Samba PDC is used for centralized authentication and domain control of Windows
operating systems.
Here we will set a samba PDC machine with domain name lap.work and create some
users. And we will check whether these users are able to login to this domain from different
machines.
In this example we are working on rhel5. It will also work on other distributions like RedHat, Centos, Fedora, etc.
Samba PDC Machine:
rhel 5.4
IP : 192.168.0.1
Windows Client:
Windows XP Professional SP2
Computer Name : lap-xp
Domain Name : lap.work
IP : 192.168.0.2
Installation:
Install samba packages:
[root@sambapdc ~]# yum install samba*
Configuration:
open the samba configuration file and make the following edits.
[root@sambapdc ~]# vim /etc/samba/smb.conf
Uncomment or edit the lines as shown below.
In global settings:
workgroup = lap.work #domain name
server string = Samba PDC Server #as host name. just to identify
netbios name = samba #netbios name for communication
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\%L\Profiles\%U #profile entry
security = user
passdb backend = tdbsam
In share definishions:
[homes]
browseable = yes
writable = yes
[netlogon]
path = /home/netlogon
writable = no
[Profiles]
path = /home/profiles
create mask = 0755
directory mask = 0755
writable = yes #should give. Else you will get ACCESS DENIED errors
Now create the following directories:
[root@sambapdc ~]# mkdir -m 1777 /home/profiles
[root@sambapdc ~]# mkdir -m 1777 /home/netlogon
Attaching a windows machine:
Now create a group named machine and add a user with the name of windows client
[root@sambapdc ~]# groupadd -g 200 machine
[root@sambapdc ~]# useradd -d /dev/null -g 200 -s /sbin/nologin lap-xp$
Where lap-xp is the name of the machine we are attaching to samba PDC
[root@sambapdc ~]# smbpasswd -m -a lap-xp
Start the samba service:
[root@sambapdc ~]# service smb start
[root@sambapdc ~]# chkconfig smb on
Run testparm and test your configuration settings:
[root@sambapdc ~]# testparm
[root@sambapdc ~]# smbpasswd -a root
[root@sambapdc ~]# smbpasswd -e root
Add two more users for testing:
#useradd user1
#smbpasswd -a user1
#smbpasswd -e user
#useradd user2
#smbpasswd -a user2
#smbpasswd -e user2
[root@sambapdc ~]# service smb restart
On windows machine:
Right click the My Computer icon
Take properties
Take Computer name tab
Add the system to lap.work domain
you will be prompted for a username and password. Give root and its password.
System may need to restart
you can see that when we are logged as user1 a directory user1 will be created in /home/profiles
in samba PDC machine. This will be the home directory of that user. He will he able to login
from all machines in this domain and will be getting to this same directory.
:)
operating systems.
Here we will set a samba PDC machine with domain name lap.work and create some
users. And we will check whether these users are able to login to this domain from different
machines.
In this example we are working on rhel5. It will also work on other distributions like RedHat, Centos, Fedora, etc.
Samba PDC Machine:
rhel 5.4
IP : 192.168.0.1
Windows Client:
Windows XP Professional SP2
Computer Name : lap-xp
Domain Name : lap.work
IP : 192.168.0.2
Installation:
Install samba packages:
[root@sambapdc ~]# yum install samba*
Configuration:
open the samba configuration file and make the following edits.
[root@sambapdc ~]# vim /etc/samba/smb.conf
Uncomment or edit the lines as shown below.
In global settings:
workgroup = lap.work #domain name
server string = Samba PDC Server #as host name. just to identify
netbios name = samba #netbios name for communication
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\%L\Profiles\%U #profile entry
security = user
passdb backend = tdbsam
In share definishions:
[homes]
browseable = yes
writable = yes
[netlogon]
path = /home/netlogon
writable = no
[Profiles]
path = /home/profiles
create mask = 0755
directory mask = 0755
writable = yes #should give. Else you will get ACCESS DENIED errors
Now create the following directories:
[root@sambapdc ~]# mkdir -m 1777 /home/profiles
[root@sambapdc ~]# mkdir -m 1777 /home/netlogon
Attaching a windows machine:
Now create a group named machine and add a user with the name of windows client
[root@sambapdc ~]# groupadd -g 200 machine
[root@sambapdc ~]# useradd -d /dev/null -g 200 -s /sbin/nologin lap-xp$
Where lap-xp is the name of the machine we are attaching to samba PDC
[root@sambapdc ~]# smbpasswd -m -a lap-xp
Start the samba service:
[root@sambapdc ~]# service smb start
[root@sambapdc ~]# chkconfig smb on
Run testparm and test your configuration settings:
[root@sambapdc ~]# testparm
[root@sambapdc ~]# smbpasswd -a root
[root@sambapdc ~]# smbpasswd -e root
Add two more users for testing:
#useradd user1
#smbpasswd -a user1
#smbpasswd -e user
#useradd user2
#smbpasswd -a user2
#smbpasswd -e user2
[root@sambapdc ~]# service smb restart
On windows machine:
Right click the My Computer icon
Take properties
Take Computer name tab
Add the system to lap.work domain
you will be prompted for a username and password. Give root and its password.
System may need to restart
you can see that when we are logged as user1 a directory user1 will be created in /home/profiles
in samba PDC machine. This will be the home directory of that user. He will he able to login
from all machines in this domain and will be getting to this same directory.
:)
9 comments:
Thanks a lot! This really helped. :)))
Thanks a lot! This was really helpful :)
Thanks a lot
But if I want to join domain in another machine, I have to excute this command.
useradd -d /dev/null -g 200 -s /sbin/nologin lap-xp$
Thanks a lot !!!!!!
i have use centos6 and samba 3.5, but at client side(windows sp2/3 and w7) i getting error "a domain controller for the domain lap.work could not nbe contacted; Ensure that the domain name is type correctly" also i change registry setting like
-in regedit : HKEYLOCALMACHINE\...\Parameters\requiresignorseal -> 0
-in regedit : HKEYLOCALMACHINE\...\Parameters\signsecurechannel -> 0
- in regedit : HKEYLOCALMACHINE\Software\...\CompatibleRUPSecurity --> 1
as a DWORD
And also set DNS:10.0.0.120(vpn).
plz help me ,it required other setting ?
thank
ravi(raviggajjar@gmail.com)
i have use centos6 and samba 3.5, but at client side(windows sp2/3 and w7) i getting error "a domain controller for the domain lap.work could not nbe contacted; Ensure that the domain name is type correctly" also i change registry setting like
-in regedit : HKEYLOCALMACHINE\...\Parameters\requiresignorseal -> 0
-in regedit : HKEYLOCALMACHINE\...\Parameters\signsecurechannel -> 0
- in regedit : HKEYLOCALMACHINE\Software\...\CompatibleRUPSecurity --> 1
as a DWORD
And also set DNS:10.0.0.120(vpn).
plz help me ,it required other setting ?
thank
ravi
i have use centos6 and samba 3.5, but at client side(windows sp2/3 and w7) i getting error "a domain controller for the domain lap.work could not nbe contacted; Ensure that the domain name is type correctly" also i change registry setting like
-in regedit : HKEYLOCALMACHINE\...\Parameters\requiresignorseal -> 0
-in regedit : HKEYLOCALMACHINE\...\Parameters\signsecurechannel -> 0
- in regedit : HKEYLOCALMACHINE\Software\...\CompatibleRUPSecurity --> 1
as a DWORD
And also set DNS:10.0.0.120(vpn).
plz help me ,it required other setting ?
thank
ravi
thanks you saved my day..
thanks you saved my day..
Post a Comment