Monday, June 3, 2013

Creating Home Folder with Quota for Samba4 Domain Users

This walk through demonstrate how to assign home folder to domain users and implement disk quota

Step 1: Configure Winbind

1.1. Configuring Winbind. Type the following on the command prompt

$ ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so <enter>

$ ln -s /lib/libnss_winbin.so /lib/libnss_winbind.so.2 <enter>

1.2. Modify the /etc/nsswitch.conf

$ vim /etc/nsswitch.conf


Add the keyword winbind to the stanza passwd and group



passwd:          files winbind
group:            files winbind
shadow:         files

As mention in the reference, in some systems the keyword compat is used instead of files.

1.3. Testing.

1.3.1. Check if winbind is pingable, type the command below:

$ /usr/local/samba/bin/wbinfo -p <enter>
Ping to winbindd succeeded

1.3.2.  Show list of users, type the command below:

$ /usr/local/samba/bin/wbinfo -u <enter>
. . .
Administrator
Guest
. . .

The command output is somewhat similar above.

1.3.3. Command "getent passwd" should return output similar shown below:

$ getent passwd <enter>
. . .
\Administrator:*:0:100::/home/Administrator:/bin/false
\Guest:*:3000011:3000012::/home/Guest:/bin/false
. . .

1.3.4. Show information about user using id command

$ id administrator <enter>
uid=0(root) gid=100(users) groups=0(root),100(users),3000004(Group Policy Creator Owners), . . .

As mentioned in the reference, if all these steps are ok then the installation of libnss_winbind is successful and you can enjoy manipulating domain users uid and gid in a much more friendly way.

Step 2. Creating a shared folder
 2.1. Edit the smb.conf file

$ vim /usr/local/samba/etc/smb.conf <enter>

modify the smb.conf file to add the lines below,

[homes]
           comment = Home Directory
           path = /home
           read only = No

2.2. Configure user's home directory using the tool Remote System Administration Tool (RSAT). Login as administrator in a domain member client PC (RSAT installed) and access Active Directory Users and Computers.


Select the OU where the user belongs and click the User's Properties

On the user properties select the Profile tab and under the Home Folder section, set the following settings as shown in the figure below:


When clicking apply, the %username% label will be replaced by the user's actual name. In your samba4 home (/home) directory, it will also create that folder automatically for that user.
Now login the user from the same or different domain member pc and a network drive (home folder) will be automatically map for the user.

 
Step 3: Configure Disk Quota for the user.

<to be continue>
Reference:
  1. https://wiki.samba.org/index.php/Samba4/Winbind
  2. http://www.thegeekstuff.com/2010/07/disk-quota/
Posted by at No comments:

Saturday, May 4, 2013

Installing and configuring Samba 4 as Domain Controller

Important readings about major developments on Samba 4 : https://www.samba.org/samba/news/releases/4.0.0.html

The following are my compilations on setting up a working active directory server using Samba 4 on Ubuntu Server 64-bit 12.04.1 LTS

Initial Configuration
Samba Version: Samba-4.0.5
OS: Ubuntu Server 64-bit 12.04.1 LTS
GUI Installed? No
Hostname: dc1
Domain: mySamba.local
IP Address: 192.168.1.3
gateway: 192.168.1.1

Throughout the steps, I login as root. If you have not configure your network interface, it maybe configure to receive IP from your DHCP router/server by default. you may verify the settings by typing # vi /etc/network/interfaces

Step 1: Install updates and required packages. Note that it will take some time to install these packages.

 $ apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev quota vim vim-scripts vim-doc vim-latexsuite vim-gui-common vim-gnome <enter>

 Step 2: Download and install samba 4 packages

$ wget http://ftp.samba.org/pub/samba/samba-4.0.4.tar.gz <enter>

This will download the file to the current working directory. Extract the file using the command below.

tar -zxvf samba-4.0.5.tar.gz <enter>

Enter the samba-4.0.5 directory and type the following commands:

$ .\configure <enter>

$ make <enter>

$ make install <enter>

Note that the process for each command will take time.

Step 3: Modify network interface, hosts, hostname and resolv.conf file. Since VIM was already installed, I recommend using it than the VI editor. Type the command below:

$ vim /etc/network/interfaces <enter>

Follow the configuration and adjust it according to your current network setup

auto lo eth0
iface lo inet loopback
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.3 192.168.1.1
dns-domain dc1.mySamba.local

Save the file and exit VIM editor. Edit also the hosts file by typing the command below:

$ vim /etc/hosts <enter>

127.0.0.1             localhost
192.168.1.3         dc1  dc1.mySamba.local

Save the file and exit VIM editor. Edit also the hostname file by typing the command below:

$ vim /etc/hostname <enter>

dc1

Save the file and exit VIM editor. Edit also the hostname file by typing the command below:

$ vim /etc/resolv.conf <enter>

nameserver 127.0.0.1
search dc1.mySamba.local

Reboot Ubuntu Server to make sure the changes takes effect. Type the command below to reboot:

$ reboot <enter>

 Step 4: Run Samba 4 provision.
On the command prompt, type the following command: $ /usr/local/samba/sbin/samba-tool domain provision

Realm: mySamba.local <enter>
Domain [mySamba]: <enter>
Server Role (dc, member, standalone) [dc]: <enter>
DNS Backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: <enter>
DNS forwarder IP address (write 'none' to disable  forwarding): 192.168.1.1 <enter>
Administrator password:
Retype password:

Remember to type a strong password like Pa$$w0rd in order that the provision will work. Please click the Samba HowTo under the reference about this issue.

192.168.1.1 is the IP address of my firewall, I also configure the DHCP service to give out DNS 192.168.1.3 and the public DNS which comes from our DSL provider. In this case, you don't have to modify network interface settings of windows 7 or 8 client in order to join the domain.

After the provision, run samba by typing the command:

$ /usr/local/samba/sbin/samba <enter>

Step 5: Testing Samba Server

5.1. To show the list of shares in your domain controller. Type the command:

$ /usr/local/samba/bin/smbclient -L localhost -U% <enter>

The output should be similar to the one below:

     Sharename      Type      Comment
       ---------          ----         -------
       netlogon        Disk
       sysvol            Disk
       IPC$              IPC        IPC Service (Samba 4.0.5)
5.2. Testing authentication

$ /usr/local/samba/bin/smbclient //localhost/netlogon -UAdministrator%'pa$$w0rd' -c 'ls' <enter>

Domain=[mySamba] OS=[Unix] Server=[Samba 4.0.5]
    .                                                    D                     0             Tue   Apr  9  02:17:13 2013
    . .                                                  D                     0             Tue   Apr  9  02:17:31 2013
                                 50242 blocks of size 1023475. 63234 blocks available

If anything fails, type the following command below to restart samba and test the server again.

$ kill samba <enter>
$ /usr/local/samba/sbin/samba <enter>

5.3. Testing Internal DNS

$ host -t SRV _ldap._tcp.mySamba.local <enter>
_ldap._tcp.mySamba.local has SRV record 0 100 340 dc1.mySamba.local.

$ host -t SRV _kerberos._udp.mySamba.local <enter>
_kerberos._udp.mySamba.local has SRV record 0 100 89 dc1.mySamba.local.

$ host -t A mySamba.local <enter>
mySamba.local has address 192.168.1.3

If all the command output is similar to the one shown above, meaning your samba 4 internal DNS is working.

6. Join Windows 7 or 8 client into the domain.
Make sure that your DHCP server has added DNS entry pointing to the samba 4 server, if not then add the IP address of your samba 4 DC  manually in one of the DNS entry of the Windows client interface you wish to join the domain.



Join the windows client into the domain. Enter administrator and the password in the authentication box and after that the system will reboot.


In one of the Windows Client Domain Member, login as Administrator and install RSAT or Remote System Administration Tool. By this tool you can administer users and group policy for your domain.

In my next posting, I will show how to create home folders for users at the same time, group share.
Please refer to the reference for troubleshooting and further readings.



Reference:
http://paulcolfer.ie/os/linux/samba-4-domain-controller-on-ubuntu-server-12-04/
http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Posted by at 1 comment:
Subscribe to: Posts (Atom)