I had a bit of trouble getting my Samba server to authenticate to an NT PDC, so here is how I did it1?.

• join the samba server to the domain

root# /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator

• edit /etc/samba/smb.conf to include at least the following directives:

[global? <...>

1. separate domain and username with '+', like DOMAIN+username

winbind separator = +

1. use uids from 10000 to 20000 for domain users

winbind uid = 10000-20000

1. use gids from 10000 to 20000 for domain groups

winbind gid = 10000-20000

1. allow enumeration of winbind users and groups
2. might need to disable these next two for performance
3. reasons on the winbindd host

winbind enum users = yes winbind enum groups = yes

1. give winbind users a real shell (only needed if they have telnet/sshd/etc... access)

template homedir = /home/winnt/%D/%U template shell = /bin/bash

• apt-get install winbind

• Now, as root edit /etc/nsswitch.conf to allow user and group entries to be visible from the winbindd daemon. After editing, the file look appear

  passwd: files winbind shadow: files group: files winbind

• see if winbind is working by typing wbinfo -u. This should echo back a list of users on your Windows users on your PDC. For example, I get the following response:

CEO+Administrator CEO+burdell CEO+Guest CEO+jt-ad CEO+krbtgt

1? With help from http://docs.biostat.wustl.edu/samba-2.2.8a/htmldocs/winbind.html.

• ActiveDirectorySamba may also be of some help to you.