(Utilising Samba, dhcp3 and webmin)
Install Debian
- Boot PC from Debain CD
- Select Language and Location
- Select Keyboard type
- Enter Hostname – e.g. HOST1
- Enter Domain Name – e.g.WORKGROUP
- Now the Partitioner runs
- Choose Manual
- Select whole drive, enter
- Select free space, enter
- Choose Automatic
- Choose Separate /home, /usr, /var and /tmp, enter
- Finish Partitioner
- Choose YES
- Set ROOT password
- Retype ROOT password
- Set new users full name – e.g. Administrator
- Set new users username – e.g. Administrator
- Set new users password
- Retype new users password
- Debain now installs BASE SYSTEM
- Choose YES to network mirror question
- Choose country nearest to you – e.g. UK
- Choose nearest ftp site – e.g. ftp.uk.debian.org
- Enter proxy address if present, leave blank if no proxy
- Debian now loads Select and install software
- Choose YES or NO to participate in survey
- Choose just DESKTOP and STANDARD SYSTEM
- Debian now downloads the files… (Go away and have a cup of tea or three!)
- Debain now installs the files (Time for more tea!)
- If prompted not to configure USWSUSP choose NO
- Debian now installs the GRUB Boot Loader
- If this is the only OS on the system, choose YES to install to MBR
- Remove CD-ROM and enter to reboot system
- Log in with username and password set up in steps 10 and 11
- Run Software Updates
- Enter ROOT password
- Select all, click Install Updates
- If warns about reboot, click forward and reboot once completed!
- Close window
- REBOOT!
- Log in as user set in steps 10 and 11 again
- Run Software Updates again, install any if present.
- Set IP address to static
- Open Root Terminal – type nautilus
- navigate to /etc/network/
- open interfaces in text editor
- Edit and save
- Restart network #/etc/init.d/networking restart
- Edit hosts file
- #nautilus
- /etc/hosts in text editor
- Set second line to new IP
- Restart network then reboot PC
DHCP Configuration
- Turn off DHCP on router!
- Run Root Terminal
- #apt-get install dhcp3-server
- Click OK
- ignore error messages
- #nautilus
- /etc/dhcp3/ backup dhcp3.conf (dhcp3.conforig)
- open dhcp3.conf in text editor
- Change option domain_name to the same as domain name set in step 5 of Install procedure
- change option domain_name_servers to equals DNS supplied by ISP or the IP of your router
- uncomment line about authoritative
- remove everything below authoritative line
- add a subnet declaration – e.g. subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.30 192.168.2.200; option routers 192.168.2.1; }
- Save file
- Restart DHCP Server – #/etc/init.d/dhcp3-server restart
- Check no errors are returned – If there are errors look in log file to see what the problem is – #tail /var/log/messages
Samba Configuration
- Open Root Terminal
- #apt-get install samba samba-common samba-doc
- Enter Workgroup name – Use Domain Name set in step 5 of install section
- Click OK
- Choose NO to modify smb.conf for WINS server info from DHCP
- #nautilus
- /etc/samba/ – backup smb.conf to smb.conforig open smb.conf in text editor
- Edit file to be the same as example file at end of document – replacing the relevant names and settings to match your network.
- Now create machine, samba users and an admin group
- # /usr/sbin/groupadd -g 200 admins
- # /usr/sbin/groupadd -g 201 machines
- # /usr/sbin/groupadd –g 202 smbusers
- Now create the directories named in the smb.conf you just created
- # mkdir –m 0775 /home/samba /home/samba/netlogon
- # chown root.admins /home/samba/netlogon
- # mkdir /home/samba/profiles
- # chown 1757 /home/samba/profiles
- Now create machine accounts for the computers that will be on the network
- # /usr/sbin/useradd –g machines –d /dev/null –c “machine nickname” –s /bin/false test$
- Create authentication and lock password
- # passwd –l test$
- Now add machine to /etc/samba/smbpasswd
- # /usr/bin/smbpasswd –a –m test
- Repeat for each machine on the network
- Now user accounts must be created.
- First your ROOT user account needs to also exist in Samba
- # smbpasswd –a root
- New SMB password: (Not the normal root password!)
- Retype new SMB password: (e.g. sambapass)
- Now you need to create users that can access Samba from another machine you added in step 11.
- First add the UNIX user and set the password
- # /usr/sbin/useradd –g smbusers –d /home/test –s /bin/false –m test
- # passwd test
- Changing password for User test
- New UNIX Password:
- Retype UNIX password:
- password updated successfully
- Now add the new user to SMB and set the same password.
- # smbpasswd –a test
- New SMB password:
- Retype SMB password:
- Added user test.
- Repeat steps 7 – 17 for each network user.
- Run testpram to check for any errors
- # testparm
- Restart Samba for changes to take effect
- # /etc/init.d/samba restart
- Now create the profile folder for each user account you have set up in /home/samba/profiles/ and give that user and the smbusers group permissions to use the folder.
- Log onto your Windows machines as a local administrator and for Windows Xp SP1 and above, and Windows 200 SP4 and above do the following:
- Run gpedit.msc
- Navigate to Computer Configuration > Administrative Templates > System > User Profiles
- Enable the setting for “Do not check for user ownership of Roaming Profile Folders” GPO
- Turn off offline files in folder options.
- Now join your windows machines to the domain using domain_name\root, password that was set in step 12 – 3
- Restart your computer and log in as one of the users you have created in the previous steps.
- Change the location of the “My Documents” folder from the default to the H: drive.
Webmin
- Visit http://www.webmin.com and download the debain package to the desktop
- Right click downloaded package and choose “Open with “GDebi Package Installer””
- Click “Install Package”
- Open your browser and type https://localhost:10000 and log in with your ROOT username and password
- Set a UNIX user to be a webmin user and disable settings you do not want them to access.
- Set the automatic samba to unix user synchronisation settings up so that the new user can add users through webmins system users and groups and automatically create unix and samba users.
Samba.conf
# Global Parameters
[global]
# workgroup can be NT Domain Name or Workgroup name
# netbios name is the domain controllers or file servers name
workgroup = retreat_net
netbios name = SambaPDC
# server string is same as Computer description field in NT
# %v shows the version and %h shows the hostname
server string = Samba PDC %v %h
# password encryption needed for all M$ versions past 95
# set the path to samba’s password file too.
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following is needed to allow password changing from
# Windows to update the UNIX password also.
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n*Please*retype*new*password* %n\n*password*successfully*
changed*
# this tells Samba that security level must be set to user
security = user
# Samba is the domain and master browser.
os level = 65
preferred master = yes
domain master = yes
# Browser control options
local master = yes
# Enable this if you want Samba to be a domain logon server
# for Windows95 workstations
domain logons = yes
# Where to store roaming profiles for Win NT systems
# %L substitutes for the servers net bios name set earlier
# %u is the username
# the profiles share must be set below!
logon path = \\%L\profiles\%u
# define allowed subnets for security
# set to your subnet, incluse 127 for local access
hosts allow = 192.168.2., 127.
# put a cap on the log file size to stop DOS attacks making it grow to huge
sizes.
# if /var is on a separate partition this is more secure too
max log size = 50
# automatically maps the home directory of the user, can be any drive
# letter you want.
# SambaPDC is the server netbios name set above.
# specify the logon script for users to run at start up
# could set time to match server’s redirect my documents to home drive etc
logon drive = h:
logon home = \\SambaPDC\%u
logon script = set_net_time.bat
#======= Shares =========
# necessary share for domain controller
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
writable = no
share modes = no
[homes]
comment = Home Directory
browseable = no
read only = no
[profiles]
path = /home/samba/profiles
writable = yes
browseable = no
create mode = 0600
directory mode = 0700
profile acls = yes
read only = no
inherit permissions = no
inherit acls = no
inherit owner = no
csc policy = disable
Can I link this post from my blog?
You can consider me in for a Digg. Thanks for posting this on your web site!
@ Josh – Of course you can link to this.
I am an student and i am willing to publish some part of this post to my university blog,can i do so.Also just require your permit just mail me if you are happy about it. i believe this post will be helpful for the information i am requiring to publish.
@ Felecia – Feel free – just credit it back to this site please.
Im going to link to this,okay?- I have another Samba PDC tutorial on my site, please take a look at it if you have the time.
http://www.jamesben.net/?p=89
Looks good James. Thanks for the link.
Jon
When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get four emails with the same comment.
Is there any way you can remove people from that service?
Thank you!
Hi there,
To be honest those boxes are a fairly new feature which must have been added from a recent WP update. I will look into it and get back to you…
Jon