Jump to content
Sign in to follow this  

Samba PDC

Recommended Posts

This may be a very useful article to some. I have not tested it fully but intend too.





1. The usual warnings: read them


DO NOT create users/passwords containing capital letters for use with Samba PDC.

DO NOT INTEGRATE THIS IN AN EXISTING NT/SAMBA network without knowing what you are doing.

Read The Fine Manuals at http://www.samba.org

I don't discus switching the clients for domain logons.

I do not know if the WEBDAV link remain's operational

Tested in network with XP and 98

This can be used as a full featured NT 4 server SP3 PDC (I believe NT is a trademark of Microsoft etc..)


This is a good link www.itweek.co.uk/News/1131114 comparing samba and W2k


2. Created extra directories






ls -l

drwxrwxrwx 2 root root 4096 May 15 19:19 netlogon

drwxrwxrwx 3 root root 4096 May 15 19:26 profile


3. This is my /etc/samba/smb.conf



It's a modified original smb.conf for CC

HOME becomes the DOMAIN, instead of the WORKGROUP




workgroup = HOME

netbios name = Server1

server string = Server1

interfaces = eth1

bind interfaces only = Yes

encrypt passwords = Yes

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u


; use of logonscript add a username.bat in Clarkconnectprofile

logon script = profile%U.bat


; Uncomment for debug purposes

; log level = 10

log file = /var/log/samba/log.%m



; This setting is for XP and W2K. Just copy the map C:Documents and Settingsusername

; to username.domain

; all passwords stored perviously in a pwl file will be lost. Need to re-enter them


logon path = C:Documents and Settings%U.HOME

domain logons = Yes


; This setting make's you win elections from EVERY ms server.

; Be carefull with it!


os level = 99

preferred master = True

domain master = True

dns proxy = No

wins support = Yes


; execute from a client the DOS command "net time /set /y

; this will synchronise the time from the client with this from the CC box

time server = Yes


; Needed share for netlogon scripts (ref Windows 9.x)



path = /home/netlogon

comment = Logon scripts and policies

create mask = 0644

write list = gedeco

directory mask = 0755


comment = Shared Folder

path = /home/shared

read only = No

create mask = 0600

directory mask = 0700


comment = Read Only - Internet Shared Folder

path = /home/webdav/files

guest ok = Yes


comment = Web Site

path = /var/www

read only = No

create mask = 0755

guest ok = Yes


; The exclusive home directory for the autheticated user



comment = User Directory

path = /home/%U

read only = No

; could be used to store profiles. could be slow to use!



path = /home/profile

read only = No

create mask = 0600

directory mask = 0700


path = /tmp

guest ok = Yes

printable = Yes

printing = cups

browseable = No


After applying the /etc/smb.conf restart the service.


service smb restart



4. Adding the user which can join domains.



Only root can do this in a Samba domain (one of the isue's about samba)




smbpasswd -a root


enter the passwords (choose a password other than the "real" root password!!!)



5. Adding Computers to the domain (Windows NT, Windows 2000,XP)



root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine nickname" -s /bin/false machine_name$


root# passwd -l machine_name$


root# smbpasswd -a -m machine_name


6. Adding Users



root# useradd myuser

root# smbpasswd -a myuser

(add password)

There's a trick to synchronize linux users and windows users, but it would create a lot of unusefull windows users.

For instance gopher, ftp etc...


7. Windows XP and 2000 registry changing



This is a MUST!





Cause XP uses default encrypted communication.


8. copying a existing user profile



This is an example of migrating my profile on my XP desktop. For other MS OS, it might be different.

And I hate to lose my fancy Desktop


C:Documents and Settingsuser to C:Documents and Settingsuser.HOME

(HOME is the DOMAIN name used in smb.conf)


logoff and logon to the domain



Maybe not the best way, but it was satisfying for my needs.



9. Windows 9x client



No need to add a machine profile (only NT,W2K or XP)

Any proper created user could log on.


10. Extra feature



You could synchronize time using dos command

net time /set /y

Share this post

Link to post
Share on other sites
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...