Skip to main content

If you don't have an IBM ID and password, register here.

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. This profile includes the first name, last name, and display name you identified when you registered with developerWorks. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

Using Samba as a PDC

Tom Syroid is a contract writer for Studio B Productions, a literary agency based in Indianapolis, IN specializing in computer-oriented publications. Topics of interest/specialty include *NIX system security, Samba, Apache, and Web database applications based on PHP and MySQL. He has experience administering and maintaining a diverse range of operating systems including Linux (Red Hat, OpenLinux, Mandrake, Slackware, Gentoo), Windows (95, 98, NT, 2000, and XP), and AIX (4.3.3 and 5.1). He is also the co-author of Outlook 2000 in a Nutshell (O'Reilly & Associates) and OpenLinux Secrets (Hungry Minds). Tom lives in Saskatoon, Saskatchewan with his wife and two children. Hobbies include breaking perfectly good computer installations and then figuring out how to fix them, gardening, reading, and building complex structures out of Lego with his kids. Questions, comments, and errata submissions are welcome; you can either e-mail the author directly (dwcomments@syroidmanor.com.

Summary:  Open-source Samba turns a UNIX or Linux system into a file and print server for Microsoft Windows network clients. Tom Syroid dishes up a juicy tutorial that shows you how to configure Samba as the primary domain controller on an xSeries server.

Date:  03 Apr 2002
Level:  Introductory

Comments:  

Introduction to Samba

Tutorial roadmap

Although you don't need to be a Samba expert to complete this tutorial, a basic knowledge of common administrative tasks is helpful, including tasks such as copying and moving files, creating user accounts, and setting permissions.

Upon completion of this tutorial you will know how to:

  • Install Samba using the Redhat package manager (RPM) or by compiling the program from source.
  • Configure the Samba server as a PDC (Primary Domain Controller).
  • Configure the server to support roaming profiles.
  • Configure the server to support netlogons.
  • Create the required administrative directories on the server, and set their permissions as appropriate.
  • Create user and machine (trust) accounts on the domain controller.
  • Configure the client machines to join the domain.
  • And troubleshoot any basic problems that may arise in the above process.

What is Samba

Samba is arguably one of the most successful Open Source projects ever created. It began like so many other similar projects: as a need. Andrew Tridgell needed a fileserver program for his local network that supported an old DEC protocol from Digital Pathworks. Unbeknownst to Andrew, this same protocol later became SMB--the language of Microsoft filesystems. In the 11 years since its inception, Samba has evolved into a stable, reliable product, and has been ported to numerous platforms (AIX, HP-UX, BSD, Linux, DigitalUnix, IRIX, SCO, VMS, OSF, and Solaris). Once installed and configured, Samba provides an almost seamless integration with an existing Windows networks, and for all intents and purposes from the user's perspective, is simply another Windows fileserver, printer server, or domain controller. Best of all, Samba is free and there are no traditional licensing issues to contend with. Regarding PDC functionality, the topic of this tutorial, Samba currently supports:

  • Domain logon from Windows NT/2000 clients.
  • User level security for Windows 9x/ME clients (Win9x/ME clients have no concept of domain-level security; they simply know how to logon to a domain controller).
  • Roaming profiles.
  • NT4-style system polices.
  • Browse lists.
  • Retrieve of user and group lists stored on a Samba PDC.

The current stable release of Samba at the time of this writing is version 2.2.3a, which is used as the basis of this tutorial. Note that the current SAMBA_2_2 CVS development tree is close to release (slated for mid-April 2002), which will become 2.2.4. Check Samba's Web site (www.samba.org) for release notes and details; if Samba 2.2.4 is avaiable, use it--it includes several important bug fixes relating to printing and domain controller functionality.


Current program constraints

While the functionality in Samba compares favorably with Windows NT/2000 server, Samba does have some limitations you should be aware of:

  • Samba cannot function in the role of a BDC (Backup Domain Controller). There is currently no way to establish a "trust" relationship between a Samba domain controller and a Windows NT/2000 controller. Having said that, Scott Merrill has devised a way to simulate a PDC/BDC environment using two Samba machines. See the Resources section for details and a URL.
  • Along similar lines, Samba cannot replicate SAM (user authentication information) with a Windows NT/2000 server (or visa-versa).
  • Samba cannot yet read or utilize Windows Active Directory (AD).
  • Samba does not support adding users via the Windows User Manager for Domains (primarily due to the above limitations).

Stay tuned, however. Many of the above limitations (primarily the ability to talk to an AD tree and SAM replication) will vanish with Samba 3.0, which is currently in active development (release is slated for late-summer 2002). In addition to connectivity with Windows AD, Samba 3.0 will also (likely) feature: Microsoft Kerberos authentication, a completely re-written and configurable authentication subsystem, a Microsoft-like "NET" command for terminal access to a variety of network resources, improved printing support, and the usual bug fixes and stability enhancements.

For more details on the status of Samba 3.0 and other developmental projects, see www.samba.org/samba/.


Hardware considerations

On the whole, Samba is an extraordinarily efficient program, and consumes very few system resources for the amount of work it does. But like any front-line software program, it really comes down to scale--you cannot expect to run 200 Samba users off a Pentium 166 with 64MB of RAM and a 10GB IDE hard drive without complication (and a whole slew of upset users). On the other hand, that same Pentium 166 acting as a Samba file server for a small home office will probably do an admirable job given the file transfer load is light.

Generally speaking, from a hardware perspective I recommend the following:

  • Lots of memory--the more the better. Every user connection spawns a Samba daemon, so the more users you plan to host off a machine, the more memory it should have.
  • Disk access is critical. I've built perfectly adequate Samba file servers from old workstations (PII-400) by simply adding a SCSI subsystem and a good quality SCSI hard drive. Again, think scale--the more users you plan to serve, the higher quality your disk subsystem should be.
  • My personal preference is for SMP file servers. Multiple processors do not necessarily make for a faster machine, but it does make for a machine that does not slow down under load. And when you consider the fact you can build a dual Celeron system for about the same cost as a high-end single P4 processor system, to me the choice is a no-brainer.

For the record, the hardware used to write and test this tutorial consisted of one of IBM's new xSeries servers: An xSeries model 220, dual Pentium 3 1.2GHz CPUs, an IBM ServeRAID hardware RAID controller, 1GB of SDRAM, and three 10,000 RPM 18GB hard drives in RAID5 configuration (netting approximately 36GB of useable hard disk space). The machine performed admirably in all regards, and continues to do so without error or failure.

For more details on IBM's server product line, see the eServer Developer Domain or for xSeries specific information, the xSeries Intel processor based servers site. There is also an excellent IBM Redbook titled Samba Installation, Configuration, and Sizing Guide (SG24-6004-00) that has a good section on hardware requirements and sizing.


Tutorial prerequisites

Installing Samba and configuring it as a PDC requires that certain steps must be followed. Although the reader does not need to be a Samba expert to benefit from this tutorial, a basic knowledge of common administrative tasks such as copying and moving files, creating user accounts and setting permissions is helpful.

If you want to follow through the examples you need the following configuration and tools:

  • This tutorial is based on Redhat 7.2 with all the current errata applied (see Redhat's Errata page for details). You can, of course, use any UNIX or Linux distribution you choose (heck, you can even use HP-UX or Solaris!)--just be aware that file locations and paths noted are Redhat specific. Make sure, however, that whatever distribution you choose is working as advertised before attempting to install and configure Samba.
  • Working knowledge of a text editor like vi is a good skill to have and/or develop. There is a browser-based configuration tool discussed (SWAT), and information on this tool can be found in the Troubleshooting and SWAT information section.
  • If you plan to compile Samba from source, which is the recommended and demonstrated approach, ensure that gcc is installed and correctly configured on your machine.

1 of 8 | Next

Comments



Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=AIX and UNIX
ArticleID=105868
TutorialTitle=Using Samba as a PDC
publish-date=04032002
author1-email=dwcomments@syroidmanor.com
author1-email-cc=

Tags

Help
Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).

My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).