Samba4 AD DC - Automated provisioning

Niklas Andersson niklas.andersson at openforce.se
Thu May 1 17:17:24 MDT 2014 

Hi,

 I am currently giving open kerberos-auth and AD-integration a closer look,
and I needed a server side test environment.

 Beeing an Open Source-proponent, and a big Samba-fan for many years, I
decided to use Samba4 as the domain controller.

 As the installation part consists of several moving parts, I thought it
would be a good idea to automate it, so I have written a software "dcpromo"
that basically is a single Puppet-run that does the entire thing. And I do
my trials in Vagrant.

 Now, it started to work for me, and I would appreciate if someone else
could kick the tires, and send some feedback.

 The provisioning should be smooth sailing. The only pre-requisties are git
and Vagrant 1.5 (I am doing this on Ubuntu 14.04, and I had to download
most recent version of Vagrant from vagrantup.com)

 The entire procedure are now just a few commands:

git clone https://github.com/xnandersson/dcpromo-vagrant.git
cd dcpromo-vagrant
vagrantup

...first boot takes some time as you probably need to download trusty, next
time you do a provisioning the entire procedure takes about two minutes. If
you look at the scripts for provisioning, dcpromo-repo.sh and
dcpromo.debconf the config should be pretty self-explanatory.

 I have a couple of items that bugs me though. Straight after the domain
provisioning I need to reboot the machine, I would prefer not to, but the
thing is that for some reason samba does not start up correctly, but a
reboot solves the problem (I do was able to get contact with the domain
controller if I killed the smbd-processes and started samba in interactive
mode, so it might be a packaging problem by the distribution - i.e trusty
from Canonical in this case)

 Now, my next step is to set up the clients, also using Vagrant, and I have
some issues with the network and nameresolution and I have to look into
that. I am also going to clean up my code, because I break the
DRY-principle quite severly as you see if you give dcpromo.debconf a look.
It is a lot of ugly repetitions, so I am going to find a way to clean up
that mess.

 Well, after provisioning, you enter the machine with "vagrant ssh" and you
can use smbclient to check that it works, and you are also able to get your
kerberos tickets and everything.

 My goal is to make this package, dcpromo, as general as possible and as
useful as possible for the vast majority, so your feedback is appreciated.

Best regards,
Niklas

More information about the samba-technical mailing list