I had a bit of trouble getting my Samba server to authenticate to an NT PDC, so here is how I did it1?.

  • join the samba server to the domain

root# /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator

  • edit /etc/samba/smb.conf to include at least the following directives:

[global? <...>

  1. separate domain and username with '+', like DOMAIN+username

winbind separator = +

  1. use uids from 10000 to 20000 for domain users

winbind uid = 10000-20000

  1. use gids from 10000 to 20000 for domain groups

winbind gid = 10000-20000

  1. allow enumeration of winbind users and groups
  2. might need to disable these next two for performance
  3. reasons on the winbindd host

winbind enum users = yes winbind enum groups = yes

  1. give winbind users a real shell (only needed if they have telnet/sshd/etc... access)

template homedir = /home/winnt/%D/%U template shell = /bin/bash

  • apt-get install winbind
  • Now, as root edit /etc/nsswitch.conf to allow user and group entries to be visible from the winbindd daemon. After editing, the file look appear

    passwd: files winbind shadow: files group: files winbind

  • see if winbind is working by typing wbinfo -u. This should echo back a list of users on your Windows users on your PDC. For example, I get the following response:

CEO+Administrator CEO+burdell CEO+Guest CEO+jt-ad CEO+krbtgt

1? With help from