Samba 2.2.2 as PDC
Ian Linwood
ian-linwood at freeuk.com
Sun Jan 20 12:53:03 GMT 2002
Hi
I'd appreciate some advice in setting up Samba 2.2.2 as a PDC.
I've successfully got it working as a simple file sharing box, but the system is not recognised as a Domain controller
when I try to join the domain. I get 'domain controller not found...' message on my W98 & W2K box.
Diagnostics
-----------
ian at nitrogen:~$ /usr/local/samba/bin/smbclient -U% -L localhost
added interface ip=10.0.1.21 bcast=10.0.1.255 nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
Domain=[SYSOL] OS=[Unix] Server=[Samba 2.2.2]
Sharename Type Comment
--------- ---- -------
netlogon Disk Network Logon Service
public Disk Public Stuff
IPC$ IPC IPC Service (Nitrogen Dev. Box)
ADMIN$ Disk IPC Service (Nitrogen Dev. Box)
lp Printer
Server Comment
--------- -------
HYDROGEN
NITROGEN Nitrogen Dev. Box
Workgroup Master
--------- -------
SYSOL NITROGEN
C:\>ping nitrogen
Pinging nitrogen.sysol.local [10.0.1.21] with 32 bytes of data:
Reply from 10.0.1.21: bytes=32 time<10ms TTL=255
Reply from 10.0.1.21: bytes=32 time<10ms TTL=255
Reply from 10.0.1.21: bytes=32 time<10ms TTL=255
Reply from 10.0.1.21: bytes=32 time<10ms TTL=255
Ping statistics for 10.0.1.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>net view nitrogen
Shared resources at nitrogen
Nitrogen Dev. Box
Share name Type Used as Comment
-------------------------------------------------------------------------------
ian Disk Home Directories
lp Print
netlogon Disk Network Logon Service
public Disk Public Stuff
The command completed successfully.
Machine accounts have been added to /etc/passwd and with
'smbpasswd -a -m'
ian at nitrogen:~$ cat /etc/passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/log:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:
news:x:9:13:news:/usr/lib/news:
uucp:x:10:14:uucp:/var/spool/uucppublic:
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:
ftp:x:14:50::/home/ftp:
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/bash
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
nobody:x:99:99:nobody:/:
ian:x:1000:100:,,,:/home/ian:/bin/bash
postgres:x:1001:102:PostgreSQL service account,,,:/data/pgsql:/bin/bash
bind:x:1002:103:,,,:/opt/bind9:/bin/false
hydrogen$:x:1003:104::/home/machines:/bin/false
misery$:x:1004:104::/home/machimes:/bin/false
nitrogen$:x:1005:104::/dev/null:/bin/false
This is my smb.conf
-------------------
ian at nitrogen:~$ cat /etc/samba/conf/smb.conf
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
netbios name = nitrogen
workgroup = SYSOL
logon drive = p:
logon home = \\%L\%U
# server string is the equivalent of the NT Description field
server string = Nitrogen Dev. Box
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 10.0.1. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# you may wish to override the location of the printcap file
; printcap name = /etc/printcap
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = bsd
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Note: Do NOT use the now deprecated option of "domain controller"
# This option is no longer implemented.
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /usr/local/samba/lib/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
interfaces = 10.0.1.21/24 127.0.0.0/8
bind interfaces only = yes
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 65
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /data/samba/netlogon
guest ok = yes
writable = no
share modes = no
write list = root,ian
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /data/samba/profiles
browseable = no
guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
[public]
comment = Public Stuff
path = /data/samba/public
public = yes
writable = yes
printable = no
write list = @users
Any advice or further diagnostic tips would be welcome.
Ian Linwood. e-mail: ian at dinwoodi.f9.co.uk
More information about the samba
mailing list