Translations by Daniel LeBlanc
Daniel LeBlanc has submitted the following strings to this translation. Contributions are visually coded: currently used translations, unreviewed suggestions, rejected suggestions.
| 155. |
Backup Domain Controller
|
|
| 2009-09-22 |
Backup Domain Controller
|
|
| 156. |
With a Primary Domain Controller (PDC) on the network it is best to have a Backup Domain Controller (BDC) as well. This will allow clients to authenticate in case the PDC becomes unavailable.
|
|
| 2009-09-22 |
With a Primary Domain Controller (PDC) on the network it is best to have a Backup Domain Controller (BDC) as well. This will allow clients to authenticate in case the PDC becomes unavailable.
|
|
| 157. |
When configuring Samba as a BDC you need a way to sync account information with the PDC. There are multiple ways of accomplishing this <application>scp</application>, <application>rsync</application>, or by using <application>LDAP</application> as the <emphasis>passdb backend</emphasis>.
|
|
| 2009-09-22 |
When configuring Samba as a BDC you need a way to sync account information with the PDC. There are multiple ways of accomplishing this <application>scp</application>, <application>rsync</application>, or by using <application>LDAP</application> as the <emphasis>passdb backend</emphasis>.
|
|
| 158. |
Using LDAP is the most robust way to sync account information, because both domain controllers can use the same information in real time. However, setting up a LDAP server may be overly complicated for a small number of user and computer accounts. See <xref linkend="samba-ldap"/> for details.
|
|
| 2009-09-22 |
Using LDAP is the most robust way to sync account information, because both domain controllers can use the same information in real time. However, setting up a LDAP server may be overly complicated for a small number of user and computer accounts. See <xref linkend="samba-ldap"/> for details.
|
|
| 159. |
First, install <application>samba</application> and <application>libpam-smbpass</application>. From a terminal enter:
|
|
| 2009-09-22 |
First, install <application>samba</application> and <application>libpam-smbpass</application>. From a terminal enter:
|
|
| 160. |
Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the following in the <emphasis>[global]</emphasis>:
|
|
| 2009-09-22 |
Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the following in the <emphasis>[global]</emphasis>:
|
|
| 161. |
In the commented <emphasis>Domains</emphasis> uncomment or add:
|
|
| 2009-09-22 |
In the commented <emphasis>Domains</emphasis> uncomment or add:
|
|
| 162. |
domain logons = yes
domain master = no
|
|
| 2009-09-22 |
domain logons = yes
domain master = no
|
|
| 163. |
Make sure a user has rights to read the files in <filename>/var/lib/samba</filename>. For example, to allow users in the <emphasis>admin</emphasis> group to <application>scp</application> the files, enter:
|
|
| 2009-09-22 |
Make sure a user has rights to read the files in <filename>/var/lib/samba</filename>. For example, to allow users in the <emphasis>admin</emphasis> group to <application>scp</application> the files, enter:
|
|
| 164. |
sudo chgrp -R admin /var/lib/samba
|
|
| 2009-09-22 |
sudo chgrp -R admin /var/lib/samba
|
|
| 165. |
Next, sync the user accounts, using <application>scp</application> to copy the <filename>/var/lib/samba</filename> directory from the PDC:
|
|
| 2009-09-22 |
Next, sync the user accounts, using <application>scp</application> to copy the <filename>/var/lib/samba</filename> directory from the PDC:
|
|
| 166. |
sudo scp -r username@pdc:/var/lib/samba /var/lib
|
|
| 2009-09-22 |
sudo scp -r username@pdc:/var/lib/samba /var/lib
|
|
| 167. |
Replace <emphasis>username</emphasis> with a valid username and <emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC.
|
|
| 2009-09-22 |
Replace <emphasis>username</emphasis> with a valid username and <emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC.
|
|
| 168. |
Finally, restart <application>samba</application>:
|
|
| 2009-09-22 |
Finally, restart <application>samba</application>:
|
|
| 169. |
You can test that your Backup Domain controller is working by stopping the Samba daemon on the PDC, then trying to login to a Windows client joined to the domain.
|
|
| 2009-09-22 |
You can test that your Backup Domain controller is working by stopping the Samba daemon on the PDC, then trying to login to a Windows client joined to the domain.
|
|
| 170. |
Another thing to keep in mind is if you have configured the <emphasis>logon home</emphasis> option as a directory on the PDC, and the PDC becomes unavailable, access to the user's <emphasis>Home</emphasis> drive will also be unavailable. For this reason it is best to configure the <emphasis>logon home</emphasis> to reside on a separate file server from the PDC and BDC.
|
|
| 2009-09-22 |
Another thing to keep in mind is if you have configured the <emphasis>logon home</emphasis> option as a directory on the PDC, and the PDC becomes unavailable, access to the user's <emphasis>Home</emphasis> drive will also be unavailable. For this reason it is best to configure the <emphasis>logon home</emphasis> to reside on a separate file server from the PDC and BDC.
|
|
| 171. |
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html">Chapter 4</ulink> of the Samba HOWTO Collection explains setting up a Primary Domain Controller.
|
|
| 2009-09-22 |
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html">Chapter 4</ulink> of the Samba HOWTO Collection explains setting up a Primary Domain Controller.
|
|
| 172. |
<ulink url="http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html">Chapter 5</ulink> of the Samba HOWTO Collection explains setting up a Backup Domain Controller.
|
|
| 2009-09-22 |
<ulink url="http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html">Chapter 5</ulink> of the Samba HOWTO Collection explains setting up a Backup Domain Controller.
|
|
| 173. |
Samba Active Directory Integration
|
|
| 2009-09-22 |
Samba Active Directory Integration
|
|
| 174. |
Accessing a Samba Share
|
|
| 2009-09-22 |
Accessing a Samba Share
|
|
| 175. |
Another, use for Samba is to integrate into an existing Windows network. Once part of an Active Directory domain, Samba can provide file and print services to AD users.
|
|
| 2009-09-22 |
Another, use for Samba is to integrate into an existing Windows network. Once part of an Active Directory domain, Samba can provide file and print services to AD users.
|
|
| 176. |
The simplest way to join an AD domain is to use <application>Likewise-open</application>. For detailed instructions see <xref linkend="likewise-open"/>.
|
|
| 2009-09-22 |
The simplest way to join an AD domain is to use <application>Likewise-open</application>. For detailed instructions see <xref linkend="likewise-open"/>.
|
|
| 178. |
sudo apt-get install samba smbfs smbclient
|
|
| 2009-09-22 |
sudo apt-get install samba smbfs smbclient
|
|
| 179. |
Since the <application>likewise-open</application> and <application>samba</application> packages use separate <filename>secrets.tdb</filename> files, a symlink will need to be created in <filename role="directory">/var/lib/samba</filename>:
|
|
| 2009-09-22 |
Since the <application>likewise-open</application> and <application>samba</application> packages use separate <filename>secrets.tdb</filename> files, a symlink will need to be created in <filename role="directory">/var/lib/samba</filename>:
|
|
| 180. |
sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig
|
|
| 2009-09-22 |
sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig
|
|
| 181. |
sudo ln -s /etc/samba/secrets.tdb /var/lib/samba
|
|
| 2009-09-22 |
sudo ln -s /etc/samba/secrets.tdb /var/lib/samba
|
|
| 182. |
Next, edit <filename>/etc/samba/smb.conf</filename> changing:
|
|
| 2009-09-22 |
Next, edit <filename>/etc/samba/smb.conf</filename> changing:
|
|
| 183. |
workgroup = EXAMPLE
...
security = ads
realm = EXAMPLE.COM
...
idmap backend = lwopen
idmap uid = 50-9999999999
idmap gid = 50-9999999999
|
|
| 2009-09-22 |
workgroup = EXAMPLE
...
security = ads
realm = EXAMPLE.COM
...
idmap backend = lwopen
idmap uid = 50-9999999999
idmap gid = 50-9999999999
|
|
| 184. |
Restart <application>samba</application> for the new settings to take effect:
|
|
| 2009-09-22 |
Restart <application>samba</application> for the new settings to take effect:
|
|
| 185. |
You should now be able to access any <application>Samba</application> shares from a Windows client. However, be sure to give the appropriate AD users or groups access to the share directory. See <xref linkend="samba-fileprint-security"/> for more details.
|
|
| 2009-09-22 |
You should now be able to access any <application>Samba</application> shares from a Windows client. However, be sure to give the appropriate AD users or groups access to the share directory. See <xref linkend="samba-fileprint-security"/> for more details.
|
|
| 186. |
Accessing a Windows Share
|
|
| 2009-09-22 |
Accessing a Windows Share
|
|
| 187. |
Now that the Samba server is part of the Active Directory domain you can access any Windows server shares:
|
|
| 2009-09-22 |
Now that the Samba server is part of the Active Directory domain you can access any Windows server shares:
|
|
| 188. |
To mount a Windows file share enter the following in a terminal prompt:
|
|
| 2009-09-22 |
To mount a Windows file share enter the following in a terminal prompt:
|
|
| 189. |
mount.cifs //fs01.example.com/share mount_point
|
|
| 2009-09-22 |
mount.cifs //fs01.example.com/share mount_point
|
|
| 190. |
It is also possible to access shares on computers not part of an AD domain, but a username and password will need to be provided.
|
|
| 2009-09-22 |
It is also possible to access shares on computers not part of an AD domain, but a username and password will need to be provided.
|
|
| 191. |
To mount the share during boot place an entry in <filename>/etc/fstab</filename>, for example:
|
|
| 2009-09-22 |
To mount the share during boot place an entry in <filename>/etc/fstab</filename>, for example:
|
|
| 192. |
//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0
|
|
| 2009-09-22 |
//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0
|
|
| 193. |
Another way to copy files from a Windows server is to use the <application>smbclient</application> utility. To list the files in a Windows share:
|
|
| 2009-09-22 |
Another way to copy files from a Windows server is to use the <application>smbclient</application> utility. To list the files in a Windows share:
|
|
| 194. |
smbclient //fs01.example.com/share -k -c "ls"
|
|
| 2009-09-22 |
smbclient //fs01.example.com/share -k -c "ls"
|
|
| 195. |
To copy a file from the share, enter:
|
|
| 2009-09-22 |
To copy a file from the share, enter:
|
|
| 196. |
smbclient //fs01.example.com/share -k -c "get file.txt"
|
|
| 2009-09-22 |
smbclient //fs01.example.com/share -k -c "get file.txt"
|
|
| 197. |
This will copy the <filename>file.txt</filename> into the current directory.
|
|
| 2009-09-22 |
This will copy the <filename>file.txt</filename> into the current directory.
|
|
| 198. |
And to copy a file to the share:
|
|
| 2009-09-22 |
And to copy a file to the share:
|
|
| 199. |
smbclient //fs01.example.com/share -k -c "put /etc/hosts hosts"
|
|
| 2009-09-22 |
smbclient //fs01.example.com/share -k -c "put /etc/hosts hosts"
|
|
| 201. |
The <emphasis>-c</emphasis> option used above allows you to execute the <application>smbclient</application> command all at once. This is useful for scripting and minor file operations. To enter the <emphasis>smb: \></emphasis> prompt, a FTP like prompt where you can execute normal file and directory commands, simply execute:
|
|
| 2009-09-22 |
The <emphasis>-c</emphasis> option used above allows you to execute the <application>smbclient</application> command all at once. This is useful for scripting and minor file operations. To enter the <emphasis>smb: \></emphasis> prompt, a FTP like prompt where you can execute normal file and directory commands, simply execute:
|
|
| 202. |
smbclient //fs01.example.com/share -k
|
|
| 2009-09-22 |
smbclient //fs01.example.com/share -k
|
|
| 203. |
Replace all instances of <emphasis>fs01.example.com/share</emphasis>, <emphasis>//192.168.0.5/share</emphasis>, <emphasis>username=steve,password=secret</emphasis>, and <emphasis>file.txt</emphasis> with your server's IP, hostname, share name, file name, and an actual username and password with rights to the share.
|
|
| 2009-09-22 |
Replace all instances of <emphasis>fs01.example.com/share</emphasis>, <emphasis>//192.168.0.5/share</emphasis>, <emphasis>username=steve,password=secret</emphasis>, and <emphasis>file.txt</emphasis> with your server's IP, hostname, share name, file name, and an actual username and password with rights to the share.
|
|
| 206. |
Likewise Open
|
|
| 2009-09-22 |
Likewise Open
|
|
| 207. |
<application>Likewise Open</application> simplifies the necessary configuration needed to authenticate a Linux machine to an Active Directory domain. Based on <application>winbind</application>, the <application>likewise-open</application> package takes the pain out of integrating Ubuntu authentication into an existing Windows network.
|
|
| 2009-09-22 |
<application>Likewise Open</application> simplifies the necessary configuration needed to authenticate a Linux machine to an Active Directory domain. Based on <application>winbind</application>, the <application>likewise-open</application> package takes the pain out of integrating Ubuntu authentication into an existing Windows network.
|
|
| 208. |
There are two ways to use Likewise Open, <application>likewise-open</application> the command line utility and <application>likewise-open-gui</application>. This section focuses on the command line utility.
|
|
| 2009-09-22 |
There are two ways to use Likewise Open, <application>likewise-open</application> the command line utility and <application>likewise-open-gui</application>. This section focuses on the command line utility.
|
|
