[Samba] Provisioning new AD Domain Controller

bd730c5053df9efb bd730c5053df9efb at proton.me
Thu Nov 30 18:28:51 UTC 2023 

I have ran samba as a pdc since the 90's using slackware's stock rc.samba script but once I moved from samba PDC to samba AD DC I created a new script, very similar but what it does is, first and foremost check samba isn't running in a non AD DC configuration started by slackwares standard script and then start /usr/sbin/samba -D instead of /usr/sbin/smbd -D and /usr/sbin/nmbd -D. Here is my complete script

#!/bin/sh
#
# /etc/rc.d/rc.sambaad
#
# Start/stop/restart the Samba SMB active directory domain controller
#
# To make Samba start automatically at boot, make this
# file executable:  chmod 755 /etc/rc.d/rc.sambaad
# and add it to rc.local
#

sambaad_start() {
  if [ -x /etc/rc.d/rc.samba ]; then
    echo "Samba is already running, can not start Samba AD server"
  else
    if [ -x /usr/sbin/samba -a -r /etc/samba/smb.conf ]; then
      mkdir -p /var/run/samba
      echo "Starting Samba AD:  /usr/sbin/samba -D"
      /usr/sbin/samba -D
    elif [ ! -r /etc/samba/smb.conf ]; then
      echo "ERROR:  cannot start Samba since /etc/samba/smb.conf does not exist"
    fi
  fi
}

sambaad_stop() {
  if [ -r /var/run/samba.pid ]; then
    kill -TERM $(cat /var/run/samba.pid)
  fi
}

sambaad_restart() {
  sambaad_stop
  sleep 2
  sambaad_start
}

case "$1" in
'start')
  sambaad_start
  ;;
'stop')
  sambaad_stop
  ;;
'restart')
  sambaad_restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac

Best regards,
Dave.

PS: I'm sending this again just in case because I got a mailer daemon rejection notice.

Sent with Proton Mail secure email.

On Thursday, November 30th, 2023 at 14:44, Mark Foley via samba <samba at lists.samba.org> wrote:


> On Thu, 30 Nov 2023 16:00:54 +0000 Rowland Penny via samba samba at lists.samba.org wrote:
> 
> > On Thu, 30 Nov 2023 14:54:47 +0000
> > bd730c5053df9efb (aka Dave) via samba samba at lists.samba.org wrote:
> > 
> > > Hi!
> > > 
> > > As a slackware user I can confirm slackware's samba package is built
> > > against mit. I'm running several samba AD DC's and have only had to
> > > create a new rc script to start /usr/sbin/samba instead of
> > > slackware's stock samba init script, i never needed to start a kdc
> > > (which by the way slack 15 has a rc.krb5kdc script which you could
> > > set as executable but again, I didn't need to do this to run a DC)
> > 
> > I am aware that Slackware is built again MIT, I know this because I
> > told them (after some testing on my part) that they were supplying an
> > experimental feature without telling anyone (as Fedora is doing). I
> > have no object to anyone using MIT with a Samba DC (it's not my place),
> > but I feel that if this happens, the distro should explain this and
> > advise that perhaps using an experimental DC in production isn't a good
> > idea. It isn't as if they do not know it is experimental, you have to
> > pass '--with-experimental-mit-ad-dc' to './configure'.
> > 
> > I also feel that if the distro does supply Samba DC packages that use
> > MIT, then they should also provide precise details on how to set up the
> > DC, including setting up the KDC.
> > 
> > Rowland
> 
> 
> "It isn't as if they do not know it is experimental". I'm sure that's correct,
> so I wonder why they use that instead of Heimdal.
> 
> Anyway, I copied to /var/lib/samba/private/krb5.conf to /etc/krb5.conf per
> Andrew Bartlett suggestion and fired up Samba again. This time, it started!!! I
> will move forward with the configuration.
> 
> Dave - I have been running a Slackware AD/DC for years (since 2014), but have
> been using Slackware's stock rc.samba startup script. How does yours differ from
> stock?
> 
> I also didn't have to start any separate kerberos process to get samba to run.
> 
> Thanks! --Mark
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list