Using Samba3.0 to easily handle PDC domain servers

Source: Internet
Author: User
Article Title: Use Samba3.0 to easily handle PDC domain servers. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
1. Install samba. If you are a fedora, you can directly install the samba rpm package from the CD.
  
Rpm-ivh samba-3.0.0-15.i386.rpm
  
You can also download the latest software package directly to samba's official website (http://www.samba.org ).
  
Or download the latest tar package, http://us1.samba.org/samba/ftp/samba-3.0.0.tar.gz
  
Then it is best to compile it according to the following method.
  
Tar zvxf samba-3.0.0.tar.gz
  
Cd samba-3.0.0
  
. /Configure -- prefix =/usr -- bindir =/usr/bin -- sbindir =/usr/sbin -- libexecdir =/usr/libexec -- datadir =/usr/share/samba -- sysconfdir = /etc/samba -- localstatedir =/usr/local/samba/var -- libdir =/usr/lib -- with-lockdir =/var/locks/samba -- with-swatdir =/usr /share/samba/swat -- with-codepagedir =/etc/samba/codepages -- with-configdir =/etc/samba -- with-smbwrapper -- with-automount -- with-smbmount -- -pam -- with-pam_smbpass -- with-winbind
  
Make
  
Make intall
  
OK! After the installation, the following is our focus. Modify/etc/samba/smb. conf. You 'd better modify it based on the original one.
  
[Global]
  
Workgroup = bmit
Netbios name = proxy
Server string = Samba PDC running % v
Socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF = 8192 SO_RCVBUF = 8192
  
# Here, workgroup = bmit indicates the bmit domain. Of course, if bmit.com is used, it is more standard, but it is better to directly bmit for the convenience of client input, netbios name = proxy indicates the netbios name of the server, and the socket options Option sets to control the TCP/IP performance. The displayed settings can work well with the Linux-based system.
  
OS level = 64
Preferred master = yes
Local master = yes
Domain master = yes
  
# The domain master option is a "Switch", and Samba will become the master domain controller. (Local master browser) is a server that maintains the LAN machine list. It is called the local host browser.
  
Security = user
Encrypt passwords = yes
Domain logons = yes
Log file =/var/log/samba/log. % m
Log level = 2
Max log size = 50
Hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
  
# Here we still use the user authentication method. Do not stick to the so-called domain. As for hosts allow, you can write those network segments as needed to access your server, or simply leave them empty.
  
Logon home =\\ % L \ % U \. profile
Logon drive = H:
Logon path =\\ % L \ profiles \ % U
Logon script = netlogon. bat
  
# The above is the roaming settings and logon script. logon path =\\ % L \ profiles \ % U will share the [profiles] to the corresponding link below.
  
[Homes]
Comment = Home Directories
Browseable = no
Writeable = yes
  
[Profiles]
Path =/home/samba/profiles
Writeable = yes
Browseable = no
Create mask = 0600
Directory mask = 0700
  
[Netlogon]
Comment = Network Logon Service
Path =/home/netlogon
Read only = yes
Browseable = no
Write list = root
  
The above is about the shared wrist, where profile is used to store the setting file of each login user, so that the user can log on later to read the previous desktop settings from the server, netlogon is used to store the login script, therefore, you must restrict the write permission. Assume that only the root user can have the permission.
  
As for other sharing, you can refer to the "Samba3.0 server practice debugging" (http://www.5ilinux.com/samba.html) This article sharing settings, I will not repeat it
  
Then, add the user and machine account to the domain controller.
  
Create the following groups and create two necessary directories, and set the correct ownership.
  
Groupadd admin
  
Groupadd machines
  
Mkdir-m 0775/home/netlogon
  
Chown root. admins/home/netlogon
  
Mkdir/home/samba/profiles
  
Chown 1757/home/samba/profiles.
  
Setting the correct permissions and ownership for the above directories is a key step to protect the server :)
  
Manually add a machine account
  
For example, if the machine name of my client is ibm240, we can do this.
  
Useradd-g machines-d/dev/null-c "machine id"-s/bin/false ibm240 $
  
Passwd-l ibm240 $
  
Enter the password twice;
  
Do not forget to mark the dollar sign; this is required and it marks this item as a trusted account
  
After creating a linux Account, we can now add this machine to/etc/samba/smbpasswd
  
Smbpasswd-a-m ibm240
  
Of course, you can also ask the system to automatically add a machine account. Use the following method, but you 'd better try to manually add it first, and then test the system to automatically add
  
Add automatically as long as you add in [global]
  
Add user script =/usr/sbin/useradd-d/dev/null-g machines-s/bin/false-M % u
  
Add User Account
  
First, add the root account to the smb account.
  
Smbpasswd-c root
  
This step is very important, because the subsequent access to the domain requires the permission to access the domain with the administrator account. Otherwise, it seems that the access to the domain is not successful for common users.
  
Then add a common user
  
Useradd frank
  
Passwd frank
  
Smbpasswd-a frank
  
To facilitate future management, we recommend that you use the same smb User Password as the unix system password, so that we can also use the password synchronization function of samba.
  
# The option statement below will allow users to change their Samba password from a Windows client, so that their UNIX password will be updated immediately to match the new Samba item. However, if you change the UNIX password, the same technology cannot work in reverse order. You must manually change the Samba password. It is also in [global]. Beginners can not do this job first.
  
Unix password sync = yes
Passwd program =/usr/bin/passwd % u
Passwd chat = * New * UNIX * password * % n \ n * Retype * new * UNIX * password * % n \ n * Enter * new * UNIX * password * % n \ n * Retype * new * UNIX * password * % n \ n * passwd: * all * authentication * tokens * updated * successfully *
  
# The only thing worth mentioning in the above statement is the passwd chat option. Whatever it is displayed here, you must enter it as a line. Note that some options use "password", while others use "passwd ".
  
The configuration of Samba PDC is completed in this way. The only thing to do is to add the client to the domain. Restart the samba service!
  
Client settings. Due to restrictions, I only tried to add Windows clients to the domain. As for winxp and win98, I joined everyone to perform the test.
  
(It is recommended that you restart the win200 machine to avoid unnecessary problems.) then go to the control panel> network ID. if the machine is currently configured under the workgroup option, select the single-choice domain button and enter the domain name bmit.
  
Now, log on to the domain using the username root and the corresponding password. You must initialize the "secret" between the server and the client machine ". From this point on, any authenticated user can log on from this machine.
There should be a message that welcomes you to the XX domain.
  
Congratulations, you have successfully configured samba to PDC.
  
It is said that the domain created by xp to be added to samba is a little complicated. I have never tried it. If you are interested, you 'd better go to samba's hometown to check the document. It seems that you want to set security options and modify the registry, it's troublesome. Fortunately, I don't have xp :)
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.