We help IT Professionals succeed at work.

Samba as a primary domain controller...

edskee asked
Last Modified: 2010-03-18
I've seen it before but cannot figure it out with SWAT or from the docs... I'll check for a howto next, but this is easiest...

What are the steps necessary to make Samba running on a linux machine behave like a primary domain controller and allow Win95/98 clients to log into it as if it were a PDC/NT machine?

We have a NT box now that ONLY does logins, and that's a waste of a machine... if the Linux box can do it, all the better.
Watch Question

Top Expert 2005

The distributed version of Samba can't be a PDC. For PDC funtionality you need one of developmental versions of Samba. You can read a bit more about the at http://us2.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html. Neither the Head branch nor the TNG branch are fully functional at present, although one of them might be suitable for non-demanding networks. The Head branch (see Lars' page for a description) might be the best choice right now since you have win95 clients.


Ok, well I know what I need it to do can be done, maybe PDC is not the correct... name... for it.

I need samba to act as a domain login controller to authenticate logins, instead of our NT machine. Thats most important, any other PDC functionality I can fix later.

Top Expert 2005

Authenticating logins is exactly what a PDC does, so to get that you'll need one of the developmental Samba versions.

I've not tested a Win95 domain logon, but I do know that I'm authenticating against the current CVS version (as of 0915CDT 25 Apr) of Samba-tng. It looks really good at the moment and would probably be worth trying. If you feel experimental, go to  http://www.kneschke.de/projekte/samba_tng/index.php3 and the you'll find instructions on how to get TNG as well as configuration info and examples in the FAQ.

To avoid clashes with the distributed version of Samba, I recommend that you remove it before installing Samba-TNG.


Hmm, I couldave SWORN that I had seen Samba authenticating logins before... on a SCO unix machine that we had set up at a previous job.

I guess not.

Are you sure? One of the PAQ's says the guy set up Samba to do logins, but needed other functionality (thats what his question was, but in the question he stated that it WAS set up already)
Top Expert 2005

Authenticating users is something that the distributed versions can do, it's domain logins that they can't do. The difference between to two gets important in the case of NT systems in that you have to create workgroup accounts on each NT system for each user. And there are other things that an NT domain PDC can do that a workgroup server can't do.
This one is on us!
(Get your first solution completely free - no credit card required)


Thanks, me and my boss figured that out for ourselves last night.

Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.