Solved

Samba and Window 7

Posted on 2013-11-17
7
689 Views
Last Modified: 2013-11-22
Need to do following thing
Samba set up as a Domain
    1: Home Folder H:
   2: roaming profiles
   3: Policy Share , read only with netlogon.bat
  4: Docs Share , read and write only with netlogon.bat
  5: Machine account for Win 7
  6: Samba user account

Need configuration how to setup samba with window 7 and also need netlogon.bat script

POLICY : read only accessible by all users with drive letter M:
Docs : read and write accessible by all users with drive letter N:

Thnks
0
Comment
  • 2
  • 2
7 Comments
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 39655698
Hi,

Install samba4 in ubuntu server & make entry in resolve.conf
when you installed samba then run it to make domain controller

      
/usr/share/samba/setup/provision --realm=domain.name --domain=DOMAIN --adminpass='Test123' --server-role=dc

It create DC in server & restart samba service.

For test run cmd in your terminal.
#smbclient -L localhost -U%

OUTPUT is
      
Sharename       Type       Comment
---------              ----            -------
netlogon           Disk
sysvol               Disk

After following step configure dns for need a naming service in our network to resolve hosts and services.

make entry in etc/bind/named.conf
include "/var/lib/samba/private/named.conf"

for secure server make entry in apparmor
AppArmor need to make sure that Bind has the rights to access the files provided by Samba.

/etc/apparmor.d/usr.sbin.named

/var/lib/samba/private/** rkw,
/var/lib/samba/private/dns/** rkw,
/usr/lib/x86_64-linux-gnu/samba/bind9/** rm,
/usr/lib/x86_64-linux-gnu/samba/gensec/** rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/** rm,

now reload apparmor service.
Now again restart bind9,samba service in samba server.

Now join your win7 machine in domain
If you are unable to join domain then check time in client and server & configure WINS in window 7 network property.
0
 
LVL 2

Author Comment

by:Mohammad Aamir Qureshi
ID: 39656089
I am sorry to tell you that I have linux server centos 6.3 version
I have already installed samba server just need to configure my smb.conf file
my server name is server1 with IP 192.168.1.1
0
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 39656106
0
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 39669536
The tutorial shown by xeroxzerox above is an excellent install tutorial for Samba 4.

You MUST use Samba 4 to become an AD server (Samba 3's AD support was limited to being an AD member, not a server!)

Once you configure your Samba 4 as an AD server, you'll just need to define the shares:

NOTE: The user's login scripts will need to be in a NETLOGON share (which is nearly ALWAYS read-only).

The presence of the LOGON PATH variable will enable the roaming profiles (be careful of the underlying Linux user permissions, not just the ones for Samba users!). The LOGON PATH variable will point to a URL that must also be defined as a share, and must be writable.

  [global]
  ...
  domain logons = Yes
  logon path = \\%L\Profiles\%U
  ...
  [Profiles]
        comment = %U Profile
        path = /home/samba/Profiles
        read only = No
        profile acls = Yes
   ...
Where %L is the name of the server and %U is the login name of the user

The presence of a LOGON HOME variable will create a home folder capability, and the partner LOGON DRIVE will define the letter. Again, there must be an accompanying HOMES share to match the URL.

  [global]
  ...
  logon home = \\%L\%U
  logon drive = H:
  ...
  [Homes]
        comment = %U Home Directory
        valid users = %S
        read only = No
        browseable = No
   ...


So then your other shares (Policy & Docs) are standard shares... sounds like you also need your netlogon.bat file (which MUST be in a DOS format -- so if you edit it with vim or something, be sure to run it through "unix2dos" before testing).

eventually in that netlogon.bat file you want lines like:
net use m: \\%SERVER%\Policy /persistent:no
net use n: \\%SERVER%\Docs /persistent:no

NOTE: The Read-Only portion (IMHO) needs to be done in your Samba config... just as above we had the [Netlogon], [Homes] and [Profiles] shares defined with specific options, you'll need to define [Policy] and [Docs] shares.

I hope this helps

Dan
IT4SOHO
0
 
LVL 2

Author Closing Comment

by:Mohammad Aamir Qureshi
ID: 39669623
Thanks to everyone
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Robocopy questions 45 129
setting up spf for our domain 5 22
Application deployments and asset inventory 1 22
Secondary DC 3 17
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now