[Samba] Joining Windows 10 Domain Member to Samba AD/DC

[Mark Foley]

Luis,

I had mentioned that I first provisioned a Samba4 DC 10 years ago when migrating from Windows Small Business Server. At that time I did try, Zental and Debian before Slackware. Back then Debian did not work well. I had to install lots of additional packages and things like Microsoft Update and Remote Desktop just wouldn't work. I spent months trying various things.

I started over with Slackware which was, and is, a very basic no frills Linux distribution. That worked right out of the box, no problems. And, I was able to provision with the BIND9_FLATFILE back end which let me migrate from my existing bind/named config rather painlessly. So, I was pretty happy with Slackware.

The only issue then, as now, is that ntpd wasn't built with --enable-ntp-signd, but I was able to build ntpd from sources with that option and everything ran fine for the next 10 years with subsequent kernel and samba updates.

Since then I've simply continued to use Slackware as I'm familiar with it and I don't feel like investing time in converting everything to systemd. Likewise I use Sendmail not Postfix and don't want to mess with seeing how my extensive milters would work (Slackware now ships with Postfix, but I can "blacklist" those updates). Slackware also has an easier way for updating programs, kernels and configs/startscrpts than Debian -- at least that used to be true.

Bottom line is that I'm familiar with Slackware and it works. I'll leave it to my successor to change distros.

This time, Slackware took no longer to install the Samba DC. Your 20 minute ball-park is probably longer than reality. All is needed is to run the samba-tool provision and done! I'm sure, just like on Debian.

My weeks-long problem was ntpd. I knew about that from my 10-years-ago install of Samba and I thought I had built it this time with --enable-ntp-signd, more than once. But, something obviously messed up, probably user error. Your suggestion to use tcpdump was what showed me definitively that my ntpd was not doing ntp-signd.

I am going to post something to linuxquestions.org (which is where the Slackware distro maintainers look for issues) to advise them to please build ntpd AND chrony with ntp-signd support in the future. There's no reason not to as it doesn't hurt anything to have that enabled.

Thanks for you help.

--Mark

On Sun Feb 11 02:06:52 2024 Luis Peromarta via samba <samba at lists.samba.org> wrote:

Congratulations. Happy to hear you got it running.

Just out of curiosity and apologies if this has been answered before, but why Slack and not Debian when general consensus is Debian is great for Samba ? Building a Samba AD on Debian is painless and takes 20m from start to finish.

Anyway, glad you sort it. LP.

On 11 Feb 2024 at 05:11 +0100, Mark Foley <mfoley at novatec-inc.com>, wrote:
>
> YAAAAAAAY! Finally! I have my Windows domain members syncing with the DC!!!