Difference between revisions of "Samba domain controller"

From ArchWiki
Jump to: navigation, search
(s/Administrator/administrator/ so that the adduser command actually works)
m (Fix AD link)
(21 intermediate revisions by 14 users not shown)
Line 1: Line 1:
[[Category:HOWTOs (English)]]
#REDIRECT: [[Samba/Active Directory domain controller]]
This Article explains how to setup a simple Windows Domain Controller with user authentication and shares on a small network using samba.
Note this Howto is currently only a rough guide and may not work properly
Make sure your Arch is up to date:
pacman -Syu
Install Samba,
pacman -Sy samba
Add a user called administrator and make him in the group wheel
Static IP is recommended, but not required.
vi /etc/rc.conf
Change your IP,
eth0="eth0 netmask broadcast"
Save and exit.
run the following commands to create files and change permissions
mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/
mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/
==Samba Config File==
Create the samba config file
vi /etc/samba/smb.conf
Enter the following text
  workgroup = MIDEARTH
  netbios name = archer
  server string = Samba Domain Controller
  passdb backend = tdbsam
  security = user
  username map = /etc/samba/smbusers
  name resolve order = wins bcast hosts
  domain logons = yes
  preferred master = yes
  wins support = yes
  # Default logon
  logon drive = H:
  logon script = scripts/logon.bat
  logon path = \\archer\profile\%U
  # Useradd scripts
  add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
  delete user script = /usr/sbin/userdel -r %u
  add group script = /usr/sbin/groupadd %g
  delete group script = /usr/sbin/groupdel %g
  add user to group script = /usr/sbin/usermod -G %g %u
  add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  template shell = /bin/bash
  # sync smb passwords with linux passwords
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
  passwd chat debug = yes
  unix password sync = yes
  # set the loglevel
  log level = 3
  browseable = yes
  public = yes
  comment = Home
  valid users = %S
  read only = no
  browsable = no
  comment = Network Logon Service
  path = /home/samba/netlogon
  admin users = administrator
  valid users = %U
  read only = no
  guest ok = yes
  writable = no
  share modes = no
  comment = User profiles
  path = /home/samba/profiles
  valid users = %U
  create mode = 0600
  directory mode = 0700
  writable = yes
  browsable = no
  guest ok = no
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users
  create mask = 0660
  directory mask = 0771
  writable = yes
==Other Configuration==
Next restart samba
/etc/rc.d/samba restart
Edit the following file
vi /etc/nsswitch.conf
And change the line
hosts: files dns
to say
hosts: files wins dns
Add the root user to the samba password database
smbpasswd -a root
This next command tells the server that the user administrator will be our domain admin
echo "root = administrator" > /etc/samba/smbusers
Add the default domain groups
net groupmap add ntgroup="Domain Admins" unixgroup=root
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nogroup
==Adding users==
First add the user
useradd username -m -G users
then add it to the samba database
smbpasswd -a username
Restart the samba server just to be sure
/etc/rc.d/samba restart
=Finished :-)=
Your samba domain controller may or may not work now that you have completed this untested how to.

Latest revision as of 00:28, 13 May 2016