Samba as PDC

Some requirements are needed for using Samba as a Public Domain Controller (PDC).

Installation of Samba

First Samba has to be installed through Pakfire. During the installation process in Pakfire, one has to confirm all dependencies as they are important for the Samba installation.

After the installation of Samba completed, browse to "ipfire" in the sidemenu in the webinterface; if the installation went well, a new option Samba should appear.

Relevant Configuration of Samba as the PDC

Basic configuration of the security options

The names of the domain (set under "workgroup") and the netbios (i.e. the name of the server on the network) of the samba server can be adjusted according to your wish.

The security mode (under "security options") has to be set to "user".

The setting should be adjusted according to the example in the image below:

Additional options for the PDC operation

Further adjustments:

WINS Support: on Activates the WINS-support
Local Master: on ensures that the Samba server is the master browser of the local subnet
Domain Master on ensures that the Samba server of the master browser goes over the subnet boundaries and administers all local Browse lists of the domain it control
Preferred Master on ensures that the Samba server takes priority in the selection of the master (domain) browser, when nmbd starts

Configuration of the PDC

As a “thanks” for the past work you get then some additional options displayed.

Default values for the PDC options

Since the 2.3 version of IPFire, by the activation of the PDC mode, the text field PDC options was filled with more or less meaningful adjustments. These data was situated at this time - and still now - under /var/ipfire/samba/default.pdc.

The original contents of the file:

filename = /var/ipfire/samba/default.pdc

path = /home/%U
comment = Benutzer-Verzeichnisse
browseable = yes
writeable = yes
valid users = %U

path = /var/ipfire/samba/netlogon
browseable = no
writeable = no
comment = NetLogON

path = /var/ipfire/samba/profiles
browseable = no
writeable = yes
comment = Benutzerprofile
valid users = %U

This configuration served for the releases /homes, /netlogon und /profiles to occupy them into the samba domain. Whether the default is meaningful, is surely more or less a matter of taste -> it is valid to make certain however that the appropriate directories are configured with the necessary authorizations.

Permit the domain log-on

It is not arbitrary and thus essentially to indicate the samba server that he also answers the appropriate domain inquiries -> for this purpose complete the PDC-option with this line
domain logons = yes

Further information on Samba as domain controller

The following links are useful--some of them overlap or provide further details about the settings discussed above.

Edit Page ‐ Yes, you can edit!

Older Revisions • August 19, 2019 at 7:11 pm • Jon