samba - Sep 2017 - Setting up Samba AD-DC on Debian Stretch made easy.

Hai, 
 
As im setting up a new test environment, i've documented my setups and here
you go.. 
A easy to follow howto for a Debian Samba AD DC  ( tested on Debian Stretch, but
should works also on Jessie )
 
You can find the files, here: 
https://github.com/thctlo/samba4   In the "howtos" folder are the
files.
 
And if you see errors, wel its on github ;-)  or if you see improvements on
this, please let me know.
 
I've made a 3 steps setup.
 
1) Setup Debian and make sure you base server is setup ok. 
2) Check you base server install. 
3) Install samba as AD DC with Bind9_DLZ and NTP. 
4) few minimal test for the AD DC. 
 
And more to come as while im setting up my new test environment. 
If you follow the exact setups, it wil result in a correct working samba AD DC. 
 
 
Greetz, 
 
Louis
 

Arg... 

The link without spaces on the end.  ;-) 
https://github.com/thctlo/samba4

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: maandag 11 september 2017 13:07
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Setting up Samba AD-DC on Debian Stretch made easy.
> 
> Hai, 
>  
> As im setting up a new test environment, i've documented my 
> setups and here you go.. A easy to follow howto for a Debian 
> Samba AD DC  ( tested on Debian Stretch, but should works 
> also on Jessie ) 
>  
> You can find the files, here: 
> https://github.com/thctlo/samba4   In the "howtos" folder are 
> the files. 
>  
> And if you see errors, wel its on github ;-)  or if you see 
> improvements on this, please let me know. 
>  
> I've made a 3 steps setup.
>  
> 1) Setup Debian and make sure you base server is setup ok. 
> 2) Check you base server install. 
> 3) Install samba as AD DC with Bind9_DLZ and NTP. 
> 4) few minimal test for the AD DC. 
>  
> And more to come as while im setting up my new test environment. 
> If you follow the exact setups, it wil result in a correct 
> working samba AD DC. 
>  
>  
> Greetz, 
>  
> Louis
>  
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Mon, 11 Sep 2017 13:13:33 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Arg... 
> 
> The link without spaces on the end.  ;-) 
> https://github.com/thctlo/samba4
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > L.P.H. van Belle via samba
> > Verzonden: maandag 11 september 2017 13:07
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Setting up Samba AD-DC on Debian Stretch made
> > easy.
> > 
> > Hai, 
> >  
> > As im setting up a new test environment, i've documented my 
> > setups and here you go.. A easy to follow howto for a Debian 
> > Samba AD DC  ( tested on Debian Stretch, but should works 
> > also on Jessie ) 
> >  
> > You can find the files, here: 
> > https://github.com/thctlo/samba4   In the "howtos"
folder are
> > the files. 
> >  
> > And if you see errors, wel its on github ;-)  or if you see 
> > improvements on this, please let me know. 
> >  
> > I've made a 3 steps setup.
> >  
> > 1) Setup Debian and make sure you base server is setup ok. 
> > 2) Check you base server install. 
> > 3) Install samba as AD DC with Bind9_DLZ and NTP. 
> > 4) few minimal test for the AD DC. 
> >  
> > And more to come as while im setting up my new test environment. 
> > If you follow the exact setups, it wil result in a correct 
> > working samba AD DC. 
> >  
> >  
> > Greetz, 
> >  
> > Louis
> >  
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> 
> 
I 'C' a typo ;-)

README.MD

'colletion' should be 'collection'

Rowland

On Mon, 11 Sep 2017 14:16:02 +0200
L.P.H. van Belle <belle at bazuin.nl> wrote:
> Thanx! Fixed. And I think you will even find more. 
> ;-) 
> 
You are correct ;-)

I found this in 'stretch-base-2-samba-minimal-ad.txt'

# In above you see the line : 
# A Kerberos configuration suitable for Samba 4 has been generated at
/var/lib/samba/private/krb5.conf
# ignore it, we use the /etc/krb5.conf, and as of samba 4.7.x this is the
default.
# Note!!  Do not symlink /var/lib/samba/private/krb5.conf to /etc/krb5.conf. 
# This wil give problems in the future. 

This is correct, but it is also wrong ;-)
It is correct in that you shouldn't symlink the Samba krb5.conf.
It is wrong in stating that using the OS /etc/krb5.conf will be the
default in 4.7

What is happening is that the permissions are being tightened on the
private dir and if you use a symlink, it will not work.

Also a new dir will be created on provisioning using Bind9 (or
upgrading from the internal DNS) 'binddns'

Rowland

Hai, 

I made the install howto based on the wiki steps, i only changed the order of
install on some places.
And found it, not email but wiki. 

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
The part Configuring Kerberos. 
(  cp /usr/local/samba/private/krb5.conf /etc/krb5.conf ) 

Which made me think that the /var/lib/samba/private/krb5.conf isnt used.
(anymore)
And so /etc/krb5.conf is the default, ... Wrong thinking?  


Greetz, 

Louis


 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: maandag 11 september 2017 15:20
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Setting up Samba AD-DC on Debian 
> Stretch made easy.
> 
> Hai Rowland, 
> 
> Thank for pointing out the 4.7 part. 
> 
> So, i just remove that part and wait for the offical release 
> of 4.7, but i you have a better text, yes, please :-))
> 
> I did see some email on technical about krb5.conf also, maybe 
> thats only for the "mit" enabled version? 
> I just cant find that email anymore. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny 
> > via samba
> > Verzonden: maandag 11 september 2017 14:49
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Setting up Samba AD-DC on Debian 
> Stretch made 
> > easy.
> > 
> > On Mon, 11 Sep 2017 14:16:02 +0200
> > L.P.H. van Belle <belle at bazuin.nl> wrote:
> > 
> > > Thanx! Fixed. And I think you will even find more. 
> > > ;-)
> > > 
> > 
> > You are correct ;-)
> > 
> > I found this in 'stretch-base-2-samba-minimal-ad.txt'
> > 
> > # In above you see the line : 
> > # A Kerberos configuration suitable for Samba 4 has been 
> generated at 
> > /var/lib/samba/private/krb5.conf # ignore it, we use the 
> > /etc/krb5.conf, and as of samba 4.7.x this is the default.
> > # Note!!  Do not symlink /var/lib/samba/private/krb5.conf to 
> > /etc/krb5.conf.
> > # This wil give problems in the future. 
> > 
> > This is correct, but it is also wrong ;-) It is correct in that you 
> > shouldn't symlink the Samba krb5.conf.
> > It is wrong in stating that using the OS /etc/krb5.conf will be the 
> > default in 4.7
> > 
> > What is happening is that the permissions are being 
> tightened on the 
> > private dir and if you use a symlink, it will not work.
> > 
> > Also a new dir will be created on provisioning using Bind9 (or 
> > upgrading from the internal DNS) 'binddns'
> > 
> > Rowland
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>