Revision as of 04:36, 2 November 2007

Introduction

This Article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly

Installation

Make sure your Arch is up to date:

pacman -Syu

Set your IP Address to static through rc.conf

vi /etc/rc.conf

Edit the following line

eth0="eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255"

Run the following command to install samba

pacman -Sy samba

Configuration

PreConfiguration

run the following commands to create files and change permissions

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/
mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

Samba Config File

Create the samba config file

vi /etc/samba/smb.conf

Enter the following text

[global]
  workgroup = BBLEGAL
  netbios name = archer
  server string = Samba Domain Controller

  
  passdb backend = tdbsam
  security = user
  username map = /etc/samba/smbusers
  name resolve order = wins bcast hosts
  domain logons = yes
  preferred master = yes
  wins support = yes

  
  # Default logon
  logon drive = H:
  logon script = scripts/logon.bat
  logon path = \\archer\profile\%U


  # Useradd scripts
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
  delete user script = /usr/sbin/userdel -r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usernod -G %g %u
  add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  template shell = /bin/bash


  # sync smb passwords with linux passwords
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  passwd chat debug = yes
  unix password sync = yes
  
  # set the loglevel
  log level = 3

[public]
  browseable = yes
  public = yes


[homes]
  comment = Home
  valid users = %S
  read only = no
  browsable = no


[netlogon]
  comment = Network Logon Service
  path = /home/samba/netlogon
  admin users = Administrator
  valid users = %U
  read only = no
  guest ok = yes
  writable = no
  share modes = no


[profile]
  comment = User profiles
  path = /home/samba/profiles
  valid users = %U
  create mode = 0600
  directory mode = 0700
  writable = yes
  browsable = no
  guest ok = no


[allusers]
 comment = All Users
 path = /home/shares/allusers
 valid users = @users
 force group = users 
 create mask = 0660
 directory mask = 0771
 writable = yes

Other Configuration

Next restart samba

/etc/rc.d/samba restart

Edit the following file

vi /etc/nsswitch.conf

And change the line

hosts: files dns

to say

hosts: files wins dns

Add the root user to the samba password database

smbpasswd -a root

This next command tells the server that the user Administrator will be our domain admin

echo "root = Administrator" > /etc/samba/smbusers

Add the default domain groups

net groupmap add ntgroup="Domain Admins" unixgroup=root
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup

Adding users

First add the user

useradd username -m -G users

then add it to the samba database

smbpasswd -a username

Restart the samba server just to be sure

/etc/rc.d/samba restart

Finished :-)

Your samba domain controller may or may not work now that you have completed this untested how to.