Configure Samba server as PDC with DNS+BIND
Step 1: Installing Samba
[root@server1 ~]#yum install samba
Step 2: Preparing the Configuration Files
[root@server1 ~]#cd /etc/samba/ [root@server1 samba]# cp smb.conf smb.conf.bak
@ Edit the main smb.conf files
[root@server1 samba]# vim smb.conf workgroup = howtoc ## Here are the modifications ## The actual name of the domain ## hosts allow = 127. 192.168.10. ## The IP range to be allowed. Alternatively, the “interfaces” parameter may be used. ## security = user passdb backend = tdbsam domain master = yes domain logons = yes logon path = ## Because netlogons create more problems than benefit, we have used an empty logon path to force user accounts to be created at client end machines. ## ## save & exit ##
Step 3: Starting the Service
[root@server1 ~]#service smb restart; chkconfig smb on [root@server1 ~]#service nmb restart; chkconfig nmb on [root@server1 ~]#netstat -tulpn | grep mb
Step 4: User Management
@ To add clients into the domain, both machine and human users must be created. There are a couple of steps, but it's not hard. [root@server1 ~]#mkdir –m 1777 /home/profiles [root@server1 ~]#mkdir –m 1777 /home/netlogon [root@server1 ~]#groupadd -g 501 computers [root@server1 ~]#groupadd employee [root@server1 ~]#useradd -d /dev/null –g 501 computers -s /sbin/noLogin computerName$
##### please note that machine users always end with $ #####
Step 5: Now that the Unix users are created, time to create the samba users.
[root@server1 ~]#useradd -g employee user1 [root@server1 ~]#smbpasswd -a root ### The administrative user is created. It is recommended that the password is different ### from the actual UNIX password. #### [root@server1 ~]#smbpasswd -a -m computerName [root@server1 ~]#smbpasswd -a user1
Step 6 : Add the client entry
Note :: if I wanto to join computer “ mypc1” to “howtoc “ domain then,
[root@server1 ~]#useradd -d /dev/null –g 501 computers -s /sbin/noLogin mypc1$ [root@server1 ~]#smbpasswd -a -m mypc1
Step 7 :Make a DNS entry of mypc1 in forward.zone and reverse.zone in /var/named/ as below
@forward.zone
[root@server1 ~]#vim /var/named/forward.zone
$TTL 1D
@ IN SOA server1.howtoc.com. root.server1.howtoc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS server1.howtoc.com.
IN A 192.168.10.2
server1 IN A 192.168.10.2
mypc1 IN A 192.168.10.3
@reverse.zone
[root@server1 ~]#vim /var/named/reverse.zone
$TTL 1D
@ IN SOA server1.howtoc.com. root.server1.howtoc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS server1.howtoc.com.
IN PTR howtoc.com.
IN A 255.255.255.0
2 IN PTR server1.howtoc.com.
3 IN PTR mypc1.howtoc.com
Here change in /etc/smb.conf file
[root@server1 ~]#vim /etc/smb.conf #======================= Global Settings ===================================== [global] # ----------------------- Netwrok Related Options ------------------------- # # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH # # server string is the equivalent of the NT Description field # # netbios name can be used to specify a server name not tied to the hostname # # Interfaces lets you configure Samba to use multiple interfaces # If you have multiple network interfaces then you can list the ones # you want to listen on (never omit localhost) # # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can # specifiy it as a per share option as well # workgroup = howtoc server string = Samba Server Version %v ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 hosts allow = 127. 192.168.10. 192.168.0. 10. # ----------------------- Domain Controller Options ------------------------ security = user passdb backend = tdbsam domain master = yes domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used ; logon script = %u.bat logon path = \\%L\Profiles\%U # disables profiles support by specifing an empty path ; logon path = [homes] comment = Home Directories browseable = yes writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [netlogon] comment = User Login path = /home/netlogon writable = no [Profiles] comment = User Profiles path = /home/profiles create mask = 0755 directory mask = 0755 writeble = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes
