Introduction
I set up a smb domain at home and have spent a while getting it working nicely. I thought it would be useful for others to be able to see how I have done it so have put this little site together with hopefully all the information you need. If you have any comments/problems email me (address available at forrow.com root). This is an ongoing document but I can't promise I'll keep it regularly updated, because no one ever does with personal websites. Last updated May 2004.Features
- DHCP
- Dynamic DNS for dhcp'd clients (provided by bind)
- Domain Controller (provided by samba)
- File Server (provided by samba)
- Time Server (provided by samba)
- Software RAID mirroring (provided by the kernel)
Primary Domain Controller (PDC)
- AMD k6/2 450MHz
- 3Gb Boot harddisk
- 2 * 60Gb Data Drives (mirror raided)
- Redhat Linux 9.0
- Hostname: kryten.nova.forrow.com
- Netbois Name: kryten
The following services are provided by my PDC (kryten)
DHCP
The easiest way is probably just to see my /etc/dhcpd.conf. A lot is explained in there. It assigns IPs in the 192.168.0.* range and talks to BIND to sort out the DNS for the new clientsDNS Server
Of course the dns server uses bind. Here is my /etc/named.conf. It hosts the nova.forrow.com domain forward and reverse (for my lan only) and all other requests are forwarded to my ISP's dns serversAlso, here is my /etc/resolv.conf which tells the local computer to use its local dns server, and also that its in the nova.forrow.com domain.
Below are the dns zone files for the nova.forrow.com domain forward and reverse.
Note: Most of the entries in the zone files above are entered dynamically as the dhcpd daemon assigns addresses to computers. Note that if you are using dhcp with a linux computer you must modify the ifcfg-ethX (with X is the device number) file to tell the dhcpd daemon what hostname it is. Add the line something like this: DHCP_HOSTNAME=beastSamba
This sofware talks uses the SMB protocol to talk to (in my case) windows computers. It serves files, time and logon requests. Here is my /etc/samba/smb.confBecause nova is a domain, users logon to it when they logon to windows. It then runs the novainit.bat logon script which maps network drives and copies some shortcuts to the start menu which I want to be global. You will notice it installs a .reg file to the registry. This is to rename the drive that is mapped, and is just a registry export file of 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\G'
I use the MS User/Server Manager for domains tools to administer the domain which are available here
Groups samba knows about with their mappings to Windows Groups (using 'net groupmap modify' (check the man page))
- domainadmins -> Domain Admins - A Windows built-in group. Users get administorative rights on workstations
- domainusers -> Domain Users - Your average user that may use roaming profiles
- domainguests -> Domain Guests - Restricted users. Unknown users also get mapped to domainguest who is a member of this
As an administrator I use 'domainroot' and for a guest I use 'domainguest'
Policies
I use NT stylee policy files to enforce settings on the domain. I have found some policy template files (.adm) that work with the old policy editor but to get the most policy settings you need to use the new ones which are not compatible. I have created a programme that converts the new style adm files to the old style for use with poledit. Its by no means perfect but can do a lot of conversions. I have also provided the windows 2000 template already converted
RAID
Note: I do not boot from raidI use the kernel built-in raid level 1 which mirrors the data across two harddisks which contain my data. Because the box I use is quite old the max capacity is 60Gb (that took a bios update). I partitioned the harddisks to have a single partition on each with exactly the same size using fdisk. I then set the partition type to be 'Linux auto raid' (hex 'fd') which causes the kernel to setup the array when it boots. I used this /etc/raidtab to define my array. Using the raidstart and raidstop command I can control the array. Once started the kernel creates a device (/dev/md0 in my case) which acts just like a harddisk (can be mounted) but when written to it actually writes to the two disks. If the array is stopped this device will vanish. Check the /proc/mdstat for raid status. Use the watch command to continuously monitor it (takes time performing raid operations).
I had a problem with one harddisk (bad sector) a few weeks after installing it (shown in /proc/mdstat by the 'F' flag). RAID had disabled the drive so I removed it and ran off one drive until I got a replacement. I put the new harddisk in and used the raidhotadd command to add the new disk to the array.
Tips
- If possible give your box a full hostname (FQDN (fully qualified domainname)). Execute 'hostname' to find what yours currently is or to set it. Mine is 'kryten.nova.forrow.com'. This will resolve on the LAN but not on the internet, which isn't a problem. I find this fqdn helps daemons, and stops when using localhost.localdomain.
- On a similar note, set your hosts file to have 127.0.0.1 return just localhost and localhost.localdomain. Set its LAN/WAN ip to its fqdn and possibly its shortened name. Check out mine.
- /etc/issue holds the message local logins receive
- If your box can resolve the domainnames of your connecting hosts it makes logins faster, and makes last login pretty: 'Last login: Sun May 2 13:31:05 2004 from shuttlex.nova.forrow.com'
- Use 'last' and 'lastlog' to track logins