FedoraForum.org - Fedora Support Forums and Community
Results 1 to 15 of 15
  1. #1
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Fedora 20 Samba 4.1 AD DC howto?

    I went here and started
    https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
    I installed samba with
    Code:
    yum install samba-dc*
    Then I tried Provisioning samba but I can not find the samba-tool command

    Code:
    find / -name samba-tool
    turns up nothing.

    Do I have to compile it all myself in order to follow the instructions?

    Why doesn't samba-dc come with it? What is samba-dc for if not to start an active directory?

    ----Maybe the answer---
    I did
    Code:
    repoquery -lq samba-dc
    it showed
    Code:
    /usr/share/doc/samba-dc
    /usr/share/doc/samba-dc/README.dc
    so I did
    Code:
    less /usr/share/doc/samba-dc/README.dc
    and here is what it says
    MIT Kerberos 5 Support
    =======================

    Fedora is using MIT Kerberos implementation as its Kerberos infrastructure of
    choice. The Samba build in Fedora is using MIT Kerberos implementation in order
    to allow system-wide interoperability between both desktop and server
    applications running on the same machine.

    At the moment the Samba Active Directory Domain Controller implementation is
    not available with MIT Kereberos. FreeIPA and Samba Team members are currently
    working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux
    distribution integration of Samba AD DC features.

    We have just finished migrating the file server and all client utilities to MIT
    Kerberos. The result of this work is available in samba-* packages in Fedora.
    We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos
    KDC will be ready.

    In case of further questions do not hesitate to send your inquiries to
    samba-owner@fedoraproject.org
    Anyone have any suggestions on how I can work around this?

    here is my current thought.

    I think I want to create a vm specifically for a DC. Does any linux distro come with samba 4.1 compiled with its own kerberos?

    Update: 2016-04-26
    ------------------------------------------

    Look for AD DC capabilities in samba 4.5.x maybe when fedora 25 comes around.
    I have been following this and it looks like they have it compiling with patches for the MIT kerberos. Looks like they have a few more bugs to work out but it is getting close.
    Here are some packages I found https://copr.fedorainfracloud.org/co...n/samba_ad_dc/
    I found it from Alexander Bokovoy https://plus.google.com/u/1/+AlexanderBokovoy/posts
    He posted something a while back on the samba forums.
    Last edited by Jeff Sadowski; 26th April 2016 at 05:52 PM. Reason: Update

  2. #2
    Join Date
    Feb 2009
    Location
    Florida
    Posts
    523

    Re: Fedora 20 Samba 4.1 AD DC howto?

    If you're looking to get started with Samba on Fedora 20, you should probably start here.

    http://docs.fedoraproject.org/en-US/....html#s1-Samba

    This guide is part of F18 docs and is much more related to a Fedora 20 install than the site you're currently using.

    See where this info gets you then ask again.
    Laptop: ASUS K61IC/ Intel T6600 2.20Ghz x2/ 4GB/ 320GB SataII/ NVidia G96M/ fc27.x86_64
    Tower: GigaByte (990FXA)/ AMD 1100T 3.3Ghz x6/ 16GB/ 7.5TB Sata III/ AMD 6770HD/ fc27.x86_64
    Bookshelf: Shuttle DS61 (H61)/ i3-3225 3.3Ghz x2/ 16GB/ 320GB Sata II/ Intel HD 4000/ fc26.x86_64
    Embedded: BeagleBone Blk / ARM AM3358 1 GHz x1/ 512MB/ 2GB eMMC/ PowerVR SGX530/ fc27.armv7hl

  3. #3
    Join Date
    Dec 2010
    Location
    Buellton California USA
    Posts
    15

    Re: Fedora 20 Samba 4.1 AD DC howto?

    I read Jeff Sadowski's post and found the the same message at

    ls -ltr /usr/share/doc/samba-dc-4.0.13/README.dc
    -rw-r--r--. 1 root root 964 Dec 9 07:13 /usr/share/doc/samba-dc-4.0.13/README.dc
    ---------------------------------------------------------------------------------------------------------------------------------
    MIT Kerberos 5 Support
    =======================

    Fedora is using MIT Kerberos implementation as its Kerberos infrastructure of
    choice. The Samba build in Fedora is using MIT Kerberos implementation in order
    to allow system-wide interoperability between both desktop and server
    applications running on the same machine.

    At the moment the Samba Active Directory Domain Controller implementation is
    not available with MIT Kereberos. FreeIPA and Samba Team members are currently
    working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux
    distribution integration of Samba AD DC features.

    We have just finished migrating the file server and all client utilities to MIT
    Kerberos. The result of this work is available in samba-* packages in Fedora.
    We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos
    KDC will be ready.

    In case of further questions do not hesitate to send your inquiries to
    samba-owner@fedoraproject.org
    ---------------------------------------------------------------------------------------------------------------------------------

    Does anyone know when "We'll provide Samba AD DC functionality as soon as
    its support of MIT Kerberos KDC will be ready."

    will be completed?

    Does the alternative approach of using the samba rpm's for CentOS will work?
    I am using FC19.

  4. #4
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    Anyone still trying to do this in Fedora 22 and Fedora 23 even when Samba 4.3 is rolled in it will not work. Don't hold your breath for this. I'm hoping it will start showing up soon but there is no seen planning on samba 4.4 so I don't think it will happen yet. I am hopeful that I could get a non mit build of 4.3 and fully trust an openldap and maybe get the functionality I want with that.

  5. #5
    Join Date
    Nov 2005
    Location
    Brisbane
    Posts
    26

    Re: Fedora 20 Samba 4.1 AD DC howto?

    I still download the git source and compile it myself. That has been the only way I can have my AD DC's. I wish the problems with kerberos could be sorted out so I can get a systemctl package from a Fedora repository.
    ASUS Sabertooth Z170
    Intel i7
    16G Ram
    F 25 - Windows 10
    Thermaltake Core P5 Open Case watercooled on the wall.

  6. #6
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    After 3 years I can finally get AD samba with the mit kerberos. :-)

    I'm using fedora 23 and will wait till 24 has this repo before I upgrade.

    https://copr.fedorainfracloud.org/co...n/samba_ad_dc/

    Code:
    dnf copr enable asn/samba_ad_dc
    then

    Code:
    dnf install samba-dc
    Then I followed the instructions here https://wiki.samba.org/index.php/Set...ain_Controller
    to create my AD DC

    I joined a windows 10 pro virtual machine to it and install the server admin tools to allow me to easily add users and set GPOs

    No more fighting with kerberos authentication issues.

    I have been using it successfully for about 3 weeks :-)

    Some slight DNS/DHCP issues but I'm thinking if I let samba populate DNS and remove DHCP from populating DNS I should be fine. If I really want dhcp to populate DNS I'll look more into it.

    I'll post more about my setup when I am happy with it or if someone needs help. Feel free to ask me questions.
    Last edited by Jeff Sadowski; 7th June 2016 at 04:51 PM.

  7. #7
    Join Date
    Nov 2005
    Location
    Brisbane
    Posts
    26

    Re: Fedora 20 Samba 4.1 AD DC howto?

    \o/ Well I know what I will be doing this weekend.
    ASUS Sabertooth Z170
    Intel i7
    16G Ram
    F 25 - Windows 10
    Thermaltake Core P5 Open Case watercooled on the wall.

  8. #8
    Join Date
    Oct 2005
    Location
    Southern Ontario
    Age
    68
    Posts
    200

    Question Re: Fedora 20 Samba 4.1 AD DC howto?

    Quote Originally Posted by Jeff Sadowski
    After 3 years I can finally get AD samba with the mit kerberos. :-)

    I'm using fedora 23 and will wait till 24 has this repo before I upgrade.

    https://copr.fedorainfracloud.org/co...n/samba_ad_dc/

    Code:
    dnf copr enable asn/samba_ad_dc
    then

    Code:
    dnf install samba-dc
    Then I followed the instructions here https://wiki.samba.org/index.php/Set...ain_Controller
    to create my AD DC

    I joined a windows 10 pro virtual machine to it and install the server admin tools to allow me to easily add users and set GPOs

    No more fighting with kerberos authentication issues.

    I have been using it successfully for about 3 weeks :-)

    Some slight DNS/DHCP issues but I'm thinking if I let samba populate DNS and remove DHCP from populating DNS I should be fine. If I really want dhcp to populate DNS I'll look more into it.

    I'll post more about my setup when I am happy with it or if someone needs help. Feel free to ask me questions.

    I am running Fedora V21 and had their default Samba installed. But I wanted to put up a PDC with ADS, so I uninstalled samba and down loaded the Samba 4.4.5 source along with the Kerberos devel kit etc.
    I then configured and compiled etc and it indicated it was successful.
    But I can't load the NBM, SBM and WINBIND services using Systemctl.
    What am I missing? (still a bit of a rooky).Linux
    Martyn Griffin

  9. #9
    Join Date
    Nov 2005
    Location
    Brisbane
    Posts
    26

    Re: Fedora 20 Samba 4.1 AD DC howto?

    With my build of the source from samba.org, I have to run the samba command located in /usr/share/samba/sbin. I havent figured out how to interate it into systemctl.

    To stop the samba server, I just use the killall samba command
    ASUS Sabertooth Z170
    Intel i7
    16G Ram
    F 25 - Windows 10
    Thermaltake Core P5 Open Case watercooled on the wall.

  10. #10
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    Aleluya major development. :-) In about six months samba-4.7 will have AD DC support with the MIT Kerberos. I see the light at the end of a long long long tunnel. I'm dancing.

  11. #11
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    4.7rc1 is out. We are 2 months from a AD DC officially built by the fedora team. :-) Maybe sooner if they build rc versions in rawhide. Hope, hope, hope :-D

  12. #12
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    After 3 and a half plus years of waiting it is finally here. :-) It is in rawhide right now. I just updated and they have the tools to make a domain controller. I will test it all out in a couple of weeks when I finish my move and have some time to work on it.

  13. #13
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    I installed fedora rawhide.

    Code:
    #install the needed items
    dnf install samba-dc named tdb-tools
    
    #create dependence for named to check permissions
    mkdir /etc/systemd/system/named.service.d
    cat << EOF_service > /etc/systemd/system/named.service.d/samba-permission-check.conf
    [Service]
    ExecStartPre=/etc/scripts/samba-permissions-check.sh
    EOF_service
    mkdir /etc/scripts
    
    #script used in dependency for named to check permissions
    cat << EOF_script > /etc/scripts/samba-permissions-check.sh
    #!/bin/bash
    chgrp named /var/lib/samba/private/
    chmod 0750 /var/lib/samba/private/
    chgrp named /var/lib/samba/private/named.conf
    chgrp -R named /var/lib/samba/private/dns
    chgrp named /var/lib/samba/private/sam.ldb
    chgrp -R named /var/lib/samba/private/sam.ldb.d
    EOF_script
    systemctl daemon-reload
    
    #my domain building script I used to build my domain
    cat << EOF_rebuilder > /root/rebuild_domain.sh
    #!/bin/bash
    systemctl stop named
    systemctl stop samba
    rm -f /etc/samba/smb.conf
    if [ -f ~/domain_password ];then
     . ~/domain_password
    fi
    if [ "${domain_name}" = "" ];then
     echo "Domain Name:"
     read domain_name
     echo "domain_name=${domain_name}" > ~/domain_password
     echo "Password:"
     read password
     echo "password='${password}'" >> ~/domain_password
    fi
    short=$(echo ${domain_name}|cut -d. -f1)
    echo $domain_name
    echo $short
    echo $password
    samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=${domain_name} --domain=${short} "--adminpass=${password}"
    firewall-cmd --add-service=dns --permanent
    firewall-cmd --add-service=samba --permanent
    firewall-cmd --reload
    systemctl enable named
    systemctl enable samba
    kdb5_util destroy -f
    kdb5_util create -s
    systemctl start named
    systemctl start samba
    if [ "$(grep "/var/lib/samba/private/named.conf" /etc/named.conf)" = "" ];then
     echo 'include "/var/lib/samba/private/named.conf";' >> /etc/named.conf
    fi
    EOF_rebuilder
    
    #running my script
    /root/rebuild_domain.sh
    Last edited by Jeff Sadowski; 18th August 2017 at 05:16 PM.

  14. #14
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    All set for fedora 27 by the end of the month it will no longer be beta. :-) I'll finally be able to write a more finished howto. Fedora 27 beta has samba-4.7.0 and has a working samba-dc. :-)

  15. #15
    Join Date
    Jun 2005
    Age
    43
    Posts
    509

    Re: Fedora 20 Samba 4.1 AD DC howto?

    And we have an up to date distro with an up to date samba version that supports active directory. :-) Fedora 27 has been released and you can install samba-ad without any extra repos.
    This makes me so happy.

Similar Threads

  1. samba howto
    By input in forum Using Fedora
    Replies: 17
    Last Post: 29th December 2010, 12:54 AM
  2. Samba and 389 Directory: Howto sync passwords?
    By HaikoH in forum Servers & Networking
    Replies: 0
    Last Post: 12th January 2010, 05:53 PM
  3. Samba - howto maintain a mount between reboots
    By supanova in forum Servers & Networking
    Replies: 2
    Last Post: 27th January 2006, 02:14 PM
  4. samba-vscan-clamav howto
    By nocolour in forum Using Fedora
    Replies: 0
    Last Post: 1st October 2004, 05:00 PM
  5. Fedora + Samba Printing: Any good HowTo's?
    By IanWaring in forum Servers & Networking
    Replies: 10
    Last Post: 15th August 2004, 04:09 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •