.png)
If you are working in a corporate sector then you must have noticed that most of the IT companies are using Active Directory on Windows Server for centralized authentication of all the employees or users but now Linux has introduced Samba3 which can be used to provide the same functionality and features without paying anything from your pocket.But Samba3 lacks some of the features of Active Directory so recently Samba4 has been launched by Samba which can used to configure Active directory Domain controller on the Linux machine and can be controlled using client software on any of the windows machine consisting of all the features of Active Directory. I won't be able to explain the feature of all the command for that you can take help of "GOOGLE" but I will try my level best from my side to explain all the required commands.
You can just follow the steps which I am going to post here and if you face any problem regarding the same kindly revert back with your error.
NOTE: Kindly take a backup copy of all the original configuration files you are going to use in this tutorial.
This is the scenario we are going to configure
Server: CentOS 6
IP Address: 10.10.10.100
users : user1, user2
IP Address: 10.10.10.90
machine name : machine1
First of all make sure all the required packages are installed in your system and if not you can install them using "yum"
The line domain master = yes causes Samba to be the domain master browser, which handles browsing services for the domain across multiple subnets if necessary. Although it looks very similar, local master = yes does not cause Samba to be the master browser on the subnet, but merely tells it to participate in browser elections and allow itself to win. The next two lines ensure that Samba wins the elections.Setting the preferred master parameter makes Samba force an election when it starts up.machine name : machine1
First of all make sure all the required packages are installed in your system and if not you can install them using "yum"
# rpm -qa | grep samba samba-3.5.10-116.el6_2.i686 samba-common-3.5.10-116.el6_2.i686 samba-winbind-clients-3.5.10-116.el6_2.i686 samba-client-3.5.10-116.el6_2.i686and if the package is missing
# yum -y install samba
open up the configuration file and you can copy the same file as i have posted:
# vi /etc/samba/smb.conf [Global] workgroup = EXAMPLE #corresponds to domain name local master = yes preferred master = yes domain master = yes domain logons = yes security = user passdb backend = tdbsam logon path = \\%L\Profiles\%U logon script = logon.bat add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /sbin/nologin -M %u [homes] browseable = yes writable = yes [netlogon] path = /home/netlogon writable = no browseable = no [Profiles] path = /home/profiles createmask = 0755 directory mask = 0755 writable = yes
The line, domain logons = yes, is what tells Samba we want this server to handle domain logons.
Defining a logon path is necessary for supporting roaming profiles. The UNC \\%L\profiles\%u refers to a share held on the samba server where the profiles are kept. The variables %L and %u are replaced by samba with the name of the server and the username of the logged on user respectively.
The logon script = logon.bat line specifies the name of an MS-DOS batch file that will be executed when the client logs on to the domain. The path specified here is relative to the [netlogon] share that is defined later in the smb.conf file.
For further knowledge on the above used syntax in the smb.conf file kindly refer to this website
Now we need to create the shares with proper permissions which we have mentioned in the smb.conf file
# mkdir -m 1777 /home/profiles # mkdir -m 1777 /home/netlogon # groupadd -g 200 machineSince we have used a "add machine script" in our conf file as you can see above, we don't need to create any user for the machine of the client as it will automatically create one evrytime we login to domain connected client machine. But if you don't use that script then you can do the same manually
(optional)
# useradd -d /dev/null -s /sbin/nologin -g 200 machine1$
When the computer account is created, two things must happen on the samba server. An entry is added to the smbpasswd file, with "username" that is the NetBIOS name of the computer with a $ sign appended to it. This part is handled by the smbpasswd command and you do not need to perform any additional action to it.
# smbpasswd -m -a machine1$
Now its time to create the user whom we want to login to the domain
# useradd user1 # useradd user2 # smbpasswd -a root # smbpasswd -a user1 # smbpasswd -a user2 # service smb restart # service nmb restartCheck your firewall settings as in my case I have disabled my firewall and selinux.
Client side configuration:
Open your windows XP machine and make sure the machine is in network with the server. Login to the computer as Administrator or another user in the Administrators group. Right click on the "My Computer" icon and click on prperties then go to "Computer Name" tab and click on "change".
Now change your domain settings from workgroup to "EXAMPLE" and hit "OK". it will prompt for the username and password of the server and then you should get a message "Welcome to EXAMPLE" domain. restart your machine and try to login next time using user1 which you created on the server.If you are not able to connect your machine using the above steps kindly do let me know so that I can dig further and help you out.
NOTE: You might have to perform some registry related changes in order to add your Windows 7 machine to Samba 3
Error:
After sucessfully joining the domain you might get an error like below
You can safely ignore this message or to silent the error pop up download and install the below hotfix from Microsoft
You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain
Related Articles
Samba 4 as Active Directory configuration guide
Samba 4.1 as Active Directory configuration guide
Changing password for Administrator in Samba4
Configure NTP server for Samba4
Samba4 related commands
Create Roaming Profiles in Samba4
NOTE: You might have to perform some registry related changes in order to add your Windows 7 machine to Samba 3
Error:
The following error occurred attempting to join the domain „.....“:
The specified domain either does not exist or could not be contacted. Solution:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000 After sucessfully joining the domain you might get an error like below
Changing the Primary Domain DNS name of this computer to "" failed. The name will remain ".....".
The error was:
The specified domain either does not exist or could not be contactedYou can safely ignore this message or to silent the error pop up download and install the below hotfix from Microsoft
You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain
Related Articles
Samba 4 as Active Directory configuration guide
Samba 4.1 as Active Directory configuration guide
Changing password for Administrator in Samba4
Configure NTP server for Samba4
Samba4 related commands
Create Roaming Profiles in Samba4
How to configure Samba 3 as Primary Domain Controller
Reviewed by Deepak Prasad
on
Friday, August 10, 2012
Rating:
Reviewed by Deepak Prasad
on
Friday, August 10, 2012
Rating:
thank you ver much .. i was sucessfully create a domain controller.......
ReplyDeletecan you please help me how to configure the samba as a domain controller in centos 6.5 ....................Thanku
DeleteHi Shaik,
DeleteI have written another article to configure Samba 4 as PDC. Please follow the below link
http://www.golinuxhub.com/2013/06/samba-41-as-active-directory.html
Nice post but today I apply plese help me about how to auto add in network place and easy access my samba share file.
ReplyDeleteenam
ReplyDeletewithout hotfix any solution...?