Currently,SambacangobeyondmerelyemulatingWindowssharestoactuallyactingasthePrimaryDomainControllerforyourWindowsnetwork.Ofcourse,SambacanalsobecomeaNTdomainmember.Inthisarticleweshalllookatboththeseoptions.

Thedomainconceptismuchbetterthanthetraditionalworkgroupconcept.OneoftheprimarybenefitsishavingacentralizedpassworddatabaseonthePrimaryDomainController.Onceauthenticated,youcanaccessanyofthesharesinthedomain,withouthavingtore-authenticateyourself.

Ifyou'reunfamiliarwithSamba,thenwe'vegotacoupleofgoodhowto'sthatyoucanreferto.Lookforlinkstothematthebottomofthearticle.

SambaasaNTDomainMember

SambaemulatesaNTworkstationwhenbecomingpartofthedomain.So,thefirstthingyouneedtodoiscreateamachineaccountforyourSambamachineonthedomaincontroller.InNTyouwouldusetheprogramServerManagerforDomainstocreatetheaccount.Oncetheaccountiscreated,allyouneedtoaddarethefollowinglinestoyoursmb.conffileundertheglobalsection.

#YourWorkgrouporDomainthatyouwant

#tologinto

workgroup=FREEOS

#TellSambatotalktodomaincontroller

#forauthentication

security=domain

#Specifytheservertogetauthenticate

#from.Youcanspecifythe

#NetBIOS#namesoftheserversorsimply

#putina"*"heretolet

#Sambafindtheserverthroughbroadcast

passwordserver=PS1PS2

#MakesureSambaisusingencrypted

#passwords

encryptpasswords=yes

NowstoptheSambadaemons

/etc/rc.d/init.d/smbstop

Givethefollowingcommandtojointhe

NTDomain

smbpasswd-jDOMAIN-rDOMAINPDC

DOMAINhereisthedomainthatyouwanttologonto.DOMAINPDCistheprimarydomaincontrollerforthatdomain.Youwillthenseeamessagesaying,揓oineddomainDOMAIN?

NowstartyourSMBandNMBdaemons.

/etc/rc.d/init.d/smbstart

ThatwasallaboutjoininganNTdomain.SettingupSambaasyourPrimaryDomainControllerisnotverydifficult.

SambaasPrimaryDomainController

Addthefollowingtotheglobalsectionofyoursmb.conffile.

#ThedomainyouwanttobeaPDCfor

workgroup=SIMPLE

#TellSambatousedomainlogons

domainlogons=yes

#User-levelsecurity.Usersmust

#authenticatethemselveswith

#validusernameandpassword

security=user

#Settoyessothatnmbdparticipates

#inlocalmasterbrowser

#elections

localmaster=yes

#SetOslevelvaluetomakesurenmbd

#winslocalbrowsemaster

#elections.65shouldbeateveryone

#accordingtothemanpage

oslevel=65

#Givenmbdanadvantageinlocal

#masterbrowserelections

preferredmaster=yes

#Setsothatnmbdclaimsaunique

#NetBIOSnameidentifyingitas

#adomainmaster

domainmaster=yes

#Thefollowingshareisrequiredtosupport

#domainlogons.Thedirectorymaybe

#createdanywhereonyoursystem.Make

#suretheshareisnon-writeableandalso

#notapublicshare.

[netlogon]

comment=Thedomainlogonservice

path=/usr/local/samba/netlogon

public=no

writeable=no

ThenextthingtodoiscreatetheusersontheSambaserverthatistoactasthedomaincontroller.Youcandothisusingtheuseraddcommand.

useradd?gsmbuser?d/dev/null?s/dev/nullntuser

Asyoucansee,bothshellandhomedirectoryforntuserissetto/dev/null.IfyourWindowsusersarenotrequiredtoaccesstheUnixbox,youshouldusetheabovetodenyaccesstothemachine.PasswordsarealsonotrequiredtobesetbecauseSambakeepsthepasswordhashinaseparatefilespecifiedintheconfigurationfile.

#PathtoSambapasswordfile

#Makesureonlyroothasread/writeaccess

smbpasswdfile=/usr/local/samba/smbpasswd

Afteraddingauser(youcanalsousevipwtoaddauser),youneedtoaddtheusertothesambapassworddatabase.

搒mbpasswd朼?willaddallusersinUnixpasswdfiletosmbpasswdfile.TheusageandsyntaxissimilartotheUnixpasswdcommand.Tochangeausers?passworduse搒mbpasswdusername?

ThatwillbeenoughforSambatostartauthenticatingWindows9Xclients.ForNTworkstations,somemoreworkistobedone.YouhavetocreateamachineaccountforeachNTclientthatwilllogon.Amachineaccountissimplyaregular/etc/passwdentry,witha??appendedtothenameoftheNTmachine.

useradd-gsmbuser-杁/dev/null-杝/dev/nullntclient$

Nowaddittothepassworddatabase

smbpasswd朼杕ntclient(the$attheendisnotrequired)

SambacannowacceptlogonsfromaNTclient.

Asyoucansee,configuringsambaasadomaincontrolleranddomainmemberisafairlyeasyjob.Theflipsideisthatsincesambaistheresultofmajoramountsofhackingandreverseengineering,itdoesn'thaveallthefunctionalityofaproperdomaincontroller.Thereisanalternativebranch,SambaTNGthataddsmorefunctionalityinthisarea.

【Samba NT Domain Controller】相关文章：

★ linux vps如何修改时区 linux vps时区设置的方法

★ 在线rss阅读聚合器lilina-0.7安装笔记

★ Slackware Linux init 进程

★ linux解析命令行选项getopt_long用法解读

★ Linux tar 压缩档案管理命令学习

★ 为网站根目录添加sgid权限

★ linux使用su切换用户提示 Authentication failure的解决方法

★ make_sock: could not bind to address 0.0.0.0:443

★ Linux 下rename 命令的用法第1/2页

★ linux之cut命令的用法