Distribution-specific Package Installation: Difference between revisions
Mmuehlfeld (talk | contribs) m (Removed newline.) |
m (Added some Ubuntu-specific information about dns resolutions) |
||
(21 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
= Introduction = |
||
The following is a distribution-specific list of commands to install Samba. There is a distinct difference between installing Samba, and provisioning/configuring of Samba. This page covers the installation-only, and is intended to be a short detour away from [[Setting_up_Samba_as_an_Active_Directory_Domain_Controller|Setting up Samba as an Active Directory Domain Controller]] page. |
|||
The following is a distribution-specific list of commands to install Samba. |
|||
Note, that the list of commands is neither provided nor actively verified by the Samba team. If you see any missing packages or incorrect package names, please update the command or send the information to the [https://lists.samba.org/mailman/listinfo/samba Samba mailing list]. |
Note, that the list of commands is neither provided nor actively verified by the Samba team. If you see any missing packages or incorrect package names, please update the command or send the information to the [https://lists.samba.org/mailman/listinfo/samba Samba mailing list]. |
||
As a reminder, the following information about the domain and domain controller applies to these examples: |
|||
* Hostname = <code>DC1</code> |
|||
* DC local IP Address = <code>10.99.0.1</code> |
|||
* Authentication Domain = <code>SAMDOM.EXAMPLE.COM</code> |
|||
* Top level Domain = <code>EXAMPLE.COM</code> |
|||
= Red Hat Enterprise Linux / CentOS / Scientific Linux = |
= Red Hat Enterprise Linux / CentOS / Scientific Linux = |
||
== Version 7 == |
== Version 7 and 8 == |
||
# yum install samba |
# yum install samba |
||
The <code>samba</code> package only supports Samba as a domain member and NT4 PDC or BDC. Red Hat does not provide packages for running Samba as an AD DC. As an alternative: |
|||
* |
* Build Samba. For details, see [[Build_Samba_from_Source|Build Samba from Source]]. |
||
* |
* Use 3rd-party packages with AD support from a trusted source. |
||
== Version 6 == |
== Version 6 == |
||
Line 25: | Line 27: | ||
# yum install samba4 |
# yum install samba4 |
||
The <code>samba4</code> package only supports Samba as a domain member and NT4 PDC or BDC. Red Hat does not provide packages for running Samba as an AD DC. As an alternative: |
|||
* |
* Build Samba. For details, see [[Build_Samba_from_Source|Build Samba from Source]]. |
||
* |
* Use 3rd-party packages with AD support from a trusted source. |
||
= Debian = |
|||
The following command will prompt you for Kerberos information, and hostname information for the domain controller. Example entries for the Kerberos 5 Realm, Kerberos servers for the realm and hostname of the administrator server are as follows for a DC with the hostname <code>dc1</code> in the domain <code>SANDOM.EXAMPLE.COM</code> |
|||
* SANDOM.EXAMPLE.COM |
|||
= Debian = |
|||
* dc1.sandom.example.com |
|||
== Stretch (testing) == |
|||
* dc1.sandom.example.com |
|||
# apt-get install samba |
|||
# apt-get install acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user |
|||
*Note1: For a DC you do not need libpam-winbind libnss-winbind libpam-krb5, unless you require AD users to login |
|||
*Note2: For a DC, which will become the new DNS server for the domain, install <code>dnsutils</code> with the following command: |
|||
== Jessie (stable) == |
|||
# apt-get install |
# apt-get install dnsutils |
||
* '''Optional''' Note3: For a DC to serve as the domain NTP server, you will also need <code>ntp</code> or <code>chrony</code>. However this is not explicitly necessary for domain-joined machines to share a common NTP server. It is possible to define a Group Policy Object that synchronizes workstations with <code>time.windows.com</code> post installation. Either package can be installed via: |
|||
# apt-get install chrony |
|||
For details about time synchronization, see [[Time_Synchronisation|Time Synchronization]]. |
|||
== Wheezy (old-stable) == |
|||
Packages in Wheezy are very outdated, don't use them! |
|||
Note: On Wheezy backport Samba 4.1.17 is available: See [https://packages.debian.org/wheezy-backports/samba https://packages.debian.org/wheezy-backports/samba] |
|||
See http://backports.debian.org/Instructions/ for information about how to add backports to your sources.list and how to install packages. |
|||
= Ubuntu = |
|||
==== Preparing the Installation Recap ==== |
|||
Before beginning the installation process, it is important that the prerequisites defined on the [[Setting_up_Samba_as_an_Active_Directory_Domain_Controller|Setting up Samba as an Active Directory Domain Controller]] page are met: |
|||
# Define a DNS Domain |
|||
# Define a hostname |
|||
# Select a static IP Address |
|||
# Disable <code>resolvconf</code> or make <code>/etc/resolv.conf</code> immutable |
|||
# Modify the <code>/etc/hosts</code> file to ensure the DC correctly resolves to itself at the fully-qualified domain name (FQDN) and short host name |
|||
Administrators may be unfamiliar with how to perform steps 4 and 5, so this section is intended to provide support: |
|||
= Ubuntu = |
|||
'''Perform Step 4: Disabling the DNS Resolver''' |
|||
== 15.10 Wily Werewolf == |
|||
Stop and Disable <code>systemd-resolved</code> service |
|||
# apt-get install samba |
|||
$ sudo systemctl disable --now systemd-resolved |
|||
It is good practice to backup <code>resolv.conf</code> unlink it |
|||
$ sudo cp /etc/resolv.conf /etc/resolv.conf.backup |
|||
$ sudo unlink /etc/resolv.conf |
|||
Create a new, blank <code> resolv.conf</code> |
|||
$ sudo touch /etc/resolv.conf |
|||
$ sudo nano /etc/resolv.conf |
|||
With Nano open, copy the following contents and save this file: |
|||
== 14.04 Trusty Tahr (LTS) == |
|||
# Samba server IP address |
|||
nameserver 10.99.0.1 |
|||
# fallback resolver |
|||
nameserver 1.1.1.1 |
|||
# main domain for Samba |
|||
search SAMDOM.EXAMPLE.COM |
|||
Ubuntu will attempt to automatically overwrite this file every time the system restarts. Thus we have to make this file immutable: |
|||
# apt-get install samba |
|||
$ sudo chattr +i /etc/resolv.conf |
|||
'''Perform Step 5: Modify the <code>/etc/hosts</code> file''' |
|||
Open the hosts file with |
|||
$ sudo nano /etc/hosts |
|||
Modify and add the following line to the top |
|||
== 12.04 Precise Pangolin (LTS) == |
|||
10.99.0.1 DC1.SAMDOM.EXAMPLE.COM DC1 |
|||
With steps 4 and 5 completed, restart the machine |
|||
# apt-get install samba4 |
|||
$ sudo shutdown now -r |
|||
==== Package Installation ==== |
|||
Packages in 12.04 are very outdated (3.6.x), don't use them! |
|||
With the above prerequisites met, it is now time to install the Samba and associated packages. The following command will prompt you for Kerberos information, and hostname information for the domain controller. Example entries for the Kerberos 5 Realm, Kerberos servers for the realm and hostname of the administrator server are as follows for a DC with the hostname <code>dc1</code> in the domain <code>SANDOM.EXAMPLE.COM</code> |
|||
* SANDOM.EXAMPLE.COM |
|||
* dc1.sandom.example.com |
|||
* dc1.sandom.example.com |
|||
$ sudo apt-get install acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user |
|||
*Note1: For a DC you do not need libpam-winbind libnss-winbind libpam-krb5, unless you require AD users to login |
|||
*Note2: For a DC, which will become the new DNS server for the domain, install <code>dnsutils</code> with the following command: |
|||
$ sudo apt-get install dnsutils |
|||
*'''Optional'' Note3: For a DC to serve as the domain NTP server, you will also need <code>ntp</code> or <code>chrony</code>. However this is not explicitly necessary for domain-joined machines to share a common NTP server. It is possible to define a Group Policy Object that synchronizes workstations with <code>time.windows.com</code> post installation. Either package can be installed via: |
|||
$ sudo apt-get install ntp |
|||
or |
|||
$ sudo apt-get install chrony |
|||
For details about time synchronization, see [[Time_Synchronisation|Time Synchronization]]. |
|||
==== Post Installation, Pre-Provisioning ==== |
|||
As mentioned at the top of this page, there is a distinction between installing Samba and provisioning (configuring) it for your needs. Samba automatically creates some placeholder configuration files which are not useful and will break the automated configuration utilities. Thus we must delete those files before moving on. |
|||
* Temporary Stop and Disable Samba Services |
|||
$ sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service |
|||
$ sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service |
|||
* Backup the original samba config file. |
|||
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.initial |
|||
* Unmask Samba service |
|||
$ sudo systemctl unmask samba-ad-dc |
|||
The next step will be to utilize <code>samba-tool</code> in interactive mode to automatically create your configuration files. Details on this can be found back on the main [[Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_Samba_AD_in_Interactive_Mode|Setting up Samba as an Active Directory Domain Controller]] page. Open up that page in a new tab and follow the instructions for the interactive provisioning. |
|||
==== Post-Provisioning ==== |
|||
Upon completion of provisioning, the following commands should be entered to restart Samba with the new configuration files: |
|||
$ sudo systemctl start samba-ad-dc.service |
|||
$ sudo systemctl enable samba-ad-dc.service |
|||
If all went well, your domain controller is up and running with a domain functional level of *Windows Server 2008 R2.* This can be verified with: |
|||
$ sudo samba-tool domain level show |
|||
$ sudo systemctl status samba-ad-dc.service |
|||
You now have a working domain controller for central authentication but no Group Policy Object support. This can be achieved by adding the following line to the <code>[globals]</code> section of the <code>/etc/samba/smb.conf</code> file: |
|||
allow group policies = yes |
|||
For additional information on this, navigate to [[Group_Policy#Winbind|Group Policy]]. |
|||
Line 86: | Line 174: | ||
# pkg install net/samba44 |
# pkg install net/samba44 |
||
Note: If you want to use the |
Note: If you want to use the <code>idmap_ad</code> Winbind back end (on e.g. an AD Member Server), you have to build the port by hand and select the '''EXP_MODULES''' configuration option! |
||
= SUSE Linux Enterprise / openSUSE = |
|||
# zypper install samba samba-winbind samba-ad-dc |
Revision as of 18:50, 6 September 2022
Introduction
The following is a distribution-specific list of commands to install Samba. There is a distinct difference between installing Samba, and provisioning/configuring of Samba. This page covers the installation-only, and is intended to be a short detour away from Setting up Samba as an Active Directory Domain Controller page.
Note, that the list of commands is neither provided nor actively verified by the Samba team. If you see any missing packages or incorrect package names, please update the command or send the information to the Samba mailing list.
As a reminder, the following information about the domain and domain controller applies to these examples:
- Hostname =
DC1
- DC local IP Address =
10.99.0.1
- Authentication Domain =
SAMDOM.EXAMPLE.COM
- Top level Domain =
EXAMPLE.COM
Red Hat Enterprise Linux / CentOS / Scientific Linux
Version 7 and 8
# yum install samba
The samba
package only supports Samba as a domain member and NT4 PDC or BDC. Red Hat does not provide packages for running Samba as an AD DC. As an alternative:
- Build Samba. For details, see Build Samba from Source.
- Use 3rd-party packages with AD support from a trusted source.
Version 6
# yum install samba4
The samba4
package only supports Samba as a domain member and NT4 PDC or BDC. Red Hat does not provide packages for running Samba as an AD DC. As an alternative:
- Build Samba. For details, see Build Samba from Source.
- Use 3rd-party packages with AD support from a trusted source.
Debian
The following command will prompt you for Kerberos information, and hostname information for the domain controller. Example entries for the Kerberos 5 Realm, Kerberos servers for the realm and hostname of the administrator server are as follows for a DC with the hostname dc1
in the domain SANDOM.EXAMPLE.COM
- SANDOM.EXAMPLE.COM
- dc1.sandom.example.com
- dc1.sandom.example.com
# apt-get install acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user
- Note1: For a DC you do not need libpam-winbind libnss-winbind libpam-krb5, unless you require AD users to login
- Note2: For a DC, which will become the new DNS server for the domain, install
dnsutils
with the following command:
# apt-get install dnsutils
- Optional Note3: For a DC to serve as the domain NTP server, you will also need
ntp
orchrony
. However this is not explicitly necessary for domain-joined machines to share a common NTP server. It is possible to define a Group Policy Object that synchronizes workstations withtime.windows.com
post installation. Either package can be installed via:
# apt-get install chrony
For details about time synchronization, see Time Synchronization.
Ubuntu
Preparing the Installation Recap
Before beginning the installation process, it is important that the prerequisites defined on the Setting up Samba as an Active Directory Domain Controller page are met:
- Define a DNS Domain
- Define a hostname
- Select a static IP Address
- Disable
resolvconf
or make/etc/resolv.conf
immutable - Modify the
/etc/hosts
file to ensure the DC correctly resolves to itself at the fully-qualified domain name (FQDN) and short host name
Administrators may be unfamiliar with how to perform steps 4 and 5, so this section is intended to provide support:
Perform Step 4: Disabling the DNS Resolver
Stop and Disable systemd-resolved
service
$ sudo systemctl disable --now systemd-resolved
It is good practice to backup resolv.conf
unlink it
$ sudo cp /etc/resolv.conf /etc/resolv.conf.backup $ sudo unlink /etc/resolv.conf
Create a new, blank resolv.conf
$ sudo touch /etc/resolv.conf $ sudo nano /etc/resolv.conf
With Nano open, copy the following contents and save this file:
# Samba server IP address nameserver 10.99.0.1 # fallback resolver nameserver 1.1.1.1 # main domain for Samba search SAMDOM.EXAMPLE.COM
Ubuntu will attempt to automatically overwrite this file every time the system restarts. Thus we have to make this file immutable:
$ sudo chattr +i /etc/resolv.conf
Perform Step 5: Modify the /etc/hosts
file
Open the hosts file with
$ sudo nano /etc/hosts
Modify and add the following line to the top
10.99.0.1 DC1.SAMDOM.EXAMPLE.COM DC1
With steps 4 and 5 completed, restart the machine
$ sudo shutdown now -r
Package Installation
With the above prerequisites met, it is now time to install the Samba and associated packages. The following command will prompt you for Kerberos information, and hostname information for the domain controller. Example entries for the Kerberos 5 Realm, Kerberos servers for the realm and hostname of the administrator server are as follows for a DC with the hostname dc1
in the domain SANDOM.EXAMPLE.COM
- SANDOM.EXAMPLE.COM
- dc1.sandom.example.com
- dc1.sandom.example.com
$ sudo apt-get install acl attr samba samba-dsdb-modules samba-vfs-modules winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user
- Note1: For a DC you do not need libpam-winbind libnss-winbind libpam-krb5, unless you require AD users to login
- Note2: For a DC, which will become the new DNS server for the domain, install
dnsutils
with the following command:
$ sudo apt-get install dnsutils
- 'Optional Note3: For a DC to serve as the domain NTP server, you will also need
ntp
orchrony
. However this is not explicitly necessary for domain-joined machines to share a common NTP server. It is possible to define a Group Policy Object that synchronizes workstations withtime.windows.com
post installation. Either package can be installed via:
$ sudo apt-get install ntp
or
$ sudo apt-get install chrony
For details about time synchronization, see Time Synchronization.
Post Installation, Pre-Provisioning
As mentioned at the top of this page, there is a distinction between installing Samba and provisioning (configuring) it for your needs. Samba automatically creates some placeholder configuration files which are not useful and will break the automated configuration utilities. Thus we must delete those files before moving on.
- Temporary Stop and Disable Samba Services
$ sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service $ sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service
- Backup the original samba config file.
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.initial
- Unmask Samba service
$ sudo systemctl unmask samba-ad-dc
The next step will be to utilize samba-tool
in interactive mode to automatically create your configuration files. Details on this can be found back on the main Setting up Samba as an Active Directory Domain Controller page. Open up that page in a new tab and follow the instructions for the interactive provisioning.
Post-Provisioning
Upon completion of provisioning, the following commands should be entered to restart Samba with the new configuration files:
$ sudo systemctl start samba-ad-dc.service $ sudo systemctl enable samba-ad-dc.service
If all went well, your domain controller is up and running with a domain functional level of *Windows Server 2008 R2.* This can be verified with:
$ sudo samba-tool domain level show $ sudo systemctl status samba-ad-dc.service
You now have a working domain controller for central authentication but no Group Policy Object support. This can be achieved by adding the following line to the [globals]
section of the /etc/samba/smb.conf
file:
allow group policies = yes
For additional information on this, navigate to Group Policy.
FreeBSD
# pkg install net/samba44
Note: If you want to use the idmap_ad
Winbind back end (on e.g. an AD Member Server), you have to build the port by hand and select the EXP_MODULES configuration option!
SUSE Linux Enterprise / openSUSE
# zypper install samba samba-winbind samba-ad-dc