Linux provides an excellent platform for network file sharing. Given Linux’s  robust set of features, unparalleled customization, and lower TCO, This tutorial goes over the basics of installing and running Samba as a Domain Controller.

This configuration is useful only if you have a small network. For large networks read this tutorial only to understand how Samba works. Installing

Various distrobutions have multiple mechanisms for installing Samba. For Fedora or Most Redhat based Distributions, you can type in

yum install samba

 

Configuring

Once Samba is installed you will need to edit your smb.conf.

The file is usually found in /etc/samba/smb.conf

you would type in

vi /etc/samba/smb.conf

 

Global Directives

Configuring the global settings

[global]
   workgroup = DOMAIN
   netbios name = DOMAINSRV
   server string = %h server
   passdb backend = tdbsam
   security = user
   name resolve order = wins bcast hosts
   domain master = yes
   domain logons = yes
   preferred master = yes
   wins support = yes
   encrypt passwords = yes
   logon path = \DOMAINSRVprofiles%U

 

workgroup = DOMAIN
This directive sets the domain name for Samba as a PDC or as a Domain Member. In our case as a PDC.
netbios name = DOMAINSRV
The NetBIOS name by which a Samba server is known.
server string = %h server
This is the description of the server. %h will be replaced by the host name.
name resolve order = wins bcast hosts
The order in which netbios information is looked up
passdb backend = tdbsam
Samba database information on how  to store user, groups, machines and other information.
security = user
This establish which schema of security implement. For the Primary Domain Controller we should use user, to indicate the Samba server to handle itself the user information.
domain master = yes
Set Aamba to behave as domain controller. Be aware if a NT controller is running in the same net, it will behave strangely and may fail.
domain logons = yes
This directive allows NT4 workstations to log into the domain.
preferred master = yes
When more than one Domain Controllers are in the same net, all will claim to be the PDC. With this directive we increase the chances to this server to be the PDC.
wins support = yes
Turn on the Samba wins server capabilities.
encrypt passwords = yes
Some versions of Windows only log into domains that allows password encryption.
logon path = \DOMAINSRVprofiles%U
The domain users should store theirs profiles.

 

Profiles Entry

We need to share a folder in our server to store the domain users profiles.

[profiles]
comment = User profiles
path = /home/samba/profiles
valid users = %U
create mode = 0600
directory mode = 0700
writable = yes
browsable = no
guest ok = no

[profiles]
This is the name of the shared folder. In our case, the share path will be \DOMAINSRVprofiles
comment = User profiles
Description of the shared folder
path = /home/samba/profiles
The local path of the folder to be shared
valid users = %U
A list of valid users. %U will be replaced for the logged user name. This is tricky … the valid user will be the logged user.
create mode = 0600
This directive indicates the Samba that all files will be created with this permissions. Take note that the owner of the file will be the logged user.
directory mode = 0700
Same as create mode but for directories
writable = yes
Indicates the samba that this share can be written
browsable = no
This share can’t be browsed or listed
guest ok = no
No guest user allowed

vi /etc/nsswitch.conf

Edit this file on order to provide our system with NetBIOS host name resolve capabilities. There should be a line like :

host: files dns mdns

Add the wins option :

host:   files   wins   dns   mdns

Create the profile path

In this case will be something like

mkdir -p /home/samba/profiles

Restart the Samba server

Again, i am not explaining how to do this because it depends on the distribution.

Adding Users

First thing to do is adding the root user to the Samba database

smbpasswd -a root

Add the UNIX user account

useradd testuser

Add the Samba account

smbpasswd -a testuser

Adding a workstation to the domain Now, you should be able to join a machine into the domain using the root samba account. And then login from that machine using the testuser accou