Report - Samba Install Version 4.0.0alpa15-GIT-8aae59a

Neil Squires neil at
Fri May 6 22:29:32 MDT 2011

Report on success/failure of installation of 4.0.0alpa15-GIT-8aae59a 
onto FC14.

I followed the SAMBA4 How to guide at

Step 1. No problems.
Step 2. ./configure.developer ran fine. The make also ran fine with a 
number of compiler warnings about types. The make quicktest would fail 
with 31 errors. After research I removed the abrt-addon-python package 
and then the make quicktest passed.
Step 3. No problems
Step 4. Provisioned ok
Step 5. At this point I had to modify my system path. I added the 
/usr/local/samba/bin and usr/local/samba/sbin. Samba started ok and I 
googled an init script.
Step 6. Tested smblient ok. I did get the error REWRITE: list servers 
not implemented.
Step 7. Added a share to the server that pointed to an existing 
directory. Connected and when I did an ls, there were no files present. 
I put this aside at this point as I had not done any testing on the file 
system support. I was however able to create a file in the netlogon 
directory and list it.
Step 8. I configured the DNS, not as per the steps as I already had a 
secure DDNS running using the DHCP, Bind and TSIG keys. The DNS server 
was my primary for my domain and I had both forward and reverse updates 
I first added the include as per the instructions and then 
named-checkzone would fail. I first changed the entry for the gc._msdcs 
from an A to a CNAME as the checkzone would fail with a bad name error. 
The correct fix is to add the line " check-names master warn;" in the 
options section of the /etc/named.conf. While the _ is a valid 
character, bind now defaults the option to check-names master error. 
This causes an error and bind will not load a domain with an _ in a A 

The samba zone file has only one A entry with an underscore. All others 
are CNAME or SRV entries.

As the generated named.conf file contained other information repeated in 
my current domain zone file, I cut and pasted the samba specific 
information into the existing zone file. I have the include line for the 
update policy /usr/local/samba/private/named.conf.update commented out 
as I have been using the allow-update to control the secure updates 
rather than the update-policy. I will be modifying this in the next few 
days to use the update-policy.

As I run selinux, I needed to make an number of permission changes to 
the samba files. I also needed to chown named.named 
/usr/local/samba/private/dns.keytab. I added the security label 
named_conf_t to the file as well. During my fault finding I also changed 
the context of the /usr/local/samba/private/named.conf, 
/usr/local/samba/private/named.conf.update and added the context 

Currently my DNS updates are still being done by the dhcp server and my 
dynamic update.

The DNS server now works, less the samba updates.

Step 9. I modified the existing krb5.conf file rather than using the 
generated one. The existing file had a few more lines.

Generated file  /usr/local/samba/private/krb5.conf

         default_realm = SQUIRES.ID.AU
         dns_lookup_realm = false
         dns_lookup_kdc = true

Final /etc/krb5.conf

  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log

  default_realm = SQUIRES.ID.AU
  dns_lookup_realm = false
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true

   kdc =
   admin_server =

[domain_realm] = SQUIRES.ID.AU = SQUIRES.ID.AU

The kerberos tests all passed.

Step 10. I added all the environment variables and tkey options in the 
/etc/named.conf. This part is not working at the moment due to the 
update-policy issue mentioned above.

The file system is ext4 and all the file system tests passed.

At this point I added my windows 7 workstation to the domain. It joined 
the domain successfully.

Following the steps in the howto, I added the RSAT tools to the 
workstation. I also migrated my local user account to the domain using 
the migrate account tool using the MoveUser vb script by Rob Greene and 
Ron Williams. One point to note, you need to run the script as a Domain 
Admin to migrate the account.

Using the RSAT tools I was able to update user details, add users, 
groups, sites, subnets. I was unable to move my DC from the 
Default-First-Site_Name to my created site. The server errors saying 
that the server is unwilling to process the request.

Update to be posted when I have completed the DNS integration.

Hope this helps.

More information about the samba-technical mailing list