• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 475
  • Last Modified:

Samba as a primary domain controller...

I've seen it before but cannot figure it out with SWAT or from the docs... I'll check for a howto next, but this is easiest...

What are the steps necessary to make Samba running on a linux machine behave like a primary domain controller and allow Win95/98 clients to log into it as if it were a PDC/NT machine?

We have a NT box now that ONLY does logins, and that's a waste of a machine... if the Linux box can do it, all the better.
0
edskee
Asked:
edskee
  • 3
  • 3
1 Solution
 
jlevieCommented:
The distributed version of Samba can't be a PDC. For PDC funtionality you need one of developmental versions of Samba. You can read a bit more about the at http://us2.samba.org/samba/docs/ntdom_faq/samba_ntdom_faq.html. Neither the Head branch nor the TNG branch are fully functional at present, although one of them might be suitable for non-demanding networks. The Head branch (see Lars' page for a description) might be the best choice right now since you have win95 clients.
0
 
edskeeAuthor Commented:
Ok, well I know what I need it to do can be done, maybe PDC is not the correct... name... for it.

I need samba to act as a domain login controller to authenticate logins, instead of our NT machine. Thats most important, any other PDC functionality I can fix later.

Anyone?
0
 
jlevieCommented:
Authenticating logins is exactly what a PDC does, so to get that you'll need one of the developmental Samba versions.

I've not tested a Win95 domain logon, but I do know that I'm authenticating against the current CVS version (as of 0915CDT 25 Apr) of Samba-tng. It looks really good at the moment and would probably be worth trying. If you feel experimental, go to  http://www.kneschke.de/projekte/samba_tng/index.php3 and the you'll find instructions on how to get TNG as well as configuration info and examples in the FAQ.

To avoid clashes with the distributed version of Samba, I recommend that you remove it before installing Samba-TNG.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
edskeeAuthor Commented:
Hmm, I couldave SWORN that I had seen Samba authenticating logins before... on a SCO unix machine that we had set up at a previous job.

I guess not.

Are you sure? One of the PAQ's says the guy set up Samba to do logins, but needed other functionality (thats what his question was, but in the question he stated that it WAS set up already)
0
 
jlevieCommented:
Authenticating users is something that the distributed versions can do, it's domain logins that they can't do. The difference between to two gets important in the case of NT systems in that you have to create workgroup accounts on each NT system for each user. And there are other things that an NT domain PDC can do that a workgroup server can't do.
0
 
xkid032500Commented:
in your smb.conf , under [global] put:
domain logons = yes
domain master = yes

and thats it.
0
 
edskeeAuthor Commented:
Thanks, me and my boss figured that out for ourselves last night.

Ed
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now