HomeForumsArticlesMarketplaceDownloadsHostingFreebiesJobs
Applications|Desktop|Installation|Misc|Multimedia|Network|Programming|Reviews|Security|Servers
Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Site Navigation
Linux Forums
Linux Articles
Product Showcase
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Free Publications


Setting up Samba PDC for Multiple domains

User Score User Score
Editor Score Editor Score
Contributed by: Neelesh Gurjar
Category: Servers
Distribution: CentOS
Views: 4488
License: The GNU General Public License (GPL)
Posted: 30 June, 2009
ToolsTools »
 BookmarkShare
 
In enterprise world there are multiple departments/domains in single company (for eg. Accounts, IT, Administration etc.). All need their privacy. In windows we can setup multiple domains with ADS very easily. However those who wants to use Linux server with Samba as Domain controller they also can setup mulitple domains with it. I have given example of smb.conf. Few directives can be different for your network environment. In my example I have used Gentoo Linux with smbd version 3.3.5.

We will setup 2 domains mydomain1 & mydomain2 on 1 linux machine with samba.

1. Create 2 samba config files in /etc/samba/
     a. smb.conf_mydomain1
     b. smb.conf_mydomain2

2. Your smb.conf_mydomain1 will look like below:

[global]
        workgroup = mydomain1
        netbios name =server1
        time server = Yes
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        encrypt passwords = yes
        smb passwd file = /etc/samba/smbpasswd
        security = user
        mangling method = hash
        add machine script = /usr/sbin/useradd -d /dev/null -g trust -s /bin/false -M %u
        log file = /var/log/samba/log.%m
        log level = 3 passdb:5 auth:10 winbind:2
        logon path = %Lprofiles%U
        logon drive = H:
        logon home = %L%U.profile
        logon script = logon.cmd
        interfaces = 192.168.2.249/24
        bind interfaces only = yes
        lock directory = /var/lib/samba/locks/server1
 
[homes]
        read only = No
        browseable = Yes
        create mask = 0644
        directory mask = 0755
 
 
[netlogon]
        path=/var/lib/samba/netlogon
        guest ok = yes
 
[profiles]
        path=/var/lib/samba/profiles
        browseable = yes
        read only = No
        create mask = 0600
        directory mask = 0700
        root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ];
then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi

3. Following lines will get change in smb.conf_mydomain2 remaining will be same like above:

workgroup = mydomain2
netbios name =server2
lock directory = /var/lib/samba/locks/server2

4. Then create below directories:
     /var/lib/samba/locks/server1
     /var/lib/samba/locks/server2

5.  Start samba using below commands:
      
      smbd -s /etc/samba/smb.con_mydomain1
      nmbd -s /etc/samba/smb.con_mydomain1
      smbd -s /etc/samba/smb.con_mydomain2
      nmbd -s /etc/samba/smb.con_mydomain2

6. Check smb started or not.
     ps -ef|grep smb

7. Add trust account (for NT machines only)
    groupadd trust
    useradd -g trust -d /dev/null -s /bin/false <machine name>$
    passwd -l <machine name>$
          ====> NOTE: PLEASE DONT FORGET TO GIVE '$' IN ABOVE 2 COMMANDS
    smbpasswd -l <machine name>
If you want to add group of machines. Please download my script from sites.google.com/site/techbirdin/knowledge-base/addmachine.sh

8. Adding administrator account
    smbpasswd -a root
    (GIVE Samba Passwd for root)

9. FOR WIN XP PROF users NOT for WIN98 ot XP HOME

login to that windows machine (machine name) with administrator.
Right click to "My Computer" and click on "Properties"
Click on "Computer Name" Tab
Click on "Change"
Put Domain - "mydomain1" OR "mydomain2"
Click OK
It will ask for Domain admin username & passwd. Give username: root and smbpasswd of root
If everything is good then it will show you "Welcome to mydomain1 or 2"
Good Luck !Please send me your querries and questions regarding this or any linux issues on neel.gurjar@techbird.in
Rate This Article: poorexcellent
 
Comments about this article
another method
writen by: pankaj00 on 2009-07-01 02:29:01
we can also do it by migrating ldif files with the help of directory server
RE: another method written by pankaj00:
RE: another method
writen by: neel.gurjar on 2009-07-04 13:52:44
Hi Pankaj,

Yes we can do it with ldif file using OpenLDAP or other Directory Server but if you are using Linux with OpenLDAP then you need to configure Samba LDAP for PDC in this case you can not do it without Samba (as per my knowledge).

Regards
NeeleshG
Reply to neel.gurjar:
Reply to neel.gurjar
writen by: cwiggler2009 on 2009-07-06 15:33:26
Hi neel,

Let say that computer was already part of the domain, how do you set that the computer or user belong to a specific group ex: accounting. The purpose of this is not to share resources on every computer in a domain so i can set security base on groups. thanks
Reply to cwiggler2009:

Comment title: * please do not put your response text here