If you are working in a corporate sector then you must have noticed that most of the IT companies are using Active Directory on Windows Server for centralized authentication of all the employees or users but now Linux has introduced Samba3 which can be used to provide the same functionality and features without paying anything from your pocket.
But Samba3 lacks some of the features of Active Directory so recently Samba4 has been launched by Samba which can used to configure Active directory Domain controller on the Linux machine and can be controlled using client software on any of the windows machine consisting of all the features of Active Directory. I won't be able to explain the feature of all the command for that you can take help of "GOOGLE" but I will try my level best from my side to explain all the required commands.
You can just follow the steps which I am going to post here and if you face any problem regarding the same kindly revert back with your error.
NOTE: Kindly take a backup copy of all the original configuration files you are going to use in this tutorial.
Server: CentOS 6
IP Address: 10.10.10.100
users : user1, user2
Client: Windows XP
machine name : machine1
First of all make sure all the required packages are installed in your system and if not you can install them using "yum"
# rpm -qa | grep samba samba-3.5.10-116.el6_2.i686 samba-common-3.5.10-116.el6_2.i686 samba-winbind-clients-3.5.10-116.el6_2.i686 samba-client-3.5.10-116.el6_2.i686
and if the package is missing
# yum -y install samba
# vi /etc/samba/smb.conf [Global] workgroup = EXAMPLE #corresponds to domain name local master = yes preferred master = yes domain master = yes domain logons = yes security = user passdb backend = tdbsam logon path = \%LProfiles%U logon script = logon.bat add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /sbin/nologin -M %u [homes] browseable = yes writable = yes [netlogon] path = /home/netlogon writable = no browseable = no [Profiles] path = /home/profiles createmask = 0755 directory mask = 0755 writable = yes
The line domain master = yes causes Samba to be the domain master browser, which handles browsing services for the domain across multiple subnets if necessary. Although it looks very similar, local master = yes does not cause Samba to be the master browser on the subnet, but merely tells it to participate in browser elections and allow itself to win. The next two lines ensure that Samba wins the elections.Setting the preferred master parameter makes Samba force an election when it starts up.
The line, domain logons = yes, is what tells Samba we want this server to handle domain logons.
Defining a logon path is necessary for supporting roaming profiles. The UNC \%Lprofiles%u refers to a share held on the samba server where the profiles are kept. The variables %L and %u are replaced by samba with the name of the server and the username of the logged on user respectively.
The logon script = logon.bat line specifies the name of an MS-DOS batch file that will be executed when the client logs on to the domain. The path specified here is relative to the [netlogon] share that is defined later in the smb.conf file.
For further knowledge on the above used syntax in the smb.conf file kindly refer to this website
Now we need to create the shares with proper permissions which we have mentioned in the smb.conf file
# mkdir -m 1777 /home/profiles # mkdir -m 1777 /home/netlogon # groupadd -g 200 machine
Since we have used a "add machine script" in our conf file as you can see above, we don't need to create any user for the machine of the client as it will automatically create one evrytime we login to domain connected client machine. But if you don't use that script then you can do the same manually
(optional)
# useradd -d /dev/null -s /sbin/nologin -g 200 machine1$
# smbpasswd -m -a machine1$
# useradd user1 # useradd user2 # smbpasswd -a root # smbpasswd -a user1 # smbpasswd -a user2 # service smb restart # service nmb restart
Check your firewall settings as in my case I have disabled my firewall and selinux.
Client side configuration:
Open your windows XP machine and make sure the machine is in network with the server. Login to the computer as Administrator or another user in the Administrators group. Right click on the "My Computer" icon and click on prperties then go to "Computer Name" tab and click on "change".
NOTE: You might have to perform some registry related changes in order to add your Windows 7 machine to Samba 3
Error:
The following error occurred attempting to join the domain „.....“:
The specified domain either does not exist or could not be contacted.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesLanmanWorkstationParameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000
After sucessfully joining the domain you might get an error like below
Changing the Primary Domain DNS name of this computer to "" failed. The name will remain ".....".
The error was:
The specified domain either does not exist or could not be contacted
You can safely ignore this message or to silent the error pop up download and install the below hotfix from Microsoft
You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain
Related Articles
Samba 4 as Active Directory configuration guide
Samba 4.1 as Active Directory configuration guide
Changing password for Administrator in Samba4
Configure NTP server for Samba4
Samba4 related commands
Create Roaming Profiles in Samba4