GuidePedia

0
Create a fully accessed shared directory:---

 
Install Samba to share folders or files between Windows and Linux.
[1] Install Samba
root@smb:~#
aptitude -y install samba

[2] Create a fully accessed shared directory which anyone can access and write without authentication.
root@smb:~#
mkdir /home/share

root@smb:~#
chmod 777 /home/share

root@smb:~#
vi /etc/samba/smb.conf
# near line 25: add

unix charset = UTF-8
# line 30: change (Windows' default)

workgroup =
WORKGROUP
# line 51: uncomment and change IP address you allow

interfaces = 127.0.0.0/8
10.0.0.0/24
# line 58: uncomment

bind interfaces only = yes
# line 60: add (no auth)

map to guest = Bad User
# add at the last line

[Share]
# any name you like

   path = /home/share
# shared directory

   writable = yes
# writable

   guest ok = yes
# guest OK

   guest only = yes
# guest only

   create mode = 0777
# fully accessed

   directory mode = 0777
# fully accessed

   share modes = yes
# warn if some people access to a file
root@smb:~#
initctl restart smbd

smbd start/running, process 2369
[3] Configure on Windows client. This example is on Windows 7. Select [My Computer] - [Map Network Drive] like following example.
[4] Specify shared folder's place in Folder section like example and Click 'Finish' button to enter.
[5] Just accessed to shared folder.
 ------------------------------------------------------------------------------------------------------------
Limited Shared Directory:---

 
Create a shared directory that requires user authentication.
[1] Configure Samba
root@smb:~#
groupadd security

root@smb:~#
mkdir /home/security

root@smb:~#
chgrp security /home/security

root@smb:~#
chmod 770 /home/security

root@smb:~#
vi /etc/samba/smb.conf
# line 60: comment out

#
map to guest = Bad User
# add at the last line

[Security]
# any name you like

   path = /home/security
   writable = yes
   create mode = 0770
   directory mode = 0770
   share modes = yes
   guest ok = no
# guest not allowed

   valid users = @security
# allow only security group
root@smb:~#
smbpasswd -a trusty
# add a user in Samba

New SMB password:
# set password

Retype new SMB password:
Added user trusty.
root@smb:~#
usermod -G security trusty

root@smb:~#
initctl restart smbd

smbd start/running, process 1017
[2] Configure on Windows client. This example is on Windows 7. Select [My Computer] - [Map Network Drive] like following example.
[3] Input '\\(server)\(shared directory)'
[4] Password is required. Input the one set in [1].
[5] Just accessed.
 ------------------------------------------------------------------------------------------------------------
Samba Winbind:---


Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server
: Windows Server 2012 R2

Domain Name
: FD3S01

Realm
: FD3S.SERVER.WORLD

Hostname
: fd3s.server.world
[1] Install Winbind
root@smb:~#
aptitude -y install winbind libpam-winbind libnss-winbind krb5-config
# specify Realm

 +------------------+ Configuring Kerberos Authentication +------------------+
 | When users attempt to use Kerberos and specify a principal or user name   |
 | without specifying what administrative Kerberos realm that principal      |
 | belongs to, the system appends the default realm.  The default realm may  |
 | also be used as the realm of a Kerberos service running on the local      |
 | machine.  Often, the default realm is the uppercase version of the local  |
 | DNS domain.                                                               |
 |                                                                           |
 | Default Kerberos version 5 realm:                                         |
 |                                                                           |
 | FD3S.SERVER.WORLD________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
# specify the hostname of AD DS

     +--------------+ Configuring Kerberos Authentication +---------------+
     | Enter the hostnames of Kerberos servers in the FD3S.SERVER.WORLD   |
     | Kerberos realm separated by spaces.                                |
     |                                                                    |
     | Kerberos servers for your realm:                                   |
     |                                                                    |
     | fd3s.server.world_________________________________________________ |
     |                                                                    |
     |                               <Ok>                                 |
     |                                                                    |
     +--------------------------------------------------------------------+
# specify the hostname of AD DS

 +------------------+ Configuring Kerberos Authentication +------------------+
 | Enter the hostname of the administrative (password changing) server for   |
 | the FD3S.SERVER.WORLD Kerberos realm.                                     |
 |                                                                           |
 | Administrative server for your Kerberos realm:                            |
 |                                                                           |
 | fd3s.server.world________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
[2] Configure Winbind
root@smb:~#
vi /etc/samba/smb.conf
# line 29: change workgroup name to the one for AD DS and add lines like follows

   workgroup =
FD3S01

   password server = fd3s.server.world
   realm = FD3S.SERVER.WORLD
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
root@smb:~#
vi /etc/nsswitch.conf
# line 7: add like follows

passwd:
compat
winbind

group:
compat
winbind

shadow:
compat
winbind
root@smb:~#
vi /etc/pam.d/common-session
# add at the last line if you need ( auto create a home directory when initial login )

session optional        pam_mkhomedir.so skel=/etc/skel umask=077

root@smb:~#
vi /etc/network/interfaces
# change name server to AD's one

dns-nameservers
10.0.0.200
root@smb:~#
ifdown eth0 && ifup eth0
# join AD Domain ( net ads join -U [administrative user on AD])

root@smb:~#
net ads join -U Serverworld

Enter Serverworld's password:
Using short domain name -- FD3S01
Joined 'SMB' to dns domain 'fd3s.server.world'
No DNS domain configured for smb. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
root@smb:~#
initctl restart winbind

winbind start/running, process 2721
root@smb:~#
initctl restart smbd

smbd start/running, process 2702
root@smb:~#
initctl restart nmbd

nmbd start/running, process 2714
# display user info on AD

root@smb:~#
wbinfo -u

hiroyuki
guest
krbtgt
linux
fedora
ubuntu
debian
mint
serverworld
sqladmin
#switch to a user on AD

root@smb:~#
su - serverworld

Creating directory '/home/serverworld'.
serverworld@smb:~$  ------------------------------------------------------------------------------------------------------------
Configute Samba Active Directory Domain Controller:---


Configute Samba Active Directory Domain Controller.
This example configures on the environment bellow.
Domain name
: SMB01

Realm
: SMB.SERVER.WORLD

Hostname
: smb.server.world
[1] Install some packages
root@smb:~#
aptitude -y install samba krb5-config
# set Realm

 +------------------+ Configuring Kerberos Authentication +------------------+
 | When users attempt to use Kerberos and specify a principal or user name   |
 | without specifying what administrative Kerberos realm that principal      |
 | belongs to, the system appends the default realm.  The default realm may  |
 | also be used as the realm of a Kerberos service running on the local      |
 | machine.  Often, the default realm is the uppercase version of the local  |
 | DNS domain.                                                               |
 |                                                                           |
 | Default Kerberos version 5 realm:                                         |
 |                                                                           |
 | SMB.SERVER.WORLD_________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
# specify the hostname

 +------------------+ Configuring Kerberos Authentication +------------------+
 | Enter the hostnames of Kerberos servers in the SMB.SERVER.WORLD Kerberos  |
 | realm separated by spaces.                                                |
 |                                                                           |
 | Kerberos servers for your realm:                                          |
 |                                                                           |
 | smb.server.world_________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
 
# specify the hostname

 +------------------+ Configuring Kerberos Authentication +------------------+
 | Enter the hostname of the administrative (password changing) server for   |
 | the SMB.SERVER.WORLD Kerberos realm.                                      |
 |                                                                           |
 | Administrative server for your Kerberos realm:                            |
 |                                                                           |
 | smb.server.world_________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
[2] Configure Samba
# rename or remove the default config file

root@smb:~#
mv /etc/samba/smb.conf /etc/samba/smb.conf.org

root@smb:~#
samba-tool domain provision

# specify Realm

Realm:
SMB.SERVER.WORLD

# specify Domain name

Domain [SMB]:
SMB01

# Enter with default because it sets DC

Server Role (dc, member, standalone) [dc]:
# Enter with default because it uses Built-in DNS

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
# confirm DNS setting and Enter if it's OK

DNS forwarder IP address (write 'none' to disable forwarding) [10.0.0.10]:
# set admin password

# Do not set trivial password, if you input it, configuration wizard shows error and stops.

Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=smb,DC=server,DC=world
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=smb,DC=server,DC=world
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              smb
NetBIOS Domain:        SMB01
DNS Domain:            smb.server.world
DOMAIN SID:            S-1-5-21-2788139304-4264175402-297299711

# restart the computer

root@smb:~#
reboot
# raise domain level to 2008 R2

root@smb:~#
samba-tool domain level raise --domain-level 2008_R2 --forest-level 2008_R2

Domain function level changed!
Forest function level changed!
All changes applied successfully!
# confirm doman level

root@smb:~#
samba-tool domain level show

Domain and forest function level for domain 'DC=smb,DC=server,DC=world'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

# add a user in domain

root@smb:~#
samba-tool user add trusty

New Password:  
# set password

Retype Password:
User 'trusty' created successfully
[2]
It's OK to configure Samba AD DC.

Next Join in Samba AD DC from Clients:---


Join in Samba AD DC from Clients.
This example shows to configure Windows Server 2012 R2.
[1] Change DNS settings to refer to Samba AD DC.
[2] Open system's property and specify Samba AD DC hostname in Join Group.
[3] Authenticate with Administrator user. The password is just the one you set in Samba AD DC configuration.
[4] After authentication, it can join AD Doman. Next, Restart computer once.
[5] It's possible to logon with the Administrator or users added in Samba AD DC.
[6] Just logon to Samba Active Directory.


 

Post a Comment

Blogger Tips and TricksLatest Tips And TricksBlogger Tricks

Visitors

Cloud Power For You

Website Hosting At Low Price

Contatc

Empire Views
 
Top