Adding a Windows Computer to an Openldap-Samba Primary Domain Controller

For a number of years, I’ve used a linux computer running openldap and samba as the primary domain controller for my windows computers. This works great in that we can have a single sign-on for all of our windows and linux computers and use the same account for logins to websites. I’ve had an old piece of paper in my office with the changes that are needed on Windows to be able to get it to join this pdc. Thought I’d finally put them online in case something ever happens to my paper. (#2 below is really the only required step, but I always do all of them.)

1. Add the ip address of the new computer to /etc/samba/smb.conf. This is optional, but I do it so that only computers I know about are allowed to access anything in our setup.

2. Add two DWORDS in the registry:

HKLM\
  System\
    CurrentControlSet\
      Services \
        LanmanWorkstation\
          Parameters

DomainCompatibilityMode = 1
DNSNameResolutionRequired = 0

3. gpedit.msc

Computer Configuration -
  Administrative Templates -
    System -
      User Profiles
Set maximum wait time for the network if a user has a roaming profile or remote home directory = 0

4. secpol.msc

Local Policies -
  Security Options
Interactive logon: Do not display last user name: ENABLED

Now join the computer to the domain.