Samba as PDC for network containing Windows 2000 Server machine

Art Wildman wildman at mediaone.net
Wed Jun 7 08:30:11 GMT 2000 

Thanks, just what I needed & a most excelent write-up! 
...can we nominate you for the PDC HOWTO? Any luck with 9.x clients creating
shares & samba returning auth user lists?

This really is awesome... thanks again & let us know how it goes.

Art Wildman - wildman at mediaone.net - http://network-this.net   
"Linux is user-friendly, it's just particular about who it's friends are." 

-------- Original Message --------
Subject: RE: Samba as PDC for network containing Windows 2000 Server machine
Date: Wed, 7 Jun 2000 07:04:52 +1000
From: "Aleksandar B. Samardzic" <a.samardzic at racunari.com>
Reply-To: a.samardzic at racunari.com
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>

Oliver, thank you very much for you advice; I have now Samba tng-2.5 serving
as PDC for Windows 2000 Server machine too.

For anyone interested, I'll try to summarize isntallation procedure below.

First of all, I had to uninstall previous Samba version. My Linux machine is
RedHat 6.2 box, so I did following:
    rpm -e samba-client
    rpm -e samba
    rpm -e samba-common
But before deletion, I've saved script /etc/rc.d/init.d/smb in order to be
able to run Samba during system initialization. I guess it is not absolutely
necessary to delete previous Samba version, but I did it to be sure to avoid
side effects.

Then I've downloaded tng-2.5 archive from following URL:
    ftp://ftp.samba.org/pub/samba/alpha/samba-tng-alpha.2.5.tar.bz2

After unpacking it, I did as usually:
    cd source
    ./configure
    make
    make install

Then I changed directory to /usr/local/samba, created private subdirectory
there and smbpasswd file in this directory, then changed permissions of this
file:
    mkdir private
    touch private/smbpasswd
    chmod 0600 private/smbpasswd

Then I've created netlogon and profile subdirectories in /home directory to
hold logon scripts and user profiles and changed profile subdirectory
permissions as follows:
    mkdir /home/netlogon
    mkdir /home/profile
    chmod 1777 /home/profile

Then I've created smb.conf file in lib subdirectory of /usr/local/samba
directory. My smb.conf is as follows:

---------- >8 ---
[global]
workgroup = SIMPLE
server string = Samba %v on %L

security = user
domain logons = yes
encrypt passwords = yes

os level = 65
domain master = yes
preferred master = yes
local master = yes

wins support = yes
time server = yes

logon script = login.bat
logon drive = U:
logon home = \\%L\%U
logon path = \\%L\profile\%U

hosts allow = 192.168.0. 127.0.0.1
guest ok = no

[homes]
writable = yes
browseable = no
comment = Users' home directories

[netlogon]
path = /home/netlogon
writable = no
browseable = no
comment = PDC netlogon share

[profile]
path = /home/profile
writeable = yes
browseable = no
comment = PDC profile share

[tmp]
path = /tmp
writeable = yes
browseable = yes
comment = Temporary disk space
---------- >8 ---


Now, I've added items to start and stop all daemons (srvsvcd, wkssvcd,
browserd, lsarpcd, netlogond, samrd, winregd and svcctld; along with, of
course, smbd and nmbd) to my startup script /etc/rc.d/init.d/smb. Thus, this
script is now on my machine as follows:

---------- >8 ---
#!/bin/sh
#
# chkconfig: - 91 35
# description: Starts and stops the Samba smbd and nmbd daemons \
#          used to provide SMB network services.

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# Check that smb.conf exists.
[ -f /usr/local/samba/lib/smb.conf ] || exit 0

RETVAL=0

# See how we were called.
case "$1" in
  start)
    echo -n "Starting SMB services: "
    daemon /usr/local/samba/sbin/smbd -D
    RETVAL=$?
    echo
    echo -n "Starting NMB services: "
    daemon /usr/local/samba/sbin/nmbd -D
    RETVAL2=$?
    echo
    echo -n "Starting other Samba services: "
    daemon /usr/local/samba/sbin/srvsvcd -D
    daemon /usr/local/samba/sbin/wkssvcd -D
    daemon /usr/local/samba/sbin/browserd -D
    daemon /usr/local/samba/sbin/lsarpcd -D
    daemon /usr/local/samba/sbin/netlogond -D
    daemon /usr/local/samba/sbin/samrd -D
    daemon /usr/local/samba/sbin/winregd -D
    daemon /usr/local/samba/sbin/svcctld -D
    echo
    [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \
       RETVAL=1
    ;;
  stop)
    echo -n "Shutting down SMB services: "
    killproc smbd
    RETVAL=$?
    echo
    echo -n "Shutting down NMB services: "
    killproc nmbd
    RETVAL2=$?
    echo
    echo -n "Shutting down other Samba services: "
    killproc srvsvcd
    killproc wkssvcd
    killproc browserd
    killproc lsarpcd
    killproc netlogond
    killproc samrd
    killproc winregd
    killproc svcctld
    [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb
    echo ""
    ;;
  restart)
    $0 stop
    $0 start
    RETVAL=$?
    ;;
  reload)
        echo -n "Reloading smb.conf file: "
    killproc smbd -HUP
    RETVAL=$?
    echo
    ;;
  status)
    status smbd
    status nmbd
    RETVAL=$?
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|status}"
    exit 1
esac

exit $RETVAL
---------- >8 ---

I know all daemons should probably be checked for successfull starting or
stopping but everything just works fine on my machine so I skip adding these
checks to above file.

Now I had to add links to this script to appropriate subdirectories of
/etc/rc.d directory in order to have Samba to start during system boot and
to stop during system shutdown:
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc3.d/S90smb
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc5.d/S90smb
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc0.d/K35smb
    ln -s /etc/rc.d/init.d/smb /etc/rc.d/rc6.d/K35smb

Then I've restarted daemons:
    /etc/rc.d/init.d/smb restart
and later used samedit tool to add Samba users:
    samedit -S . -U root% -l log
and then in samedit prompt:
    createuser root -p *******
    [ ... more users added here ... ]
    createuser mika$
    exit
Latest line is to add account for Windows 2000 machine. After leaving
samedit I was able to see that appropriate entries are added to
/usr/local/samba/private/smbpasswd file.

Now I had to switch to Windows 2000 machine and put it into the domain. When
asked for username and password, I supplied root as username and
corresponding password.

Finally, I've created following login.bat file and copied it to the netlogon
share:

---------- >8 ---
@echo off

echo Setting Current Time...
net time \\pera /set /yes

echo Mapping Network Drives to Samba Server Pera...
net use t: \\pera\tmp /persistent:no
---------- >8 ---


That's it, now everything should be working fine.

Regards,
Aleksandar



-----Original Message-----
From: Oliver Malang [mailto:malang at netengine.at]
Sent: Tuesday, June 06, 2000 3:21 PM
To: a.samardzic at racunari.com; Multiple recipients of list SAMBA-NTDOM
Subject: AW: Samba as PDC for network containing Windows 2000 Server
machine


I'm using tng-2.5 and it works fine for me(domain logons and hosting home
directories from W2k and NT).

regards,
Oliver

More information about the samba-ntdom mailing list