DiaryScript and Tutorial
A Listed blog may be linked to from Blogger.com, such as the Blogger home page, Blogger Play, and Next Blog. If you select "No" your blog will not appear in these places, but it will still be available on the Internet. This blog will still be displayed on your profile unless you hide it
Samba Domain Controller
03 Agustus 2009
Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information.
Primary Domain Controller
Thissection covers configuring Samba as a Primary Domain Controller (PDC) using the default smbpasswd backend.-
First, install Samba, and libpam-smbpass to sync the user accounts, by entering the following in a terminal prompt:
sudo apt-get install samba libpam-smbpass
-
Next, configure Samba by editing
/etc/samba/smb.conf. The security mode should be set to user, and the workgroup should relate to your organization:workgroup = EXAMPLE
...
security = user
-
In the commented “Domains” section add or uncomment the following:
domain logons = yes
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
logon script = logon.cmd
add machine script = sudo /usr/sbin/useradd -N -g machines -c
Machine -d /var/lib/samba -s /bin/false %u -
-
domain logons: provides the netlogon service causing Samba to act as a domain controller.
-
logon path: places the user's Windows profile into their home directory. It is also possible to configure a [profiles] share placing all profiles under a single directory.
-
logon drive: specifies the home directory local path.
-
logon home: specifies the home directory location.
-
logon script: determines the script to be run locally once a user has logged in. The script needs to be placed in the [netlogon] share.
-
add machine script: a script that will automatically create the Machine Trust Account needed for a workstation to join the domain and "n" option i change to "N" as bug report here
![[Note]](https://help.ubuntu.com/9.04/libs/admon/note.png)
If you wish to not use Roaming Profiles leave the logon home and logon path options commented.
-
-
Uncomment the [homes] share to allow the logon home to be mapped:
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S -
When configured as a domain controller a [netlogon] share needs to be configured. To enable the share, uncomment:
[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = yes
read only = yes
share modes = no The original netlogon share path is
/home/samba/netlogon, but according to the Filesystem Hierarchy Standard (FHS), /srv is the correct location for site-specific data provided by the system. -
Now create the
netlogondirectory, and an empty (for now)logon.cmdscript file:sudo mkdir -p /srv/samba/netlogon
sudo touch /srv/samba/netlogon/logon.cmdYou can enter any normal Windows logon script commands in
logon.cmdto customize the client's environment. -
With root being disabled by default, in order to join a workstation to the domain, a system group needs to be mapped to the Windows Domain Admins group. Using the net utility, from a terminal enter:
sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d
Change sysadmin to whichever group you prefer. Also, the user used to join the domain needs to be a member of the sysadmin group, as well as a member of the system admin group. The admin group allows sudo use.
-
Finally, restart Samba to enable the new domain controller:
sudo /etc/init.d/samba restart
-
You should now be able to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server.
Poskan Komentar