Doing the Windows 2000 Samba
Samba-PDC Setup
To use Samba as the primary domain controller, the following lines will need to be added to smb.conf:domain master = yes domain admin users = root stew add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ domain logons = yes logon script = %U.bat [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no |
/home/netlogin/stew.bat:
NET USE X: \\MOE\XFERS NET USE S: \\MOE\STEW NET TIME \\MOE /SET /YESThis file needs DOS-style CR/LF, rather than Unix, so it should be created on the Windows 2000 machine and then copied over to the server.
The add user script is still experimental. I opted for the manual addition of users. You will also need to add machines for Windows NT or 2000.
To add a user in Linux:
adduser -g users -c 'Stew Benedict' -s /bin/false -n stewAnd for Samba: smbpasswd -a stew You will be prompted for a password after the second command. The /bin/false entry prevents the user from logging on to the Linux machine. If you wanted a real shell account, you'd probably use /bin/bash. The -c parameter is just a comment.
To add a machine, you may want to create a "machines" group:
groupadd machines adduser -g machines -c W2KMachine -d /dev/null -s /bin/false -n larry$ smbpasswd -a -m larry$A default password is created in this case. Note the '$' after the machine name; it's important.
Another thing to be aware of is that if you play with various versions of Samba, like I did, you can end up not being able to log in to the domain after switching versions. I found I needed to delete some files, and then delete and re-create the machine entries to get things to work:
rm /etc/private/MACHINE.SID rm /etc/private/secrets.tdb smbpasswd -x larry$ smbpasswd -a -m larry$
Windows 2000 Domain Login
I was unable to get this to work, but here is the process, per the Samba pages (it did work for Windows NT):Start | Settings | Network and Dial-up ConnectionsThen click on:
Advanced | Network Identification | PropertiesEnter your computer name (in my case, LARRY). Click on the Domain radio button and enter the domain name (in my case, AYSWNET). Enter a user name and password for a Domain Admin (who must be root until a pre-release bug is fixed). Click on OK, and you'll be welcomed to the domain and prompted to reboot the computer.
Page 4 of 5
This article was originally published on December 21, 2000