posted by Brian Snipes on Sat 10th Apr 2004 07:28 UTC
IconRecently I got the opportunity to setup a new lab for a small school. The server runs Linux and the workstations run WindowsXP. There are 3 levels of access on the workstations (admin, teacher, and student) and security on the workstations is based on Windows policies applied at logon.

admin - full access to workstation

teacher - almost full access to workstation - minus certain control panel functions

student - lockdown city - no network browsing, no software installation, no control panel

Workstations are joined to the Samba domain and function the same way they would in a Windows server based domain.

I will detail the steps to get a Samba lab up and running plus some caveats you may encounter.

Install Samba

This step is very distribution specific. Make sure you that the version you install is at least version 3.x and not 2.x.

Create Your Base Users And Groups

groupadd admins
groupadd teachers
groupadd students
useradd -m -s /bin/false -c "Samba Admin" -G admins administrator
useradd -m -s /bin/false -c "Samba Generic Teacher" -G teachers teacher
useradd -m -s /bin/false -c "Samba Generic Student" -G students student
smbpasswd -a administrator
smbpasswd -a teacher
smbpasswd -a student

Setup A Basic Config

a. Determine your NETBIOS server name and domain name In my example I use FS1 as the server name and 'IDOM' as the domain name. Make sure that neither contains spaces and avoiding any punctuation marks is preferable.

b. Create your share directories and permissions

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/teachers
mkdir /home/samba/software
chgrp teachers /home/samba/teachers
chgrp admins /home/samba/software
chmod 775 /home/samba/teachers
chmod 775 /home/samba/software

c. Example config

netbios name = FS1
workgroup = IDOM
passdb backend = smbpasswd
os level = 33
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes
#logon path = \\%N\profiles\%u
logon path =
#logon drive = H:
#logon home = \\homeserver\%u\winprofile
logon script = logon.bat
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
# username map = /etc/samba/smbusers
admin users = @admins
printer admin = @admins
printing = cups
load printers = yes
printcap name = /etc/printcap
# print command = lp -c -d%p -oraw; rm %s
print command = lpr -l %s
# prevent mp3 files from being stored on the server
veto files = /*.mp3/*.divx/*.eml/

comment = Home Directories
valid users = %S
browseable = No
read only = No
create mask = 0640
directory mask = 0750

path = /home/samba/netlogon
read only = yes
write list = @admins
read list = @admins, @teachers, @students

path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

comment = All Printers
path = /var/tmp
create mask = 0666
printable = Yes
guest ok = Yes
browseable = No

comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @admins, root
force group = admins
create mask = 0664
directory mask = 0775

comment = Shared area for teachers
path = /home/samba/teachers
valid users = @teachers
read list = @teachers
write list = @teachers
force group = teachers
read only = No
create mask = 0774
directory mask = 0775

comment = storage area for software and drivers
path = /home/samba/software
valid users = @teachers, @admins
admin users = @admins
read list = @teachers, @admins
write list = @admins
force group = admins
read only = No
create mask = 0774
directory mask = 0775
Table of contents
  1. "Setting up Samba, Page 1/2"
  2. "Setting up Samba, Page 2/2"
e p (0)    38 Comment(s)

Technology White Papers

See More