[Samba] Samba AD DC for Debian

Rob Campbell robcampbell08105 at gmail.com
Tue Oct 26 04:54:16 UTC 2021 

First, I had a fully working exactly as expected version at one point.  I
had the ssh authentication working with the creation of the home
directories on install and a domain member (also Debian).  I didn't write
down my instructions because... I was just trying to get it to work.  It
actually wasn't hard that time.  For some reason, it is difficult now.  I
am starting with a clean Debian 11 DVD install
(debian-11.0.0-amd64-DVD-1.iso).  After completing the install, I start
running through the wiki.  What I found is that the wiki doesn't give
instructions to install Samba and key packages (unless I missed it) but it
gave all those dependencies I mentioned.  I'm not sure why now the new
install is having issues so I'm starting with a clean vm.

Domain Controller

   1. Install debian-11.0.0-amd64-DVD-1.iso
      1. Are there some specific configurations that I need to set here
      that I missed the 2nd and 3rd time?
   2. Fix apt so that it doesn't try to pull from dvd
   3. apt-get update (just because)
   4. Go through wiki
   5. Hostname = DSDC01
   6. Domain Name = HOME.TEST-SERVER.LAN
   7. IP Address = 10.0.0.19
   8. apt install samba winbind libnss-winbind libpam-winbind libpam-krb5
   ntp binutils ldb-tools krb5-user
   9. samba-tool domain provision --server-role=dc --use-rfc2307
   --dns-backend=SAMBA_INTERNAL --realm=HOME.TEST-SERVER.LAN --domain=HOME
   --adminpass=1243Password
   10. Need to install smbclient 'apt install smbclient'

All goes well, it seems.

Domain Member

Samba is not installed.  Wiki doesn't suggest which packages to install but
I installed the same packages suggested in the previous response #8.

Everything was fine til I get to reverse lookup

[Tue Oct 26 00:19:13] [root at DSDM05~$] nslookup 10.0.0.19
** server can't find 19.0.0.10.in-addr.arpa: NXDOMAIN

[Tue Oct 26 00:18:20] [root at DC01~$] samba-tool dns zonecreate 10.0.0.19
0.0.10.in-addr.arpa
Password for [administrator at HOME.TEST-SERVER.LAN]:
ERROR(runtime): uncaught exception - (9609,
'WERR_DNS_ERROR_ZONE_ALREADY_EXISTS')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 735, in
run
    res = dns_conn.DnssrvOperation2(client_version, 0, server, None,

samba-tool dns add home.test-server.lan 0.0.10.in-addr.arpa 19 PTR
home.test-server.lan
Now reverse lookup is fine: 19.0.0.10.in-addr.arpa name =
home.test-server.lan.

[Tue Oct 26 00:50:35] [root at DSDM05/etc$] net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- HOME
Joined 'DSDM05' to dns domain 'home.test-server.lan'
DNS Update for dsdm05.home.test.server.lan failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

Kerberos and Samba

https://wiki.samba.org/index.php/OpenSSH_Single_sign-on

   1. /etc/security/pam_winbind.conf doesn't exist (full stop)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Mon, Oct 25, 2021 at 5:19 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Mon, 2021-10-25 at 16:49 -0400, Rob Campbell wrote:
> > I wasn't building Samba.  I was trying to install via apt-get but the
> > wiki doesn't say which to install.  Not which version bc I know they
> > change but 'samba samba-server samba-client smbclient' etc.
> >
> > Are you saying I shouldn't install via package manager?
>
> No, I am saying that it is easier to install via package, but the Samba
> wiki is mostly written from the point of view of building Samba
> yourself. It is expected that the distros should provide their own
> instructions on how to use Samba.
>
> On Debian based distros, you need to install these packages:
> samba winbind libnss-winbind libpam-winbind libpam-krb5 ntp binutils
> ldb-tools krb5-user
>
> These will pull in other packages.
>
> However, to get the latest Samba versions (and keep getting them, Samba
> is a rapidly moving package), you need to either build it yourself or
> to use an external repo. Louis's repo is a good one for
> Debian/Ubuntu/Raspbian, there are others. some you have to pay for,
> others, like Louis's, are free (though Louis will be grateful for a
> donation).
>
> You seem to be having problems in setting up your domain, something
> which is easy, but I would say that, wouldn't I, I know what to do.
> What I need to do, is to pass that knowledge on to you. To do that, can
> you tell us what you have already done and what doesn't work. You may
> feel that you have already done this, but lets start again and get it
> all in one place.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list