Report - Samba Install Version 4.0.0alpa15-GIT-8aae59a
Neil Squires
neil at squires.id.au
Fri May 6 22:29:32 MDT 2011
Report on success/failure of installation of 4.0.0alpa15-GIT-8aae59a
onto FC14.
I followed the SAMBA4 How to guide at
https://wiki.samba.org/index.php/Samba4/HOWTO.
Step 1. No problems.
Step 2. ./configure.developer ran fine. The make also ran fine with a
number of compiler warnings about types. The make quicktest would fail
with 31 errors. After research I removed the abrt-addon-python package
and then the make quicktest passed.
Step 3. No problems
Step 4. Provisioned ok
Step 5. At this point I had to modify my system path. I added the
/usr/local/samba/bin and usr/local/samba/sbin. Samba started ok and I
googled an init script.
Step 6. Tested smblient ok. I did get the error REWRITE: list servers
not implemented.
Step 7. Added a share to the server that pointed to an existing
directory. Connected and when I did an ls, there were no files present.
I put this aside at this point as I had not done any testing on the file
system support. I was however able to create a file in the netlogon
directory and list it.
Step 8. I configured the DNS, not as per the steps as I already had a
secure DDNS running using the DHCP, Bind and TSIG keys. The DNS server
was my primary for my domain and I had both forward and reverse updates
working.
I first added the include as per the instructions and then
named-checkzone would fail. I first changed the entry for the gc._msdcs
from an A to a CNAME as the checkzone would fail with a bad name error.
The correct fix is to add the line " check-names master warn;" in the
options section of the /etc/named.conf. While the _ is a valid
character, bind now defaults the option to check-names master error.
This causes an error and bind will not load a domain with an _ in a A
entry.
The samba zone file has only one A entry with an underscore. All others
are CNAME or SRV entries.
As the generated named.conf file contained other information repeated in
my current domain zone file, I cut and pasted the samba specific
information into the existing zone file. I have the include line for the
update policy /usr/local/samba/private/named.conf.update commented out
as I have been using the allow-update to control the secure updates
rather than the update-policy. I will be modifying this in the next few
days to use the update-policy.
As I run selinux, I needed to make an number of permission changes to
the samba files. I also needed to chown named.named
/usr/local/samba/private/dns.keytab. I added the security label
named_conf_t to the file as well. During my fault finding I also changed
the context of the /usr/local/samba/private/named.conf,
/usr/local/samba/private/named.conf.update and added the context
samba_var_t.
Currently my DNS updates are still being done by the dhcp server and my
dynamic update.
The DNS server now works, less the samba updates.
Step 9. I modified the existing krb5.conf file rather than using the
generated one. The existing file had a few more lines.
Generated file /usr/local/samba/private/krb5.conf
[libdefaults]
default_realm = SQUIRES.ID.AU
dns_lookup_realm = false
dns_lookup_kdc = true
Final /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = SQUIRES.ID.AU
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
SQUIRES.ID.AU = {
kdc = sensi.squires.id.au
admin_server = sensi.squires.id.au
}
[domain_realm]
.squires.id.au = SQUIRES.ID.AU
squires.id.au = SQUIRES.ID.AU
The kerberos tests all passed.
Step 10. I added all the environment variables and tkey options in the
/etc/named.conf. This part is not working at the moment due to the
update-policy issue mentioned above.
The file system is ext4 and all the file system tests passed.
At this point I added my windows 7 workstation to the domain. It joined
the domain successfully.
Following the steps in the howto, I added the RSAT tools to the
workstation. I also migrated my local user account to the domain using
the migrate account tool using the MoveUser vb script by Rob Greene and
Ron Williams. One point to note, you need to run the script as a Domain
Admin to migrate the account.
Using the RSAT tools I was able to update user details, add users,
groups, sites, subnets. I was unable to move my DC from the
Default-First-Site_Name to my created site. The server errors saying
that the server is unwilling to process the request.
Update to be posted when I have completed the DNS integration.
Hope this helps.
More information about the samba-technical
mailing list