Samba Installation + Configuration

Website: http://www.samba.org
Version Used: 2.2.12
Download: http://us1.samba.org/samba/ftp/old-versions/
Provides: Authentication mechanism into Windows infrastructures

Samba is the authentication system that allows us to authenticate correctly against Windows network infrastructures (such as Windows 2003 Server Active Directories). It is recommended this component is installed even if you will primarily handle connection to Novel systems or a Linux NIS system.

Start off by un-tarring the Samba sources and changing into the Samba source directory:

./configure
--with-winbind
--with-winbind-auth-challenge
make
su
make install

The Samba configuration file needs to be manually created and the following base parameters used be used, edited to include your own workgroup. This will usually be the base part of your domain name. For example, a domain of “school.internal” would have a workgroup name of “SCHOOL”. Make it uppercase for compatibility with other parameters and to follow procedures outlined in Samba documentation. Please note that if you have a particular logon server you wish to use, replace “*” with your server name, such as “server1“. By default, Samba will connect to any logon server responds to it’s authentication request first:

touch /usr/local/samba/lib/smb.conf
vim /usr/local/samba/lib/smb.conf

and then add the following configuration options:

workgroup = SCHOOL
server string = S4 Security Server
security = domain
encrypt passwords = true
password server = *
log file = /var/log/samba/log.%m
sock options = TCP_NODELAY
syslog = 0

winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes

Now that the required options have been set in the Samba configuration, attempt to join the server to the domain and then restart the relevant services. First, let’s connect our machine into the domain:

/usr/local/samba/bin/smbpasswd �j SCHOOL �r SERVER1 �U Administrator%password

The parameters in the above connection string should be edited accordingly:

  • -j SCHOOL where “SCHOOL” is your workgroup specified previously
  • -r SERVER1 where “SERVER1” is one of your primary logon servers
  • -U Administrator%password where “Administrator” and “password” are a user with admin rights

This shouldn’t return any errors. If it does, check to ensure you have entered the correct workgroup, server name, username + password. Once this executes successfully and returns you to the prompt, restart the nmbd, smbd and winbind services:

/usr/local/samba/bin/nmbd restart
/usr/local/samba/bin/smbd restart
/usr/local/samba/bin/winbindd restart

With the services all restarted and your domain connection successful, check that the winbind service is working correctly and tied in with our domain by carrying out the following commands. The first command simply returns whether the connection to the domain is valid:

/usr/local/samba/bin/wbinfo �t

and now we’ll test the authentication of a user on your network:

/usr/local/samba/bin/wbinfo �a SCHOOL+student%password

The parameters in the above authentication string should be edited accordingly:

  • SCHOOL” is your workgroup previously defined
  • student” is a valid network username
  • password” is the corresponding password for the username provided

Everything should return OK, meaning that Samba is succesfully configured. This is the last you’ll do with Samba – when your users authenticate, they will not be asked for the workgroup, username or password unless they are using a non-MS browser. All other browsers or network infrastructures used will prompt for username and password, however the workgroup will always be stored and automatically added as part of the authentication process from Squid.

Next Step: Squid Compilation + Configuration

S4 Documentation Home

Leave a Reply

Your email address will not be published. Required fields are marked *

*

About Me

Iain Foulds, 33 years old. Originally from England, now living in Seattle. I currently work as a Senior Content Developer for Microsoft writing about Azure VMs. Gamer. Very passionate about photography. Comments and opinions expressed here are my own. More...

Categories

Archives