Check out the tutorial from this site. Note: The link has a nasty habit of moving, you may have to dig some to find it.
http://www-106.ibm.com/servers/esdd/...ba/index2.html
Here are the important areas which I use.
groupadd -g 200 admins
groupadd -g 201 machines
mkdir -m 0775 /home/netlogon
chown root.admins /home/netlogon
mkdir /home/samba /home/samba/profiles
chmod 1757 /home/samba/profiles
The automated approach for machine accounts is to add the following line to the /etc/smb.conf
( Note: that is supposed to be all one line )
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
_______________________________________________________________
In some cases, the Windows machine refuses to join the Samba domain. Then the manual approach is needed also. Use the following commands while logged in as the root user. In this example the machine name is mudd.
/usr/sbin/useradd -g machines -d /dev/null -s /bin/false mudd$
passwd -l mudd$
You should see something like this....
Locking password for user mudd$
passwd: Success
Now add a samba password for the machine.
smbpasswd -a -m mudd$
You should see something like this....
Added user mudd$
________________________________________________________________
Add the user accounts ( Fred in my case ) and set the passwords
useradd fred
passwd fred
New password:
Retype password:
smbpasswd -a fred
New SMB password:
Retype SMB password:
***************************************************************
This part is very important for joining the domain from Windows.
When you get to the part on a Windows computer where it asks for the person who is authorized to join computers to the domain, I use the root user and password.
Give the root / admin user a samba password!!
smbpasswd -a root
New SMB password:
Retype SMB password:
Below is my smb.conf which works very nicely with those instructions.
Code:
[global]
workgroup = mydomain.com
server string = Samba Server
hosts allow = 192.168.0. 192.168.1. 127.
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
username map = /etc/samba/smbusers
include = /etc/samba/smb.conf.%m
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes
domain logons = yes
logon home = \\%L\%U
; logon drive = H:
logon path = \\%L\Profiles\%U
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = fred
[Profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
