|
|
151.
|
|
|
sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:929(command)
|
|
|
152.
|
|
|
Change <emphasis role="italic">sysadmin</emphasis> to whichever group you prefer. Also, the user used to join the domain needs to be a member of the <emphasis>sysadmin</emphasis> group, as well as a member of the system <emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group allows <application>sudo</application> use.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:933(para)
|
|
|
153.
|
|
|
Finally, restart Samba to enable the new domain controller:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:944(para)
|
|
|
154.
|
|
|
You should now be able to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:956(para)
|
|
|
155.
|
|
|
Backup Domain Controller
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:966(title)
|
|
|
156.
|
|
|
With a Primary Domain Controller (PDC) on the network it is best to have a Backup Domain Controller (BDC) as well. This will allow clients to authenticate in case the PDC becomes unavailable.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:968(para)
|
|
|
157.
|
|
|
When configuring Samba as a BDC you need a way to sync account information with the PDC. There are multiple ways of accomplishing this <application>scp</application>, <application>rsync</application>, or by using <application>LDAP</application> as the <emphasis>passdb backend</emphasis>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:973(para)
|
|
|
158.
|
|
|
Using LDAP is the most robust way to sync account information, because both domain controllers can use the same information in real time. However, setting up a LDAP server may be overly complicated for a small number of user and computer accounts. See <xref linkend="samba-ldap"/> for details.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:979(para)
|
|
|
159.
|
|
|
First, install <application>samba</application> and <application>libpam-smbpass</application>. From a terminal enter:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:988(para)
|
|
|
160.
|
|
|
Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the following in the <emphasis>[global]</emphasis>:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/windows-networking.xml:999(para)
|
