The simplest and most common implementation of a Samba PDC uses the tdbsam password database backend. Planned to replace the aging smbpasswd backend, tdbsam has numerous improvements that are explained in more detail in Section 20.8, “Samba Account Information Databases”. The passdb backend directive controls which backend is to be used for the PDC.

[global] 
workgroup = DOCS 
netbios name = DOCS_SRV  
passdb backend = tdbsam 
security = user 
add user script = /usr/sbin/useradd -m %u 
delete user script = /usr/sbin/userdel -r %u 
add group script = /usr/sbin/groupadd %g  
delete group script = /usr/sbin/groupdel %g  
add user to group script = /usr/sbin/usermod -G %g %u 
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null  -g machines %u 
# The following specifies the default logon script  
# Per user logon scripts can be specified in the user 
# account using pdbedit logon script = logon.bat 
# This sets the default profile path. 
# Set per user paths with pdbedit 
logon drive = H: 
domain logons = Yes 
os level = 35 
preferred master = Yes 
domain master = Yes  
[homes] 
	comment = Home Directories 
	valid users = %S 
	read only = No  
[netlogon] 
	comment = Network Logon Service 
	path = /var/lib/samba/netlogon/scripts 
	browseable = No	 
	read only = No
# For profiles to work, create a user directory under the 
# path shown. mkdir -p /var/lib/samba/profiles/john 
[Profiles] 
	comment = Roaming Profile Share 
	path = /var/lib/samba/profiles 
	read only = No 
	browseable = No 
	guest ok = Yes 
	profile acls = Yes  
# Other resource shares ... ...