Simple Domain Controller With Samba
I’ve had many people ask me over the last week how to set up a simple Windows domain with a Samba primary domain controller. This is a pretty complex topic and can get really messy really fast. This “guide” (if you can call it that) assumes that you have Ubuntu 12.04 installed on a server and Samba is already installed. The network is configured statically, and the client(s) are on the same network, static IP addresses as well. This setup does not require a DNS or even a gateway or Internet connection. Obviously you would never setup a real network this way, but it might help those just getting started with Samba.
On the server in smb.conf, set/add/uncomment the following. Most of this is already in the file and simply needs uncommenting. Be sure to replace everything in <> with real values. It is somewhat important where these changes are made so try to keep them in order. Run the “testparm” command to check if you have made any errors in the smb.conf file before proceeding.
workgroup = <domain name>
netbios name = <server name>
wins support = yes
security = user
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
logon script = logon.cmd
add machine script = sudo /usr/sbin/useradd -N -g machines
-c Machine -d /var/lib/samba -s /bin/false %u
[homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %S
[netlogon] comment = Network Logon Service path = /srv/samba/netlogon guest ok = yes read only = yes
[profiles] comment = Users profiles path = /home/samba/profiles guest ok = no browsable = no create mask = 0600 directory mask = 0700
On the server, run:
sudo mkdir -p /srv/samba/netlogon sudo touch /srv/samba/netlogon/logon.cmd sudo mkdir -p /home/samba/profiles sudo chmod a=rwx -R /home/samba
sudo groupadd sambaadmin
sudo groupadd machines
sudo net groupmap add ntgroup=”Domain Admins”
unixgroup=sambaadmin rid=512 type=d
sudo adduser --ingroup sambaadmin <admin username> sudo usermod -a -G sudo <admin username> sudo smbpasswd -a <admin username>
sudo net rpc rights grant -U <admin username>
“<domain name>\Domain Admins” SeMachineAccountPrivilege
SePrintOperatorPrivilege SeAddUsersPrivilege
SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
sudo restart smbd sudo restart nmbd
On the client:
- Set the WINS server address to the address of the server
- If using Windows 7, apply the registry patch by adding the following keys:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - Join the domain with the admin account you just created
Optionally, to add another user:
sudo useradd <username> sudo smbpasswd -a <username>
August 28th, 2012 at 11:26 pm
Hi, You for the simple config. I will try to configure a simple PDC again. But Iam still looking for some answer for my previous issue I wish you could help me.
We have some WinXP, Windows7 and also some Linux Mint.
I wish to configre a PDC for this. at first I have installed the PDC in ubuntu 10.4. WINXP is able to Join but Linux was not able to join but able to ping the PDC. the error is BAD packet from DNS or something.
as I have read you need a good network name resolution to configure the PDC which migh be the problem.
do you have any guide on how to my Ubuntu SMB can be a local name resulution server and a PDC for both windows machine and linux machine.
Thanks
January 11th, 2014 at 12:34 pm
Hi,
I have a project that it is giving me so much stress i don’t know what to do anymore. I have a Windows active directory. containing all configured policy, and users etc… now I have to add a samba server to it, which runs on ubuntu or fedora. The aim for this project is: if the windows active directory fails or crash the samba server takes over. so the users can still logon in to their computer !
does somebody knows how to do this ?
CAN SOMEONE HELP ME
contact me via richard-fcgroningen@hotmail.com