Página 1 de 6
Configuración de Samba
Vamos a configurar Samba como controlador del dominio BEZMI.IES.
Controlador de dominio
El fichero /etc/samba.smb.conf
workgroup = BEZMI.IES security = user server string = Servidor Samba %v netbiosname = CARONTE enable privileges = yes encrypt passwords = Yes null passwords = Yes passwd program = /usr/sbin/smbldap-passwd "%u" username map = /etc/samba/smbusers guest account = nobody map to guest = never map acl inherit = Yes passdb backend = ldapsam:ldap://localhost ### kerberos realm = BEZMI.IES kerberos method = secrets and keytab ### logs log level = 2 passdb:3 auth:5 winbind:3 log file = /var/log/samba/log.%m max log size = 150 ### Dominio domain master= yes logon script = login.bat ; logon script = %U.bat domain logons = Yes ; logon path = \\%L\%U\profile logon path = logon drive = U: logon home = \\%N\%U wins support=yes preferred master = Yes os level=99 client use spnego = yes client schannel = no ##### Red interfaces = lo eth0 192.168.10.1/24 bind interfaces only = yes hosts allow = 192.168.10. 127. time server = Yes ### Usuarios add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -W "%u" admin users = root Administrator ### LDAP copnfig ldap admin dn = cn=root,dc=bezmi,dc=es ldap passwd sync = yes ldap suffix = dc=bezmi,dc=es ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ; ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldapsam:editposix = yes idmap_ldb:use rfc2307 = Yes ldap ssl = off ldap delete dn = yes ; ldapsam:trusted=yes ### Winbind config. ; winbind separator = + winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/samba/%D/%U template shell = /bin/bash winbind use default domain = false allow trusted domains = yes idmap config * : range = 16777216-33554431 winbind offline logon = false preserve case = yes ### Impresión printcap name = CUPS printing = cups printing = cups load printers = Yes show add printer wizard = Yes max print jobs = 100 lpq cache time = 20 use client driver = no disable spoolss = No max reported print jobs = 1000
Miembro del dominio
Si queremos un miembro de dominio en lugar de un controlador (DC) eliminamos
security = user domain master= yes domain logons = Yes
y añadimos
security = domain