Managing Samba: Configuration for remote management, part two

You tasted basic Samba configuration in part one of this tutorial. Now, let's get into something much meatier: Samba PDC (primary domain controller) configuration.

The following smb.conf file contents demonstrate the use of the key parameters as well as a few additional ones required to round out a Samba primary domain controller. The key point to observe is the settings for the interface scripts. The example uses the passdb backend = tdbsam, and this means that this PDC is not -- I repeat, not -- suitable for use with a BDC (backup domain controller).

A PDC that has the configuration file shown in this example is a subset of the configuration that is depicted in the book, Samba-3 by Example, second edition. The extracted example does not make use of WINS (the Windows Internetworking Name Server) for NetBIOS to IP address name resolution and eliminates a few more refinements. In this article, my objective is to demonstrate a more basic configuration. The example file is fully functional, but it lacks some of the bells and whistles that can be used to create a more stable environment. The latter Samba environment can be obtained by carefully following the examples in the book.

The [homes] share is properly called a meta-service and is used to dynamically create a user home folder share from the Unix system account information.

The [printers] share is another example of a meta-service. In this case, it defines the generic Unix directory into which a print job will be spooled until it is ready to be sent to a Unix system printer by way of a standard operating system print command. Where CUPS (the Common Unix Print System) is used, Samba will pass the print job directly via a built-in CUPS library interface.

The permissions on the /var/spool/samba directory should be set by executing:

• chmod 1777 /var/spool/samba
• chown root /var/spool/samba
• chgrp users /var/spool/samba

The ...

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

The [profiles] directory will permit the storage of Windows roaming profiles. The permissions on this directory are important and should be set so that the default group can write to the directory. An example of suitable configuration is:

chown root /var/lib/samba/profiles
chgrp users /var/lib/samba/profiles
chmod 2775 /var/lib/samba/profiles

As domain users log onto and then out of the Windows workstations that are domain members, the users profiles will be written automatically to the directory /var/lib/samba/profiles/'username'.

• [global]
  workgroup = ROSESARERED
  netbios name = VIOLETSBLUE
  passdb backend = tdbsam
  username map = /etc/samba/smbusers
  enable privileges = Yes
  log level = 0
  log file = /var/log/samba/%m.log
  max log size = 50
  add user script = /usr/sbin/useradd -m '%u'
  delete user script = /usr/sbin/userdel -r '%u'
  add group script = /usr/sbin/groupadd '%g'
  delete group script = /usr/sbin/groupdel '%g'
  add user to group script = /usr/sbin/usermod -G '%g' '%u'
  set primary group script = /usr/sbin/usermod -g '%g' '%u'
  add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
  logon script = scripts\logon.bat
  logon path = \\%L\profiles\%U
  logon drive = h:
  logon home = \\%L\%U
  domain logons = Yes
• [homes]
  comment = Home Directories
  valid users = %S
  read only = No
  browseable = No
• [printers]
  comment = SMB Print Spool
  path = /var/spool/samba
  guest ok = Yes
  printable = Yes
  use clientdriver = Yes
  default devmode = Yes
  browseable = No
• [netlogon]
  comment = Network Logon Service
  path = /var/lib/samba/netlogon
  guest ok = Yes
  locking = No
• [profiles]
  comment = Profile Share
  path = /var/lib/samba/profiles
  read only = No
  profile acls = Yes

Before starting Samba's smbd and nmbd daemons, the contents of the smb.conf file can be validated by executing testparm. This is a very useful tool to verify that there are no critical errors or typos.

It may be useful to rename smb.conf file to smb.conf.master, and then let the testparm utility generate the smb.conf file by executing:

testparm -s smb.conf.master > smb.conf

The resulting smb.conf file will be fully optimized. Additionally, if there are any significant errors, these will be reported as the file is created.

If all went well, go ahead and start Samba. Check the documentation for your operating system platform for information regarding how to start the smbd and nmbd daemons. Alternatively, refer to chapter 1 of my book, The Official Samba-3 HOWTO and Reference Guide, 2nd Edition, for further Samba start-up information.

Operation of Samba can be validated by executing:

#> smbclient -L localhost -U%
Domain=[ROSESARERED] OS=[Unix] Server=[Samba 3.0.21]
Sharename Type Comment
--------- ---- -------
netlogon Disk
profile Disk
IPC$ IPC IPC Service (Main Server)
ADMIN$ IPC IPC Service (Main Server)
hp940 Printer HP DeskJet 940c
Cups-PDF Printer Cups-PDF
Domain=[ROSESARERED] OS=[Unix] Server=[Samba 3.0.21]
Server Comment
--------- -------
VIOLETBLUE Main Server
Workgroup Master
--------- -------
ROSESARERED VIOLETBLUE

If you've made it this far, then the Samba server is operative and it should now be possible to administer it remotely. Congratulations! Now you're ready for the upcoming tutorial on more PDC configuration options.

Click here to go back to part one.

About the author: John H. Terpstra is CTO, PrimaStasys Inc., an IT consulting firm and a member of SearchOpenSource.com's Editorial Advisory Board. He is author of the new books, Samba-3 by Example: Practical Exercises to Successful Deployment, 2nd Edition and The Official Samba-3 HOWTO and Reference Guide, 2nd Edition.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseLinux.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.