Introduction

Samba is very versatile and can emulate a domain controller (similar to Windows NT4).

Configuration

Here is a typical configuration for this type of environment with an OpenLDAP backend:

(/etc/samba/smb.conf):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
[global]
    workgroup = deimos.fr
    netbios name= %h
    server string = Controleur du domaine deimos.fr
    log level = 2
    #log file = /var/log/samba/smbd.log
    log file = /var/log/samba/%m.log
    max log size = 5000
    security = user
    encrypt passwords = yes
    obey pam restrictions = No
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    local master = yes
    os level = 65
    domain master = yes
    preferred master = yes
    domain logons = yes
    logon script = netlogon.vbs
    logon path =
    logon drive =
    logon home =
    wins support = yes
    dns proxy = no
    unix extensions = no

# LDAP
# Pour que Samba puisse lire et écrire dans l'annuaire : smbpasswd -w mypassword
    ldap suffix = dc=deimos.fr,dc=local
    ldap machine suffix = ou=hosts
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap admin dn = uid=samba,ou=utilisateurs,dc=local
    ldap ssl = Start_tls
    ldap passwd sync = yes
    passdb backend = ldapsam:"ldap://ldap-slave1 ldap://ldap-slave2"

[netlogon]
   comment = Network Logon Service
   path = /mnt/netlogon
   browseable = no
   writable = no
   share modes = no

[homes]
    path = /datas/users/%U
    valid users = %U
    comment = %U personnal folder
    browseable = no
    writable = yes

[partage]
    path = /mnt/partage
    comment = partage
    browseable = yes
    create mask = 0700
    directory mask = 0700
    create mode = 0700
    directory mode = 0700
    writable = yes
    #valid users = @"utilisateurs du domaine"

[commons]
    path = /mnt/commons
    comment = commons
    browseable = yes
    writable = yes
    valid users = @"utilisateurs du domaine"

Resources

Last updated 07 Nov 2012, 09:52 +0200. history