Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 731
  • Last Modified:

Samba and Window 7

Need to do following thing
Samba set up as a Domain
    1: Home Folder H:
   2: roaming profiles
   3: Policy Share , read only with netlogon.bat
  4: Docs Share , read and write only with netlogon.bat
  5: Machine account for Win 7
  6: Samba user account

Need configuration how to setup samba with window 7 and also need netlogon.bat script

POLICY : read only accessible by all users with drive letter M:
Docs : read and write accessible by all users with drive letter N:

Thnks
0
Mohammad Aamir Qureshi
Asked:
Mohammad Aamir Qureshi
  • 2
  • 2
1 Solution
 
xeroxzeroxCommented:
Hi,

Install samba4 in ubuntu server & make entry in resolve.conf
when you installed samba then run it to make domain controller

      
/usr/share/samba/setup/provision --realm=domain.name --domain=DOMAIN --adminpass='Test123' --server-role=dc

It create DC in server & restart samba service.

For test run cmd in your terminal.
#smbclient -L localhost -U%

OUTPUT is
      
Sharename       Type       Comment
---------              ----            -------
netlogon           Disk
sysvol               Disk

After following step configure dns for need a naming service in our network to resolve hosts and services.

make entry in etc/bind/named.conf
include "/var/lib/samba/private/named.conf"

for secure server make entry in apparmor
AppArmor need to make sure that Bind has the rights to access the files provided by Samba.

/etc/apparmor.d/usr.sbin.named

/var/lib/samba/private/** rkw,
/var/lib/samba/private/dns/** rkw,
/usr/lib/x86_64-linux-gnu/samba/bind9/** rm,
/usr/lib/x86_64-linux-gnu/samba/gensec/** rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/** rm,

now reload apparmor service.
Now again restart bind9,samba service in samba server.

Now join your win7 machine in domain
If you are unable to join domain then check time in client and server & configure WINS in window 7 network property.
0
 
Mohammad Aamir QureshiAuthor Commented:
I am sorry to tell you that I have linux server centos 6.3 version
I have already installed samba server just need to configure my smb.conf file
my server name is server1 with IP 192.168.1.1
0
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
The tutorial shown by xeroxzerox above is an excellent install tutorial for Samba 4.

You MUST use Samba 4 to become an AD server (Samba 3's AD support was limited to being an AD member, not a server!)

Once you configure your Samba 4 as an AD server, you'll just need to define the shares:

NOTE: The user's login scripts will need to be in a NETLOGON share (which is nearly ALWAYS read-only).

The presence of the LOGON PATH variable will enable the roaming profiles (be careful of the underlying Linux user permissions, not just the ones for Samba users!). The LOGON PATH variable will point to a URL that must also be defined as a share, and must be writable.

  [global]
  ...
  domain logons = Yes
  logon path = \\%L\Profiles\%U
  ...
  [Profiles]
        comment = %U Profile
        path = /home/samba/Profiles
        read only = No
        profile acls = Yes
   ...
Where %L is the name of the server and %U is the login name of the user

The presence of a LOGON HOME variable will create a home folder capability, and the partner LOGON DRIVE will define the letter. Again, there must be an accompanying HOMES share to match the URL.

  [global]
  ...
  logon home = \\%L\%U
  logon drive = H:
  ...
  [Homes]
        comment = %U Home Directory
        valid users = %S
        read only = No
        browseable = No
   ...


So then your other shares (Policy & Docs) are standard shares... sounds like you also need your netlogon.bat file (which MUST be in a DOS format -- so if you edit it with vim or something, be sure to run it through "unix2dos" before testing).

eventually in that netlogon.bat file you want lines like:
net use m: \\%SERVER%\Policy /persistent:no
net use n: \\%SERVER%\Docs /persistent:no

NOTE: The Read-Only portion (IMHO) needs to be done in your Samba config... just as above we had the [Netlogon], [Homes] and [Profiles] shares defined with specific options, you'll need to define [Policy] and [Docs] shares.

I hope this helps

Dan
IT4SOHO
0
 
Mohammad Aamir QureshiAuthor Commented:
Thanks to everyone
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now