Home
My Samba Configuration File and Scripts for a Primary Domain Controller - Jul 20, 2005 15:16
The question comes up on the ProLinux email list every now and then: "how do I set up a Samba Server to act as a Primary Domain Controller (PDC) for my Windows domain." While I don't have step-by-step instructions written up, I do have a working smb.conf file (I have successfully set up PDC's in Samba at 3 client sites using this same basic smb.conf file). I'm happy to share the file to get you started. In addition to smb.conf, I've written some helper scripts for adding and removing users and machines. To get this working the way I have, you'll have to add the following groups (man groupadd): "machines", "user", and "admins". On my machine, the commands to issue are (but I've seen different versions of groupadd): $ sudo -s # groupadd users # groupadd machines # groupadd admins You'll also have to create the samba share directory structure. To mirror what I've done (and you won't want to create all these directories, but I include them here because they exist in the smb.conf file - you'll want to edit the smb.conf to reflect the shares *you* want, and then only create the directories below that make sense for you), issue the following commands: # mkdir --parents /var/local/samba # cd /var/local/samba # mkdir home install netlogon old-users profiles old_qa peachtree sbs userdata # chown administrator:users * The important directories to have created are home, install, netlogon, old_users, and profiles. The others are specific to this one client of mine. Now, copy my smb.conf into /etc/samba/smb.conf, and my helper scripts into /root/scripts. Start up the smb server (/etc/init.d/smbd start) and if no errors occur, run the following commands: # cd /root/scripts # chmod 755 * # ./createAdministrator For each machine in your network, run the addMachine script, passing it the machine name. IOW, if you have 3 Windows machines named 'C1', 'C2', and 'C3', issue: # ./addMachine C1 C2 C3 For each user that needs a login, run the addUser script, passing it the user name(s). For example, if you have users 'Ed', 'Paul', 'John', and 'Stefano', issue: # ./addUser Ed Paul John Stefano Note that the addUser script sets the initial password to match the user name. The user is then free to use the Windows security screen to change the password to whatever suits their fancy. Note that changing the password in Windows will only change the Samba password, not the Unix password. Now, you are ready to go to a Windows machine (NT, 2k, or XP Pro) and change it to a domain login. Just make sure the computer name matches the machine name you fed to addMachine (if you have to change it in Windows, reboot before trying to join the domain). Then, change the domain to match the domain setting in the smb.conf file, and enter the Administrator user name and password (administrator/administrator by default) when prompted. After 30 seconds or so, you should get a "Welcome to the Domain" message. Reboot, and try logging in as one of the users. The scripts in /var/local/samba/netlogon will execute for the given user, so you can map drives and such. If you want to sync time to the server you can add a NET TIME command (but you'll have to grant the time changing right to all users). Oh, another thing you'll have to do: login as the Administrator of the local machine, go to the user manager, and add the Domain/Administrator user to the Administrators group. I couldn't figure out how to have this done automatically. Well, here are links to all the files. If you have questions please ask on the ProLinux email list. I didn't mean to write a sermon, but there you go! :) smb.conf addUser addMachine createAdministrator delUser Good luck! It is kind of a hassle getting set up originally, but once set up it is a breeze to maintain.
© 2005 Paul McNett [/Computing/Linux] permanent link
|
