Currently, Samba can go beyond merely emulating Windows shares to actually acting as the Primary Domain Controller R Windows Network. Of course, Samba can also become a NT domain member. In the article we shall look at both options.
The domain concept is much better than the traditional workgroup concept. One of the primary benefits is has a centralized password database on the primary Domain Controller. Once authenticated, you can access any of the shares in the domain, without has to re-authenticate yourself.
If you are unfamiliar with Samba, then we ' ve got a couple of good howto ' so you can refer to. Look for links to them at the bottom of the article.
Samba as a NT Domain member
Samba emulates a NT workstation when becoming part of the domain. So, the the ' the ', the ' the ' need to ' do ' Create a machine account for your Samba machine on the domain controller. In NT with would use the program Server Manager for Domains to create. Once the "created" is the "need to add are" following lines to your file smb.conf the global section.
# Your Workgroup or Domain so you want
# to Login to
Workgroup = Freeos
# tell Samba to talk to domain controller
# for authentication
Security = Domain
# Specify the server to get authenticate
# from. You can specify the
# NetBIOS # Names of the servers or simply
# put in a ' * ' here and let
# Samba Find the server through broadcast
Password Server = PS1 PS2
# Make sure the Samba is using encrypted
# passwords
Encrypt passwords = yes
Now stop the Samba daemons
/ETC/RC.D/INIT.D/SMB stop
Give the following command to join the
NT Domain
Smbpasswd-j Domain-r DOMAINPDC
Domain here is the domain so you want to log. DOMAINPDC is the primary domain controller for that domain. You'll then a message saying, 揓 oined domain domain?
Now start your SMB and NMB daemons.
/ETC/RC.D/INIT.D/SMB start
That is all about joining an NT domain. Setting up Samba as your Primary Domain Controller are not very difficult.
Samba as Primary Domain Controller
Add the following to the global section of your smb.conf file.
# The domain you are want to being a PDC for
Workgroup = Simple
# User-level Security. Users must
# authenticate themselves with
# Valid username and password
Security = User
# Set to Yes and NMBD participates
# in the local master browser
# elections
Local Master = yes
# Set Os level value to make sure NMBD
# wins local Browse master
# elections. Should beat everyone
# According to the man page
OS level = 65
# give NMBD a advantage in
# Master Browser Elections
Preferred Master = Yes
# Set so that NMBD claims a unique
# NetBIOS name identifying it as
# a Domain Master
Domain Master = yes
# The following share is required to support
# domain logons. The directory May is
# created anywhere on your system. Make
# sure the share is non-writeable and also
# not a public share.
[Netlogon]
Comment = the domain Logon service
Path =/usr/local/samba/netlogon
public = No
writeable = no
The next thing to does is create the users on the Samba server this is to act as the domain controller. You can does this using the Useradd command.
Useradd g smbuser d/dev/null? S/dev/null ntuser
As you can, both shell and home directory for Ntuser is set to/dev/null. If your Windows users are not required to access the Unix box, your should use the above to deny access to the machine. Passwords are also not required to is set because Samba keeps the password hash in a separate file specified in the Config Uration file.
# Path to Samba password file
# Make sure only Root has read/write access
SMB passwd file =/usr/local/samba/smbpasswd
After adding a user (your can also use VIPW to add a user), your need to add the user to the Samba password database.
搒 mbpasswd 朼? would add all users in Unix passwd file to smbpasswd file. The usage and syntax are similar to the Unix passwd command. To change a Users?password use 搒 mbpasswd username?
That'll is enough for Samba to start authenticating Windows 9X clients. For NT workstations, some more work are done. You are have to create a machine account for each NT client, that'll logon. A machine the simply a REGULAR/ETC/PASSWD entry, with a?? Appended to the name of the NT machine.
Useradd-g Smbuser-杁/dev/null-杝/dev/null
Now add it to the password database
SMBPASSWD 朼 杕 ntclient (the $ at the "not required)
Samba can now accept logons from a NT client.
As you can, configuring Samba as a domain controller and domain member are a fairly easy job. The flip side is this since the result of major amounts of hacking and reverse engineering, it doesn ' t have all t He functionality of a proper domain controller. There is a alternative branch, Samba TNG that adds more functionality into this area.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.