Category: Samba server

Samba Server

Samba as PDC

Samba as PDC

1] Samba Server

We are using samba as PDC so that windows machine will be authenticated using same mysql DB.
But samba as mysql is not supported for practical use. In our case we are using samba with
smbpasswd file and this file ia updated by using samba-Daemon. This daemon is written in python.

* Samba Server can be used as PDC with

1) Roaming profiles and
2) Local profiles
  • We are using samba as PDC with local profile so that we don’t need to create profile and netlogon share in samba.

2] Samba Configuration File

[global]

#Change this to the workgroup/NT-domain name your Samba server will part of

#############################

workgroup = IndianGNU.org

netbios name = fileserver

os level = 65

prefered master = yes

domain master = yes
local master = yes
domain logons = yes
 ;Domain administrators
 admin users = arun.bagul,nishit

#############################

  ## Networking
   hosts allow = 192.168.0.0/24 127.0.0.1
 ## Authentication #"security = user" is always a good idea.
This will require a Unix account
security = user
;should be true
encrypt passwords = true
 ##If you are using encrypted passwords, Samba will need to know what

#password database type you are using.
#*** passdb backend = tdbsam  ;commented by arun
#############################
#This is the most imp entry for smbpasswd database
passdb backend =  smbpasswd:/etc/samba/smbpasswdobey

pam restrictions = yes

#############################
guest account = nobody

invalid users = root
##Domains
;For roaminf  profiles following line should be uncommented

;logon path = \\%N\profiles\%U
;For Local Profile "logon path" should be nothing

logon path =logon drive = H:
logon home = \\%N\%U
#############################
## Printing
#For samba with CUPS server

loadprinters = yes

printing = cups

printcap name = cups

browseable = yes

printer admin = arun.bagul
#############################
## Misc
##socket options = TCP_NODELAY ; commented by arun

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

######
#############################
##Share defineded here
;Please don't define this share
;[profiles]
#############################
[netlogon]

comment = IndianGNU.org Network Logon Service

path = /etc/samba/netlogon

guest ok = yes

public = no

writable = no

;read only = yes

browseable = no

valid users = %U
#############################
#NOTE- Above [netlogon] share is also not needed for samba with Local profiles
#############################
##Samba share per team
[Team1]

comment = Team1 Share

path = /winbackup/team1
browseable = yes

writable = yesvalid users = @team1
;create mask = 0600

;directory

mask = 0700;

guest ok = yes
#########################

[Team2]

comment = Team2 Share

path = /winbackup/team2

read only = no

browseable = yes

writable = yes

valid users = @team2
;guest ok = yes
#########################

3] Machine Account creation

To use samba for windows domain controller, We need to create machine account for each windows machine.

say Netbios name of windows machine is “systemws” then cmd for creating machine account is……..

root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false systemws$
root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false qawd1$
root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false qawd2$
root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false utkarshws$
  • How to add machine account in smpasswd file
root@fileserver:/etc# smbpasswd -m -a systemws
Added user systemws$.
root@fileserver:/etc# smbpasswd -m -a qawd1
Added user phplws$.
root@fileserver:/etc# smbpasswd -m -a qawd2

Added user qawd1$.

root@fileserver:/etc#

4] User Account creation

To create Normal user account for domain logon

root@fileserver:/etc# smbpasswd -a arun.bagul
 New SMB password:
 Retype new SMB password:
root@fileserver:/etc#

Thank you,

Arun Bagul