Por Paco Aldarias Raya

Hacer q linux haga de windows nt server: samba

Por Paco Aldarias Raya

Impreso: 5 de julio 2003

Email: pacosecun@inicia.es
Web: http://aldarias.es/pacodebian
Este documento es de libre reproducción siempre que se cite su fuente.
Realizado con:

L^ATEX

Índice General

• 1 Versiones
• 2 Introducción
• 3 El kernel
• 4 Instalación de samba
• 5 Para los alumnos
  • 5.1 Datos de los alumnos
  • 5.2 Creación de los alumnos
  • 5.3 Creación del script de inicio
  
  
• 6 Para los profesores
  • 6.1 Datos de los profes
  • 6.2 Creación de los profesores
  • 6.3 Creación del script de inicio para profes
  
  
• 7 Configuración de samba
• 8 Reinicio del demonio samba
• 9 Configurar los clientes windows
• 10 Problemas encontrados
• 11 Mejoras pendientes
• 12 Agradecimientos
• 13 Bibliografía
• Sobre este documento...

1 Versiones

• 05.07.03 Primera version v.1.0

2 Introducción

Vamos a ver como linux a través de samba puede hacer las funciones de un windows nt server.

Se parte de la base que disponemos un servidor linux debian sid con samba y una red con windows 98se.

Esto surgio con la intencion de tener un instituto donde los alumnos y profesores validaran los usuarios y tuvieran sus carpetas.

Es decir, vamos a poder:

• Crear usuarios y grupos de forma automática.
• Crear en linux un dominio nt donde validen el usuario los clientes windows 98se.
• Compartir carpetas de linux en windows segun el tipo de usuario.
• Crear unidades logicas en windows segun el tipo de usuario en el arranque.
• Actualización de la hora de los pc con windows 98 en el arranque.

3 El kernel

Debemos tener soporte para samba en el kernel.

cat /usr/src/linux-2.4.20/.config | grep SMB
CONFIG_SMB_FS=y
# CONFIG_SMB_NLS_DEFAULT is not set
CONFIG_SMB_NLS=y

4 Instalación de samba

apt-get install samba samba-common libsmbclient smbclient smbfs

Veamos las versiones y para q sirve:

 dpkg -l | grep samba
  samba          3.0.0beta1-1   a LanManager-like file and printer server fo
  samba-common   3.0.0beta1-1   Samba common files used by both the server a

 dpkg -l | grep smb
  libsmbclient   3.0.0beta1-1   shared library that allows applications to t
  smbclient      3.0.0beta1-1   a LanManager-like simple client for Unix
  smbfs          3.0.0beta1-1   mount and umount commands for the smbfs (for

5 Para los alumnos

Vamos a tener los ficheros:

• alumnos.txt : Aqui indicaremos los datos de los alumnos.
• alumnos.sh. Crea los alumnos indicados en alumnos.txt
• inicio.bat. Script que ejecutará windows al arrancar.

5.1 Datos de los alumnos

Los campos deberan estar separados por punto y coma.

Este fichero contendrá:

• campo1: grupo del alumnos.
• campo2: nombre completo del alumno
• campo3: usuario q tendra q poner el alumno
• campo4: clave o password del alumno.
• campo5: telefono
• campo4: email

Veamos un ejemplo:

cat alumnos.txt
grupo1;nombre1;usuario1;c1;9638004533;paco@correo.es;
grupo1;nombre;usuario2;c1;96333333;asdfa@a.es;
grupo2;nombre3;usuario3;c1;566666666;a@a.es;

5.2 Creación de los alumnos

cat alumnos.sh
#!/bin/bash
# Script q crea alumnos con sus grupos para uso de samba
# Usa el fichero alumnos.txt q tiene el formato:
#       grupo;nombre;usuario;password;clave;tel;email;
# Usa el fichero inicio.bat q le indica al windows q comparte, contiene:
#       net use i: \home
#       net use j: \\servidor\compartido
# alumnoc : contiene usuario:clave

ac=alumnoc.txt
lineas=`wc -l < alumnos.txt`
rm -f alumnoc.txt
if [ ! -d /home/alumnos ]; then
echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
echo creando el directorio /home/alumnos ....
echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

mkdir /home/alumnos
chmod 755 /home/alumnos
chown root.root /home/alumnos

fi

I=1
while [ $I -le $lineas ]
do
linea=`sed -n ${I}l alumnos.txt`
login=`echo $linea | cut -d";" -f3`
if grep  "^${alumno}:" /etc/passwd
then
        echo Ye Existe el login: $login
else
        grupo=`echo $linea | cut -d";" -f1`
        nombre=`echo $linea | cut -d";" -f2`
        pass=`echo $linea | cut -d";" -f4`
        if [ ! -d /home/alumnos/$grupo ];
        then
                groupadd $grupo
                echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                echo Creando el directorio /home/alumnos/$grupo
                echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                mkdir /home/alumnos/$grupo
                chmod 755 /home/alumnos/$grupo
                chown root:$grupo /home/alumnos/$grupo
                cp /etc/samba/netlogon/inicio.bat /etc/samba/netlogon/$grupo.bat
        fi
        echo Creando el alumno $login
        mkdir /home/alumnos/$grupo/$login
        chmod 755 /home/alumnos/$grupo/$login
        useradd -g $grupo  -d /home/alumnos/$grupo/$login -c $nombre $login
        chown $login:$grupo /home/alumnos/$grupo/$login
        echo $login:$clave | chpasswd
        echo -e $pass\\n$pass\\n | smbpasswd -as $login
fi
I=`expr $I + 1`
done

Deberemos dar permisos de ejecución al fichero:
chmod 700 alumnos.sh

Lo lanzaremos como root asi: ./alumnos.sh

5.3 Creación del script de inicio

Este fichero debe tener formato msdos, es recomendable crearlo con worpad de windows y luego copiarlo en /etc/samba/netlogon/.

Este script permite poner en hora la maquina windows y crear unidades lógicas.

cat /etc/samba/netlogon/inicio.bat

echo Poniendo en hora ....
net time \\pacohost /set /yes
net use i: /home
net use s: \\pacohost\software

6 Para los profesores

Vamos a tener dos ficheros:

• profes.txt : Aqui indicaremos los datos de los alumnos
• profes.sh. Crear los alumnos indicados en alumnos.txt
• profes.bat. Scrip que ejecutará windows al arrancar.

6.1 Datos de los profes

Los campos deberan estar separados por punto y coma.

Este fichero contendrá:

• campo1: departamento
• campo2: usuario
• campo3: nombre completo del profesor
• campo4: clave o password del profe
• campo5: telefono
• campo4: email

Veamos un ejemplo:

cat profes.txt

depinf;prof1;Pepe;c1;963805623;asdfasdf@a.es;
depinf;prof2;Juan;c1;965663215;asdfasdf@afff.es;
depeco;prof3;Antonio;c1;125648999;asdfasdf@aasd.es;

6.2 Creación de los profesores

cat profes.sh

#!/bin/bash
TOT=`wc -l < profes.txt`
I=1
while [ $I -le $TOT ]
do
linea=`sed -n ${I}l profes.txt`
usu=`echo $linea | cut -d";" -f2`
if grep  "^${usu}:" /etc/passwd
   then
      echo "El profe: " $usu " ya existe"
   else
        dep=`echo $linea | cut -d";" -f1`
        usu=`echo $linea | cut -d";" -f2`
        nombre=`echo $linea | cut -d";" -f3`
        clave=`echo $linea | cut -d";" -f4`
        if [ ! -d /home/profes ];
        then
                groupadd profes
                echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                echo Creando el directorio /home/profes
                echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                mkdir /home/profes
                chmod 755 /home/profes
                chown root.profes /home/profes
        fi

        if [ ! -d /home/profes/$dep ];
        then
                groupadd $dep
                echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                echo Creando el directorio /home/profes/$dep
                echo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
                mkdir /home/profes/$dep
                chmod 755 /home/profes/$dep
                chown root.profes /home/profes/$dep
        fi

        mkdir /home/profes/$dep/$usu
        chmod 755 /home/profes/$dep/$usu
        useradd -g profes -d /home/profes/$dep/$usu -c $nombre $usu
        chown $usu.profes /home/profes/$dep/$usu
        echo -e $clave\\n$clave\\n | smbpasswd -as $usu
        echo $usu:$clave | chpasswd
        echo Creado profesor con login: $usu  Nombre:  $nombre
   fi
I=`expr $I + 1`
done

Deberemos dar permisos de ejecución al fichero:
chmod 700 profes.sh

Lo lanzaremos como root asi: ./profes.sh

6.3 Creación del script de inicio para profes

Este fichero debe tener formato msdos, es recomendable crearlo con worpad de windows y luego copiarlo en /etc/samba/netlogon/

Este script permite poner en hora la maquina windows y crear unidades lógicas.

Los porfesores tiene más unidades logicas y más permisos.

cat /etc/samba/netlogon/profes.bat

echo Poniendo en hora ....
net time \\pacohost /set /yes
net use h: /home
net use s: \\pacohost\software
net use p: \\pacohost\profes
net use l: \\pacohost\alumnos
net use t: \\pacohost\tmp

7 Configuración de samba

cat /etc/samba/smb.conf
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = DSIC
   netbiosname = pacohost

# server string is the equivalent of the NT Description field
   server string = Servidor Samba Dep Informàtica

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
  hosts allow = 192.168.0. 127.

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   #printcap name = /etc/printcap
   load printers = No

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
  # printing = lprng

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
#   security = user
        security = user

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>


# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
   encrypt passwords = true
   smb passwd file = /etc/samba/smbpasswd

# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

  time server = Yes

# Unix users can map to different SMB User names
;  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /etc/samba/smb.conf.%m

# This parameter will control whether or not Samba should obey PAM's
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes

;  obey pam restrictions = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Configure remote browse list synchronisation here
#  request announcement to, or browse list sync from:
#       a specific host or from / to a whole subnet (see below)
;   remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
;   remote announce = 192.168.1.255 192.168.2.44

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no
 local master = yes

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
    logon script = %G.bat

# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U
        logon path = \\%L\netlogon\

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
   wins server = 192.168.0.1

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no

# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
;  preserve case = no
;  short preserve case = no
# Default case is normally upper case for all DOS files
;  default case = lower
# Be very careful with case sensitivity - it can break things!
;  case sensitive = no

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775

# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user


# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /home/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/local/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765


# Recursos compartidos
[profes]
        comment = Profesores
        path = /home/profes
        valid users = +profes
        write list = +profes
        force group = %G
        create mask = 0775
        directory mask = 0775

[alumnos]
        comment = Directorio personal de los alumnos
        path = /home/alumnos
        valid users = +profes
        force user = root

[software]
        comment = Software
        path = /compartido/software
        write list = +profes
        force group = %G
        create mask = 0775
        directory mask = 0775
        guest ok = Yes
        browseable = Yes

[netlogon]
        comment = Net
        path= /etc/samba/netlogon
#        guest ok = Yes
        writeable = No
        browsable = no
        public = no

[tmp]
        comment = Temporaly
        path=/tmp
        read only = No
        public = Yes

[home]
        comment = Directori personal del usuari %U
        path = %H
        username = %U
        read only = No
        only user = Yes
        browseable = No

8 Reinicio del demonio samba

Una vez configurado samba debemos reiniciarlo:

Arranque del demonio:
/etc/init.d/samba restart

9 Configurar los clientes windows

Debemos ir a Inicio-Configuración - Panel de control - Red - Clientes para redes Microsoft.

• Activar: Iniciar sesión en dominio de windows nt.
• Poner en Domnio para windows nt: dsic

Reiniciaremos, windows y al iniciar de nuevo, deberemos comprobar q todo funciona.

Nota: Cabe indicar q el grupo de trabajo que se le indica en smb.conf, corresponde con el dominio de nt.

10 Problemas encontrados

1. El script de inicio en windows, no me lo cogia, pq debia ser formato msdos.
2. La orden adduser no permite pasarle en debian el password, por lo q tube, q usar chpasswd

11 Mejoras pendientes

1. Asignarles una quota de disco a cada usuario. Esto se puede hacer poniendo:
   

   edquota -p al055 $alumno
   

2. Activar el nis, para validar usuarios, y el nfs para compartir las carpetas en linux.

12 Agradecimientos

1. A Enrique Molinero. emolinero@hotmail.com que me paso unos scripts similares pero para red hat. Los cuales tube q retocar pq no funcionaban en debian.
2. A los amigos de las news es.comp.os.linux.programacion, por la ayuda dada.

13 Bibliografía

1. Pagina oficial:
   http://www.samba.org
2. Ubicación de este documento:
   http://aldarias.es/pacodebian
3. Usando Samba: Robert Eckstein, David Collier-Brown, Peter Kelly Primera Edición, Noviembre 1999 1-56592-449-5, 416 págs. Traducción: PROYECTO S.O.B.L.
   http://www.sobl.org

Sobre este documento...

Hacer q linux haga de windows nt server: samba

This document was generated using the LaTeX2 HTML translator Version 2K.1beta (1.48)

Copyright © 1993, 1994, 1995, 1996, Nikos Drakos, Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999, Ross Moore, Mathematics Department, Macquarie University, Sydney.

The command line arguments were:
latex2html sambant -no_subdir -split 0 -local_icons 1 -show_section_numbers

The translation was initiated by on 2003-07-05