Integrating Samba into a windows Workgroup is straightforward enough. About the
only real decision you need to make is which machine will be acting as PDC (Primary
Domain Controller), or as this is only a workgroup which machine will be validating
passwords for user access. Obviously the first step has to be the installation
of Samba.
man
smb.conf
will do that for you.
[global]
netbios name = SERVER # the name of your server
workgroup = WORKGROUP # your workgroup
server string = Samba Server # the comment field in Computers near me
hosts allow = 127. 192.168.0. # Loopback and local network
printcap name = cups # If you need a print server
load printers = yes # If you need a print server
printing = cups # If you need a print server
log file = /var/log/samba/%U.log
max log size = 0
security = user # Validations are dome against the Samba server
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote announce = 192.168.0.255
local master = yes
os level = 99
domain master = yes
preferred master = yes
domain logons = yes
dns proxy = no
I'd recommend using the above as the first attempt to get things up and running
to make sure everything works.
[Test]
comment = Test Share
path = /home/shared
public = yes
only guest = yes
writable = yes
printable = no
If you start Samba now (service smb start
) you should be able to
connect to \\SERVER\Test\
and write files to the folder (If you're
asked for a username and password to connect just leave them both blank and hit
enter). The Samba server is doing the authentication and the share's been set
up to allow anyone access. Now you can start thinking about you're required authentication.
If you want to use a different machine as PDC for verifying logons you need to
replace security = user
with security = server
and
then add one of
password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
password server = * # to auto-locate the domain controller/s
password server = <NT-Server-Name>
If you're going to use the Samba server for the validations, then the next things
to do are to sort out the usernames for validations. I prefer to manually add
any machine accounts rather than allowing them to be created on the fly. It's
straightforward enough at the command line:
useradd -s /bin/false -d /dev/null machine1\$
passwd -l machine1\$
smbpasswd -a -m machine1
Where machine1 is the name of a pc to be added. If you don't want to give you
users access to anything other than the Samba shares, then you can use:useradd -s /bin/false -d /dev/null user1
where user1 is the username. You can then lock the password and add the user to
the Samba password list with:smbpasswd -a user1
If you want to see how to modify who has access to which shares have a look at
Samba
and Winbind
chkconfig --level 3 smb on
to make sure Samba runs whenever the machine is rebooted and possibly set up a
printer...