script tend to use them on that location. So I made this udev script that will fix them and automatically mount and umount them. Though the umount should be safely done, but in case you forgot to umount the drive, the script will umount them for you.
Here’s my /etc/udev/rules.d/10-backupdrives.rules
ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPD*", RUN+="/bin/mount /dev/%k /backup/daily",OPTIONS="last_rule" ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPW*", RUN+="/bin/mount /dev/%k /backup/weekly",OPTIONS="last_rule" ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPM*", RUN+="/bin/mount /dev/%k /backup/monthly",OPTIONS="last_rule" ACTION=="remove",KERNEL=="sd[b-z][1-9]",RUN+="/bin/umount /dev/%k",OPTIONS="last_rule"