Monday, December 20, 2010

Samba PDC domain controller on RedHat /Cent OS

Samba PDC is used for centralized authentication and domain control of Windows
operating systems.

Here we will set a samba PDC machine with domain name lap.work and create some
users. And we will check whether these users are able to login to this domain from different
machines.

In this example we are working on rhel5. It will also work on other distributions like RedHat, Centos, Fedora, etc.

Samba PDC Machine:
rhel 5.4
IP : 192.168.0.1

Windows Client:
Windows  XP Professional SP2
Computer Name : lap-xp
Domain Name : lap.work
IP : 192.168.0.2

Installation:

Install samba packages:
[root@sambapdc ~]# yum install samba*

Configuration:

open the samba configuration file and make the following edits.
[root@sambapdc ~]# vim /etc/samba/smb.conf

Uncomment or edit the lines as shown below.

In global settings:

workgroup = lap.work #domain name
server string = Samba PDC Server #as host name. just to identify
netbios name = samba #netbios name for communication
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\%L\Profiles\%U #profile entry
security = user
passdb backend = tdbsam

In share definishions:

[homes]
browseable = yes
writable = yes

[netlogon]
path = /home/netlogon
writable = no

[Profiles]
path = /home/profiles
create mask = 0755
directory mask = 0755
writable = yes #should give. Else you will get ACCESS DENIED errors

Now create the following directories:

[root@sambapdc ~]# mkdir -m 1777 /home/profiles
[root@sambapdc ~]# mkdir -m 1777 /home/netlogon

Attaching a windows machine:

Now create a group named machine and add a user with the name of windows client
[root@sambapdc ~]# groupadd -g 200 machine
[root@sambapdc ~]# useradd -d /dev/null -g 200 -s /sbin/nologin lap-xp$
Where lap-xp is the name of the machine we are attaching to samba PDC
[root@sambapdc ~]# smbpasswd -m -a lap-xp

Start the samba service:

[root@sambapdc ~]# service smb start
[root@sambapdc ~]# chkconfig smb on
Run testparm and test your configuration settings:
[root@sambapdc ~]# testparm
[root@sambapdc ~]# smbpasswd -a root
[root@sambapdc ~]# smbpasswd -e root

Add two more users for testing:

#useradd user1
#smbpasswd -a user1
#smbpasswd -e user
#useradd user2
#smbpasswd -a user2
#smbpasswd -e user2
[root@sambapdc ~]# service smb restart

On windows machine:

Right click the My Computer icon
Take properties
Take Computer name tab
Add the system to lap.work domain
you will be prompted for a username and password. Give root and its password.
System may need to restart

you can see that when we are logged as user1 a directory user1 will be created in /home/profiles
in samba PDC machine. This will be the home directory of that user. He will he able to login
from all machines in this domain and will be getting to this same directory.

:)

9 comments:

Anonymous said...

Thanks a lot! This really helped. :)))

Anonymous said...

Thanks a lot! This was really helpful :)

Anonymous said...

Thanks a lot
But if I want to join domain in another machine, I have to excute this command.

useradd -d /dev/null -g 200 -s /sbin/nologin lap-xp$

Anonymous said...

Thanks a lot !!!!!!

devops said...

i have use centos6 and samba 3.5, but at client side(windows sp2/3 and w7) i getting error "a domain controller for the domain lap.work could not nbe contacted; Ensure that the domain name is type correctly" also i change registry setting like

-in regedit : HKEYLOCALMACHINE\...\Parameters\requiresignorseal -> 0
-in regedit : HKEYLOCALMACHINE\...\Parameters\signsecurechannel -> 0

- in regedit : HKEYLOCALMACHINE\Software\...\CompatibleRUPSecurity --> 1
as a DWORD

And also set DNS:10.0.0.120(vpn).

plz help me ,it required other setting ?

thank
ravi(raviggajjar@gmail.com)

Anonymous said...

i have use centos6 and samba 3.5, but at client side(windows sp2/3 and w7) i getting error "a domain controller for the domain lap.work could not nbe contacted; Ensure that the domain name is type correctly" also i change registry setting like

-in regedit : HKEYLOCALMACHINE\...\Parameters\requiresignorseal -> 0
-in regedit : HKEYLOCALMACHINE\...\Parameters\signsecurechannel -> 0

- in regedit : HKEYLOCALMACHINE\Software\...\CompatibleRUPSecurity --> 1
as a DWORD

And also set DNS:10.0.0.120(vpn).

plz help me ,it required other setting ?

thank

ravi

devops said...

i have use centos6 and samba 3.5, but at client side(windows sp2/3 and w7) i getting error "a domain controller for the domain lap.work could not nbe contacted; Ensure that the domain name is type correctly" also i change registry setting like

-in regedit : HKEYLOCALMACHINE\...\Parameters\requiresignorseal -> 0
-in regedit : HKEYLOCALMACHINE\...\Parameters\signsecurechannel -> 0

- in regedit : HKEYLOCALMACHINE\Software\...\CompatibleRUPSecurity --> 1
as a DWORD

And also set DNS:10.0.0.120(vpn).

plz help me ,it required other setting ?

thank

ravi

Unknown said...

thanks you saved my day..

Unknown said...

thanks you saved my day..