A domain member server is similar to a
stand-alone server that is logged in to a windows based (Server 2003) domain
controller. An example of a domain member server would be a departmental server
that is running Samba Server which has a machine account in Primary domain
controller on a windows machine (Server 2003). All of
the department's clients can authenticate with the PDC, and desktop profiles
and all network policy files are included. The difference is that the
departmental server has the ability to control printer and network shares.
Preparing
windows server 2003 as a domain controller:
Operating
System: Windows Server 2003 Enterprise Edition
Machine
Name: wdc01
Machine
IP: 210.207.201.100
Domain
Name: alphabd.net
FQDN: wdc1.alphabd.net
Step-1: Install
& Configure DNS server on windows server 2003
Start
→ Program → Administrative tools → Configure
Your Server Wizard → Next → Next → Custom
Configuration → Next → Select DNS
→ Next → Next → wait a moment → Next
Select
Create forward and reverse lookup zones
(2nd option) → Next → Select Yes
create a forward lookup zone now → Next → Primary zone → Next → Provide zone name into the Zone name field as
“alphabd.net” → Next → keep the
default settings → Next → Select “Allow
both nonsecure and secure dynamic update → Next
Select Yes create a reverse lookup zone now →
Next → Primary zone → Next → Type “210.207.201.” in to the Network ID field → Next → Keep the
default settings → Next → Select “Allow
both nonsecure and secure dynamic update → Next → Next → Cancel → Finish →
OK → Finish → Manager the server wizard
page will display, close the page.
Edit the DNS Resources Record
HOST
Add (A):
Start
→ Program → Administrative tools → DNS → Right click on “wdc01” → All tasks → Restart → Expand the Forward lookup zones → Right click on “alphabd.net” → New host (A) → Type “wdc01” in to the Name field → Type “210.207.201.100” in to the IP address field → Select the “Create associated pointer (PTR) record”
check box → Add Host → OK → Done
PTR
Record defines:
Expand
the Reverse lookup zone → Select “210.207.201.x Subnet” from the right
pane you will see that the PTR record is added automatically, if not added then
Right click on Right pane → Refresh
SOA
& Name Server Record define:
Expand Forward lookup Zone → Click alphabd.net
→ Double click on Start of Authority
(SOA) → Ensure that SOA tab is
selected → Click Browse from the Primary
server: section → Then double click on your machine name (in this case my
machine is wdc01) → Double click on
Forward lookup Zone → alphabd.net
double click → Select wdc01 → OK
Click Browse from the Responsible person: section → Then
double click on your machine name (in this case my machine is wdc01) → Double click on Forward lookup Zone → Select All Record From the Record type section → Double click on alphabd.net → Select wdc01 → OK → Just remove the wdc01 and type hostmaster → OK
Do the Same Task into the Reverse Lookup Zone file.
Name
Server Record Edit:
From the Forward lookup Zone Double Click on Name Server record → Edit → Type the Full name of the DNS domain
(wdc01.alphabd.net.) → Click Resolve → OK
Do
the Same Task into the Reverse Lookup
Zone file.
Prepare Samba for acting as
Member Server
Basic Configuration
Step-1: Check samba rpm package is installed or
not by following this command:
[root@srv1 ~]# rpm
-qa | grep –i samba* or
[root@srv1 ~]# rpm –qa samba*
samba-common-3.0.33-3.14.el5
samba-swat-3.0.33-3.14.el5
samba-3.0.33-3.14.el5
samba-client-3.0.33-3.14.el5
system-config-samba-1.2.41-5.el5
If
not installed then install the packages using yum command
[root@srv1 ~]# Yum Install samba* -y
Step-2: Check
and Configure the Network Card:
[root@srv1 ~]# vi
/etc/sysconfig/network-scripts/ifcfg-eth0
(Modified File):
#Broadcom Corporation Net link BCM57875 Gigabyte
Ethernet PCI Express
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29: EB: B2: CA
ONBOOT=yes
TYPE=Ethernet
PEERDNS=no
USERCTL=no
IPV6INIT=no
IPADDR=210.207.201.8
NETMASK=255.255.255.0
NETWORK=210.207.201.0
BROADCAST=210.207.201.255
After changing
you have to reload/restart the NIC(eth0) card by following command:
[root@srv1 ~]# ifdown
eth0
[root@srv1 ~]# ifup
eth0
[root@srv1 ~]# service
network restart
Step-3: After complete
the NIC configure you have to change the host name by following this command:
[root@samba ~]# vi
/etc/sysconfig/network
(Modified
File):
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=srv1
Additional
configuration for Samba Server
Creating & Managing Users &
Groups:
Step-1:
Create A Group Named “samba-users”
& define a directory Named “Resources”
for sharing resources.
[root@srv1 ~]# groupadd samba-users
[root@srv1 ~]# mkdir /opt/Resources
Step-2:
Create some samba users with password & add them into “samba-users” group also defines the “Resources” directory for those users.
[root@srv1 ~]# useradd –g samba-users
–d /opt/Resources user1
[root@srv1 ~]# useradd –g samba-users
–d /opt/Resources user2
[root@srv1 ~]# useradd –g samba-users
–d /opt/Resources administrator
[root@srv1 ~]# smbpasswd –a user1
[root@srv1 ~]# smbpasswd –a user2
[root@srv1 ~]# smbpasswd –a
administrator
Step-3: Set samba
“root” password for login as “root” user from both windows & Linux machine.
[root@srv1 ~]# smbpasswd –a root
Step-4:
Assign the appropriate permission for “Resources”
directory against those users.
[root@srv1 ~]# chown root:samba-users
/opt/Resources/
[root@srv1 ~]# chmod 750 /opt/Resources/
Step-5:
Now create some sub directory into “Resources”
directory named “Documents”, “Software”, & “Others”
[root@srv1 ~]# mkdir –p
/opt/Resources/Documents
[root@srv1 ~]# mkdir –p
/opt/Resources/Software
[root@srv1 ~]# mkdir –p
/opt/Resources/Others
Step-6:
Now set the permission for those sub directories that owner can read, write
& delete but others users can not delete the files but should have read
& write permission.
[root@srv1 ~]# chown root:samba-users
/opt/Resources/Documents
[root@srv1 ~]# chown root:samba-users
/opt/Resources/Software
[root@srv1 ~]# chown root:samba-users
/opt/Resources/Others
[root@srv1 ~]# chmod 1770
/opt/Resources/Documents
[root@srv1 ~]# chmod 1770
/opt/Resources/Software
[root@srv1 ~]# chmod 1770
/opt/Resources/Others
Step-7:
Now create an anonymous accessible directory with read & write permission
that anonymous user can access this directory
[root@srv1 ~]# mkdir /opt/Public
[root@srv1 ~]# groupadd
anonymous-users
[root@srv1 ~]# useradd –g
anonymous-users –d /opt/Public guest
[root@srv1 ~]# useradd –g
anonymous-users –d /opt/Public nobody
[root@srv1 ~]# chown
root:anonymous-users /opt/Public/
[root@srv1 ~]# chmod 777 /opt/Public/
Step-8: Set blank
password for anonymous users that they can access this folder without password
[root@srv1 ~]# smbpasswd –a guest
[root@srv1 ~]# smbpasswd –a nobody
Server Configuration
Step-1: To configure Samba as a member server of windows domain controller edits the smb.conf file as like below
[root@srv1 ~]# vi /etc/samba/smb.conf
#==================== Global Settings
================
workgroup = ALPHABD
server
string = Member Server
netios
name = SRV1
hosts
allow = 127. 210.207.201.
# --------------------------- Logging
Options -----------------------------
log file =
/var/log/samba/%m.log
max log
size = 50
# ----------------------- Domain Members
Options ------------------------
security = ADS
passdb
backend = tdbsam
realm = ALPHABD.NET
password
server = *
encrypt
password = yes
# ----------------------- Browser
Control Options ----------------------------
local master = no
os level
= 33
preferred
master = no
#----------------------------- Name
Resolution -------------------------------
wins support = yes
# --------------------------- Printing
Options -----------------------------
printing = cups
#========================= Share
Definitions =====================
[Resources]
comment =
All Resources for domain uers
path = /opt/Resources
browseable
= yes
writable
= yes
valid
users = root user1 admin
public =
no
printable
= no
create
mask = 0765
write
list = @samba-users @Administrator
Step-2: Configure Kerberos authentication on
member server (on samba server)
Kerberos is an authentication protocol that is used to send data from one system to another in encrypted form.
[root@srv1 ~]# vi /etc/krb5.conf
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ALPHABD.NET
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
ALPHABD.NET = {
kdc = wdc01.Alphabd.net:88
admin_server = wdc01.Alphabd.net:749
default_domain = Alphabd.net
}
[domain_realm]
.example.com = ALPHABD.NET
example.com = ALPHABD.NET
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Step-3: Adding Samba as member Server of a Domain
(Windows Based Domain):
In order to join a member server to
an Active directory domain you have to complete the task step by step as below:
- Create a machine account of member server in to the domain controller.
- Associate the member server to the Active directory domain
Create
Machine Account:
To create the machine account & join the windows 2003
Active Directory, Kerberos must be initialized for the member server. To create
an administrative Kerberos ticket, type the following command as root on the
following command as root on the member server:
[root@srv1 ~]# kinit Administrator@ALPHABD.NET
The kinit command is a Kerberos initialization scripts
that references the Active Directory Administrator account & Kerberos
realm. Since Active Directory requires Kerberos tickets, kinit obtains &
caches Kerberos ticket-granting tickets for clients/server authentication.
To join Active directory server
(srv1.Alphabd.net) type the following command as root on the member server:
[root@srv1
~]# net rpc join -U Administrator%windows machine admin password
Since the machine samba was automatically found
in the corresponding Kerberos realm (kinit command succeeded), & net
command connects to the Active Directory Server using its required
administrator account & password. This creates appropriate machine account
on the Active Directory & grants permissions to the Samba domain member
server to the domain.
Note:
Although it is possible for Samba to be a member of an Active directory, but it
is not possible for Samba to operate as an Active directory domain controller.
Sharing & Accessing Samba Share
Step1: Accessing shared Resources from
Windows machine:
Double Click on My Network Place → Click
“Entire Network”→ Microsoft Windows Network → Double Click on ALPHABD icon →
here you will show the Samba Server & all Windows machine → Double Click
Samba Server → Double click your Share resources & create, delete,
copy/paste everything you can do now.
You
can also use your home directory by using Network Drive to do this Double Click
on My Computer icon → Follow the Network Device Section → Double click a Drive
then put you necessary documents in to it.
Step-2: Accessing
share resources by mounting Linux share on windows machine:
Samba
is a program which allows you to share your files between Linux and Windows.
Your Statistics Samba share contains all of your Linux files. By mounting the
Samba share on your Windows machine, you will be able to access your files
across the operating systems.
Scenario:
1.
Select
Start → Run and type “secpol.msc”. Press “Enter” or Start → Program → Administrative Tools
→ Local Security Policy.
2.
Expand the Local policies Container → Security
Options.
3.
Locate
“Network Security: LAN Manger authentication level” → Double Click.
4.
Change
the setting it from “Send LM & NTLM responses” to “Send LM & NTLM –
useNTLMv2 session security if negotiated” → OK.
5.
Open
My Computer → Tools → Map Network Drive.
6.
Click
on “Drive: “drop down menu & choose A drive Letter (Z :)
7.
Click
Browse → Select Entire Network → Microsoft windows Network → Choose you
workgroup/domain name → Select Samba Machine → Select A share folder that you
want to map with windows → OK.
8.
Make
Sure the “Reconnect at Logon” box is checked → Finish.
9.
Samba
should now be Visible in “My Computer”.
Step-3:
Sharing
windows Resources that you can access from Linux machine
You can also
share so many Resources of windows machine for accessing from Linux machine.
You can share CD-ROM, DVD, floppy or hard disk drive installed on a Windows
machine. In this section I'll show you how to share a CD-ROM drive from windows
machine & also how to access it from Linux machine.
The Windows client machine should
be setup first as a member of a Samba domain or workgroup. The next step is to
make the CD-ROM drive shared. The steps you used depend on which version of Windows
you have.
For Windows XP:
- Double click 'My Computer'
- Right click on the CD-ROM drive and choose ' Properties' then Sharing
- Set the Share Name as 'cdrom' and the appropriate access control
- Logout and login again as normal using your current login
Step-4:
Mount the shared CD-ROM drive on Linux machine and put a share
definition on smb.conf file that you can access it from both Linux & all other
windows machine. To do it follow the below.
[root@ srv1]# mkdir /opt/CDROM
[root@ srv1]# chown root:samba-users /opt/CDROM
[root@ srv1]# smbmount //IP or machine name/Share_name /opt/CDROM
OR
[root@ srv1]# mount –t smbfs //IP or machine name/share_name /opt/CDROM
After that you should permanently mount the drive that it can load the share on every restart.
[root@ ~]# vi /etc/fstab
Then type this path following by space or tab key
//windows_IP/Share_name /opt/CDROM smbfs username=nobody 0 0
Now put a share definition in to the share section on smb.conf
From Linux machine:
[root@ srv1]# smbclient –L //Win_IP
Now you can use various command like: - dir, cd, put, get, pwd, ls, mget, q etc
Testing the Samba Configuration File
To test the configuration file for syntax errors, use the “testparm” command. It will also list all settings currently in place, including defaults that may not appear in the configuration file.
[root@samba ~]# testparm –v
Testing
Share Configuration:
Use the smbclient command to test your share. You should substitute the name of your Windows client PC for "Client1," and in place of "username" provide a valid workgroup/domain username that normally has access to the Windows client. You should get output like this when using the username's corresponding password:
[root@srv1 ~]# smbclient -L Client1 -U user1
Hello There. I found your blog using msn. This is a really well written article. I will make sure to bookmark it and return to read more of your useful information. Thanks for the post. I will definitely comeback.
ReplyDeleteJaxon Crushable Ford Fedora
Thnk's Mr. Jaxon
ReplyDeleteLinux training at http://www.icanxplore.com transform your Linux skill.
ReplyDeleteLinux training For Linux System Administrator and Linux training for Windows Users at http://www.icanxplore.com
ReplyDeleteI think that is not very wise to have samba user root! Samba can be security hole.
ReplyDeleteI like this article. thank you.
ReplyDeleteI am sharing this article in http://tutpub.com/
Great Post, I love to read articles that are informative and actually have good content. Thank you for sharing your experiences and I look forward to reading more.
ReplyDeletecpanel server provider services
thank u for sharing the article
ReplyDeletehttp://www.enrollmytraining.com/linux-administration-online-training/
thank you very much for your tutorial.these are very helpfull for students and profeassionals.one of the recommanded blog.such a wonderful content
ReplyDeleteLinux Admin Online Training
Hey there, first of all, thank you so much for this post and honestly, I was searching for the same information from last few days. Keep posting and keep sharing.
ReplyDeletehttps://supportwala.net/linux-server-management
Hence, our Linux Training courses provide delegates with the skills needed to work proactively in a Linux environment. Our training courses enable staff at all levels to appreciate Linux and the adaptable features that are accessible, to help enhance efficiency. While developing knowledge of the connection between OS and business improvement, this course is designed for system administrators, developers, architects, decision makers, and new yearning Linux users.
ReplyDeleteFor More Info: Linux Course in Gurgaon
Thanks for your informative article and the blog. Your article is very useful for .
ReplyDeleteLinux System Administration
Great one, post admin keep it up...
ReplyDelete5 Instant Approval Site (DoFollow Backlink)
Antalya
ReplyDeleteAntep
Burdur
Sakarya
istanbul
PİCZVB
elazığ
ReplyDeletegümüşhane
kilis
siirt
sakarya
AFZ
sinop
ReplyDeletesakarya
gümüşhane
amasya
kilis
6GCNW
ankara parça eşya taşıma
ReplyDeletetakipçi satın al
antalya rent a car
antalya rent a car
ankara parça eşya taşıma
0AVHEF
şırnak evden eve nakliyat
ReplyDeletemuğla evden eve nakliyat
hatay evden eve nakliyat
niğde evden eve nakliyat
ardahan evden eve nakliyat
2QROMZ
van evden eve nakliyat
ReplyDeletesivas evden eve nakliyat
çankırı evden eve nakliyat
bartın evden eve nakliyat
erzincan evden eve nakliyat
OCG5
izmir evden eve nakliyat
ReplyDeletemalatya evden eve nakliyat
hatay evden eve nakliyat
kocaeli evden eve nakliyat
mersin evden eve nakliyat
8X1R
5FE72
ReplyDeleteAdıyaman Evden Eve Nakliyat
Kripto Para Borsaları
Çerkezköy Fayans Ustası
Tekirdağ Parke Ustası
Bartın Evden Eve Nakliyat
ED2FF
ReplyDeleteTrabzon Evden Eve Nakliyat
Muğla Şehirler Arası Nakliyat
Urfa Şehir İçi Nakliyat
Afyon Parça Eşya Taşıma
Batman Şehir İçi Nakliyat
Sakarya Parça Eşya Taşıma
Kripto Para Nedir
Çerkezköy Bulaşık Makinesi Tamircisi
Çerkezköy Evden Eve Nakliyat
338B5
ReplyDeleteUşak Evden Eve Nakliyat
Osmaniye Evden Eve Nakliyat
Sivas Lojistik
Bilecik Lojistik
Kars Şehirler Arası Nakliyat
Etimesgut Parke Ustası
Cointiger Güvenilir mi
Giresun Lojistik
Rize Evden Eve Nakliyat
D7AB4
ReplyDeletesarms
buy boldenone
order dianabol methandienone
primobolan for sale
Paribu Güvenilir mi
turinabol
Zonguldak Evden Eve Nakliyat
buy sarms
Düzce Evden Eve Nakliyat
561B3
ReplyDeletebinance komisyon indirimi
35610
ReplyDeletebinance referans kodu %20
A40F5
ReplyDeleteUşak Canlı Sohbet Et
antep rastgele görüntülü sohbet uygulaması
batman görüntülü canlı sohbet
eskişehir kadınlarla sohbet et
sivas telefonda görüntülü sohbet
Artvin Kızlarla Canlı Sohbet
bedava görüntülü sohbet
samsun bedava sohbet odaları
parasız sohbet siteleri
4C21E
ReplyDeleteClysterum Coin Hangi Borsada
Kripto Para Nasıl Üretilir
Likee App Beğeni Satın Al
Meta Coin Hangi Borsada
Sohbet
Bitcoin Giriş Nasıl Yapılır
Sohbet
Flare Coin Hangi Borsada
Bitcoin Nasıl Oynanır
BDE2A
ReplyDeletePi Network Coin Hangi Borsada
Facebook Beğeni Hilesi
Bitcoin Kazanma
Mith Coin Hangi Borsada
Kripto Para Nasıl Üretilir
Facebook Grup Üyesi Hilesi
Periscope Beğeni Satın Al
Apenft Coin Hangi Borsada
Binance Referans Kodu
DEF31
ReplyDeleteellipal web
ledger live desktop
arculus
wallet arculus
ledger
web ledger live
trezor suite web
bitbox wallet web
trezor suite
5CFFB
ReplyDeleteMenteşe
Çameli
Gevaş
Twitter Türk İfşa
Dicle
Mazgirt
Karkamış
Birecik
Besni
B5B18C6BDB
ReplyDeletetakipçi