[Samba] Ubuntu 14.04 as an Active Directory Domain Controller

L.P.H. van Belle belle at bazuin.nl
Thu Oct 30 02:01:29 MDT 2014 

If you use samba on ubuntu, and you want no hassle with programs etc.

Do a minimal install and strip it untill it looks like a Debian server.

Now, your ubuntu is ready for samba. I bet! if you setup like this, 
you ubuntu server is about 10-20% faster in responding on console. 
Overal server performance increased about 5-10%. Test is your self.. 

In a few days in up to my setup at home, which is running ubuntu ( because of xbmc ) 
I'll write a short howto, how to maximize your ubuntu performance.

Ubuntu is imo not a good server os, for that you need debian.
Why is ubuntu scarry, well, you can end up with a not working system, after upgrades.
....
>PS: there is one additional tip from my side. In fact have 
>learned this 
>the hard way... When ever SSSD is behaving erratic and crazy: 
>be sure to 
>have a good keytab file. If in doubt, export a fresh one. And be sure 
>to completely erase the cache. In fact to make it work on my Raspi 
>I had to remove and recreate the /var/lib/sss/db directory - and the 
>troubles went away.  I have no clue what happened... 
....Rest my case. 

yesterday i had one also "again" grr... but .. i need ubuntu for my htpc.. 
mysql crashed, sshd crashed, reinstalled again, but not working anymore... , 
Just out of the blue.. and for this i hate ubuntu..
again here ... I also have no clue what happened...  
not hardware failures, nothing in logs, cant even start sshd manualy.. .

So thats just for people to know, ubuntu is build base on "Debian test/Sid" for who does not know. 
So becarefull with ubuntu, and make lots of backups.

Louis


>-----Oorspronkelijk bericht-----
>Van: peter at serbe.ch [mailto:samba-bounces at lists.samba.org] 
>Namens Peter Serbe
>Verzonden: donderdag 30 oktober 2014 7:37
>Aan: samba at lists.samba.org; eric at knudstrup.org
>Onderwerp: Re: [Samba] Ubuntu 14.04 as an Active Directory 
>Domain Controller
>
>> First, give your system a static IP address. 
>
>good idea. I think a server never should rely on DHCP anyway. 
>
>> I recommend removing the avahi-daemon package.  Not terribly sure it 
>> conflicts with Samba, but at the very least it sounds like a 
>security 
>> nightmare.  
>
>I had troubles with it, when I named my DNS zone SAMDOM.local. Later I 
>was pointed to the fact, that the *.local domain has a special meaning 
>when resolving printers and other commodity units. Switching over to 
>a different toplevel entity (even *.lokal would be OK) 
>resolved the issue.
>
>> Disable dnsmasq by removing or commenting out this line in in 
>> /etc/NetworkManager/NetworkManager.conf.  This program 
>conflicts with 
>> the internal Samba DNS server/proxy.
>
>Get rid of NetworkManager. All it can do for You on the server is 
>making troubles.
>
>> The order of removing dnsmasq and installing/changing 
>everything else is 
>> a bit tricky.  Try to make sure you have all of the packages 
>downloaded 
>> you need before disabling dnsmasq but before enabling Samba. 
> The system 
>> will be without DNS resolution between these two events.
>
>Point resolv.conf to some other DNS while installing Samba. 
>Later Samba 
>will be the DNS master. I like BIND9_DLZ as I have enough 
>experience with 
>bind. It is easy to get secondary DNS servers using bind. Just one tip 
>here - on my file server, which is also the secondary DNS 
>server, I have 
>this zone statement:
>
># forward lookup
>zone "internal.serbe.ch" {
>        type slave;
>        masters { 192.168.1.1;};
>        file "/etc/bind/namedb/bak.internal.serbe.ch";
>        forwarders{};
>};
>
>The important line is: forwarders{} - this ensures, that my internal 
>network DNS is shielded from the default of the external one, which 
>runs on the machine of my internet provider. 
>
>> I think those are the most important details that have been 
>left out of 
>> the HOWTO.
>
>The quality of the wiki documentation is massively improved by the 
>documentation team over the course of the last six month. 
>
>> Also, to me, the daemon/init process is a bit funky and 
>convoluted in 
>> Ubuntu.  It took me a bit of tinkering to make sure that 
>everything came 
>> up correctly on a reboot.
>
>As a novice Linux user I had my own bag of troubles with this, too. 
>I now got two scripts for starting samba as DC and as member server 
>on Debian (Jessie). I could publish these, but I fear they are better 
>suited as bad examples... Anyway, it might be 
>
>> I welcome further refinements.  These are just some of my notes :).
>
>You're welcome! ;-) 
>Oh, and a big thank You to the documentation team. You have really 
>done a great job! I decided to go off Microsoft two years ago, and 
>by then the Samba docu was much more cryptic and incomplete than it 
>is now. 
>
>Best regards
>Peter
>
>
>PS: there is one additional tip from my side. In fact have 
>learned this 
>the hard way... When ever SSSD is behaving erratic and crazy: 
>be sure to 
>have a good keytab file. If in doubt, export a fresh one. And be sure 
>to completely erase the cache. In fact to make it work on my Raspi 
>I had to remove and recreate the /var/lib/sss/db directory - and the 
>troubles went away. I have no clue what happened... 
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list