"security = user" means you've not configured Samba as either an NT or an Active Directory DC. You've created a standalone server with local user accounts.
You should abandon the notion of setting up a "PDC", as that's a Primary Domain Controller in an ancient non-Active Directory domain. AD DCs have been supported since the release of Samba 4.0.
To create an AD domain, you should first decide whether you want to use BIND or the built-in Samba DNS server. Then run samba-tool domain provision to create an Active Directory domain.
Last edited by Ser Olmy; 03-09-2014 at 08:23 AM.