Hardcore Linux

Anything about Ubuntu, Centos, openSuSe and Fedora

Tag Archives: samba pdc centos

SAMBA PDC on Centos 5.5

This guide will help to install and configure a SAMBA Windows File Server that acts as a PDC using tbsam, Although it is suggested to have it configured with LDAP authtentication backend, many small office still cater this kind of configuration.

Here’s the details:

1. Install the Samba File Server and necessary packages.

#> yum groupinstall "Windows File Server"

2. Prepare the necessary directories needed for netlogon.

#> mkdir -p /home/samba/netlogon

3. For new users to have a directory called profile in their home directory, add a folder called “profiles” in the /etc/skel. For existing users, just add the folder “profiles” to their home directories and change the ownership to their corresponding owners.

4. Backup the existing /etc/samba/smb.conf file first before using the configuration below:

 #Server Declaration
 workgroup = MYDOMAIN
 netbios name = FILESERVER001
 server string = File Server  %v

 #Security Properties
 security = user
 domain master = yes
 preferred master = yes
 local master = yes
 domain logons = yes
 wins support = yes
 os level = 65
 name resolve order = wins bcast hosts

 #Login Configurations
 logon path = \\%L\%U\profiles
 logon drive = H:
 logon home = \\%L\%U
 logon script = logon.bat

 #User Scripts
 add group script = /usr/sbin/groupadd '%g'
 delete group script = /usr/sbin/groupdel '%g'
 add user to group script = /usr/sbin/usermod -a -G '%g' '%u'
 delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
 add user script = /usr/sbin/useradd -m -G users '%u'
 add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
 delete user script = /usr/sbin/userdel -r '%u'
 idmap uid = 1000 - 20000
 idmap gid = 1000 - 20000

 passdb backend = tdbsam:/etc/samba/passdb.tdb
 passwd program = /usr/bin/passwd '%u'
 passwd chat = "*Enter\snew\sUnix\spassword:*" %n\n "*retype\snew\sUnix\spassword:" %n\n. "*updated successfuly*"
 passwd chat debug = yes
 encrypt passwords = yes
 unix password sync = yes
 enable privileges = yes
 username map = /etc/samba/smbusers

 # Log File
 log file = /var/log/samba/%m.log
 log level = 3
 max log size = 50

 #Other Configurations
 printing = cups
 printcap name = cups
 show add printer wizard = No

#============================ Share Definitions ==============================

 path = /home/samba/netlogon
 admin users = root
 guest ok = yes
 browsable = no
 valid users = %U
 read only = no
 admin users = Administrator

 path = /home/%U/profiles
 create mode = 0600
 directory mode = 0700
 profile acls = Yes
 read only = No

 comment = Home Directories
 browseable = no
 writeable = yes
 valid users = %S
 create mode = 777
 directory mode = 777

 comment = All Printers
 path = /var/spool/samba
 browseable = no
 guest ok = no
 writable = no
 printable = yes

5. Modify the /etc/nsswitch.conf, your hosts line should look like this:

hosts:  files wins dns

6. Modify the /etc/samba/smbusers, the root usermap should look like this:

root = administrator Administrator admin

7.  Link SAMBA and Linux user groups, from root access, execute the following commands:

#>  net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d 
#>  net groupmap add ntgroup="Domain Users"  unixgroup=users rid=513 type=d
#>  net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d

After each commands, the system should response with the following message.

Successfully added group Domain ... to the mapping db as a domain group

8. To additional groups, perform the following:

#> groupadd <linux group>
#> net groupmap add ntgroup="<windows group>" unixgroup=<linux group> type=d

Note: the rid value should be the succeeding number of the previously entered value.

9.  Add root to the samba users, to be used in domain authentication on windows workstations.

#> smbpasswd -a root
#> smbpasswd -e root

10. Check your configurations and verify that you have entered the correct settings.

#> testparm

11.Restart the samba service, also start the winbind service it not yet running.

#> service smb restart
#> service winbind start

12. Test the Administrator access first

#> smbclient -L localhost -U
   enter the root password

12. To add new users, you can use the basic commands:

#> useradd -m -G users <username>
#> passwd <username>
#> smbpasswd -a <username>

Also note that new users and groups should be in range from 1000 to 20000, else modify the idmap declarations in /etc/samba/smb.conf.

13. Restart the samba service again, and check of the new user will be authenticated when accessing the samba shares.

$> smbclient -L localhost -U <username>
enter the <username's> password

14. Configure the windows workstation and join them to your new samba file server using the details below:

Domainname: MYDOMAIN
Administrator Account: Administrator
Password: <your root password>

15. Done.

%d bloggers like this: