Setting up Samba PDC for Multiple domains

Posted on by Neelesh Gurjar

We will setup 2 domains mydomain1 & mydomain2 on 1 linux machine with samba.

1. Create 2 samba config files in /etc/samba/
     a. smb.conf_mydomain1
     b. smb.conf_mydomain2

2. Your smb.conf_mydomain1 will look like below:

[global]
        workgroup = mydomain1
        netbios name =server1
        time server = Yes
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        encrypt passwords = yes
        smb passwd file = /etc/samba/smbpasswd
        security = user
        mangling method = hash
        add machine script = /usr/sbin/useradd -d /dev/null -g trust -s /bin/false -M %u
        log file = /var/log/samba/log.%m
        log level = 3 passdb:5 auth:10 winbind:2
        logon path = \%Lprofiles%U
        logon drive = H:
        logon home = \%L%U.profile
        logon script = logon.cmd
        interfaces = 192.168.2.249/24
        bind interfaces only = yes
        lock directory = /var/lib/samba/locks/server1
 
[homes]
        read only = No
        browseable = Yes
        create mask = 0644
        directory mask = 0755
 
 
[netlogon]
        path=/var/lib/samba/netlogon
        guest ok = yes
 
[profiles]
        path=/var/lib/samba/profiles
        browseable = yes
        read only = No
        create mask = 0600
        directory mask = 0700
        root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ];
then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
3. Following lines will get change in smb.conf_mydomain2 remaining will be same like above:

workgroup = mydomain2
netbios name =server2
lock directory = /var/lib/samba/locks/server2

4. Then create below directories:
     /var/lib/samba/locks/server1
     /var/lib/samba/locks/server2

5.  Start samba using below commands:
      
      smbd -s /etc/samba/smb.con_mydomain1
      nmbd -s /etc/samba/smb.con_mydomain1
      smbd -s /etc/samba/smb.con_mydomain2
      nmbd -s /etc/samba/smb.con_mydomain2

6. Check smb started or not.
     ps -ef|grep smb

7. Add trust account (for NT machines only)
    groupadd trust
    useradd -g trust -d /dev/null -s /bin/false <machine name>$
    passwd -l <machine name>$
          ====> NOTE: PLEASE DONT FORGET TO GIVE ‘$’ IN ABOVE 2 COMMANDS
    smbpasswd -l <machine name>
If you want to add group of machines. Please download my script from sites.google.com/site/techbirdin/knowledge-base/addmachine.sh

8. Adding administrator account
    smbpasswd -a root
    (GIVE Samba Passwd for root)

9. FOR WIN XP PROF users NOT for WIN98 ot XP HOME

login to that windows machine (machine name) with administrator.
Right click to "My Computer" and click on "Properties"
Click on "Computer Name" Tab
Click on "Change"
Put Domain – "mydomain1" OR "mydomain2"
Click OK
It will ask for Domain admin username & passwd. Give username: root and smbpasswd of root
If everything is good then it will show you "Welcome to mydomain1 or 2"

   
 

  0 people found this article useful

Neelesh Gurjar has written 122 articles

Leave a Reply