samba - Jul 2016 - Fwd: Good installation documentation on samba4?

Hello,

I am looking for good installation instructions for an active directory
domain controller installation of samba4. The only source I have reliably
found is
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
which is unfortunately both incomplete in certain sections and incorrect in
others.

A good example of incomplete information is the guide on the name server.
In the org that I work for, we've chosen the samba_internal dns server.
However, the guide is not clear on making sure that the machine needs to
refer to itself for dns queries, something that is quite essential.

An example of incorrect information is that copying the example krb5.conf
file should do the trick. In practice, I have traversed the far corners of
the internet for an actual working example of the krb5.conf file.

Furthermore, there is no "what to do when things fail" fall back
option. I
do not know when to continue with the guide and when to test the actual
working state of the installation at a certain state.

In all desperation, I have written my own guide to samba4 installation, but
I have no idea if what I did was sufficient, only that it looks ok when
testing some functionality.

Is there a mythical samba4 guide or are people doomed to endlessly google
their questions?

Kind regards,

Léon

On 28/07/16 21:55, Léon van der Kaap wrote:
> Hello,
>
> I am looking for good installation instructions for an active directory
> domain controller installation of samba4. The only source I have reliably
> found is
>
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
> which is unfortunately both incomplete in certain sections and incorrect in
> others.
>
> A good example of incomplete information is the guide on the name server.
> In the org that I work for, we've chosen the samba_internal dns server.
> However, the guide is not clear on making sure that the machine needs to
> refer to itself for dns queries, something that is quite essential.
Do you mean it should say something like this:


    Configure /etc/resolv.conf

Your Domain Controller requires a name server that is able to resolve 
queries to Active Directory zones. Because this is your first Domain 
Controller in your AD forest, use the DCs IP and domain name in your 
/etc/resolv.conf:

domain samdom.example.com
nameserver 10.99.0.1

>
> An example of incorrect information is that copying the example krb5.conf
> file should do the trick. In practice, I have traversed the far corners of
> the internet for an actual working example of the krb5.conf file.
The example one should work, this is all I have in /etc/krb5.conf on my DCs:

[libdefaults]
     default_realm = SAMDOM.EXAMPLE.COM
     dns_lookup_realm = false
     dns_lookup_kdc = true
>
> Furthermore, there is no "what to do when things fail" fall back
option. I
> do not know when to continue with the guide and when to test the actual
> working state of the installation at a certain state.
Is there something wrong with this:


  Troubleshooting

If you encounter any problems when using this documentation, see the 
Samba AD DC Troubleshooting 
<https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting> page.

Which points at this page:

https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting

>
> In all desperation, I have written my own guide to samba4 installation, but
> I have no idea if what I did was sufficient, only that it looks ok when
> testing some functionality.
>
> Is there a mythical samba4 guide or are people doomed to endlessly google
> their questions?
Most (if not all) of the info is on the Samba wiki and if you are still 
struggling, try asking here.

Rowland

It's been about 6 months since I setup my DC plus 2 file servers and I
found that guide to be particularly helpful.  In fact the only problems I
had were due to jailing the components and shooting myself in the foot.
Sorry this doesn't help the OP, but I felt a contrary point of view should
be presented.

On Thu, Jul 28, 2016 at 2:25 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 28/07/16 21:55, Léon van der Kaap wrote:
>
>> Hello,
>>
>> I am looking for good installation instructions for an active directory
>> domain controller installation of samba4. The only source I have
reliably
>> found is
>>
>>
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>> which is unfortunately both incomplete in certain sections and
incorrect
>> in
>> others.
>>
>> A good example of incomplete information is the guide on the name
server.
>> In the org that I work for, we've chosen the samba_internal dns
server.
>> However, the guide is not clear on making sure that the machine needs
to
>> refer to itself for dns queries, something that is quite essential.
>>
>
> Do you mean it should say something like this:
>
>
>    Configure /etc/resolv.conf
>
> Your Domain Controller requires a name server that is able to resolve
> queries to Active Directory zones. Because this is your first Domain
> Controller in your AD forest, use the DCs IP and domain name in your
> /etc/resolv.conf:
>
> domain samdom.example.com
> nameserver 10.99.0.1
>
>
>
>> An example of incorrect information is that copying the example
krb5.conf
>> file should do the trick. In practice, I have traversed the far corners
of
>> the internet for an actual working example of the krb5.conf file.
>>
>
> The example one should work, this is all I have in /etc/krb5.conf on my
> DCs:
>
> [libdefaults]
>     default_realm = SAMDOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>
>
>> Furthermore, there is no "what to do when things fail" fall
back option. I
>> do not know when to continue with the guide and when to test the actual
>> working state of the installation at a certain state.
>>
>
> Is there something wrong with this:
>
>
>  Troubleshooting
>
> If you encounter any problems when using this documentation, see the Samba
> AD DC Troubleshooting <
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting> page.
>
> Which points at this page:
>
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting
>
>
>
>> In all desperation, I have written my own guide to samba4 installation,
>> but
>> I have no idea if what I did was sufficient, only that it looks ok when
>> testing some functionality.
>>
>> Is there a mythical samba4 guide or are people doomed to endlessly
google
>> their questions?
>>
>
> Most (if not all) of the info is on the Samba wiki and if you are still
> struggling, try asking here.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Thu, 28 Jul 2016 22:55:55 +0200
Léon van der Kaap <leonkaap at gmail.com> wrote:
> Hello,
> 
> I am looking for good installation instructions for an active
> directory domain controller installation of samba4. The only source I
> have reliably found is
>
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
> which is unfortunately both incomplete in certain sections and
> incorrect in others.
[snip]

Unfortunately, that's it :(

I noted the same issues a year ago, when I tried to get Samba AD
working for us.  I was invited to help improve the docs.  I like
writing docs, and probably would have, except we weren't able to get
Samba working as an AD the way we needed it to, so I dropped the
project.

Your only hope, beyond that, is this mailing list.  The regulars here
are very helpful and very patient, to which I can attest :)

DO NOT be tempted to go searching for help elsewhere on the 'net.  Much
of what you'll find will be wildly inaccurate and will only lead you to
grief.  Ask me how I know ;)

Good luck,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

On 29/07/16 11:47, Jim Seymour wrote:
> On Thu, 28 Jul 2016 22:55:55 +0200
> Léon van der Kaap <leonkaap at gmail.com> wrote:
>
>> Hello,
>>
>> I am looking for good installation instructions for an active
>> directory domain controller installation of samba4. The only source I
>> have reliably found is
>>
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>> which is unfortunately both incomplete in certain sections and
>> incorrect in others.
> [snip]
>
> Unfortunately, that's it :(
>
> I noted the same issues a year ago, when I tried to get Samba AD
> working for us.  I was invited to help improve the docs.  I like
> writing docs, and probably would have, except we weren't able to get
> Samba working as an AD the way we needed it to, so I dropped the
> project.
>
> Your only hope, beyond that, is this mailing list.  The regulars here
> are very helpful and very patient, to which I can attest :)
>
> DO NOT be tempted to go searching for help elsewhere on the 'net.  Much
> of what you'll find will be wildly inaccurate and will only lead you to
> grief.  Ask me how I know ;)
>
> Good luck,
> Jim
OK, I have had another look at the Samba wikipage and apart from it only 
describing how to do an interactive provision and not showing the 
example /etc/krb5.conf, I cannot see anything  really wrong with it.

So if you have problems with the page, speak up now and I will attempt 
to address your problems.

After all, if we do not know there is a problem, how can we fix it.

Rowland

I figured out the resolv.conf bit fidgeting around. Thanks for the tip
anyway.

Regarding the krb5.conf I have never got it working with the example files.
I have always added at least a "kdc = samdom.example.com" to the
lines, but
my file is actually still a bit more complex(and possibly redundant).

Regarding the troubleshooting page, it is *far* from complete. At the very
least, the documentation should at a check for a succesful 'kinit'
command
to see if the system is going to work.

Maybe I sound a bit angry, but I severely dislike documentation that leaves
you with an unfinished installation. Compare the monstrously sized Samba
3.5 with Samba 4 kind of illustrates the point that not all bases are
covered which is a shame to me.

2016-07-28 23:25 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 28/07/16 21:55, Léon van der Kaap wrote:
>
>> Hello,
>>
>> I am looking for good installation instructions for an active directory
>> domain controller installation of samba4. The only source I have
reliably
>> found is
>>
>>
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>> which is unfortunately both incomplete in certain sections and
incorrect
>> in
>> others.
>>
>> A good example of incomplete information is the guide on the name
server.
>> In the org that I work for, we've chosen the samba_internal dns
server.
>> However, the guide is not clear on making sure that the machine needs
to
>> refer to itself for dns queries, something that is quite essential.
>>
>
> Do you mean it should say something like this:
>
>
>    Configure /etc/resolv.conf
>
> Your Domain Controller requires a name server that is able to resolve
> queries to Active Directory zones. Because this is your first Domain
> Controller in your AD forest, use the DCs IP and domain name in your
> /etc/resolv.conf:
>
> domain samdom.example.com
> nameserver 10.99.0.1
>
>
>
>> An example of incorrect information is that copying the example
krb5.conf
>> file should do the trick. In practice, I have traversed the far corners
of
>> the internet for an actual working example of the krb5.conf file.
>>
>
> The example one should work, this is all I have in /etc/krb5.conf on my
> DCs:
>
> [libdefaults]
>     default_realm = SAMDOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>
>
>> Furthermore, there is no "what to do when things fail" fall
back option. I
>> do not know when to continue with the guide and when to test the actual
>> working state of the installation at a certain state.
>>
>
> Is there something wrong with this:
>
>
>  Troubleshooting
>
> If you encounter any problems when using this documentation, see the Samba
> AD DC Troubleshooting <
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting> page.
>
> Which points at this page:
>
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting
>
>
>
>> In all desperation, I have written my own guide to samba4 installation,
>> but
>> I have no idea if what I did was sufficient, only that it looks ok when
>> testing some functionality.
>>
>> Is there a mythical samba4 guide or are people doomed to endlessly
google
>> their questions?
>>
>
> Most (if not all) of the info is on the Samba wiki and if you are still
> struggling, try asking here.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>