[Samba] Setup a Samba AD DC as an additional DC
Barry D. Adkins
Barry at daram.com
Thu Nov 29 10:56:51 UTC 2018
Thanks Rowland/Louis for your assistance,
> >What is the running AD DC its os version/build, it was an MS server?
> 2 AD DCs Windows 2012, 1 is 2008, but the DC for the join is a 2012
> windows DC
>Yes, but win 2012 which one? 2012 or 2012R2 Can you open a dosbox (cmd) and type : ver The build nummer is?
It is just 2012, not R2. Here is the ver output: Microsoft Windows [Version 6.2.9200]
The 2008 DC is also NOT R2: Microsoft Windows [Version 6.0.6002]
The Windows Certificate Server is running on the 2008 DC.
>and add it on you samba servers
I assume it will need to be added to the Intermediate & Trusted Authorities. I will have to search for doing this on Ubuntu/Linux. I assume it is simple.
>create the samba client certificates
Not sure what you mean here. Do you mean to request a client certificate for the samba DC from the Windows Certificate Authority?
>I don't think he ever joined, but cleaning out anything to do with the
>new DC from the Windows DC should't harm anything and cleaning
>out /var/lib/samba will also help.
Never successfully joined. From ADSI Edit samba-tool seems to clean up after itself when the join fails. I see entries added for the Samba DC and then they have later been removed.
>> - setup/join samba with bind9_dlz.
>You do not actually have to set up Bind9 before a provision/join, it
>just needs to be installed, then add '--dns-backend=BIND9_DLZ' to the
>join command, he can worry about setting up Bind9 once the DC actually
I have not explicitly installed BIND9, perhaps Ubuntu 18.04 loads it already. I can certainly install it.
At this point I have not implemented anything from your most recent post so-as to only do what you want me to do.
I will research the Linux Certificate store so I can do that when you request it.
More information about the samba