Samba as a PDC with tdbsam as a backend on CentOS 5

Here I discuss how to set up Samba as a Primary Domain Controller with tdbsam as a backend to store username and password.


1. Install the following packages
2. Configure /etc/samba/smb.conf file as follows:
workgroup = "YOURDOMAIN NAME"
server string = Samba PDC
passdb backend = tdbsam
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
add user script = /usr/sbin/useradd "%u" -n -g users
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"-M /nohome -s /bin/false "%u"
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
cups options = raw
3. Now we need to create some group so that we can map those group with already existing group in windows.
#groupadd ntadmin
#groupadd ntusers
#groupadd ntguests
4. Map these newly created groups using following commands.
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins rid=512 type=d
net groupmap add ntgroup="Domain Users" unixgroup=ntusers rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=ntguests rid=514 type=d
5. Check it maps properly.
#net groupmap list
6. Add the root user which is already map to administrator
#smbpasswd -a root
7. Now create local users and add them to the above groups which are mapped to Domain
Users, Domain Admins and Guests.
#useradd -G ntusers testuser
#passwd testuser
8. Final step is to add testuser to tdbsam backend.
#smbpasswd -a testuser

Join the Windows system to the domain MYDOMAIN. When joining to the domain for the
first time, Join the system with user root and password as set earlier. Once the system is
joined, login as user testuser with password set earlier.