Samba v3.3.7 addon as a domain controller

Hi,

First of all, make sure the registry keys below have been applied to the Windows 7 hosts before joining them to the domain. You will get trust relationship issues if you don't and will need a local admin account to fix them.

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
        DWORD  DomainCompatibilityMode = 1
        DWORD  DNSNameResolutionRequired = 0

1. Make sure you do not have a system elevated to master browser / domain controller status on a network for the domain you want to host on the ReadyNAS. Otherwise, this will not work.

2. You will need to have root SSH access via the official addon if you haven't installed it already - read the notes about support though if you have not.

3. Backup your /etc/samba/smb.conf file first, in case it goes wrong.

4. Make sure that within FrontView that the Security Mode is set to User and the Workgroup is the name of the Domain you would like to host for.

5. Create a group within FrontView to contain your domain admin users. At a minimum, it needs to have the user admin in it.

6. Edit /etc/samba/smb.conf and make the below exists within the [global] section. To be honest, it's been a while and I can't remember which exact pieces I needed to add versus modify. Also note there are parameters that need updating so please read the below.

 add machine script = "/usr/sbin/useradd -s /bin/false -d /dev/null %u"
 admin users = @<name of the group you created through FrontView to be your Domain Admins>
 domain logons = 1
 domain master = 1
 encrypt passwords = 1
 local master = 1
 logon drive = <the drive letter you want the home drive to be - mine is H:>
 logon home = \\%L\%U
 logon path = \\%L\profiles\%U
 logon script = logon.bat
 netbios name = %h
 os level = 33
 passdb backend = smbpasswd
 passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
 passwd program = "/usr/bin/passwd %u"
 preferred master = 1
 printer admin = @<name of the group you created through FrontView to be your Domain Admins>
 template homedir = /c/home/%U
 time server = 1
 wins support = 1

7. Restart Samba by running /etc/init.d/samba restart

The above will also give you Roaming profiles so you may need to set Group Policies on the hosts to redirect roaming profile directories to local ones if the profiles end up being large and slow to logon / logoff.

I recommend stopping at step 6; and doing the following:

;additional line here to call the next file

include = /etc/Mods/domainsmb.conf

Next; from the SSH session; type in the following:
MKDIR /etc/Mods

NEXT;
vi /etc/Mods/domainsmb.conf

paste the following code inside the window:

# This file was written to setup the ReadyNAS DUO as a PDC Server.
[global]
    netbios name = ReadyNAS
    server string = Samba %v on %L
    workgroup = ReadyNAS

        ; domain & local master browser
        ; coz we're dealing with Win2k
    os level = 65
    prefered master = yes
    domain master = yes
    local master = yes
    domain logons = yes

        ; misc options
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    time server = yes

        ; do not show files starting with dots
    hide dot files = yes

        ; Central European code page support
    client code page = 852
    character set = ISO8859-2

        ; do not allow guest access, use only local system accounts
    security = user
    guest ok = no
    invalid users = bin deamon sys man postfix mail ftp
    admin users = @Domain.Admins, root

        ; domain administrators
    domain admin group = @Domain.Admins, root
    domain admin users = @Domain.Users, root admin

        ; use encrypted passwords
    encrypt passwords = yes

        ; logging (max log size is in kB)
    log level = 2
    log file = /var/log/samba/log.%L
    max log size = 1000
    debug timestamp = yes
    syslog = 1
	
        ; user roaming profiles path
    logon path = \\%N\profiles\%u

        ; general logon script (in DOS format)
    logon script = logon.vbs


; share for storing user profiles
; although it's probably easier to use the "\\%N\%u" share... just not sure how
[profiles]
    path = /home/samba/profiles
    writeable = yes
    create mask = 0700
    directory mask = 0700
    browsable = no


#share for domain controller
[netlogon]
    comment = "Domain Logon Share"
    path = /home/samba/netlogon
    public = yes
    writeable = no
    browsable = yes
    admin users = root @Domain.Admins
    valid users = root @Domain.Users

And next; in the SSH window, hit ESC, then type :wq!

That will effectively save your own DOMAIN config file; and include that in the SAMBA default config file (easier to comment out the include line isn't it?).

I did this about 4 minutes ago; but the changes to the /etc/samba/smb.conf file won't take place if the samba service is running.
so stop it before making any changes.
invoke-rc.d samba stop - do this right at the start
invoke-rc.d samba start - when finished, do this

oops forgot; from the Frontview webpage; add two groups "Domain.Users" and "Domain.Admins"... sure you can all work that bit out :P

Hi,
I folled these steps and tried to add my Win7 PC to the domain. ut it doesn't work. What do I have to do to add a PC to the domain?

Problems... problems...

RAIDiator 4.2.17 includes Samba 3.5.8...

When you make edits to the smb.conf file - the next reboot sees your edits automagically removed.

Using the information here, a windows XP machine can't join the domain.

Still working through what to do to make it work - so far I've blown about 8 hours on this with little progress. Much frustration.

Hi Jastronomy,

Just looking over the details Airwolf and you have provided here for setting up Samba as DC.
When you say stop at step 6, are you saying stop before or after step 6?

The additional line you have shown

include = /etc/Mods/domainsmb.conf

i'm assuming is entered via the SSH session?

Likewise is the code to be pasted (that you have listed after the vi command) done in the ssh session?

After all of this, is step 7 still needed?

Lastly, how much of this is applicable if you do not use the Samba 3.3.7 addon, eg just use the SAMBA version in RAIDiator 4.1.8?

Thanks
Neil