Samba As PDC

From SlackWiki
Jump to: navigation, search

How to use Samba as a Primary Domain Controller by dadexter



This tutorial will explain how to use Samba as a Primary Domain Controller using OpenLDAP for authentication.


Why:

A client of mine is migrating to a Linux server farm, and a mix of Linux and Windows workstations. In order to do that, I set it up at home using SlackWare.

STEP 1


The first step in this exercise is to setup Samba to act as PDC. I did that with the samba provided by a standard Slackware 10.1 install.

First, we need a config file. Here's a copy of mine:

   ; /etc/samba/smb.conf
   ; Machine: Cirion
   
   [global]
       workgroup = SIGTERM
       netbios name = Cirion
       server string = Domain Controller [Cirion]
       hosts allow = 192.168.100. 127.
   
       security = user
       encrypt passwords = yes
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       interfaces = lo eth0
       bind interfaces only = yes
       password level = 20
   
       local master = yes
       os level = 65
       domain master = yes
       preferred master = yes
       null passwords = no
       hide unreadable = yes
       hide dot files = yes
   
       domain logons = yes
       logon script = login.bat
       logon path = \\%L\profiles\%U
       logon drive = H:
       logon home = \\%L\%U\.9xprofile
       wins support = yes
       name resolve order = wins lmhosts hosts bcast
       dns proxy = no
       time server = yes
       log file = /var/log/samba/log.%m
       max log size = 50
       smb passwd file = /etc/samba/private/smbpasswd
   
       add user script = /usr/sbin/useradd -m %u
       delete user script = /usr/sbin/userdel -r %u
       add group script = /usr/sbin/groupadd %g
       delete group script = /usr/sbin/groupdel %g
       add user to group script = /usr/sbin/usermod -G %g %u
       add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
       passwd program = /usr/bin/passwd %u
       passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
   
   [netlogon]
       path = /var/lib/samba/netlogon
       public = no
       writeable = no
       browseable = no
   
   [profiles]
       path = /var/lib/samba/profiles
       browseable = no
       writeable = yes
       default case = lower
       preserve case = no
       short preserve case = no
       case sensitive = no
       hide files = /desktop.ini/ntuser.ini/NTUSER.*/
       write list = @users @root
       create mode = 0600
       directory mode = 0770
       nt acl support = Yes
   
   [homes]
       comment = Home Directories
       browseable = no
       read only = no
       create mode = 0750
       path = /home/%U
       valid users = %S
       guest ok = no
   
   [winstuff]
       comment = Windows Stuff
       path = /usr/local/site/windows
       public = yes
       writeable = no
       browseable = yes
       write list = @users
   

After the config file is created, restart Samba by issuing the following command as root:

   /etc/rc.d/rc.samba stop
   /etc/rc.d/rc.samba start


Next, we need to add our users to Samba. Please note that is temporary for step 1. We will replace that with LDAP authentication in step 3.

   smbpasswd -a root
   smbpasswd -a <USER>

The 1st command is required to be able to add your Windows machines to the Domain. Run the 2nd one for every user you want to login to this PDC.


More to come... I'm not done with the setup.


--dadexter 23:51, 27 Aug 2005 (GMT)