Our discussion of Samba up to this point has focused on file and print servers that authenticate users against a local set of accounts; these accounts had to previously be added to the system hosting Samba using either pdbedit or smbpasswd . Standalone servers (also called workgroup servers) have the advantages of being easy to set up and possessing no dependencies on external services. However, managing user accounts on more than two or three of these servers quickly becomes onerous.
Our systems administration mantra is, "Reduce redundancy through consolidation." Creating a Samba domain removes duplicate users and groups from each standalone server by consolidating these accounts onto a small set of domain controllers that can process authentication requests on behalf of domain member servers. Coupled with Microsoft's networking facility that allows a user to log in to her local workstation via a domain account, a Samba domain provides a means to centrally manage all authentication, not just access to file and print services.
In this chapter, we show you how to configure Samba as a Primary Domain Controller (PDC) with one or more Samba Backup Domain Controllers (BDC), and how to join Windows clients to this domain. Domains by themselves have little relevance without users and groups, so we also explore the mechanisms to manage and store user and group accounts. After you have a solid understanding of how to configure Samba's domain controller functionality, we explain how to migrate a Windows NT 4.0 domain to a Samba domain and retain the complete list of accounts and user settings. We conclude with a discussion of remotely monitoring and managing Samba hosts using tools such as the Windows Event Viewer, the Service Control Manager, and the Performance Monitor.