Build A Primary Domain Controller With Samba, Part 2

Our recipe for quick configuration will make it easy for you to drop a Samba-based PDC into your Windows network for single sign-on authentication, roaming profiles, and more.

By  Carla Schroder | Jul 17, 2007
Page 1 of 2
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Second of two parts. Read Part One.

Today we leap right into smb.conf and configure our Samba primary domain controller. Remember- There Can Be Only One. Do not use this if there is already a PDC on your network.

It may help to print and annotate smb.conf. Be sure to make a backup copy before changing anything. Samba's man pages are exceptionally useful, start with man samba and man smb.conf. Some comments below are abbreviated, see smb.conf for the full text. A complete list of global parameters is in man smb.conf. You can't just invent them- must use the official Samba parameters.

[global]
Put your domain name and server hostname here:
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MYGROUP
netbios name = HOSTNAME

# server string is the equivalent of the NT Description field
server string = Samba PDC %v %h
%v displays the Samba version number, %h displays the hostname. This shows up in Network Neighborhood. See man smb.conf for a full explanation of all variable substitutions. Or say anything you want:
server string = Carla's Samba server, and a darn fine one it is

Define subnets:
# This option is important for security...
hosts allow = 192.168.1., 127.
or
hosts allow = 192.168.1.0, 127.0.0.1/255.255.255.0
The localhost 127.0.0.1 will always be allowed access, unless denied by a "hosts deny" option. Use space, comma, or tab delimiting. Individual IPs can be excluded here with the EXCEPT keyword:
hosts allow = 192.168., EXCEPT 192.168.1.100

# Put a capping on the size of the log files (in Kb).
max log size = 50
Side note: I like to isolate /var in its own partition, to prevent crashes if something causes a log file to grow hugely, such as a DOS attack or other mayhem.

# Security mode...
security = user

# You may wish to use password encryption....
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

# The following are needed to allow password changing from Windows to # update the Linux system password also.
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n *password*successfully*updated*

# Browser Control Options:
local master = yes

#OS Level ...
os level = 64

# Domain Master specifies Samba to be the Domain Master Browser....
domain master = yes

# Preferred Master ...
preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
domain logons = yes

# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
logon path = \\%L\Profiles\%U

Add these lines:
logon home = \\%L\%U
logon drive = H: (or whatever you like)
logon script = netlogon.bat

#=== shares ===
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
writable = no
share modes = no

[Profiles]
path = /home/samba/profiles
browseable = no

cschroder@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >