Samba configuration on a Linux (or other UNIX machine) is controlled by a single file, /etc/smb.conf. This file determines which system resources you want to share with the outside world and what restrictions you wish to place on them.
Here is the example of smb.conf to work as PDC:
[global]
; global server settings
netbios name = POGO
workgroup = WORKGROUP ; domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes
; set Samba to authenticate in user mode security
security = user
; password encryption for PDC
encrypt passwords = yes
; domain logons support
domain logons = yes
; user profiles path
logon path = \%Nprofiles\%u
; local path to which the home directory will be connected and home directory
; location when a Win95/98 or NT Workstation logs into a Samba PDC
logon drive = N:
logon home = \homeserver\%u
; batch file (.bat) or NT command file (.cmd) to be downloaded and run on a
; machine when a user successfully logs in
; relative **DOS** path to the [netlogon] resource
logon script = logon.cmd ; necessary resource for domain controller
[netlogon]
path = /usr/local/samba/lib/netlogon
writeable = no
write list = ntadmin
; user profiles
[profiles]
path = /export/smb/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700 |
There are few important issues for this configuration:
- Password encryption must be enabled.
- Server must support domain logons and resource [netlogon]
- Note that Windows NT Primary Domain Controllers expect to be able to claim the workgroup specific special NetBIOS name that identifies them as domain master browsers for that workgroup by default.
Samba 2.2 does not provide complete realization of MS Windows NT4/200x group accounts and to arbitrarily associate them with UNIX/Linux group accounts. For additional information about creating user accounts in Domain Admins style, please refer to the domain admin users parameter of the smb.conf file.
Encryption software
Kaufen