[Samba] Provisioning new AD Domain Controller

Mark Foley mfoley at novatec-inc.com
Thu Nov 30 17:44:22 UTC 2023


On Thu, 30 Nov 2023 16:00:54 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Thu, 30 Nov 2023 14:54:47 +0000
> bd730c5053df9efb (aka Dave) via samba <samba at lists.samba.org> wrote:
>
> > Hi!
> > 
> > As a slackware user I can confirm slackware's samba package is built
> > against mit. I'm running several samba AD DC's and have only had to
> > create a new rc script to start /usr/sbin/samba instead of
> > slackware's stock samba init script, i never needed to start a kdc
> > (which by the way slack 15 has a rc.krb5kdc script which you could
> > set as executable but again, I didn't need to do this to run a DC)
> > 
>
> I am aware that Slackware is built again MIT, I know this because I
> told them (after some testing on my part) that they were supplying an
> experimental feature without telling anyone (as Fedora is doing). I
> have no object to anyone using MIT with a Samba DC (it's not my place),
> but I feel that if this happens, the distro should explain this and
> advise that perhaps using an experimental DC in production isn't a good
> idea. It isn't as if they do not know it is experimental, you have to
> pass '--with-experimental-mit-ad-dc' to './configure'.
>
> I also feel that if the distro does supply Samba DC packages that use
> MIT, then they should also provide precise details on how to set up the
> DC, including setting up the KDC.
>
> Rowland

"It isn't as if they do not know it is experimental". I'm sure that's correct,
so I wonder why they use that instead of Heimdal.

Anyway, I copied to /var/lib/samba/private/krb5.conf to /etc/krb5.conf per
Andrew Bartlett suggestion and fired up Samba again. This time, it started!!! I
will move forward with the configuration.

Dave - I have been running a Slackware AD/DC for years (since 2014), but have
been using Slackware's stock rc.samba startup script. How does yours differ from
stock?

I also didn't have to start any separate kerberos process to get samba to run.

Thanks! --Mark



More information about the samba mailing list