[Samba] Samba documentation feedback: installation guide for AD join
Jochen Wezel - CompuMaster GmbH
jwezel at compumaster.de
Mon Mar 24 09:12:10 MDT 2014
Hello together,
> * Report your success/failure!
> * Samba4 as a replicating domain controller is still developing rapidly, and we
> like to hear from users about their successes and failures. While Samba4 is
> still in rc state we would encourage you to report both your successes and
> failures to the samba-technical mailing list on http://lists.samba.org
> * Please be aware that Samba4 is not complete, so you should deploy it
> carefully until it is ready for production.
as requested at website, please find my experiences and additions to the install & setup process:
my major aim: join Samba to an existing Windows-based domain with 2 x Win2008R2 server
====== my machine: srvf01 ======
===== Environment =====
* Linux Ubuntu 13.11
* Virtual Machine at Hyper-V 2012
===== Roles =====
* FileServer
* DC
* http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#deployment_considerations_for_virtualized_domain_controllers
* Storage Integrity: "To guarantee the durability of Active Directory writes, the Active Directory database, logs, and SYSVOL must be placed on a virtual SCSI disk. Virtual SCSI disks support Forced Unit Access (FUA). FUA ensures that the operating system writes and reads data directly from the media bypassing any and all caching mechanisms"
* **TODO** DFS
===== Installation packages =====
* OpenSSH
* Samba 4.1.6
==== Samba-Installation & Config & AD-Join als DC ====
* ACL support required for working, sensefull installation: apt-get install libacl1-dev
* possibly helpful/sensefull for providing print server features (maybe not all of them): apt-get install build-essential libacl1-dev python-dev libldap2-dev pkg-config gdb libgnutls-dev libblkid-dev libreadline-dev libattr1-dev python-dnspython libpopt-dev libbsd-dev attr docbook-xsl libcups2-dev
* see http://nramkumar.org/tech/blog/2014/02/04/installing-samba-4-1-4-on-ubuntu-12-04/
* Check-Install Result:<code>**********************************************************************
Done. The new package has been installed and saved to
/home/administrator/samba-4.1.6/samba-4.1.6_4.1.6-1_amd64.deb
You can remove it from your system anytime using:
dpkg -r samba-4.1.6
**********************************************************************</code>
* Init-Script: wget -O /etc/init/samba-ad-dc.conf http://anonscm.debian.org/gitweb/?p=pkg-samba/samba.git;a=blob_plain;f=debian/samba-ad-dc.upstart;hb=HEAD
* Service-Controller-Script at /etc/init.d/samba with chmod 755 from https://wiki.samba.org/index.php/Samba4/InitScript
* replaced by following script, which works with Samba-Directory-Role-Mode (without NetBIOS daemon)<code>#!/bin/sh
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Should-Start: slapd
# Should-Stop: slapd
# Short-Description: start Samba daemons (nmbd and smbd)
### END INIT INFO
# Description of this script:
#
# This script comes initially from a Debian Squeeze machine on
# which samba 3.x was installed with "apt-get install samba". The script
# was modified/adjusted so it points to the correct paths of a default
# samba4 installation (/usr/local/samba).
#
# Installation instructions:
# (1) copy the content of this script into your clipboard or download it
# (2) save the content into /etc/init.d/samba of your samba4 host.
# (3) execute "chmod +x /etc/init.d/samba" to have the script executable
# (4) execute "update-rc.d samba defaults" to install auto-start function.
# smbd+nmbd will automatically being started after earch system start/reboot
#
# Modified by local@#samba~irc.freenode.net at 06th March 2013
# The script was successfully tested on Debian GNU/Linux Squeeze+Wheezy
# Defaults
RUN_MODE="daemons"
# Reads config file (will override defaults above)
[ -r /etc/default/samba ] && . /etc/default/samba
PIDDIR=/usr/local/samba/var/run
NMBDPID=$PIDDIR/nmbd.pid
SMBDPID=$PIDDIR/smbd.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
#test -x /usr/local/samba/sbin/nmbd -a -x /usr/local/samba/sbin/smbd || exit 0
test -x /usr/local/samba/sbin/smbd || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba daemons"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
# NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
# if [ "$NMBD_DISABLED" != 'Yes' ]; then
# log_progress_msg "nmbd"
# if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/nmbd -- -D
# then
# log_end_msg 1
# exit 1
# fi
# fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
# if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/smbd -- -D; then
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
log_end_msg 1
exit 1
fi
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba daemons"
# log_progress_msg "nmbd"
#
# start-stop-daemon --stop --quiet --pidfile $NMBDPID
# # Wait a little and remove stale PID file
# sleep 1
# if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
# then
# # Stale PID file (nmbd was succesfully stopped),
# # remove it (should be removed by nmbd itself IMHO.)
# rm -f $NMBDPID
# fi
if [ "$RUN_MODE" != "inetd" ]; then
log_progress_msg "smbd"
start-stop-daemon --stop --quiet --pidfile $SMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by smbd itself IMHO.)
rm -f $SMBDPID
fi
fi
log_end_msg 0
;;
reload)
log_daemon_msg "Reloading /usr/local/samba/etc/smb.conf" "smbd only"
start-stop-daemon --stop --signal HUP --pidfile $SMBDPID
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
status)
status="0"
# NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
# if [ "$NMBD_DISABLED" != "Yes" ]; then
# status_of_proc -p $NMBDPID /usr/local/samba/sbin/nmbd nmbd || status=$?
# fi
if [ "$RUN_MODE" != "inetd" ]; then
status_of_proc -p $SMBDPID /usr/local/samba/sbin/smbd smbd || status=$?
fi
# if [ "$NMBD_DISABLED" = "Yes" -a "$RUN_MODE" = "inetd" ]; then
# status="4"
# fi
exit $status
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
exit 0</code> ATTENTION: if smbd fails to start e.g. because of a missing directory for a DFS share, smbd is stopped immediately after "service samba start" without error message! There should be an additional check after starting smbd if the process is still alive (service samba status shows the status correctly))
* http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
* apt-get install krb5-user
* samba-tool domain join my.domain.com DC -Uadministrator --realm=my.domain.com
* Manually create DC-DNS-Records: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Check_required_DNS_entries_of_the_new_host
* Copy files from WinDC-SYSVOL to Linux-DC-SYSVOL
* Add SYSVOL access control list from Windows-DC-SYSVOL using Win-Cmd.exe: <code>xcopy /g /c /h /r /o /x /y /s /e /t \\win-dc\sysvol\*.* \\samba-dc\sysvol\</code>
* Setup RSync or similar **TODO** http://wiki.samba.org/index.php/SysVol_Replication
* DNS-Server settings
* DNS-SubZones check: entries for DCs - incl. Subzones for location sites
* DNS-NameServer check for zone of domain: are all entries there?
* **TODO** Zone my.domain.com should be replicated to all DCs (defined by setting) - but it doesn't happen currently - is there a missing link to the new Samba-DC-Server? (ATTENTION: it can't be switched from only-DC-DNS-Server(Win2000-compatibility) to all-DNS-Server-of-the-domain, because there are still Win2000 machines) (HINT: other DNS zones with integration into active directory work as expected since these zones are being replicated to every DNS server in the domain (not only DCs))
* **TODO** setup DHCP-Server with linux
* siehe auch https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/DNSDHCP.html#DHCP
* Aim: grant and save dynamic DNS updates by clients
===== DFS =====
**TODO**
Current status: DFS share from current setup in domain hasn't been created
Manual creation of DFS share required and done - but yet no chance to
* create DFS links automated from DFS-N data in zone
* create DFS links manually which work for Win clients (at least Win8.1)
DFS-R service not available at Samba nor an rsync setup tool nor an automatically configured rsync or similar
==== DFS specifications & resources ====
* DFS-N (=DFS-Share) vs. DFS-R (=Replikation service): http://www.firstattribute.com/de/active-directory/know-how/distributed-file-system-(dfs)/
* LDAP-Query to access data of DFS: CN=Dfs-Configuration,CN=System,DC=my,DC=domain,DC=com, column [pKT] (BLOB)
* Schema-Spezifikation [MS-ADA3] für column [pKT]: http://msdn.microsoft.com/en-us/library/cc220699.aspx (Attention: MS patents), http://msdn.microsoft.com/en-us/library/cc227145.aspx
* Samba DFS setup: http://www.eisfair.org/fileadmin/eisfair/doc/node60.html
* Samba Print-Server-setup: http://www.eisfair.org/fileadmin/eisfair/doc/node60.html
Regards
Jochen
More information about the samba
mailing list