SAMBA (Domain Controller) Server For Small Workgroups With Ubuntu 5.10 "Breezy Badger" - Page 3

2 Installing And Configuring The Rest Of The System

Enable root user

Now I can login with the username and password i entered above. First I enable the root user for ease of installation. You can disable it later if you want.

sudo passwd root
su

Now we are logged in as root user.

Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100):

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Edit /etc/hosts and add your new IP address(es):

127.0.0.1       localhost.localdomain   localhost       server1
192.168.0.100 server1.example.com server1


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


Setting The Hostname

echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname


Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. It should look like this:

# deb cdrom:[Ubuntu 5.10 _Breezy Badger_ - Release i386 (20051012)]/ breezy main restricted


deb http://de.archive.ubuntu.com/ubuntu breezy main restricted
deb-src http://de.archive.ubuntu.com/ubuntu breezy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu breezy-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu breezy-updates main restricted

## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://de.archive.ubuntu.com/ubuntu breezy universe
deb-src http://de.archive.ubuntu.com/ubuntu breezy universe

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu breezy-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu breezy-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu breezy-security main restricted
deb-src http://security.ubuntu.com/ubuntu breezy-security main restricted

deb http://security.ubuntu.com/ubuntu breezy-security universe
deb-src http://security.ubuntu.com/ubuntu breezy-security universe

Then run

apt-get update
apt-get upgrade


Install SSH Daemon

apt-get install ssh openssh-server


The Next Steps...

Now you can login to your Server with an SSH Client like putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/). Its easier to follow this howto if you connect to your server with putty and copy and paste the commands. If you want to edit config files on the server, you can use commandline editors like vi, pico or joe or use a program like WinSCP (http://winscp.net/eng/index.php) to edit the files over your SSH connection in a Windows client.


Quota

apt-get install quota

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to the partitions with the mount point / and /home):

# /etc/fstab: static file system information.
#
# proc /proc proc defaults 0 0 /dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1 /dev/sda1 /boot ext3 defaults 0 2 /dev/sda4 /home ext3 defaults,usrquota,grpquota 0 2 /dev/sda2 none swap sw 0 0 /dev/hdc /media/cdrom0 udf,iso9660 ro,user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0

Then run:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
touch /home/quota.user /home/quota.group
chmod 600 /home/quota.*
mount -o remount /home
quotacheck -avugm
quotaon -avug

Share this page:

41 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-01-25 21:30:47

I am using ispconfig and samba together on one debian server.
Maybe nice idea for the future?

Sort expansion pack...

From: Anonymous at: 2006-07-28 01:10:17

I was just wondering if you could do such a thing easily.  A good walk-through would be awesome, someone please write a howto on that.  (Or would just going through this howto and the "perfect setup" ISPConfig howto work?)

From: Anonymous at: 2006-08-10 07:20:49

Yes. Do the perfect setup first, then jump in (around page 4) of this one to install samba. However, I don't recommend putting the server on the net (i.e. accessible outside your network).

From: Anonymous at: 2006-02-20 13:58:49

The information provided here are usefull, but really only starting at page 4 of this howto. The first 3 pages should be entitled "how to install ubuntu".

From: Anonymous at: 2006-02-24 12:02:18

This is the first howto I have come across, that is clear, easy to understand and that appears to work. I am very impressed. After weeks of trying to get SAMBA to work, following your instructions, I now have a working network.

There were a number of commands that did not appear to work, but they do not seem to have adversely affected the installation.

Many thanks

Ian

From: Anonymous at: 2006-03-31 14:25:41

thanks for the great tutorial! any idea on when the ldap/samba tutorial will follow?

From: at: 2006-11-30 16:04:57
From: Anonymous at: 2006-03-11 09:24:19

Instead of using "sudo passwd root" to switch user, you can also use "sudo su -". just for information

From: Anonymous at: 2006-05-16 10:52:38

Or just type "su" and it will ask for a password, now you will be SuperUser for a little amount of time.

From: Anonymous at: 2006-03-16 06:31:21

If you are using a router, which I assume you are, you will want to set your router to statically serve your server(s) and workstations the same IP address each time, in the router admin pages. On my D-Link DI-624, it was found on the 'Home' tab under DHCP... Match the IP addresses with the ones you entered in the /etc/hosts file in the above instructions.

From: Anonymous at: 2006-03-16 06:39:59

Don't forget to set your logon path option in /etc/samba/smb.conf to match the hostname you set your machine to.

Change:

logon path = \\server1\profile\%U

To:

logon path = \\<your hostname>\profile\%U

Obviously don't include the brackets < > around your actual hostname.


From: Anonymous at: 2006-04-24 19:11:43

Remember also for roaming profiles to work you need to have subdirectory with the name of the user:

/home/profile/<your username>


Over the network:

\\<your hostname>\profile\<your username>

Any thoughts on creating this directory with the adduser script?

From: Anonymous at: 2006-05-05 07:08:57

I had trouble with Roaming profiles, to get it working ,and it does, you need to upload a profile to /home/samba/netlogon/Default\ User/ with widows profile upload, make sure you chowb -R root:users /home/samba/ and chomod -R 771 /home/samba/( with no user profiles or you will stop them working)). Then when users logon they get a default profile and folder in /home/samba/profile.

From: Anonymous at: 2006-05-05 07:08:03

I had trouble with Roaming profiles, to get it working ,and it does, you need to upload a profile to /home/samba/netlogon/Default\ User/ with widows profile upload, make sure you chowb -R root:users /home/samba/ and chomod -R 771 /home/samba/( with no user profiles or you will stop them working)). Then when users logon they get a default profile and folder in /home/samba/profile, which saves on logout.

From: juro at: 2006-10-03 14:43:54

Use this syntax instead of hard-coding a name:

logon path = \\%N\profile\%U

From: xenlab at: 2006-08-25 05:14:14

ta

Change the apt-get install command if you want to be able to mount shares from the windows machines in your network from the linux box:

apt-get install samba samba-common samba-doc libcupsys2-gnutls10 libkrb53 winbind smbclient smbfs

(that command should be run all on one line) 

From: at: 2007-01-30 10:13:57

    On samba 3.0.23 there is a change in the net groupmap functionality:

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html

 There fore the new command is:

net groupmap add ntgroup="Domain Admins" unixgroup=root
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup

From: TaN at: 2009-09-28 13:12:09

On /etc/samba/smb.conf  it's "prefered master" not "preffered master" :)

From: Anonymous at: 2006-01-09 06:16:19

I'd like to also say this is a great article -- easy to read and very straight forward in its language. I too look forward to the ldap piece. -NG

From: Anonymous at: 2006-01-09 08:56:26

I really like this. Is there a method to do this using a gui interface?

From: Anonymous at: 2006-01-14 16:02:17

no

From: Anonymous at: 2006-02-20 09:22:40

This was a great help from a invaluable website. I am looking forward to the HowTo for a PDC and BDC using OpenLDAP and hope the author will find the time to post it soon. All sysadmins that learned something about the subject here owe the author a great deal of gratitude.

From: Anonymous at: 2006-01-25 20:48:35

u can try webmin(webmin.com) . It has a module to configure samba.

From: Anonymous at: 2006-01-25 21:01:07

Samba comes with a web config tool SWAT.

there are also lots of guis for samba here -http://us5.samba.org/samba/GUI/

in case u also need a gui for other things apart from samba u might want to try webmin. (webmin.org)

From: Anonymous at: 2006-01-08 13:17:19

This was a very great article! Thanks so much. I do hope that you decide to post another using LDAP though, as I have been wanting to get this working for some time but just can't find a good enough how-to - as all of the attempts I've made failed miserably.

I'm looking for something that allows both windows and linux clients to authenticate to a central authentication server.

I'm sure many would appreciate it.

Thanks again,

Mike.

From: Anonymous at: 2006-01-09 08:58:11

Really superb tutorial. I tried to find the relevant forum enttry but couldn't find it. How is it possilbe to do this via the GUI interface?

From: Anonymous at: 2006-03-06 20:15:09

It took me a while but I got the LDAP peice working last year. No clean, easy, and still current howto covers everything with LDAP/Samba SSO so you will be working on this for a long time if you really want it. I created and recreated it many times, learning more about LDAP each time. I ended up following the Samba example howto *exactly* in order to have a working setup, then changing it to suit my situation. Some of the problems I encountered were old Samba and Slapd packages in the apt repositories, the inability to use a SASL backend, no digest passwords, etc. No idea if these were fixed after 3.0.14.

The addition of the LDAP piece gives me a single-sign-on solution for both windows and *nix boxes, but because of the SASL/Digest issue you need to use SSL certificates, which can present a whole 'nuther issue. Watch out adding users to the root group (using netgroup map in this tutorial) it may present a security issue in your configuration if you are not careful since Samba can communicate using the old NTLM protocols.

The beauty is that once you have LDAP auth working you can use PAM to extend it to auth almost anything: Apache, SSH, mail services, etc.

-Box

From: Anonymous at: 2006-01-18 11:07:25

Very usefull.. I used it for a small network and it worked perfectly..

From: Anonymous at: 2006-01-19 22:23:53

I had absolutely no problems setting up my domain controller as described here. This includes the main features of:

* Roaming profiles
* Central user management (set 'em up on the server and they can log in at any workstation, that is joined into the domain.

This is how joining is done - http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/82b8966c-a6d9-49f7-9bd5-2990a7cc38c3.mspx ) While I agree to use Ubuntu (and the under lying Debian OS. Since it is the last truely "free" distro)

I then tried the same method (using the same smb.conf) on an existing RedHat Fedora Core 4 Samba installation and after only minor tweaking (eg. re-entering user passwords into smbpasswd, because the above setup uses a different, more secure password db) I was able to get it working. Naturally one would also have to deal with any migration issues (mostly transfering files to the network) of existing users.

On a whole a very good experience getting something going, which I personally had attempted without success several times over the past years. ....And HowtoForge rocks ; - )...many great howtos. Thanks

From: Anonymous at: 2006-04-17 11:19:47

What are the benifits of roaming profiles? Is this functionality standard, how to you get it working?

From: Anonymous at: 2006-02-04 22:57:22

Sugestion:

Add the "foomatic-filters-ppds" package to the cups installation line, it will install the foomatic ppds.

From: Anonymous at: 2006-02-25 17:30:16

Hi,

Let me say that this how-to is the best thing in a long time. I am installing a PDC at my school and everything is working execpt that when from a client Winxp client i press CRTL-ALT-DEL and try to change that user's password i enter the old one the new one twice and the press ok. The machine just hangs there waiting and waiting... and nothing. Is this happening to someone else??

Thanks,

José

From: Anonymous at: 2006-05-10 14:02:17

Hi,

Try to change the "passwd chat" line in smb.conf to this:

passwd chat = *password* %n\n *password* %n\n *success*

/punch

From: Anonymous at: 2006-04-08 05:35:15

Thank you for an excellent walk-through for Ubuntu and Samba. I've been struggling with multiple linux distributions, trying to create a secure file server. Your tutorial saved me months of sleepless nights.


Thanks again,


Devan

From: Anonymous at: 2006-04-24 22:01:05

thanx for the gr8 howto!

my only quibble is, if its "cut-and-paste," (in other words, as easy as it gets) shouldn't there be instructions on how to configure the 2nd machine?

it just seems like there are so many howtos that say configure this, do that, edit this file... but without reasons why to do those things. it was more difficult for me because i got up to the part about changing /etc/network/interfaces, and i didn't know how many of the values to change. a little trial and error and it worked.

gentoo has great docs, they have explicit instructions, but take a time out to explain why. thats why their docs have been easier to understand, in my experience, than things for debian.

From: Anonymous at: 2006-05-01 13:27:15

I had set up a Samba PDC several months ago... I wish this was around then... It took me a week of evenings to finally get it working... And it really hasn't worked extremely reliably (ie I would get access denied at least once a day) until recently when I changed my PDC box from CentOS to Gentoo... No problems since then...

From: Anonymous at: 2006-05-01 16:38:58

Hey great howto... Recomended it to alot of people so far! When is the LDAP part going to be done?! I REALLY NEED IT! :)

From: Anonymous at: 2006-05-08 16:45:20

Great tutorial. There is one minor mistake that gave me some trouble.

Where it says:

The cups webinterface is now accessible with any webbrowser from my workstation:

http://192.168.0.100:631/

It should be:

http://192.168.0.100:631/admin

You may also need to "Allow From [server's IP]" under <Location /admin> in cupsd.conf.

In addition, I had to allow the same addresses under <Location /> for it to work properly.

From: Anonymous at: 2006-06-17 15:31:53

I don't know if I was the only person that had these issues..

When trying to join the PC to the domain, I had to add it with the root login, then reboot, and login with the username I setup.


Apart from that though, a very nice tutorial and well done! Saved my ass :)

From: Anonymous at: 2006-07-22 13:06:43

The tutorial is excellent.

A suggestion -- You might want to consider adding a note in the last section where smb users are added, a newbie, like me, might forget to add the user to the GROUP 'users' which ubuntu doesn't do automatically when you create new users. If you don't do this, you end up not being able to access the shared 'allusers' directory which at first is confusing.

From: jmm at: 2009-06-27 03:18:11

Hi after following the tutorial this is what I get " a domain controller for the domain adnt could not be contacted " What should I do?

 

 

Thanks