Creating a Starter Configuration -CodeIdol

Creating a Starter Configuration

The easiest way to configure a Samba server to be the PDC for a small network is by using SWAT. You'll need to edit the various sections of the smb.conf file, so I'll walk you through what you'll find in each.

The [global] Section

The [global] section governs the general Samba settings. Figure explains the parameters you need to set to create a PDC.

Figure Minimum Settings for the [global] Section of `smb.conf`
Parameter	Value	Description
`domain logons`	Yes	Tells Samba to become the PDC.
`preferred master`	Yes	Makes the PDC act as the central store for the names of all Windows clients, servers, and printers on the network. Very helpful when you need to browse your local network for resources. Also known as a local master browser.
`domain master`	Yes	Tells Samba to become the master browser across multiple networks all over the domain. The local master browsers register themselves with the domain master to learn about resources on other networks.
`Os level`	65	Sets the priority the Samba server should use when negotiating to become the PDC with other Windows servers. A value of 65 usually makes the Samba server win.
`wins support`	Yes	Allows the Samba server to provide name services for the network. In other words, it keeps track of the IP addresses of all the domain's servers and clients.
`time server`	Yes	Lets the Samba server provide time updates for the domain's clients.
`domain`	"homenet"	The name of the Windows domain you'll create. The name you select is your choice. I've decided to use homenet.
`security`	User	Makes domain logins query the Samba password database located on the Samba server itself.

Here's how to set the values using SWAT:

1.	Log into SWAT, and click on the [global] section.
2.	Click the Advanced button to see all the options.
3.	Make your changes, and click on the Commit Changes button when finished.
4.	Your `smb.conf` file should resemble the example below when you're finished. You can view the contents of the configuration file by logging into the Samba server via a command prompt and using `cat /etc/samba/smb.conf` to verify your changes as you do them.

     [global]
             workgroup = HOMENET
             time server = Yes
             domain logons = Yes
             os level = 65
             preferred master = Yes
             domain masterc = Yes

Be aware: Security [eq] user and WINS support [eq] yes are default settings for Samba, and they may not show up in your smb.conf file, even though you may see them in SWAT.

Using the SWAT Wizard

The SWAT utility has a Wizard button that can be used to configure your server as a PDC quickly. However the defaults may not be to your liking. For example, the default domain is MYGROUP, and some of the [global] parameters mentioned previously will be set to Auto.

The [homes] Section

Part of the process of adding a user to a Samba domain requires you to create a Linux user on the Samba PDC itself. When you log into the Samba PDC, you'll see a new drive, usually named Z:, added to your PC. This is actually a virtual drive that maps to the corresponding Linux users' login directories on the Linux PDC.

Samba considers all directories to be shares that can be configured with varying degrees of security. The [homes] section governs how Samba handles default login directories.

Figure explains the minimum settings you need to create a functional [homes] section.

Figure Minimum Settings for [home] Section of `smb.conf`
Parameter	Value	Description
`browseable`	No	Doesn't allow others to browse the contents of the directory.
`read only`	No	Allows Samba users to also write to their Samba Linux directories.
`create mask`	0664	Makes new files created by the user to have 644 permissions. You want to change this to 0600 so that only the login user has access to files.
`directory mask`	0775	Makes new subdirectories created by the user to have 775 permissions. You want to change this to 0700 so that only the login user has access to directories.

Here's how to set the values using SWAT:

1.	Click on the SWAT shares button to proceed to where shared directories are configured.
2.	Click the Advanced button to see all the options.
3.	Choose the [homes] share section.
4.	Make your changes, and click on the Commit Changes button when finished.

Your smb.conf file should resemble this when finished. You can view the contents of the configuration file by logging into the Samba server via a command prompt and using cat /etc/samba/smb.conf to verify your changes as you do them.

     [homes]

        read only = No
        browseable = No
        create mask = 0644
        directory mask = 0755

The [netlogon] and [profiles] Share Sections

The [netlogon] share section contains scripts that the Windows clients may use when they log into the domain. The [profiles] share section stores settings related to the look and feel of Windows so that the user has the same settings no matter which Windows PC is logged into. The [profiles] share section stores such things as favorites and desktop icons.

Your smb.conf file should look like this when you're finished:

     [netlogon]
             path = /home/samba/netlogon
             guest ok = Yes

     [profiles]
             path = /home/samba/profiles
             read only = No
             create mask = 0600
             directory mask = 0700

Here's how to do it:

1.	Click the Shares button.
2.	Create a [netlogon] share section.
3.	Modify the `path` and `guest ok` settings.
4.	Click on the Commit Changes button.
5.	Create a [profiles] share section.
6.	Modify the `path`, `mask`, and `read only` settings. The `mask` settings allow only the owner of the `netlogon` subdirectory to be able to modify its contents.
7.	Click on the Commit Changes button.

Remember to create these share directories from the command line afterwards:

     [root@bigboy tmp]# mkdir -p /home/samba/netlogon
     [root@bigboy tmp]# mkdir -p /home/samba/profile
     [root@bigboy tmp]# chmod -r 0755 /home/samba

The [printers] Share Section

Samba has special shares just for printers, and these are configured in the [printers] section of SWAT. There is also a share under [printers] called printers that governs common printer settings. Print shares always have the printable parameter set to yes. The default smb.conf [printers] share section looks like this:

     [printers]
         comment = All Printers
         path = /var/spool/samba
         printable = Yes
         browseable = No

Shares for Specific Groups of Users

The default Samba Version 3 smb.conf file you saved at the beginning of this exercise has many varied examples that you may use and apply to your particular environment. You can find the steps for creating a simple shared directory for home users in Chapter 11, "Sharing Resources Using Samba."

June 14, 2007, 4:29 a.m.
posted by whitehat

Creating a Starter Configuration