Samba Domaincontroller For Small Workgroups With SWAT On Fedora 8 - Page 3
5 Samba As Domaincontroller
Connect to the SWAT webinterface with your preferred browser.
http://%vm_ip%:901
E.g.:
http://192.168.0.100:901
5.1 The Wizard
Click on "Wizard" in the SWAT menu and edit the settings:
Server Type = Domain Controller
Configure WINS As = Server for client use
Afterwards click on "Commit" in the upper menu.
Note: This will rewrite/clean the SAMBA configuration!
5.2 Global Configuration
Click on "Global" in the SWAT menu and edit the settings (advanced view):
workgroup = EXAMPLE.COM
netbios name = SAMBA SERVER
username map = /etc/samba/smbusers
preferred master = yes
printcap name = CUPS
logon drive = H:
logon script = scripts/logon.bat
logon path = \\server1\profiles\%U (If there is no DNS available in your network you have to replace server1 with the IP that belongs to the Samba server)
logon home = \\server1\%U (If there is no DNS available in your network you have to replace server1 with the IP that belongs to the Samba server)
add user script = /usr/sbin/useradd -m '%u' -g users -G users
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usernod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
idmap uid = 15000-20000
idmap gid = 15000-20000
template shell = /bin/bash
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd chat debug = yes
unix password sync = yes
log level = 3
os level = 200
profile acls = yes
Now click on "Commit Changes" in the upper menu and after that create the directories for domain logons and profiles.
mkdir -p /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod 777 /home/samba/
chmod 755 /home/samba/netlogon/
chmod 770 /home/samba/profiles/
Edit the nsswitch.conf:
vi /etc/nsswitch.conf
Change:
hosts: files dns
To:
hosts: files wins dns
Now we add root to the SAMBA password database - he (alias: administrator) will be our domain administrator.
smbpasswd -a root
5.3 Default Shares
Now we create the default shares for netlogon etc. Click on "Shares" in the SWAT menu and switch to the advanced view.
5.3.1 Homes
First we edit the share "homes". Select it, click on "Choose Share" and edit the settings:
valid users = %S
Afterwards click on "Commit Changes"
5.3.2 Print$
Insert "print$" (without quotes) as the name for the new share and click on "Create Share". Now edit the settings:
comment = Printer Drivers
path = /var/lib/samba/printing
write list = root, @smbadmin
available = yes
Afterwards click on "Commit Changes"
5.3.3 Netlogon
Insert "netlogon" (without quotes) as the name for the new share and click on "Create Share". Now edit the settings:
comment = Network Logon Service
path = /home/samba/netlogon
admin users = administrator
valid users = %U
read only = yes
guest ok = yes
share modes = no
browseable = no
available = yes
5.3.4 Profiles
Insert "profiles" (without quotes) as the name for the new share and click on "Create Share". Now edit the settings:
comment = User profiles
path = /home/samba/profiles
valid users = %U
create mask = 0600
security mask = 0600
directory mask = 0770
directory security mask = 0770
read only = no
browseable = no
available = yes
5.4 Testing
Now lets test if all is OK:
smbclient -L localhost -U%
The output should look like this:
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 3.0.27a-0.fc8)
netlogon Disk Network Logon Service
Officejet_Pro_L7600 Printer Officejet_Pro_L7600
print$ Disk Printer Drivers
Domain=[EXAMPLE.COM] OS=[Unix] Server=[Samba 3.0.27a-0.fc8]
Server Comment
--------- -------
SAMBA SERVER Samba Server Version 3.0.27a-0.fc8
Workgroup Master
--------- -------
EXAMPLE.COM SAMBA SERVER
5.5 Domain Groups
In this step we create the default domain groups for Windows.
net groupmap add ntgroup="Domain Admins" unixgroup="root" type=domain -U root
net groupmap add ntgroup="Domain Users" unixgroup="users" type=domain -U root
net groupmap add ntgroup="Domain Guests" unixgroup="nobody" type=domain -U root
After that click on "STATUS" in the SWAT menu and restart all services.
5.6 Domain Users
Now we add users to our SAMBA domain - this is required for each useraccount that shall connect to the SAMBA domain controller.
net rpc user add %username% -U root
net rpc user password %username% "%userpassword%" -U root
smbpasswd -e %username%
E.g.:
net rpc user add james -U root
net rpc user password james "secret" -U root
smbpasswd -e james
Additionally you can add a quota to the user via:
setquota -u %username% %block-softlimit% %block-hardlimit% %inode-softlimit% %inode-hardlimit% -a
E.g.:
The following command will add a quota to the user james:
setquota -u james 40960 51200 0 0 -a
Now james has a block softlimit of 40MB, a block hardlimit of 50MB and no restrictions for inodes (folders and files).
You can check the current quota settings and quota usage via:
quota %username%
E.g.:
quota james
The output should look like this:
Filesystem blocks quota limit grace files quota limit grace
/dev/mapper/VolGroup00-LogVol00
1108 40960 51200 104 0 0
6 Additional Samba Shares
This is an example for a share that is accessible by all users.
6.1 Directory
First we have to create the directory that we want to share. Afterwards we change the owner, group and permissions.
mkdir -p /home/shares/allusers/
chown -R root:users /home/shares/allusers/
chmod -R 775 /home/shares/allusers/
6.2 Share Configuration
Click on "SHARES" in the swat menu. Afterwards insert a desired name for the new share into the corresponding field and click on "Create Share".
Now change the view to Advanced in the upper menu and edit the settings for the share.
comment = Share for all users (or something other)
path = /home/shares/allusers/ (The path to the directory that you created at step 6.1)
valid users = @users
force group = users
read only = No (if the users should be able to write to this share)
create mask = 0660
security mask = 0660
directory mask = 0771
directory security mask = 0771
available = Yes
After that click on "Commit Changes" in the upper menu.
7 Links
- Fedora: http://fedoraproject.org/
- Samba: http://de.samba.org/
- CUPS: http://www.cups.org/