Configurer le serveur Samba comme PDC avec DNS + BIND

Configurer le serveur Samba comme PDC avec DNS + BIND

Étape 1: Installation de Samba

[root@server1 ~]#yum install samba

Étape 2: Préparation des fichiers de configuration

[root@server1 ~]#cd /etc/samba/
[root@server1 samba]# cp smb.conf smb.conf.bak




@ Modifiez les fichiers smb.conf principaux

root@server1 samba]# vim smb.conf
workgroup = howtoc
## Here are the modifications
## The actual name of the domain ##
 hosts allow = 127. 192.168.10.
## The IP range to be allowed. Alternatively, the “interfaces” parameter may be used. ##

security = user
passdb backend = tdbsam
domain master = yes
domain logons = yes
logon path =
## Because netlogons create more problems than benefit, we have used an empty logon path to force user accounts to be created at client end machines. ##
## save & exit ##

Étape 3: Démarrage du service

[root@server1 ~]#service smb restart; chkconfig smb on
[root@server1 ~]#service nmb restart; chkconfig nmb on
[root@server1 ~]#netstat -tulpn | grep mb

Étape 4: Gestion des utilisateurs

@ To add clients into the domain, both machine and human users must be created. There are a couple of steps, but it's not hard.
[root@server1 ~]#mkdir –m 1777 /home/profiles
[root@server1 ~]#mkdir –m 1777 /home/netlogon
[root@server1 ~]#groupadd  -g 501 computers
[root@server1 ~]#groupadd employee
[root@server1 ~]#useradd -d /dev/null –g 501 computers  -s /sbin/noLogin computerName$

##### notez que les utilisateurs de la machine se terminent toujours par $ #####

Étape 5: Maintenant que les utilisateurs Unix sont créés, il est temps de créer les utilisateurs de samba.

[root@server1 ~]#useradd -g employee user1

[root@server1 ~]#smbpasswd -a root
### The administrative user is created. It is recommended that the password is different
### from the actual UNIX password. ####

[root@server1 ~]#smbpasswd -a -m computerName 
[root@server1 ~]#smbpasswd -a user1

Étape 6: Ajouter l'entrée du client

Remarque: si je souhaite combiner l'ordinateur "mypc1" dans le domaine "Howtoc", alors,

[root@server1 ~]#useradd -d /dev/null –g 501 computers  -s /sbin/noLogin mypc1$
[root@server1 ~]#smbpasswd -a -m mypc1

Étape 7: Créez une entrée DNS de mypc1 dans forward.zone et reverse.zone dans / var / named / comme ci-dessous

@ forward.zone

[root@server1 ~]#vim /var/named/forward.zone
$TTL 1D
@ IN SOA server1.howtoc.com. root.server1.howtoc.com. (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
                IN    NS server1.howtoc.com.
    IN     A   192.168.10.2
server1   IN      A 192.168.10.2
mypc1   IN    A 192.168.10.3

@reverse.zone

[root@server1 ~]#vim /var/named/reverse.zone
$TTL 1D
@ IN SOA server1.howtoc.com. root.server1.howtoc.com. (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
 IN NS server1.howtoc.com.
 IN PTR howtoc.com.
 IN A 255.255.255.0
2 IN PTR server1.howtoc.com.
3 IN PTR mypc1.howtoc.com

Ici, modifiez le fichier /etc/smb.conf

[root@server1 ~]#vim /etc/smb.conf

#======================= Global Settings =====================================
 
[global]
 
# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
 workgroup = howtoc
 server string = Samba Server Version %v
 
; netbios name = MYSERVER
 
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 
 hosts allow = 127. 192.168.10. 192.168.0. 10. 

 
# ----------------------- Domain Controller Options ------------------------
 security = user
 passdb backend = tdbsam
 
 domain master = yes 
 domain logons = yes
 

 # the login script name depends on the machine name
; logon script = %m.bat
 # the login script name depends on the unix user used
; logon script = %u.bat
 logon path = \\%L\Profiles\%U 

 # disables profiles support by specifing an empty path
; logon path =          

[homes]
 comment = Home Directories
 browseable = yes
 writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
 
[netlogon]
 comment = User Login
 path = /home/netlogon
 writable = no

[Profiles]
 comment = User Profiles
 path = /home/profiles
 create mask = 0755
 directory mask = 0755
 writeble = yes
 

[printers]
 comment = All Printers
 path = /var/spool/samba
 browseable = no
 guest ok = no
 writable = no
 printable = yes