Translations by Daniel LeBlanc
Daniel LeBlanc has submitted the following strings to this translation. Contributions are visually coded: currently used translations, unreviewed suggestions, rejected suggestions.
27. |
[share]
comment = Ubuntu File Server Share
path = /srv/samba/share
browsable = yes
guest ok = yes
read only = no
create mask = 0755
|
|
2009-09-22 |
[share]
comment = Ubuntu File Server Share
path = /srv/samba/share
browseable = yes
guest ok = yes
read only = no
create mask = 0755
|
|
31. |
<emphasis>browsable:</emphasis> enables Windows clients to browse the shared directory using <application>Windows Explorer</application>.
|
|
2009-09-22 |
<emphasis>browseable:</emphasis> enables Windows clients to browse the shared directory using <application>Windows Explorer</application>.
|
|
45. |
Resources
|
|
2009-09-22 |
Resources
|
|
51. |
Another common use of Samba is to configure it to share printers installed, either locally or over the network, on an Ubuntu server. Similar to <xref linkend="samba-fileserver"/> this section will configure Samba to allow any client on the local network to use the installed printers without prompting for a username and password.
|
|
2009-10-20 |
Another common use of Samba is to configure it to share printers, either locally or over the network, on an Ubuntu server. Similar to <xref linkend="samba-fileserver"/> this section will configure Samba to allow any client on the local network to use the installed printers without prompting for a username and password.
|
|
57. |
browsable = yes
guest ok = yes
|
|
2009-09-22 |
browseable = yes
guest ok = yes
|
|
2009-09-22 |
browsable = yes
guest ok = yes
|
|
76. |
guest ok = no
|
|
2009-09-22 |
guest ok = no
|
|
82. |
Groups
|
|
2009-09-22 |
Groups
|
|
89. |
read list = @qa
write list = @sysadmin, vincent
|
|
2009-09-22 |
read list = @qa
write list = @sysadmin, vincent
|
|
92. |
admin users = melissa
|
|
2009-09-22 |
admin users = melissa
|
|
97. |
UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0 1
|
|
2009-09-22 |
UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0 1
|
|
112. |
By default the profiles for <application>smbd</application> and <application>nmbd</application> are in <emphasis>complain</emphasis> mode allowing Samba to work without modifying the profile, and only logging errors. To place the <application>smbd</application> profile into <emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile will need to be modified to reflect any directories that are shared.
|
|
2009-09-22 |
By default the profiles for <application>smbd</application> and <application>nmbd</application> are in <emphasis>complain</emphasis> mode allowing Samba to work without modifying the profile, and only logging errors. To place the <application>smbd</application> profile into <emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile will need to be modified to reflect any directories that are shared.
|
|
113. |
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information for <emphasis>[share]</emphasis> from the file server example:
|
|
2009-09-22 |
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information for <emphasis>[share]</emphasis> from the file server example:
|
|
114. |
/srv/samba/share/ r,
/srv/samba/share/** rwkix,
|
|
2009-09-22 |
/srv/samba/share/ r,
/srv/samba/share/** rwkix,
|
|
115. |
Now place the profile into <emphasis>enforce</emphasis> and reload it:
|
|
2009-09-22 |
Now place the profile into <emphasis>enforce</emphasis> and reload it:
|
|
116. |
sudo aa-enforce /usr/sbin/smbd
|
|
2009-09-22 |
sudo aa-enforce /usr/sbin/smbd
|
|
117. |
cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r
|
|
2009-09-22 |
cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r
|
|
119. |
O'Reilly's <ulink url="http://www.oreilly.com/catalog/9780596007690/">Using Samba</ulink> is also a good reference.
|
|
2009-09-22 |
O'Reilly's <ulink url="http://www.oreilly.com/catalog/9780596007690/">Using Samba</ulink> is also a good reference.
|
|
120. |
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to security.
|
|
2009-09-22 |
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to security.
|
|
121. |
For more information on Samba and ACLs see the <ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id397568">Samba ACLs page </ulink>.
|
|
2009-09-22 |
For more information on Samba and ACLs see the <ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id397568">Samba ACLs page </ulink>.
|
|
122. |
Samba as a Domain Controller
|
|
2009-09-22 |
Samba as a Domain Controller
|
|
123. |
Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information.
|
|
2009-09-22 |
Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information.
|
|
124. |
Primary Domain Controller
|
|
2009-09-22 |
Primary Domain Controller
|
|
125. |
This section covers configuring Samba as a Primary Domain Controller (PDC) using the default smbpasswd backend.
|
|
2009-09-22 |
This section covers configuring Samba as a Primary Domain Controller (PDC) using the default smbpasswd backend.
|
|
126. |
First, install Samba, and <application>libpam-smbpass</application> to sync the user accounts, by entering the following in a terminal prompt:
|
|
2009-09-22 |
First, install Samba, and <application>libpam-smbpass</application> to sync the user accounts, by entering the following in a terminal prompt:
|
|
127. |
sudo apt-get install samba libpam-smbpass
|
|
2009-09-22 |
sudo apt-get install samba libpam-smbpass
|
|
128. |
Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. The <emphasis>security</emphasis> mode should be set to <emphasis role="italic">user</emphasis>, and the <emphasis>workgroup</emphasis> should relate to your organization:
|
|
2009-09-22 |
Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. The <emphasis>security</emphasis> mode should be set to <emphasis role="italic">user</emphasis>, and the <emphasis>workgroup</emphasis> should relate to your organization:
|
|
129. |
In the commented <quote>Domains</quote> section add or uncomment the following:
|
|
2009-09-22 |
In the commented <quote>Domains</quote> section add or uncomment the following:
|
|
131. |
<emphasis>domain logons:</emphasis> provides the netlogon service causing Samba to act as a domain controller.
|
|
2009-09-22 |
<emphasis>domain logons:</emphasis> provides the netlogon service causing Samba to act as a domain controller.
|
|
132. |
<emphasis>logon path:</emphasis> places the user's Windows profile into their home directory. It is also possible to configure a <emphasis>[profiles]</emphasis> share placing all profiles under a single directory.
|
|
2009-09-22 |
<emphasis>logon path:</emphasis> places the user's Windows profile into their home directory. It is also possible to configure a <emphasis>[profiles]</emphasis> share placing all profiles under a single directory.
|
|
133. |
<emphasis>logon drive:</emphasis> specifies the home directory local path.
|
|
2009-09-22 |
<emphasis>logon drive:</emphasis> specifies the home directory local path.
|
|
134. |
<emphasis>logon home:</emphasis> specifies the home directory location.
|
|
2009-09-22 |
<emphasis>logon home:</emphasis> specifies the home directory location.
|
|
135. |
<emphasis>logon script:</emphasis> determines the script to be run locally once a user has logged in. The script needs to be placed in the <emphasis>[netlogon]</emphasis> share.
|
|
2009-09-22 |
<emphasis>logon script:</emphasis> determines the script to be run locally once a user has logged in. The script needs to be placed in the <emphasis>[netlogon]</emphasis> share.
|
|
136. |
<emphasis>add machine script:</emphasis> a script that will automatically create the <emphasis>Machine Trust Account</emphasis> needed for a workstation to join the domain.
|
|
2009-09-22 |
<emphasis>add machine script:</emphasis> a script that will automatically create the <emphasis>Machine Trust Account</emphasis> needed for a workstation to join the domain.
|
|
137. |
In this example the <emphasis>machines</emphasis> group will need to be created using the <application>addgroup</application> utility see <xref linkend="adding-deleting-users"/> for details.
|
|
2009-09-22 |
In this example the <emphasis>machines</emphasis> group will need to be created using the <application>addgroup</application> utility see <xref linkend="adding-deleting-users"/> for details.
|
|
140. |
If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the <emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options commented.
|
|
2009-09-22 |
If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the <emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options commented.
|
|
141. |
Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis role="italic">logon home</emphasis> to be mapped:
|
|
2009-09-22 |
Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis role="italic">logon home</emphasis> to be mapped:
|
|
142. |
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
|
|
2009-09-22 |
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
|
|
143. |
When configured as a domain controller a <emphasis>[netlogon]</emphasis> share needs to be configured. To enable the share, uncomment:
|
|
2009-09-22 |
When configured as a domain controller a <emphasis>[netlogon]</emphasis> share needs to be configured. To enable the share, uncomment:
|
|
144. |
[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = yes
read only = yes
share modes = no
|
|
2009-09-22 |
[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = yes
read only = yes
share modes = no
|
|
145. |
The original <emphasis>netlogon</emphasis> share path is <filename>/home/samba/netlogon</filename>, but according to the Filesystem Hierarchy Standard (FHS), <ulink url="http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM">/srv</ulink> is the correct location for site-specific data provided by the system.
|
|
2009-09-22 |
The original <emphasis>netlogon</emphasis> share path is <filename>/home/samba/netlogon</filename>, but according to the Filesystem Hierarchy Standard (FHS), <ulink url="http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM">/srv</ulink> is the correct location for site-specific data provided by the system.
|
|
146. |
Now create the <filename role="directory">netlogon</filename> directory, and an empty (for now) <filename>logon.cmd</filename> script file:
|
|
2009-09-22 |
Now create the <filename role="directory">netlogon</filename> directory, and an empty (for now) <filename>logon.cmd</filename> script file:
|
|
147. |
sudo mkdir -p /srv/samba/netlogon
|
|
2009-09-22 |
sudo mkdir -p /srv/samba/netlogon
|
|
148. |
sudo touch /srv/samba/netlogon/logon.cmd
|
|
2009-09-22 |
sudo touch /srv/samba/netlogon/logon.cmd
|
|
149. |
You can enter any normal Windows logon script commands in <filename>logon.cmd</filename> to customize the client's environment.
|
|
2009-09-22 |
You can enter any normal Windows logon script commands in <filename>logon.cmd</filename> to customize the client's environment.
|
|
150. |
With <emphasis>root</emphasis> being disabled by default, in order to join a workstation to the domain, a system group needs to be mapped to the Windows <emphasis>Domain Admins</emphasis> group. Using the <application>net</application> utility, from a terminal enter:
|
|
2009-09-22 |
With <emphasis>root</emphasis> being disabled by default, in order to join a workstation to the domain, a system group needs to be mapped to the Windows <emphasis>Domain Admins</emphasis> group. Using the <application>net</application> utility, from a terminal enter:
|
|
151. |
sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d
|
|
2009-09-22 |
sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d
|
|
152. |
Change <emphasis role="italic">sysadmin</emphasis> to whichever group you prefer. Also, the user used to join the domain needs to be a member of the <emphasis>sysadmin</emphasis> group, as well as a member of the system <emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group allows <application>sudo</application> use.
|
|
2009-09-22 |
Change <emphasis role="italic">sysadmin</emphasis> to whichever group you prefer. Also, the user used to join the domain needs to be a member of the <emphasis>sysadmin</emphasis> group, as well as a member of the system <emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group allows <application>sudo</application> use.
|
|
153. |
Finally, restart Samba to enable the new domain controller:
|
|
2009-09-22 |
Finally, restart Samba to enable the new domain controller:
|
|
154. |
You should now be able to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server.
|
|
2009-09-22 |
You should now be able to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server.
|