[Samba] Fwd: Good installation documentation on samba4?

Data Control Systems - Mike Elkevizth mike at datacontrolsystems.com
Fri Jul 29 20:13:51 UTC 2016


On Fri, Jul 29, 2016 at 3:50 PM, Léon van der Kaap <leonkaap at gmail.com>
wrote:

> I figured out the resolv.conf bit fidgeting around. Thanks for the tip
> anyway.
>
> Regarding the krb5.conf I have never got it working with the example files.
> I have always added at least a "kdc = samdom.example.com" to the lines,
> but
> my file is actually still a bit more complex(and possibly redundant).
>

The standard four line krb5.conf that is generated during provisioning and
listed on the wiki page about setting up an AD DC works fine for me.


> Regarding the troubleshooting page, it is *far* from complete. At the very
> least, the documentation should at a check for a succesful 'kinit' command
> to see if the system is going to work.
>

Once again, these steps are listed on the main wiki page about creating an
AD DC.
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos


>
> Maybe I sound a bit angry, but I severely dislike documentation that leaves
> you with an unfinished installation. Compare the monstrously sized Samba
> 3.5 with Samba 4 kind of illustrates the point that not all bases are
> covered which is a shame to me.
>

I setup my Samba Active Directory Domain with multiple DCs at multiple
remote sites connected via VPN with both Linux and Windows clients using
the documentation and found it quite complete and clear.


>
> 2016-07-28 23:25 GMT+02:00 Rowland penny <rpenny at samba.org>:
>
> > On 28/07/16 21:55, Léon van der Kaap wrote:
> >
> >> Hello,
> >>
> >> I am looking for good installation instructions for an active directory
> >> domain controller installation of samba4. The only source I have
> reliably
> >> found is
> >>
> >>
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
> >> which is unfortunately both incomplete in certain sections and incorrect
> >> in
> >> others.
> >>
> >> A good example of incomplete information is the guide on the name
> server.
> >> In the org that I work for, we've chosen the samba_internal dns server.
> >> However, the guide is not clear on making sure that the machine needs to
> >> refer to itself for dns queries, something that is quite essential.
> >>
> >
> > Do you mean it should say something like this:
> >
> >
> >    Configure /etc/resolv.conf
> >
> > Your Domain Controller requires a name server that is able to resolve
> > queries to Active Directory zones. Because this is your first Domain
> > Controller in your AD forest, use the DCs IP and domain name in your
> > /etc/resolv.conf:
> >
> > domain samdom.example.com
> > nameserver 10.99.0.1
> >
> >
> >
> >> An example of incorrect information is that copying the example
> krb5.conf
> >> file should do the trick. In practice, I have traversed the far corners
> of
> >> the internet for an actual working example of the krb5.conf file.
> >>
> >
> > The example one should work, this is all I have in /etc/krb5.conf on my
> > DCs:
> >
> > [libdefaults]
> >     default_realm = SAMDOM.EXAMPLE.COM
> >     dns_lookup_realm = false
> >     dns_lookup_kdc = true
> >
> >
> >> Furthermore, there is no "what to do when things fail" fall back
> option. I
> >> do not know when to continue with the guide and when to test the actual
> >> working state of the installation at a certain state.
> >>
> >
> > Is there something wrong with this:
> >
> >
> >  Troubleshooting
> >
> > If you encounter any problems when using this documentation, see the
> Samba
> > AD DC Troubleshooting <
> > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting> page.
> >
> > Which points at this page:
> >
> > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting
> >
> >
> >
> >> In all desperation, I have written my own guide to samba4 installation,
> >> but
> >> I have no idea if what I did was sufficient, only that it looks ok when
> >> testing some functionality.
> >>
> >> Is there a mythical samba4 guide or are people doomed to endlessly
> google
> >> their questions?
> >>
> >
> > Most (if not all) of the info is on the Samba wiki and if you are still
> > struggling, try asking here.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list