I wanted to setup a PDC via samba for my home network since I am wanting a common login onto all of the machines at home and also since I already share files via samba why not just add this. This is a very novice basic setup of PDC.
Several items are needed espcially host entries/dns records to make this work.
lets assume several items
Domain : testdomain.local
PDC Hostname : pdc
PDC IP : 192.168.1.1
User : thisisyou
Client Hostname : testdesktop
1. Install Samba.
yum groupinstall "CIFS file server" or yum install samba
2. Network testing
from your windows machine make sure that you are able to ping and resolve testdomain.local and pdc and pdc.testdomain.local
if it does not ping please edit your DNS or hosts file to make the proper entries
from the PDC server ping and dns lookup your PDC Hostname and make sure you are getting good results back first
3. Samba Configuration
usually located in /etc/samba/smb.conf
[global]
domain logons = yes
domain master = Yes
netbios name = PDC
workgroup = testdomain.local
os level = 255
preferred master = yes
security = user
wins support = yes
[homes]
valid users = %S
read only = no
browseable = no
create mode = 0600
directory mode = 0700
The above is the bare minimal that you will need to have this working. There are much more options to add if you want to get fancier
starting service
chkconfig smb on
chkconfig nmb on
service smb start
service nmb start
Now lets create groups and users
groupadd smbuser
groupadd workstation
useradd -d /home/thisisyou -g smbuser -s /bin/false -m thisisyou
useradd -d /dev/null -g workstation -s /bin/false testdesktop$
Now we need to add the users to the samba database
smbpasswd -a thisisyou
smbpasswd -a root
smbpasswd -a -m testdesktop$
it is very important to add the client desktop to the users and samba database or else it will not join the domain. The “$” is required at the end of the machine name. PLEASE DO NOT FORGET.
you can check the database by issuing pdbedit -Lv
you can also look up various info such as
pdbedit -v thisisyou
pdbedit -r -f "This is You" thisisyou
The basic setup is complete however we will need to add the domain user to the Administrator group if needed
Samba no longer allows you to change the Primary Group SID directly, it is now set dynamically from group mappings. By default all users receive an RID of the Domain Users Group which is 513, for the Domain Admins Group the RID needs to be 512. This is the final three digits in the Primary Group SID as in:
Primary Group SID: S-#-#-##-#########-#########-##########-513
Lets create a new group called smbadmin and add any users in that group to be administrators
groupadd smbadmin
usermod -g smbadmin jlim
groups jlim
net groupmap add rid=512 ntgroup="Domain Admins" unixgroup=smbadmin
pdbedit -v jlim
look for the line Primary Group SID: S-#-#-##-#########-#########-##########-512
