 |  |  |  |  |  |  |  |
Samba Tutorial
 |
This is a Samba Tutorial. Its for getting a linux server to replace a basic (windows NT4 level of functionality) server, perhaps in a costcutting scenario, to serve files to windows (nt4 to xp) clients.
A good idea for a small home server (provided you have xp pro clients, home will work but not well)
First, install linux and samba. I wont cover that here as I will asssume you have some experience already. I personally used CentOS 5.3 (a free version of RedHat) and chose to install the Gnome Desktop, System Administration, System Tools, Server Tools, and Windows File Server package categories. During setup set the hostname to be whatever you want your server to be called, use block caps and keep it short, or else older windows clients wont like it much (e.g SERVER1)
If you do this, dont forget to ensure that the samba AND winbind services are enabled (use chkconfig) and that SELinux is OFF and the ports samba need are opened in the firewall.
Here is the smb.conf (put it in /etc/samba/smb.conf on RedHat). Replace where it says SMBSERVER with whatever you set your hostname to be during setup.
Change MYDOMAIN to be whatever you want your domain to be called too.
Make a group called machines and another called smbusers.
Add root to the smbusers group and ensure he is in the wheel group too while you are it (in CentOS/RedHat user Users and Groups under Administration in GNOME).
Give root a samba password by typing smbpasswd -a root into the console. Make it the same as his UNIX password.
Add your machines to machines group as users called e.g SERVER$ (where server is the netbios name. The $ is important as it tells SAMBA that its a machine account).
Lock the machine account users password with passwd -l SERVER$ for example. Make sure to deny these interactive login and give them the homedir of /dev/null when creating them
Then lets make these machine accounts active by doing smbpasswd -a -m SERVER for example (note lack of $)
Now you may join the machine to the domain in the normal windows way (Under system - Identification. The reason we needed to do the stuff before was because it cant automatically create a machine account when joining the domain) . Instead of "administrator" use the root username and password when prompted
You can now logon to the domain! A few more things to do though:
* Ensure all folders exist obviously, and that privileges are correct
* Particuarly the profiles/$username$ folders and the home/$username$ folders. The home folders should have been made when you created the UNIX user accounts, but the roaming profile folders will need to be made by hand. (if you get an error about the roaming profile not being found when logging in on windows, this is why)
If all goes well you should be able to have a centralised user database, roaming profiles and homedrives, as well as a public share. Printing is not supported yet. This assumes there are NO OTHER WINDOWS SERVERS OPERATING AS DCs & NO WINS SERVERS !!!
This hasnt been tested with linux to linux, but linux server to xp pro client worked fine. I gave em static IPs, enabled NetBIOS over TCP/IP and specified the IP of the WINS server under the TCP/IP config. I also added entries to the LMHOSTS and HOSTS files.
A good idea for a small home server (provided you have xp pro clients, home will work but not well)
First, install linux and samba. I wont cover that here as I will asssume you have some experience already. I personally used CentOS 5.3 (a free version of RedHat) and chose to install the Gnome Desktop, System Administration, System Tools, Server Tools, and Windows File Server package categories. During setup set the hostname to be whatever you want your server to be called, use block caps and keep it short, or else older windows clients wont like it much (e.g SERVER1)
If you do this, dont forget to ensure that the samba AND winbind services are enabled (use chkconfig) and that SELinux is OFF and the ports samba need are opened in the firewall.
Here is the smb.conf (put it in /etc/samba/smb.conf on RedHat). Replace where it says SMBSERVER with whatever you set your hostname to be during setup.
Change MYDOMAIN to be whatever you want your domain to be called too.
[global]
netbios name = SMBSERVER
server string = Samba %v on %L
workgroup = MYDOMAIN
;domain & local master browser for win2k+
os level = 65
prefered master = yes
domain master = yes
local master = yes
domain logons = yes
; do i need wins?
lm announce = yes
wins support = yes
time server = yes
; do not show files starting with dots
hide dot files = yes
; do not allow guest access, use only local system accounts
security = user
guest ok = no
admin users = @wheel
; domain administrators - sometimes it complains about this?
domain admin group = @wheel
domain admin users = root
; use encrypted passwords
encrypt passwords = yes
update encrypted = yes
smb passwd file = /etc/samba/smbpasswd
;do i need this?
winbind enum groups = yes
winbind enum users = yes
; user roaming profiles path
logon path = \\SMBSERVER\profiles\%u
; user homes
logon drive = H:
logon home = \\SMBSERVER\homes\%u
; general logon script (in DOS format)
logon script = logon.bat
[homes]
comment = Home Directory
path = /home/%u
browseable = No
public = No
writeable = Yes
valid users = root @smbusers
write list = %s
; share for domain controller
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
public = no
writeable = no
browsable = no
valid users = root @smbusers
; share for storing user profiles
[profiles]
comment = Roaming Profile
path = /home/samba/profiles/%u
writeable = yes
create mask = 0700
directory mask = 0700
profile acls = Yes
browsable = no
valid users = root @smbusers
write list = %s
;shared folder
[share]
comment = Shared folder
path = /home/samba/share
writeable = yes
create mode = 0750
directory mode = 0750
browseable = yes
valid users = root @smbusersMake a group called machines and another called smbusers.
Add root to the smbusers group and ensure he is in the wheel group too while you are it (in CentOS/RedHat user Users and Groups under Administration in GNOME).
Give root a samba password by typing smbpasswd -a root into the console. Make it the same as his UNIX password.
Add your machines to machines group as users called e.g SERVER$ (where server is the netbios name. The $ is important as it tells SAMBA that its a machine account).
Lock the machine account users password with passwd -l SERVER$ for example. Make sure to deny these interactive login and give them the homedir of /dev/null when creating them
Then lets make these machine accounts active by doing smbpasswd -a -m SERVER for example (note lack of $)
Now you may join the machine to the domain in the normal windows way (Under system - Identification. The reason we needed to do the stuff before was because it cant automatically create a machine account when joining the domain) . Instead of "administrator" use the root username and password when prompted
You can now logon to the domain! A few more things to do though:
* Ensure all folders exist obviously, and that privileges are correct
* Particuarly the profiles/$username$ folders and the home/$username$ folders. The home folders should have been made when you created the UNIX user accounts, but the roaming profile folders will need to be made by hand. (if you get an error about the roaming profile not being found when logging in on windows, this is why)
If all goes well you should be able to have a centralised user database, roaming profiles and homedrives, as well as a public share. Printing is not supported yet. This assumes there are NO OTHER WINDOWS SERVERS OPERATING AS DCs & NO WINS SERVERS !!!
This hasnt been tested with linux to linux, but linux server to xp pro client worked fine. I gave em static IPs, enabled NetBIOS over TCP/IP and specified the IP of the WINS server under the TCP/IP config. I also added entries to the LMHOSTS and HOSTS files.
If i am helpful, please give me reputation points.
Great tutorial, but I wanted to point two things out:
1. This can be done without a domain as well (If I remember correctly) there are obvious advantages to using a domain, but simpler networks may not need it (and since XP home can't join a domain it's extra work if that's what you have on your network).
2. The file sharing, although maybe not the domain, should work with Vista too. I'm sad to say I've never tested it since my home network is all FTP shares and most of my clients share files from windows but there's no reason basic functionality shouldn't work.
Again, great tutorial, and it's gotten me interested in setting up a domain on my home network again.
1. This can be done without a domain as well (If I remember correctly) there are obvious advantages to using a domain, but simpler networks may not need it (and since XP home can't join a domain it's extra work if that's what you have on your network).
2. The file sharing, although maybe not the domain, should work with Vista too. I'm sad to say I've never tested it since my home network is all FTP shares and most of my clients share files from windows but there's no reason basic functionality shouldn't work.
Again, great tutorial, and it's gotten me interested in setting up a domain on my home network again.
-This post is provided without warranty, emotion, or a conscience. Hope it helps-
*I'm an egomaniac: I love reputation points*
*I'm an egomaniac: I love reputation points*
•
•
•
•
The file sharing, although maybe not the domain, should work with Vista too
Windows Vista doesnt get on well with Windows NT 4.0 or Samba servers (samba is designed to be funcvtionally compatible with NT4 and its older domain model , with limited support for windows 2000 style active directory with dns)
The reason for this is because samba and nt4 use LanManager and unencrypted passwords. NT4 used NTLanManager originally and NTLMv2 (with 128 bit encryption, which is now the standard) was only introduced in windows NT4 SP4 due to US export restrictions.
Windows 95, 98v1 and NT4 <Sp4 dont get on well with NTLMv2, so the default was kept at NTLM version one. this was also the same with windows 2000 and xp, as those older systems were supported at the time of release, so ms couldnt break compatibility by changing the default.
Now these older systems arent supported any more so Vista ONLY uses NTLMv2, which samba 2.x doesnt have. Samba 3.x does have it though.
Thats why quite a lot of NAS drives dont support vista, as they run old versions of linux. A registry setting needs to be changed to make it work (really ms did a good thing, because it is indeed a security hole)
Btw, i realise this tutorial isnt too much good to people with xp home, but the reason i did this is because lots of people want to replace legacy servers and legacy clients (win 9x and nt4) and switch them with linux due to security issues. There wanst many tutorials on this so i made one.
I got this on an old box and my parents use XP pro machines. They just login and theyve got all thier shared drives mounted, and have all the same files and settings no matter which machine they log on.
Last edited by jbennet; Apr 16th, 2009 at 2:09 pm.
If i am helpful, please give me reputation points.
|
Similar Threads
- How to Configure Samba on RedHat Linux (*nix Software)
- How to Configure Samba on RedHat Linux (*nix Hardware Configuration)
- Complete Debian Linux Server Setup Tutorial (*nix Software)
- Samba configuration (*nix Software)
- samba filesharing n Mandriva 2006 (*nix Software)
- Cr4nberry: How to Configure Samba on RedHat Linux (*nix Software)
- Using SSH client on win 2000 (*nix Software)
- Samba (*nix Software)
- Tutorials for Linux (*nix Software)
Other Threads in the Windows Servers and IIS Forum
- Previous Thread: Windows Server 2008 Resetting IIS
- Next Thread: Apache Server issue
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Windows Servers and IIS Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
