© Bernad, fotolia.com
Save money with Samba as the domain controller on a legacy Windows NT-style domain
Cost Control
If you have a conventional NT4-style domain instead of an Active Directory domain, Samba can still serve as a domain controller. The Samba server can assume different roles that the administrator must clearly understand: It can be configured as a primary domain controller (PDC), a backup domain controller (BDC), or a file server.
When planning a Samba environment, the passdb back end is critical. Three types of database back ends store user information:
- The
smbpasswdback end is an ASCII text file that contains all the user information. This back end should not be used any longer because it has several drawbacks (e.g., only write access is possible simultaneously). - The
tdbsamback end is the default after installing Samba and is certainly sufficient if only one PDC is set up with no more than 250 users to manage. Because replication to another server is not so easy, implementing a BDC is also quite complicated and uncertain. - The
ldapsamback end is not subject to size limitations, and you can set up any number of BDCs. However, you definitely need an LDAP infrastructure. On a positive note, the back end is so flexible that even Linux and OS X clients can handle authentication centrally.
In this article, I will look at the tdbsam back end, returning at the end to explain what changes are needed to run a PDC and a BDC together with an LDAP server.
PDC Settings
The entire configuration of the Samba server always resides in the /etc/samba/smb.conf file. To configure Samba as a PDC, you need the settings from Listing 1. In addition to these parameters, you might also want to enter the first shares. The NetBIOS name of the Windows domain, which is defined by workgroup **= ADMINDOM is an important parameter.
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Samba 4 appliances by SerNet and Univention
Shortly after the Samba team finalized Samba 4 in December 2012, SerNet and Univention integrated the new Samba into their appliances that give administrators an easy way to set up and test a Samba 4-based Active Directory domain controller. -
What's new in Samba 4
In December 2012, the open source world received the first, and very long awaited, release of the Samba 4.x series. -
Samba domain controller in a heterogeneous environment
The open source Samba service can act as an Active Directory domain controller in a heterogeneous environment. -
Improved logging in Samba Winbind
In Winbind v4.17, the Samba team has addressed the complexity of and difficulty in troubleshooting the logging service that allows Linux systems to join an Active Directory domain. -
Integrating FreeIPA with Active Directory
Many companies use Active Directory for centrally managing existing systems, but if you mix in Linux systems, you have to take care of a few things, such as different forms of integration. We show you how to connect the FreeIPA identity management framework as an interface to an Active Directory domain.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
