banner Debian GNU/Linux

Linux Domain Controller


This is part of a write-up of an attempt to use Linux as a "Small Business Server", and describes Samba configuration where Samba is used as Domain Controller. This is an extension to Samba as a simple File Server. Note that that you can also join a samba file server as a member server to an active directory domain, i.e. using active Directory users without the samba server itself being the domain controller.

NT4 Domain

Samba can behave as an NT4-style domain controller, which allows you to centralize user accounts on 1 server (PDC, Primary Domain Controller). This is done entirely in smb.conf, the samba configuration file, and not so different from merely setting up a simple file server. See, for instance, Samba NT Domain Controller

To add some typical "Domain" features such as a logon script, romaing profiles, etc, look at this chapter from a book on Samba,courtesy of O'Reilly.

Active Directory Domain

Will probably be implemented in Samba v.4. Here's some preliminary documentation :

miru directory server, Novell developer wiki

Configure Ubuntu for Active Directory Authentication, Novell developer wiki

Samba 4 Documentation, Samba Docs, unfinished


setting up a kerberos realm

start the creation of a kerberos realm by running krb5_newrealm. Refer to the kerberos administartion guide.

Kerberos does not necessarily need to run on the same machine as the samba server. In fact, it might not be such a good idea to have your main authentication service running on file server - but it is possible, especially if you only have 1 server. Likewise, the administration server and the kerberos Key Distribution Center(s) can each be on separate machines.

install debian/ubuntu packages : krb5-admin-server, krb5-kdc.

Koen Noens
October 2005