• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • How to configure Samba 3 as Primary Domain Controller

    If you are working in a corporate sector then you must have noticed that most of the IT companies are using Active Directory on Windows Server for centralized authentication of all the employees or users but now Linux has introduced Samba3 which can be used to provide the same functionality and features without paying anything from your pocket.

    But Samba3 lacks some of the features of Active Directory so recently Samba4 has been launched by Samba which can used to configure Active directory Domain controller on the Linux machine and can be controlled using client software on any of the windows machine consisting of all the features of Active Directory. I won't be able to explain the feature of all the command for that you can take help of "GOOGLE" but I will try my level best from my side to explain all the required commands.

    You can just follow the steps which I am going to post here and if you face any problem regarding the same kindly revert back with your error.

    NOTE: Kindly take a backup copy of all the original configuration files you are going to use in this tutorial.

    This is the scenario we are going to configure

    Server: CentOS 6
    IP Address:
    users : user1, user2

    Client: Windows XP
    IP Address:
    machine name : machine1

    First of all make sure all the required packages are installed in your system and if not you can install them using "yum"
    # rpm -qa | grep samba
    and if the package is missing
    # yum -y install samba
    open up the configuration file and you can copy the same file as i have posted:

    # vi /etc/samba/smb.conf
    workgroup = EXAMPLE
    #corresponds to domain name
    local master = yes
    preferred master = yes
    domain master = yes
    domain logons = yes
    security = user
    passdb backend = tdbsam
    logon path = \\%L\Profiles\%U
    logon script = logon.bat
    add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /sbin/nologin -M %u
    browseable = yes
    writable = yes
    path = /home/netlogon
    writable = no
    browseable = no
    path = /home/profiles
    createmask = 0755
    directory mask = 0755
    writable = yes
    The line domain master = yes causes Samba to be the domain master browser, which handles browsing services for the domain across multiple subnets if necessary. Although it looks very similar, local master = yes does not cause Samba to be the master browser on the subnet, but merely tells it to participate in browser elections and allow itself to win. The next two lines ensure that Samba wins the elections.Setting the preferred master parameter makes Samba force an election when it starts up.

    The line, domain logons = yes, is what tells Samba we want this server to handle domain logons.

    Defining a logon path is necessary for supporting roaming profiles. The UNC \\%L\profiles\%u refers to a share held on the samba server where the profiles are kept. The variables %L and %u are replaced by samba with the name of the server and the username of the logged on user respectively.
    The logon script = logon.bat line specifies the name of an MS-DOS batch file that will be executed when the client logs on to the domain. The path specified here is relative to the [netlogon] share that is defined later in the smb.conf file.
    For further knowledge on the above used syntax in the smb.conf file kindly refer to this website

    Now we need to create the shares with proper permissions which we have mentioned in the smb.conf file
    # mkdir -m 1777 /home/profiles 
    # mkdir -m 1777 /home/netlogon
    # groupadd -g 200 machine
    Since we have used a "add machine script" in our conf file as you can see above, we don't need to create any user for the machine of the client as it will automatically create one evrytime we login to domain connected client machine. But if you don't use that script then you can do the same manually

    # useradd -d /dev/null -s /sbin/nologin -g 200 machine1$
    When the computer account is created, two things must happen on the samba server. An entry is added to the smbpasswd file, with "username" that is the NetBIOS name of the computer with a $ sign appended to it. This part is handled by the smbpasswd command and you do not need to perform any additional action to it.
    # smbpasswd -m -a machine1$
    Now its time to create the user whom we want to login to the domain
    # useradd user1
    # useradd user2
    # smbpasswd -a root
    # smbpasswd -a user1
    # smbpasswd -a user2
    # service smb restart
    # service nmb restart 
    Check your firewall settings as in my case I have disabled my firewall and selinux.

    Client side configuration:

    Open your windows XP machine and make sure the machine is in network with the server. Login to the computer as Administrator or another user in the Administrators group. Right click on the "My Computer" icon and click on prperties then go to "Computer Name" tab and click on "change".

    Now change your domain settings from workgroup to "EXAMPLE" and hit "OK". it will prompt for the username and password of the server and then you should get a message "Welcome to EXAMPLE" domain. restart your machine and try to login next time using user1 which you created on the server.If you are not able to connect your machine using the above steps kindly do let me know so that I can dig further and help you out.

    NOTE: You might have to perform some registry related changes in order to add your Windows 7 machine to Samba 3

    The following error occurred attempting to join the domain „.....“:

    The specified domain either does not exist or could not be contacted.


    After sucessfully joining the domain you might get an error like below
    Changing the Primary Domain DNS name of this computer to "" failed. The name will remain ".....".
    The error was:

    The specified domain either does not exist or could not be contacted

    You can safely ignore this message or to silent the error pop up download and install the below hotfix from Microsoft
    You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain

    Related Articles
    Samba 4 as Active Directory configuration guide
    Samba 4.1 as Active Directory configuration guide
    Changing password for Administrator in Samba4
    Configure NTP server for Samba4
    Samba4 related commands
    Create Roaming Profiles in Samba4

    How to configure Samba 3 as Primary Domain Controller How to configure Samba 3 as Primary Domain Controller Reviewed by admin on Friday, August 10, 2012 Rating: 5


    1. thank you ver much .. i was sucessfully create a domain controller.......

      1. can you please help me how to configure the samba as a domain controller in centos 6.5 ....................Thanku

      2. Hi Shaik,

        I have written another article to configure Samba 4 as PDC. Please follow the below link


    2. Nice post but today I apply plese help me about how to auto add in network place and easy access my samba share file.

    3. enam

      without hotfix any solution...?


    Powered by Blogger.