Difference between revisions of "Samba domain controller"

From ArchWiki
Jump to: navigation, search
(recategorize)
(Other Configuration)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Networking]]
 
This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly
 
This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly
  
 
=Installation=
 
=Installation=
  
Make sure your Arch is up to date:
+
Install {{Pkg|samba}}.
 
+
pacman -Syu
+
 
+
Install Samba,
+
pacman -S samba
+
 
+
Add a user called administrator and make him in the group wheel
+
 
+
adduser
+
 
+
=Configuration=
+
 
+
Static IP is recommended, but not required.
+
vi /etc/rc.conf
+
Change your IP,
+
eth0="eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255"
+
Save and exit.
+
  
 
==PreConfiguration==
 
==PreConfiguration==
Line 134: Line 117:
 
Next restart samba
 
Next restart samba
  
  /etc/rc.d/samba restart
+
  systemctl restart samba
  
 
Edit the following file
 
Edit the following file
Line 161: Line 144:
 
  net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
 
  net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
 
  net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
 
  net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
 +
 +
Launching the NetBIOS name server may be required for other machines to "see" the server
 +
nmbd -H /etc/samba/lmhosts -D
  
 
==Adding users==
 
==Adding users==
Line 174: Line 160:
 
Restart the samba server just to be sure
 
Restart the samba server just to be sure
  
  /etc/rc.d/samba restart
+
  systemctl restart samba
  
 
=Finished=
 
=Finished=
  
 
Your samba domain controller may or may not work now that you have completed this untested how to.
 
Your samba domain controller may or may not work now that you have completed this untested how to.

Revision as of 23:56, 25 March 2013

This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly

Installation

Install samba.

PreConfiguration

run the following commands to create files and change permissions

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/
mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

Samba Config File

Create the samba config file

vi /etc/samba/smb.conf

Enter the following text

[global]
  workgroup = MIDEARTH
  netbios name = archer
  server string = Samba Domain Controller

  
  passdb backend = tdbsam
  security = user
  username map = /etc/samba/smbusers
  name resolve order = wins bcast hosts
  domain logons = yes
  preferred master = yes
  wins support = yes

  
  # Default logon
  logon drive = H:
  logon script = scripts/logon.bat
  logon path = \\archer\profile\%U


  # Useradd scripts
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
  delete user script = /usr/sbin/userdel -r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -G %g %u
  add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  template shell = /bin/bash


  # sync smb passwords with linux passwords
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  passwd chat debug = yes
  unix password sync = yes
  
  # set the loglevel
  log level = 3

[public]
  browseable = yes
  public = yes


[homes]
  comment = Home
  valid users = %S
  read only = no
  browsable = no


[netlogon]
  comment = Network Logon Service
  path = /home/samba/netlogon
  admin users = administrator
  valid users = %U
  read only = no
  guest ok = yes
  writable = no
  share modes = no


[profile]
  comment = User profiles
  path = /home/samba/profiles
  valid users = %U
  create mode = 0600
  directory mode = 0700
  writable = yes
  browsable = no
  guest ok = no


[allusers]
 comment = All Users
 path = /home/shares/allusers
 valid users = @users
 force group = users 
 create mask = 0660
 directory mask = 0771
 writable = yes

Other Configuration

Next restart samba

systemctl restart samba

Edit the following file

vi /etc/nsswitch.conf

And change the line

hosts: files dns

to say

hosts: files wins dns

Add the root user to the samba password database

smbpasswd -a root

This next command tells the server that the user administrator will be our domain admin

echo "root = administrator" > /etc/samba/smbusers

Add the default domain groups (SUPER IMPORTANT!)

net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d

Launching the NetBIOS name server may be required for other machines to "see" the server

nmbd -H /etc/samba/lmhosts -D

Adding users

First add the user

useradd username -m -G users

then add it to the samba database

smbpasswd -a username

Restart the samba server just to be sure

systemctl restart samba

Finished

Your samba domain controller may or may not work now that you have completed this untested how to.