Browsing Corsican translation

144.

With <emphasis>root</emphasis> being disabled by default, in order to join a workstation to the domain, a system group must be mapped to the Windows <emphasis>Domain Admins</emphasis> group. Using the <application>net</application> utility, from a terminal enter:

145.

sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d

146.

Change <emphasis role="italic">sysadmin</emphasis> to the preferred group. The user used to join the domain needs to be a member of the <emphasis>sysadmin</emphasis> group, as well as a member of the system <emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group allows <application>sudo</application> use.

147.

Finally, restart Samba to enable the new domain controller:

148.

It is now possible to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server.

149.

Backup Domain Controller

150.

With a Primary Domain Controller (PDC) on the network, it is best to have a Backup Domain Controller (BDC) as well. This will allow clients to authenticate in case the PDC becomes unavailable.

151.

When configuring Samba as a BDC, there must be a way to sync account information with the PDC. There are multiple ways of accomplishing this, such as <application>scp</application>, <application>rsync</application>, or by using <application>LDAP</application> as the <emphasis>passdb backend</emphasis>.

152.

Using LDAP is the most robust way to sync account information, because both domain controllers can use the same information in real time. However, setting up a LDAP server may be overly complicated for a small number of user and computer accounts. See Samba<ulink url="http://wiki.samba.org/index.php/Samba_&amp;_LDAP"> LDAP</ulink> page for details.

153.

First, install <application>samba</application> and <application>libpam-smbpass</application>. From a terminal enter: