How to create samba3 PDC with ldap backend

Install LDAP

aptitude install slapd 

Install PHPLDAPADMIN web interface

execute - aptitude install apache-ssl phpldapadmin

Enter your country code when prompted ex. US Enter the name of your state when prompted ex. Utah Enter the name of your city when prompted ex. Salt Lake City Enter your organization when prompted ex. buster.lan Enter your OU name when prompted ex. ITT Enter your host name when prompted ex. pdc.buster.lan Enter the contact email when prompted ex. root@buster.lan


tar zxvf mkntpwd.tar.gz
cd mkntpwd
cp mkntpwd /usr/local/bin/

Install Samba

aptitude install make gcc libc-dev samba samba-doc

Enter your domain name when prompted ex. buster.lan Answer NO when asked whether you want to modify smb.conf or not

cd /usr/share/doc/samba-doc/examples/LDAP
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/
vim /etc/ldap/slapd.conf

add this line after the other include lines:

include         /etc/ldap/schema/samba.schema

Now restart LDAP

/etc/init.d/slapd restart

open a webbrowser and go to: https://pdc/phhldapadmin/ (replace pdc with your server name or IP) login with the following user:


use the password entered when you installed LDAP expand the root node and then click on “Create new entry here” select OU and click “proceed” enter users for the OU name and click “Create object” repeat the previous three steps and create two other OUs called “groups” and “machines”

vim /et c/samba/smb.conf


passdb backend=tdsam

and replace it with:

passdb backend = ldapsam:ldap://
ldap suffix = dc=nomis52,dc=net
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=nomis52,dc=net
ldap delete dn = no

# be a PDC
domain logons = yes

# allow user privileges
enable privileges = yes

make sure testparm executed successfully:


smbpasswd -w password
/etc/init.d/samba restart

Log back into phpldapadmin and verify that the ?DomainName record exists below the root create the following Samba3 Mappings under the groups OU:

Unix/Windows Name GID SID ending number admins 20000 512 users 20001 513 guests 2002 514

account sufficient account required try_first_pass --add the following line before the password required password sufficient

ldap password sync=yes

First Name Last Name username UID SID ending Group admins Home Directory Domain Admin adminstrator 10000 21000 admins /home/buster/adminstrator (your) (name) (username) 10001 21001 admins /home/buster/(username)

Machine Name UID (machinename)$ 30000