Microsoft Windows™ interoperability is provided by Samba . To install it, select the File Server module, or any other module that requires it.
NethServer configures Samba to act in a Windows network according to its role. You can choose the role from the Server Manager, in thepage.
Currently the following roles are available:
- Primary Domain Controller
- Active Directory Member
The differences between these roles concern where user database is stored and which hosts can access it. The user database contains the list of users of the system, their passwords, group membership and other informations.
In this role NethServer use only its own local user database. Only local users can access its resources, by providing the correct user name and password credentials. This is the behaviour of a Windows standalone workstation.
Primary Domain Controller
When acting as Primary Domain Controller (PDC), NethServer emulates a Windows 2000/NT domain controller, by providing access to the local user database only from trusted workstations. People can log on any trusted workstation by typing their domain credentials, then have access to shared files and printers.
Active Directory member
In this role NethServer becomes a trusted server of an existing Active Directory domain. When accessing a resource from a domain workstation, user credentials are checked against a domain controller, and the access to the resource is granted.
When acting as a workstation, NethServer registers itself as member of
the Windows workgroup specified by the Workgroup
name field. The default value is
From the other hosts of the Windows network, NethServer will be listed in Network resources, under the node named after the Workgroup name field value.
As stated before, to access the server resources, clients must provide the authentication credentials of a valid local account.
Primary domain controller¶
The Primary Domain Controller (PDC) is a centralized place where users and hosts accounts are stored. To setup a Windows network where NethServer acts in PDC role follow these steps.
From the Server Manager, Primary Domain Controller, then SUBMIT the change.page, select
The Domain name by default is assumed to be the second domain part of the host name in capital letters (e.g. if the FQDN server host name is
server.example.comthe default domain name will be
EXAMPLE. If the default does not fit your needs, choose a simple name respecting the rules:
- length between 1 and 15 characters;
- begin with a letter, then only letters, numbers, or the minus
- only capital letters.
For more informations refer to Microsoft Naming conventions .
For each workstation of the Windows network, join the new domain. This step requires privileged credentials. In NethServer, members of the
domadminsgroup can join workstations to the domain. Moreover,
domadminsmembers are granted administrative privileges on domain workstations. By default, only the
adminuser is member of the
Some versions of Windows may require applying a system registry patch to join the domain. From the Server Manager, follow Client registry settings link to download the appropriate
.regfile. Refer to the official Samba documentation  for more informations.
Active Directory member¶
The Active Directory member role (ADS) configures NethServer as an Active Directory domain member, delegating authentication to domain controllers. When operating in ADS mode, Samba is configured to map domain accounts into NethServer, thus files and directories access can be shared across the whole domain.
Joining an Active Directory domain has some pre-requisites:
- In page, set the domain controller as DNS. If a second DC exists, it can be set as secondary DNS.
- In page, set the DC as NTP time source; the Kerberos protocol requires the difference between systems clocks is less than 5 minutes.
After pre-requisites are set, proceed in Active Directory member role:page, by selecting the
- Fill Realm and Domain fields with proper values. Defaults come from FQDN host name: maybe they do not fit your environment so make sure Realm and Domain fields are set correctly.
- LDAP accounts branch must be set to the LDAP branch containing your domain accounts if you plan to install the Email module. It is not actually required by Samba.
- SUBMIT changes. You will be prompted for an user name and
password: provide AD
administratoror any other account credentials with permissions to join the machine to the domain.
For Email integration with AD, refer also to Email in Active Directory.
|||Samba official website http://www.samba.org/|
|||Naming conventions in Active Directory for computers, domains, sites, and OUs http://support.microsoft.com/kb/909264|
|||Registry changes for NT4-style domains https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains|