This page is designed to show how you can set up a Samba server to act as a Primary Domain Controller for your Windows clients.
1. Get the latest 2.2 source, in this case I'm using Samba 2.2.8pre2. Then decompress and untar the source into a temporary directory:
# bunzip2 samba-2.2.8pre2.tar.bz2 # tar -xvf samba-2.2.8pre2.tar
2. Decompressing and untarring the source creates a new directory entitled samba-2.2.8pre2; change to this directory.
# cd samba-2.2.8pre2
3. You can view html documentation that comes with Samba in the docs/ directory. To compile the source you will need to be in the source/ directory.
# cd source
4. Before you run the configure script, you can view its available options to select which ones you want to include in your installation of Samba. Some of the options have default settings which can be overridden with options passed to configure. In this case, I'm going to configure Samba to use CUPS printing, smbmount, and I'll specify the install and binary directory. To view options available for ./configure, use the ./configure --help | less command. The options I used to configure Samba are as follows (done in the source/ directory):
# ./configure --enable-cups \ --with-smbmount \ --prefix=/usr/local/samba \ --bindir=/usr/bin
5. Now that the source is configure with all the options, it can be compiled; this is done with the make command (done in the source/ directory):
# make
6. The next step is to install the binaries and man pages. In order to do install binaries, you will have to have root permissions. If you're not the root user (and you shouldn't be most of the time), you will have to become root temporarily with the su command.
# su Password: # make install
7. A configuration file named smb.conf now needs to be created; it will reside in /usr/local/samba/lib and is not created by default when Samba is installed. The following is a sample smb.conf file that for setting up a Samba server to act as a PDC for Windows clients. Note that this is just a sample smb.conf file, it is one that is configured for my server and all the settings may not be appropriate for other applications. Replace $SERVER_NAME references with the netbios name for your server and $WORKGROUP with the workgroup or domain name for your Samba PDC.
; Filename: smb.conf
; Purpose: Settings for Samba 2.2.x to act as a PDC
[global]
;Basic server settings
netbios name = $SERVER_NAME
workgroup = $WORKGROUP
comment = Samba %v Server
;Necessary for PDC to act as the domain and local master
encrypt passwords = yes
os level = 64
security = user
domain logons = yes
preferred master = yes
domain master = yes
local master = yes
;Where user profiles are stored
logon path = \\%L\profiles\%U
;Location of user's home directory and where it should be mounted
logon drive = M:
logon home = \\%L\%U\.profiles
;Sets the printing to CUPS
printing = cups
printcap = /etc/printcap
load printers = yes
;Other global options
socket options = TCP_NODELAY
map to guest = Bad User
;The interfaces that Samba listens to
interfaces = 192.168.1.70/27 192.168.1.33/27 172.16.44.44/16
;Acts as a WINS server
wins support = yes
deadtime = 15
;Necessary share for domain controller
[netlogon]
path = /usr/local/samba/lib/netlogon
writeable = no
read only = yes
write list = admin
;Share for storing user profiles
[profiles]
path = /export/smb/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700
;Home directoy shares (Mounts the user's home directory)
[homes]
comment = Linux Home directory space
path = %H
writeable = yes
valid users = %S
create mode = 0600
directory mode = 0700
locking = no
;A simple share of the /share directory
[share]
path = /share
browseable = yes
writeable = yes
;A share for the cdrom mounts at /media/cdrom
[cdrom]
comment = Linux CD-ROM
path = /media/cdrom
read only = yes
locking = no
root preexec = /bin/mount /dev/cdrom /media/cdrom
root postexec = /bin/umount /media/cdrom
;Basic printer settings
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = admin
print command = lpr -P %p -o raw %s -r
lpq command = lpstat -o %p
lprm command = cancel %p-%j
8. The syntax of the smb.conf file can be tested with the testparm command; it tests the smb.conf file in the /usr/local/samba/lib/ directory and will output any errors and will display all the settings for Samba to include default settings.
# testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[backup]"
Processing section "[cdrom]"
Processing section "[printers]"
Loaded services file OK.
Press enter to see a dump of your service definitions
[output of all the settings omitted]
9. Since there have been no errors when compiling Samba, or with the smb.conf file, the Samba daemons can now be started (smbd && nmbd). If you already had Samba installed, you probably already have a script for starting Samba -verify that it point to the newly installed binaries (default install directory for the binaries is /usr/local/sbin or find them with the whereis smbd && whereis nmbd commands, then check the dates of the binaries with ls -lah to ensure you are using the ones you just compiled).
If this is a new install of Samba, as in this example, create the following script in the /etc/rc.d/ directory -you will need root user access to create files in this directory.
Creates the script and open it for editing:
# vi samba
Enter the following for the startup script:
#! /bin/sh ## Filename: samba ## Description: Script to start Samba 2.2.8 ## Date: 25 Mar 2003 if [ -x /usr/local/samba/sbin/smbd ]; then echo "Starting Samba 2.2.8 " /usr/local/samba/sbin/nmbd -D /usr/local/samba/sbin/smbd -D fi ##End Script
Make the script executable:
# chmod +x samba
Change to the rc3.d/ directory to create a symbolic link to the script. This is so that Samba will be started every time Linux enters into runlevel 3 (full multiuser with networking support).
# cd rc3.d # ln -s ../samba S10Samba
Start Samba manually:
# /etc/rc.d/samba Starting Samba 2.2.8#
10. If you used the above script to start Samba, you will see "Starting Samba 2.2.8". Additionally, log files will now be created in /usr/local/samba/var/; these log files are called log.smbd and log.nmbd.
11. If all has gone well, smbclient can be used to list the available Samba shares on the server as well as view the other Samba servers in the domain. To list the shares available, use the following command:
# smbclient -L $SERVER_NAME -U%
12. Now, accounts have to be created for the windows users and their machines so that they can connect to the Samba server. This is done by creating the user locally and setting their password with the useradd and the passwd commands respectively and creating an entry for Samba with the smbpasswd command.
Create the user locally (replace $USER_ID with a unique user name):
# /usr/sbin/useradd -s /bin/bash -d /home/$USER_ID -m $USER_ID
Set the user's password locally:
# passwd $USER_ID
Enter Password: <password>
Set the user's password for Samba:
# /usr/bin/smbpasswd -a $USER_ID
Enter Password: <password>
Create the machine account locally (replace 'name' with the netbios name of the computer -the trailing $ is necessary). This account is added to /etc/passwd, but the account can't log in since the shell is set to /bin/false.
# useradd -g 100 -d /dev/null -c "A" -s /bin/false 'name'$
Set the machine's trust account for Samba (replace 'name' with the netbios name -no $ is needed):
# smbpasswd -a -m 'name'