Home arrow Help Docs arrow Setup Samba As Primary Domain Controller
Main Menu
Help Docs
Gnu/Linux Distros
Aaj Ka Tip
Aaj Ka Command
Free Software

Setup Samba As Primary Domain Controller Print E-mail
Setup SAMBA as Primary Domain Cotroller
When configuring Samba to act as an NT Primary Domain Controller, we'll need to make extensive edits to our smb.conf file. To start, open /etc/samba/smb.conf in your favorite text editor and begin at the top of the file. The following is a sample configuration file for SAMBA as Primary Domain Controller(PDC).

??????????? [root@LinuxServer tmp]#cat /etc/samba/smb.conf
??????????? [global]
??????????? workgroup = ROBOTICS
??????????? server string = Samba/NT PDC
??????????? netbios name = LinuxServer
??????????? security = user
??????????? encrypt passwords =yes
??????????? smb passwd file = /etc/samba/smbpasswd
??????????? unix password sync = yes
??????????? password program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %nn?????? \ *Retype*new*Unix*Passowrd %nn???? \ *passwd:*all*authenctication*tokens*updated*successufully
preferred master = yes
domain master = yes
local master = yes
os level = 64
domain logons = yes
add user script = /usr/bin/useradd –d /dev/null –g 100 –s /bin/false –M %u
comment = Home Directories of users
invalid users = root,sys,uucp
writable = yes
browseable = no
path = /etc/samba/netlogon
guest ok = yes
browseable = no
share modes = no
write list = administrator
  • Creating machine trust accounts on your PDC
On a Microsoft Windows NT PDC, machine trust accounts are user accounts owned by a single computer. The machines trust account password is a shared secret that allows for secure communication with the domain controller. Under Microsoft Windows NT, these trusted account passwords are stored in the registry. On a Samba PDC under Linux, these passwords are stored in the same location as your smbpasswd file.
You can create trusted machine accounts on your Samba PDC two ways.

a.?????? The first method is to create manually the password with a known value (such as the lower case netbios name of the machine) before you join the machine to the domain. For example, let's say we're adding the machine "robopc1" manually to our domain. Using text editor as root, open /etc/password file and create an entry that looks like this:

The appended "$" to the user "robopc1" in the /etc/passwd entry signifies this as a machine account. The rest of the settings establish the account without a home directory and no shell access. Once you've created this entry, add the user to your /etc/samba/smbpasswd file with the following command run as the superuser root:
[root@LinuxServer tmp]# smbpasswd -a? -s -m robopc1
New Unix Password : ******
Retype New Unix Password : ******
passwd: all authenctication tokens updated successufully
b.????? The other method creates the trusted machine account when the admin joins the machine to the domain. This second method uses the session key of the administrative account as an encryption key for setting the password to a random value. In your global settings of the /etc/samba/smb.conf file, add the setting:

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

You should then immediately join the machine to the domain with your NT Admin applet.

  • Start smb service.
[root@LinuxServer tmp]# /etc/init.d/smb start
Starting SMB services: [OK]
Starting NMB services: [OK]
< Previous   Next >

Join Us
About Us
Contact Us
Support Us
Login(only for dev.)

Royalty Free Images

O'Reilly User Group discount!

Powered By GIMP GIMP
Contact Webmaster Copyleft 2011 gnulinuxclub.org