Samba PDC domain controller on RedHat /Cent OS

SAMBA PDC

Samba PDC is used for centralized authentication and domain control of Windows
operating systems.

Samba PDC Machine:
RHEL 6.0
IP : 192.168.0.1

Host Name: akt-svr

Windows Client:
Windows  XP Professional SP2
Computer Name : smb-test
Domain Name : example.com
IP : 192.168.0.2

SAMBA PDC Installation:

Install samba packages:
[root@sambapdc ~]# yum install samba*

Configuration:

# vim /etc/samba/smb.conf

In global settings:

workgroup = example.com #domain name
server string = Samba PDC Server #as host name. just to identify
netbios name = akt-svr #netbios name for communication
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\%L\Profiles\%U #profile entry
security = user
passdb backend = tdbsam

Add machine script = /usr/sbin/useradd –d /dev/null –g 200 –s /sbin/nologin –c “Workstation (%u)” “%u”

In share definishions:

[netlogon]
path = /home/netlogon
writable = no

[Profiles]
path = /home/profiles
create mask = 0755
directory mask = 0755
writable = yes #should give. Else you will get ACCESS DENIED errors

Now create the following directories:

[root@sambapdc ~]# mkdir -m 1777 /home/profiles
[root@sambapdc ~]# mkdir -m 1777 /home/netlogon

Creating the machine group:

[root@sambapdc ~]# groupadd -g 200 machine

Start the samba service:

[root@sambapdc ~]# service smb start

[root@sambapdc ~]# service nmb start
[root@sambapdc ~]# chkconfig smb on

[root@sambapdc ~]# chkconfig nmb on

Run testparm and test your configuration settings:
[root@sambapdc ~]# testparm
[root@sambapdc ~]# smbpasswd -a root

Create Domain Admins & Domain Users:

All we need to do in is create groups to be maped with their respectives on the samba. We will create the groups “ntadmin” and “ntuser“.

#groupadd ntadmin

#groupadd ntuser

Now we need map these groups in the Samba. To do this, we will use the comand “net“.

#net groupmap add ntgroup=”Domain Admins” unixgroup=ntadmin rid=512 type=d comment=”Administrators”

#net groupmap add ntgroup=”Domain Users” unixgroup=ntuser rid=513 type=d comment=”Users”

We can create now, new users and add them in that group. This is done passing the -g parameter with “useradd“.

To create Domain Admin

#useradd -g ntadmin user1

#smbpasswd –a user1

To create Domain Users

#useradd –g ntuser user2

#smbpasswd –a user2

Start Samba Service:

[root@sambapdc ~]# service smb restart

Attaching a windows machine:

Right click the My Computer icon
Take properties
Take Computer name tab
Add the system to example.com domain
you will be prompted for a username and password. Give root and its password.
System may need to restart

Additional Informations:

1. You can see that when we are logged as user1 a directory user1 will be created in /home/profiles in samba PDC machine. This will be the home directory of that user. He will he able to login from all machines in this domain and will be getting to this same directory.

2. If the user already exist, we can change the primary group with the command “usermod” and we need change this user group in samba with the “pdbeit“, we will specify the group in samba with the RID of the group.

#usermod -g ntadmin user3

pdbedit -r -G Group_RID -u User

Ex: pdbedit -r -G 512 -u user3

All admin users will have access to all shares with admin privileges. To change this, we can add the following options in the share configs:

invalid users =  @ntadmin

3. Reference:

http://www.linuxhelp.in/2010/06/how-to-install-and-configure-samba-pdc.html

http://trufelli.wordpress.com/2011/03/10/how-to-create-administrators-of-a-samba-domain/