Operating Systems and Systems Integration Configuring and Testing Samba PDCs 1 Aim After completing this exercise, you will be able to install and perform basic configuration of a Samba server as a primary domain controller. You will conduct a number of tests of your primary domain controller with Windows 2000 clients. 2 Procedure 1. Choose a partner so that at least one of you has Windows 2000 Prefessional or Advanced Server, that is not either a primary or backup domain controller. 2. Mount the NFS drive from Ictlab, and change to the samba directory: $ sudo mount Ictlab:/var/ftp/pub /mnt $ cd /mnt/samba 3. install the 2.2.3a samba packages—if you installed the alpha packages before, you need to upgrade them to the final version. If you did not install samba 2.2 before: $ sudo rpm -Uhv samba-*2.2.3a-4.i386.rpm 4. Refer to the document that I have written about installing updates, and install the updates. The Samba 2.2 RPMs will not work unless most of the OS updates are applied. 5. Back up your original smb.conf configuration file for Samba again: $ cd /etc/samba $ sudo cp -p smb.conf smb.conf-orig 6. Copy the new configuration file from the documentation directory of Samba: $ sudo cp -p /usr/share/doc/samba-2.2.0/smb.conf-pdc-example /etc/samba/smb.conf 7. Edit the Samba configuration file using emacs: $ sudo emacs /etc/samba/smb.conf & I strongly suggest that you open this file, and keep it open. It wastes time to continually open and close the configuration file. Nick Urbanik ver. 1.1 Configuring and Testing Samba PDCs Operating Systems and Systems Integration 2 8. Change the workgroup to a name based on your computers’ DNS name, with a letter or digit appended. For example, if your computer’s hostname is sammy.tyict.vtc.edu.hk, enter something like sammyD. You should understand that NetBIOS domain names are different from DNS domain names. DNS domain names form a hierarchy, whereas NetBIOS domain names are all in one big flat name space. 9. Change the netlogon share to be writable by the administrator, by removing the writable = no configuration option and changing the configuration to look something like this: [netlogon] comment = Network Logon Service path = /var/samba/netlogon guest ok = no write list = @smbadm share modes = no 10. Verify that the configuration file has no syntax errors using the testparm program: $ testparm 11. Start the server with: $ sudo samba start Then check to see that it is running with: $ samba status 12. You should have already created accounts for yourself, your partner and for the user root previously. In case you need to make some more accounts, here is the procedure, repeated from last time: (a) Create a number of samba account passwords. Each of them must have an entry in the /etc/passwd file (i.e., perhaps you added the account earlier using useradd. Note that today, we will use separate passwords for samba and for logging into Linux. Example of adding a user that is not in your password file already: $ sudo useradd -c ’Nick Urbanik’ nicku $ sudo smbpasswd -a nicku Example of adding a user that is already in your password file: $ sudo smbpasswd -a nicku (b) Add a password for root: $ sudo smbpasswd -a root Note that this password should be different from the Linux login password for root, for security reasons. You will need to give your partner this password. Nick Urbanik ver. 1.1 Configuring and Testing Samba PDCs Operating Systems and Systems Integration 3 13. Examine the log files while you do the following steps. The log files are in /var/log/samba. You need to su to root before you can change into that directory. Open some windows and run tail -f on the log files. 14. You should already have made a Windows 2000 machine a member of your domain last time, but in case you have a new partner today, here is the procedure: (a) Log into a Windows 2000 machine locally as administrator. Note: this Windows machine must not already be a primary domain controller, since a PDC cannot be made a member of another domain. You can use Windows 2000 Advanced Server, as long as it is not a PDC or BDC. If you have no Windows 2000 Professional for which you have administrator access, you can use Windows 98, but this will reduce what you can test. i. In Windows 2000, from TCP/IP settings, add 192.168.68.240 as the WINS server address. Select the radio button Enable NetBIOS over TCP/IP. ii. In Windows 2000, right-click Network Places and select Properties; from the Advanced menu, select Network Identification. Press Properties.  OK . iii. Choose Domain, enter the domain name of your samba server. Click  © iv. Enter the user name administrator and enter the Samba password for root on your Samba server. v. Wait for confirmation and reboot when prompted. 15. Now test this as a primary domain controller. Note that it is an nt 4 compatible pdc, not a Windows 2000 pdc . Being a primary domain controller means allowing other machines to join the domain so that when any user logs into the domain, then: • the user can access any resources (e.g., shares, printers) that are ◦ provided by any of the machines that are members of the domain and that ◦ they have the rights to access • without entering a password again. 16. Login in to the domain as administrator from your Windows 2000 box. Browse to the netlogon share, and create some logon scripts using notepad. For the user nickl, the script is the file /var/samba/netlogon/scripts/nickl.bat. The logon script is run by the client when it logs in. Here is an example of a logon script: @echo off net time \\nicksbox /set /yes if %OS%.==Windows_NT. goto WinNT :Win9x net use z: net use p: net use q: net use r: goto end :WinNT ¨ \\nicksbox\nickl \\nicksbox\ossi \\nicksbox\notlinux \\nicksbox\linux Nick Urbanik ver. 1.1 Configuring and Testing Samba PDCs Operating Systems and Systems Integration 4 net use net use net use net use :end z: p: q: r: \\nicksbox\nickl /persistent:no \\nicksbox\ossi /persistent:no \\nicksbox\notlinux /persistent:no \\nicksbox\linux /persistent:no Note that each line must be terminated by a carriage return/linefeed pair. 17. Documentation for the new features of Samba 2.2 is in /usr/share/doc/samba-2.2.3a/ docs/Samba-HOWTO-Collection.pdf. Open this up: $ cd /usr/share/doc/samba-2.2.3a/docs $ acroread Samba-HOWTO-Collection.pdf & and move to page 45 (by page numbering in the document itself), or page 50 if count pages starting from beginning as page 1. This section is about System Policies and Profiles. 18. I have extracted the policy editor poledit.exe from the NT4 Service pack 6a, and put it, together with the files common.adm and winnt.adm into the directory profile-editor-from-service-pack-6a in the samba NFS directory from Ictlab. Test editing policies on your samba server from the Windows 2000 machine. 19. I have also downloaded the server manager for nt 4. You will find it in the samba nfs directory from Ictlab. Test the server manager. 20. Samba 2.2 supports downloadable printer drivers. This is described in the Samba -HOWTO-Collection.pdf file on page 30(35). Test it. 21. Samba 2.2 supports dfs . The rpm package provides a directory that is a dfs root. Read the documentation about it on page 22(27) in the Samba-HOWTO-Collection .pdf file. Also see /usr/share/doc/samba-2.2.3a/docs/htmldocs/msdfs setup.html. 22. Test your domain controller as much as you can. Nick Urbanik ver. 1.1