Erik: Copy from old

2009-06-06T23:18:26Z

Copy from old

New page

[[Category:Tutorials]]
How to use Samba as a Primary Domain Controller
by dadexter

----

This tutorial will explain how to use Samba as a Primary
Domain Controller using OpenLDAP for authentication.

Why:

A client of mine is migrating to a Linux server farm, and a mix of Linux
and Windows workstations. In order to do that, I set it up at home using
SlackWare.

STEP 1

----

The first step in this exercise is to setup Samba to act as PDC. I did that
with the samba provided by a standard Slackware 10.1 install.

First, we need a config file. Here's a copy of mine:

; /etc/samba/smb.conf
; Machine: Cirion

[global]
workgroup = SIGTERM
netbios name = Cirion
server string = Domain Controller [Cirion]
hosts allow = 192.168.100. 127.

security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
password level = 20

local master = yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes

domain logons = yes
logon script = login.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\.9xprofile
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no
time server = yes
log file = /var/log/samba/log.%m
max log size = 50
smb passwd file = /etc/samba/private/smbpasswd

add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
passwd program = /usr/bin/passwd %u
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"

[netlogon]
path = /var/lib/samba/netlogon
public = no
writeable = no
browseable = no

[profiles]
path = /var/lib/samba/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @users @root
create mode = 0600
directory mode = 0770
nt acl support = Yes

[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750
path = /home/%U
valid users = %S
guest ok = no

[winstuff]
comment = Windows Stuff
path = /usr/local/site/windows
public = yes
writeable = no
browseable = yes
write list = @users

After the config file is created, restart Samba by issuing the following command
as root:

'''/etc/rc.d/rc.samba stop'''
'''/etc/rc.d/rc.samba start'''

Next, we need to add our users to Samba. Please note that is temporary for step 1.
We will replace that with LDAP authentication in step 3.

'''smbpasswd -a root'''
'''smbpasswd -a <USER>'''

The 1st command is required to be able to add your Windows machines to the Domain.
Run the 2nd one for every user you want to login to this PDC.

----
More to come... I'm not done with the setup.

--[[User:Dadexter|dadexter]] 23:51, 27 Aug 2005 (GMT)

Samba As PDC - Revision history

Erik: Copy from old