Practice 4: Primary Domain Controller (Provide center Authorization and Authentication for directories)
Samba can act as Domain Controller. It will centralize the Authorization and Authentication services.
taufanlubis@zyrex:~$ sudo gedit /etc/samba/smb.conf
[global]
workgroup = UbuntuWorkgroup
netbios name = UbuntuZyrex
server string = UbuntuZyrexServer
hosts allow = 192.168.0.0/24 127.
hosts deny = ALL
log file = /var/log/samba/log.%m
dns proxy = no
max log size = 1000
syslog = 0
obey pam restrictions = yes
domain logons = yes
domain master = auto
wins support = no
logon path = \\%N\%U\profile
logon home = \\%N\%U
logon script = logon.cmd
socket options = TCP_NODELAY
[sharing_data]
path = /home/sharing_data/
comment = Taufan Sharing Folder at Ubuntu
public = yes
encrypt passwords = no
security = share
read only = yes
browseable = yes
directory mask = 0700
create mask = 0600
[Amanda]
path = /home/amanda/
comment = Angela Folder at Ubuntu
public = no
read only = no
encrypt passwords = yes
browseable = yes
security = user
valid users = amanda, alice, mark, taufanlubis, nadine
force user = amanda
force group = amanda
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
[profiles]
comment = Users profiles
path = /home/samba/profiles
guest ok = no
browseable = no
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
load printers = yes
printing = cups
printcap name = cups
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[cdrom]
comment = Samba server’s CD-ROM
writable = no
locking = no
path = /cdrom
public = yes
#printer
load printers = yes
printing = cups
printcap name = cups
taufanlubis@zyrex:~$
If you have clients that still use Windows, you have to set the ‘encrypt passwords = no’ because Windows only can access the plain password from Samba Server. That’s why, I put the encrypt password into different share-directories.
If it’s accessed by Linux the I set encrypt passwords = yes and it’s accessed by Windows Clients then I set encrypt passwords = no.
Now, let’s check our configuration.
taufanlubis@zyrex:~$ sudo smbclient -L 192.168.0.2
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
taufanlubis@zyrex:~$
When you use smbclient, just don’t put ‘sudo’, it will create an error like above. Now, I repeat the command without ‘sudo‘. This command is used to check sharing directories in Samba Servers.
taufanlubis@zyrex:~$ smbclient -L 192.168.0.2
Password:
Domain=[UBUNTUWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]
Sharename Type Comment
——— —- ——-
sharing_data Disk Taufan Sharing Folder at Ubuntu
Amanda Disk Angela Folder at Ubuntu
netlogon Disk Network Logon Service
print$ Disk Printer Drivers
cdrom Disk Samba server’s CD-ROM
IPC$ IPC IPC Service (UbuntuZyrexServer)
PDF Printer PDF
LX-1050 Printer LX-1050
Laserjet1320 Printer Laserjet1320
Domain=[UBUNTUWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]
Server Comment
——— ——-
UBUNTUZYREX UbuntuZyrexServer
Workgroup Master
——— ——-
UBUNTUWORKGROUP UBUNTUZYREX
taufanlubis@zyrex:~$
What is smbclient?
Smbclient is almost the like ftp program. It’s used to access SMB resources on the servers.
Connect to your directory using smbclient
After you are connected, you can browse, add, delete files or directories. Of course, it will be depended on your access level. You can use common Linux command line, such as cp, mv, mkdir, rm, rmdir, ls etc..
taufanlubis@zyrex:~$ smbclient -U amanda //192.168.0.2/amanda
Password:
Domain=[UBUNTUZYREX] OS=[Unix] Server=[Samba 3.0.26a]
smb: \> ls
. D 0 Mon Oct 22 08:49:20 2007
.. D 0 Mon Oct 22 08:51:01 2007
pictures D 0 Mon Oct 22 08:49:20 2007
.profile H 566 Mon Oct 22 08:48:42 2007
Examples D 0 Sun Apr 15 18:52:21 2007
Tekken.jpg A 61344 Mon Oct 22 08:49:00 2007
.bash_logout H 220 Mon Oct 22 08:48:42 2007
.bashrc H 2298 Mon Oct 22 08:48:42 2007
48209 blocks of size 262144. 15950 blocks available
smb: \> cd pictures/
smb: \pictures\> ls
. D 0 Mon Oct 22 08:49:20 2007
.. D 0 Mon Oct 22 08:49:20 2007
Robot.jpg A 87919 Mon Oct 22 08:49:21 2007
48209 blocks of size 262144. 15950 blocks available
smb: \pictures\> cd ..
smb: \>
smb: \> exit
taufanlubis@zyrex:~$
Well, you’ve done the 4 practices. Now, we can go further with our lesson.
Firewall and Security
Samba need port 137 and 139 for the connection. If you are using Firewall application (Such as Firestarter, smoothwall or others), please make sure that you enable this port. Usually, every firewall applications block these ports as a default. If you are using Iptables and you want to open this ports, you can see my article about setting ports using Iptables.
Starting Samba when the machine boot
You set the Samba server to run automatically when the system booting. (see my articles about Run Level)
taufanlubis@zyrex:~$ sudo update-rc.d samba defaults
Adjust the configuration file to your need
For example, you want to create a directory for training_modules and only 5 persons can access and modify that directory. First you create the training_modules directory, Second add the configuration at smb.conf and restart the Samba Server and the Third, don’t forget to add the user to Samba Server User List (Practice 3, part 2).
[Training_modules]
path = /home/training_modules/
comment = Training_modules directory at Ubuntu
public = no
read only = no
browseable = yes
security = user
valid users = amanda, alice, mark, taufanlubis, nadine
force user = training_modules
force group = training_modules
thank’s