[Samba] Question Wiki Setup a Samba Active Directory Domain Controller

Rowland Penny rowlandpenny241155 at gmail.com
Mon Oct 5 08:58:41 UTC 2015 

On 05/10/15 00:00, oeh univie edv lists wrote:
> Hi again,
>
> I refer to
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_your_Samba_Domain_Controller
>
> Thank you for this great wiki! I run all the tests and everything looks
> perfect!
>
> I encounter just a little difference here. Actually I thought that there
> should be no Master and Workgroup for a AD DC. (as given in the wiki and
> in Stefan Kania's book "Samba 4)

You are correct, there is no master in an AD domain, but you still need 
the workgroup name. I cannot speak for the book having never read it, 
but there are several problems with the conf files on the website you 
provided earlier. I would suggest that you stick with the Samba wiki and 
asking questions here :-)

>
> Why is it at my installation (Debian 8.2., Samba 4.1.17)?... ow, and after
> I restarted the computer samba, nmbd and smbd were running.... I didn't
> install any start script. I thought nmbd is not needed on AD DC, is it?
> I'd also prefer a setup where my windows client will not be able to browse
> the AD DC.

If you have both the samba and nmbd daemons running, then you have 
something wrong, the samba daemon has its own nmbd built in.
If you installed via apt-get, you would probably get nmbd installed in 
/usr/sbin. You need to stop nmbd being started on boot, but just how you 
would this, I do not know because you are using Jessie that uses systemd.

Rowland

>> smbclient -L localhost -U%								
> Domain=[BLA] OS=[Unix] Server=[Samba 4.1.17-Debian]
>
>          Sharename       Type      Comment
>          ---------       ----      -------
>          netlogon        Disk
>          sysvol          Disk
>          IPC$            IPC       IPC Service (Samba 4.1.17-Debian)
> Domain=[BLA] OS=[Unix] Server=[Samba 4.1.17-Debian]
>
>          Server               Comment
>          ---------            -------
>
>          Workgroup            Master
>          ---------            -------
>          WORKGROUP            MYHOSTNAME
>
> cat /etc/samba/smb.conf
> # Global parameters
> [global]
>          workgroup = BLA
>          realm = AD.BLA.AT
>          netbios name = MYHOSTNAME
>          server role = active directory domain controller
>          dns forwarder = my dns IP
>          idmap_ldb:use rfc2307 = yes
>
> [netlogon]
>          path = /var/lib/samba/sysvol/ad.bla.at/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> Actually this mailing list keeps me alive. As I cannot give you anything
> back at the moment (still DAU knowledge status here), is it possible to
> donate a little money? If appreciated, send a link or howto.
>
> kind regards, birgit
>

More information about the samba mailing list