3

Just need someone to look over my shoulder and tell me if this setup will work without any big problems down the road after I start adding users.

Current setup:

  • Ubuntu 14.0.4LTS
  • Samba 4.1.6-Ubuntu
  • External drive mounted in /etc/fstab settings as /media/Backup01 with "ntfs-3g permissions,windows_names,locale=en_US.utf8"
  • Group users defined with intended SMB users as members and group sticky bit set in folder /media/Backup01/share
  • External WINS server, for what it's worth (192.168.0.4)
  • Windows 7 and Windows 10 clients (with modified registry entries to allow them to join the domain)

ls -l /media

drwxrwxrwx 1 root root 4096 Aug 13 14:13 Backup01

ls -l /media/Backup01

drwxrwsr-x 1 nobody users 152 Aug 17 09:12 share

testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
    workgroup = DOMAINNAME
    server string = %h PDC server (Samba, Ubuntu)
    map to guest = Bad User
    obey pam restrictions = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    name resolve order = wins, lmhosts, hosts, bcast
    add machine script = /usr/sbin/useradd -N -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
    logon script = logon.cmd
    logon drive = H:
    domain logons = Yes
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    wins server = 192.168.0.4
    panic action = /usr/share/samba/panic-action %d
    idmap config * : backend = tdb
    create mask = 0664
    directory mask = 0775
[netlogon]
    comment = Network Logon Service
    path = /srv/samba/netlogon
    valid users = %S
    read only = No
    create mask = 0700
    directory mask = 0700
    guest ok = Yes
    browseable = No
[share]
    comment = Share
    path = /media/Backup01/share
    read only = No
    force create mode = 0664
    directory mask = 02775
    force directory mode = 02775

Seems to be working at the moment.

  • Workstation can join the domain with SMB root's permission to do so
  • User can map share, credentialing as DOMAINNAME\smbuser
  • User can create a test file in the root
  • Rights indicate that the user owns the file
Michael Blankenship
  • 131
  • 2

0 Answers0