Léon van der Kaap
2016-Jul-29  19:50 UTC
[Samba] Fwd: Good installation documentation on samba4?
I figured out the resolv.conf bit fidgeting around. Thanks for the tip anyway. Regarding the krb5.conf I have never got it working with the example files. I have always added at least a "kdc = samdom.example.com" to the lines, but my file is actually still a bit more complex(and possibly redundant). Regarding the troubleshooting page, it is *far* from complete. At the very least, the documentation should at a check for a succesful 'kinit' command to see if the system is going to work. Maybe I sound a bit angry, but I severely dislike documentation that leaves you with an unfinished installation. Compare the monstrously sized Samba 3.5 with Samba 4 kind of illustrates the point that not all bases are covered which is a shame to me. 2016-07-28 23:25 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 28/07/16 21:55, Léon van der Kaap wrote: > >> Hello, >> >> I am looking for good installation instructions for an active directory >> domain controller installation of samba4. The only source I have reliably >> found is >> >> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller >> which is unfortunately both incomplete in certain sections and incorrect >> in >> others. >> >> A good example of incomplete information is the guide on the name server. >> In the org that I work for, we've chosen the samba_internal dns server. >> However, the guide is not clear on making sure that the machine needs to >> refer to itself for dns queries, something that is quite essential. >> > > Do you mean it should say something like this: > > > Configure /etc/resolv.conf > > Your Domain Controller requires a name server that is able to resolve > queries to Active Directory zones. Because this is your first Domain > Controller in your AD forest, use the DCs IP and domain name in your > /etc/resolv.conf: > > domain samdom.example.com > nameserver 10.99.0.1 > > > >> An example of incorrect information is that copying the example krb5.conf >> file should do the trick. In practice, I have traversed the far corners of >> the internet for an actual working example of the krb5.conf file. >> > > The example one should work, this is all I have in /etc/krb5.conf on my > DCs: > > [libdefaults] > default_realm = SAMDOM.EXAMPLE.COM > dns_lookup_realm = false > dns_lookup_kdc = true > > >> Furthermore, there is no "what to do when things fail" fall back option. I >> do not know when to continue with the guide and when to test the actual >> working state of the installation at a certain state. >> > > Is there something wrong with this: > > > Troubleshooting > > If you encounter any problems when using this documentation, see the Samba > AD DC Troubleshooting < > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting> page. > > Which points at this page: > > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting > > > >> In all desperation, I have written my own guide to samba4 installation, >> but >> I have no idea if what I did was sufficient, only that it looks ok when >> testing some functionality. >> >> Is there a mythical samba4 guide or are people doomed to endlessly google >> their questions? >> > > Most (if not all) of the info is on the Samba wiki and if you are still > struggling, try asking here. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Data Control Systems - Mike Elkevizth
2016-Jul-29  20:13 UTC
[Samba] Fwd: Good installation documentation on samba4?
On Fri, Jul 29, 2016 at 3:50 PM, Léon van der Kaap <leonkaap at gmail.com> wrote:> I figured out the resolv.conf bit fidgeting around. Thanks for the tip > anyway. > > Regarding the krb5.conf I have never got it working with the example files. > I have always added at least a "kdc = samdom.example.com" to the lines, > but > my file is actually still a bit more complex(and possibly redundant). >The standard four line krb5.conf that is generated during provisioning and listed on the wiki page about setting up an AD DC works fine for me.> Regarding the troubleshooting page, it is *far* from complete. At the very > least, the documentation should at a check for a succesful 'kinit' command > to see if the system is going to work. >Once again, these steps are listed on the main wiki page about creating an AD DC. https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos> > Maybe I sound a bit angry, but I severely dislike documentation that leaves > you with an unfinished installation. Compare the monstrously sized Samba > 3.5 with Samba 4 kind of illustrates the point that not all bases are > covered which is a shame to me. >I setup my Samba Active Directory Domain with multiple DCs at multiple remote sites connected via VPN with both Linux and Windows clients using the documentation and found it quite complete and clear.> > 2016-07-28 23:25 GMT+02:00 Rowland penny <rpenny at samba.org>: > > > On 28/07/16 21:55, Léon van der Kaap wrote: > > > >> Hello, > >> > >> I am looking for good installation instructions for an active directory > >> domain controller installation of samba4. The only source I have > reliably > >> found is > >> > >> > https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller > >> which is unfortunately both incomplete in certain sections and incorrect > >> in > >> others. > >> > >> A good example of incomplete information is the guide on the name > server. > >> In the org that I work for, we've chosen the samba_internal dns server. > >> However, the guide is not clear on making sure that the machine needs to > >> refer to itself for dns queries, something that is quite essential. > >> > > > > Do you mean it should say something like this: > > > > > > Configure /etc/resolv.conf > > > > Your Domain Controller requires a name server that is able to resolve > > queries to Active Directory zones. Because this is your first Domain > > Controller in your AD forest, use the DCs IP and domain name in your > > /etc/resolv.conf: > > > > domain samdom.example.com > > nameserver 10.99.0.1 > > > > > > > >> An example of incorrect information is that copying the example > krb5.conf > >> file should do the trick. In practice, I have traversed the far corners > of > >> the internet for an actual working example of the krb5.conf file. > >> > > > > The example one should work, this is all I have in /etc/krb5.conf on my > > DCs: > > > > [libdefaults] > > default_realm = SAMDOM.EXAMPLE.COM > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > > > >> Furthermore, there is no "what to do when things fail" fall back > option. I > >> do not know when to continue with the guide and when to test the actual > >> working state of the installation at a certain state. > >> > > > > Is there something wrong with this: > > > > > > Troubleshooting > > > > If you encounter any problems when using this documentation, see the > Samba > > AD DC Troubleshooting < > > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting> page. > > > > Which points at this page: > > > > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting > > > > > > > >> In all desperation, I have written my own guide to samba4 installation, > >> but > >> I have no idea if what I did was sufficient, only that it looks ok when > >> testing some functionality. > >> > >> Is there a mythical samba4 guide or are people doomed to endlessly > google > >> their questions? > >> > > > > Most (if not all) of the info is on the Samba wiki and if you are still > > struggling, try asking here. > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-Jul-29  20:25 UTC
[Samba] Fwd: Good installation documentation on samba4?
On 29/07/16 20:50, Léon van der Kaap wrote:> I figured out the resolv.conf bit fidgeting around. Thanks for the tip > anyway. > > Regarding the krb5.conf I have never got it working with the example > files. I have always added at least a "kdc = samdom.example.com > <http://samdom.example.com>" to the lines, but my file is actually > still a bit more complex(and possibly redundant).If you have to add that line to krb5.conf on a DC, then I think you are doing something wrong, because, to be honest, it only really needs to be: [libdefaults] default_realm = SAMDOM.EXAMPLE.COM The other two lines are defaults. What OS did you try it on ?> > Regarding the troubleshooting page, it is /far/ from complete. At the > very least, the documentation should at a check for a succesful > 'kinit' command to see if the system is going to work.It doesn't have to be on the troubleshooting page, because it is on the DC howto page, did you somehow miss this ?> > Maybe I sound a bit angry, but I severely dislike documentation that > leaves you with an unfinished installation. Compare the monstrously > sized Samba 3.5 with Samba 4 kind of illustrates the point that not > all bases are covered which is a shame to me. >I am sure that if you follow the Samba wiki page you will end up with a basic DC, but if it doesn't work for you, just what do you feel is missing ? as I said, if we don't know what is wrong, how can we fix it ? I also don't understand what you mean by 'Compare the monstrously sized Samba 3.5 with Samba 4', just what are you trying to compare ? Rowland
Marcel de Reuver
2016-Jul-29  20:27 UTC
[Samba] Fwd: Good installation documentation on samba4?
> > Regarding the krb5.conf I have never got it working with the example files. > I have always added at least a "kdc = samdom.example.com" to the lines, > but > my file is actually still a bit more complex(and possibly redundant). >Mine is just as in the wiki and it works as expected If you share your krb5.conf maybe someone can tell what is going wrong. If kinit cannot find the kdc maybe something is wrong with DNS. Do you have other services running on your server that depend on kerberos?> > Regarding the troubleshooting page, it is *far* from complete. At the very > least, the documentation should at a check for a succesful 'kinit' command > to see if the system is going to work. > >See the wiki *https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos <https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos>*> Maybe I sound a bit angry, but I severely dislike documentation that leaves > you with an unfinished installation. Compare the monstrously sized Samba > 3.5 with Samba 4 kind of illustrates the point that not all bases are > covered which is a shame to me. > >My first Samba AD DC was a VirtualBox running Ubuntu with Samba self complied and setup according to the wiki. Maybe that is the best way to get to know Samba.
Léon van der Kaap
2016-Jul-29  20:28 UTC
[Samba] Fwd: Good installation documentation on samba4?
>The standard four line krb5.conf that is generated during provisioning andlisted on the wiki page about setting up an AD >DC works fine for me. And that's great, but it has never worked for me and it is very demoralizing to follow the instructions and not get a result.> Regarding the troubleshooting page, it is *far* from complete. At the very > least, the documentation should at a check for a succesful 'kinit' command > to see if the system is going to work. >>Once again, these steps are listed on the main wiki page about creating anAD DC. https://wiki.samba.org/index. <https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos>> php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos<https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Testing_Kerberos> I misspoke on that one. Indeed, the information is there but when I tried it I was greeted with a washlist of errors and no idea how to solve it. At that point I was out of luck(and I was not the only one as I have found others on the internet with the same issue).> > Maybe I sound a bit angry, but I severely dislike documentation that leaves > you with an unfinished installation. Compare the monstrously sized Samba > 3.5 with Samba 4 kind of illustrates the point that not all bases are > covered which is a shame to me. >> I setup my Samba Active Directory Domain with multiple DCs at multipleremote sites connected via VPN with both> Linux and Windows clients using the documentation and found it quitecomplete and clear. And that's great assuming it works that is. Yet, if following the instructions actually worked, I wouldn't be here posting my frustrations.
Marcel de Reuver
2016-Jul-29  20:37 UTC
[Samba] Fwd: Good installation documentation on samba4?
2016-07-29 22:25 GMT+02:00 Rowland penny <rpenny at samba.org>:> > > I also don't understand what you mean by 'Compare the monstrously sized > Samba 3.5 with Samba 4', just what are you trying to compare ? > >See www.samba.org > Learn Samba is completely devoted to Samba 3.5......
Léon van der Kaap
2016-Jul-29  20:43 UTC
[Samba] Fwd: Good installation documentation on samba4?
The OS I'm using is Ubuntu 16.04. The previous OS I was working with was Ubuntu 14.04. The krb issue I had was that the kdc server " RuntimeError: kinit for DOMAINCONTROLLER$@SAMDOM.EXAMPLE.COM failed (Cannot contact any KDC for requested realm)". The modified krb5.conf file I distilled out of information on the internet helped to create a working version. When comparing the documentation of samba4 vs. samba 3.5 I find that the samba3.5 documentation is a lot more complete and a lot bigger. Comparing the samba4 documentation to the samba3.5, makes me think the newer documentation of more of an afterthought than a similarly constructed document. 2016-07-29 22:25 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 29/07/16 20:50, Léon van der Kaap wrote: > >> I figured out the resolv.conf bit fidgeting around. Thanks for the tip >> anyway. >> >> Regarding the krb5.conf I have never got it working with the example >> files. I have always added at least a "kdc = samdom.example.com < >> http://samdom.example.com>" to the lines, but my file is actually still >> a bit more complex(and possibly redundant). >> > > If you have to add that line to krb5.conf on a DC, then I think you are > doing something wrong, because, to be honest, it only really needs to be: > > [libdefaults] > default_realm = SAMDOM.EXAMPLE.COM > > The other two lines are defaults. > > What OS did you try it on ? > > > >> Regarding the troubleshooting page, it is /far/ from complete. At the >> very least, the documentation should at a check for a succesful 'kinit' >> command to see if the system is going to work. >> > > It doesn't have to be on the troubleshooting page, because it is on the DC > howto page, did you somehow miss this ? > > >> Maybe I sound a bit angry, but I severely dislike documentation that >> leaves you with an unfinished installation. Compare the monstrously sized >> Samba 3.5 with Samba 4 kind of illustrates the point that not all bases are >> covered which is a shame to me. >> >> > I am sure that if you follow the Samba wiki page you will end up with a > basic DC, but if it doesn't work for you, just what do you feel is missing > ? as I said, if we don't know what is wrong, how can we fix it ? > > I also don't understand what you mean by 'Compare the monstrously sized > Samba 3.5 with Samba 4', just what are you trying to compare ? > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >