Doing the Windows 2000 Samba

Samba-PDC Setup

To use Samba as the primary domain controller, the following lines will need to be added to smb.conf:

domain master = yes domain admin users = root stew add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ domain logons = yes logon script = %U.bat [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no

Substitute the user name for %U. You can create a batch file to mount a standard set of shares from whatever machine the user logs in at, or set the machine time from the server:

/home/netlogin/stew.bat:

	NET USE X: \\MOE\XFERS
	NET USE S: \\MOE\STEW
	NET TIME \\MOE /SET /YES

This file needs DOS-style CR/LF, rather than Unix, so it should be created on the Windows 2000 machine and then copied over to the server.

The add user script is still experimental. I opted for the manual addition of users. You will also need to add machines for Windows NT or 2000.

To add a user in Linux:

	adduser -g users -c 'Stew Benedict' -s /bin/false -n stew

And for Samba: smbpasswd -a stew You will be prompted for a password after the second command. The /bin/false entry prevents the user from logging on to the Linux machine. If you wanted a real shell account, you'd probably use /bin/bash. The -c parameter is just a comment.

To add a machine, you may want to create a "machines" group:

	groupadd machines

	adduser -g machines -c W2KMachine -d /dev/null -s /bin/false -n larry$

	smbpasswd -a -m larry$

A default password is created in this case. Note the '$' after the machine name; it's important.

Another thing to be aware of is that if you play with various versions of Samba, like I did, you can end up not being able to log in to the domain after switching versions. I found I needed to delete some files, and then delete and re-create the machine entries to get things to work:

	rm /etc/private/MACHINE.SID
	rm /etc/private/secrets.tdb

	smbpasswd -x larry$
	smbpasswd -a -m larry$

Windows 2000 Domain Login

I was unable to get this to work, but here is the process, per the Samba pages (it did work for Windows NT):

	Start | Settings | Network and Dial-up Connections

Then click on:

	Advanced | Network Identification | Properties

Enter your computer name (in my case, LARRY). Click on the Domain radio button and enter the domain name (in my case, AYSWNET). Enter a user name and password for a Domain Admin (who must be root until a pre-release bug is fixed). Click on OK, and you'll be welcomed to the domain and prompted to reboot the computer.

Page 4 of 5



This article was originally published on December 21, 2000