SAMBA PDC on Centos 5.5

This guide will help to install and configure a SAMBA Windows File Server that acts as a PDC using tbsam, Although it is suggested to have it configured with LDAP authtentication backend, many small office still cater this kind of configuration.

Here’s the details:

1. Install the Samba File Server and necessary packages.

#> yum groupinstall "Windows File Server"

2. Prepare the necessary directories needed for netlogon.

#> mkdir -p /home/samba/netlogon

3. For new users to have a directory called profile in their home directory, add a folder called “profiles” in the /etc/skel. For existing users, just add the folder “profiles” to their home directories and change the ownership to their corresponding owners.

4. Backup the existing /etc/samba/smb.conf file first before using the configuration below:

[global]
 #Server Declaration
 workgroup = MYDOMAIN
 netbios name = FILESERVER001
 server string = File Server  %v

 #Security Properties
 security = user
 domain master = yes
 preferred master = yes
 local master = yes
 domain logons = yes
 wins support = yes
 os level = 65
 name resolve order = wins bcast hosts

 #Login Configurations
 logon path = \\%L\%U\profiles
 logon drive = H:
 logon home = \\%L\%U
 logon script = logon.bat

 #User Scripts
 add group script = /usr/sbin/groupadd '%g'
 delete group script = /usr/sbin/groupdel '%g'
 add user to group script = /usr/sbin/usermod -a -G '%g' '%u'
 delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
 add user script = /usr/sbin/useradd -m -G users '%u'
 add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
 delete user script = /usr/sbin/userdel -r '%u'
 idmap uid = 1000 - 20000
 idmap gid = 1000 - 20000

 #Passwords
 passdb backend = tdbsam:/etc/samba/passdb.tdb
 passwd program = /usr/bin/passwd '%u'
 passwd chat = "*Enter\snew\sUnix\spassword:*" %n\n "*retype\snew\sUnix\spassword:" %n\n. "*updated successfuly*"
 passwd chat debug = yes
 encrypt passwords = yes
 unix password sync = yes
 enable privileges = yes
 username map = /etc/samba/smbusers

 # Log File
 log file = /var/log/samba/%m.log
 log level = 3
 max log size = 50

 #Other Configurations
 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
 printing = cups
 printcap name = cups
 show add printer wizard = No

#============================ Share Definitions ==============================

[netlogon]
 path = /home/samba/netlogon
 admin users = root
 guest ok = yes
 browsable = no
 valid users = %U
 read only = no
 admin users = Administrator

[profiles]
 path = /home/%U/profiles
 create mode = 0600
 directory mode = 0700
 profile acls = Yes
 read only = No

[homes]
 comment = Home Directories
 browseable = no
 writeable = yes
 valid users = %S
 create mode = 777
 directory mode = 777

[printers]
 comment = All Printers
 path = /var/spool/samba
 browseable = no
 guest ok = no
 writable = no
 printable = yes

5. Modify the /etc/nsswitch.conf, your hosts line should look like this:

hosts:  files wins dns

6. Modify the /etc/samba/smbusers, the root usermap should look like this:

root = administrator Administrator admin

7.  Link SAMBA and Linux user groups, from root access, execute the following commands:

#>  net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d 
#>  net groupmap add ntgroup="Domain Users"  unixgroup=users rid=513 type=d
#>  net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d

After each commands, the system should response with the following message.

Successfully added group Domain ... to the mapping db as a domain group

8. To additional groups, perform the following:

#> groupadd <linux group>
#> net groupmap add ntgroup="<windows group>" unixgroup=<linux group> type=d

Note: the rid value should be the succeeding number of the previously entered value.

9.  Add root to the samba users, to be used in domain authentication on windows workstations.

#> smbpasswd -a root
#> smbpasswd -e root

10. Check your configurations and verify that you have entered the correct settings.

#> testparm

11.Restart the samba service, also start the winbind service it not yet running.

#> service smb restart
#> service winbind start

12. Test the Administrator access first

#> smbclient -L localhost -U
   enter the root password

12. To add new users, you can use the basic commands:

#> useradd -m -G users <username>
#> passwd <username>
#> smbpasswd -a <username>

Also note that new users and groups should be in range from 1000 to 20000, else modify the idmap declarations in /etc/samba/smb.conf.

13. Restart the samba service again, and check of the new user will be authenticated when accessing the samba shares.

$> smbclient -L localhost -U <username>
enter the <username's> password

14. Configure the windows workstation and join them to your new samba file server using the details below:

Domainname: MYDOMAIN
Administrator Account: Administrator
Password: <your root password>

15. Done.

UDEV: Mount and Unmount External Drive

I got three sets of USB External Hard Drive I’m using for my system backup. Need it to have a hotplug capability to have multiple copies of backup. The backup operations are done midnight of the schedule date.

Here’s my list:

1. Daily Backup – two (2) sets of hard drive of 500GB
2. Weekly Backup – two (2) sets of hard drive with capacity of 1TB
3. Monthly  Backup one (1) set capacity of 1TB

The previous problem I’ve encoutered is that I need to manually mount them as:

/backup/daily
/backup/weekly
/backup/monthly

My backup script tend to use them on that location. So I made this udev script that will fix them and automatically mount and umount them. Though the umount should be safely done, but in case you forgot to umount the drive, the script will umount them for you.

Here’s my /etc/udev/rules.d/10-backupdrives.rules

ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPD*", RUN+="/bin/mount /dev/%k /backup/daily",OPTIONS="last_rule"
ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPW*", RUN+="/bin/mount /dev/%k /backup/weekly",OPTIONS="last_rule"
ACTION=="add",KERNEL=="sd[b-z][1-9]", PROGRAM="/sbin/blkid -s LABEL /dev/%k",RESULT=="*BACKUPM*", RUN+="/bin/mount /dev/%k /backup/monthly",OPTIONS="last_rule"
ACTION=="remove",KERNEL=="sd[b-z][1-9]",RUN+="/bin/umount /dev/%k",OPTIONS="last_rule"