Creating a Starter Configuration
The easiest way to configure a Samba server to be the PDC for a small network is by using SWAT. You'll need to edit the various sections of the smb.conf file, so I'll walk you through what you'll find in each.
The [global] Section
The [global] section governs the general Samba settings. Table 10.2 explains the parameters you need to set to create a PDC.
Table 10.2. Minimum Settings for the [global] Section of smb.confParameter | Value | Description |
|---|
domain logons | Yes | Tells Samba to become the PDC. | preferred master | Yes | Makes the PDC act as the central store for the names of all Windows clients, servers, and printers on the network. Very helpful when you need to browse your local network for resources. Also known as a local master browser. | domain master | Yes | Tells Samba to become the master browser across multiple networks all over the domain. The local master browsers register themselves with the domain master to learn about resources on other networks. | Os level | 65 | Sets the priority the Samba server should use when negotiating to become the PDC with other Windows servers. A value of 65 usually makes the Samba server win. | wins support | Yes | Allows the Samba server to provide name services for the network. In other words, it keeps track of the IP addresses of all the domain's servers and clients. | time server | Yes | Lets the Samba server provide time updates for the domain's clients. | domain | "homenet" | The name of the Windows domain you'll create. The name you select is your choice. I've decided to use homenet. | security | User | Makes domain logins query the Samba password database located on the Samba server itself. |
Here's how to set the values using SWAT:
1. | Log into SWAT, and click on the [global] section.
| 2. | Click the Advanced button to see all the options.
| 3. | Make your changes, and click on the Commit Changes button when finished.
| 4. | Your smb.conf file should resemble the example below when you're finished. You can view the contents of the configuration file by logging into the Samba server via a command prompt and using cat /etc/samba/smb.conf to verify your changes as you do them.
|
[global]
workgroup = HOMENET
time server = Yes
domain logons = Yes
os level = 65
preferred master = Yes
domain masterc = Yes
Be aware: Security [eq] user and WINS support [eq] yes are default settings for Samba, and they may not show up in your smb.conf file, even though you may see them in SWAT.
Using the SWAT Wizard
The SWAT utility has a Wizard button that can be used to configure your server as a PDC quickly. However the defaults may not be to your liking. For example, the default domain is MYGROUP, and some of the [global] parameters mentioned previously will be set to Auto.
The [homes] Section
Part of the process of adding a user to a Samba domain requires you to create a Linux user on the Samba PDC itself. When you log into the Samba PDC, you'll see a new drive, usually named Z:, added to your PC. This is actually a virtual drive that maps to the corresponding Linux users' login directories on the Linux PDC.
Samba considers all directories to be shares that can be configured with varying degrees of security. The [homes] section governs how Samba handles default login directories.
Table 10.3 explains the minimum settings you need to create a functional [homes] section.
Table 10.3. Minimum Settings for [home] Section of smb.confParameter | Value | Description |
|---|
browseable | No | Doesn't allow others to browse the contents of the directory. | read only | No | Allows Samba users to also write to their Samba Linux directories. | create mask | 0664 | Makes new files created by the user to have 644 permissions. You want to change this to 0600 so that only the login user has access to files. | directory mask | 0775 | Makes new subdirectories created by the user to have 775 permissions. You want to change this to 0700 so that only the login user has access to directories. |
Here's how to set the values using SWAT:
1. | Click on the SWAT shares button to proceed to where shared directories are configured.
| 2. | Click the Advanced button to see all the options.
| 3. | Choose the [homes] share section.
| 4. | Make your changes, and click on the Commit Changes button when finished.
|
Your smb.conf file should resemble this when finished. You can view the contents of the configuration file by logging into the Samba server via a command prompt and using cat /etc/samba/smb.conf to verify your changes as you do them.
[homes]
read only = No
browseable = No
create mask = 0644
directory mask = 0755
The [netlogon] and [profiles] Share Sections
The [netlogon] share section contains scripts that the Windows clients may use when they log into the domain. The [profiles] share section stores settings related to the look and feel of Windows so that the user has the same settings no matter which Windows PC is logged into. The [profiles] share section stores such things as favorites and desktop icons.
Your smb.conf file should look like this when you're finished:
[netlogon]
path = /home/samba/netlogon
guest ok = Yes
[profiles]
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
Here's how to do it:
1. | Click the Shares button.
| 2. | Create a [netlogon] share section.
| 3. | Modify the path and guest ok settings.
| 4. | Click on the Commit Changes button.
| 5. | Create a [profiles] share section.
| 6. | Modify the path, mask, and read only settings. The mask settings allow only the owner of the netlogon subdirectory to be able to modify its contents.
| 7. | Click on the Commit Changes button.
|
Remember to create these share directories from the command line afterwards:
[root@bigboy tmp]# mkdir -p /home/samba/netlogon
[root@bigboy tmp]# mkdir -p /home/samba/profile
[root@bigboy tmp]# chmod -r 0755 /home/samba
The [printers] Share Section
Samba has special shares just for printers, and these are configured in the [printers] section of SWAT. There is also a share under [printers] called printers that governs common printer settings. Print shares always have the printable parameter set to yes. The default smb.conf [printers] share section looks like this:
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
Shares for Specific Groups of Users
The default Samba Version 3 smb.conf file you saved at the beginning of this exercise has many varied examples that you may use and apply to your particular environment. You can find the steps for creating a simple shared directory for home users in Chapter 11, "Sharing Resources Using Samba."
| 
