[deprecated] Quick Start Setup Guide

Please note that this documentation is old and generally no longer relevant to the TurnKey Docmain Controller v14.0 and newer (this page relates to TurnKey DC v13.x and before)...


The TKL PDC is ready to go straight out of the box. A vanilla XP install on the same subnet will join the domain with just a little network configuration...

Before you start...

  • TurnKey PDC is not an Active Directory replacement: The v13.x (and previous versions) of TKL PDC uses Samba 3. If you're looking for a Server 200x Active Directory full replacement, this isn't going to do the job. With this PDC acting as the DC on your network, you're going to have a NT domain. However if you follow these  instructions then you can add it to your existing AD domain.
  • Windows Home versions can't join a domain: None of the Windows Home versions [Starter (XP, Vista, Win7),  Home (XP), MCE (XP), Home Basic (Vista, Win7), Home Premium (Vista, Win7) or Windows 8 (Windows 8 without a suffix title is the successor to Win7 Home Premium)] are capable of joining a domain. You'll need to use a 'professional' version [Pro (XP, Win8) Business (Vista), Professional (Win7), Enterprise (Vista, Win7, Win8) or Ultimate (Vista, Win7, Win8)].

Setting Up

Build your TKL PDC or get the VM up and running (e.g., VirtualBox installation tutorial). You should set up the network address, PDC name, domain name and root password before you do anything else. DO NOT TRY TO CREATE ANY WINDOWS USERS AT THIS POINT.

You can set the PDC IP on the config console when the machine boots up. To set the PDC and Domain names, fire up a browser, point it a the PDC address and select the Samba icon. After you've logged in, you can change the domain and PDC settings via the 'Windows Networking' icon.

On the XP client networking settings, set the WINS address to the PDC IP. NT domains rely heavily on NETBIOS so you don't need to worry about DNS.

Make sure you can ping the PDC from the client and vice versa to prove the network configuration. Ping by IP and by name to ensure that everything appears as expected.

If you are using a VirtualBox XP build for testing and you can't join the domain, you probably have a network misconfiguration. The default network setting for VirtualBox machines is NAT, this won't work. You need to bridge the virtual network to your physical network. Take a look at the network settings on the TKL PDC virtual machine, it's set up with bridging by default.

Joining the Domain

Log on to the client with the local admin account and

  • Right click 'My Computer' and select 'Properties'
  • Select the 'Computer Name' tab on the system properties dialog.
  • Selecting the 'Change' button brings up the computer name changes dialog.
  • Select the 'Domain' option and type the name of your domain into the text box.

If all is well, you should be prompted for a username and password to join the domain. Enter the Samba username 'administrator' and the password ('turnkey' is the default).

If all is well, you should get a short wait followed by a 'Welcome to the domain' message. Once the client is rebooted, you can log on with the Samba administrator account (remember to select the domain at the logon prompt).

Adding Users

Now you can create domain/Samba users on the PDC, they will be automagically be available for logon on the client. There are a few gotchas with creating users, groups and policies, but that's beyond the scope of this guide.

If you are getting an error message such as "windows cannot locate server copy roaming profile" on login, then please ensure that your Linux user is in the Linux group "smbuser" and that Linux users and Samba users are synced.

Comments

Timothy's picture

How Do you Ping From the Server to Windows? From Webmin?

Codehead's picture

Once you've done the IP config on the server, you can back out of the config console and you'll end up at a command prompt. Log in and you can ping from there.

Alternatively, logging in via a SSH client or the browser based web shell (https://[your server ip]:12320) will give you a prompt you can ping from too.

 

BTW, if you can't ping from the server to XP with service pack 2+, the Windows firewall is probably blocking it.


Alliancecorp's picture

Where we can find the detailed installation/administration guide?

(Provided link to the installation guide not working.)

Jeremy Davis's picture

but the generic tutorial here should get you going. Its using VirtualBox but the instructions installing from ISO are pretty much the same for bare metal install. If there's anything your having problems with, post in the Suppport forum and someone should be able to help you out.

L. Arnold's picture

I have an errant win2K/NT Domain that I would love to just get rid of but I am worried about losing my shares/rights etc.

Has anyone ever "taken over" a Domain w/ this appliance?  (I mean this in a friendly way).

thanks for any help here.

Jeremy Davis's picture

I've had very little experience with 2k/NT domains so perhaps my apprehension is more to do with my experiences with 2k3.

Despite my apprehension, I think that it could be an interesting excercise if you have the patience :)

Liraz Siri's picture

Tried contacting the guy who made that tutorial. No response. This is why we should avoid relying on third party websites. Anyhow for now I removed the broken link and linked to the virtualbox tutorial instead.

I've got this working... for the admin account. It does not work for additional users added (roaming profile cannot be created error) even after adding the groups and syncing with samba. Ideas?

 

EDIT: capitalizing users is bad. It works now.


Nuno Cabeca's picture

Hello!

Firstly, congratz for your amazing job!

I saw in the main features, something refering "netlogon", like:

  • Limit domain login to Domain Users and Domain Admins.
  • Logon/home drive mapped to H:
  • Synchronize time at login with PDC.
  • Default permissions: owner full permissions.

I was expecting a pre configured logon script wich we could had to the user.

Where can I find that documentation?

Thanks in advance and congratz again!

Nuno


Alon Swartz's picture

The 2 files that you are looking for are /etc/samba/smb.conf and /srv/storage/netlogon/logon.bat. That should give you a very good starting point for customizations and understanding how everything is put together.

Hope that helps.

Scott Brehm's picture

I was expecting the domain controller to also have a DNS and DHCP service installed with dynamic DNS configured. I have no problem doing this manually if needed, but new to Turnkey and Webmin. 

Is there an existing Turnkey appliance with DNS & DHCP?

If not, guidance integrating it into the Domain Controller appliance would be welcome to shortcut the learning curve.

Jeremy Davis's picture

But they can be installed relatively easily using apt-get install. The DNS package is called bind9 and IIRC DHCP is called dhcp3. There are also webmin modules available (webmin-bind8 and webmin-dhcp). Personally I found following an online tutorial using commandline the easiest way to get started. Then use Webmin to maintain and update. I don't recall which tutorial i used but there should be plenty about. Just keep in mind that TKL v11.x is based on Ubuntu 10.04/Lucid and you should find plenty of info via google.

Sean O'Rourke's picture

So each user gets two drives mapped to the server, an H: (for home?) and an S: (for share?)

I can see in /srv/storage/netlogon/logon.bat  where the S: drive is configured

and I can see in /etc/samba/smb.conf, where it's setting the login drive to H:

logon path = \\%L\profiles\%U
logon script = logon.bat
logon drive = H:
     
But where is configuration that maps the H: drive? 

Jeremy Davis's picture

There are share level (i.e. via Samba users) and file system levels (via Linux users). By default the Linux and Samba users should be synced but perhaps double check. Also check file level permissions for your users. It sounds like your users have share permissions but not file permissions (but I'm only guessing).

FWIW I have always used share level users to control read or no read access and file permissions to control read only or read/write. I'm not sure whether that is best practice, but it's what I used with Windows shares...

Mike's picture

I got the following error: "The Specified Domain Either Does Not Exist or Could Not Be Contacted" when joining a Windows 7 client (virtual machine) to the PDC domain. A Win XP machine joined with no problems.

Just to say that this appears to be the problem: http://wiki.samba.org/index.php/Windows7

Essentially in Win 7 MS normally requires that a domain server offering active directory services is used. See note in article that points out that this PDC does not support Active Directory.

The same article gives a registry edit solution, which works. It did not need the additional hot fix they refer to. Maybe it was included in service pack 1.