- 301,090 hits
Anything about Ubuntu, Centos, openSuSe and Fedora
This guide will help to install and configure a SAMBA Windows File Server that acts as a PDC using tbsam, Although it is suggested to have it configured with LDAP authtentication backend, many small office still cater this kind of configuration.
Here’s the details:
1. Install the Samba File Server and necessary packages.
#> yum groupinstall "Windows File Server"
2. Prepare the necessary directories needed for netlogon.
#> mkdir -p /home/samba/netlogon
3. For new users to have a directory called profile in their home directory, add a folder called “profiles” in the /etc/skel. For existing users, just add the folder “profiles” to their home directories and change the ownership to their corresponding owners.
4. Backup the existing /etc/samba/smb.conf file first before using the configuration below:
[global] #Server Declaration workgroup = MYDOMAIN netbios name = FILESERVER001 server string = File Server %v #Security Properties security = user domain master = yes preferred master = yes local master = yes domain logons = yes wins support = yes os level = 65 name resolve order = wins bcast hosts #Login Configurations logon path = \\%L\%U\profiles logon drive = H: logon home = \\%L\%U logon script = logon.bat #User Scripts add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -a -G '%g' '%u' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' add user script = /usr/sbin/useradd -m -G users '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u' delete user script = /usr/sbin/userdel -r '%u' idmap uid = 1000 - 20000 idmap gid = 1000 - 20000 #Passwords passdb backend = tdbsam:/etc/samba/passdb.tdb passwd program = /usr/bin/passwd '%u' passwd chat = "*Enter\snew\sUnix\spassword:*" %n\n "*retype\snew\sUnix\spassword:" %n\n. "*updated successfuly*" passwd chat debug = yes encrypt passwords = yes unix password sync = yes enable privileges = yes username map = /etc/samba/smbusers # Log File log file = /var/log/samba/%m.log log level = 3 max log size = 50 #Other Configurations socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printing = cups printcap name = cups show add printer wizard = No #============================ Share Definitions ============================== [netlogon] path = /home/samba/netlogon admin users = root guest ok = yes browsable = no valid users = %U read only = no admin users = Administrator [profiles] path = /home/%U/profiles create mode = 0600 directory mode = 0700 profile acls = Yes read only = No [homes] comment = Home Directories browseable = no writeable = yes valid users = %S create mode = 777 directory mode = 777 [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes
5. Modify the /etc/nsswitch.conf, your hosts line should look like this:
hosts: files wins dns
6. Modify the /etc/samba/smbusers, the root usermap should look like this:
root = administrator Administrator admin
7. Link SAMBA and Linux user groups, from root access, execute the following commands:
#> net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d #> net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d #> net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
After each commands, the system should response with the following message.
Successfully added group Domain ... to the mapping db as a domain group
8. To additional groups, perform the following:
#> groupadd <linux group> #> net groupmap add ntgroup="<windows group>" unixgroup=<linux group> type=d
Note: the rid value should be the succeeding number of the previously entered value.
9. Add root to the samba users, to be used in domain authentication on windows workstations.
#> smbpasswd -a root #> smbpasswd -e root
10. Check your configurations and verify that you have entered the correct settings.
11.Restart the samba service, also start the winbind service it not yet running.
#> service smb restart #> service winbind start
12. Test the Administrator access first
#> smbclient -L localhost -U enter the root password
12. To add new users, you can use the basic commands:
#> useradd -m -G users <username> #> passwd <username> #> smbpasswd -a <username>
Also note that new users and groups should be in range from 1000 to 20000, else modify the idmap declarations in /etc/samba/smb.conf.
13. Restart the samba service again, and check of the new user will be authenticated when accessing the samba shares.
$> smbclient -L localhost -U <username> enter the <username's> password
14. Configure the windows workstation and join them to your new samba file server using the details below:
Domainname: MYDOMAIN Administrator Account: Administrator Password: <your root password>