Fedora Linux Support Community & Resources Center
  #1  
Old 27th December 2013, 07:37 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
windows_7firefox
Fedora 20 Samba 4.1 AD DC howto?

I went here and started
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
I installed samba with
Code:
yum install samba-dc*
Then I tried Provisioning samba but I can not find the samba-tool command

Code:
find / -name samba-tool
turns up nothing.

Do I have to compile it all myself in order to follow the instructions?

Why doesn't samba-dc come with it? What is samba-dc for if not to start an active directory?

----Maybe the answer---
I did
Code:
repoquery -lq samba-dc
it showed
Code:
/usr/share/doc/samba-dc
/usr/share/doc/samba-dc/README.dc
so I did
Code:
less /usr/share/doc/samba-dc/README.dc
and here is what it says
Quote:
MIT Kerberos 5 Support
=======================

Fedora is using MIT Kerberos implementation as its Kerberos infrastructure of
choice. The Samba build in Fedora is using MIT Kerberos implementation in order
to allow system-wide interoperability between both desktop and server
applications running on the same machine.

At the moment the Samba Active Directory Domain Controller implementation is
not available with MIT Kereberos. FreeIPA and Samba Team members are currently
working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux
distribution integration of Samba AD DC features.

We have just finished migrating the file server and all client utilities to MIT
Kerberos. The result of this work is available in samba-* packages in Fedora.
We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos
KDC will be ready.

In case of further questions do not hesitate to send your inquiries to
samba-owner@fedoraproject.org
Anyone have any suggestions on how I can work around this?

here is my current thought.

I think I want to create a vm specifically for a DC. Does any linux distro come with samba 4.1 compiled with its own kerberos?

Update: 2016-04-26
------------------------------------------

Look for AD DC capabilities in samba 4.5.x maybe when fedora 25 comes around.
I have been following this and it looks like they have it compiling with patches for the MIT kerberos. Looks like they have a few more bugs to work out but it is getting close.
Here are some packages I found https://copr.fedorainfracloud.org/co...n/samba_ad_dc/
I found it from Alexander Bokovoy https://plus.google.com/u/1/+AlexanderBokovoy/posts
He posted something a while back on the samba forums.

Last edited by Jeff Sadowski; 26th April 2016 at 05:52 PM. Reason: Update
Reply With Quote
  #2  
Old 28th December 2013, 12:41 AM
Kobuck Offline
Registered User
 
Join Date: Feb 2009
Location: Florida
Posts: 522
linuxfirefox
Re: Fedora 20 Samba 4.1 AD DC howto?

If you're looking to get started with Samba on Fedora 20, you should probably start here.

http://docs.fedoraproject.org/en-US/....html#s1-Samba

This guide is part of F18 docs and is much more related to a Fedora 20 install than the site you're currently using.

See where this info gets you then ask again.
__________________
Laptop: ASUS K61IC/ Intel T6600 2.20Ghz x2/ 4GB/ 320GB SataII/ NVidia G96M/ fc26.x86_64
Tower: GigaByte (990FXA)/ AMD 1100T 3.3Ghz x6/ 16GB/ 7.5TB Sata III/ AMD 6770HD/ fc26.x86_64
Bookshelf: Shuttle DS61 (H61)/ i3-3225 3.3Ghz x2/ 16GB/ 320GB Sata II/ Intel HD 4000/ fc26.x86_64
Embedded: BeagleBone Blk / ARM AM3358 1 GHz x1/ 512MB/ 2GB eMMC/ PowerVR SGX530/ fc26.armv7hl
Reply With Quote
  #3  
Old 3rd January 2014, 03:15 AM
scott9harvey0l Offline
Registered User
 
Join Date: Dec 2010
Location: Buellton California USA
Posts: 15
linuxfirefox
Re: Fedora 20 Samba 4.1 AD DC howto?

I read Jeff Sadowski's post and found the the same message at

ls -ltr /usr/share/doc/samba-dc-4.0.13/README.dc
-rw-r--r--. 1 root root 964 Dec 9 07:13 /usr/share/doc/samba-dc-4.0.13/README.dc
---------------------------------------------------------------------------------------------------------------------------------
MIT Kerberos 5 Support
=======================

Fedora is using MIT Kerberos implementation as its Kerberos infrastructure of
choice. The Samba build in Fedora is using MIT Kerberos implementation in order
to allow system-wide interoperability between both desktop and server
applications running on the same machine.

At the moment the Samba Active Directory Domain Controller implementation is
not available with MIT Kereberos. FreeIPA and Samba Team members are currently
working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux
distribution integration of Samba AD DC features.

We have just finished migrating the file server and all client utilities to MIT
Kerberos. The result of this work is available in samba-* packages in Fedora.
We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos
KDC will be ready.

In case of further questions do not hesitate to send your inquiries to
samba-owner@fedoraproject.org
---------------------------------------------------------------------------------------------------------------------------------

Does anyone know when "We'll provide Samba AD DC functionality as soon as
its support of MIT Kerberos KDC will be ready."

will be completed?

Does the alternative approach of using the samba rpm's for CentOS will work?
I am using FC19.
Reply With Quote
  #4  
Old 19th October 2015, 08:36 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

Anyone still trying to do this in Fedora 22 and Fedora 23 even when Samba 4.3 is rolled in it will not work. Don't hold your breath for this. I'm hoping it will start showing up soon but there is no seen planning on samba 4.4 so I don't think it will happen yet. I am hopeful that I could get a non mit build of 4.3 and fully trust an openldap and maybe get the functionality I want with that.
Reply With Quote
  #5  
Old 1st November 2015, 11:41 AM
au_squirrel Offline
Registered User
 
Join Date: Nov 2005
Location: Brisbane
Posts: 26
windows_98_nt_2000firefox
Re: Fedora 20 Samba 4.1 AD DC howto?

I still download the git source and compile it myself. That has been the only way I can have my AD DC's. I wish the problems with kerberos could be sorted out so I can get a systemctl package from a Fedora repository.
__________________
ASUS Sabertooth Z170
Intel i7
16G Ram
F 25 - Windows 10
Thermaltake Core P5 Open Case watercooled on the wall.
Reply With Quote
  #6  
Old 7th June 2016, 04:19 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

After 3 years I can finally get AD samba with the mit kerberos. :-)

I'm using fedora 23 and will wait till 24 has this repo before I upgrade.

https://copr.fedorainfracloud.org/co...n/samba_ad_dc/

Code:
dnf copr enable asn/samba_ad_dc
then

Code:
dnf install samba-dc
Then I followed the instructions here https://wiki.samba.org/index.php/Set...ain_Controller
to create my AD DC

I joined a windows 10 pro virtual machine to it and install the server admin tools to allow me to easily add users and set GPOs

No more fighting with kerberos authentication issues.

I have been using it successfully for about 3 weeks :-)

Some slight DNS/DHCP issues but I'm thinking if I let samba populate DNS and remove DHCP from populating DNS I should be fine. If I really want dhcp to populate DNS I'll look more into it.

I'll post more about my setup when I am happy with it or if someone needs help. Feel free to ask me questions.

Last edited by Jeff Sadowski; 7th June 2016 at 04:51 PM.
Reply With Quote
  #7  
Old 7th June 2016, 10:00 PM
au_squirrel Offline
Registered User
 
Join Date: Nov 2005
Location: Brisbane
Posts: 26
windows_98_nt_2000firefox
Re: Fedora 20 Samba 4.1 AD DC howto?

\o/ Well I know what I will be doing this weekend.
__________________
ASUS Sabertooth Z170
Intel i7
16G Ram
F 25 - Windows 10
Thermaltake Core P5 Open Case watercooled on the wall.
Reply With Quote
  #8  
Old 9th July 2016, 08:49 PM
griffinmt's Avatar
griffinmt Offline
Registered User
 
Join Date: Oct 2005
Location: Southern Ontario
Age: 68
Posts: 200
windows_98_nt_2000chrome
Question Re: Fedora 20 Samba 4.1 AD DC howto?

Quote:
Originally Posted by Jeff Sadowski View Post
After 3 years I can finally get AD samba with the mit kerberos. :-)

I'm using fedora 23 and will wait till 24 has this repo before I upgrade.

https://copr.fedorainfracloud.org/co...n/samba_ad_dc/

Code:
dnf copr enable asn/samba_ad_dc
then

Code:
dnf install samba-dc
Then I followed the instructions here https://wiki.samba.org/index.php/Set...ain_Controller
to create my AD DC

I joined a windows 10 pro virtual machine to it and install the server admin tools to allow me to easily add users and set GPOs

No more fighting with kerberos authentication issues.

I have been using it successfully for about 3 weeks :-)

Some slight DNS/DHCP issues but I'm thinking if I let samba populate DNS and remove DHCP from populating DNS I should be fine. If I really want dhcp to populate DNS I'll look more into it.

I'll post more about my setup when I am happy with it or if someone needs help. Feel free to ask me questions.

I am running Fedora V21 and had their default Samba installed. But I wanted to put up a PDC with ADS, so I uninstalled samba and down loaded the Samba 4.4.5 source along with the Kerberos devel kit etc.
I then configured and compiled etc and it indicated it was successful.
But I can't load the NBM, SBM and WINBIND services using Systemctl.
What am I missing? (still a bit of a rooky).Linux
__________________
Martyn Griffin
Reply With Quote
  #9  
Old 9th July 2016, 09:14 PM
au_squirrel Offline
Registered User
 
Join Date: Nov 2005
Location: Brisbane
Posts: 26
windows_98_nt_2000firefox
Re: Fedora 20 Samba 4.1 AD DC howto?

With my build of the source from samba.org, I have to run the samba command located in /usr/share/samba/sbin. I havent figured out how to interate it into systemctl.

To stop the samba server, I just use the killall samba command
__________________
ASUS Sabertooth Z170
Intel i7
16G Ram
F 25 - Windows 10
Thermaltake Core P5 Open Case watercooled on the wall.
Reply With Quote
  #10  
Old 17th March 2017, 08:49 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

Aleluya major development. :-) In about six months samba-4.7 will have AD DC support with the MIT Kerberos. I see the light at the end of a long long long tunnel. I'm dancing.
Reply With Quote
  #11  
Old 5th July 2017, 04:39 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

4.7rc1 is out. We are 2 months from a AD DC officially built by the fedora team. :-) Maybe sooner if they build rc versions in rawhide. Hope, hope, hope :-D
Reply With Quote
  #12  
Old 9th July 2017, 04:33 AM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

After 3 and a half plus years of waiting it is finally here. :-) It is in rawhide right now. I just updated and they have the tools to make a domain controller. I will test it all out in a couple of weeks when I finish my move and have some time to work on it.
Reply With Quote
  #13  
Old 18th August 2017, 03:54 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

I installed fedora rawhide.

Code:
#install the needed items
dnf install samba-dc named tdb-tools

#create dependence for named to check permissions
mkdir /etc/systemd/system/named.service.d
cat << EOF_service > /etc/systemd/system/named.service.d/samba-permission-check.conf
[Service]
ExecStartPre=/etc/scripts/samba-permissions-check.sh
EOF_service
mkdir /etc/scripts

#script used in dependency for named to check permissions
cat << EOF_script > /etc/scripts/samba-permissions-check.sh
#!/bin/bash
chgrp named /var/lib/samba/private/
chmod 0750 /var/lib/samba/private/
chgrp named /var/lib/samba/private/named.conf
chgrp -R named /var/lib/samba/private/dns
chgrp named /var/lib/samba/private/sam.ldb
chgrp -R named /var/lib/samba/private/sam.ldb.d
EOF_script
systemctl daemon-reload

#my domain building script I used to build my domain
cat << EOF_rebuilder > /root/rebuild_domain.sh
#!/bin/bash
systemctl stop named
systemctl stop samba
rm -f /etc/samba/smb.conf
if [ -f ~/domain_password ];then
 . ~/domain_password
fi
if [ "${domain_name}" = "" ];then
 echo "Domain Name:"
 read domain_name
 echo "domain_name=${domain_name}" > ~/domain_password
 echo "Password:"
 read password
 echo "password='${password}'" >> ~/domain_password
fi
short=$(echo ${domain_name}|cut -d. -f1)
echo $domain_name
echo $short
echo $password
samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=${domain_name} --domain=${short} "--adminpass=${password}"
firewall-cmd --add-service=dns --permanent
firewall-cmd --add-service=samba --permanent
firewall-cmd --reload
systemctl enable named
systemctl enable samba
kdb5_util destroy -f
kdb5_util create -s
systemctl start named
systemctl start samba
if [ "$(grep "/var/lib/samba/private/named.conf" /etc/named.conf)" = "" ];then
 echo 'include "/var/lib/samba/private/named.conf";' >> /etc/named.conf
fi
EOF_rebuilder

#running my script
/root/rebuild_domain.sh

Last edited by Jeff Sadowski; 18th August 2017 at 05:16 PM.
Reply With Quote
  #14  
Old 10th October 2017, 08:23 PM
Jeff Sadowski Offline
Registered User
 
Join Date: Jun 2005
Age: 43
Posts: 506
linuxchrome
Re: Fedora 20 Samba 4.1 AD DC howto?

All set for fedora 27 by the end of the month it will no longer be beta. :-) I'll finally be able to write a more finished howto. Fedora 27 beta has samba-4.7.0 and has a working samba-dc. :-)
Reply With Quote
Reply

Tags
fedora , howto , samba

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
samba howto input Using Fedora 17 29th December 2010 12:54 AM
Samba and 389 Directory: Howto sync passwords? HaikoH Servers & Networking 0 12th January 2010 05:53 PM
Samba - howto maintain a mount between reboots supanova Servers & Networking 2 27th January 2006 02:14 PM
samba-vscan-clamav howto nocolour Using Fedora 0 1st October 2004 05:00 PM
Fedora + Samba Printing: Any good HowTo's? IanWaring Servers & Networking 10 15th August 2004 04:09 PM


Current GMT-time: 09:03 (Wednesday, 18-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat