Currently,SambacangobeyondmerelyemulatingWindowssharestoactuallyactingasthePrimaryDomainControllerforyourWindowsnetwork.Ofcourse,SambacanalsobecomeaNTdomainmember.Inthisarticleweshalllookatboththeseoptions.

Thedomainconceptismuchbetterthanthetraditionalworkgroupconcept.OneoftheprimarybenefitsishavingacentralizedpassworddatabaseonthePrimaryDomainController.Onceauthenticated,youcanaccessanyofthesharesinthedomain,withouthavingtore-authenticateyourself.

Ifyou'reunfamiliarwithSamba,thenwe'vegotacoupleofgoodhowto'sthatyoucanreferto.Lookforlinkstothematthebottomofthearticle.

SambaasaNTDomainMember

SambaemulatesaNTworkstationwhenbecomingpartofthedomain.So,thefirstthingyouneedtodoiscreateamachineaccountforyourSambamachineonthedomaincontroller.InNTyouwouldusetheprogramServerManagerforDomainstocreatetheaccount.Oncetheaccountiscreated,allyouneedtoaddarethefollowinglinestoyoursmb.conffileundertheglobalsection.

#YourWorkgrouporDomainthatyouwant

#tologinto

workgroup=FREEOS

#TellSambatotalktodomaincontroller

#forauthentication

security=domain

#Specifytheservertogetauthenticate

#from.Youcanspecifythe

#NetBIOS#namesoftheserversorsimply

#putina"*"heretolet

#Sambafindtheserverthroughbroadcast

passwordserver=PS1PS2

#MakesureSambaisusingencrypted

#passwords

encryptpasswords=yes

NowstoptheSambadaemons

/etc/rc.d/init.d/smbstop

Givethefollowingcommandtojointhe

NTDomain

smbpasswd-jDOMAIN-rDOMAINPDC

DOMAINhereisthedomainthatyouwanttologonto.DOMAINPDCistheprimarydomaincontrollerforthatdomain.Youwillthenseeamessagesaying,揓oineddomainDOMAIN?

NowstartyourSMBandNMBdaemons.

/etc/rc.d/init.d/smbstart

ThatwasallaboutjoininganNTdomain.SettingupSambaasyourPrimaryDomainControllerisnotverydifficult.

SambaasPrimaryDomainController

Addthefollowingtotheglobalsectionofyoursmb.conffile.

#ThedomainyouwanttobeaPDCfor

workgroup=SIMPLE

#TellSambatousedomainlogons

domainlogons=yes

#User-levelsecurity.Usersmust

#authenticatethemselveswith

#validusernameandpassword

security=user

#Settoyessothatnmbdparticipates

#inlocalmasterbrowser

#elections

localmaster=yes

#SetOslevelvaluetomakesurenmbd

#winslocalbrowsemaster

#elections.65shouldbeateveryone

#accordingtothemanpage

oslevel=65

#Givenmbdanadvantageinlocal

#masterbrowserelections

preferredmaster=yes

#Setsothatnmbdclaimsaunique

#NetBIOSnameidentifyingitas

#adomainmaster

domainmaster=yes

#Thefollowingshareisrequiredtosupport

#domainlogons.Thedirectorymaybe

#createdanywhereonyoursystem.Make

#suretheshareisnon-writeableandalso

#notapublicshare.

[netlogon]

comment=Thedomainlogonservice

path=/usr/local/samba/netlogon

public=no

writeable=no

ThenextthingtodoiscreatetheusersontheSambaserverthatistoactasthedomaincontroller.Youcandothisusingtheuseraddcommand.

useradd?gsmbuser?d/dev/null?s/dev/nullntuser

Asyoucansee,bothshellandhomedirectoryforntuserissetto/dev/null.IfyourWindowsusersarenotrequiredtoaccesstheUnixbox,youshouldusetheabovetodenyaccesstothemachine.PasswordsarealsonotrequiredtobesetbecauseSambakeepsthepasswordhashinaseparatefilespecifiedintheconfigurationfile.

#PathtoSambapasswordfile

#Makesureonlyroothasread/writeaccess

smbpasswdfile=/usr/local/samba/smbpasswd

Afteraddingauser(youcanalsousevipwtoaddauser),youneedtoaddtheusertothesambapassworddatabase.

搒mbpasswd朼?willaddallusersinUnixpasswdfiletosmbpasswdfile.TheusageandsyntaxissimilartotheUnixpasswdcommand.Tochangeausers?passworduse搒mbpasswdusername?

ThatwillbeenoughforSambatostartauthenticatingWindows9Xclients.ForNTworkstations,somemoreworkistobedone.YouhavetocreateamachineaccountforeachNTclientthatwilllogon.Amachineaccountissimplyaregular/etc/passwdentry,witha??appendedtothenameoftheNTmachine.

useradd-gsmbuser-杁/dev/null-杝/dev/nullntclient$

Nowaddittothepassworddatabase

smbpasswd朼杕ntclient(the$attheendisnotrequired)

SambacannowacceptlogonsfromaNTclient.

Asyoucansee,configuringsambaasadomaincontrolleranddomainmemberisafairlyeasyjob.Theflipsideisthatsincesambaistheresultofmajoramountsofhackingandreverseengineering,itdoesn'thaveallthefunctionalityofaproperdomaincontroller.Thereisanalternativebranch,SambaTNGthataddsmorefunctionalityinthisarea.

【Samba NT Domain Controller】相关文章：

★ linux脚本发送邮件 shell发送邮件(使用 msmtp+mutt+shell来实现)

★ linux解析命令行选项getopt_long用法解读

★ Linux下编写网络抓包程序代码

★ Linux基础知识99问（一）

★ Zlib是什么?|Zlib的作用是什么?|Zlib有什么作用?

★ Linux VPS中rar、unrar命令安装和使用详解

★ FreeBSD6.0Release+Squid+Socks5服务器架设笔记

★ linux halt命令参数及用法详解(linux关机命令详解)

★ Linux tar 压缩档案管理命令学习

★ redhat linux enterprise 5 输入ifconfig无效的解决方法