Difference between revisions of "Samba domain controller"

From ArchWiki
Jump to: navigation, search
(Configuration)
(12 intermediate revisions by 10 users not shown)
Line 1: Line 1:
[[Category:HOWTOs (English)]]
+
{{Out of date|This article was not tested with Samba 4, proceed with caution!}}
 
+
[[Category:Networking]]
=Introduction=
+
This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly
 
+
This Article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba.
+
Note this Howto is currently only a rough guide and may not work properly
+
  
 
=Installation=
 
=Installation=
  
Make sure your Arch is up to date:
+
Install {{Pkg|samba}}.
 
+
pacman -Syu
+
 
+
Install Samba,
+
pacman -Sy samba
+
 
+
=Configuration=
+
 
+
Static IP is recommended, but not required.
+
vi /etc/rc.conf
+
Change your IP,
+
eth0="eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255"
+
Save and exit.
+
  
 
==PreConfiguration==
 
==PreConfiguration==
Line 46: Line 30:
  
 
  [global]
 
  [global]
   workgroup = BBLEGAL
+
   workgroup = MIDEARTH
 
   netbios name = archer
 
   netbios name = archer
 
   server string = Samba Domain Controller
 
   server string = Samba Domain Controller
Line 71: Line 55:
 
   add group script = /usr/sbin/groupadd %g
 
   add group script = /usr/sbin/groupadd %g
 
   delete group script = /usr/sbin/groupdel %g
 
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usernod -G %g %u
+
   add user to group script = /usr/sbin/usermod -G %g %u
 
   add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
 
   add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
 
   idmap uid = 15000-20000
 
   idmap uid = 15000-20000
Line 102: Line 86:
 
   comment = Network Logon Service
 
   comment = Network Logon Service
 
   path = /home/samba/netlogon
 
   path = /home/samba/netlogon
   admin users = Administrator
+
   admin users = administrator
 
   valid users = %U
 
   valid users = %U
 
   read only = no
 
   read only = no
Line 134: Line 118:
 
Next restart samba
 
Next restart samba
  
  /etc/rc.d/samba restart
+
  systemctl restart samba
  
 
Edit the following file
 
Edit the following file
Line 152: Line 136:
 
  smbpasswd -a root
 
  smbpasswd -a root
  
This next command tells the server that the user Administrator will be our domain admin
+
This next command tells the server that the user administrator will be our domain admin
 +
 
 +
echo "root = administrator" > /etc/samba/smbusers
  
echo "root = Administrator" > /etc/samba/smbusers
+
Add the default domain groups ('''SUPER IMPORTANT!''')
  
Add the default domain groups
+
net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d
 +
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
 +
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
  
net groupmap add ntgroup="Domain Admins" unixgroup=root
+
Launching the NetBIOS name server may be required for other machines to "see" the server
  net groupmap add ntgroup="Domain Users" unixgroup=users
+
  nmbd -H /etc/samba/lmhosts -D
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup
+
  
 
==Adding users==
 
==Adding users==
Line 174: Line 161:
 
Restart the samba server just to be sure
 
Restart the samba server just to be sure
  
  /etc/rc.d/samba restart
+
  systemctl restart samba
  
=Finished :-)=
+
=Finished=
  
 
Your samba domain controller may or may not work now that you have completed this untested how to.
 
Your samba domain controller may or may not work now that you have completed this untested how to.

Revision as of 12:30, 13 April 2013

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: This article was not tested with Samba 4, proceed with caution! (Discuss in Talk:Samba domain controller#)

This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly

Installation

Install samba.

PreConfiguration

run the following commands to create files and change permissions

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/
mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

Samba Config File

Create the samba config file

vi /etc/samba/smb.conf

Enter the following text

[global]
  workgroup = MIDEARTH
  netbios name = archer
  server string = Samba Domain Controller

  
  passdb backend = tdbsam
  security = user
  username map = /etc/samba/smbusers
  name resolve order = wins bcast hosts
  domain logons = yes
  preferred master = yes
  wins support = yes

  
  # Default logon
  logon drive = H:
  logon script = scripts/logon.bat
  logon path = \\archer\profile\%U


  # Useradd scripts
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
  delete user script = /usr/sbin/userdel -r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -G %g %u
  add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  template shell = /bin/bash


  # sync smb passwords with linux passwords
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  passwd chat debug = yes
  unix password sync = yes
  
  # set the loglevel
  log level = 3

[public]
  browseable = yes
  public = yes


[homes]
  comment = Home
  valid users = %S
  read only = no
  browsable = no


[netlogon]
  comment = Network Logon Service
  path = /home/samba/netlogon
  admin users = administrator
  valid users = %U
  read only = no
  guest ok = yes
  writable = no
  share modes = no


[profile]
  comment = User profiles
  path = /home/samba/profiles
  valid users = %U
  create mode = 0600
  directory mode = 0700
  writable = yes
  browsable = no
  guest ok = no


[allusers]
 comment = All Users
 path = /home/shares/allusers
 valid users = @users
 force group = users 
 create mask = 0660
 directory mask = 0771
 writable = yes

Other Configuration

Next restart samba

systemctl restart samba

Edit the following file

vi /etc/nsswitch.conf

And change the line

hosts: files dns

to say

hosts: files wins dns

Add the root user to the samba password database

smbpasswd -a root

This next command tells the server that the user administrator will be our domain admin

echo "root = administrator" > /etc/samba/smbusers

Add the default domain groups (SUPER IMPORTANT!)

net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d

Launching the NetBIOS name server may be required for other machines to "see" the server

nmbd -H /etc/samba/lmhosts -D

Adding users

First add the user

useradd username -m -G users

then add it to the samba database

smbpasswd -a username

Restart the samba server just to be sure

systemctl restart samba

Finished

Your samba domain controller may or may not work now that you have completed this untested how to.