SAMBA (Domaincontroller) Server For Small Workgroups With Ubuntu 7.10 - Page 2

SAMBA Server

apt-get install libcupsys2 samba samba-common samba-doc smbclient winbind cupsys-common

Edit /etc/samba/smb.conf that it looks like this:

vi /etc/samba/smb.conf
[global]
   workgroup = MYWORKGROUP
   netbios name = SERVER1
   server string = %h server (Samba, Ubuntu)


   passdb backend = tdbsam
   security = user
   username map = /etc/samba/smbusers
   name resolve order = wins bcast hosts
   domain logons = yes
   preferred master = yes
   wins support = yes

   # Set CUPS for printing
   load printers = yes
   printcap name = CUPS
   printing = CUPS

   # Default logon
   logon drive = H:
   logon script = scripts/logon.bat
   logon path = \\server1\profile\%U


   # Useradd scripts
   # add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
   add user script = /usr/sbin/useradd -m '%u' -g users -G users
   delete user script = /usr/sbin/userdel -r %u
   add group script = /usr/sbin/groupadd %g
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usernod -G %g %u
   add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
   idmap uid = 15000-20000
   idmap gid = 15000-20000
   template shell = /bin/bash


   # sync smb passwords woth linux passwords
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
   passwd chat debug = yes
   unix password sync = yes

   # set the loglevel
   log level = 3

[public]
   browseable = yes
   public = yes


[homes]
   comment = Home
   valid users = %S
   read only = no
   browsable = no


[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = yes
   public = no
   writable = no
   create mode = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   write list = root, @smbadmin


[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   admin users = Administrator
   valid users = %U
   read only = no
   guest ok = yes
   writable = no
   share modes = no


[profile]
   comment = User profiles
   path = /home/samba/profiles
   valid users = %U
   create mode = 0600
   directory mode = 0700
   writable = yes
   browsable = no
   guest ok = no

      

Create the directories for domain logons and profiles:

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/

Now we restart Samba:

/etc/init.d/samba restart

Edit /etc/nsswitch.conf. Change the line:

vi /etc/nsswitch.conf
hosts: files dns

to:

hosts: files wins dns

Add all computers of your workgroup in the /etc/hosts file on the server.

vi /etc/hosts
192.168.0.100 server1 server1.example.com
192.168.0.110 workstation1
192.168.0.111 workstation2
192.168.0.112 workstation3
192.168.0.113 workstation4

Add the root user to the SAMBA password database. The root user (alias: Administrator) will be our domain Administrator. This account is needed to add new computers to the SAMBA domain.

smbpasswd -a root

Create the file /etc/samba/smbusersand add the line by executing:

echo "root = Administrator" > /etc/samba/smbusers

This will allow us to use the common Windows username "Administrator" as an alias for the Linux root user.

Now I will test if the setup is correct:

smbclient -L localhost -U%

The output shall look similar to this:

Domain=[MYWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (samba server (Samba, Ubuntu))
        netlogon        Disk      Network Logon Service
        print$          Disk      Printer Drivers
Domain=[MYWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]

        Server               Comment
        ---------            -------
        SERVER1              samba server (Samba, Ubuntu)

        Workgroup            Master
        ---------            -------
        MYWORKGROUP          SERVER1
        WORKGROUP            FILESERVER

Set up the default domain groups for windows:

net groupmap add ntgroup="Domain Admins" unixgroup="root" type=domain -U root
net groupmap add ntgroup="Domain Users" unixgroup="users" type=domain -U root
net groupmap add ntgroup="Domain Guests" unixgroup="nogroup" type=domain -U root

 

Adding Users To Our SAMBA Domain

Now we will add a user, e.g."tom", to our Samba domain. You will have to add a user like this for each user account you want to connect to this SAMBA domain server.

Add the user "tom" with password "secret" to the Samba and Linux user database:

net rpc user add tom -U root
net rpc user password tom "secret" -U root
smbpasswd -e tom

 

Adding Shares

Now I will add a share that is accessible by all users:

mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

At the end of the file /etc/samba/smb.conf add the following lines:

[allusers]
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users 
  create mask = 0660
  directory mask = 0771
  writable = yes

Now we restart Samba:

/etc/init.d/samba restart

 

Installing CUPS

apt-get install cupsys cupsys-client cupsys-driver-gimpprint defoma fontconfig foomatic-db foomatic-filters libcupsimage2 libexpat1 libfontconfig1 libfreetype6 libjpeg62 libpaper1 libpng12-0 libslp1 libtiff4 patch perl perl-modules ttf-bitstream-vera ucf

To get access to the webinterface from my workstation (IP 192.168.0.70), I will configure CUPS to listen on the server IP and allow access from the IP 192.168.0.70. You will have to change this IP to suit into your network configuration.

vi /etc/cups/cupsd.conf

Change the line:

Listen localhost:631

to:

Listen 192.168.0.70:631

and:

# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow localhost
</Location>

to:

# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow 192.168.0.70
</Location>

and restart the CUPS daemon:

/etc/init.d/cupsys restart

The CUPS webinterface is now accessible with any webbrowser from my workstation:

http://192.168.0.100:631/

Now I can log in to the CUPS interface with username root and my root password.

Please note: If there is no Linux driver available for your printer and you want to use this printer only from your Windows workstations trough SAMBA, you can use the printer manufacturer "RAW" and install the correct driver on your Windows workstation.

If you created a new printer in CUPS, you will have to add it to Samba with the command:

cupsaddsmb -a

This howto is also available as a VMware virtual machine image for all HowtoForge subscribers.

 

All trademarks belong to their respective owners.

Share this page:

1 Comment(s)