Introduction
1.1 Conventions used in the Book
1
1
1.1.1 Command line vs. graphical administration
1
1
1.1.2 Font
2
2
1.2.1 Input long commands
2
2
1.2.2 Screenshots
2
2
1.2.3 Internet references
3
3
1.2.4 Icons
3
3
1.2.5 Linux-Distributions
3
3
Basic
2.1 The SMB protocol
6
6
2.2 The NetBIOS protocol
7
7
2.3 What has changed in Samba?
8
8
Installing Samba
3.1 Installation Types
18
18
3.1.1 Installing a Domain Controller from Distribution Packages
18
18
3.1.2 Installing a File Server from Distribution Packages
18
18
3.1.3 Compiling Samba from Source
19
19
3.1.4 Installing SerNet Packages
19
19
3.2 Installation Instructions
20
20
3.2.1 Installing SerNet Packages
21
21
Setting up the first domain controller
4.1 General information about setting up the domain controller
24
24
4.1.1 Database format
25
25
4.1.2 Preparations for the first domain controller
26
26
4.2 Configuring the first domain controller
28
28
4.2.1 Part 1 with the internal DNS server (interactive)
29
29
4.2.2 Part 1 with the internal DNS server (via parameters)
29
29
4.2.3 After provisioning with the internal DNS
32
32
4.3 Configuring the first domain controller (DC part 2)
32
32
4.4 Testing the domain controller
36
36
4.4.1 Testing the processes
36
36
4.4.2 Testing the server ports
38
38
4.4.3 Testing the DNS server
39
39
4.4.4 Testing the connection
40
40
4.4.5 Testing the Kerberos server
40
40
4.4.6 Testing the LDAP server
42
42
4.5 Configuring the time server
43
43
4.6 Change certificates
45
45
4.6.1 Creating self-signed certificates
46
46
4.6.2 Switching to your own certificate
51
51
4.7 Migration of the function level
51
51
User management
5.1 User and group management via the command line
56
56
5.1.1 Managing groups via the command line
57
57
5.1.2 Managing users via the command line
64
64
5.1.3 Changing and searching for users with the ldb-tools
72
72
5.2 The Remote Server Administration Tools (RSAT)
77
77
5.2.1 User and group management with the RSAT
77
77
5.3 User and group management with LAM
79
79
5.3.1 Installing LAM
79
79
5.3.2 Configuring the LAM
81
81
5.3.3 Working with the LAM
86
86
Group policie
6.1 Group policies – Basics
89
89
6.2 Managing GPOs with the RSAT
91
91
6.2.1 Getting started with the Group Policy Editor
92
92
6.2.2 Creating a group policy
93
93
6.2.3 Linking the group policy to an OU
96
96
6.2.4 Moving users and groups
99
99
6.3 GPOs via the command line
101
101
6.3.1 Repairing the ACLs of group policies
103
103
6.3.2 Backing up the GPOs
104
104
6.3.3 Checking group policy replication
106
106
Managing domain controllers
7.1 Installing the new DCs
109
109
7.1.1 Configuring the DNS server
110
110
7.2 Configuring the second DC
115
115
7.2.1 Testing the new domain controller
119
119
7.2.2 New certificates
126
126
7.3 Replication of the sysvol share
127
127
7.3.1 Testing the FSMO role
128
128
7.3.2 Setting up rsync on the PDC master
128
128
7.3.3 Configuration of all other DCs
130
130
7.3.4 Setting up a Cron job
132
132
7.3.5 Adjusting the smb.conf on the client DCs
133
133
7.4 The FSMO roles
133
133
7.4.1 Managing FSMO roles with samba-tool
136
136
7.4.2 Listing all roles
136
136
7.4.3 Transferring the FSMO roles
137
137
7.5 Removing an active domain controller
141
141
7.6 Removing a failed domain controller
142
142
7.7 Sites and services
148
148
7.8 Managing deleted objects
153
153
7.9 The read-only domain controller
156
156
7.9.1 Installing the RODC
157
157
7.9.2 Managing users on an RODC
1608
1608
Fail-safe DHCP server
8.1 The first DHCP server
166
166
8.1.1 Preparations for the first DHCP server
166
166
8.1.2 Configuring the first DHCP server
176
176
8.1.3 Configuring the second DHCP server
179
179
8.1.4 Deactivating automatic DNS entries
186
186
Additional servers in the domain
9.1 Setting up a Linux file server
189
189
9.2 ID mapping
190
190
9.3 Setting up the file server
191
191
9.3.1 Basic configuration of the file server
191
191
9.4 Configuration via the registry
196
196
9.5 The registry database
198
198
9.6 The net conf
201
201
Managing shares
10.1 Share management via smb.conf
208
208
10.2 Managing shares via the registry
210
210
10.2.1 Creating a share in the registry
212
212
10.2.2 Accessing a share from the registry
214
214
10.2.3 Extending a share in the registry
216
216
10.2.4 Backing up the share settings from the registry
217
217
10.2.5 Deleting a share from the registry
218
218
10.2.6 Restoring shares in the registry
218
218
10.3 Sharing home directories
219
219
10.3.1 Setting up server based profiles
222
222
10.4 General shares
224
224
10.4.1 Administrative shares
225
225
10.4.2 Creating a share in Windows
227
227
10.4.3 A share with hide unreadable
235
235
10.4.4 A share with a network recycle bin
237
237
10.5 Further sharing options
238
238
10.5.1 Read-only for a specific period of time
239
239
10.5.2 The VFS module WORM
239
239
10.6 Assigning shares via group policies
240
240
10.6.1 Creating a structure
240
240
10.6.2 Creating the group policy
242
242
10.6.3 Testing on the console
247
247
10.7 GPO for profiles and folder redirection
251
251
10.7.1 Create and assign base folders via GPO
251
251
10.7.2 Setting up server-stored profiles via GPO
255
255
10.7.3 Folder redirection via GPOs
257
257
10.7.4 Limit profile size using a GPO
260
260
The filesystem
11.1 File system permissions
263
263
11.1.1 Inheritance of permissions
263
263
11.1.2 Disabling inheritance
266
266
11.1.3 change owner
270
270
11.2 file-systemquotas
272
272
11.2.1 Installing and activating the quotas
273
273
11.2.2 manage quota entries
275
275
Managing clients in the domain
12.1 Adding a Windows client to the domain
279
279
12.2 Adding a Linux client to the domain
281
281
12.2.1 Installation and configuration
281
281
12.2.2 Setting up smb.conf
282
282
12.3 Access from Linux clients to Samba shares
289
289
12.3.1 Logging in with a graphical user interface
292
292
12.3.2 Caching of login information
293
293
12.4 Linux clients and group policy
294
294
12.4.1 Installing the ADMX files
295
295
12.4.2 Creating a LinuxGPO
296
296
12.5 The macOS client
303
303
12.5.1 Basics for macOS clients
305
305
12.5.2 The first share for macOS clients
307
307
Clusters with CTDB
13.1 Preparing the systems
309
309
13.2 GlusterFS
311
311
13.2.1 Clients and protocols
312
312
13.2.2 The different modes
313
313
13.2.3 Installing the Gluster packages
314
314
13.2.4 Configuring the nodes
315
315
13.2.5 Setting up the bricks
317
317
13.2.6 Setting up the volume
318
318
13.2.7 Using the volume
321
321
13.2.8 The quorum
324
324
13.2.9 Setting up the client quorum
326
326
13.2.10 Replacing a node
328
328
13.2.11 Replacing a failed brick
331
331
13.2.12 Expanding the volume
333
333
13.2.13 Glustersnapshots
336
336
13.3 Dispersed-Volume
342
342
13.3.1 Preparing the setup
343
343
13.3.2 Replacing a brick from a dispersedvolume
346
346
13.3.3 Snapshot in Dispersed Volume
346
346
13.4 Geo replication
346
346
13.4.1 Setting up the primary volume
349
349
13.4.2 Disaster recovery of a geo replication
353
353
13.4.3 Replacing a node
354
354
13.4.4 Extending a volume
355
355
13.4.5 Time-dependent Geo replication
355
355
13.5 CTDB
355
355
13.5.1 Installing the software
356
356
13.5.2 Installing the Kerberos client
357
357
13.5.3 Create entries in the DNS server
357
357
13.5.4 Configuring CTDB
359
359
13.5.5 Creating the configuration for Samba
365
365
13.5.6 Starting and testing the CTDB cluster
367
367
13.5.7 The onnode command
369
369
13.5.8 Users and shares
372
372
Schema extension
14.1 Preparing for installation
383
383
14.2 Creating additional attributes
384
384
Backing up databases
15.1 Backing up the databases
389
389
15.1.1 Options for backing up databases
390
390
15.2 Restoring the domain
394
394
15.2.1 Conclusion on recovery
397
397
15.2.2 Restoring the domain from the backup
397
397
Trust relationships
16.1 Trust relationship between two forests
402
402
16.1.1 Setting up the domains
402
402
16.2 Setting up a DNS proxy
403
403
16.2.1 Installation and configuration
404
404
16.2.2 Conversion on the domain controllers
405
405
16.3 Setting up the trust relationships
408
408
16.4 The Windows client
414
414
16.5 The Linux client
415
415
16.6 Management of namespaces
420
420
16.7 Setting up namespaces
421
421
Managing Samba 4 via the command line
17.1 New features since Samba 4.15
425
425
17.2 The samba-tool command
426
426
17.2.1 samba-tool computer
427
427
17.2.2 samba-tool contact
427
427
17.2.3 samba-tool dbcheck
427
427
17.2.4 samba-tool drs
429
429
17.2.5 samba-tool dsacl
433
433
17.2.6 samba-tool fsmo
433
433
17.2.7 samba-tool gpo
433
433
17.2.8 samba-tool group
435
435
17.2.9 samba-tool ldapcmp
435
435
17.2.10 samba-tool ntacl
437
437
17.2.11 samba-tool sites
437
437
17.2.12 samba-tool user
438
438
17.2.13 samba-tool service-account
438
438
17.2.14 Summary
439
439
17.3 The net command
439
439
17.3.1 net rpc
439
439
17.3.2 net ads
439
439
17.3.3 net status
440
440
17.3.4 Summary
440
440
17.4 The smb commands
441
441
17.4.1 smbclient
441
441
17.4.2 smbstatus
446
446
17.4.3 Summary
446
446
17.5 Scripts
447
447
17.5.1 Creating users
447
447
17.5.2 Changing users
450
450
17.5.3 Removing deleted objects
455
455
17.6 Conclusion on the command line
457
457
Migrating an existing domain
18.1 Migration from Samba
459
459
18.1.1 Migrating a tdb backend domain
460
460
18.1.2 Migrating users and groups from an OpenLDAP
466
466
18.2 Migrating a Windows server
472
472
18.2.1 Creating and checking DNS entries
472
472
18.2.2 Move global catalog
473
473
18.2.3 Transferring the FSMO roles
473
473
18.2.4 Checking the group policies
475
475
Samba 4 as a print server
19.1 Preparations
478
478
19.1.1 Privileges for printer management
478
478
19.2 Preparing the CUPS printing system
480
480
19.3 Setting up shares
482
482
19.3.1 Setting up a printer with CUPS
484
484
19.4 Uploading the printer drivers
488
488
19.5 Assigning the printer driver
490
490
19.6 Connecting to the printer
493
493
19.7 Group policies for printers
493
493
19.7.1 Group policies for unsigned printer drivers
494
494
19.7.2 Group policy for printer assignment
497
497
Virus scanner on the file server
20.0.1 Setting up ClamAV
501
501
20.0.2 EICAR test signature
503
503
20.0.3 Setting up clamd
505
505
20.1 Samba and virus filter
506
506
Using the Kerberos server
21.1 Setting up the ssh server
509
509
21.2 Setting up the client
510
510
21.3 Setup for the Apache web server
512
512
Firewall and security
22.1 Firewall
515
515
22.1.1 Ports on a domain controller
515
515
22.1.2 Ports on a file server
517
517
22.2 Security
520
520
22.2.1 Securing the operating system
520
520
22.2.2 Securing the Samba service
521
521
23 Troubleshooting help………………………………………..
23.1 Installation and configuration errors
524
524
23.1.1 The first domain controller
525
525
23.1.2 The second domain controller
529
529
23.1.3 Replication of the sysvol share
531
531
23.1.4 The file server
533
533
23.2 Errors during operation
537
537
23.2.1 Replication errors
537
537
23.2.2 Permission problems with ACLs
538
538
23.2.3 Unequal time on the domain controllers
540
540
23.2.4 Errors in the CTDB cluster
541
541
23.3 Log file analysis
543
543
23.3.1 Log file analysis on the domain controller
543
543
23.3.2 Log file analysis on the file server
545
545
Security in the Samba environment
24.0.1 Protected Users security group
553
553
24.0.2 Authentication Policies and Silos
555
555
24.0.3 Kerberos Armoring
564
564
24.0.4 Time-limited access
565
565
24.0.5 BSI Basic Protection
572
572
Setup with Ansible
25.1 Preliminary considerations
575
575
25.1.1 The environment
577
577
25.1.2 The Inventory
577
577
25.2 The first domain controller
578
578
25.2.1 Variables for the domain controllers
579
579
25.2.2 The tasks
581
581
25.3 Setting up a file server with Ansible
582
582
25.3.1 After installing all servers
584
584
Samba in a Linux environment
26.1 Setting up CTDB
588
588
26.2 Setting up NFSv3
589
589
26.2.1 The NFSv3 client
592
592
26.3 NFSv4 – what is different?
593
593
26.3.1 Setting up NFSv4
594
594
26.3.2 Setting up CTDB for NFSv4
595
595
26.3.3 Testing on the client
596
596
26.4 NFS locks
597
597
26.4.1 NFSv3
598
598
26.4.2 NFSv4
599
599
26.4.3 File locking on the client
601
601