I had a bit of trouble getting my Samba server to authenticate to an NT PDC, so here is how I did it1?.

1. join the samba server to the domain

root# /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator

1. edit /etc/samba/smb.conf to include at least the following directives:

global?

<...>

1. separate domain and username with '+', like DOMAIN+username

winbind separator = +

1. use uids from 10000 to 20000 for domain users

winbind uid = 10000-20000

1. use gids from 10000 to 20000 for domain groups

winbind gid = 10000-20000

1. allow enumeration of winbind users and groups
2. might need to disable these next two for performance
3. reasons on the winbindd host

winbind enum users = yes winbind enum groups = yes

1. give winbind users a real shell (only needed if they have telnet/sshd/etc... access)

template homedir = /home/winnt/%D/%U template shell = /bin/bash

1. apt-get install winbind

2. Now, as root edit /etc/nsswitch.conf to allow user and group entries to be visible from the winbindd daemon. After editing, the file look appear

   passwd: files winbind shadow: files group: files winbind

3. see if winbind is working by typing wbinfo -u

1? With help from http://docs.biostat.wustl.edu/samba-2.2.8a/htmldocs/winbind.html.