Configure Samba as a PDC on CentOS

::Installing Samba

[root@centos ~]# yum install samba samba-client

:: Configuration smb.conf

[root@centos ~]# vi /etc/nsswitch.conf

~~~~~[ change on this line : ]~~~~

hosts: files wins dns

~~~~~~~~~~~~~~~~

[root@centos ~]# vi /etc/samba/smb.conf

~~~~~[ add configuration like this : ]~~~~

[global]
workgroup = pdc
netbios name = samba
encrypt passwords = Yes

; security level
security = user

; the domain and local master browser
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = yes
wins support = yes
username map = /etc/samba/smbusers
name resolve order = wins bcast hosts

; automatically maps the home directory of the user
logon drive = q:

; loglevel
log level = 3

; users configure
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody/ %u
idmap uid = 15000-20000
idmap gid = 15000-20000

; sync smb passwords
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUnix\spassword:* %n\n *retype\snew\sUnix\spassword: %n\n .
passwd chat debug = yes
unix password sync = yes

; necessary share for domain controller
[netlogon]
path = /home/samba/netlogon
admin users = Administrator
valid users = %U
read only = no

; home configuration
[homes]
comment = Home
valid users = %S
read only = No
browseable = No

; profile configuration
[profile]
path = /home/samba/profiles
valid users = %U
create mode = 0600
directory mode = 0700
writable = Yes
browsable = No

; share directory for all users
[allusers]
path = /home/shares/users
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
writable = yes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:: Make directory for Samba users

[root@centos ~]# mkdir -p /home/samba/netlogon
[root@centos ~]# mkdir -p /home/samba/profiles
[root@centos ~]# chown -R root:users /home/samba/
[root@centos ~]# chmod -R 755 /home/samba/
[root@centos ~]# mkdir -p /home/shares/users
[root@centos ~]# chown -R root:users /home/shares/users/
[root@centos ~]# chmod -R 775 /home/shares/users/

:: Make user system for login Samba

[root@centos ~]# useradd test -n -g users
[root@centos ~]# passwd test
Changing password for user test.
New UNIX password: [userpassword]
Retype new UNIX password: [userpassword]
passwd: all authentication tokens updated successfully.

:: Add and enable Samba users

[root@centos ~]# smbpasswd -a test
New SMB password: [passworduser]
Retype new SMB password: [passworduser]
[root@centos ~]# smbpasswd -e test
Enabled user test.
[root@centos ~]# smbpasswd -a root
New SMB password: [rootpasswordsamba]
Retype new SMB password: [rootpasswordsamba]
[root@centos ~]# smbpasswd -e root
Enabled user root.

:: Starting Samba service

[root@centos ~]# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

:: Enable Samba service on booting

[root@centos ~]# chkconfig –add smb
[root@centos ~]# chkconfig –level 345 smb on

:: Testink
On Win2003 and WinXP:
+ login on Administrator users
+ klix right MyComputer – Properties – Computer Name
+ klix Change..and on Member of change Domain with Samba Workgroup Name (pdc)

+ login with user and password root Samba.
+ reboot and login with user samba information on Log on to domain (pdc).

About yosepraharja
none

12 Responses to Configure Samba as a PDC on CentOS

  1. jachen says:

    I like this post. Thank you very much. I will follow your Blog.

  2. akhrikas says:

    mas saya waktu join domain ada error

    ‘Logon failure;unknown username or bad password ‘

  3. rashid Iqbal says:

    After doing this all I am trying to logon to windows client machine, joined windows machine successfully and successfully authenticate but getting profile loading error:

  4. rashid Iqbal says:

    error message is
    windows cannot locate the server copy of roaming profile
    secondly
    windows cannot file the local copy of profile

    please help me to sort out this problem

    regards,

    rashid

  5. Ammar Hussain Sidhu says:

    [root@bigboy tmp]# groupadd samba-clients
    [root@bigboy tmp]# /usr/sbin/useradd -g samba-clients \

    [root@bigboy tmp]# passwd -l machine_name$
    [root@bigboy tmp]# smbpasswd -a -m machine_name

    do every thing as given in above documents and also add this , it will solve your problem

  6. repa says:

    [root@bigboy tmp]# /usr/sbin/useradd -g samba-clients \

    when i enter i get

    [root@bigboy tmp]# /usr/sbin/useradd -g samba-clients \
    >

    so is any thing missing or samba-clients is samba-clients only right dont have to change it to anything

    pls let me know

  7. edik says:

    mas mw tanya dunk, lo centos sebagai klientnya trus windows server 2003 sebaai dc nya.. cara koneknya gimana????
    bagi yang bisa tolong ya,,,,,,!!!
    trimmmm

  8. edik says:

    mas lo keluar kayak gini pas instal samba gimana????

    [root edik]# yum install smbclient
    loaded plugins: fastestmirror
    determining fastest mirrors
    could not retrieve mirrorlist http://mirrorlist.centos.org/?release=5&arch=i386&repo=addons error was
    [errno 4] I0error:
    Error: cannot find a valid baseurl for repo: addons

  9. vidyadhara says:

    when i try to login in user it’s creating romaing file. and also i have check with my computer properticy there change option disable (in local this computer user is administrator)

    give some idea how do i fix this problem?

  10. Ambicapathy P says:

    Hi this worked for me very well…Thanks a lot for your great help..

  11. Ambicapathy says:

    I have a problem…when logging in as a domain user in windows xp machine i am getting the following error.

    “Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator’s group must be the owner of the folder. Contact your network administrator. “

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: