www.networkusall.

com

Domain Controller (dc)

======================

For those of you who require your workstations to login to a domain for better
centralised control over user accounts, you don't need MS Windows Server.
Samba was initially intended to provide a Windows style share that a drive letter
can be mapped to.
However it's a little more versatile than that.

The official description of Samba:-

"Samba is an Open Source/Free Software suite that provides seamless file and print
services to SMB/CIFS clients." Samba is freely available, unlike other SMB/CIFS
implementations, and allows for interoperability between Linux/Unix servers and
Windows-based clients.

Right lets get down to the nitty gritty...

(1) Samba as a Primary Domain Controller

Install Samba on your, to be, Linux domain controller

Locate smb.conf (try /etc/samba/) and edit as follows:-

# Global parameters
[global]
workgroup = computerdomain
Netbios name = computerdcname
encrypt passwords = Yes
; this tells Samba that security level must be set to user
security = user

;Samba is the domain and local master browser.

os level = 65
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
#logon path = \\%n\profiles\%u

;automatically maps the home directory of the user, can be any drive letter you
want. \\computerdcname is the Samba server netbios name
# I have chosen not to use this...you tend to find that Windows XP will end up
with drive Z: mapped anyway.
#logon drive = q:
#logon home = \\computerdcname\%u

;neccessary share for domain controller

[netlogon]
; comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no

[homes]
read only = no
browseable = no

[music]
path = /data/mp3
public =yes
browseable = yes
write list = mw, jackie

[everyone]
path = /data/everyone
browseable = yes
read only = no

(2) Adding a Windows machine account with password...

At the command shell prompt type

useradd -s /bin/false -d /dev/null computerdcname\$

smbpasswd -a -m computerdcname

You will not be prompted for a password, this will be taken from your Windows
password.

Restart samba -
service smb restart

All that is left now is to add a user account in Linux and Samba -
useradd -g users johnsmith
passwd johnsmith
smbpasswd -a johnsmith

When prompted for a password, they don't have to be the same.

Well there you go, you are now ready to join your PC to the new domain. A word of
warning here, if you do not intend the user to have local admin privileges, you
will need to join the domain with the root account login first. After which you
can login with the user account.

NOTE: Some versions of linux will not properly recognise the command to add the
computer name. In this case you will need to manually edit the file /etc/passwd.

e.g. add the following line...

computerdcname$:x:506:506::/dev/null:/bin/false

Where 506 is the next unused number.