Using Samba to join a Windows NT domain

I originally wrote this procedure for use at my place of work. We have a number of Windows domains [NT style, not active directory] and I often need to have a Linux machine join one of them. This procedure was developed on a box running Fedora Core 1; however, with simple modifications (namely, stopping the Samba services manually by invoking the appropriate script in "/etc/init.d" with the "stop" option), this should also work for other distributions.

Assumptions

You have administrative access to the domain.
You have root access to the Linux server.
You have access to a GUI on the Linux server [Fedora only.]

Getting Started

Use the GUI "Services" tool [Which is Main Menu, System Settings, Server Settings, Services in Fedora] to shut down the samba daemons [smbd and nmbd] if they are running on the server.

The smb.conf File

Next edit the /etc/samba/sbm.conf file and replace the [global] section with:

[global]
   workgroup = {domain}
   server string =  {server name}

   log file = /var/log/samba/%m.log
   max log size = 50

   security = domain
   password server = [name of a PDC or BDC for {domain}]
   encrypt passwords = yes
   smb passwd file = /etc/samba/private/smbpasswd

   local master = no
   wins server =  {wins server}
   dns proxy = no

Where:
{domain} is the name of the domain.
{server name} is the name of this Linux server.
{wins server} is the IP address of a local WINS server.

At this point you can make any other changes or adds that you want to other sections of this file.

The smbpasswd File

For security reasons we will place the smbpasswd file in a private directory using the following commands:

cd /etc/samba
mkdir private
cd private
touch smbpasswd
chmod 600 smbpasswd
cd ..
chmod 500 private

Now we will add a dummy entry to the smbpasswd file. To do this, first create a user account for yourself on the Linux server [unless one already exists], then execute the following commands:

cd /etc/samba/private
cat /etc/passwd | mksmbpasswd.sh  > smbpasswd

Finally, edit the smbpasswd file and remove all lines except those for your user account.

Joining the Domain

To add the Linux server to the domain use the following command:

net rpc join member -U {administrator}

Where {administrator} is the user id of a domain administrator for {domain}. You may be prompted for the administrator's password at this time.

Cleaning Up

Use the "Services" tool [Which is Main Menu, System Settings, Server Settings, Services in Fedora] to start the samba daemons.

Then use the "Services" tool [Which is Main Menu, System Settings, Server Settings, Services in Fedora] to enable the Samba service for all of the appropriate run levels.

Select the smb service and enable it for run level 5.
Save changes.
Select the smb service and enable it for run level 4.
Save changes.
Select the smb service and enable it for run level 3.
Save changes and exit services window.

Of course there are other ways to modify run levels depending on the distribution. If anyone has examples of doing this in other distributions I would be happy to have them added here.

[BIO] Rich Price has been using computers for around 35 years and Linux for around 10 years. And he hasn't got tired of either quite yet.

Copyright © 2004, Rich Price. Released under the Open Publication license unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 105 of Linux Gazette, August 2004

<-- prev | next -->

Home > August 2004 (#105) > Article