[Samba] File server questions

Flávio Silveira fggs at terra.com.br
Tue Sep 12 13:40:50 UTC 2017

Em 12/09/2017 04:32, L.P.H. van Belle via samba escreveu:
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland Penny via samba
>> Verzonden: maandag 11 september 2017 18:50
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] File server questions
>> On Mon, 11 Sep 2017 13:08:16 -0300
>> Flávio Silveira via samba <samba at lists.samba.org> wrote:
>>> My question is actually if I have to deal with the hosting
>> company DNS
>>> zones or not, because 'tecnopon.com.br' is hosted there, my guess,
>>> giving Louis's answer and yours, is I don't need to.
>> As you will only be forwarding unknown requests (such as
>> www.google.com) to your hosting company, you do not have to
>> deal with their dns servers at all.
>>> Also, I am currently using a DHCP Server to give static IPs
>> based on
>>> mac address, I guess I don't need to set the ip manually if I use
>>> something like "method 3" described in [1] to prevent
>> /etc/resolv.conf
>>> updates, what do you think?
>>> [1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
>> Never really understood using dhcp for fixed ipaddresses,
>> well possibly for one or two machines, but even then, what is
>> the point ?
>> I would give a fixed IP to all the machines that should have
>> one (servers, printers etc). Then for any other machines that
>> can and should have a dhcp IP (laptops etc), create a pool
>> based around the fixed machines. This way, you can tell, just
>> from the IP, just what the machine is likely to be.
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> When i look at that link, https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
> Then only option 1 is the "real" correct one. Imho.
> Option 2, and options 3 are masking a configuration errors.
> If you want to use dhcp with servers, sure possible, no problem at all, but not recommended.
> Now have a look at : /etc/dhcp/dhclient.conf
> That shows, something like this ( the default on debian )
> option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
> send host-name = gethostname();
> request subnet-mask, broadcast-address, time-offset, routers,
>          domain-name, domain-name-servers, domain-search, host-name,
>          dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
>          netbios-name-servers, netbios-scope, interface-mtu,
>          rfc3442-classless-static-routes, ntp-servers;
> DHCP Server requests. : ( involving your points. )
>   domain-name, domain-name-servers, domain-search
> ( ntp-servers and time-offset are also very important )
> As long as the dhcp server sends the correct info here, you resolv.conf is always correct.
> The search setting should be : ad.tecnopon.com.br
> You need the domain-name so you have the correct zone for name server changes. (ad.tecnopon.com.br)
> You need the domain-search so you can resolv hostname -s and hostname -f within the same domain. (ad.tecnopon.com.br)
> If you also use resolvconf then add the needed options, for example if you have a proxy server with bind,
> Then resolvconf is the best options, because you can add named_options and named_zones,
> Which can be handy for the external zones. ( you can add a forward zone in bind for the internet zone.)
> Should not be needed but also here, can be handy, this all depending on you setup.
> But key here is, if you rebooted you server and your resolv.conf settings are wrong, then you have a setting in dhcp thats incorrect.
> ( or if resolvconf is installed, review /etc/network/interfaces ( missing dns-
> Since you have ips assigned by mac, review that config.
> Look in this file : cat /var/lib/dhcp/dhclient.eth0.leases
> ( if you interface is eth0, change to your interface name. )
> And i agree with Rowland's suggestion to create pools, that makes is much better to handle these settings.
> So i suggest, review you dhcp server settings and dhcp client settings.
> That is, imo, the correct way to set this up. ( If you must use the dhcp server for the members. )
> This wil also hold for the long run.
> Greetz,
> Louis

Thanks for the replies Rowland and Louis!

Giving all that was said here is a snippet of what I have in 

Don't know why my interface is named enp2s0, but I only have one, this 
might be a driver thing.

lease {
   interface "enp2s0";
   option subnet-mask;
   option routers;
   option dhcp-lease-time 86400;
   option dhcp-message-type 5;
   option domain-name-servers;
   option dhcp-server-identifier;
   option domain-name "local";
   renew 2 2017/09/12 15:28:36;
   rebind 3 2017/09/13 01:09:09;
   expire 3 2017/09/13 04:09:09;

This is the server that will be the AD DC, it currently is in client 
subnet (192.168.11.x) for testing, but I will put it in server subnet 
(192.168.13.x) when in production.

I can't change these settings now as it will break the whole network, 
can I use the "method 3" from the link for now and manually edit 
/etc/resolv.conf and then when it is ready for production I drop that 
script and configure it properly into the DHCP Server?

Speaking of AD DC tutorial, I've read it over and over and especifically 
the provisioning part, does this sound correct?

samba-tool domain provision --server-role=dc --use-rfc2307 
--dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD 
--adminpass=mypass --option="interfaces=lo enp2s0" --option="bind 
interfaces only=yes" --option="dns forwarder="

If I understand correctly, domain is what will be NetBIOS Name, right? 
What about Hostname? How do I set it in non-interactive mode?

It seems it isn't possible to set it also in interactive mode, as shown 
in the example from the tutorial:

> # samba-tool domain provision --use-rfc2307 --interactive
>   Domain [SAMDOM]: SAMDOM
>   Server Role (dc, member, standalone) [dc]: dc
>   DNS forwarder IP address (write 'none' to disable forwarding) []:
> Administrator password: Passw0rd
> Retype password: Passw0rd
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=samdom,DC=example,DC=com
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
> Setting up fake yp server settings
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role:           active directory domain controller
> Hostname:              DC1
> NetBIOS Domain:        SAMDOM
> DNS Domain:            samdom.example.com
> DOMAIN SID:            S-1-5-21-2614513918-2685075268-614796884

Where DC1 came from? Can I use that as NetBIOS Name?

   Flavio Silveira

More information about the samba mailing list