[Samba] samba member file server failer

David Bear dwbear75 at gmail.com
Sun Jun 14 22:09:49 MDT 2015 

I am aware of sssd -- but I assumed I had to use the sssd package which was
a complete compile. I wasn't sure all the additions sssd made so I thought
I would understand things better if I compiled from scratch.

I don't know what nslcd is --

My goal is to provide ONLY file servers for samba ADDC authenticated users.
I assmed winbind was the shortest route to that.

On Thu, Jun 11, 2015 at 1:29 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

>  On 10/06/15 22:08, David Bear wrote:
>
> I think winbind is required for file service isn't it?
>
> On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>>  On 10/06/15 21:15, David Bear wrote:
>>
>> Thanks Rowland -- will attempt to pull the startup script from the deb
>> package.
>>
>>  Just to clarify, When starting samba as an AD DC, we use the
>> samba-ad-dc  script, when starting samba as a file server only, we need a
>> script that only starts smbd, nmbd, and winbind.  ?
>>
>>
>>  Basically yes, but on Debian the script called  samba will start the AD
>> DC by running the samba-ad-dc script, or it will run the two scripts called
>> smbd and nmbd to start a member server. I would suggest that you just use
>> the smbd & nmbd scripts, you will also need the winbind script from the
>> winbind package if you intend to use winbind.
>>
>> Rowland
>>
>>
>>
>>
>> On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>
>>>  On 10/06/15 03:26, David Bear wrote:
>>>
>>>> I have setup samba 4.2.x as an AD DC in a linux container. This is an
>>>> privileged container. I am using the brdging interface and have bound
>>>> samba
>>>> to the specific interface I want.
>>>>
>>>> As an ADDC it is working great.
>>>>
>>>> Now I go to the linux host, and created a samba 4.2 file server. I was
>>>> able
>>>> to join it to the domain. I followed the member server instructions at
>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server .
>>>>
>>>> There were a couple of things that were confusing. Since I am
>>>> installing an
>>>> an ubuntu 14 LTS server I followed the debian side of the instructions.
>>>>
>>>> Instructions for starting the daemons are given at
>>>> https://wiki.samba.org/index.php/Samba4/InitScript.  Towards the end
>>>> of the
>>>> wiki we were given instructions for both an init.d script and an upstart
>>>> configuration file. I have grabbed the init.d/ script, made the
>>>> modfications to point things to /usr/local/samba installation -- and
>>>> when I
>>>> run it, nothing happens.. So I start samba using sbin/samba and the
>>>> deamons
>>>> start.
>>>>
>>>> However at the tail end of my log file I see
>>>>
>>>> [2015/06/09 19:22:16.752250,  0]
>>>> ../source4/smbd/server.c:475(binary_smbd_main)
>>>>    At this time the 'samba' binary should only be used for either:
>>>>    'server role = active directory domain controller' or to access the
>>>> ntvfs
>>>> file server with 'server services = +smb' or the rpc proxy with 'dcerpc
>>>> endpoint servers = remote'
>>>>    You should start smbd/nmbd/winbindd instead for domain member and
>>>> standalone file server tasks
>>>> [2015/06/09 19:22:16.752314,  0]
>>>> ../lib/util/become_daemon.c:111(exit_daemon)
>>>>    STATUS=daemon failed to start: Samba detected misconfigured 'server
>>>> role'
>>>> and exited. Check logs for details, error code 22
>>>>
>>>> since I followed the member server how to -- I am wondering if something
>>>> there is left out?
>>>>
>>>> Here's my smb.conf
>>>>
>>>> /usr/local/samba# less etc/smb.conf
>>>> [global]
>>>>
>>>> netbios name = srv1
>>>> workgroup = INTERNAL
>>>> security = ADS
>>>> realm = INTNERAL.XCITY.COM
>>>> dedicated keytab file = /etc/krb5.keytab
>>>> kerberos method = secrets and keytab
>>>>
>>>> idmap config *:backend = tdb
>>>> idmap config *:range = 2000-9999
>>>> idmap config IN:backend = ad
>>>> idmap config IN:schema_mode = rfc2307
>>>> idmap config IN:range = 10000-99999
>>>>
>>>> winbind nss info = rfc2307
>>>> winbind trusted domains only = no
>>>> winbind use default domain = yes
>>>> winbind enum users = yes
>>>> winbind enum groups = yes
>>>> winbind refresh tickets = yes
>>>>
>>>> bind interfaces only = yes
>>>> interfaces = em1
>>>> log level = 5
>>>> log file = /usr/local/samba/var/log.%m
>>>>
>>>>
>>>> ----
>>>> which matches the how to.
>>>>
>>>> So there seems to be something missing from the how to .
>>>>
>>>> Any suggestions ?
>>>> Also the %m macro expansion fails for the log file. It actually calls
>>>> the
>>>> log vile %m...
>>>>
>>>
>>>  Nope, there is nothing missing from the member server howto, it tells
>>> you what samba processes to start, (smbd, nmbd and winbind). You should
>>> only start the samba process on an AD DC.
>>>
>>> The problem seems to be that the wiki init script page only seems to
>>> have a script to start smbd & nmbd (it's at the bottom of the page) and
>>> there isn't one for winbind.
>>>
>>> The easiest way to get the required init scripts is to download the
>>> samba package with 'apt-get download samba', unpack it (the easiest way is
>>> to browse to the deb and right click it and select 'Extract here'). Now
>>> browse into the directory that will be created
>>> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d
>>> You should find 4 files, you want 3 of them, the one you don't want is
>>> 'samba-ad-dc'
>>> Open each of the required files in your favourite editor and change the
>>> paths to point to your samba binaries, save the file and then move it to
>>> /etc/init.d/
>>>
>>> Rowland
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>
>>  --
>>  David Bear
>> mobile: (602) 903-6476
>>
>>
>>
>>
>
>
>  --
>  David Bear
> mobile: (602) 903-6476
>
>
>
> Yes, but you could use nslcd or sssd.
>
> Rowland
>



-- 
David Bear
mobile: (602) 903-6476

More information about the samba mailing list