Configuring Samba as a Primary Name Controller
Linux provides an excellent platform for network file sharing. Given Linux’s robust set of features, unparalleled customization, and lower TCO, This tutorial goes over the basics of installing and running Samba as a Domain Controller.
This configuration is useful only if you have a small network. For large networks read this tutorial only to understand how Samba works. Installing
Various distrobutions have multiple mechanisms for installing Samba. For Fedora or Most Redhat based Distributions, you can type in
yum install samba
Configuring
Once Samba is installed you will need to edit your smb.conf.
The file is usually found in /etc/samba/smb.conf
you would type in
vi /etc/samba/smb.conf
Global Directives
Configuring the global settings
[global]
workgroup = DOMAIN
netbios name = DOMAINSRV
server string = %h server
passdb backend = tdbsam
security = user
name resolve order = wins bcast hosts
domain master = yes
domain logons = yes
preferred master = yes
wins support = yes
encrypt passwords = yes
logon path = \DOMAINSRVprofiles%U
- workgroup = DOMAIN
- This directive sets the domain name for Samba as a PDC or as a Domain Member. In our case as a PDC.
- netbios name = DOMAINSRV
- The NetBIOS name by which a Samba server is known.
- server string = %h server
- This is the description of the server. %h will be replaced by the host name.
- name resolve order = wins bcast hosts
- The order in which netbios information is looked up
- passdb backend = tdbsam
- Samba database information on how to store user, groups, machines and other information.
- security = user
- This establish which schema of security implement. For the Primary Domain Controller we should use user, to indicate the Samba server to handle itself the user information.
- domain master = yes
- Set Aamba to behave as domain controller. Be aware if a NT controller is running in the same net, it will behave strangely and may fail.
- domain logons = yes
- This directive allows NT4 workstations to log into the domain.
- preferred master = yes
- When more than one Domain Controllers are in the same net, all will claim to be the PDC. With this directive we increase the chances to this server to be the PDC.
- wins support = yes
- Turn on the Samba wins server capabilities.
- encrypt passwords = yes
- Some versions of Windows only log into domains that allows password encryption.
- logon path = \DOMAINSRVprofiles%U
- The domain users should store theirs profiles.
Profiles Entry
We need to share a folder in our server to store the domain users profiles.
[profiles]
comment = User profiles
path = /home/samba/profiles
valid users = %U
create mode = 0600
directory mode = 0700
writable = yes
browsable = no
guest ok = no
- [profiles]
- This is the name of the shared folder. In our case, the share path will be \DOMAINSRVprofiles
- comment = User profiles
- Description of the shared folder
- path = /home/samba/profiles
- The local path of the folder to be shared
- valid users = %U
- A list of valid users. %U will be replaced for the logged user name. This is tricky … the valid user will be the logged user.
- create mode = 0600
- This directive indicates the Samba that all files will be created with this permissions. Take note that the owner of the file will be the logged user.
- directory mode = 0700
- Same as create mode but for directories
- writable = yes
- Indicates the samba that this share can be written
- browsable = no
- This share can’t be browsed or listed
- guest ok = no
- No guest user allowed
vi /etc/nsswitch.conf
Edit this file on order to provide our system with NetBIOS host name resolve capabilities. There should be a line like :
Add the wins option :
host: files wins dns mdns
Create the profile path
In this case will be something like
mkdir -p /home/samba/profiles
Restart the Samba server
Again, i am not explaining how to do this because it depends on the distribution.
Adding Users
First thing to do is adding the root user to the Samba database
smbpasswd -a root
Add the UNIX user account
useradd testuser
Add the Samba account
smbpasswd -a testuser
Adding a workstation to the domain Now, you should be able to join a machine into the domain using the root samba account. And then login from that machine using the testuser accou