Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Domain Control: Example Configuration

The first step in creating a working Samba PDC is to understand the parameters necessary in smb.conf. An example smb.conf for acting as a PDC can be found in the smb.conf file for an example PDC.

Example4.1.smb.conf for being a PDC

[global]
netbios name
workgroup
passdb backend = tdbsam
os level = 33
preferred master = auto
domain master = yes
local master = yes
security = user
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = H:
logon home = \\homeserver\%U\winprofile
logon script = logon.cmd
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

The basic options shown in this example are explained as follows:

passdb backend

This contains all the user and group account information. Acceptable values for a PDC are: smbpasswd, tdbsam, and ldapsam . The “guest” entry provides default accounts and is included by default; there is no need to add it explicitly.

Where use of BDCs is intended, the only logical choice is to use LDAP so the passdb backend can be distributed. The tdbsam and smbpasswd files cannot effectively be distributed and therefore should not be used.

Domain Control Parameters

The parameters os level, preferred master, domain master, security, encrypt passwords , and domain logons play a central role in assuring domain control and network logon support.

The os level must be set at or above a value of 32. A domain controller must be the DMB, must be set in user mode security, must support Microsoft-compatible encrypted passwords, and must provide the network logon service (domain logons). Encrypted passwords must be enabled. For more details on how to do this, refer to Account Information Databases.

Environment Parameters

The parameters logon path, logon home, logon drive , and logon script are environment support settings that help to facilitate client logon operations and that help to provide automated control facilities to ease network management overheads. Please refer to the man page information for these parameters.

NETLOGON Share

The NETLOGON share plays a central role in domain logon and domain membership support. This share is provided on all Microsoft domain controllers. It is used to provide logon scripts, to store group policy files (NTConfig.POL), as well as to locate other common tools that may be needed for logon processing. This is an essential share on a domain controller.

PROFILE Share

This share is used to store user desktop profiles. Each user must have a directory at the root of this share. This directory must be write-enabled for the user and must be globally read-enabled. Samba-3 has a VFS module called “fake_permissions” that may be installed on this share. This will allow a Samba administrator to make the directory read-only to everyone. Of course this is useful only after the profile has been properly created.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire