https://www.slackwiki.com/index.php?title=Samba_As_PDC&feed=atom&action=historySamba As PDC - Revision history2024-03-29T07:41:13ZRevision history for this page on the wikiMediaWiki 1.40.0https://www.slackwiki.com/index.php?title=Samba_As_PDC&diff=174&oldid=prevErik: Copy from old2009-06-06T23:18:26Z<p>Copy from old</p>
<p><b>New page</b></p><div>[[Category:Tutorials]]<br />
How to use Samba as a Primary Domain Controller<br />
by dadexter<br />
<br />
----<br />
<br />
<br />
This tutorial will explain how to use Samba as a Primary<br />
Domain Controller using OpenLDAP for authentication.<br />
<br />
<br />
Why:<br />
<br />
A client of mine is migrating to a Linux server farm, and a mix of Linux<br />
and Windows workstations. In order to do that, I set it up at home using<br />
SlackWare.<br />
<br />
STEP 1<br />
<br />
----<br />
<br />
The first step in this exercise is to setup Samba to act as PDC. I did that<br />
with the samba provided by a standard Slackware 10.1 install.<br />
<br />
First, we need a config file. Here's a copy of mine:<br />
<br />
; /etc/samba/smb.conf<br />
; Machine: Cirion<br />
<br />
[global]<br />
workgroup = SIGTERM<br />
netbios name = Cirion<br />
server string = Domain Controller [Cirion]<br />
hosts allow = 192.168.100. 127.<br />
<br />
security = user<br />
encrypt passwords = yes<br />
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192<br />
interfaces = lo eth0<br />
bind interfaces only = yes<br />
password level = 20<br />
<br />
local master = yes<br />
os level = 65<br />
domain master = yes<br />
preferred master = yes<br />
null passwords = no<br />
hide unreadable = yes<br />
hide dot files = yes<br />
<br />
domain logons = yes<br />
logon script = login.bat<br />
logon path = \\%L\profiles\%U<br />
logon drive = H:<br />
logon home = \\%L\%U\.9xprofile<br />
wins support = yes<br />
name resolve order = wins lmhosts hosts bcast<br />
dns proxy = no<br />
time server = yes<br />
log file = /var/log/samba/log.%m<br />
max log size = 50<br />
smb passwd file = /etc/samba/private/smbpasswd<br />
<br />
add user script = /usr/sbin/useradd -m %u<br />
delete user script = /usr/sbin/userdel -r %u<br />
add group script = /usr/sbin/groupadd %g<br />
delete group script = /usr/sbin/groupdel %g<br />
add user to group script = /usr/sbin/usermod -G %g %u<br />
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u<br />
passwd program = /usr/bin/passwd %u<br />
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"<br />
<br />
[netlogon]<br />
path = /var/lib/samba/netlogon<br />
public = no<br />
writeable = no<br />
browseable = no<br />
<br />
[profiles]<br />
path = /var/lib/samba/profiles<br />
browseable = no<br />
writeable = yes<br />
default case = lower<br />
preserve case = no<br />
short preserve case = no<br />
case sensitive = no<br />
hide files = /desktop.ini/ntuser.ini/NTUSER.*/<br />
write list = @users @root<br />
create mode = 0600<br />
directory mode = 0770<br />
nt acl support = Yes<br />
<br />
[homes]<br />
comment = Home Directories<br />
browseable = no<br />
read only = no<br />
create mode = 0750<br />
path = /home/%U<br />
valid users = %S<br />
guest ok = no<br />
<br />
[winstuff]<br />
comment = Windows Stuff<br />
path = /usr/local/site/windows<br />
public = yes<br />
writeable = no<br />
browseable = yes<br />
write list = @users<br />
<br />
<br />
After the config file is created, restart Samba by issuing the following command<br />
as root:<br />
<br />
'''/etc/rc.d/rc.samba stop'''<br />
'''/etc/rc.d/rc.samba start'''<br />
<br />
<br />
Next, we need to add our users to Samba. Please note that is temporary for step 1.<br />
We will replace that with LDAP authentication in step 3.<br />
<br />
'''smbpasswd -a root'''<br />
'''smbpasswd -a <USER>'''<br />
<br />
The 1st command is required to be able to add your Windows machines to the Domain.<br />
Run the 2nd one for every user you want to login to this PDC.<br />
<br />
----<br />
More to come... I'm not done with the setup.<br />
<br />
<br />
--[[User:Dadexter|dadexter]] 23:51, 27 Aug 2005 (GMT)</div>Erik