PDC But first, let's create two groups to help manage the domain: # group -g 200 admins # group -g 201 machines The first command creates the admin group with a GID of 200 (chosen so as to not conflict with any other existing groups); the second creates a machine group with a GID of 201. The first group will contain users who are allowed to administer certain aspects of the PDC. The second group is a convenient way to organize the machine accounts we'll be creating shortly. Now that the above groups are in place, we can go ahead and create the two required directories and set the correct ownership. [root@phoenix root]# mkdir -m 0775 /home/netlogon [root@phoenix root]# chown root.admins /home/netlogon [root@phoenix root]# mkdir /home/samba /home/samba/profiles [root@phoenix root]# chown 1757 /home/samba/profiles next ---> http://www-1.ibm.com/servers/esdd/tutorials/samba/samba-3-2.html As noted, Samba will not allow you to add an entry to the smbpasswd file (user or machine) unless there is a existing UNIX account for that user. So the first step is to create an entry for the client in /etc/passwd: [root@phoenix root]# /usr/sbin/useradd -g machines -d /dev/null -c "machine id" -s /bin/false machine_name$ [root@phoenix root]# passwd -l machine_name$ Changing password for user machine_name$ Locking password for user machine_name$ With the UNIX account created, we can now add the machine to /etc/samba/smbpasswd as shown below: [root@phoenix root]# smbpasswd -a -m machine_name Added user machine_name$ Two things to note in the above command: One, if you installed Samba under /usr/local/samba, you'll probably have to provide the complete path (ie, /usr/local/samba/bin/smbpasswd). Two, when entering the machine_name, do not append a dollar-sign; it's not required with smbpasswd. The second approach to creating machine/trust account on the PDC is to allow Samba to create them as needed when the client first joins the domain. This little bit of magic is accomplished by adding an add user script option to smb.conf. This creates the UNIX trust account, and tells Samba to automatically create a corresponding entry in smbpasswd. The following is an example of an entry based on a Redhat distribution: [global] ... add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u ... The important thing to note in the above command is that the command to add users may vary across operating systems and/or distributions, so tweak accordingly. The last piece of information we need to provide the PDC is a means of authenticating users. As discussed at the beginning of this section, this is accomplished by adding user accounts to both /etc/passwd and /etc/samba/smbpasswd. Here are the three commands necessary to create the two required user accounts: [root@phoenix root]# useradd leah [root@phoenix root]# passwd leah New password: Retype new password: passwd: all authentication tokens updated successfully [root@phoenix root]# smbpasswd -a leah New SMB password: Retype new SMB password: Added user leah. Note that you'll need to create a root user account in order to join Windows NT/2000 machines to the domain. Treat the password you use with the same care and security as you would the UNIX root password; it has all the same authority. Could use password sunch, Windows/Samba to Unix http://www-1.ibm.com/servers/esdd/tutorials/samba/samba-3-6.html Client configuration: Windows 95/98/ME To join a Windows 95/98/ME client to the domain: check that Client for Microsoft Networks is installed and is the primary network protocol (Control Panel -> Network -> Primary Network Logon). Control Panel -> Network -> Client for Microsoft Networks -> Properties -> Logon to NT Domain. If you've employed the add user script option, select the checkbox Create a Computer Account in the Domain; otherwise you'll need to ensure a machine account already exists for the client. Fill in the domain, and click OK. Under Windows NT: Go to Control Panel -> Network -> Identification -> Change option. If it is config as Workgroup select the Domain radio button, enter the domain name. Select Create a Computer Account in the Domain as necessary. Logon to the domain using the username root and the appropriate password. This is necessary to initialize the "secret" between the server and client machines. From here forward, any authenticated user can logon from this machine. A message should appear welcoming you to the domain_name domain. Same for Windows 2000 except the network settings are found under Control Panel -> System -> Network Identification (or right-click the My Computer icon on your desktop, choose Properties, Computer Name, and select the Change button). XP Problems (NB XP Home Edition is NBG) http://www-1.ibm.com/servers/esdd/tutorials/samba/samba-4-4.html PDC/BDC stuff is at http://www.skippy.net/linux/smb-howto.html Define the meanings of:- Security = user domain server share Samba server config relative to SMB domain # Cause this host to announce itself to local subnets here remote announce = 192.168.1.255 192.168.2.63 # Note that the second subnet is not a whole Class C! That's legal. Adding users % smbpasswd -a dcobley New SMB password: Retype new SMB password: Added user dcobley Password changed for user dcobley from http://handsonhowto.com/smb101.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ak