Setting up Samba as an Active Directory Domain Controller

From SambaWiki

Samba4 developer howto

tridge@samba.org, December 2004


This is a very basic document on how to setup a simple Samba4 server. This is aimed at developers who are already familiar with Samba3 and wish to participate in Samba4 development. This is not aimed at production use of Samba4.


Step 1: download Samba4

There are 2 methods of doing this:

 method 1:  "rsync -avz samba.org::ftp/unpacked/samba4 ."
 method 2:  "svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba4"

both methods will create a directory called "samba4" in the current directory. If you don't have rsync or svn then install one of them.

Since only released versions of Samba contain a pregenerated configure script, you will have to generate it by hand:

$ cd samba4/source
$ ./autogen.sh

Note that the above rsync command will give you a checked out svn repository. So if you also have svn you can update it to the latest version at some future date using:

 $ cd samba4
 $ svn up

Step 2: compile Samba4

Recommended optional development libraries: - acl and xattr development libraries - gnutls - readline

Run this:

 $ cd samba4/source
 $ ./configure
 $ make proto all

If you have gcc 3.4 or newer, then substitute "pch" for "proto" to greatly speed up the compile process (about 5x faster).

Step 3: install Samba4

Run this as a user who have permission to write to the install directory (defaults to /usr/local/samba). Use --prefix option to configure above to change this.

 # make install


Step 4: provision Samba4

The "provision" step sets up a basic user database. Make sure your smbscript binary is installed in a directory listed in your PATH environment variable. It is presumed it's available just like any other commands from your shell. Must be run as a user with permission to write to the install directory.

 # cd source
 # ./setup/provision --realm=YOUR.REALM --domain=YOURDOM --adminpass=SOMEPASSWORD

'YOURDOM' is the NT4 style domain name. 'YOUR.REALM' is your kerberos realm, which is typically your DNS domain name.

Step 5: Create a simple smb.conf

The provisioning will create a very simple smb.conf with no shares by default. You will need to update it to add at least one share. For example:

 [test]
       path = /data/test
       read only = no


Step 6: starting Samba4

The simplest is to just run "smbd", but as a developer you may find the following more useful:

  # smbd -i -M single

that means "start smbd without messages in stdout, and running a single process. That mode of operation makes debugging smbd with gdb particularly easy.

Note that now it is no longer necessary to have an instance of nmbd from Samba 3 running. If you are running any smbd or nmbd processes they need to be stopped before starting smbd from Samba 4.

Make sure you put the bin and sbin directories from your new install in your $PATH. Make sure you run the right version!


Step 7: testing Samba4

try these commands:

    $ smbclient //localhost/test -Uadministrator%SOMEPASSWORD

or

    $ ./script/tests/test_posix.sh //localhost/test administrator SOMEPASSWORD


NOTE about filesystem support

To use the advanced features of Samba4 you need a filesystem that supports both the "user" and "system" xattr namespaces.

If you run Linux with a 2.6 kernel and ext3 this means you need to include the option "user_xattr" in your /etc/fstab. For example:

/dev/hda3 /home ext3 user_xattr 1 1

You also need to compile your kernel with the XATTR and SECURITY options for your filesystem. For ext3 that means you need:

  CONFIG_EXT3_FS_XATTR=y
  CONFIG_EXT3_FS_SECURITY=y

If you are running a Linux 2.6 kernel with CONFIG_IKCONFIG_PROC defined you can check this with the following command:

  $ zgrep CONFIG_EXT3_FS /proc/config.gz

If you don't have a filesystem with xattr support, then you can simulate it by using the option:

  posix:eadb = /usr/local/samba/eadb.tdb

that will place all extra file attributes (NT ACLs, DOS EAs, streams etc), in that tdb. It is not efficient, and doesn't scale well, but at least it gives you a choice when you don't have a modern filesystem.

Testing your filesystem

To test your filesystem support, install the 'attr' package and run the following 4 commands as root:

 # touch test.txt
 # setfattr -n user.test -v test test.txt
 # setfattr -n security.test -v test2 test.txt
 # getfattr -d test.txt
 # getfattr -n security.test -d test.txt

You should see output like this:

 # file: test.txt
 user.test="test"
 # file: test.txt
 security.test="test2"

If you get any "Operation not supported" errors then it means your kernel is not configured correctly, or your filesystem is not mounted with the right options.

If you get any "Operation not permitted" errors then it probably means you didn't try the test as root.


Testing Samba4 Active Directory in Ubuntu 7.04 howto

kstan79@gmail.com, 18-August-2007

  • When you see this sentence, it mean this potion not yet ready. I can't add new page in this wiki, so I just append my tutorial at bottom.

Setup 1: Setting up samba 4 server in Ubuntu 7.04

Step 1: Install required package

Ubuntu Feisty (7.04), by default not yet install required package for samba 4. To install all required package(We will remove bind8), type this command:-

 $sudo apt-get remove bind
 $sudo apt-get install autoconf bind9 libc6-dev

It will ask you to install additional package, simply press 'y' to accept it.

Step 2: Download samba 4 latest source code

Type this command to get latest source (subversion)

 $cd /usr/src
 $sudo svn co svn://svnanon.samba.org/samba/branches/SAMBA_4_0 samba4

You will see the terminal start to download the source code, leave it until the end. When the samba4 source code is download completed, you will found a 'samba4' folder appear in /usr/src

Step 3: Synchronize your samba 4 source code to the svn server

Samba 4 development is quite fast, you always can see something within a week. To update the latest source code:

 $cd /usr/src/samba4
 $sudo svn update

Step 4: To compile and install samba 4 into Ubuntu 7.04

To compile and install samba 4, we force it to install at /usr/local,

 $cd /usr/src/samba4/source
 $sudo ./configure --prefix=/usr/local
 $sudo make pch all
 $sudo make install
 $sudo ./setup/provision --realm=TESTING1.ORG --domain=TESTING1 --adminpass=TESTING1

If you use gcc older than 3.4, use 'make proto all' rather than 'make pch all'. If there is no error, your samba 4 is install successfully.

Step 5: Setting up DNS Server for samba 4 in Ubuntu 7.04

Samba 4 work as Windows Active Directory Server, and DNS Server is critical component in active directory. During compilation and installation, the samba4 help us to create a standard DNS zone.

 $sudo cp /usr/local/testing1.org.zone /etc/bind
 $sudo gedit /etc/bind/named.conf.local

At following line into the bottom of file:


zone "testing1.org" {

       type master;
       file "/etc/bind/testing1.org.zone";

};


Double check the testing1.org.zone whether feed your configuration(If you use vmware which will add in 2 more network interface, you need to edit it manually) Base on setting inside my computer, Ip Address = 192.168.141.1, hostname = mis1.testing1.org Check the bold text whether it correctly configured.

 $sudo gedit /etc/bind/testing1.org.zone



-*- zone -*-
generated by provision.pl

$ORIGIN testing1.org. $TTL 1W @ IN SOA @ mis1.testing1.org. (

                               2007071516   ; serial
                               2D              ; refresh
                               4H              ; retry
                               6W              ; expiry
                               1W )            ; minimum

IN NS mis1 IN A 192.168.141.1

mis1 IN A 192.168.141.1 1846d80a-02c6-4bdb-8f1b-7d95d7a85024._msdcs IN CNAME mis1

global catalog servers

_gc._tcp IN SRV 0 100 3268 mis1 _ldap._tcp.gc._msdcs IN SRV 0 100 389 mis1 _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 389 mis1

ldap servers

_ldap._tcp IN SRV 0 100 389 mis1 _ldap._tcp.dc._msdcs IN SRV 0 100 389 mis1 _ldap._tcp.pdc._msdcs IN SRV 0 100 389 mis1 _ldap._tcp.b15dc010-f593-4a5b-acf2-d0b2c1d1beef.domains._msdcs IN SRV 0 100 389 mis1 _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 mis1

krb5 servers

_kerberos._tcp IN SRV 0 100 88 mis1 _kerberos._tcp.dc._msdcs IN SRV 0 100 88 mis1 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 mis1 _kerberos._udp IN SRV 0 100 88 mis1

MIT kpasswd likes to lookup this name on password change

_kerberos-master._tcp IN SRV 0 100 88 mis1 _kerberos-master._udp IN SRV 0 100 88 mis1

kpasswd

_kpasswd._tcp IN SRV 0 100 464 mis1 _kpasswd._udp IN SRV 0 100 464 mis1

heimdal 'find realm for host' hack

_kerberos IN TXT TESTING1.ORG



Step 6: Bring up the DNS server

Edit the /etc/resolv.conf, then your computer will query DNS from itself

 $sudo echo "nameserver 127.0.0.1" > /etc/resolv.conf
 $sudo echo "nameserver your-isp-dns-ipaddress" >> /etc/resolv.conf

You need to restart the DNS server in order to bing up the new zone

 $sudo /etc/init.d/bind9 restart

if you able to ping the mis1.testing1.org (change mis1 to feed your setting), then it mean the dns server is ready. Please don't proceed to next step if your DSN server is not ready. Because your client PC won't able to join the domain.

Step 7: Fire up samba 4 Services

To monitor samba 4 activity easier, I don't use daemon mode to start the samba 4 services.

 $sudo /usr/local/sbin/smbd -i -d 5 

Now your samba 4 is ready, open this url at mozilla firefox to see new SWAT.

http://localhost:901

If you see the swat, then the samba 4 server is work. Then we need to configure your client computer.

Step 2: Configure Windows XP Pro client to join Samba 4 Active Directory=