htothek 01-07-2007 09:12 PM

Loving linux, Trying to make a DC - do i use Open LDAP? Samba? or ***?
Ok so i've been messing with linux for a little while now. Playing with basic shares and such. Got samba working but not totally authinticating a windows user.... But i want to go a step further....

I have setup many 2003 DCs but now i want to try it on linux....

Im running FC4. I went through the Open LDAP quickstart guide here and had no errors, even got the LDAP search to find my domain! ( But when i goto my windows box and try to join to it, it says it can't find it. I was wondering if i need some type of mediator(sp?) between windows and the fc box.... Sorry but i tried to follow all the configurations and as far as i know they worked but i just cant get it to be seen by the xp machine....

I also searched and got a little confused when i searched this site for DCs because i got a lot of replies with samba as a DC.... I wasn't aware that you could use Samba for that... i thought it was only for simple file sharing.... Would anyone have an answer for me?

I mean i dont want you to walk me through it step by step but please let me know what vital step im missing between the two machines.... and wheather i should be useing Openldap or samba for the DC....

Here is why i want a DC... My gf's brother and sister just got computers.... their father wants them in bed by 11.... i want to set up a DC for them to login to and then it will terminate there session @ 11 and any time there after until around 6 am... so basically for restrictions..... =)

Thank you so much!

Opensource i have to say is awesome!


JimBass 01-07-2007 10:04 PM

Samba gives you the ability both to simply share files within a windows workgroup or domain, and also to act as the domain controller. You would want to install the samba server packages to do that.

Here is why you don't want to use a domain controller to do the job you're looking for.

1) It's a pain. Yes it can be done, but setting up a linux controlled windows domain is much work and often a headache. You mention this is for your girlfiends family, in effect your quasi-in laws. Girlfriends (and boyfriends, no need to sound sexist) have a nasty habit (in my experience) of becomming ex-girlfriends. I don't know about you, but if an ex's father called me with a problem on his home domain, I wouldn't be very excited about helping fix it.

2) You don't need to run a domain to get that level of functionality. Just about every home router, wired or wireless, has some way of doing just that, turning off the internet for some of the clients during certain times. The most popular router in the US is probably a linksys WRT54?, and all of them do this. You can simply get the MAC address of the brother and sister's machines, and then tell the router to shutoff access for those machines at a certain time every night.

Your solution of a domain controller to do that is similar to trying to build a fire extinguisher to put out a match. Yes you can do it, but its a ton of work when all you need to to is exhale on the match, and its out.


JimBass 01-08-2007 08:26 AM

You should have posted your own thread, as your question has nothing to do with the original poster's question about using linux as a domain controller.

Redhat 9 is ancient. After it came out, they changed the name to Fedora Core, and Fedora Core 6 is now out. Redhat 9 will not support most current hardware, and support for it from Redhat ended in 2004 or 2005. You'll need to choose a modern distro to get support.


htothek 01-08-2007 01:31 PM

Thanks jim for the answer, but it doesnt really help me. I dont care if this box stays with her family after i leave or we break up or after i die, i dont care.... lol its really more like a project, i want some experience with linux DCs and this is a probable application (restrict user time on a computer). So lets just throw the girlfriend/boyfriend stuff out and if i was to ask you....

Which setup should i use to accomplish the task of a dc with linux would be better? OpenLdap or samba? Only restrictions i want to lay on them are time restraints and that they are unable able to login after a certain time and if they are logged in i want them logged out. (them = my users)


JimBass 01-08-2007 01:46 PM

Right on. As a project that's fine, I just wanted to make sure you knew there was much simpler ways to accomplish what you're looking for. Samba is what is used as a linux domain controller, so you'll want to install samba server package.


htothek 01-08-2007 05:25 PM

Thank you! ill see if i can find a quickstart guide for samba.... i've played with the config file but i assume i have to get the service running.... But ill let you know how it turns out....


JimBass 01-08-2007 05:39 PM

There are tons of guides all over the net for samba. We have a decent one

You also can check the linux documentation project at

And straight from the horses mouth at

Good Luck, and post back with problems!


htothek 01-08-2007 10:31 PM

Ok i got swat installed and configured samba but i still cant get my windows box to see the domain....... this is my config file... any thing look weird? i've also tried restarting the services too!


# Samba config file created using SWAT
# from (
# Date: 2007/01/08 23:33:02

workgroup = MSHOME
netbios name = ENFORCER
netbios aliases = Enforcer
server string = Enforcer
null passwords = Yes
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
domain logons = Yes
preferred master = Yes
domain master = Yes
ldap ssl = no
remote announce =
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
valid users = zach, hannah
admin users = root
cups options = raw

comment = The Enforcer
path = /home/netlogon
read only = No
browseable = No

comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

path = /home/heath/share
read only = No
guest ok = Yes

JimBass 01-22-2007 10:51 AM

Start your own thread. This thread was about setting up a domain controller through samba, not being a domain client.


