Difference between revisions of "Samba domain controller"

From ArchWiki
Jump to: navigation, search
(Other Configuration)
m (Fix AD link)
(13 intermediate revisions by 8 users not shown)
Line 1: Line 1:
#REDIRECT: [[Samba/Active Directory domain controller]]
This article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba. Note this Howto is currently only a rough guide and may not work properly
Install {{Pkg|samba}}.
run the following commands to create files and change permissions
mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/
mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/
==Samba Config File==
Create the samba config file
vi /etc/samba/smb.conf
Enter the following text
  workgroup = MIDEARTH
  netbios name = archer
  server string = Samba Domain Controller
  passdb backend = tdbsam
  security = user
  username map = /etc/samba/smbusers
  name resolve order = wins bcast hosts
  domain logons = yes
  preferred master = yes
  wins support = yes
  # Default logon
  logon drive = H:
  logon script = scripts/logon.bat
  logon path = \\archer\profile\%U
  # Useradd scripts
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
  delete user script = /usr/sbin/userdel -r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -G %g %u
  add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  template shell = /bin/bash
  # sync smb passwords with linux passwords
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  passwd chat debug = yes
  unix password sync = yes
  # set the loglevel
  log level = 3
  browseable = yes
  public = yes
  comment = Home
  valid users = %S
  read only = no
  browsable = no
  comment = Network Logon Service
  path = /home/samba/netlogon
  admin users = administrator
  valid users = %U
  read only = no
  guest ok = yes
  writable = no
  share modes = no
  comment = User profiles
  path = /home/samba/profiles
  valid users = %U
  create mode = 0600
  directory mode = 0700
  writable = yes
  browsable = no
  guest ok = no
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users
  create mask = 0660
  directory mask = 0771
  writable = yes
==Other Configuration==
Next restart samba
systemctl restart samba
Edit the following file
vi /etc/nsswitch.conf
And change the line
hosts: files dns
to say
hosts: files wins dns
Add the root user to the samba password database
smbpasswd -a root
This next command tells the server that the user administrator will be our domain admin
echo "root = administrator" > /etc/samba/smbusers
Add the default domain groups ('''SUPER IMPORTANT!''')
net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
Launching the NetBIOS name server may be required for other machines to "see" the server
nmbd -H /etc/samba/lmhosts -D
==Adding users==
First add the user
useradd username -m -G users
then add it to the samba database
smbpasswd -a username
Restart the samba server just to be sure
systemctl restart samba
Your samba domain controller may or may not work now that you have completed this untested how to.

Latest revision as of 00:28, 13 May 2016