Thanks Rowland -- will attempt to pull the startup script from the deb package. Just to clarify, When starting samba as an AD DC, we use the samba-ad-dc script, when starting samba as a file server only, we need a script that only starts smbd, nmbd, and winbind. ? On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 10/06/15 03:26, David Bear wrote: > >> I have setup samba 4.2.x as an AD DC in a linux container. This is an >> privileged container. I am using the brdging interface and have bound >> samba >> to the specific interface I want. >> >> As an ADDC it is working great. >> >> Now I go to the linux host, and created a samba 4.2 file server. I was >> able >> to join it to the domain. I followed the member server instructions at >> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server . >> >> There were a couple of things that were confusing. Since I am installing >> an >> an ubuntu 14 LTS server I followed the debian side of the instructions. >> >> Instructions for starting the daemons are given at >> https://wiki.samba.org/index.php/Samba4/InitScript. Towards the end of >> the >> wiki we were given instructions for both an init.d script and an upstart >> configuration file. I have grabbed the init.d/ script, made the >> modfications to point things to /usr/local/samba installation -- and when >> I >> run it, nothing happens.. So I start samba using sbin/samba and the >> deamons >> start. >> >> However at the tail end of my log file I see >> >> [2015/06/09 19:22:16.752250, 0] >> ../source4/smbd/server.c:475(binary_smbd_main) >> At this time the 'samba' binary should only be used for either: >> 'server role = active directory domain controller' or to access the >> ntvfs >> file server with 'server services = +smb' or the rpc proxy with 'dcerpc >> endpoint servers = remote' >> You should start smbd/nmbd/winbindd instead for domain member and >> standalone file server tasks >> [2015/06/09 19:22:16.752314, 0] >> ../lib/util/become_daemon.c:111(exit_daemon) >> STATUS=daemon failed to start: Samba detected misconfigured 'server >> role' >> and exited. Check logs for details, error code 22 >> >> since I followed the member server how to -- I am wondering if something >> there is left out? >> >> Here's my smb.conf >> >> /usr/local/samba# less etc/smb.conf >> [global] >> >> netbios name = srv1 >> workgroup = INTERNAL >> security = ADS >> realm = INTNERAL.XCITY.COM >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> >> idmap config *:backend = tdb >> idmap config *:range = 2000-9999 >> idmap config IN:backend = ad >> idmap config IN:schema_mode = rfc2307 >> idmap config IN:range = 10000-99999 >> >> winbind nss info = rfc2307 >> winbind trusted domains only = no >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> winbind refresh tickets = yes >> >> bind interfaces only = yes >> interfaces = em1 >> log level = 5 >> log file = /usr/local/samba/var/log.%m >> >> >> ---- >> which matches the how to. >> >> So there seems to be something missing from the how to . >> >> Any suggestions ? >> Also the %m macro expansion fails for the log file. It actually calls the >> log vile %m... >> > > Nope, there is nothing missing from the member server howto, it tells you > what samba processes to start, (smbd, nmbd and winbind). You should only > start the samba process on an AD DC. > > The problem seems to be that the wiki init script page only seems to have > a script to start smbd & nmbd (it's at the bottom of the page) and there > isn't one for winbind. > > The easiest way to get the required init scripts is to download the samba > package with 'apt-get download samba', unpack it (the easiest way is to > browse to the deb and right click it and select 'Extract here'). Now browse > into the directory that will be created > ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d > You should find 4 files, you want 3 of them, the one you don't want is > 'samba-ad-dc' > Open each of the required files in your favourite editor and change the > paths to point to your samba binaries, save the file and then move it to > /etc/init.d/ > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- David Bear mobile: (602) 903-6476
On 10/06/15 21:15, David Bear wrote:> Thanks Rowland -- will attempt to pull the startup script from the deb > package. > > Just to clarify, When starting samba as an AD DC, we use the > samba-ad-dc script, when starting samba as a file server only, we > need a script that only starts smbd, nmbd, and winbind. ?Basically yes, but on Debian the script called samba will start the AD DC by running the samba-ad-dc script, or it will run the two scripts called smbd and nmbd to start a member server. I would suggest that you just use the smbd & nmbd scripts, you will also need the winbind script from the winbind package if you intend to use winbind. Rowland> > > On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny > <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote: > > On 10/06/15 03:26, David Bear wrote: > > I have setup samba 4.2.x as an AD DC in a linux container. > This is an > privileged container. I am using the brdging interface and > have bound samba > to the specific interface I want. > > As an ADDC it is working great. > > Now I go to the linux host, and created a samba 4.2 file > server. I was able > to join it to the domain. I followed the member server > instructions at > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server . > > There were a couple of things that were confusing. Since I am > installing an > an ubuntu 14 LTS server I followed the debian side of the > instructions. > > Instructions for starting the daemons are given at > https://wiki.samba.org/index.php/Samba4/InitScript. Towards > the end of the > wiki we were given instructions for both an init.d script and > an upstart > configuration file. I have grabbed the init.d/ script, made the > modfications to point things to /usr/local/samba installation > -- and when I > run it, nothing happens.. So I start samba using sbin/samba > and the deamons > start. > > However at the tail end of my log file I see > > [2015/06/09 19:22:16.752250, 0] > ../source4/smbd/server.c:475(binary_smbd_main) > At this time the 'samba' binary should only be used for either: > 'server role = active directory domain controller' or to > access the ntvfs > file server with 'server services = +smb' or the rpc proxy > with 'dcerpc > endpoint servers = remote' > You should start smbd/nmbd/winbindd instead for domain > member and > standalone file server tasks > [2015/06/09 19:22:16.752314, 0] > ../lib/util/become_daemon.c:111(exit_daemon) > STATUS=daemon failed to start: Samba detected misconfigured > 'server role' > and exited. Check logs for details, error code 22 > > since I followed the member server how to -- I am wondering if > something > there is left out? > > Here's my smb.conf > > /usr/local/samba# less etc/smb.conf > [global] > > netbios name = srv1 > workgroup = INTERNAL > security = ADS > realm = INTNERAL.XCITY.COM <http://INTNERAL.XCITY.COM> > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > idmap config IN:backend = ad > idmap config IN:schema_mode = rfc2307 > idmap config IN:range = 10000-99999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > > bind interfaces only = yes > interfaces = em1 > log level = 5 > log file = /usr/local/samba/var/log.%m > > > ---- > which matches the how to. > > So there seems to be something missing from the how to . > > Any suggestions ? > Also the %m macro expansion fails for the log file. It > actually calls the > log vile %m... > > > Nope, there is nothing missing from the member server howto, it > tells you what samba processes to start, (smbd, nmbd and winbind). > You should only start the samba process on an AD DC. > > The problem seems to be that the wiki init script page only seems > to have a script to start smbd & nmbd (it's at the bottom of the > page) and there isn't one for winbind. > > The easiest way to get the required init scripts is to download > the samba package with 'apt-get download samba', unpack it (the > easiest way is to browse to the deb and right click it and select > 'Extract here'). Now browse into the directory that will be > created ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d > You should find 4 files, you want 3 of them, the one you don't > want is 'samba-ad-dc' > Open each of the required files in your favourite editor and > change the paths to point to your samba binaries, save the file > and then move it to /etc/init.d/ > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > David Bear > mobile: (602) 903-6476 > >
I think winbind is required for file service isn't it? On Wed, Jun 10, 2015 at 1:28 PM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 10/06/15 21:15, David Bear wrote: > > Thanks Rowland -- will attempt to pull the startup script from the deb > package. > > Just to clarify, When starting samba as an AD DC, we use the samba-ad-dc > script, when starting samba as a file server only, we need a script that > only starts smbd, nmbd, and winbind. ? > > > Basically yes, but on Debian the script called samba will start the AD DC > by running the samba-ad-dc script, or it will run the two scripts called > smbd and nmbd to start a member server. I would suggest that you just use > the smbd & nmbd scripts, you will also need the winbind script from the > winbind package if you intend to use winbind. > > Rowland > > > > > On Wed, Jun 10, 2015 at 12:59 AM, Rowland Penny < > rowlandpenny at googlemail.com> wrote: > >> On 10/06/15 03:26, David Bear wrote: >> >>> I have setup samba 4.2.x as an AD DC in a linux container. This is an >>> privileged container. I am using the brdging interface and have bound >>> samba >>> to the specific interface I want. >>> >>> As an ADDC it is working great. >>> >>> Now I go to the linux host, and created a samba 4.2 file server. I was >>> able >>> to join it to the domain. I followed the member server instructions at >>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server . >>> >>> There were a couple of things that were confusing. Since I am installing >>> an >>> an ubuntu 14 LTS server I followed the debian side of the instructions. >>> >>> Instructions for starting the daemons are given at >>> https://wiki.samba.org/index.php/Samba4/InitScript. Towards the end of >>> the >>> wiki we were given instructions for both an init.d script and an upstart >>> configuration file. I have grabbed the init.d/ script, made the >>> modfications to point things to /usr/local/samba installation -- and >>> when I >>> run it, nothing happens.. So I start samba using sbin/samba and the >>> deamons >>> start. >>> >>> However at the tail end of my log file I see >>> >>> [2015/06/09 19:22:16.752250, 0] >>> ../source4/smbd/server.c:475(binary_smbd_main) >>> At this time the 'samba' binary should only be used for either: >>> 'server role = active directory domain controller' or to access the >>> ntvfs >>> file server with 'server services = +smb' or the rpc proxy with 'dcerpc >>> endpoint servers = remote' >>> You should start smbd/nmbd/winbindd instead for domain member and >>> standalone file server tasks >>> [2015/06/09 19:22:16.752314, 0] >>> ../lib/util/become_daemon.c:111(exit_daemon) >>> STATUS=daemon failed to start: Samba detected misconfigured 'server >>> role' >>> and exited. Check logs for details, error code 22 >>> >>> since I followed the member server how to -- I am wondering if something >>> there is left out? >>> >>> Here's my smb.conf >>> >>> /usr/local/samba# less etc/smb.conf >>> [global] >>> >>> netbios name = srv1 >>> workgroup = INTERNAL >>> security = ADS >>> realm = INTNERAL.XCITY.COM >>> dedicated keytab file = /etc/krb5.keytab >>> kerberos method = secrets and keytab >>> >>> idmap config *:backend = tdb >>> idmap config *:range = 2000-9999 >>> idmap config IN:backend = ad >>> idmap config IN:schema_mode = rfc2307 >>> idmap config IN:range = 10000-99999 >>> >>> winbind nss info = rfc2307 >>> winbind trusted domains only = no >>> winbind use default domain = yes >>> winbind enum users = yes >>> winbind enum groups = yes >>> winbind refresh tickets = yes >>> >>> bind interfaces only = yes >>> interfaces = em1 >>> log level = 5 >>> log file = /usr/local/samba/var/log.%m >>> >>> >>> ---- >>> which matches the how to. >>> >>> So there seems to be something missing from the how to . >>> >>> Any suggestions ? >>> Also the %m macro expansion fails for the log file. It actually calls the >>> log vile %m... >>> >> >> Nope, there is nothing missing from the member server howto, it tells >> you what samba processes to start, (smbd, nmbd and winbind). You should >> only start the samba process on an AD DC. >> >> The problem seems to be that the wiki init script page only seems to have >> a script to start smbd & nmbd (it's at the bottom of the page) and there >> isn't one for winbind. >> >> The easiest way to get the required init scripts is to download the samba >> package with 'apt-get download samba', unpack it (the easiest way is to >> browse to the deb and right click it and select 'Extract here'). Now browse >> into the directory that will be created >> ~/samba_2%3a4.1.6+dfsg-1ubuntu2.14.04.7_amd64/etc/init.d >> You should find 4 files, you want 3 of them, the one you don't want is >> 'samba-ad-dc' >> Open each of the required files in your favourite editor and change the >> paths to point to your samba binaries, save the file and then move it to >> /etc/init.d/ >> >> Rowland >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > > -- > David Bear > mobile: (602) 903-6476 > > > >-- David Bear mobile: (602) 903-6476