You tasted basic Samba configuration in part one of this tutorial. Now, let's get into something much meatier: Samba PDC (primary domain controller) configuration.
The following smb.conf file contents demonstrate the use of the key parameters as well as a few additional ones required to round out a Samba primary domain controller. The key point to observe is the settings for the interface scripts. The example uses the passdb backend = tdbsam, and this means that this PDC is not -- I repeat, not -- suitable for use with a BDC (backup domain controller).
A PDC that has the configuration file shown in this example is a subset of the configuration that is depicted in the book, Samba-3 by Example, second edition. The extracted example does not make use of WINS (the Windows Internetworking Name Server) for NetBIOS to IP address name resolution and eliminates a few more refinements. In this article, my objective is to demonstrate a more basic configuration. The example file is fully functional, but it lacks some of the bells and whistles that can be used to create a more stable environment. The latter Samba environment can be obtained by carefully following the examples in the book.
The [homes] share is properly called a meta-service and is used to dynamically create a user home folder share from the Unix system account information.
The [printers] share is another example of a meta-service. In this case, it defines the generic Unix directory into which a print job will be spooled until it is ready to be sent to a Unix system printer by way of a standard operating system print command. Where CUPS (the Common Unix Print System) is used, Samba will pass the print job directly via a built-in CUPS library interface.
The permissions on the /var/spool/samba directory should be set by executing:
chmod 1777 /var/spool/samba
chown root /var/spool/samba
chgrp users /var/spool/samba
The [netlogon] share is necessary for domain controller operation. The logon.bat script specified in the smb.conf file must be stored in DOS file format in a directory called scripts inside the /var/lib/samba/netlogon directory.
The [profiles] directory will permit the storage of Windows roaming profiles. The permissions on this directory are important and should be set so that the default group can write to the directory. An example of suitable configuration is:
chown root /var/lib/samba/profiles
chgrp users /var/lib/samba/profiles
chmod 2775 /var/lib/samba/profiles
As domain users log onto and then out of the Windows workstations that are domain members, the users profiles will be written automatically to the directory /var/lib/samba/profiles/'username'.
[global]
workgroup = ROSESARERED
netbios name = VIOLETSBLUE
passdb backend = tdbsam
username map = /etc/samba/smbusers
enable privileges = Yes
log level = 0
log file = /var/log/samba/%m.log
max log size = 50
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = h:
logon home = \\%L\%U
domain logons = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
use clientdriver = Yes
default devmode = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
Before starting Samba's smbd and nmbd daemons, the contents of the smb.conf file can be validated by executing testparm. This is a very useful tool to verify that there are no critical errors or typos.
It may be useful to rename smb.conf file to smb.conf.master, and then let the testparm utility generate the smb.conf file by executing:
testparm -s smb.conf.master > smb.conf
The resulting smb.conf file will be fully optimized. Additionally, if there are any significant errors, these will be reported as the file is created.
If all went well, go ahead and start Samba. Check the documentation for your operating system platform for information regarding how to start the smbd and nmbd daemons. Alternatively, refer to chapter 1 of the book, The Official Samba-3 HOWTO and Reference Guide, 2nd Edition, for further Samba start-up information.
Operation of Samba can be validated by executing:
#> smbclient -L localhost -U%
Domain=[ROSESARERED] OS=[Unix] Server=[Samba 3.0.21]
Sharename Type Comment
--------- ---- -------
netlogon Disk
profile Disk
IPC$ IPC IPC Service (Main Server)
ADMIN$ IPC IPC Service (Main Server)
hp940 Printer HP DeskJet 940c
Cups-PDF Printer Cups-PDF
Domain=[ROSESARERED] OS=[Unix] Server=[Samba 3.0.21]
Server Comment
--------- -------
VIOLETBLUE Main Server
Workgroup Master
--------- -------
ROSESARERED VIOLETBLUE
If you've made it this far, then the Samba server is operative and it should now be possible to administer it remotely. Congratulations!
If you want to keep reading, go to the next article by clicking here.
Wednesday, October 27, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment