8.04 hardy help set up samba as PDC(primary domain controller) with tdbsam backend

[senor_smile]

I have purchased two books on samba and read and tried countless tutorials. I am looking for a tutorial(or specific help) to:

1. install and configure samba with tdbsam backend such that it can
-provide a network "data" share (DONE)
-authenticate users to log in from both Windows XP Pro and ubuntu 9.04 desktops
-successfully deploy a logon.bat script to automatically sync time and attach "data" share.

2.easily manage which users belong to which groups, and which groups have access to which shares
3.manage settings such as "user must change password on next logon"
4.manage user rights in XP(ability to enable/disable changing things like tcp/ip settings, access device manager etc.)

I have specifically decided not to go with openldap as the backend, as it seems overly complicated for the types of networks I work in (fewer than 20 computers). I have a partially working server that I have no idea how to add users to, change modify groups, modify permissions of users/groups. I can get the regular share working without calling a backend(meaning that I am using smbpasswd), but when I try to use tdbsam, all hell breaks loose and nothing works. My attempts at a full domain controller that an XP machine could try to log into have been completely unsuccessful.

--shaun

[senor_smile]

I am now able to log in to the domain with XP(using smbpasswd however). I am not able to log on with administrator privileges. I can log in to the local account and add the group Domain Admins to the local Administrators group. But, shouldn't this be done automatically?

Here's my current /etc/samba/smb.conf

Code:

[global]
workgroup=SMILES
Netbios name = senorPDC
username map = /etc/samba/smbusers
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*

encrypt passwords = Yes
security=user

os level = 65
preferred master = yes
domain master = yes
local master = yes
domain logons = yes

add user script = /usr/sbin/useradd -m -G users '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -A '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'

logon path =
logon drive = z:
logon home = \\%n\%u
logon script = logon.bat

[netlogon]
path = /var/lib/samba/netlogon
guest ok = yes
writable = Yes
share modes = no

[homes]
valid users = %S
read only = no
browseable = no

[data]
path=/data
read only = No

[kkimmell]

I really hope you're documenting your processes as many people have been looking for a well written howto for quite some time now (including myself).

Sorry I can't be of more help.

[senor_smile]

Most of what I've taken so far is from:

http://us1.samba.org/samba/docs/man/...ide/small.html

and the samba howto and reference book, which is also available at samba.org. Once I actually figure it all out, I will post a complete howto starting from a freshly installed OS.

--shaun

[senor_smile]

as promised, here is a script to make a simple tdbsam based domain. tested on 8.04 and 9.04. Replace the variables to suit your situation. Let me know if it works for anyone else.

Code:

echo "MUST BE ROOT
!!!!!!!!!!!!!!"

# sambaPDCinstall.sh

# Make sure to run:
# smbpasswd -a username
# for each user to have access to the domain. 

# do:
# adduser username domadm 
# to add a user to the domain admins group

# replace following variables with what you want
domainname="rome"
fileshare="/data"
# \\machinename\fileshare
homeshare="\\\smilePDC\data"

apt-get -y install samba
mv /etc/samba/smb.conf /etc/smb.conf.orig
echo "[global]
workgroup = $domainname
passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed*
username map = /etc/samba/smbusers

passdb backend = tdbsam

add user script = /usr/sbin/useradd -m -G users '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -A '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'

logon script = logon.bat
logon path =
logon drive = X:
logon home = \\%n\%u


domain logons = Yes
preferred master = Yes
wins support = Yes




[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
valid users = %S
read only = Yes

[data]
path = $fileshare
valid users = %G
read only = No" > /etc/samba/smb.conf

echo "root = Administrator"> /etc/samba/smbusers

mkdir /var/lib/samba/netlogon
echo "net use H: $homeshare">/var/lib/samba/netlogon/logon.bat

echo "Enter samba's root password:"
smbpasswd -a root

addgroup domadm
adduser root domadm
net groupmap add ntgroup="Domain Admins"  unixgroup=domadm rid=512 type=d
net groupmap add ntgroup="Domain Users"   unixgroup=users type=d
net groupmap add ntgroup="Domain Guests"  unixgroup=nobody type=d

/etc/init.d/samba restart

[kkimmell]

I did this and yet I am having trouble adding a Win2000 Pro machine to the domain. I used the root account as the domain admin allowed to do such things but it's failing saying that the domain can't be found.

I can however browse to the domain and access shares using the root username/password.

Hmm.... dusting off the samaba book now.

[wrp]

Its good to know that other people are having the same difficulties that I have.
Did you get it to work in the end because I am still struggling with exactly this problem.

[senor_smile]

In the end I think I had to modify a few lines to get it working some what. However, I still couldn't do things like change the password from the windows machine. I gave up and didn't end up needing to install the domain server anyway.

The linux world desperately needs a user friendly interface written around all of these confusing options.