[Samba] Provisioning new AD Domain Controller
bd730c5053df9efb
bd730c5053df9efb at proton.me
Thu Nov 30 18:28:51 UTC 2023
I have ran samba as a pdc since the 90's using slackware's stock rc.samba script but once I moved from samba PDC to samba AD DC I created a new script, very similar but what it does is, first and foremost check samba isn't running in a non AD DC configuration started by slackwares standard script and then start /usr/sbin/samba -D instead of /usr/sbin/smbd -D and /usr/sbin/nmbd -D. Here is my complete script
#!/bin/sh
#
# /etc/rc.d/rc.sambaad
#
# Start/stop/restart the Samba SMB active directory domain controller
#
# To make Samba start automatically at boot, make this
# file executable: chmod 755 /etc/rc.d/rc.sambaad
# and add it to rc.local
#
sambaad_start() {
if [ -x /etc/rc.d/rc.samba ]; then
echo "Samba is already running, can not start Samba AD server"
else
if [ -x /usr/sbin/samba -a -r /etc/samba/smb.conf ]; then
mkdir -p /var/run/samba
echo "Starting Samba AD: /usr/sbin/samba -D"
/usr/sbin/samba -D
elif [ ! -r /etc/samba/smb.conf ]; then
echo "ERROR: cannot start Samba since /etc/samba/smb.conf does not exist"
fi
fi
}
sambaad_stop() {
if [ -r /var/run/samba.pid ]; then
kill -TERM $(cat /var/run/samba.pid)
fi
}
sambaad_restart() {
sambaad_stop
sleep 2
sambaad_start
}
case "$1" in
'start')
sambaad_start
;;
'stop')
sambaad_stop
;;
'restart')
sambaad_restart
;;
*)
echo "usage $0 start|stop|restart"
esac
Best regards,
Dave.
PS: I'm sending this again just in case because I got a mailer daemon rejection notice.
Sent with Proton Mail secure email.
On Thursday, November 30th, 2023 at 14:44, Mark Foley via samba <samba at lists.samba.org> wrote:
> On Thu, 30 Nov 2023 16:00:54 +0000 Rowland Penny via samba samba at lists.samba.org wrote:
>
> > On Thu, 30 Nov 2023 14:54:47 +0000
> > bd730c5053df9efb (aka Dave) via samba samba at lists.samba.org wrote:
> >
> > > Hi!
> > >
> > > As a slackware user I can confirm slackware's samba package is built
> > > against mit. I'm running several samba AD DC's and have only had to
> > > create a new rc script to start /usr/sbin/samba instead of
> > > slackware's stock samba init script, i never needed to start a kdc
> > > (which by the way slack 15 has a rc.krb5kdc script which you could
> > > set as executable but again, I didn't need to do this to run a DC)
> >
> > I am aware that Slackware is built again MIT, I know this because I
> > told them (after some testing on my part) that they were supplying an
> > experimental feature without telling anyone (as Fedora is doing). I
> > have no object to anyone using MIT with a Samba DC (it's not my place),
> > but I feel that if this happens, the distro should explain this and
> > advise that perhaps using an experimental DC in production isn't a good
> > idea. It isn't as if they do not know it is experimental, you have to
> > pass '--with-experimental-mit-ad-dc' to './configure'.
> >
> > I also feel that if the distro does supply Samba DC packages that use
> > MIT, then they should also provide precise details on how to set up the
> > DC, including setting up the KDC.
> >
> > Rowland
>
>
> "It isn't as if they do not know it is experimental". I'm sure that's correct,
> so I wonder why they use that instead of Heimdal.
>
> Anyway, I copied to /var/lib/samba/private/krb5.conf to /etc/krb5.conf per
> Andrew Bartlett suggestion and fired up Samba again. This time, it started!!! I
> will move forward with the configuration.
>
> Dave - I have been running a Slackware AD/DC for years (since 2014), but have
> been using Slackware's stock rc.samba startup script. How does yours differ from
> stock?
>
> I also didn't have to start any separate kerberos process to get samba to run.
>
> Thanks! --Mark
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list