Remote Samba server with PDC authentication
Samba
SME Versions Supported: v5.x - - Contribs.org certified on: v
| Nav Bar | Documentation | How-to Classification | Samba | Remote Samba server with PDC authentication |
|---|---|---|---|---|
| Comments | Please add your comments about this How To |
|||
Author(s): Sean Gray
Contributor(s):
License: GPL
| Created: | date | Last updated: | date |
|---|
This wiki page has been prepared by Contribs Doc Team
About this How To
Summary: Remote Samba server with PDC authentication. Sets up a remote E-smith box to coallate browse lists and passes authentication to the E-smith PDC at the main site.
Keywords: Samba, PDC
Tips:
Known Limitations and Caveats: Users and Groups need to exist locally in order to browse locally
Note: This is a .sh bash script and not a How To, although it is so clear in its organization that it is like one. It was listed in the "Contributed HOWTO Documents" at e-smith.org. It looks like one would run the script on a system intended to become a BDC (with associated dependant network)and tie into a situation where a PDC+network already exists. The entire script is quoted below. If anyone cares to provide a fuller description of its purpose and application, we will post it here. Thanks!
Downloads: 
http://www.e-smith.org/docs/howto/contrib/sambapdc.sh%%%
How To
#!/bin/bash # Author: Sean Gray <me@seangray.com> # Title: Remote Samba server with PDC authentication # Name: remotesamba # E-smith Release: 5.* # License: GPL # Description: Sets up a remote E-smith box to coallate browse lists and passes # authentication to the E-smith PDC at the main site. # Notes: Why do this? # My client needed a way to improve network performance at a remote location # connected via vpn. I decided to add a second samba box at the remote site and # chose E-smith for the easy administration. Most of the file serving is from # the main site with only a small number of users wanting to put files on the # remote server, in fact it was some Access database stuff that would have been # really slow across the WAN. We also wanted to keep most if not all of the # administration at the main site. # Our performance increase comes mainly through squid in a double proxy # configuration. First the remote side proxies through the E-smith and it's # parent is the E-smith at the main site. This also gives us the bonus of # forcing the remote users to authenticate to the proxy and have their content # filtered like the main site. # Network browsing is also much better. With this configuration both sides # of the WAN can browse all machines in the Network Ghetto. In addition, all # authentication is done from the main site as well as logon scripts etc. # The only gotcha is with file sharing on the remote E-smith. Even though the # E-smith at the main site will authenticate users to the remote E-smith, the # Unix permissions are such that users and/or groups have to exist locally in # order to use the resource. I have given a little thought to this and it # should be possible using such tools as rsync, NIS, or LDAP. Maybe the Mitel # folks could give us LDAP authentication in 6.0 as a Christmas present :) # For my purposes here since we only have a small portion of the remote user # base sharing common files we will just add the ten or fifteen users manually # to the remote E-smith. # # Copy this file to your remote E-smith, make it executable and run it. # Define the following variable for your setup, or run the commands at the # command line. # DOMAIN=FUNKYDOM # Windows domain name SAMBAPDC=EUSTACE # Main site E-smith SAMBAPDCIP=172.16.3.10 # Main site E-smith IP address ADMINPASS=hackme123 # Admin password (don't leave it in here after!) # MAIN SERVER SIDE INSTRUCTIONS # Do nothing! # # REMOTE SERVER SIDE # Setup in workgroup mode through server manager. # # Join domain... smbpasswd -j $DOMAIN -r $SAMBAPDC -U admin%$ADMINPASS # Make directory for custom fragments and go there... mkdir -p /etc/e-smith/templates-custom/etc/smb.conf cd /etc/e-smith/templates-custom/etc/smb.conf # Make fragments... echo "domain master = no" > 11domainMaster echo "guest ok = yes" > 11guestOk echo "local master = yes" > 11localMaster echo "os level = 65" > 11osLevel echo "password server = $SAMBAPDC" > 11passwordServer echo "preferred master = yes" > 11preferredMaster echo "security = domain" > 11security echo "" > 11smbPasswdFile echo "wins server = $SAMBAPDCIP" > 11winsServer # We should really be able to set our WINS support status or address with the following command: # /sbin/e-smith/db dbfile setprop smb WINSServer $SAMBAPDCIP # But on my install it did not work. This sucks because it forces us to edit dhcpd.conf fragments as well. # Make directory for custom fragments and go there... mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf cd /etc/e-smith/templates-custom/etc/dhcpd.conf # Make fragments... echo " option netbios-dd-server $SAMBAPDCIP;" > 25NetbiosDDServer echo " option netbios-name-servers $SAMBAPDCIP;" > 25NetbiosNameServers echo " option netbios-node-type 8;" > 25NetbiosNodeType # Expand templates... /sbin/e-smith/expand-template /etc/smb.conf /sbin/e-smith/expand-template /etc/dhcpd.conf # Restart daemons /etc/init.d/smbd restart /etc/init.d/dhcpd restart exit
| Nav Bar | Documentation | How-to Classification | Samba | Remote Samba server with PDC authentication |
|---|---|---|---|---|
| Comments | Please add your comments about this How To | |||
Feedback
Remote Samba server with PDC authentication Feedback Add your comments to this page.
Wiki Links List
 Page Name |
Hits |
|---|---|
| Remote Samba server with PDC authentication Feedback | 441 |
| Samba | 3593 |