Samba Domaincontroller For Small Workgroups With SWAT On Fedora 8
Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
This document describes how to set up and configure a Samba Domaincontroller for small workgroups (up to 250 users) on Fedora 8 with the Samba Web Administration Tool. The resulting system provides an easy to manage domaincontroller for your Windows network.
This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.
1 Preliminary Note
I used a minimal Fedora 8 installation without GUI etc for this howto. Additionally I had to deinstall Firefox after the minimal installation.
Hostname: server1.example.com
IP: 192.168.0.102
Gateway: 192.168.0.2
Pri.DNS: 192.168.0.2
2 Preparation
2.1 Yum
First we install some packages to speed up yum and prevent problems with packages.
yum install yum-fastestmirror yum-skip-broken
2.2 SELinux
SELinux should be disabled. If you're not sure if it is disabled enter:
cat /etc/selinux/config | grep ^SELINUX=
Disable SELinux if it is enabled:
vi /etc/selinux/config
Change:
SELINUX=enforcing
To:
SELINUX=disabled
Afterwards reboot the system.
reboot
2.3 Update
Time to update your system.
yum -y update
3 Samba & CUPS
Now we install Samba, the Samba Web Administration Tool (SWAT), and printer drivers for CUPS.
yum install samba samba-client samba-swat gutenprint-cups gutenprint-foomatic foomatic printer-filters compat-expat1 libpaper
If you want to use HP printers install a few more packages.
yum install hplip cups-devel ghostscript qt4 pyqt4 python-devel python-reportlab libjpeg-devel net-snmp net-snmp-devel
Note: net-snmp and net-snmp-devel are only needed for network-printers. If you want to use a network-printer, you have to open a few ports in the firewall: jetdirect:tcp (9100), snmp:tcp and snmp:udp (161). How to adjust the firewall settings is explained in step 4.1.
4 Basic Configuration
4.1 Firewall
We have to open a few ports so that the clients can connect to Samba.
system-config-firewall-tui
Set Samba as a trusted service.
4.2 Xinetd
If you set up a server without gui you have to add an additional IP (your workstation) to the swat configuration to use the swat webinterface.
vi /etc/xinetd.d/swat
Change:
only_from = 127.0.0.1
To:
only_from = 127.0.0.1 %workstation_ip%