Build A Primary Domain Controller With Samba - Page 2

 By Carla Schroder
Page 2 of 2   |  Back to Page 1
Print Article

smb.conf, the Center of the Universe

Depending on which Linux distribution you have, and how Samba was installed, smb.conf can be in a number of locations. The Red Hat RPM stows it in /etc/samba, which thoughtfully contains all the Samba configuration files. No need to send out a search expedition, simply use locate:

Locate smb.conf

It is helpful to print it out and read it. It's large, but don't let that scare you- it is well-commented and contains good instructions. The Samba team provides a graphical interface, SWAT. Webmin is a nice graphical frontend with a Samba module. However, I don't recommend either of them. SWAT has a habit of re-arranging smb.conf to suit itself, and it's really not hard to get used to editing a text file. I like being able to copy & paste the whole thing. Can't do that with a GUI. One advantage of Webmin is it allows delegating specific administrative functions to other users. Nice for sharing the work, while restricting what your helpers can get into.

The structure of smb.conf is simple and logical: one part is "global", the other is "shares". Either # or ; comments out a single line. The "global" values can be smushed around in any order; however, in the interests of readability, and knowing why you did something a certain way, start with a comment, then list the values:

# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MYGROUP

More comments are more better, it's amazing how something that seemed crystal-clear turns opaque after a few weeks.

"shares" syntax is simple: each share name is enclosed in square brackets, followed by the options that apply to that share. For example:

comment = shared folder for all users
path = /shared
browseable = no
writeable = yes

Important tip to prevent mysterious errors: Values in the "shared" section override values in the "global" section. For example, Samba permits any user who correctly authenticates (usually login-password) access to listed shares. However, shares can be fine-tuned:

comment = shared folder for users of group1
path = /shared1
browseable = no
writeable = yes
valid users = janis, jimi, jim

Only Janis, Jimi, and Jim can access shared1.

Basic Steps

  1. Server and network settings
  2. Security settings
  3. Roaming profiles
  5. Netlogon
  6. User and machine accounts
  7. Configure clients

We'll cover the gritty details in Part 2.


Storage Networking Industry Association .pdf on CIFS
PC Magazine performance tests
Samba as a backup domain controller
This article was originally published on Jul 10, 2007
Get the Latest Scoop with Networking Update Newsletter