User talk:Joooools

www.networkusall.com

Domain Controller (dc)

For those of you who require your workstations to login to a domain for better centralised control over user accounts, you don't need MS Windows Server. Samba was initially intended to provide a Windows style share that a drive letter can be mapped to. However it's a little more versatile than that.

The official description of Samba:-

"Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.

Right lets get down to the nitty gritty...

(1) Samba as a Primary Domain Controller

Install Samba on your, to be, Linux domain controller

Locate smb.conf (try /etc/samba/) and edit as follows:-

[global] workgroup = computerdomain Netbios name = computerdcname encrypt passwords = Yes security = user
 * 1) Global parameters
 * this tells Samba that security level must be set to user

os level = 65 preferred master = yes domain master = yes local master = yes domain logons = yes
 * Samba is the domain and local master browser.
 * 1) logon path = \\%n\profiles\%u


 * automatically maps the home directory of the user, can be any drive letter you want. \\computerdcname is the Samba server netbios name
 * 1) I have chosen not to use this...you tend to find that Windows XP will end up with drive Z: mapped anyway.
 * 2) logon drive = q:
 * 3) logon home = \\computerdcname\%u

[netlogon] path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no
 * neccessary share for domain controller
 * comment = Network Logon Service

[homes] read only = no browseable = no

[music] path = /data/mp3 public =yes browseable = yes write list = mw, jackie

[everyone] path = /data/everyone browseable = yes read only = no

(2) Adding a Windows machine account with password...

At the command shell prompt type

useradd -s /bin/false -d /dev/null computerdcname\$ smbpasswd -a -m computerdcname

You will not be prompted for a password, this will be taken from your Windows password.

Restart samba - service smb restart

All that is left now is to add a user account in Linux and Samba - useradd -g users johnsmith passwd johnsmith smbpasswd -a johnsmith

When prompted for a password, they don't have to be the same.

Well there you go, you are now ready to join your PC to the new domain. A word of warning here, if you do not intend the user to have local admin privileges, you will need to join the domain with the root account login first. After which you can login with the user account.

NOTE: Some versions of linux will not properly recognise the command to add the computer name. In this case you will need to manually edit the file /etc/passwd.

e.g. add the following line... computerdcname$:x:506:506::/dev/null:/bin/false

Where 506 is the next unused number.