https://wiki.archlinux.org/api.php?action=feedcontributions&user=Fukawi1&feedformat=atom
ArchWiki - User contributions [en]
2024-03-29T07:10:34Z
User contributions
MediaWiki 1.41.0
https://wiki.archlinux.org/index.php?title=Samba_domain_controller&diff=65216
Samba domain controller
2009-03-18T01:00:51Z
<p>Fukawi1: /* Samba Config File */</p>
<hr />
<div>[[Category:HOWTOs (English)]]<br />
<br />
=Introduction=<br />
<br />
This Article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba.<br />
Note this Howto is currently only a rough guide and may not work properly<br />
<br />
=Installation=<br />
<br />
Make sure your Arch is up to date:<br />
<br />
pacman -Syu<br />
<br />
Install Samba,<br />
pacman -Sy samba<br />
<br />
Add a user called Administrator and make him in the group wheel<br />
<br />
adduser<br />
<br />
=Configuration=<br />
<br />
Static IP is recommended, but not required.<br />
vi /etc/rc.conf<br />
Change your IP,<br />
eth0="eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255"<br />
Save and exit.<br />
<br />
==PreConfiguration==<br />
<br />
run the following commands to create files and change permissions<br />
<br />
mkdir /home/samba<br />
mkdir /home/samba/netlogon<br />
mkdir /home/samba/profiles<br />
chmod 777 /var/spool/samba/<br />
chown -R root:users /home/samba/<br />
chmod -R 771 /home/samba/<br />
mkdir -p /home/shares/allusers<br />
chown -R root:users /home/shares/allusers/<br />
chmod -R ug+rwx,o+rx-w /home/shares/allusers/<br />
<br />
==Samba Config File==<br />
<br />
Create the samba config file<br />
<br />
vi /etc/samba/smb.conf<br />
<br />
Enter the following text<br />
<br />
[global]<br />
workgroup = MIDEARTH<br />
netbios name = archer<br />
server string = Samba Domain Controller<br />
<br />
<br />
passdb backend = tdbsam<br />
security = user<br />
username map = /etc/samba/smbusers<br />
name resolve order = wins bcast hosts<br />
domain logons = yes<br />
preferred master = yes<br />
wins support = yes<br />
<br />
<br />
# Default logon<br />
logon drive = H:<br />
logon script = scripts/logon.bat<br />
logon path = \\archer\profile\%U<br />
<br />
<br />
# Useradd scripts<br />
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u<br />
delete user script = /usr/sbin/userdel -r %u<br />
add group script = /usr/sbin/groupadd %g<br />
delete group script = /usr/sbin/groupdel %g<br />
add user to group script = /usr/sbin/usermod -G %g %u<br />
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u<br />
idmap uid = 15000-20000<br />
idmap gid = 15000-20000<br />
template shell = /bin/bash<br />
<br />
<br />
# sync smb passwords with linux passwords<br />
passwd program = /usr/bin/passwd %u<br />
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .<br />
passwd chat debug = yes<br />
unix password sync = yes<br />
<br />
# set the loglevel<br />
log level = 3<br />
<br />
[public]<br />
browseable = yes<br />
public = yes<br />
<br />
<br />
[homes]<br />
comment = Home<br />
valid users = %S<br />
read only = no<br />
browsable = no<br />
<br />
<br />
[netlogon]<br />
comment = Network Logon Service<br />
path = /home/samba/netlogon<br />
admin users = Administrator<br />
valid users = %U<br />
read only = no<br />
guest ok = yes<br />
writable = no<br />
share modes = no<br />
<br />
<br />
[profile]<br />
comment = User profiles<br />
path = /home/samba/profiles<br />
valid users = %U<br />
create mode = 0600<br />
directory mode = 0700<br />
writable = yes<br />
browsable = no<br />
guest ok = no<br />
<br />
<br />
[allusers]<br />
comment = All Users<br />
path = /home/shares/allusers<br />
valid users = @users<br />
force group = users <br />
create mask = 0660<br />
directory mask = 0771<br />
writable = yes<br />
<br />
==Other Configuration==<br />
<br />
Next restart samba<br />
<br />
/etc/rc.d/samba restart<br />
<br />
Edit the following file<br />
<br />
vi /etc/nsswitch.conf<br />
<br />
And change the line <br />
<br />
hosts: files dns<br />
<br />
to say<br />
<br />
hosts: files wins dns<br />
<br />
Add the root user to the samba password database<br />
<br />
smbpasswd -a root<br />
<br />
This next command tells the server that the user Administrator will be our domain admin<br />
<br />
echo "root = Administrator" > /etc/samba/smbusers<br />
<br />
Add the default domain groups<br />
<br />
net groupmap add ntgroup="Domain Admins" unixgroup=root<br />
net groupmap add ntgroup="Domain Users" unixgroup=users<br />
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup<br />
<br />
==Adding users==<br />
<br />
First add the user<br />
<br />
useradd username -m -G users<br />
<br />
then add it to the samba database<br />
<br />
smbpasswd -a username<br />
<br />
Restart the samba server just to be sure<br />
<br />
/etc/rc.d/samba restart<br />
<br />
=Finished :-)=<br />
<br />
Your samba domain controller may or may not work now that you have completed this untested how to.</div>
Fukawi1