[Samba] Ubuntu 14.04 as an Active Directory Domain Controller
L.P.H. van Belle
belle at bazuin.nl
Thu Oct 30 02:01:29 MDT 2014
If you use samba on ubuntu, and you want no hassle with programs etc.
Do a minimal install and strip it untill it looks like a Debian server.
Now, your ubuntu is ready for samba. I bet! if you setup like this,
you ubuntu server is about 10-20% faster in responding on console.
Overal server performance increased about 5-10%. Test is your self..
In a few days in up to my setup at home, which is running ubuntu ( because of xbmc )
I'll write a short howto, how to maximize your ubuntu performance.
Ubuntu is imo not a good server os, for that you need debian.
Why is ubuntu scarry, well, you can end up with a not working system, after upgrades.
....
>PS: there is one additional tip from my side. In fact have
>learned this
>the hard way... When ever SSSD is behaving erratic and crazy:
>be sure to
>have a good keytab file. If in doubt, export a fresh one. And be sure
>to completely erase the cache. In fact to make it work on my Raspi
>I had to remove and recreate the /var/lib/sss/db directory - and the
>troubles went away. I have no clue what happened...
....Rest my case.
yesterday i had one also "again" grr... but .. i need ubuntu for my htpc..
mysql crashed, sshd crashed, reinstalled again, but not working anymore... ,
Just out of the blue.. and for this i hate ubuntu..
again here ... I also have no clue what happened...
not hardware failures, nothing in logs, cant even start sshd manualy.. .
So thats just for people to know, ubuntu is build base on "Debian test/Sid" for who does not know.
So becarefull with ubuntu, and make lots of backups.
Louis
>-----Oorspronkelijk bericht-----
>Van: peter at serbe.ch [mailto:samba-bounces at lists.samba.org]
>Namens Peter Serbe
>Verzonden: donderdag 30 oktober 2014 7:37
>Aan: samba at lists.samba.org; eric at knudstrup.org
>Onderwerp: Re: [Samba] Ubuntu 14.04 as an Active Directory
>Domain Controller
>
>> First, give your system a static IP address.
>
>good idea. I think a server never should rely on DHCP anyway.
>
>> I recommend removing the avahi-daemon package. Not terribly sure it
>> conflicts with Samba, but at the very least it sounds like a
>security
>> nightmare.
>
>I had troubles with it, when I named my DNS zone SAMDOM.local. Later I
>was pointed to the fact, that the *.local domain has a special meaning
>when resolving printers and other commodity units. Switching over to
>a different toplevel entity (even *.lokal would be OK)
>resolved the issue.
>
>> Disable dnsmasq by removing or commenting out this line in in
>> /etc/NetworkManager/NetworkManager.conf. This program
>conflicts with
>> the internal Samba DNS server/proxy.
>
>Get rid of NetworkManager. All it can do for You on the server is
>making troubles.
>
>> The order of removing dnsmasq and installing/changing
>everything else is
>> a bit tricky. Try to make sure you have all of the packages
>downloaded
>> you need before disabling dnsmasq but before enabling Samba.
> The system
>> will be without DNS resolution between these two events.
>
>Point resolv.conf to some other DNS while installing Samba.
>Later Samba
>will be the DNS master. I like BIND9_DLZ as I have enough
>experience with
>bind. It is easy to get secondary DNS servers using bind. Just one tip
>here - on my file server, which is also the secondary DNS
>server, I have
>this zone statement:
>
># forward lookup
>zone "internal.serbe.ch" {
> type slave;
> masters { 192.168.1.1;};
> file "/etc/bind/namedb/bak.internal.serbe.ch";
> forwarders{};
>};
>
>The important line is: forwarders{} - this ensures, that my internal
>network DNS is shielded from the default of the external one, which
>runs on the machine of my internet provider.
>
>> I think those are the most important details that have been
>left out of
>> the HOWTO.
>
>The quality of the wiki documentation is massively improved by the
>documentation team over the course of the last six month.
>
>> Also, to me, the daemon/init process is a bit funky and
>convoluted in
>> Ubuntu. It took me a bit of tinkering to make sure that
>everything came
>> up correctly on a reboot.
>
>As a novice Linux user I had my own bag of troubles with this, too.
>I now got two scripts for starting samba as DC and as member server
>on Debian (Jessie). I could publish these, but I fear they are better
>suited as bad examples... Anyway, it might be
>
>> I welcome further refinements. These are just some of my notes :).
>
>You're welcome! ;-)
>Oh, and a big thank You to the documentation team. You have really
>done a great job! I decided to go off Microsoft two years ago, and
>by then the Samba docu was much more cryptic and incomplete than it
>is now.
>
>Best regards
>Peter
>
>
>PS: there is one additional tip from my side. In fact have
>learned this
>the hard way... When ever SSSD is behaving erratic and crazy:
>be sure to
>have a good keytab file. If in doubt, export a fresh one. And be sure
>to completely erase the cache. In fact to make it work on my Raspi
>I had to remove and recreate the /var/lib/sss/db directory - and the
>troubles went away. I have no clue what happened...
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list