[Samba] Samba as AD travails
Rowland Penny
rpenny at samba.org
Wed Sep 27 08:20:11 UTC 2017
On Tue, 26 Sep 2017 22:49:34 -0500
Jared Heath via samba <samba at lists.samba.org> wrote:
> Many (many) hours later, I'm finally throwing in the towel and
> seeking help.
>
> I have read everything I can find on the internet to no avail to get
> past my issues. I have to say, I'm very disappointed in the general
> quality and fragmentation of information on this topic. Samba isn't
> a turn-key solution as an AD by any stretch of the imagination. I've
> run the gamut so far with issues that internet digging has (mostly)
> resolved.
I was going to ask if you had read the Samba wiki, but I wont bother,
mainly because it doesn't tell you not to add your zone files to your
bind conf files, but it will do.
> [global]
> workgroup = HEATHFAM
> realm = HEATHFAM.COM <http://heathfam.com/>
> netbios name = SAMBA-AD
> server role = active directory domain controller
> allow dns updates = nonsecure
> # dns forwarder = 8.8.8.8
> # dns forwarder = 10.0.2.10
> idmap_ldb:use rfc2307 = yes
> server services = rpc, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, s3fs
you can write the above line as 'server services = -dns'
> tls enabled = yes
> tls keyfile = tls/key.pem
> tls certfile = tls/cert.pem
> tls cafile = tls/ca.pem
>
> username map = /etc/samba/user.map
Remove the above line, you do not need it on a DC.
>
> [netlogon]
> path = /var/lib/samba/sysvol/heathfam.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> =========================================
> named.conf.local
> =========================================
> zone "heathfam.com" {
> type master;
> file "/var/lib/bind/zones/db.heathfam.com"; # zone file path
> allow-update { 10.0.2.0/24; };
> };
>
> zone "2.0.10.in-addr.arpa" {
> type master;
> file "/var/lib/bind/zones/db.10.0.2"; # 10.128.2.0/16 subnet
> allow-update { 10.0.2.0/24; };
> };
>
Remove these zones files, they are in AD if using BIND_DLZ
Rowland
More information about the samba
mailing list