[Samba] samba member file server failer

[Rowland Penny]

On 10/06/15 03:26, David Bear wrote:
> I have setup samba 4.2.x as an AD DC in a linux container. This is an
> privileged container. I am using the brdging interface and have bound samba
> to the specific interface I want.
>
> As an ADDC it is working great.
>
> Now I go to the linux host, and created a samba 4.2 file server. I was able
> to join it to the domain. I followed the member server instructions at
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server .
>
> There were a couple of things that were confusing. Since I am installing an
> an ubuntu 14 LTS server I followed the debian side of the instructions.
>
> Instructions for starting the daemons are given at
> https://wiki.samba.org/index.php/Samba4/InitScript.  Towards the end of the
> wiki we were given instructions for both an init.d script and an upstart
> configuration file. I have grabbed the init.d/ script, made the
> modfications to point things to /usr/local/samba installation -- and when I
> run it, nothing happens.. So I start samba using sbin/samba and the deamons
> start.
>
> However at the tail end of my log file I see
>
> [2015/06/09 19:22:16.752250,  0]
> ../source4/smbd/server.c:475(binary_smbd_main)
>    At this time the 'samba' binary should only be used for either:
>    'server role = active directory domain controller' or to access the ntvfs
> file server with 'server services = +smb' or the rpc proxy with 'dcerpc
> endpoint servers = remote'
>    You should start smbd/nmbd/winbindd instead for domain member and
> standalone file server tasks
> [2015/06/09 19:22:16.752314,  0]
> ../lib/util/become_daemon.c:111(exit_daemon)
>    STATUS=daemon failed to start: Samba detected misconfigured 'server role'
> and exited. Check logs for details, error code 22
>
> since I followed the member server how to -- I am wondering if something
> there is left out?
>
> Here's my smb.conf
>
> /usr/local/samba# less etc/smb.conf
> [global]
>
> netbios name = srv1
> workgroup = INTERNAL
> security = ADS
> realm = INTNERAL.XCITY.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config IN:backend = ad
> idmap config IN:schema_mode = rfc2307
> idmap config IN:range = 10000-99999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
>
> bind interfaces only = yes
> interfaces = em1
> log level = 5
> log file = /usr/local/samba/var/log.%m
>
>
> ----
> which matches the how to.
>
> So there seems to be something missing from the how to .
>
> Any suggestions ?
> Also the %m macro expansion fails for the log file. It actually calls the
> log vile %m...

Nope, there is nothing missing from the member server howto, it tells 
you what samba processes to start, (smbd, nmbd and winbind). You should 
only start the samba process on an AD DC.

The problem seems to be that the wiki init script page only seems to 
have a script to start smbd & nmbd (it's at the bottom of the page) and 
there isn't one for winbind.

The easiest way to get the required init scripts is to download the 
samba package with 'apt-get download samba', unpack it (the easiest way 
is to browse to the deb and right click it and select 'Extract here'). 
Now browse into the directory that will be created 
~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d
You should find 4 files, you want 3 of them, the one you don't want is 
'samba-ad-dc'
Open each of the required files in your favourite editor and change the 
paths to point to your samba binaries, save the file and then move it to 
/etc/init.d/

Rowland