[Samba] [OT?] VM or Container for an AD DC?

Marco Gaiarin gaio at sv.lnf.it
Wed Sep 20 10:46:33 UTC 2017 

Mandi! Marcel de Reuver via samba
  In chel di` si favelave...

> For me Samba AD DC is running without any problem in an Ubuntu privileged
> LXC container.

Ah! Damn me!

I've thicked 'unprivileged container'!


Ok, done backup, delete the LXC, restored from backup with 'unprivileged container'
and... voilĂ , domain correctly created. ;-)

root at vdcsv1:~# samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=AD.FVG.LNF.IT --domain=LNFFVG
Administrator password will be set randomly!
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=ad,DC=fvg,DC=lnf,DC=it
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=ad,DC=fvg,DC=lnf,DC=it
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
See /var/lib/samba/private/named.conf for an example configuration include file for BIND
and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password:        none;-)
Server Role:           active directory domain controller
Hostname:              vdcsv1
NetBIOS Domain:        LNFFVG
DNS Domain:            ad.fvg.lnf.it
DOMAIN SID:            S-1-5-21-160080369-3601385002-3131615632


Thanks!

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della BontĂ , 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list