Samba as a primary domain controller...

I've seen it before but cannot figure it out with SWAT or from the docs... I'll check for a howto next, but this is easiest...

What are the steps necessary to make Samba running on a linux machine behave like a primary domain controller and allow Win95/98 clients to log into it as if it were a PDC/NT machine?

We have a NT box now that ONLY does logins, and that's a waste of a machine... if the Linux box can do it, all the better.
Who is Participating?
xkid032500Connect With a Mentor Commented:
in your smb.conf , under [global] put:
domain logons = yes
domain master = yes

and thats it.
The distributed version of Samba can't be a PDC. For PDC funtionality you need one of developmental versions of Samba. You can read a bit more about the at Neither the Head branch nor the TNG branch are fully functional at present, although one of them might be suitable for non-demanding networks. The Head branch (see Lars' page for a description) might be the best choice right now since you have win95 clients.
edskeeAuthor Commented:
Ok, well I know what I need it to do can be done, maybe PDC is not the correct... name... for it.

I need samba to act as a domain login controller to authenticate logins, instead of our NT machine. Thats most important, any other PDC functionality I can fix later.

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Authenticating logins is exactly what a PDC does, so to get that you'll need one of the developmental Samba versions.

I've not tested a Win95 domain logon, but I do know that I'm authenticating against the current CVS version (as of 0915CDT 25 Apr) of Samba-tng. It looks really good at the moment and would probably be worth trying. If you feel experimental, go to and the you'll find instructions on how to get TNG as well as configuration info and examples in the FAQ.

To avoid clashes with the distributed version of Samba, I recommend that you remove it before installing Samba-TNG.
edskeeAuthor Commented:
Hmm, I couldave SWORN that I had seen Samba authenticating logins before... on a SCO unix machine that we had set up at a previous job.

I guess not.

Are you sure? One of the PAQ's says the guy set up Samba to do logins, but needed other functionality (thats what his question was, but in the question he stated that it WAS set up already)
Authenticating users is something that the distributed versions can do, it's domain logins that they can't do. The difference between to two gets important in the case of NT systems in that you have to create workgroup accounts on each NT system for each user. And there are other things that an NT domain PDC can do that a workgroup server can't do.
edskeeAuthor Commented:
Thanks, me and my boss figured that out for ourselves last night.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.