Configuración de Samba

Vamos a configurar Samba como controlador del dominio BEZMI.IES.

 

Controlador de dominio

El fichero /etc/samba.smb.conf

  
workgroup = 
BEZMI.IES  security = user   server string = Servidor Samba %v  netbiosname = CARONTE  enable privileges = yes  encrypt passwords = Yes  null passwords = Yes  passwd program = /usr/sbin/smbldap-passwd "%u"  username map = /etc/samba/smbusers  guest account = nobody  map to guest = never  map acl inherit = Yes  passdb  backend  = ldapsam:ldap://localhost     ### kerberos  realm = BEZMI.IES  kerberos method = secrets and keytab   ### logs  log level = 2 passdb:3 auth:5 winbind:3  log file = /var/log/samba/log.%m  max log size = 150   ### Dominio  domain master= yes  logon script = login.bat ; logon script = %U.bat  domain logons = Yes ; logon path =  \\%L\%U\profile  logon path =  logon drive = U:  logon home = \\%N\%U    wins support=yes  preferred master = Yes    os level=99  client use spnego = yes  client schannel = no   ##### Red  interfaces = lo eth0 192.168.10.1/24  bind interfaces only = yes  hosts allow = 192.168.10.  127.  time server = Yes   ### Usuarios  add user script = /usr/sbin/smbldap-useradd -m "%u"  delete user script = /usr/sbin/smbldap-userdel "%u"  add group script = /usr/sbin/smbldap-groupadd -p "%g"  delete group script = /usr/sbin/smbldap-groupdel "%g"  add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"  delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"  set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"  add machine script = /usr/sbin/smbldap-useradd -W  "%u"    admin users = root Administrator   ### LDAP copnfig  ldap admin dn = cn=root,dc=bezmi,dc=es  ldap passwd sync = yes  ldap suffix = dc=bezmi,dc=es  ldap user suffix = ou=People  ldap machine suffix = ou=Computers  ldap group suffix = ou=Groups  ldap idmap suffix = ou=Idmap ; ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))    ldapsam:editposix       = yes  idmap_ldb:use rfc2307 = Yes  ldap ssl = off  ldap delete dn = yes ; ldapsam:trusted=yes   ###  Winbind config. ; winbind separator = +  winbind cache time = 15  winbind enum users = yes  winbind enum groups = yes  template homedir = /home/samba/%D/%U  template shell = /bin/bash  winbind use default domain = false  allow trusted domains = yes  idmap config * : range = 16777216-33554431  winbind offline logon = false    preserve case = yes     ### Impresión  printcap name = CUPS  printing = cups  printing = cups  load printers = Yes  show add printer wizard = Yes  max print jobs = 100  lpq cache time = 20  use client driver = no  disable spoolss = No  max reported print jobs = 1000

Miembro del dominio

Si queremos un miembro de dominio en lugar de un controlador (DC) eliminamos

 security = user
 domain master= yes
 domain logons = Yes

y añadimos

        security = domain