Samba as Primary Domain Controller in CentOS 6

Step 1: Installing Samba
All the necessary RPM should be present in the installation media (CD/DVD). If needed, the online repository of repoforge.org is very good too.



Step 2: Preparing the Configuration Files
Now that Samba is installed, it is time to prepare the configuration file. I've said it before and I'll say it again, it's always a good idea to back up the .conf file before modifying.


Here are the modifications




Step 3: Starting the Service




It can be seen from the netstat output that the domain controller is running and is listening to port 137 & 138.

Step 4: User Management
To add clients into the domain, both machine and human users must be created. There are a couple of steps, but it's not hard.




Now that the Unix users are created, time to create the samba users.




Step 5: Adding Windows Client Machine
I'd be demonstrating the procedure for WinXP only. The process is almost identical for all Windows versions. First, we need to login as administrator.


  1. Start > My Computer (Right Click) > Properties
  2. Computer Name > Change
  3. Set the computer name and domain
  4. Enter administrative samba username and password i.e. user: root and password set by smbpasswd -a root
  5. Reboot


After successfully adding the machine into the domain, the workstation needs to be restarted. After restarting, we simply login using the domain user.

Logging in

Work Complete.

Note:
This configuration will not work with netlogons. Personally, I don't like netlogons because it
  • creates additional traffic inside the network.
  • login processes are pretty slow, depends on the volume of user data and the network infrastructure.
  • server hard disk gets full quickly if user quota is not maintained strictly.

Hope it helps ^_^


Comments

  1. Not sure If I'm reading your notes right. Without having the netlogons do the accounts have to be made on the computer connecting to the domain? If so they have to be made to match the accounts created on the domain correct?

    ReplyDelete
  2. Yes, the accounts have to be created in the respective client machines (Windows). For example, if I need to add a machine "testMachine" with user "testUser" having password "testPass", then here's what I would do

    useradd testMachine$
    useradd testUser

    smbpasswd -a -m testMachine$
    smbpasswd -a testUser (and I set the password testPass here as well).

    Then, in the client machine, we have to create a windows user "testUser" having password "testPass" and who is a member of the specified domain to be able to connect to the domain.

    Hope this clears the confusion. Knock me if it's still not clear.

    ReplyDelete
  3. plz help me
    .. i have configure samba pdc on rhel6
    when i try join windows7 as pdc clients ... machine give me welcome massage for joining domain and also give a dns arror massage

    ReplyDelete
    Replies
    1. You need to modify the win7 registry in order to add it to the domain. Here's a link that might help.

      http://www.enterprisenetworkingplanet.com/windows/article.php/3849061/Use-Samba-With-Windows-7-Clients.htm

      Try googling for further information.

      Delete
  4. Hi
    Am having trouble in joining to domain from client system which is windows xp installed. So the error is if i try to logon with the normal user user1 its saying access is denied but if i try to logon as root its saying unknon username or passwd

    Need hlp
    thnks

    ReplyDelete
    Replies
    1. Make sure you have users created for both Samba and Windows i.e. users of samba need to be mapped to users of Windows.

      You will not be able to log on using root.

      Delete
  5. hey i am new to this post but i tried your code and its working.
    HEY yagneshgfgc i have a solution for your problem.i was facing the same.

    plz check in your linux server whether ur system date and time settings are properly set or not bcoz in my case that was the issue.

    ReplyDelete
  6. Hey Sarmed Rahman,
    i have another issue.
    i have joined my windows xp client machine into linux domain.now i am able to login into linux domain using my win xp client machine but the problem is that when i am trying to log in it says your local profile will not be loade so you will be logged as a temporary profile.
    y it is so.

    ReplyDelete
    Replies
    1. Please check whether the hard drive of the Server is full. I had a similar issue where there was no free space in the hard disk of the server, causing users to log in with temporary sessions.

      Delete
  7. Nice post.I will test this later coz of time limit.:)

    ReplyDelete
  8. Hi,

    How to add it on centos client machine

    ReplyDelete
  9. can you please help out
    how to change the fileds in
    # vi /etc/samba/smb.conf
    ...... TO connect the windows system in linux system

    ReplyDelete
  10. A.O.A brother can we add policies like windows server example if we want to block usb or want to allow specific company custom wallpaper so how we do like this any response must me appreciated and thanks is advance,

    ReplyDelete

Post a Comment