We will configure one Samba server (SAMBABOX) to act as a primary domain controller, as well as configure one domain client running Windows 2000 Server(WIN2KBOX) and acting as a member server of the domain. Detailed instructions will be given for adding WIN2KBOX to the domain due to the extra steps necessary. Instructions for adding Windows 95/98/XP clients can be found in the newly installed documentation by pointing a web browser to: file:///usr/share/samba/swat/using_samba/ch03_01.html#ch03-55770. /etc/samba/smb.conf, /etc/rc.d/init.d/samba First we set up some directories needed by Samba : mkdir /var/lib/samba && mkdir /var/lib/samba/netlogon && mkdir /var/lib/samba/ntprofile && mkdir /var/lib/samba/profiles && chmod -R 1777 /var/lib/samba And the Samba configuration file: cat > /etc/samba/smb.conf << "EOF" [global] netbios name = SAMBABOX workgroup = DOMAIN01 os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes log file = /var/log/log.%m log level = 1 logon path = \\%N\home\%u logon drive = H: logon home = \\homeserver\%u logon script = logon.cmd [netlogon] path = /var/lib/samba/netlogon read only = yes write list = ntadmin [profiles] path = /var/lib/samba/ntprofile read only = no create mask = 0600 directory mask = 0700 ; World writable share for testing [tmp] comment = Temporary file space path = /tmp read only = no public = yes [home] comment = Users' home directories path = /home read only = no public = no EOF Now add the machine trust account for WIN2KBOX: /usr/sbin/useradd -g 100 -d /dev/null -c \ "machine nickname" -s /bin/false win2kbox$ && passwd -l win2kbox$ && smbpasswd -a -m win2kbox Create the Samba boot script: cat > /etc/rc.d/init.d/samba << "EOF" #!/bin/bash # Begin $rc_base/init.d/samba # Based on sysklogd script from LFS-3.1 and earlier. # Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org source /etc/sysconfig/rc source $rc_functions case "$1" in start) echo "Starting nmbd..." loadproc /usr/sbin/nmbd -D echo "Starting smbd..." loadproc /usr/sbin/smbd -D ;; stop) echo "Stopping smbd..." killproc /usr/sbin/smbd echo "Stopping nmbd..." killproc /usr/sbin/nmbd ;; reload) echo "Reloading smbd..." reloadproc /usr/sbin/smbd echo "Reloading nmbd..." reloadproc /usr/sbin/nmbd ;; restart) $0 stop sleep 1 $0 start ;; status) statusproc /usr/sbin/nmbd statusproc /usr/sbin/smbd ;; *) echo "Usage: $0 {start|stop|reload|restart|status}" exit 1 ;; esac # End $rc_base/init.d/samba EOF Add the run level symlinks: chmod 754 /etc/rc.d/init.d/samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc1.d/K48samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc2.d/K48samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S24samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc4.d/S24samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc5.d/S24samba && ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba Now, we'll use our new boot script to start Samba : /etc/rc.d/init.d/samba start We have to add the SAMBABOX root account to the Samba user list first in order to join WIN2KBOX to the DOMAIN01 domain: smbpasswd -a root After starting Samba and adding root to the Samba user list, the first machine we'll join to DOMAIN01 will be WIN2KBOX, the Windows 2000 Server box we created the machine trust account for. On WIN2KBOX: 1. Right click on My Computer. 2. Click on Properties. 3. Click on the Network Identification notebook tab. 4. Click on the Properties button. 5. In the Computer Name: edit field enter WIN2KBOX. 6. Click on the Domain: radio button and enter DOMAIN01 in the edit field and click OK. 7. When presented with the Domain Username And Password dialog box, enter root and root's password on SAMBABOX and click OK. 8. After the machine trust is negotiated, click the OK button in the dialog box welcoming you to the DOMAIN01 domain. 9. Click OK in the reboot reminder dialog box. 10. Click OK to close the System Properties window. 11. Click Yes to reboot WIN2KBOX. Before logging on to WIN2KBOX, we will create a new user with the following commands: useradd -m win2kuser01 && passwd win2kuser01 && smbpasswd -a win2kuser01 Now we will log on the domain as our newly created user as follows: 1. Press Ctrl-Alt-Del to bring up the Log On to Windows dialog box. 2. Enter the win2kuser01 name and password. 3. Select DOMAIN01 from the Log on to: combination box and click OK. Add the swat entry to /etc/serviceswith the following command: echo "swat 901/tcp" >> /etc/services If inetd is used, the following command will add the swat entry to /etc/inetd.conf: echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \ >> /etc/inetd.conf If xinetd is used, the following command will add the swat entry to /etc/xinetd.conf: cat >> /etc/xinetd.conf << "EOF" service swat { port = 901 socket_type = stream wait = no only_from = 127.0.0.1 user = root server = /usr/sbin/swat log_on_failure += USERID } EOF The Samba Web Administration Tool, SWAT, can be launched with the following command on SAMBABOX: lynx http://localhost:901 Be sure inetd is running, and issue a killall -HUP inetd before starting SWAT. The Lynx browser is used in this demonstration, but is not necessary.