[Samba] AD order of installation
Mark Foley
mfoley at ohprs.org
Fri Sep 4 16:27:28 UTC 2015
To expand a bit on my boot order ... I start things as follows (as determined
by months of trial and error):
Normal OS boot scripts including starting network
/usr/sbin/netdate tcp 128.138.141.172
Start the samba4 Domain Controller (before bind/dhcpd)
Start the BIND name server daemon, Do after samba
Start dhcpd, do after Bind
Start ntpd, after DNS is running
Start mail servers (Dovecot, Sendmail ...)
The steps after "Normal OS boot scripts" have been moved to or added to rc.local
(Slackware) so they run after everything else, boot-wise.
I'm using BIND9_FLATFILE and it seems that Samba should be running first.
I have some kind of issue with my hardware clock in that it always seems to come
up 6 hours off from the local time. I haven't been able to track that down yet,
but as this box is the AD/DC I really need time correct as soon at it boots --
for example the ntpd client hosts and workstations have gotten the incorrect
time; bad for cron jobs. So, I have a bit of a cheat in there before DNS/ntpd
gets going: netdate. Yeah, I'm sure I'll hear about that, but it works.
--Mark
-----Original Message-----
> To: Mark Foley <mfoley at ohprs.org>, samba at lists.samba.org
> From: Robert Moskowitz <rgm at htt-consult.com>
> Date: Fri, 4 Sep 2015 12:00:48 -0400
> Subject: Re: [Samba] AD order of installation
>
>
>
> On 09/04/2015 11:47 AM, Mark Foley wrote:
> > Unless you are specifying by IP, NTP isn't going to resolve with e.g.
> > 0.pool.ntp.org if you don't have DNS running. Personal Experience.
>
> Good point. As I run on an armv7 with no battery rtc, I have to get
> time sync going before doing practically anything. It much depends on
> how your system resolves before local DNS is running. Typically
> resolving works, or how would you get all the rpms or such installed
> before configuring them?
>
> > If you're using Samba's builtin DNS (I don't), then seems to me NTP should be
> > last on your list.
>
> Wiki says to have ntp for kerberos. So I think it needs to come before
> that.
>
> > Of course, ntp can temporarily resolve using /etc/resolv.conf until you get your
> > DNS running. My issue was mostly an order of startup versus order of installation.
>
> Way I expect things to work. Anyone documenting this on the wiki may
> want to expand on this :)
>
> thanks for your feedback.
>
> >
> > --Mark
> >
> > -----Original Message-----
> >> To: sambalist <samba at lists.samba.org>
> >> From: Robert Moskowitz <rgm at htt-consult.com>
> >> Date: Fri, 4 Sep 2015 08:19:30 -0400
> >> Subject: [Samba] AD order of installation
> >>
> >> I don't see the following at
> >> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
> >>
> >> There is an 'order' of installation for an AD. Some things must come
> >> before others, some things can come when you may. Here is my take based
> >> on what I have learned over the past weeks:
> >>
> >> OS installation (listed for completeness, even though this is a 'dah' item).
> >> NTP time services
> >> CUPS (seems to go anywhere, though)
> >> Samba provisioning (this includes ldap and kerberos setup)
> >> DNS with DLZ
> >> Kerberos
> >> DHCP/DHCP6
> >> Adjust Samba configuration
> >> Start Samba
> >>
> >> Do I have the order right? Have I left anything out?
> >>
> >> For a file server (which I have not tackled yet) it seems it would be:
> >>
> >> OS installation (listed for completeness, even though this is a 'dah' item).
> >> Static IP config (could be fixed MAC dhcp provisioning?)
> >> NTP time sync
> >> CUPS (seems to go anywhere, though)
> >> DNS entries on AD (automatic if MAC-based dhcp provisioning?)
> >> Adjust Samba configuration
> >> Start Samba
> >> Join Domain
> >>
> >> This sort of information at the beginning of the documentation would
> >> help a newbie to know what they are getting themselves into!
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >> From samba-bounces at lists.samba.org Fri Sep 4 08:25:56 2015
> >> Return-Path: <samba-bounces at lists.samba.org>
> >> X-Virus-Status: Clean
> >> X-Virus-Scanned: clamav-milter 0.98.6 at mail
> >> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.samba.org; s=78453942;
> >> h=List-Id:Subject:Date:From:To; bh=Ct9pkpSJQJsva7R/VZzlT9U/2ttSltm5B1OQVSTucjY=;
> >> b=r2JrQTR4mO1/qUbyd8Y0ABe/vbptQIwKLw9PK1kGWZjoXipEctjfAEMQoqNGqNDIGuS36H4jIEFXWo1OjD5SG6RG9vGPz/AaggiveroIb4DFwPpfvdK4kEAgKYV966EOMpRFaQAp1dzwoo7uF434+vdfJKy16YGdD3mhcFOMOX4=;
> >> To: sambalist <samba at lists.samba.org>
> >> From: Robert Moskowitz <rgm at htt-consult.com>
> >> Date: Fri, 4 Sep 2015 08:19:30 -0400
> >> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
> >> Thunderbird/38.1.0
> >> Subject: [Samba] AD order of installation
> >> X-BeenThere: samba at lists.samba.org
> >> X-Mailman-Version: 2.1.18
> >> Precedence: list
> >> List-Id: General questions regarding Samba <samba.lists.samba.org>
> >> List-Unsubscribe: <https://lists.samba.org/mailman/options/samba>,
> >> <mailto:samba-request at lists.samba.org?subject=unsubscribe>
> >> List-Archive: <http://lists.samba.org/pipermail/samba/>
> >> List-Post: <mailto:samba at lists.samba.org>
> >> List-Help: <mailto:samba-request at lists.samba.org?subject=help>
> >> List-Subscribe: <https://lists.samba.org/mailman/listinfo/samba>,
> >> <mailto:samba-request at lists.samba.org?subject=subscribe>
> >> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >> Errors-To: samba-bounces at lists.samba.org
> >> Sender: "samba" <samba-bounces at lists.samba.org>
> >> X-Spam-Status: No, score=0.0 required=3.0 tests=T_DKIM_INVALID,
> >> T_RP_MATCHES_RCVD autolearn=ham version=3.3.2-_revision__1.14__
> >> X-Spam-Report:
> >> * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
> >> * domain
> >> * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
> >> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ (2011-06-06) on
> >> mail.hprs.local
> >> Status: R
> >>
> >> I don't see the following at
> >> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
> >>
> >> There is an 'order' of installation for an AD. Some things must come
> >> before others, some things can come when you may. Here is my take based
> >> on what I have learned over the past weeks:
> >>
> >> OS installation (listed for completeness, even though this is a 'dah' item).
> >> NTP time services
> >> CUPS (seems to go anywhere, though)
> >> Samba provisioning (this includes ldap and kerberos setup)
> >> DNS with DLZ
> >> Kerberos
> >> DHCP/DHCP6
> >> Adjust Samba configuration
> >> Start Samba
> >>
> >> Do I have the order right? Have I left anything out?
> >>
> >> For a file server (which I have not tackled yet) it seems it would be:
> >>
> >> OS installation (listed for completeness, even though this is a 'dah' item).
> >> Static IP config (could be fixed MAC dhcp provisioning?)
> >> NTP time sync
> >> CUPS (seems to go anywhere, though)
> >> DNS entries on AD (automatic if MAC-based dhcp provisioning?)
> >> Adjust Samba configuration
> >> Start Samba
> >> Join Domain
> >>
> >> This sort of information at the beginning of the documentation would
> >> help a newbie to know what they are getting themselves into!
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>From samba-bounces at lists.samba.org Fri Sep 4 12:06:34 2015
Return-Path: <samba-bounces at lists.samba.org>
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.6 at mail
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.samba.org; s=78453942;
h=List-Id:Subject:Date:From:To; bh=jOCw7i+OdIB50lGmIcqgW9ucT2ZPT4guGoecpamuMEU=;
b=xCNS9tvD22Cpl019haPH8vLNlu9nqYTmW5Eo6ONHW6JXSJFiJPN9TmyseFrW6Ry0Xw1JOJ90nK2dcLgb1kAGrRMDxriAJ24EVlOD451t8QPC2L2aKb1ydQAj4DKuAIx0b/ktq+k4Cl6sQVvSVVC6MmZkBUzhwbF7/r6pJpMZE0g=;
To: Mark Foley <mfoley at ohprs.org>, samba at lists.samba.org
From: Robert Moskowitz <rgm at htt-consult.com>
Date: Fri, 4 Sep 2015 12:00:48 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
Thunderbird/38.1.0
Subject: Re: [Samba] AD order of installation
X-BeenThere: samba at lists.samba.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: General questions regarding Samba <samba.lists.samba.org>
List-Unsubscribe: <https://lists.samba.org/mailman/options/samba>,
<mailto:samba-request at lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/pipermail/samba/>
List-Post: <mailto:samba at lists.samba.org>
List-Help: <mailto:samba-request at lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/samba>,
<mailto:samba-request at lists.samba.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: samba-bounces at lists.samba.org
Sender: "samba" <samba-bounces at lists.samba.org>
X-Spam-Status: No, score=0.0 required=3.0 tests=T_DKIM_INVALID,
T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.2-_revision__1.14__
X-Spam-Report:
* -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
* domain
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ (2011-06-06) on
mail.hprs.local
Status: R
On 09/04/2015 11:47 AM, Mark Foley wrote:
> Unless you are specifying by IP, NTP isn't going to resolve with e.g.
> 0.pool.ntp.org if you don't have DNS running. Personal Experience.
Good point. As I run on an armv7 with no battery rtc, I have to get
time sync going before doing practically anything. It much depends on
how your system resolves before local DNS is running. Typically
resolving works, or how would you get all the rpms or such installed
before configuring them?
> If you're using Samba's builtin DNS (I don't), then seems to me NTP should be
> last on your list.
Wiki says to have ntp for kerberos. So I think it needs to come before
that.
> Of course, ntp can temporarily resolve using /etc/resolv.conf until you get your
> DNS running. My issue was mostly an order of startup versus order of installation.
Way I expect things to work. Anyone documenting this on the wiki may
want to expand on this :)
thanks for your feedback.
>
> --Mark
>
> -----Original Message-----
>> To: sambalist <samba at lists.samba.org>
>> From: Robert Moskowitz <rgm at htt-consult.com>
>> Date: Fri, 4 Sep 2015 08:19:30 -0400
>> Subject: [Samba] AD order of installation
>>
>> I don't see the following at
>> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>>
>> There is an 'order' of installation for an AD. Some things must come
>> before others, some things can come when you may. Here is my take based
>> on what I have learned over the past weeks:
>>
>> OS installation (listed for completeness, even though this is a 'dah' item).
>> NTP time services
>> CUPS (seems to go anywhere, though)
>> Samba provisioning (this includes ldap and kerberos setup)
>> DNS with DLZ
>> Kerberos
>> DHCP/DHCP6
>> Adjust Samba configuration
>> Start Samba
>>
>> Do I have the order right? Have I left anything out?
>>
>> For a file server (which I have not tackled yet) it seems it would be:
>>
>> OS installation (listed for completeness, even though this is a 'dah' item).
>> Static IP config (could be fixed MAC dhcp provisioning?)
>> NTP time sync
>> CUPS (seems to go anywhere, though)
>> DNS entries on AD (automatic if MAC-based dhcp provisioning?)
>> Adjust Samba configuration
>> Start Samba
>> Join Domain
>>
>> This sort of information at the beginning of the documentation would
>> help a newbie to know what they are getting themselves into!
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>> From samba-bounces at lists.samba.org Fri Sep 4 08:25:56 2015
>> Return-Path: <samba-bounces at lists.samba.org>
>> X-Virus-Status: Clean
>> X-Virus-Scanned: clamav-milter 0.98.6 at mail
>> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.samba.org; s=78453942;
>> h=List-Id:Subject:Date:From:To; bh=Ct9pkpSJQJsva7R/VZzlT9U/2ttSltm5B1OQVSTucjY=;
>> b=r2JrQTR4mO1/qUbyd8Y0ABe/vbptQIwKLw9PK1kGWZjoXipEctjfAEMQoqNGqNDIGuS36H4jIEFXWo1OjD5SG6RG9vGPz/AaggiveroIb4DFwPpfvdK4kEAgKYV966EOMpRFaQAp1dzwoo7uF434+vdfJKy16YGdD3mhcFOMOX4=;
>> To: sambalist <samba at lists.samba.org>
>> From: Robert Moskowitz <rgm at htt-consult.com>
>> Date: Fri, 4 Sep 2015 08:19:30 -0400
>> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
>> Thunderbird/38.1.0
>> Subject: [Samba] AD order of installation
>> X-BeenThere: samba at lists.samba.org
>> X-Mailman-Version: 2.1.18
>> Precedence: list
>> List-Id: General questions regarding Samba <samba.lists.samba.org>
>> List-Unsubscribe: <https://lists.samba.org/mailman/options/samba>,
>> <mailto:samba-request at lists.samba.org?subject=unsubscribe>
>> List-Archive: <http://lists.samba.org/pipermail/samba/>
>> List-Post: <mailto:samba at lists.samba.org>
>> List-Help: <mailto:samba-request at lists.samba.org?subject=help>
>> List-Subscribe: <https://lists.samba.org/mailman/listinfo/samba>,
>> <mailto:samba-request at lists.samba.org?subject=subscribe>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>> Errors-To: samba-bounces at lists.samba.org
>> Sender: "samba" <samba-bounces at lists.samba.org>
>> X-Spam-Status: No, score=0.0 required=3.0 tests=T_DKIM_INVALID,
>> T_RP_MATCHES_RCVD autolearn=ham version=3.3.2-_revision__1.14__
>> X-Spam-Report:
>> * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
>> * domain
>> * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
>> X-Spam-Checker-Version: SpamAssassin 3.3.2-_revision__1.14__ (2011-06-06) on
>> mail.hprs.local
>> Status: R
>>
>> I don't see the following at
>> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>>
>> There is an 'order' of installation for an AD. Some things must come
>> before others, some things can come when you may. Here is my take based
>> on what I have learned over the past weeks:
>>
>> OS installation (listed for completeness, even though this is a 'dah' item).
>> NTP time services
>> CUPS (seems to go anywhere, though)
>> Samba provisioning (this includes ldap and kerberos setup)
>> DNS with DLZ
>> Kerberos
>> DHCP/DHCP6
>> Adjust Samba configuration
>> Start Samba
>>
>> Do I have the order right? Have I left anything out?
>>
>> For a file server (which I have not tackled yet) it seems it would be:
>>
>> OS installation (listed for completeness, even though this is a 'dah' item).
>> Static IP config (could be fixed MAC dhcp provisioning?)
>> NTP time sync
>> CUPS (seems to go anywhere, though)
>> DNS entries on AD (automatic if MAC-based dhcp provisioning?)
>> Adjust Samba configuration
>> Start Samba
>> Join Domain
>>
>> This sort of information at the beginning of the documentation would
>> help a newbie to know what they are getting themselves into!
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list