[Samba] Ubuntu 14.04 as an Active Directory Domain Controller
Peter Serbe
peter at serbe.ch
Thu Oct 30 00:36:46 MDT 2014
> First, give your system a static IP address.
good idea. I think a server never should rely on DHCP anyway.
> I recommend removing the avahi-daemon package. Not terribly sure it
> conflicts with Samba, but at the very least it sounds like a security
> nightmare.
I had troubles with it, when I named my DNS zone SAMDOM.local. Later I
was pointed to the fact, that the *.local domain has a special meaning
when resolving printers and other commodity units. Switching over to
a different toplevel entity (even *.lokal would be OK) resolved the issue.
> Disable dnsmasq by removing or commenting out this line in in
> /etc/NetworkManager/NetworkManager.conf. This program conflicts with
> the internal Samba DNS server/proxy.
Get rid of NetworkManager. All it can do for You on the server is
making troubles.
> The order of removing dnsmasq and installing/changing everything else is
> a bit tricky. Try to make sure you have all of the packages downloaded
> you need before disabling dnsmasq but before enabling Samba. The system
> will be without DNS resolution between these two events.
Point resolv.conf to some other DNS while installing Samba. Later Samba
will be the DNS master. I like BIND9_DLZ as I have enough experience with
bind. It is easy to get secondary DNS servers using bind. Just one tip
here - on my file server, which is also the secondary DNS server, I have
this zone statement:
# forward lookup
zone "internal.serbe.ch" {
type slave;
masters { 192.168.1.1;};
file "/etc/bind/namedb/bak.internal.serbe.ch";
forwarders{};
};
The important line is: forwarders{} - this ensures, that my internal
network DNS is shielded from the default of the external one, which
runs on the machine of my internet provider.
> I think those are the most important details that have been left out of
> the HOWTO.
The quality of the wiki documentation is massively improved by the
documentation team over the course of the last six month.
> Also, to me, the daemon/init process is a bit funky and convoluted in
> Ubuntu. It took me a bit of tinkering to make sure that everything came
> up correctly on a reboot.
As a novice Linux user I had my own bag of troubles with this, too.
I now got two scripts for starting samba as DC and as member server
on Debian (Jessie). I could publish these, but I fear they are better
suited as bad examples... Anyway, it might be
> I welcome further refinements. These are just some of my notes :).
You're welcome! ;-)
Oh, and a big thank You to the documentation team. You have really
done a great job! I decided to go off Microsoft two years ago, and
by then the Samba docu was much more cryptic and incomplete than it
is now.
Best regards
Peter
PS: there is one additional tip from my side. In fact have learned this
the hard way... When ever SSSD is behaving erratic and crazy: be sure to
have a good keytab file. If in doubt, export a fresh one. And be sure
to completely erase the cache. In fact to make it work on my Raspi
I had to remove and recreate the /var/lib/sss/db directory - and the
troubles went away. I have no clue what happened...
More information about the samba
mailing list