Samba as PDC
- 1 Samba Server
- 2 Samba Configuration File
- 3 Machine Account Creation
- 4 User Account Creation
- 5 How the “smbpasswd” is updated
- 6 Windows Backup using Samba Share
1] Samba Server
We are using samba as PDC so that windows machine will be authenticated using same mysql DB.
But samba as mysql is not supported for practical use. In our case we are using samba with
smbpasswd file and this file ia updated by using samba-Daemon. This daemon is written in python.
* Samba Server can be used as PDC with
1) Roaming profiles and
2) Local profiles
- We are using samba as PDC with local profile so that we don’t need to create profile and netlogon share in samba.
2] Samba Configuration File –
[global]
#Change this to the workgroup/NT-domain name your Samba server will part of ############################# workgroup = IndianGNU.org netbios name = fileserver os level = 65 prefered master = yes domain master = yes
local master = yes
domain logons = yes;Domain administrators admin users = arun.bagul,nishit#############################
## Networkinghosts allow = 192.168.0.0/24 127.0.0.1## Authentication #"security = user" is always a good idea.This will require a Unix accountsecurity = user;should be trueencrypt passwords = true##If you are using encrypted passwords, Samba will need to know what #password database type you are using.#*** passdb backend = tdbsam ;commented by arun##############################This is the most imp entry for smbpasswd databasepassdb backend = smbpasswd:/etc/samba/smbpasswdobey pam restrictions = yes #############################guest account = nobody invalid users = root##Domains;For roaminf profiles following line should be uncommented ;logon path = \\%N\profiles\%U;For Local Profile "logon path" should be nothing logon path =logon drive = H:logon home = \\%N\%U############################### Printing#For samba with CUPS server loadprinters = yes printing = cups printcap name = cups browseable = yes printer admin = arun.bagul############################### Misc##socket options = TCP_NODELAY ; commented by arun socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #####################################Share defineded here;Please don't define this share;[profiles]#############################[netlogon] comment = IndianGNU.org Network Logon Service path = /etc/samba/netlogon guest ok = yes public = no writable = no ;read only = yes browseable = no valid users = %U##############################NOTE- Above [netlogon] share is also not needed for samba with Local profiles###############################Samba share per team[Team1] comment = Team1 Share path = /winbackup/team1browseable = yes writable = yesvalid users = @team1;create mask = 0600 ;directory mask = 0700; guest ok = yes######################### [Team2] comment = Team2 Share path = /winbackup/team2 read only = no browseable = yes writable = yes valid users = @team2;guest ok = yes#########################3] Machine Account creation
To use samba for windows domain controller, We need to create machine account for each windows machine.
say Netbios name of windows machine is “systemws” then cmd for creating machine account is……..
root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false systemws$root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false qawd1$root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false qawd2$root@fileserver:/etc# useradd -d /dev/null -g 65534 -s /bin/false utkarshws$
- How to add machine account in smpasswd file
root@fileserver:/etc# smbpasswd -m -a systemws
Added user systemws$.
root@fileserver:/etc# smbpasswd -m -a qawd1
Added user phplws$.
root@fileserver:/etc# smbpasswd -m -a qawd2 Added user qawd1$. root@fileserver:/etc#
4] User Account creation
To create Normal user account for domain logon
root@fileserver:/etc# smbpasswd -a arun.bagul
New SMB password:
Retype new SMB password:
root@fileserver:/etc#
Thank you,
Arun Bagul