Jumat, 14 Mei 2010

PDC with samba on centos 5.x

Langkah-langkah berikut akan memandu anda untuk membangun sebuah Primary Domain Controller pada OS Linux Centos 5.4 :

1. 1. root@black:yum install samba

2. edit konfigurasi samba tapi jangan lupa yang asli di backup dulu

root@black:cp /etc/samba/smb.conf /etc/samba/smb.conf.org
root@black:nano /etc/samba/smb.conf

Isi file samba jadi seperti ini :

#============= Global Settings ===============

[global]
workgroup = Black
server string = File Server
netbios name = Black-SVR
interfaces = 127.0.0.0 eth0
socket options= TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
time server = yes
enable privileges = yes
hosts allow = 192.168.0.0/255.255.0.0

# ————————— Logging Options —————————–
# logs split per machine
log file = /var/log/samba/all.log
#max 50KB per log file, then rotate
max log size = 1000
# ———————– Domain Controller Options ————————
security = user
guest ok = no
passdb backend = tdbsam

domain master = yes
domain logons = yes

# the login script name depends on the machine name
;logon script = %m.bat
# the login script name depends on the unix user used
logon script = %u.bat

logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U

# disables profiles support by specifing an empty path
;logon path =
add user script = /usr/sbin/useradd “%u” -n -g users
add group script = /usr/sbin/groupadd “%g”
add machine script = /usr/sbin/useradd -n -c “Workstation (%u)” -M -d /nohome -s /bin/false “%u”
delete user script = /usr/sbin/userdel “%u”
delete user from group script = /usr/sbin/userdel “%u” “%g”
delete group script = /usr/sbin/groupdel “%g”

#————– sync smb passwords with linux passwords————————
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n
passwd chat debug = yes
unix password sync = no

# ———————– Browser Control Options —————————-
local master = yes
os level = 33
preferred master = yes
#—————————– Name Resolution ——————————-
wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = yes

# ————————— Printing Options —————————–
load printers = yes
cups options = raw

; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups

# ————————— Filesystem Options —————————
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes

#============ Share Definitions ================

[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
valid users = Black\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user’s home directory
[Profiles]
path = /home/samba/profiles
browseable = yes
read only = no

# A publicly accessible directory, but read only, except for people in
# the “staff” group
[public]
comment = Public Stuff
path = /home/shares/allusers
public = yes
writable = yes
printable = no
write list = +staff
================================================

3. Buat direktori samba di home :

root@black:mkdir /home/samba
root@black:mkdir /home/samba/profiles
root@black:mkdir /home/samba/netlogon
root@black:mkdir /var/spool/samba
root@black:chmod 777 /var/spool/samba
root@black:chown -R root:users /home/samba
root@black:chmod -R 771 /home/samba
root@black:mkdir /home/shares/allusers
root@black:chown -R root:users /home/shares/allusers
root@black:chmod -R 755 /home/shares/allusers

4. Edit nsswitch.conf

root@black:nano /etc/nsswitch.conf

ganti baris hosts menjadi
hosts: files wins dns

5. tambah pc client di hosts

root@black:nano /etc/hosts

127.0.0.1 localhost
192.168.0.3 server
192.168.0.24 pc-ale
dst..

6. Buat user root di samba untuk join domain

root@black:smbpasswd -a root

7. tambah user root di smbusers

root@black:echo “root=Administrators” > /etc/samba/smbusers

8. setting domain group windows

root@black:net groupmap add ntgroup=”Domain Admins” unixgroup=root
root@black:net groupmap add ntgroup=”Domain Users” unixgroup=users

9. Tambah user samba :

root@black:useradd ale -m -G users -c “aLe aRdHo”
root@black:smbpasswd -a ale

10. Bikin direktori user di profiles :

root@black:mkdir /home/samba/profiles/ale
root@black:chown ale.users /home/samba/profiles/ale
root@black:chmod 700 /home/samba/profiles/ale

11. Restart samba

root@black:/etc/init.d/samba restart

12. Join domain windows ke centos

Done….

Tidak ada komentar: