Samba As PDC
How to use Samba as a Primary Domain Controller by dadexter
This tutorial will explain how to use Samba as a Primary Domain Controller using OpenLDAP for authentication.
A client of mine is migrating to a Linux server farm, and a mix of Linux and Windows workstations. In order to do that, I set it up at home using SlackWare.
The first step in this exercise is to setup Samba to act as PDC. I did that with the samba provided by a standard Slackware 10.1 install.
First, we need a config file. Here's a copy of mine:
; /etc/samba/smb.conf ; Machine: Cirion [global] workgroup = SIGTERM netbios name = Cirion server string = Domain Controller [Cirion] hosts allow = 192.168.100. 127. security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo eth0 bind interfaces only = yes password level = 20 local master = yes os level = 65 domain master = yes preferred master = yes null passwords = no hide unreadable = yes hide dot files = yes domain logons = yes logon script = login.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U\.9xprofile wins support = yes name resolve order = wins lmhosts hosts bcast dns proxy = no time server = yes log file = /var/log/samba/log.%m max log size = 50 smb passwd file = /etc/samba/private/smbpasswd add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u passwd program = /usr/bin/passwd %u passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*" [netlogon] path = /var/lib/samba/netlogon public = no writeable = no browseable = no [profiles] path = /var/lib/samba/profiles browseable = no writeable = yes default case = lower preserve case = no short preserve case = no case sensitive = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ write list = @users @root create mode = 0600 directory mode = 0770 nt acl support = Yes [homes] comment = Home Directories browseable = no read only = no create mode = 0750 path = /home/%U valid users = %S guest ok = no [winstuff] comment = Windows Stuff path = /usr/local/site/windows public = yes writeable = no browseable = yes write list = @users
After the config file is created, restart Samba by issuing the following command as root:
/etc/rc.d/rc.samba stop /etc/rc.d/rc.samba start
Next, we need to add our users to Samba. Please note that is temporary for step 1. We will replace that with LDAP authentication in step 3.
smbpasswd -a root smbpasswd -a <USER>
The 1st command is required to be able to add your Windows machines to the Domain. Run the 2nd one for every user you want to login to this PDC.
More to come... I'm not done with the setup.
--dadexter 23:51, 27 Aug 2005 (GMT)