Samba Server As PDC How To
Jerry Winegarden, Duke University
Last Revised 2/19/04

Samba server as NT Domain server (PDC) requires that you create a machine
account in both the /etc/passwd file and the /etc/samba/smbpasswd file.
There is a way to have machines automatically create their accounts
(with proper setup in /etc/samba/smb.conf file), or you can create
machine accounts as follows:

useradd -g 100 -d /dev/null -c machinename -s /bin/false machinename$
passwd -l machinename$
smbpasswd -a -m machinename

Note:  the $ at the end of the useradd and the passwd commands is
	mandatory and must not appear at the end of the smbpasswd cmd.
	machinename is the PC's windows machine name.

Note:  you can create a linux shell script to create a machine
account.   The script should look like:

#!/bin/sh
#	addmachine
#		add samba machine account to passwd and smbpasswd files
/user/sbin/useradd -g 100 -d /dev/null -c $1 -s /bin/false $1$
passwd -l $1$
smbpasswd -a -m $1

This file needs to be executible:
chmod 711 addmachine.
It is then invoked as:

addmachine machinename

(e.g. addmachine mypc1)


When you are done, you will see a line in /etc/passwd for
machinename$

and a line in /etc/samba/smbpasswd for
machinename$

If you just run useradd without setting the group number to 100,
the default dir to the bit bucket (/dev/null) and the default
login shell to /bin/false (so that no one can explicitly log
into this account and run programs as a regular user), then you
will have accounts that people could log into without a password
being set.  This is not a good idea in general because people
could guess the account from knowing PC machine names.

Note:  you also need to have a netlogon share defined in smb.conf
and you should have Profiles defined, too.  (howto is found in
other documents.)

Good luck!