Check out the tutorial from this site....
http://www-1.ibm.com/servers/esdd/tu...mba/index.html
Here are the important areas which I use.
groupadd -g 200 admins
groupadd -g 201 machines
mkdir -m 0775 /home/netlogon
chown root.admins /home/netlogon
mkdir /home/samba /home/samba/profiles
chmod 1757 /home/samba/profiles
Do yourself a favor and use the automated approach for machine accounts which is to add the following line to the smb.conf ( Note: that is supposed to be all one line )
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
Add the user accounts ( Fred in my case ) and set the passwords
useradd fred
passwd fred
New password:
Retype password:
smbpasswd -a fred
New SMB password:
Retype SMB password:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This part is very important for joining the domain from Windows
Give the root / admin user a samba password!!
smbpasswd -a root
New SMB password:
Retype SMB password:
Below is my smb.conf which works very nicely with those instructions.
_______________________________________________________________________
[global]
workgroup = mydomain.com
server string = Samba Server
hosts allow = 192.168.0. 192.168.1. 127.
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
username map = /etc/samba/smbusers
include = /etc/samba/smb.conf.%m
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes
domain logons = yes
logon home = \\%L\%U
; logon drive = H:
logon path = \\%L\Profiles\%U
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = fred
[Profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes