How to setup a OMV NT domain controller (PDC)

    • How to setup a OMV NT domain controller (PDC)

      Hello,

      The purpose of this thread is for postings about OMV configured (or hacked :o ) to be a PDC NT domain controller, so every user on my OMV box that has a windows client PC would be able to join the domain, sync passwords and profiles (just what is needed on a average office with centralized services OMV can provide)

      As far as I tested I could join my OMV samba domain just adding this options and settings:

      In Network, General Settings:
      Hostname= quahog
      Domain name= mydomain

      In CIFS/SMB
      Enable= True
      Workgroup= quahog.mydomain
      Local master browser= True
      Time Server= True
      Home Directories= True
      Browseable= False
      WINS Support= True
      Extra Options:

      Source Code

      1. max log size = 500
      2. security = user
      3. netbios name = quahog
      4. domain logons = yes
      5. domain master = yes
      6. preferred master = yes
      7. os level = 64
      8. logon path = \\%L\profiles\%U
      9. logon home = \\%L\%U
      10. logon drive = H: (or whatever you like)
      11. logon script = netlogon.bat
      12. unix password sync = yes
      13. [netlogon]
      14. comment = Network Logon Service
      15. path = /home/samba/netlogon
      16. writable = no
      17. share modes = no
      18. [Profiles]
      19. path = /home/samba/profiles
      20. browseable = no
      Display All

      DNS Service Discovery= True

      Local DNS / DHCP
      Enable= True
      Domain Name= quahog.mydomain
      Use WINS entries= True

      Then on static entries tabI inserted the PCs names and their IPs
      (I have DHCP service configured in my router, so I didnt use OMV DHCP settings, anyway I pointed every setting WINS, DNS, NTP to my OMV server IP, and leave my router as gateway)

      Then on the client windows xp PC I configured IP by DHCP... so DNS, WINS, NTP, etc would be OMV server IP. I ping to netbios names from the server and windows clients and the respond rightly as my DNS server has every entry needed.

      Then from CLI as root, I ran this commands to configure machines and users for the domain:
      (Creating a machines and an admin group)
      groupadd -g 200 admins
      groupadd -g 201 machines
      (Create the directories as named in Extra Options)
      mkdir -m 0775 /home/samba /home/samba/netlogon
      chown root.admins /home/samba/netlogon
      mkdir /home/samba/profiles
      chown 1757 /home/samba/profiles
      (Adding machine accounts. Each computer and user on the network needs an account)
      useradd -g machines -d /dev/null -c "Windows PC1 Client" -s /bin/false winxp1$
      So it belongs to machines group, no home directory, any nickname, no shell and I used "winxp1" as the NetBIOS or hostname, and $ identifies it as a trust account.

      (Create authentication and password locked)
      passwd -l winxp1$
      (add machine to samba trust)
      smbpasswd -a -m winxp1
      (then I added my user, just like adding winxp1$ client before but without password locking the password)

      At last, I joined my domain as its done usually, in domain name I typed quahog.mydomain, then it asks your for username and password, there I entered root and the password... and I get joined, so it seems to respond right!

      (The only problem :roll: is that when I reboot my windows pc client, when the login screen appears... it lets you choose to login locally or to the quahog.mydomain, so I choose the domain... it it starts loging in BUT the windows PC client justs restarts. I tried with two PCs but happens the same, it seems there is a encryption or trust problem, so windows just restarts. I will have to test some more to get it working)

      If anyone have any experience with this or just want to try... it would be great to be able to configure OMV as NT domain controller (PDC) easily! :geek:
    • Re: How to setup a OMV NT domain controller (PDC)


      (The only problem is that when I reboot my windows pc client, when the login screen appears... it lets you choose to login locally or to the quahog.mydomain, so I choose the domain... it it starts loging in BUT the windows PC client justs restarts. I tried with two PCs but happens the same, it seems there is a encryption or trust problem, so windows just restarts. I will have to test some more to get it working)

      The reboot problem was this option in smb.conf...

      logon drive = H: (or whatever you like)

      I didnt realized that "(or whatever you like)" was just a note that I forgot to delete. So, if you have that or anything else wrong in the "logon drive =" Windows XP just breaks :-p

      Now, the PDC works!... I know the scripts and smb.conf still needs som tunning, if anyone have any tips, would be great to share!

      I discovered that OMV adds some options to the smb.conf, and OMV wont be happy if you change them. For i.e this comments at the beggining of each section:
      #======================= Global Settings =======================
      #======================= Share Definitions =======================
      #======================= Home Directories =======================

      So, if you type anything in the Extra Options box, these options will be placed at the end of the Global Settings. But, if you add shares with specific options here (like [Netlogon] or [Profiles], these shares will be placed wrongly at the end of Global Settings and you will have a warning when testparm to test the smb.conf syntax.

      It would be great for this plugin if you can specify WHERE to put the options in smb.conf when you add Extra Options.

      So you can tell OMV in Extra Option where to add the option exactly in smb.conf

      I know OMV is not ment to be an advanced Domain Server, so if what I am trying to do have no use, please tell me. If not... will keep trying to configure OMV Domain Server as tunned as possible.

      Thanks,