HOWTO_Add_a_gentoo_server_to_a_windows_network
Contents |
Introduction
This article will cover adding a Gentoo system to a Windows NT Style Domain as a Member Server. After this wiki you should be able to browse shares as well as set Domain user privileges to them as if the Gentoo system were a windows system. Thanks for looking.I hope it helps some one. d00msdayPr0phet-at-yahoo.com
Installing Components
Here's what you'll need Kernel support for acls.
Samba:
Your going to need to enable 2 flags for this wiki to work. We'll ask emerge. In a terminal type:
| Code: Flipping the Switches |
root # emerge -pv samba These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild N ] net-fs/samba-3.0.10 -acl +cups -debug -doc -kerberos -ldap -libclamav -mysql -oav +pam -postgres +python -quotas +readline (-selinux) -winbind -xml +xml2 14,821 kB Total size of downloads: 14,821 kB |
We are mostly concerned with -acl and -winbind. Acl will allow us to manipulate user and group permissions while winbind will allow samba to talk to your Samba or NT PDC about what Users and groups are available.
Note: The kerberos use flag may be required to join to a Windows Server 2003 domain. If you do not enable this, you may get errors containing "NT_STATUS_INVALID_COMPUTER_NAME" or errors about kerberos or signing.
So lets enable them with echo "net-fs/samba acl winbind" >> /etc/portage/package.use
| Code: Enable acl's and winbind |
root # echo "net-fs/samba acl winbind" >> /etc/portage/package.use root # emerge -pv samba These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild N ] sys-apps/attr-2.4.19 -debug +nls 101 kB [ebuild N ] sys-apps/acl-2.2.27 -debug +nls 141 kB [ebuild N ] net-fs/samba-3.0.10 +acl +cups -debug -doc -kerberos -ldap -lib clamav -mysql -oav +pam -postgres +python -quotas +readline (-selinux) +winbind -xml +xml2 14,821 kB Total size of downloads: 15,063 kB |
| Code: Building the beast!! |
root # emerge samba |
This will take a while depending on your internet connection and bogomips. :)
Configure the server
While the server is building take a look at this smb.conf. This is the template I use at most of the server I configure. The options are just a little different than that of a Samba PDC but that's another story.
| File: smb.conf |
[global]
#-------[ Net Hood Settings ]
workgroup = WORKGROUP or DOMAIN
netbios name = SERVER_NAME
server string = SERVE_COMMENT
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY
#-------[ Log Level ]
log level = 2
#-------[ Server Role Settings ]
security = DOMAIN
password server = YOUR PDC
encrypt passwords = true
#-------[NT ACL Compatability]
nt acl support = true
create mode = 0644
directory mode = 0755
#-------[ Winbind communication ]
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
#-------[ Printserver information ]
printcap name = cups
disable spoolss = yes
show add printer wizard = no
printing = cups
security mask = 0777
#-------[ Shares ]
[SHARENAME]
path = /PATH/TO/SHARE
comment = COMMENT ABOUT SHARE
browseable = yes
writeable = yes
inherit permissions = Yes
inherit acls = yes
create mask = 0644
guest ok = no
security mask = 0777
|
Now that you have the smb.conf tweaked and the server's compiled you need to edit your /etc/fstab so that the file system can use acl's. You can mess up your system so I don't recommend applying acl's to your / or system partitions. On my servers I used a completely separate disk.
| File: /etc/fstab |
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/hda1 / ext3 defaults,errors=remount-ro 0 1 /dev/hda5 none swap sw 0 0 /dev/hdc /mnt/cdrom0 iso9660 ro,user,noauto 0 0 /dev/fd0 /mnt/floppy0 auto rw,user,noauto 0 0 #---------------------------------------------------------------------# /dev/hde /mnt/warehouse ext3 defaults,acl 0 0 /dev/hdf /mnt/library ext2 defaults,acl 0 0 /dev/hdh /mnt/webserver ext3 defaults,acl 0 0 /dev/hdg /mnt/warehouse2 ext3 defaults,acl 0 0 |
Just add acl to each of the partitions in the <options> sections. now just umount /mnt/partition then mount /mnt/partition
Name Resolution
A cool way to get name resolution without using DNS or tweaking the /etc/hosts file every 15 minutes is to tweak the /etc/nsswitch.conf. You'll also need to add winbind after passwd and group and for name resolution add wins after files in the hosts line.
| File: /etc/nsswitch.conf |
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files wins dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis |
You should be able to ping by netbois name!
You can add Samba to the default run-level so that it starts on boot: rc-update add samba default
Then join the domain: net rpc join -Uroot%'passwd'
Start winbind: winbindd -B
To start winbind automatically, and winbind to the "daemon_list" in /etc/conf.d/samba.
Restart Samba: /etc/init.d/samba restart
| Code: Grab users from the PDC |
wbinfo -u wbinfo -g getent passwd getent group |
You should see some users that dont exists in your /etc/passwd. If wbinfo -u shows the domain users you're expecting, but getent passwd doesn't, check to make sure winbind enumeration is enabled in your /etc/samba/smb.conf, as it's disabled by default in recent Samba versions:
| File: smb.conf |
winbind enum users = Yes
winbind enum groups = Yes
|
| Code: Set the baseline permissions. |
chmod -R 770 /mnt/partition # Then I like to chown -R <adminish user>:<nt group> /mnt/dir groups DOMAIN\\Domain_Account # If this returns a group with a space, such as Domain Users, surround it with quotes. chown -R DOMAIN\\Domain_Account:"Domain Users" /mnt/partition |
getfacl gets the file access control list of a file or directory:
| Code: Using ACL's |
kevlar store # getfacl ../store # file: ../store # owner: root # group: lanusers user::rwx user:nixerx:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:chelsea:rwx default:group::--- default:group:lanusers:r-x default:mask::rwx default:other::--- |
To modify the permissions of this file you can use the windows security tab or you can use setfacl. Say I want to add emily as a user to the folder with rwx: setfacl -R -m u:emily:rwx /mnt/dir
| Code: See the results |
kevlar mnt # getfacl store # file: store # owner: root # group: lanusers user::rwx user:emily:rwx user:chelsea:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:nixerx:rwx default:group::--- default:group:lanusers:r-x default:mask::rwx default:other::--- |
You can add groups too: just change the u:<name> to g:group.
Browse categories > Applications > Network
Browse categories > Gentoo Linux Wiki > Wiki maintenance > Cleanup
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and real estate agent tools.