[Samba] Setup a Samba AD DC as an additional DC

Barry D. Adkins Barry at daram.com
Thu Nov 29 10:56:51 UTC 2018

Thanks Rowland/Louis for your assistance,

> >What is the running AD DC its os version/build, it was an MS server? 
> 2 AD DCs Windows 2012, 1 is 2008, but the DC for the join is a 2012 
> windows DC

>Yes, but win 2012 which one?  2012 or 2012R2 Can you open a dosbox (cmd) and type : ver The build nummer is? 

It is just 2012, not R2.  Here is the ver output: Microsoft Windows [Version 6.2.9200]

The 2008 DC is also NOT R2: Microsoft Windows [Version 6.0.6002]

The Windows Certificate Server is running on the 2008 DC.

>and add it on you samba servers 

I assume it will need to be added to the Intermediate & Trusted Authorities.  I will have to search for doing this on Ubuntu/Linux.  I assume it is simple.

>create the samba client certificates

Not sure what you mean here.  Do you mean to request a client certificate for the samba DC from the Windows Certificate Authority?

>I don't think he ever joined, but cleaning out anything to do with the
>new DC from the Windows DC should't harm anything and cleaning
>out /var/lib/samba will also help.

Never successfully joined.  From ADSI Edit samba-tool seems to clean up after itself when the join fails.  I see entries added for the Samba DC and then they have later been removed.

>> - setup/join  samba with bind9_dlz.

>You do not actually have to set up Bind9 before a provision/join, it
>just needs to be installed, then add '--dns-backend=BIND9_DLZ' to the
>join command, he can worry about setting up Bind9 once the DC actually
>joins ;-)

I have not explicitly installed BIND9, perhaps Ubuntu 18.04 loads it already.  I can certainly install it.

At this point I have not implemented anything from your most recent post so-as to only do what you want me to do.

I will research the Linux Certificate store so I can do that when you request it.

-Barry Adkins

More information about the samba mailing list