I’ve had many people ask me over the last week how to set up a simple Windows domain with a Samba primary domain controller. This is a pretty complex topic and can get really messy really fast. This “guide” (if you can call it that) assumes that you have Ubuntu 12.04 installed on a server and Samba is already installed. The network is configured statically, and the client(s) are on the same network, static IP addresses as well. This setup does not require a DNS or even a gateway or Internet connection. Obviously you would never setup a real network this way, but it might help those just getting started with Samba.

On the server in smb.conf, set/add/uncomment the following. Most of this is already in the file and simply needs uncommenting. Be sure to replace everything in <> with real values. It is somewhat important where these changes are made so try to keep them in order. Run the “testparm” command to check if you have made any errors in the smb.conf file before proceeding.

 workgroup = <domain name>
 netbios name = <server name>
 wins support = yes
 security = user
 local master = yes
 os level = 64
 domain master = yes
 preferred master = yes
 domain logons = yes
 logon path = \\%N\%U\profile
 logon drive = H:
 logon home = \\%N\%U
 logon script = logon.cmd
 add machine script = sudo /usr/sbin/useradd -N -g machines
      -c Machine -d /var/lib/samba -s /bin/false %u
 comment = Home Directories
 browseable = no
 read only = no
 create mask = 0700
 directory mask = 0700
 valid users = %S
 comment = Network Logon Service
 path = /srv/samba/netlogon
 guest ok = yes
 read only = yes
 comment = Users profiles
 path = /home/samba/profiles
 guest ok = no
 browsable = no
 create mask = 0600
 directory mask = 0700

On the server, run:

 sudo mkdir -p /srv/samba/netlogon
 sudo touch /srv/samba/netlogon/logon.cmd
 sudo mkdir -p /home/samba/profiles
 sudo chmod a=rwx -R /home/samba
 sudo groupadd sambaadmin
 sudo groupadd machines
 sudo net groupmap add ntgroup=”Domain Admins”
      unixgroup=sambaadmin rid=512 type=d
 sudo adduser --ingroup sambaadmin <admin username>
 sudo usermod -a -G sudo <admin username>
 sudo smbpasswd -a <admin username>
 sudo net rpc rights grant -U <admin username>
<domain name>\Domain Admins” SeMachineAccountPrivilege
      SePrintOperatorPrivilege SeAddUsersPrivilege
      SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
 sudo restart smbd
 sudo restart nmbd

On the client:

  • Set the WINS server address to the address of the server
  • If using Windows 7, apply the registry patch by adding the following keys:
                DWORD  DomainCompatibilityMode = 1
                DWORD  DNSNameResolutionRequired = 0
  • Join the domain with the admin account you just created

Optionally, to add another user:

 sudo useradd <username>
 sudo smbpasswd -a <username>