Samba as PDC for network containing Windows 2000 Server machine

Aleksandar B. Samardzic a.samardzic at
Tue Jun 6 19:57:47 GMT 2000

Oliver, thank you very much for you advice; I have now Samba tng-2.5 serving
as PDC for Windows 2000 Server machine too.

For anyone interested, I'll try to summarize isntallation procedure below.

First of all, I had to uninstall previous Samba version. My Linux machine is
RedHat 6.2 box, so I did following:
    rpm -e samba-client
    rpm -e samba
    rpm -e samba-common
But before deletion, I've saved script /etc/rc.d/init.d/smb in order to be
able to run Samba during system initialization. I guess it is not absolutely
necessary to delete previous Samba version, but I did it to be sure to avoid
side effects.

Then I've downloaded tng-2.5 archive from following URL:

After unpacking it, I did as usually:
    cd source
    make install

Then I changed directory to /usr/local/samba, created private subdirectory
there and smbpasswd file in this directory, then changed permissions of this
    mkdir private
    touch private/smbpasswd
    chmod 0600 private/smbpasswd

Then I've created netlogon and profile subdirectories in /home directory to
hold logon scripts and user profiles and changed profile subdirectory
permissions as follows:
    mkdir /home/netlogon
    mkdir /home/profile
    chmod 1777 /home/profile

Then I've created smb.conf file in lib subdirectory of /usr/local/samba
directory. My smb.conf is as follows:

---------- >8 ---
workgroup = SIMPLE
server string = Samba %v on %L

security = user
domain logons = yes
encrypt passwords = yes

os level = 65
domain master = yes
preferred master = yes
local master = yes

wins support = yes
time server = yes

logon script = login.bat
logon drive = U:
logon home = \\%L\%U
logon path = \\%L\profile\%U

hosts allow = 192.168.0.
guest ok = no

writable = yes
browseable = no
comment = Users' home directories

path = /home/netlogon
writable = no
browseable = no
comment = PDC netlogon share

path = /home/profile
writeable = yes
browseable = no
comment = PDC profile share

path = /tmp
writeable = yes
browseable = yes
comment = Temporary disk space
---------- >8 ---

Now, I've added items to start and stop all daemons (srvsvcd, wkssvcd,
browserd, lsarpcd, netlogond, samrd, winregd and svcctld; along with, of
course, smbd and nmbd) to my startup script /etc/rc.d/init.d/smb. Thus, this
script is now on my machine as follows:

---------- >8 ---
# chkconfig: - 91 35
# description: Starts and stops the Samba smbd and nmbd daemons \
#          used to provide SMB network services.

# Source function library.
.. /etc/rc.d/init.d/functions

# Source networking configuration.
.. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# Check that smb.conf exists.
[ -f /usr/local/samba/lib/smb.conf ] || exit 0


# See how we were called.
case "$1" in
    echo -n "Starting SMB services: "
    daemon /usr/local/samba/sbin/smbd -D
    echo -n "Starting NMB services: "
    daemon /usr/local/samba/sbin/nmbd -D
    echo -n "Starting other Samba services: "
    daemon /usr/local/samba/sbin/srvsvcd -D
    daemon /usr/local/samba/sbin/wkssvcd -D
    daemon /usr/local/samba/sbin/browserd -D
    daemon /usr/local/samba/sbin/lsarpcd -D
    daemon /usr/local/samba/sbin/netlogond -D
    daemon /usr/local/samba/sbin/samrd -D
    daemon /usr/local/samba/sbin/winregd -D
    daemon /usr/local/samba/sbin/svcctld -D
    [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \
    echo -n "Shutting down SMB services: "
    killproc smbd
    echo -n "Shutting down NMB services: "
    killproc nmbd
    echo -n "Shutting down other Samba services: "
    killproc srvsvcd
    killproc wkssvcd
    killproc browserd
    killproc lsarpcd
    killproc netlogond
    killproc samrd
    killproc winregd
    killproc svcctld
    [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb
    echo ""
    $0 stop
    $0 start
        echo -n "Reloading smb.conf file: "
    killproc smbd -HUP
    status smbd
    status nmbd
    echo "Usage: $0 {start|stop|restart|status}"
    exit 1

exit $RETVAL
---------- >8 ---

I know all daemons should probably be checked for successfull starting or
stopping but everything just works fine on my machine so I skip adding these
checks to above file.

Now I had to add links to this script to appropriate subdirectories of
/etc/rc.d directory in order to have Samba to start during system boot and
to stop during system shutdown:
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S90smb
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S90smb
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb

Then I've restarted daemons:
    /etc/rc.d/init.d/smb restart
and later used samedit tool to add Samba users:
    samedit -S . -U root% -l log
and then in samedit prompt:
    createuser root -p *******
    [ ... more users added here ... ]
    createuser mika$
Latest line is to add account for Windows 2000 machine. After leaving
samedit I was able to see that appropriate entries are added to
/usr/local/samba/private/smbpasswd file.

Now I had to switch to Windows 2000 machine and put it into the domain. When
asked for username and password, I supplied root as username and
corresponding password.

Finally, I've created following login.bat file and copied it to the netlogon

---------- >8 ---
@echo off

echo Setting Current Time...
net time \\pera /set /yes

echo Mapping Network Drives to Samba Server Pera...
net use t: \\pera\tmp /persistent:no
---------- >8 ---

That's it, now everything should be working fine.


-----Original Message-----
From: Oliver Malang [mailto:malang at]
Sent: Tuesday, June 06, 2000 3:21 PM
To: a.samardzic at; Multiple recipients of list SAMBA-NTDOM
Subject: AW: Samba as PDC for network containing Windows 2000 Server

I'm using tng-2.5 and it works fine for me(domain logons and hosting home
directories from W2k and NT).


More information about the samba-ntdom mailing list