Find the answer to your Linux question:
Results 1 to 6 of 6
hello ppl! I have a small problem regarding the samba sever.... Right now in my network i am using windows 2000/xp clients and redhat linux 7.2 server. I have set ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2004
    Location
    London
    Posts
    8

    Samba server as PDC


    hello ppl!

    I have a small problem regarding the samba sever....

    Right now in my network i am using windows 2000/xp clients and redhat linux 7.2 server.
    I have set up a samba server (2.2.1a-4) and its working just fine.
    Now I want to make this samba server as primary domain controller so that all the users using windows machines will get authneticated at this server to log on to the system and will also go directly to their home directory that exist at the samba server.
    I have gone thru the documentation of creating samba as a domain controller but I am not able to join my windows boxes to the domain. It gives a dns error saying that the domain doesnt exist when i try to join the domain using the properties dialog box from the my computer icon.

    so at this stage i have four questions:

    how we make samba as a domain controller?
    how we make domain on linux ?
    how we join win2000 machine as a member of linux domain?
    how we authenticate user from linux server?

    Let me thank you all in advance for taking your precious time to go thru this....

    Cheers,
    Smh

  2. #2
    Linux User
    Join Date
    Oct 2004
    Location
    /dev/random
    Posts
    404
    http://us4.samba.org/samba/docs/man/...html#id2512461

    This is for the impatient.
    Otherwise, read the complete howto.
    The Unforgiven
    Registered Linux User #358564

  3. #3
    Just Joined!
    Join Date
    Oct 2004
    Location
    London
    Posts
    8

    Samba Problem (please help)

    HI ALL !!!

    Thanks for the reply.....
    I still cant join my windows machine to the domain, i have created a machine account as well but silll it gives me a wierd DNS error when i try to join the windows machine to the domain.

    so the question now is what am i supposed to the enter in the windows box when i want to join the machine to the domain.

    do i enter the FQDN of the samba server or just the netbios or the workgroup name that i have entered in the smb.conf file?

    i still dont understand this issue, please help???



    i have pasted the smb.conf file as well....
    ===============================================
    [global]

    # workgroup = NT-Domain-Name or Workgroup-Name

    netbios name = R3-PC5
    workgroup = www.domain1.bite.ac.uk

    # server string is the equivalent of the NT Description field

    server string = Samba Server


    hosts allow = 192.168.0. 192.168.1. 127.

    # if you want to automatically load your printer list rather
    # than setting them up individually then you'll need this
    printcap name = /etc/printcap
    load printers = yes

    # It should not be necessary to spell out the print system type unless
    # yours is non-standard. Currently supported print systems include:
    # bsd, sysv, plp, lprng, aix, hpux, qnx
    printing = lprng

    # Uncomment this if you want a guest account, you must add this to /etc/passwd
    # otherwise the user "nobody" is used

    # guest account = pcguest

    # this tells Samba to use a separate log file for each machine
    # that connects

    log file = /var/log/samba/%m.log


    # Put a capping on the size of the log files (in Kb).

    max log size = 0

    # Security mode. Most people will want user level security. See
    # security_level.txt for details.

    security = user

    # Use password server option only with security = server
    # The argument list may include:
    # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
    # or to auto-locate the domain controller/s
    # password server = *
    # password server = <NT-Server-Name>

    # Password Level allows matching of _n_ characters of the password for
    # all combinations of upper and lower case.
    # password level = 8
    # username level = 8

    # You may wish to use password encryption. Please read
    # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    # Do not enable this option unless you have read those documents

    encrypt passwords = yes

    smb passwd file = /etc/samba/smbpasswd

    # The following is needed to keep smbclient from spouting spurious errors
    # when Samba is built with support for SSL.
    # ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

    # The following are needed to allow password changing from Windows to
    # update the Linux sytsem password also.
    # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
    # NOTE2: You do NOT need these to allow workstations to change only
    # the encrypted SMB passwords. They allow the Unix password
    # to be kept in sync with the SMB password.

    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*

    Unix users can map to different SMB User names

    username map = /etc/samba/smbusers

    # Using the following line enables you to customise your configuration
    # on a per machine basis. The %m gets replaced with the netbios name
    # of the machine that is connecting
    # include = /etc/samba/smb.conf.%m

    # This parameter will control whether or not Samba should obey PAM's
    # account and session management directives. The default behavior is
    # to use PAM for clear text authentication only and to ignore any
    # account or session management. Note that Samba always ignores PAM
    # for authentication in the case of encrypt passwords = yes

    # obey pam restrictions = yes

    # Most people will find that this option gives better performance.
    # See speed.txt and the manual pages for details
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    # Configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you must list them
    # here. See the man page for details.

    interfaces = 192.168.0.161/24

    # Configure remote browse list synchronisation here
    # request announcement to, or browse list sync from:
    # a specific host or from / to a whole subnet (see below)
    ; remote browse sync = 192.168.3.25 192.168.5.255
    # Cause this host to announce itself to local subnets here
    ; remote announce = 192.168.1.255 192.168.2.44

    # Browser Control Options:
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply

    local master = yes

    # OS Level determines the precedence of this server in master browser
    # elections. The default value should be reasonable

    os level = 65

    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job

    domain master = yes

    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election

    preferred master = yes

    # Enable this if you want Samba to be a domain logon server for
    # Windows95 workstations.

    domain logons = yes

    # if you enable domain logons then you may want a per-machine or
    # per user logon script
    # run a specific logon batch file per workstation (machine)
    ; logon script = %m.bat
    # run a specific logon batch file per username
    ; logon script = %U.bat


    # Where to store roving profiles (only for Win95 and WinNT)
    # %L substitutes for this servers netbios name, %U is username
    # You must uncomment the [Profiles] share below
    logon path = \\%L\Profiles\%U

    # Where is a users home directory and where it should be mounted at?
    logon drive = H:
    logon home = \homeserver%u
    # Windows Internet Name Serving Support Section:
    # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
    ; wins support = yes

    # WINS Server - Tells the NMBD components of Samba to be a WINS Client
    # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    ; wins server = w.x.y.z

    # WINS Proxy - Tells Samba to answer name resolution queries on
    # behalf of a non WINS capable client, for this to work there must be
    # at least one WINS Server on the network. The default is NO.
    ; wins proxy = yes

    # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
    # this has been changed in version 1.9.18 to no.
    #dns proxy = no

    # Case Preservation can be handy - system default is _no_
    # NOTE: These can be set on a per share basis
    ; preserve case = no
    ; short preserve case = no
    # Default case is normally upper case for all DOS files
    ; default case = lower
    # Be very careful with case sensitivity - it can break things!
    ; case sensitive = no

    #============================ Share Definitions ==============================
    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = %S
    create mode = 0664
    directory mode = 0775
    # If you want users samba doesn't recognize to be mapped to a guest user
    ; map to guest = bad user


    # Un-comment the following and create the netlogon directory for Domain Logons



    # Un-comment the following to provide a specific roving profile share
    # the default is to use the user's home directory
    ;[Profiles]
    ; path = /usr/local/samba/profiles
    ; browseable = no
    ; guest ok = yes



    # This one is useful for people to share files
    [tmp]
    comment = Temporary file space
    path = /tmp
    read only = no
    writable= yes
    public = yes

    # A publicly accessible directory, but read only, except for people in
    # the "staff" group
    [public]
    comment = Public Stuff
    path = /home/samba
    public = yes
    writable = yes
    printable = no


    [Web]
    comment = Test web repository
    #valid users = adrian
    path = /var/www/html/test
    public = yes
    writable = yes



    #share for netlogon

    [netlogon]

    comment= The domain logon service
    path= /usr/local/samba/netlogon
    public=no
    writeable=no

  4. #4
    Just Joined!
    Join Date
    Oct 2004
    Location
    London
    Posts
    8

    Samba Problem (please help)

    HI ALL !!!

    Thanks for the reply.....
    I still cant join my windows machine to the domain, i have created a machine account as well but silll it gives me a wierd DNS error when i try to join the windows machine to the domain.

    so the question now is what am i supposed to the enter in the windows box when i want to join the machine to the domain.

    do i enter the FQDN of the samba server or just the netbios or the workgroup name that i have entered in the smb.conf file?

    i still dont understand this issue, please help???



    i have pasted the smb.conf file as well....
    ===============================================
    [global]

    # workgroup = NT-Domain-Name or Workgroup-Name

    netbios name = R3-PC5
    workgroup = www.domain1.bite.ac.uk

    # server string is the equivalent of the NT Description field

    server string = Samba Server


    hosts allow = 192.168.0. 192.168.1. 127.

    # if you want to automatically load your printer list rather
    # than setting them up individually then you'll need this
    printcap name = /etc/printcap
    load printers = yes

    # It should not be necessary to spell out the print system type unless
    # yours is non-standard. Currently supported print systems include:
    # bsd, sysv, plp, lprng, aix, hpux, qnx
    printing = lprng

    # Uncomment this if you want a guest account, you must add this to /etc/passwd
    # otherwise the user "nobody" is used

    # guest account = pcguest

    # this tells Samba to use a separate log file for each machine
    # that connects

    log file = /var/log/samba/%m.log


    # Put a capping on the size of the log files (in Kb).

    max log size = 0

    # Security mode. Most people will want user level security. See
    # security_level.txt for details.

    security = user

    # Use password server option only with security = server
    # The argument list may include:
    # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
    # or to auto-locate the domain controller/s
    # password server = *
    # password server = <NT-Server-Name>

    # Password Level allows matching of _n_ characters of the password for
    # all combinations of upper and lower case.
    # password level = 8
    # username level = 8

    # You may wish to use password encryption. Please read
    # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    # Do not enable this option unless you have read those documents

    encrypt passwords = yes

    smb passwd file = /etc/samba/smbpasswd

    # The following is needed to keep smbclient from spouting spurious errors
    # when Samba is built with support for SSL.
    # ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

    # The following are needed to allow password changing from Windows to
    # update the Linux sytsem password also.
    # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
    # NOTE2: You do NOT need these to allow workstations to change only
    # the encrypted SMB passwords. They allow the Unix password
    # to be kept in sync with the SMB password.

    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*

    Unix users can map to different SMB User names

    username map = /etc/samba/smbusers

    # Using the following line enables you to customise your configuration
    # on a per machine basis. The %m gets replaced with the netbios name
    # of the machine that is connecting
    # include = /etc/samba/smb.conf.%m

    # This parameter will control whether or not Samba should obey PAM's
    # account and session management directives. The default behavior is
    # to use PAM for clear text authentication only and to ignore any
    # account or session management. Note that Samba always ignores PAM
    # for authentication in the case of encrypt passwords = yes

    # obey pam restrictions = yes

    # Most people will find that this option gives better performance.
    # See speed.txt and the manual pages for details
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    # Configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you must list them
    # here. See the man page for details.

    interfaces = 192.168.0.161/24

    # Configure remote browse list synchronisation here
    # request announcement to, or browse list sync from:
    # a specific host or from / to a whole subnet (see below)
    ; remote browse sync = 192.168.3.25 192.168.5.255
    # Cause this host to announce itself to local subnets here
    ; remote announce = 192.168.1.255 192.168.2.44

    # Browser Control Options:
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply

    local master = yes

    # OS Level determines the precedence of this server in master browser
    # elections. The default value should be reasonable

    os level = 65

    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job

    domain master = yes

    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election

    preferred master = yes

    # Enable this if you want Samba to be a domain logon server for
    # Windows95 workstations.

    domain logons = yes

    # if you enable domain logons then you may want a per-machine or
    # per user logon script
    # run a specific logon batch file per workstation (machine)
    ; logon script = %m.bat
    # run a specific logon batch file per username
    ; logon script = %U.bat


    # Where to store roving profiles (only for Win95 and WinNT)
    # %L substitutes for this servers netbios name, %U is username
    # You must uncomment the [Profiles] share below
    logon path = \\%L\Profiles\%U

    # Where is a users home directory and where it should be mounted at?
    logon drive = H:
    logon home = \homeserver%u
    # Windows Internet Name Serving Support Section:
    # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
    ; wins support = yes

    # WINS Server - Tells the NMBD components of Samba to be a WINS Client
    # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    ; wins server = w.x.y.z

    # WINS Proxy - Tells Samba to answer name resolution queries on
    # behalf of a non WINS capable client, for this to work there must be
    # at least one WINS Server on the network. The default is NO.
    ; wins proxy = yes

    # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
    # this has been changed in version 1.9.18 to no.
    #dns proxy = no

    # Case Preservation can be handy - system default is _no_
    # NOTE: These can be set on a per share basis
    ; preserve case = no
    ; short preserve case = no
    # Default case is normally upper case for all DOS files
    ; default case = lower
    # Be very careful with case sensitivity - it can break things!
    ; case sensitive = no

    #============================ Share Definitions ==============================
    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = %S
    create mode = 0664
    directory mode = 0775
    # If you want users samba doesn't recognize to be mapped to a guest user
    ; map to guest = bad user


    # Un-comment the following and create the netlogon directory for Domain Logons



    # Un-comment the following to provide a specific roving profile share
    # the default is to use the user's home directory
    ;[Profiles]
    ; path = /usr/local/samba/profiles
    ; browseable = no
    ; guest ok = yes



    # This one is useful for people to share files
    [tmp]
    comment = Temporary file space
    path = /tmp
    read only = no
    writable= yes
    public = yes

    # A publicly accessible directory, but read only, except for people in
    # the "staff" group
    [public]
    comment = Public Stuff
    path = /home/samba
    public = yes
    writable = yes
    printable = no


    [Web]
    comment = Test web repository
    #valid users = adrian
    path = /var/www/html/test
    public = yes
    writable = yes



    #share for netlogon

    [netlogon]

    comment= The domain logon service
    path= /usr/local/samba/netlogon
    public=no
    writeable=no

  5. #5
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058
    First of all change your workgroup name to the same as windows
    right click "my computer" click identification and find the work group name
    then in
    smb.con
    change
    workgroup = <name>
    example
    workgroup = workgroup
    Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
    -- Linus Torvalds

  6. #6
    Just Joined!
    Join Date
    Mar 2007
    Posts
    2

    Smile Samba as PDC - Tested and working on Ubuntu 7.10

    Hi,

    I use Ubuntu 7.10 server. I have my Linux box running as a PDC successfully. Here is everything I had to do and it works. I don't know what version of Linux you are using, but I doubt that it would differ.

    So here it is:

    Howto configure Samba as a PDC
    1. Create the following groups.
    groupadd g 201 machines (All machines that joins the domain will be sitting in this group)
    groupadd g 202 smbusers (All Samba users will be sitting in this group)
    2. Now we add machines as a user and as a Samba user.
    /usr/sbin/useradd g machines d /dev/null c machine_id s /bin/false machine_name$
    passwd l machine_name$
    smbpasswd a m machine_name
    PLEASE NOTE THAT YOU MUST TYPE THE COMMANDS EXACTLY LIKE IT APEARS HERE!
    3. Now we change the ownership of the netlogon directory. Also note that you need to create this directory. This directory will hold your login script.
    chown root.admin(s) /etc/samba/netlogon
    4. Edit Samba Configuration File (smb.conf)

    # ========================Global Settings==============================
    # This is the server part of the configuration
    [global]
    # Your domain name
    workgroup = domain.com

    # The server description (as Windows call it)
    server string = Logon Server

    # The server name
    netbios name = Domain-Server

    # Turn it to yes if your server will also be a WINS server (a server that converts Netbios name to IP)
    wins support = yes

    #If your server should also act as a DNS proxy server, not useful
    dns proxy = no

    # I like to have everything in the same logfile (not the default behavior)
    log file = /var/log/samba.log

    #The level of details you want in your logs (increase it if you need more informations)
    log level = 1
    # The maximum size of the log file (in lines ?)
    max log size = 1000

    # If you want to also write in the syslog file
    syslog = 0

    # User or group that will have all rights on the server (They will also create also files as root on the shares)
    admin users = root

    # In a domain environment it's better to have a user based security
    security = user

    # The guest account
    guest account = nobody

    # If you want the passwords to be encrypted (needed with unix password synchronization)
    encrypt passwords = true

    # The password backend (as I don't use LDAP, it will be the default samba one)
    passdb backend = tdbsam
    obey pam restrictions = yes

    # If you have to reject some users, if you want the printer share to work, do not deny root
    invalid users =

    # Synchronize passwords between Samba and Unix
    unix password sync = yes

    # The command used to change the passwords
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
    map to guest = Bad Password
    # Increase it if you have some password problem with some old Windows (95, 98, NT)
    password level = 0

    #That's the command used to create/delete users, or add/remove them from groups, you can custom them to use your own Unix groups.
    add user script = /usr/sbin/useradd -m '%u' -g smbusers -G smbusers
    delete user script = /usr/sbin/userdel -r '%u'
    add group script = /usr/sbin/groupadd '%g'
    delete group script = /usr/sbin/groupdel '%g'
    add user to group script = /usr/sbin/usermod -G '%g' '%u'
    add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines

    # You can have a server stored Windows profile (c:\Document and Settings\xxxx), but be careful, that can take a lot of place on the server and you need a really fast network. If you don't want it, you have to force these two values to empty (= )
    logon path =
    logon home =

    # Your server will be able to check logins and make domain logons
    domain logons = Yes
    os level = 64

    # Your server will be the preferred domain master
    preferred master = Yes

    # Your server is a domain master
    domain master = Yes

    # The script launched when someone log on a computer connected to your domain, that's an BATCH (DOS) file or a Visual Basic script one.
    logon script = logon.bat

    # Your printing server list of printers
    printcap name = cups

    # Your printing server
    printing = cups

    # Your samba server will act as a printing server
    load printers = yes

    # Your printing server


    # Increase speed (?)
    socket options = TCP_NODELAY

    # Your server will be a time server (net time \\yourserver /SET /Y)
    time server = yes


    # ====================Network Share=============================
    # The share that contains the printer drivers
    [print$]
    comment = drivers
    path = /var/lib/samba/printers/
    browseable = yes
    guest ok = no
    read only = yes
    # A unix group that will have the admin rights on the printers (you can also specify a user) (@ means that's a group)
    write list = @admin

    # The share used by Windows to access your printers
    [printers]
    comment = Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    public = no
    writable = no
    guest ok = no
    printer admin = @admin

    # The share that contains the logon scripts
    [netlogon]
    path = /ect/samba/netlogon
    public = no
    writeable = no
    browsable = no
    # The users allowed to read them (all users allowed to logon the domain)
    valid users = @smbusers

    # Private Share
    # Users Home Directories
    [homes]
    comment = Home Directories
    valid users = %S
    browseable = yes
    read only = no
    writable = yes
    create mask = 0600
    directory mode = 0755


    # This is a public share for the users to use
    [public]
    comment = Public Share For All Users
    path = /public
    browseable = yes
    writeable = yes
    printable = no
    create mask = 0777
    directory mode = 0777


    5. Change permissions on share
    chmod Rv 0777 /public
    6. Creating Samba users They will NOT have access to the shell on your server.
    We dont want the normal Samba user to be able to logon to the Ubuntu server, so we need to create the user so the user will not be able to do so.

    /usr/sbin/useradd m s /bin/false -n user_name g group_name (Adds the Ubuntu users we have to create this user for us to be able to create the Samba user.)
    The m switch creates the users home directory on the server. The s /bin/false tells the system that this user will not be allowed to logon to the Ubuntu server. The n switch tells the system that its a new user that we create and the g we assign the user to a group eg. g smbusers, would be a good idea.
    smbpasswd L a user_name (Adds the Samba User)
    smbpasswd L e user_name (Enables the Samba User)

    You also HAVE to add root as a Samba user:
    smbpasswd -a root (This will add root as a Samba user)

    7. Creating my login script
    My login script is saved as logon.bat and is looking like this:
    @echo off
    REM Mounting network drives

    REM This is the users home directories.
    net use F: /DELETE
    net use F: %LOGONSERVER%\%USERNAME%
    REM This is the other shares on the server
    net use P: /DELETE
    net use P: %LOGONSERVER%\public

    REM Syncronizing clocks
    net time %LOGONSERVER% /SET /Y

    REM Disactivating firewall. NOTE that the user must have admin rights on the local machine to be able to do this.
    netsh firewall set opmode disable

    REM Kill some annoying softwares. NOTE that the use must have admin rights on the local machine to be able to do this.
    taskkill /IM qttask.exe

    To view my current Samba connections you type: smbstatus
    This is it. This has been tested on Ubuntu Server 7.10.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •