SAMBA (Domain Controller) Server For Small Workgroups With Ubuntu 5.10 "Breezy Badger"

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

SAMBA (Domain Controller) Server For Small Workgroups With Ubuntu 5.10 "Breezy Badger"

Version 1.1
Author: Till Brehm <t.brehm [at] projektfarm [dot] com>
Last edited 01/07/2006

This is a detailed description about the steps to set up a Ubuntu based server (Ubuntu 5.10 - Breezy Badger) to act as file- and print server for Windows (tm) workstations in small workgroups. This howto uses the tdb backend for SAMBA to store passwords and account information. This is suitable for workgroups for up to 250 users and is easier to setup than an LDAP backend. A second howto covering the installation of LDAP + SAMBA will be published on HowtoForge soon.

Installed Software:

  • Samba as Domaincontroller
  • Cups
  • Foomatic printer drivers

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

  • A Ubuntu install CD (available here: http://www.ubuntu.com/download/)
  • An internet connection since I will describe a network installation in this document.

1 The Base System

Insert your Ubuntu install CD into your system and boot from it (enter server at the boot prompt to install only a base system suitable for servers).

The installation starts, and first you have to choose your language:

Chose your location:

Choose a keyboard layout:

The hardware detection starts:

Enter the hostname. In this example, my system is called server1.example.com, so I enter server1:

Share this page:

41 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-01-25 21:30:47


I am using ispconfig and samba together on one debian server.
Maybe nice idea for the future?

Sort expansion pack...

From: Anonymous at: 2006-02-20 13:58:49


The information provided here are usefull, but really only starting at page 4 of this howto. The first 3 pages should be entitled "how to install ubuntu".

From: Anonymous at: 2006-02-24 12:02:18


This is the first howto I have come across, that is clear, easy to understand and that appears to work. I am very impressed. After weeks of trying to get SAMBA to work, following your instructions, I now have a working network.

There were a number of commands that did not appear to work, but they do not seem to have adversely affected the installation.

Many thanks

Ian

From: Anonymous at: 2006-03-31 14:25:41


thanks for the great tutorial! any idea on when the ldap/samba tutorial will follow?

From: Anonymous at: 2006-07-28 01:10:17

I was just wondering if you could do such a thing easily.  A good walk-through would be awesome, someone please write a howto on that.  (Or would just going through this howto and the "perfect setup" ISPConfig howto work?)

From: Anonymous at: 2006-08-10 07:20:49

Yes. Do the perfect setup first, then jump in (around page 4) of this one to install samba. However, I don't recommend putting the server on the net (i.e. accessible outside your network).

From: at: 2006-11-30 16:04:57
From: Anonymous at: 2006-03-11 09:24:19


Instead of using "sudo passwd root" to switch user, you can also use "sudo su -". just for information

From: Anonymous at: 2006-05-16 10:52:38


Or just type "su" and it will ask for a password, now you will be SuperUser for a little amount of time.

From: Anonymous at: 2006-03-16 06:31:21


If you are using a router, which I assume you are, you will want to set your router to statically serve your server(s) and workstations the same IP address each time, in the router admin pages. On my D-Link DI-624, it was found on the 'Home' tab under DHCP... Match the IP addresses with the ones you entered in the /etc/hosts file in the above instructions.

From: Anonymous at: 2006-03-16 06:39:59


Don't forget to set your logon path option in /etc/samba/smb.conf to match the hostname you set your machine to.

Change:

logon path = \\server1\profile\%U

To:

logon path = \\<your hostname>\profile\%U

Obviously don't include the brackets < > around your actual hostname.


From: Anonymous at: 2006-04-24 19:11:43


Remember also for roaming profiles to work you need to have subdirectory with the name of the user:

/home/profile/<your username>


Over the network:

\\<your hostname>\profile\<your username>

Any thoughts on creating this directory with the adduser script?

From: Anonymous at: 2006-05-05 07:08:57


I had trouble with Roaming profiles, to get it working ,and it does, you need to upload a profile to /home/samba/netlogon/Default\ User/ with widows profile upload, make sure you chowb -R root:users /home/samba/ and chomod -R 771 /home/samba/( with no user profiles or you will stop them working)). Then when users logon they get a default profile and folder in /home/samba/profile.

From: Anonymous at: 2006-05-05 07:08:03


I had trouble with Roaming profiles, to get it working ,and it does, you need to upload a profile to /home/samba/netlogon/Default\ User/ with widows profile upload, make sure you chowb -R root:users /home/samba/ and chomod -R 771 /home/samba/( with no user profiles or you will stop them working)). Then when users logon they get a default profile and folder in /home/samba/profile, which saves on logout.

From: xenlab at: 2006-08-25 05:14:14

ta

Change the apt-get install command if you want to be able to mount shares from the windows machines in your network from the linux box:


apt-get install samba samba-common samba-doc libcupsys2-gnutls10 libkrb53 winbind smbclient smbfs

(that command should be run all on one line) 

From: juro at: 2006-10-03 14:43:54

Use this syntax instead of hard-coding a name:

logon path = \\%N\profile\%U

From: at: 2007-01-30 10:13:57

    On samba 3.0.23 there is a change in the net groupmap functionality:


http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html


 There fore the new command is:


net groupmap add ntgroup="Domain Admins" unixgroup=root
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup

From: TaN at: 2009-09-28 13:12:09

On /etc/samba/smb.conf  it's "prefered master" not "preffered master" :)

From: Anonymous at: 2006-01-09 06:16:19


I'd like to also say this is a great article -- easy to read and very straight forward in its language. I too look forward to the ldap piece.

-NG

From: Anonymous at: 2006-01-09 08:56:26


I really like this. Is there a method to do this using a gui interface?

From: Anonymous at: 2006-01-08 13:17:19


This was a very great article! Thanks so much. I do hope that you decide to post another using LDAP though, as I have been wanting to get this working for some time but just can't find a good enough how-to - as all of the attempts I've made failed miserably.

I'm looking for something that allows both windows and linux clients to authenticate to a central authentication server.

I'm sure many would appreciate it.

Thanks again,

Mike.

From: Anonymous at: 2006-01-09 08:58:11


Really superb tutorial. I tried to find the relevant forum enttry but couldn't find it. How is it possilbe to do this via the GUI interface?

From: Anonymous at: 2006-01-18 11:07:25


Very usefull.. I used it for a small network and it worked perfectly..

From: Anonymous at: 2006-01-14 16:02:17

no

From: Anonymous at: 2006-01-19 22:23:53



I had absolutely no problems setting up my domain controller as described here. This includes the main features of:

* Roaming profiles
* Central user management (set 'em up on the server and they can log in at any workstation, that is joined into the domain.

This is how joining is done - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/82b8966c-a6d9-49f7-9bd5-2990a7cc38c3.mspx )

While I agree to use Ubuntu (and the under lying Debian OS. Since it is the last truely "free" distro)

I then tried the same method (using the same smb.conf) on an existing RedHat Fedora Core 4 Samba installation and after only minor tweaking (eg. re-entering user passwords into smbpasswd, because the above setup uses a different, more secure password db) I was able to get it working. Naturally one would also have to deal with any migration issues (mostly transfering files to the network) of existing users.

On a whole a very good experience getting something going, which I personally had attempted without success several times over the past years.

....And HowtoForge rocks ; - )...many great howtos. Thanks



From: Anonymous at: 2006-01-25 20:48:35


u can try webmin(webmin.com) . It has a module to configure samba.

From: Anonymous at: 2006-01-25 21:01:07


Samba comes with a web config tool SWAT.

there are also lots of guis for samba here -http://us5.samba.org/samba/GUI/

in case u also need a gui for other things apart from samba u might want to try webmin. (webmin.org)


From: Anonymous at: 2006-02-04 22:57:22


Sugestion:

Add the "foomatic-filters-ppds" package to the cups installation line, it will install the foomatic ppds.


From: Anonymous at: 2006-02-20 09:22:40


This was a great help from a invaluable website. I am looking forward to the HowTo for a PDC and BDC using OpenLDAP and hope the author will find the time to post it soon. All sysadmins that learned something about the subject here owe the author a great deal of gratitude.


From: Anonymous at: 2006-02-25 17:30:16


Hi,

Let me say that this how-to is the best thing in a long time. I am installing a PDC at my school and everything is working execpt that when from a client Winxp client i press CRTL-ALT-DEL and try to change that user's password i enter the old one the new one twice and the press ok. The machine just hangs there waiting and waiting... and nothing. Is this happening to someone else??

Thanks,

José

From: Anonymous at: 2006-03-06 20:15:09


It took me a while but I got the LDAP peice working last year. No clean, easy, and still current howto covers everything with LDAP/Samba SSO so you will be working on this for a long time if you really want it. I created and recreated it many times, learning more about LDAP each time. I ended up following the Samba example howto *exactly* in order to have a working setup, then changing it to suit my situation. Some of the problems I encountered were old Samba and Slapd packages in the apt repositories, the inability to use a SASL backend, no digest passwords, etc. No idea if these were fixed after 3.0.14.

The addition of the LDAP piece gives me a single-sign-on solution for both windows and *nix boxes, but because of the SASL/Digest issue you need to use SSL certificates, which can present a whole 'nuther issue. Watch out adding users to the root group (using netgroup map in this tutorial) it may present a security issue in your configuration if you are not careful since Samba can communicate using the old NTLM protocols.

The beauty is that once you have LDAP auth working you can use PAM to extend it to auth almost anything: Apache, SSH, mail services, etc.

-Box

From: Anonymous at: 2006-04-08 05:35:15


Thank you for an excellent walk-through for Ubuntu and Samba. I've been struggling with multiple linux distributions, trying to create a secure file server. Your tutorial saved me months of sleepless nights.


Thanks again,


Devan

From: Anonymous at: 2006-04-17 11:19:47


What are the benifits of roaming profiles?

Is this functionality standard, how to you get it working?

From: Anonymous at: 2006-04-24 22:01:05


thanx for the gr8 howto!

my only quibble is, if its "cut-and-paste," (in other words, as easy as it gets) shouldn't there be instructions on how to configure the 2nd machine?

it just seems like there are so many howtos that say configure this, do that, edit this file... but without reasons why to do those things. it was more difficult for me because i got up to the part about changing /etc/network/interfaces, and i didn't know how many of the values to change. a little trial and error and it worked.

gentoo has great docs, they have explicit instructions, but take a time out to explain why. thats why their docs have been easier to understand, in my experience, than things for debian.

From: Anonymous at: 2006-05-01 13:27:15


I had set up a Samba PDC several months ago... I wish this was around then... It took me a week of evenings to finally get it working... And it really hasn't worked extremely reliably (ie I would get access denied at least once a day) until recently when I changed my PDC box from CentOS to Gentoo... No problems since then...

From: Anonymous at: 2006-05-01 16:38:58


Hey great howto... Recomended it to alot of people so far! When is the LDAP part going to be done?! I REALLY NEED IT! :)

From: Anonymous at: 2006-05-08 16:45:20


Great tutorial. There is one minor mistake that gave me some trouble.

Where it says:

The cups webinterface is now accessible with any webbrowser from my workstation:

http://192.168.0.100:631/

It should be:

http://192.168.0.100:631/admin

You may also need to "Allow From [server's IP]" under <Location /admin> in cupsd.conf.

In addition, I had to allow the same addresses under <Location /> for it to work properly.

From: Anonymous at: 2006-05-10 14:02:17


Hi,

Try to change the "passwd chat" line in smb.conf to this:

passwd chat = *password* %n\n *password* %n\n *success*

/punch

From: Anonymous at: 2006-06-17 15:31:53


I don't know if I was the only person that had these issues..

When trying to join the PC to the domain, I had to add it with the root login, then reboot, and login with the username I setup.


Apart from that though, a very nice tutorial and well done! Saved my ass :)

From: Anonymous at: 2006-07-22 13:06:43

The tutorial is excellent.



A suggestion -- You might want to consider adding a note in the last section where smb users are added, a newbie, like me, might forget to add the user to the GROUP 'users' which ubuntu doesn't do automatically when you create new users. If you don't do this, you end up not being able to access the shared 'allusers' directory which at first is confusing.

From: jmm at: 2009-06-27 03:18:11

Hi after following the tutorial this is what I get " a domain controller for the domain adnt could not be contacted " What should I do?


 


 


Thanks