From SambaWiki

Contents 1 Setting up Samba4 against a (replicated) Fedora DS installation 1.1 Getting Fedora DS 1.2 CVS 1.2.1 Build Fedora DS 1.3 RPM 1.4 Getting Samba4 1.5 Build Samba4 1.6 Setup $PATH 1.7 Setup Fedora DS 1.8 Start Samba4 and replication

Setting up Samba4 against a (replicated) Fedora DS installation

Getting Fedora DS

CVS

Check out Fedora DS (HEAD) from their CVS repository:

CVSROOT=:pserver:anonymous@cvs.fedora.redhat.com:/cvs/dirsec ; export CVSROOT
cvs login

Press <enter> for a blank password, then run:

cvs -z3 co ldapserver

Build Fedora DS

Fedora DS requires a number of packages from your distribution.

On Fedora Core 6/7, this command will install the dependencies:

yum install lm_sensors-devel libicu-devel nss-devel nspr-devel cyrus-sasl-devel mozldap-devel net-snmp-devel

Once these are installed, we can configure the server:

(
 cd ldapserver
 ./configure
 make 
 make install
)

This will install into /opt/fedora-ds

RPM

Fedora DS 1.1, matching these instructions, is available with

yum install fedora-ds-base

on Fedora 9

Getting Samba4

Check out Samba4 from Samba.org's anonymous rsync server:

rsync -a ftp.samba.org::ftp/pub/unpacked/samba_4_0_test/ SAMBA_4_0

Build Samba4

Build samba4, with --enable-developer to get appropriate warnings and debug symbols:

(
 cd SAMBA_4_0/source
 ./autogen.sh
 ./configure --enable-developer
 make
 make install
)

Setup $PATH

Add /usr/local/samba/bin and /usr/local/samba/sbin to your path

PATH=/usr/local/samba/bin:/usr/local/samba/sbin:$PATH
export PATH

Setup Fedora DS

On both hosts, prepare the backend:

(
 cd SAMBA_4_0/source
 setup/provision-backend --realm=ldap.samba.example.com --domain=ldap --ldap-backend-port=2389 --ldap-manager-pass=penguin \ 
  --ldap-backend-type=fedora-ds  --server-role='domain controller'
)

On both hosts, we now set up it's directory instance:

/opt/fedora-ds/sbin/setup-ds.pl --silent --file=/usr/local/samba/private/ldap/fedorads.inf 

/usr/local/samba/private/ldap/slapd-samba4/start-slapd

On host linux1 provision Samba4 into this instance:

(
cd SAMBA_4_0/source
 setup/provision --realm=LDAP.SAMBA.EXAMPLE.COM --domain=LDAP --ldap-backend-type=fedora-ds \
  --server-role='domain controller' \
  --ldap-backend=ldapi \
  --simple-bind-dn=CN=Manager,dc=ldap,dc=samba,dc=example,dc=com --password=penguin \
  '--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK'
)

The ACI in this example sets anonymous access to all entries. This will change, but for now this isn't a secure example.

Edit the created DNS zone file to include an appropriate entry for host linux2, and install into the DNS server.

Add system:anonymous = yes to the [global] smb.conf section, to ensure we don't try and bind as a regular user:

echo "system:anonymous = yes" >> /usr/local/samba/etc/smb.conf

Start Samba4 and replication

Start Samba4 on host linux1

smbd -i -M single -d3

Now that both LDAP servers are running, we can setup Multi-master replication. You will need mmr.pl from ftp://ftp.samba.org/pub/unpacked/lorikeet/fedora-ds/mmr.pl (a patched version of mmr.pl with support for the --port option).

mmr.pl \
    --host1 linux1.ldap.samba.example.com \
    --host2 linux2.ldap.samba.example.com \
    --host1_id 1 \
    --host2_id 2 \
    --bindpw penguin \
    --repmanpw repsecret \
    --port 2389 \
    --create \
    --base dc=ldap,dc=samba,dc=example,dc=com \
    --binddn cn=Manager,dc=ldap,dc=samba,dc=example,dc=com

On host linux2, we must connect to the LDAP server and join the domain:

setup/provision --ldap-backend=ldapi:///usr/local/samba/private/ldap/ldapi --ldap-module=nsuniqueid --partitions-only --realm=LDAP.SAMBA.EXAMPLE.COM --domain=LDAP

net join ldapdom bdc -Uadministrator%penguin

To finish the join, we need to add in an extra entry into the directory. Create a file /root/linux2.ldif with

dn: CN=NTDS Settings,CN=linux2,CN=Servers,CN=default-first-site-name,CN=Sites,cn=configuration,dc=ldap,dc=samba,dc=example,dc=com
objectClass: top
objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
options: 1
instanceType: 4
showInAdvancedViewOnly: TRUE
systemFlags: 33554432
dMDLocation: CN=schema,cn=configuration,dc=ldap,dc=samba,dc=example,dc=com
invocationId: *PLEASE GENERATE A UUID*
msDS-Behavior-Version: 2

Ensure you replace *PLEASE GENERATE A UUID* with the output of uuidgen from e2fsprogs

ldbadd -H ldap://linux1.ldap.samba.example.com -Uadministrator%samba2 /root/linux2.ldif

Finally, we can start samba4 on linux2:

smbd -i -M single -d3