Samba NT Domain Controller_unix Linux

Source: Internet
Author: User
Tags to domain
Currently, Samba can go beyond merely emulating Windows shares to actually acting as the Primary Domain Controller R Windows Network. Of course, Samba can also become a NT domain member. In the article we shall look at both options.


The domain concept is much better than the traditional workgroup concept. One of the primary benefits is has a centralized password database on the primary Domain Controller. Once authenticated, you can access any of the shares in the domain, without has to re-authenticate yourself.

If you are unfamiliar with Samba, then we ' ve got a couple of good howto ' so you can refer to. Look for links to them at the bottom of the article.

Samba as a NT Domain member

Samba emulates a NT workstation when becoming part of the domain. So, the the ' the ', the ' the ' need to ' do ' Create a machine account for your Samba machine on the domain controller. In NT with would use the program Server Manager for Domains to create. Once the "created" is the "need to add are" following lines to your file smb.conf the global section.


# Your Workgroup or Domain so you want
# to Login to
Workgroup = Freeos

# tell Samba to talk to domain controller
# for authentication
Security = Domain

# Specify the server to get authenticate
# from. You can specify the
# NetBIOS # Names of the servers or simply
# put in a ' * ' here and let
# Samba Find the server through broadcast
Password Server = PS1 PS2

# Make sure the Samba is using encrypted
# passwords
Encrypt passwords = yes

Now stop the Samba daemons

/ETC/RC.D/INIT.D/SMB stop

Give the following command to join the
NT Domain

Smbpasswd-j Domain-r DOMAINPDC


Domain here is the domain so you want to log. DOMAINPDC is the primary domain controller for that domain. You'll then a message saying, 揓 oined domain domain?

Now start your SMB and NMB daemons.

/ETC/RC.D/INIT.D/SMB start

That is all about joining an NT domain. Setting up Samba as your Primary Domain Controller are not very difficult.

Samba as Primary Domain Controller

Add the following to the global section of your smb.conf file.


# The domain you are want to being a PDC for
Workgroup = Simple

# tell-Samba to-use domain logons
Domain logons = yes

# User-level Security. Users must
# authenticate themselves with
# Valid username and password
Security = User

# Set to Yes and NMBD participates
# in the local master browser
# elections
Local Master = yes

# Set Os level value to make sure NMBD
# wins local Browse master
# elections. Should beat everyone
# According to the man page
OS level = 65

# give NMBD a advantage in
# Master Browser Elections
Preferred Master = Yes

# Set so that NMBD claims a unique
# NetBIOS name identifying it as
# a Domain Master
Domain Master = yes

# The following share is required to support
# domain logons. The directory May is
# created anywhere on your system. Make
# sure the share is non-writeable and also
# not a public share.
[Netlogon]
Comment = the domain Logon service
Path =/usr/local/samba/netlogon
public = No
writeable = no

The next thing to does is create the users on the Samba server this is to act as the domain controller. You can does this using the Useradd command.

Useradd g smbuser d/dev/null? S/dev/null ntuser

As you can, both shell and home directory for Ntuser is set to/dev/null. If your Windows users are not required to access the Unix box, your should use the above to deny access to the machine. Passwords are also not required to is set because Samba keeps the password hash in a separate file specified in the Config Uration file.


# Path to Samba password file
# Make sure only Root has read/write access
SMB passwd file =/usr/local/samba/smbpasswd

After adding a user (your can also use VIPW to add a user), your need to add the user to the Samba password database.

搒 mbpasswd 朼? would add all users in Unix passwd file to smbpasswd file. The usage and syntax are similar to the Unix passwd command. To change a Users?password use 搒 mbpasswd username?

That'll is enough for Samba to start authenticating Windows 9X clients. For NT workstations, some more work are done. You are have to create a machine account for each NT client, that'll logon. A machine the simply a REGULAR/ETC/PASSWD entry, with a?? Appended to the name of the NT machine.

Useradd-g Smbuser-杁/dev/null-杝/dev/null

Now add it to the password database

SMBPASSWD 朼 杕 ntclient (the $ at the "not required)

Samba can now accept logons from a NT client.

As you can, configuring Samba as a domain controller and domain member are a fairly easy job. The flip side is this since the result of major amounts of hacking and reverse engineering, it doesn ' t have all t He functionality of a proper domain controller. There is a alternative branch, Samba TNG that adds more functionality into this area.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.