[Samba] Setup a Samba AD DC as an additional DC

Rowland Penny rpenny at samba.org
Fri Nov 23 09:19:59 UTC 2018


On Fri, 23 Nov 2018 08:20:42 +0000
"Barry D. Adkins via samba" <samba at lists.samba.org> wrote:

> Samba 4.7.6 Ubuntu
> 
> /etc/hosts:
> 
> 127.0.0.1       localhost.localdomain   localhost
> ::1             localhost6.localdomain6 localhost6
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts

Change the top two lines to:

127.0.0.1 localhost
::1       localhost6

Then add a line:

THE_DC_IP THE_DC_FQDN THE_DC_SHORT_HOSTNAME

> 
> /etc/resolv.conf:
> 
> # This file is managed by man:systemd-resolved(8). Do not edit.
> #
> # This is a dynamic resolv.conf file for connecting local clients to
> the # internal DNS stub resolver of systemd-resolved. This file lists
> all # configured search domains.
> #
> # Run "systemd-resolve --status" to see details about the uplink DNS
> servers # currently in use.
> #
> # Third party programs must not access this file directly, but only
> through the # symlink at /etc/resolv.conf. To manage
> man:resolv.conf(5) in a different way, # replace this symlink by a
> static file or a different symlink. #
> # See man:systemd-resolved.service(8) for details about the supported
> modes of # operation for /etc/resolv.conf.
> 
> nameserver 127.0.0.53

Stop systemd-resolved from managing /etc/resolv.conf (in fact, stop
systemd-resolved)

Then create a new /etc/resolv.conf:

search YOUR_DNS_DOMAIN
nameserver AN_EXISTING_AD_DC

Once the DC is joined, change the 'nameserver' line to point the new
DC's ipaddress i.e. itself

> 
> /etc/krb5.conf:
> 
> [libdefaults]
>         default_realm = DARAM.COM
> #        dns_lookup_realm = false
> #        dns_lookup_kdc = true

You only need the four lines above, uncomment the last two

> 
> All suggestions failed.
> 
> I modified the last suggestion.. I had to add the -U option because
> there is no user in the DOMAIN for the UNIX user that is running the
> command.

Unless the 'UNIX user' is root (or you are using sudo), the unix user
shouldn't be running the command.

> 
> :~$ samba-tool domain join daram.com DC --dns-backend=SAMBA_INTERNAL
> --realm=DOMAIN.COM -U"DOMAIN\administrator" Finding a writeable DC
> for domain 'domain.com' Found DC DC01.daram.com
> Password for [DOMAIN\administrator]:
> workgroup is DOMAIN
> realm is domain.com
> Adding CN=DCU1801,OU=Domain Controllers,DC=domain,DC=com
> Adding
> CN=DCU1801,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=domain,DC=com
> Adding CN=NTDS
> Settings,CN=DCU1801,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=domain,DC=com
> Adding SPNs to CN=DCU1801,OU=Domain Controllers,DC=domain,DC=com
> Setting account password for DCU1801$ Enabling account Calling bare
> provision Join failed - cleaning up
> Deleted CN=DCU1801,OU=Domain Controllers,DC=domain,DC=com
> Deleted CN=NTDS
> Settings,CN=DCU1801,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=domain,DC=com
> Deleted
> CN=DCU1801,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=domain,DC=com
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
> exception - ProvisioningError: guess_names: 'server role=standalone
> server' in /etc/samba/smb.conf must match chosen server role 'active
> directory domain controller'!  Please remove the smb.conf file and
> let provision generate it File

Do what it tells you, remove the existing smb.conf

> 
> I am happy to install a different version of Samba, however, I would
> rather not have to compile Samaba.  Moreover, I'd have to uninstall
> the current Samba Version.  However, if easier, I'd just reinstall
> Ubuntu.  Guidance for this would be appreciated.

As you are are using Ubuntu 18.04, you could just install Louis's Samba
packages. They will install over and replace your existing Samba
packages.

Rowland





More information about the samba mailing list