January 27, 2021
Hot Topics:

Doing the Windows 2000 Samba

  • By Stew Benedict
  • Send Email »
  • More Articles »

Samba-PDC Setup

To use Samba as the primary domain controller, the following lines will need to be added to smb.conf:
   	domain master = yes
   	domain admin users = root stew
add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$
   	domain logons = yes
   	logon script = %U.bat

   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no
Substitute the user name for %U. You can create a batch file to mount a standard set of shares from whatever machine the user logs in at, or set the machine time from the server:


This file needs DOS-style CR/LF, rather than Unix, so it should be created on the Windows 2000 machine and then copied over to the server.

The add user script is still experimental. I opted for the manual addition of users. You will also need to add machines for Windows NT or 2000.

To add a user in Linux:

	adduser -g users -c 'Stew Benedict' -s /bin/false -n stew
And for Samba: smbpasswd -a stew You will be prompted for a password after the second command. The /bin/false entry prevents the user from logging on to the Linux machine. If you wanted a real shell account, you'd probably use /bin/bash. The -c parameter is just a comment.

To add a machine, you may want to create a "machines" group:

	groupadd machines

	adduser -g machines -c W2KMachine -d /dev/null -s /bin/false -n larry$

	smbpasswd -a -m larry$
A default password is created in this case. Note the '$' after the machine name; it's important.

Another thing to be aware of is that if you play with various versions of Samba, like I did, you can end up not being able to log in to the domain after switching versions. I found I needed to delete some files, and then delete and re-create the machine entries to get things to work:

	rm /etc/private/MACHINE.SID
	rm /etc/private/secrets.tdb

	smbpasswd -x larry$
	smbpasswd -a -m larry$

Windows 2000 Domain Login

I was unable to get this to work, but here is the process, per the Samba pages (it did work for Windows NT):
	Start | Settings | Network and Dial-up Connections
Then click on:
	Advanced | Network Identification | Properties
Enter your computer name (in my case, LARRY). Click on the Domain radio button and enter the domain name (in my case, AYSWNET). Enter a user name and password for a Domain Admin (who must be root until a pre-release bug is fixed). Click on OK, and you'll be welcomed to the domain and prompted to reboot the computer.

Page 4 of 5

This article was originally published on December 21, 2000

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date