Samba domain controller config
From LinuxNewbie
(Revantine) I have used this configuration for a domain controller with roaming profiles and home directories.
# smb.conf ; mkdir /home/samba/netlogon ; chmod 775 /home/samba/netlogon ; mkdir /home/samba/ntprofile ; chmod 777 /home/samba/ntprofile [global] netbios name=brahms workgroup=revantine server string = Server Description Name encrypt passwords = yes ; username aliases ; format: ; Unix_name = SMB_name1 SMB_name2 ... ; root = administrator admin username map = /etc/samba/smbusers smb passwd file = /etc/samba/smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *new*password* %n\n \ *updated*successfully* add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M \ %u;smbpasswd -a -m %u ; we should act as the domain and local master browser os level = 64 preferred master = yes domain master = yes local master = yes ; security settings (must user security = user) security = user ; encrypted passwords are a requirement for a PDC encrypt passwords = yes ; support domain logons domain logons = yes ; where to store user profiles? ; logon path = \\%L\profiles\%u\%m ; logon path = \\server_name\profiles\username\client_pc_name logon path = \\%L\profiles\%u ; Where should the user home directory be mounted? logon drive = H: ; where is a user's home directory/Win9x profile directory? logon home = \\%L\%u\.win_profile\%m ; logon ; \\netbiosname\username\.win_profile\client_pc_name ; specify a generic logon script for all users ; this is a relative **DOS** path to the [netlogon] share logon script = logon.cmd ; necessary share for domain controller [netlogon] ;path = /usr/local/samba/lib/netlogon path = /home/samba/netlogon writeable = no write list = ntadmin browsable=no ; share for storing user profiles [profiles] ;path = /export/smb/ntprofile path = /home/samba/ntprofile writeable = yes create mask = 0600 directory mask = 0700 browsable=no [homes] browsable=no writable=yes [http] comment = Web Directory path = "/home/http" read only = no guest ok = no create mask = 644 directory mask = 755 force group = nobody force user = root [games] comment = Games and Patches path = "/home/samba/games" read only = no guest ok = no create mask = 664 directory mask = 775 force group = games [public] comment = Public path = "/home/samba/public" read only = no guest ok = no create mask = 660 directory mask = 770 force group = users
