Difference between revisions of "Samba domain controller"

From ArchWiki
Jump to: navigation, search
m (Fix AD link)
 
(15 intermediate revisions by 9 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
#REDIRECT: [[Samba/Active Directory domain controller]]
This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly
 
 
 
=Installation=
 
 
 
Make sure your Arch is up to date:
 
 
 
pacman -Syu
 
 
 
Install Samba,
 
pacman -S samba
 
 
 
Add a user called administrator and make him in the group wheel
 
 
 
adduser
 
 
 
=Configuration=
 
 
 
Static IP is recommended, but not required.
 
vi /etc/rc.conf
 
Change your IP,
 
eth0="eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255"
 
Save and exit.
 
 
 
==PreConfiguration==
 
 
 
run the following commands to create files and change permissions
 
 
 
mkdir /home/samba
 
mkdir /home/samba/netlogon
 
mkdir /home/samba/profiles
 
chmod 777 /var/spool/samba/
 
chown -R root:users /home/samba/
 
chmod -R 771 /home/samba/
 
mkdir -p /home/shares/allusers
 
chown -R root:users /home/shares/allusers/
 
chmod -R ug+rwx,o+rx-w /home/shares/allusers/
 
 
 
==Samba Config File==
 
 
 
Create the samba config file
 
 
 
vi /etc/samba/smb.conf
 
 
 
Enter the following text
 
 
 
[global]
 
  workgroup = MIDEARTH
 
  netbios name = archer
 
  server string = Samba Domain Controller
 
 
 
 
  passdb backend = tdbsam
 
  security = user
 
  username map = /etc/samba/smbusers
 
  name resolve order = wins bcast hosts
 
  domain logons = yes
 
  preferred master = yes
 
  wins support = yes
 
 
 
 
  # Default logon
 
  logon drive = H:
 
  logon script = scripts/logon.bat
 
  logon path = \\archer\profile\%U
 
 
 
  # Useradd scripts
 
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
 
  delete user script = /usr/sbin/userdel -r %u
 
  add group script = /usr/sbin/groupadd %g
 
  delete group script = /usr/sbin/groupdel %g
 
  add user to group script = /usr/sbin/usermod -G %g %u
 
  add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
 
  idmap uid = 15000-20000
 
  idmap gid = 15000-20000
 
  template shell = /bin/bash
 
 
 
  # sync smb passwords with linux passwords
 
  passwd program = /usr/bin/passwd %u
 
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
 
  passwd chat debug = yes
 
  unix password sync = yes
 
 
 
  # set the loglevel
 
  log level = 3
 
 
[public]
 
  browseable = yes
 
  public = yes
 
 
 
[homes]
 
  comment = Home
 
  valid users = %S
 
  read only = no
 
  browsable = no
 
 
 
[netlogon]
 
  comment = Network Logon Service
 
  path = /home/samba/netlogon
 
  admin users = administrator
 
  valid users = %U
 
  read only = no
 
  guest ok = yes
 
  writable = no
 
  share modes = no
 
 
 
[profile]
 
  comment = User profiles
 
  path = /home/samba/profiles
 
  valid users = %U
 
  create mode = 0600
 
  directory mode = 0700
 
  writable = yes
 
  browsable = no
 
  guest ok = no
 
 
 
[allusers]
 
  comment = All Users
 
  path = /home/shares/allusers
 
  valid users = @users
 
  force group = users
 
  create mask = 0660
 
  directory mask = 0771
 
  writable = yes
 
 
 
==Other Configuration==
 
 
 
Next restart samba
 
 
 
/etc/rc.d/samba restart
 
 
 
Edit the following file
 
 
 
vi /etc/nsswitch.conf
 
 
 
And change the line
 
 
 
hosts: files dns
 
 
 
to say
 
 
 
hosts: files wins dns
 
 
 
Add the root user to the samba password database
 
 
 
smbpasswd -a root
 
 
 
This next command tells the server that the user administrator will be our domain admin
 
 
 
echo "root = administrator" > /etc/samba/smbusers
 
 
 
Add the default domain groups ('''SUPER IMPORTANT!''')
 
 
 
net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d
 
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
 
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
 
 
 
==Adding users==
 
 
 
First add the user
 
 
 
useradd username -m -G users
 
 
 
then add it to the samba database
 
 
 
smbpasswd -a username
 
 
 
Restart the samba server just to be sure
 
 
 
/etc/rc.d/samba restart
 
 
 
=Finished=
 
 
 
Your samba domain controller may or may not work now that you have completed this untested how to.
 

Latest revision as of 00:28, 13 May 2016