. .

Daily operation for Samba

Written by at April 15, 2012

User operation

To add/delete/modify user in the DOMAIN you could using

  • Running USRMGR.exe in a domain workstation with privilege user
  • pdbedit
  • net sam set, e.g, force user to change their password

Group operation

  • Running USRMGR.exe in a domain workstation with privilege user
  • net rpc group

Windows joining the domain

Windows machine could join the domain as usual, there are no special precaution.

Samba joining the domain

Some notes for Samba domain member server. Since, Samba require physical user passwd entries exist for correct operation.

To let samba joining the domain, the samba member server should

  • install nss_ldap & configure the member server could get the user/group entries from PDC, testing it with genent group, genent passwd
  • sample smb.conf 
    [global]
  username map = /etc/samba/smbusers
  security=domain
  workgroup = EXAMPLE
  password server = *
  netbios name = server1
  wins server = 192.168.1.1
  domain master = no
  local master = no
  preferred master = no
  os level = 1
  interfaces = eth0 lo
  bind interfaces only = yes
  name resolve order = wins lmhosts hosts bcast
  winbind enum groups = yes
  winbind enum users = yes
  passdb backend = tdbsam:/etc/samba/private/passdb.tdb
  idmap backend = tdb
  idmap uid = 500001-600000
  idmap gid = 500001-600000
  idmap config EXAMPLE : backend = nss
  idmap config EXAMPLE : range = 50000-500000
  • In some extents, the local passdb backend allow the member server having local user beside of the users from domain.
  • net sam could help to create local group
  • net join