[Samba] Samba as AD travails

Rowland Penny rpenny at samba.org
Wed Sep 27 08:20:11 UTC 2017


On Tue, 26 Sep 2017 22:49:34 -0500
Jared Heath via samba <samba at lists.samba.org> wrote:

> Many (many) hours later, I'm finally throwing in the towel and
> seeking help.
> 
> I have read everything I can find on the internet to no avail to get
> past my issues.  I have to say, I'm very disappointed in the general
> quality and fragmentation of information on this topic.   Samba isn't
> a turn-key solution as an AD by any stretch of the imagination.  I've
> run the gamut so far with issues that internet digging has (mostly)
> resolved.

I was going to ask if you had read the Samba wiki, but I wont bother,
mainly because it doesn't tell you not to add your zone files to your
bind conf files, but it will do.
 
> [global]
>         workgroup = HEATHFAM
>         realm = HEATHFAM.COM <http://heathfam.com/>
>         netbios name = SAMBA-AD
>         server role = active directory domain controller
>         allow dns updates = nonsecure
> #       dns forwarder = 8.8.8.8
> #       dns forwarder = 10.0.2.10
>         idmap_ldb:use rfc2307 = yes
>         server services = rpc, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, s3fs

you can write the above line as 'server services = -dns'

>         tls enabled  = yes
>         tls keyfile  = tls/key.pem
>         tls certfile = tls/cert.pem
>         tls cafile   = tls/ca.pem
> 
>         username map = /etc/samba/user.map

Remove the above line, you do not need it on a DC.

> 
> [netlogon]
>         path = /var/lib/samba/sysvol/heathfam.com/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> =========================================
> named.conf.local
> =========================================
> zone "heathfam.com" {
>     type master;
>     file "/var/lib/bind/zones/db.heathfam.com"; # zone file path
>     allow-update { 10.0.2.0/24; };
> };
> 
> zone "2.0.10.in-addr.arpa" {
>     type master;
>     file "/var/lib/bind/zones/db.10.0.2";  # 10.128.2.0/16 subnet
>     allow-update { 10.0.2.0/24; };
> };
> 

Remove these zones files, they are in AD if using BIND_DLZ

Rowland



More information about the samba mailing list