0

This is a Samba Tutorial. Its for getting a linux server to replace a basic (windows NT4 level of functionality) server, perhaps in a costcutting scenario, to serve files to windows (nt4 to xp) clients.

A good idea for a small home server (provided you have xp pro clients, home will work but not well)

First, install linux and samba. I wont cover that here as I will asssume you have some experience already. I personally used CentOS 5.3 (a free version of RedHat) and chose to install the Gnome Desktop, System Administration, System Tools, Server Tools, and Windows File Server package categories. During setup set the hostname to be whatever you want your server to be called, use block caps and keep it short, or else older windows clients wont like it much (e.g SERVER1)

If you do this, dont forget to ensure that the samba AND winbind services are enabled (use chkconfig) and that SELinux is OFF and the ports samba need are opened in the firewall.

Here is the smb.conf (put it in /etc/samba/smb.conf on RedHat). Replace where it says SMBSERVER with whatever you set your hostname to be during setup.

Change MYDOMAIN to be whatever you want your domain to be called too.

[global]
netbios name = SMBSERVER
server string = Samba %v on %L
workgroup = MYDOMAIN
        
        ;domain & local master browser for win2k+
        os level = 65
        prefered master = yes
        domain master = yes
        local master = yes
        domain logons = yes

	; do i need wins?
	lm announce = yes
	wins support = yes
        time server = yes
        
        ; do not show files starting with dots
        hide dot files = yes

        ; do not allow guest access, use only local system accounts
        security = user
        guest ok = no
        admin users = @wheel

        ; domain administrators - sometimes it complains about this?
        domain admin group = @wheel
        domain admin users = root

        ; use encrypted passwords
        encrypt passwords = yes
	update encrypted = yes
	smb passwd file = /etc/samba/smbpasswd

	;do i need this?
	winbind enum groups = yes
	winbind enum users = yes
        
        ; user roaming profiles path
        logon path = \\SMBSERVER\profiles\%u

	; user homes
	logon drive = H:
	logon home = \\SMBSERVER\homes\%u

        ; general logon script (in DOS format)
        logon script = logon.bat

[homes]
	comment = Home Directory 
	path = /home/%u
	browseable = No
	public = No
	writeable = Yes
        valid users = root @smbusers
	write list = %s

; share for domain controller
[netlogon]
	comment = Network Logon Service 	
        path = /home/samba/netlogon
        public = no
        writeable = no
        browsable = no
        valid users = root @smbusers

; share for storing user profiles
[profiles]
	comment = Roaming Profile 
        path = /home/samba/profiles/%u
        writeable = yes
        create mask = 0700
        directory mask = 0700
	profile acls = Yes
        browsable = no
        valid users = root @smbusers
	write list = %s

;shared folder
[share]
	comment = Shared folder
        path = /home/samba/share
        writeable = yes
        create mode = 0750
        directory mode = 0750
	browseable = yes
        valid users = root @smbusers

Make a group called machines and another called smbusers.

Add root to the smbusers group and ensure he is in the wheel group too while you are it (in CentOS/RedHat user Users and Groups under Administration in GNOME).

Give root a samba password by typing smbpasswd -a root into the console. Make it the same as his UNIX password.

Add your machines to machines group as users called e.g SERVER$ (where server is the netbios name. The $ is important as it tells SAMBA that its a machine account).

Lock the machine account users password with passwd -l SERVER$ for example. Make sure to deny these interactive login and give them the homedir of /dev/null when creating them

Then lets make these machine accounts active by doing smbpasswd -a -m SERVER for example (note lack of $)

Now you may join the machine to the domain in the normal windows way (Under system - Identification. The reason we needed to do the stuff before was because it cant automatically create a machine account when joining the domain) . Instead of "administrator" use the root username and password when prompted

You can now logon to the domain! A few more things to do though:
* Ensure all folders exist obviously, and that privileges are correct
* Particuarly the profiles/$username$ folders and the home/$username$ folders. The home folders should have been made when you created the UNIX user accounts, but the roaming profile folders will need to be made by hand. (if you get an error about the roaming profile not being found when logging in on windows, this is why)

If all goes well you should be able to have a centralised user database, roaming profiles and homedrives, as well as a public share. Printing is not supported yet. This assumes there are NO OTHER WINDOWS SERVERS OPERATING AS DCs & NO WINS SERVERS !!!

This hasnt been tested with linux to linux, but linux server to xp pro client worked fine. I gave em static IPs, enabled NetBIOS over TCP/IP and specified the IP of the WINS server under the TCP/IP config. I also added entries to the LMHOSTS and HOSTS files.

2
Contributors
2
Replies
4
Views
8 Years
Discussion Span
Last Post by jbennet
0

Great tutorial, but I wanted to point two things out:

1. This can be done without a domain as well (If I remember correctly) there are obvious advantages to using a domain, but simpler networks may not need it (and since XP home can't join a domain it's extra work if that's what you have on your network).

2. The file sharing, although maybe not the domain, should work with Vista too. I'm sad to say I've never tested it since my home network is all FTP shares and most of my clients share files from windows but there's no reason basic functionality shouldn't work.

Again, great tutorial, and it's gotten me interested in setting up a domain on my home network again.

0

The file sharing, although maybe not the domain, should work with Vista too

Not always.

Windows Vista doesnt get on well with Windows NT 4.0 or Samba servers (samba is designed to be funcvtionally compatible with NT4 and its older domain model , with limited support for windows 2000 style active directory with dns)

The reason for this is because samba and nt4 use LanManager and unencrypted passwords. NT4 used NTLanManager originally and NTLMv2 (with 128 bit encryption, which is now the standard) was only introduced in windows NT4 SP4 due to US export restrictions.

Windows 95, 98v1 and NT4 <Sp4 dont get on well with NTLMv2, so the default was kept at NTLM version one. this was also the same with windows 2000 and xp, as those older systems were supported at the time of release, so ms couldnt break compatibility by changing the default.

Now these older systems arent supported any more so Vista ONLY uses NTLMv2, which samba 2.x doesnt have. Samba 3.x does have it though.

Thats why quite a lot of NAS drives dont support vista, as they run old versions of linux. A registry setting needs to be changed to make it work (really ms did a good thing, because it is indeed a security hole)

Btw, i realise this tutorial isnt too much good to people with xp home, but the reason i did this is because lots of people want to replace legacy servers and legacy clients (win 9x and nt4) and switch them with linux due to security issues. There wanst many tutorials on this so i made one.

I got this on an old box and my parents use XP pro machines. They just login and theyve got all thier shared drives mounted, and have all the same files and settings no matter which machine they log on.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.