Samba 2.2 PDC

This page is designed to show how you can set up a Samba server to act as a Primary Domain Controller for your Windows clients.

Table of Contents

 Configuring and Installing Samba    TOC

1. Get the latest 2.2 source, in this case I'm using Samba 2.2.8pre2. Then decompress and untar the source into a temporary directory:

# bunzip2 samba-2.2.8pre2.tar.bz2
# tar -xvf samba-2.2.8pre2.tar

2. Decompressing and untarring the source creates a new directory entitled samba-2.2.8pre2; change to this directory.

# cd samba-2.2.8pre2

3. You can view html documentation that comes with Samba in the docs/ directory. To compile the source you will need to be in the source/ directory.

# cd source

4. Before you run the configure script, you can view its available options to select which ones you want to include in your installation of Samba. Some of the options have default settings which can be overridden with options passed to configure. In this case, I'm going to configure Samba to use CUPS printing, smbmount, and I'll specify the install and binary directory. To view options available for ./configure, use the ./configure --help | less command. The options I used to configure Samba are as follows (done in the source/ directory):

# ./configure --enable-cups \
--with-smbmount \
--prefix=/usr/local/samba \
--bindir=/usr/bin

5. Now that the source is configure with all the options, it can be compiled; this is done with the make command (done in the source/ directory):

# make

6. The next step is to install the binaries and man pages. In order to do install binaries, you will have to have root permissions. If you're not the root user (and you shouldn't be most of the time), you will have to become root temporarily with the su command.

# su
Password:

# make install

 smb.conf File   TOC

7. A configuration file named smb.conf now needs to be created; it will reside in /usr/local/samba/lib and is not created by default when Samba is installed. The following is a sample smb.conf file that for setting up a Samba server to act as a PDC for Windows clients. Note that this is just a sample smb.conf file, it is one that is configured for my server and all the settings may not be appropriate for other applications. Replace $SERVER_NAME references with the netbios name for your server and $WORKGROUP with the workgroup or domain name for your Samba PDC.

; Filename: smb.conf
; Purpose: Settings for Samba 2.2.x to act as a PDC

[global]
  ;Basic server settings
   netbios name = $SERVER_NAME
   workgroup = $WORKGROUP
   comment = Samba %v Server

  ;Necessary for PDC to act as the domain and local master
   encrypt passwords = yes
   os level = 64
   security = user
   domain logons = yes
   preferred master = yes
   domain master = yes
   local master = yes

  ;Where user profiles are stored
   logon path = \\%L\profiles\%U

  ;Location of user's home directory and where it should be mounted
   logon drive = M:
   logon home = \\%L\%U\.profiles

  ;Sets the printing to CUPS
   printing = cups
   printcap = /etc/printcap
   load printers = yes

  ;Other global options
   socket options = TCP_NODELAY
   map to guest = Bad User

  ;The interfaces that Samba listens to
   interfaces = 192.168.1.70/27 192.168.1.33/27 172.16.44.44/16

  ;Acts as a WINS server
   wins support = yes
   deadtime = 15

;Necessary share for domain controller
[netlogon]
   path = /usr/local/samba/lib/netlogon
   writeable = no
   read only = yes
   write list = admin

;Share for storing user profiles
[profiles]
   path = /export/smb/ntprofile
   writeable = yes
   create mask = 0600
   directory mask = 0700

;Home directoy shares (Mounts the user's home directory)
[homes]
   comment = Linux Home directory space
   path = %H
   writeable = yes
   valid users =  %S
   create mode = 0600
   directory mode = 0700
   locking = no

;A simple share of the /share directory
[share]
    path = /share
    browseable = yes
    writeable = yes

;A share for the cdrom mounts at /media/cdrom
[cdrom]
   comment = Linux CD-ROM
   path = /media/cdrom
   read only = yes
   locking = no
   root preexec = /bin/mount /dev/cdrom  /media/cdrom
   root postexec = /bin/umount /media/cdrom

;Basic printer settings
 [printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   public = yes
   guest ok = yes
   writable = no
   printable = yes
   printer admin = admin
   print command = lpr -P %p -o raw %s -r
   lpq command = lpstat -o %p
   lprm command = cancel %p-%j

8. The syntax of the smb.conf file can be tested with the testparm command; it tests the smb.conf file in the /usr/local/samba/lib/ directory and will output any errors and will display all the settings for Samba to include default settings.

# testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[backup]"
Processing section "[cdrom]"
Processing section "[printers]"
Loaded services file OK.
Press enter to see a dump of your service definitions
        [output of all the settings omitted]

 Starting Samba    TOC

9. Since there have been no errors when compiling Samba, or with the smb.conf file, the Samba daemons can now be started (smbd && nmbd). If you already had Samba installed, you probably already have a script for starting Samba -verify that it point to the newly installed binaries (default install directory for the binaries is /usr/local/sbin or find them with the whereis smbd && whereis nmbd commands, then check the dates of the binaries with ls -lah to ensure you are using the ones you just compiled).

If this is a new install of Samba, as in this example, create the following script in the /etc/rc.d/ directory -you will need root user access to create files in this directory.

Creates the script and open it for editing:

# vi samba

Enter the following for the startup script:

#! /bin/sh
##   Filename: samba
##   Description: Script to start Samba 2.2.8
##   Date: 25 Mar 2003

if [ -x /usr/local/samba/sbin/smbd ]; then
  echo "Starting Samba 2.2.8 "
  /usr/local/samba/sbin/nmbd -D
  /usr/local/samba/sbin/smbd -D

fi

##End Script

Make the script executable:

# chmod +x samba

Change to the rc3.d/ directory to create a symbolic link to the script. This is so that Samba will be started every time Linux enters into runlevel 3 (full multiuser with networking support).

# cd rc3.d
# ln -s ../samba S10Samba

Start Samba manually:

# /etc/rc.d/samba
Starting Samba 2.2.8#

10. If you used the above script to start Samba, you will see "Starting Samba 2.2.8". Additionally, log files will now be created in /usr/local/samba/var/; these log files are called log.smbd and log.nmbd.


 Listing Samba Shares    TOC

11. If all has gone well, smbclient can be used to list the available Samba shares on the server as well as view the other Samba servers in the domain. To list the shares available, use the following command:

# smbclient -L $SERVER_NAME -U%

 Creating User / Machine Accounts    TOC

12. Now, accounts have to be created for the windows users and their machines so that they can connect to the Samba server. This is done by creating the user locally and setting their password with the useradd and the passwd commands respectively and creating an entry for Samba with the smbpasswd command.

Create the user locally (replace $USER_ID with a unique user name):

# /usr/sbin/useradd -s /bin/bash -d /home/$USER_ID -m $USER_ID

Set the user's password locally:

# passwd $USER_ID
Enter Password: <password>

Set the user's password for Samba:

# /usr/bin/smbpasswd -a $USER_ID
Enter Password: <password>

Create the machine account locally (replace 'name' with the netbios name of the computer -the trailing $ is necessary). This account is added to /etc/passwd, but the account can't log in since the shell is set to /bin/false.

# useradd -g 100 -d /dev/null -c "A" -s /bin/false 'name'$

Set the machine's trust account for Samba (replace 'name' with the netbios name -no $ is needed):

# smbpasswd -a -m 'name'

Valid XHTML 1.0!