On 27/08/15 22:00, Robert Moskowitz wrote:> Ah, LDAP is included within Samba, I find. Don't install provided one... > > I suppose I will have to find what schemas, particularly if the bind > dlz schema is included?ER, you don't actually need to add any extra schemas, it is all built into samba4 when run as an AD DC, if you are struggling to understand this, just think a windows AD DC but running on Linux. The next thing to understand is if you want an AD DC and want to use an rpm based OS (centos, clearos etc) then you cannot use the distro packages, at the moment, there aren't any. What you can use are the packages supplied by Sernet: http://www.samba.plus/home/ This is not a bad thing really, as you get more uptodate versions, 4.2.3 at the moment Rowland> > On 08/27/2015 04:56 PM, Robert Moskowitz wrote: >> >> >> On 08/27/2015 04:52 PM, Rowland Penny wrote: >>> On 27/08/15 21:42, Robert Moskowitz wrote: >>>> >>>> >>>> On 08/27/2015 04:37 PM, Rowland Penny wrote: >>>>> On 27/08/15 21:23, Robert Moskowitz wrote: >>>>>> >>>>>> >>>>>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote: >>>>>>> Hello Jim, >>>>>>> >>>>>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour: >>>>>>>> BIND would be the auth nameserver for example.com and >>>>>>>> delegate >>>>>>>> the samdom.example.com zone to the Samba DNS running on >>>>>>>> the second >>>>>>>> (virtual) interface >>>>>>>> >>>>>>>> Samba is the auth nameserver for samdom.example.com >>>>>>> If you're already having BIND running, you're just one step away >>>>>>> from >>>>>>> including the AD DNS domain as additional domain via DLZ. >>>>>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9 >>>>>>> >>>>>>> >>>>>>> What's wrong with that? >>>>>> >>>>>> It says: >>>>>> >>>>>> include "/usr/local/samba/private/named.conf"; >>>>>> >>>>>> This file does not exist on my sernet 4.2 installation. >>>>>> >>>>>> In fact, I do not have a /usr/local/samba directory. >>>>>> >>>>>> >>>>>> >>>>> >>>>> It now also says (at the top): >>>>> >>>>> As this HowTo is based around a compiled install, the PATHs refer >>>>> to '/usr/local/samba' as a base. If you are using packages from >>>>> your OS or Sernet, this PATH will most likely not exist, you will >>>>> need to find the relevant files on your system, try starting with >>>>> '/var/lib/samba'. >>>> >>>> Oh this is soooo much fun! Not.. >>>> >>>>> I also use Sernet Samba 4.2.3 on one of my DCs and the required >>>>> named.conf is in /var/lib/samba/private/ >>>> >>>> Empty dir. >>> >>> OK, how did you provision samba4 as a DC ? >>> I believe that /var/lib/samba/private is empty until the domain is >>> provisioned, at which point it should look like this: >>> >>> dns ldapi randseed.tdb share.ldb >>> dns.keytab ldap_priv sam.ldb smbd.tmp >>> dns_update_cache named.conf sam.ldb.d spn_update_list >>> dns_update_list named.conf.update schannel_store.tdb tls >>> hklm.ldb named.txt secrets.keytab >>> idmap.ldb netlogon_creds_cli.tdb secrets.ldb >>> krb5.conf privilege.ldb secrets.tdb >> >> I am still reading all the wiki info, making notes and looking for >> stuff. No provisioning yet. I suppose since this build is a through >> away one, I should do that. >> >> I still have to figure out what ldap rpms to install, along with dhcp! >> >> Quite a bit to go. Perhaps I am getting too bogged down in DNS, as >> I THINK I should know that part up until dlz. >> >>> >>> Rowland >>> >>> >>> >>>> >>>>> , it is also in /usr/share/samba/setup/ but called named.conf.dlz >>>> >>>> Ah there it (and others) are! >>>> >>>> thanks >>>> >>> >>> >> >> >
On 08/27/2015 05:10 PM, Rowland Penny wrote:> On 27/08/15 22:00, Robert Moskowitz wrote: >> Ah, LDAP is included within Samba, I find. Don't install provided >> one... >> >> I suppose I will have to find what schemas, particularly if the bind >> dlz schema is included? > > ER, you don't actually need to add any extra schemas, it is all built > into samba4 when run as an AD DC, if you are struggling to understand > this, just think a windows AD DC but running on Linux.I abandoned Win servers around the time of Win2000! No AD experience here! I still run my home as an NT Domain; I am trying to get with the future here.> The next thing to understand is if you want an AD DC and want to use > an rpm based OS (centos, clearos etc) then you cannot use the distro > packages, at the moment, there aren't any. What you can use are the > packages supplied by Sernet: http://www.samba.plus/home/That is why I have had help buiding the sernet 4.2 for me distro. yes, this is a Centos 7 system. And more it is the development distro for C7-armv7l. So some stuff is not present. But the my sernet 4.2 rpms were built on the QEMU server they are using for all this work. ERGO, I SHOULD have everything in some place resembling where sernet puts it.> > This is not a bad thing really, as you get more uptodate versions, > 4.2.3 at the momentFor now we will have to build our own. If I show this to be viable, perhaps we can automate it.> > Rowland >> >> On 08/27/2015 04:56 PM, Robert Moskowitz wrote: >>> >>> >>> On 08/27/2015 04:52 PM, Rowland Penny wrote: >>>> On 27/08/15 21:42, Robert Moskowitz wrote: >>>>> >>>>> >>>>> On 08/27/2015 04:37 PM, Rowland Penny wrote: >>>>>> On 27/08/15 21:23, Robert Moskowitz wrote: >>>>>>> >>>>>>> >>>>>>> On 08/27/2015 04:18 PM, Marc Muehlfeld wrote: >>>>>>>> Hello Jim, >>>>>>>> >>>>>>>> Am 27.08.2015 um 21:49 schrieb Jim Seymour: >>>>>>>>> BIND would be the auth nameserver for example.com and >>>>>>>>> delegate >>>>>>>>> the samdom.example.com zone to the Samba DNS running on >>>>>>>>> the second >>>>>>>>> (virtual) interface >>>>>>>>> >>>>>>>>> Samba is the auth nameserver for samdom.example.com >>>>>>>> If you're already having BIND running, you're just one step >>>>>>>> away from >>>>>>>> including the AD DNS domain as additional domain via DLZ. >>>>>>>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#BIND_9.8_.2F_9.9 >>>>>>>> >>>>>>>> >>>>>>>> What's wrong with that? >>>>>>> >>>>>>> It says: >>>>>>> >>>>>>> include "/usr/local/samba/private/named.conf"; >>>>>>> >>>>>>> This file does not exist on my sernet 4.2 installation. >>>>>>> >>>>>>> In fact, I do not have a /usr/local/samba directory. >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> It now also says (at the top): >>>>>> >>>>>> As this HowTo is based around a compiled install, the PATHs refer >>>>>> to '/usr/local/samba' as a base. If you are using packages from >>>>>> your OS or Sernet, this PATH will most likely not exist, you will >>>>>> need to find the relevant files on your system, try starting with >>>>>> '/var/lib/samba'. >>>>> >>>>> Oh this is soooo much fun! Not.. >>>>> >>>>>> I also use Sernet Samba 4.2.3 on one of my DCs and the required >>>>>> named.conf is in /var/lib/samba/private/ >>>>> >>>>> Empty dir. >>>> >>>> OK, how did you provision samba4 as a DC ? >>>> I believe that /var/lib/samba/private is empty until the domain is >>>> provisioned, at which point it should look like this: >>>> >>>> dns ldapi randseed.tdb share.ldb >>>> dns.keytab ldap_priv sam.ldb smbd.tmp >>>> dns_update_cache named.conf sam.ldb.d spn_update_list >>>> dns_update_list named.conf.update schannel_store.tdb tls >>>> hklm.ldb named.txt secrets.keytab >>>> idmap.ldb netlogon_creds_cli.tdb secrets.ldb >>>> krb5.conf privilege.ldb secrets.tdb >>> >>> I am still reading all the wiki info, making notes and looking for >>> stuff. No provisioning yet. I suppose since this build is a >>> through away one, I should do that. >>> >>> I still have to figure out what ldap rpms to install, along with dhcp! >>> >>> Quite a bit to go. Perhaps I am getting too bogged down in DNS, as >>> I THINK I should know that part up until dlz. >>> >>>> >>>> Rowland >>>> >>>> >>>> >>>>> >>>>>> , it is also in /usr/share/samba/setup/ but called named.conf.dlz >>>>> >>>>> Ah there it (and others) are! >>>>> >>>>> thanks >>>>> >>>> >>>> >>> >>> >> > >
On 27/08/15 22:20, Robert Moskowitz wrote:> > > On 08/27/2015 05:10 PM, Rowland Penny wrote: >> On 27/08/15 22:00, Robert Moskowitz wrote: >>> Ah, LDAP is included within Samba, I find. Don't install provided >>> one... >>> >>> I suppose I will have to find what schemas, particularly if the bind >>> dlz schema is included? >> >> ER, you don't actually need to add any extra schemas, it is all built >> into samba4 when run as an AD DC, if you are struggling to understand >> this, just think a windows AD DC but running on Linux. > > I abandoned Win servers around the time of Win2000! No AD experience > here! I still run my home as an NT Domain; I am trying to get with > the future here. > >> The next thing to understand is if you want an AD DC and want to use >> an rpm based OS (centos, clearos etc) then you cannot use the distro >> packages, at the moment, there aren't any. What you can use are the >> packages supplied by Sernet: http://www.samba.plus/home/ > > That is why I have had help buiding the sernet 4.2 for me distro. yes, > this is a Centos 7 system. And more it is the development distro for > C7-armv7l. So some stuff is not present. But the my sernet 4.2 rpms > were built on the QEMU server they are using for all this work. > > ERGO, I SHOULD have everything in some place resembling where sernet > puts it. > >> >> This is not a bad thing really, as you get more uptodate versions, >> 4.2.3 at the moment > > For now we will have to build our own. If I show this to be viable, > perhaps we can automate it. >OOPS, sorry forgot you are on ARM, but having said that, if Sernet have supplied you with an ARM samba4 package it should be able to be used an AD DC unless they said otherwise, might be an idea to ask them. Initially when you install the X86 Sernet packages, they do not know what they are going to do, AD DC, NT4-style PDC, member server or a standalone workgroup server, it can be any of these. It is up to the sysadmin (i.e. you) to tell it what to be, you do this by setting up smb.conf for all except the first, an AD DC. To set up an AD DC, you need to run 'samba-tool domain provision' , this will populate, amongst others, the private dir. Rowland