How to configure samba as PDC/active directory server.

This article will provide some example on how you can configure samba as PDC( Primary Domain controller) or as an active directory server. Once you are done installing Samba as service, next step is to edit Smb.conf. here is the example

[global]
        security = user
        status = yes
        workgroup = MYGROUP
        wins server = 203.77.236.35
        encrypt passwords = yes
        domain logons =yes
        logon script = scripts\%U.bat
        domain admin group = @adm
        add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$        guest account = ftp
        share modes=no
        os level=65
        [homes]
        guest ok = no
        read only = no
        create mask = 0700
        directory mask = 0700
        oplocks = false
        locking = no
[homes]   comment = Home Directories   browseable = no   writable = yes   valid users = %S   create mode = 0664   directory mode = 0775# If you want users samba doesn't recognize to be mapped to a guest user; map to guest = bad user  # Un-comment the following and create the netlogon directory for Domain Logons[netlogon]  comment = Network Logon Service  path = /usr/local/samba/netlogon  guest ok = yes  writable = no  share modes = no  # Un-comment the following to provide a specific roving profile share# the default is to use the user's home directory;[Profiles];    path = /usr/local/samba/profiles;    browseable = no;    guest ok = yes  # NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer[printers]   comment = All Printers   path = /var/spool/samba   browseable = no# Set public = yes to allow user 'guest account' to print   guest ok = no   writable = no   printable = yes # This one is useful for people to share files;[tmp];   comment = Temporary file space;   path = /tmp;   read only = no;   public = yes # A publicly accessible directory, but read only, except for people in# the "staff" group#[public]#   comment = Public Stuff#   path = /usr/share#   public = yes#   writable = yes#   printable = no#   write list = @staff # Other examples.
## A private printer, usable only by fred. Spool data will be placed in fred's# home directory. Note that fred must have write access to the spool directory,# wherever it is.;[fredsprn];   comment = Fred's Printer;   valid users = fred;   path = /home/fred;   printer = freds_printer;   public = no;   writable = no;   printable = yes # A private directory, usable only by fred. Note that fred requires write# access to the directory.;[fredsdir];   comment = Fred's Service;   path = /usr/somewhere/private;   valid users = fred;   public = no;   writable = yes;   printable = no # a service which has a different directory for each machine that connects# this allows you to tailor configurations to incoming machines. You could# also use the %U option to tailor it by user name.# The %m gets replaced with the machine name that is connecting.;[pchome];  comment = PC Directories;  path = /usr/local/pc/%m;  public = no;  writable = yes # A publicly accessible directory, read/write to all users. Note that all files# created in the directory by users will be owned by the default user, so# any user with access can delete any other user's files. Obviously this# directory must be writable by the default user. Another user could of course# be specified, in which case all files would be owned by that user instead.;[public];   path = /usr/somewhere/else/public;   public = yes;   only guest = yes;   writable = yes;   printable = no # The following two entries demonstrate how to share a directory so that two# users can place files there that will be owned by the specific users. In this# setup, the directory should be writable by both users and should have the# sticky bit set on it to prevent abuse. Obviously this could be extended to# as many users as required.;[myshare];   comment = Mary's and Fred's stuff;   path = /usr/somewhere/shared;   valid users = mary fred;   public = no;   writable = yes;   printable = no;   create mask = 0765 [ltsp]        path = /opt/ltsp/i386        comment = untuk thin clien [test]        path = /share        comment = linux share

After editing the smb.conf file, make directory as follows:

$mkdir /usr/local/samba/netlogon 

$mkdir /usr/local/samba/netlogon/scripts

$mkdir /usr/local/samba/private

$touch /usr/local/samba/private/smbpasswd

$chmod go-rwx /usr/local/samba/private/smbpasswd

$cd /usr/local/sbin

$ln -s /usr/local/samba/bin/smbpasswd

$ln -s /usr/local/samba/bin/smbclient

$ln -s /etc/rc.d/init.d/samba

After that create the machine name and accout name :

1. creating machines name

make and edit in /etc/group, add follow lines:

#machines:x:1020

then run this command :

$ adduser –g machines  -d /dev/null –s /bin/false –c ‘win2k machines’  machine_name

$ smbpasswd –a –m machine_name

then the creation of machines name is complete

2. Creating user account

$ adduser –g users –d /dev/null –s /bin/false –c ‘john doe’ usename

$ smbpasswd –a username test