Rowland Penny
2021-Sep-17 18:46 UTC
[Samba] Packages necessary to set up a Samba AD controller on Ubuntu?
On Fri, 2021-09-17 at 13:02 -0500, Patrick Goetz via samba wrote:> Hi - > > I'm setting up a Samba AD controller for the first time, and have > been > looking over available documentation and Internet HOWTOs. I'm a bit > confused about what packages need to be installed for Ubuntu 20.04. > > According to the Samba Wiki, I need: > > acl attr samba samba-dsdb-modules samba-vfs-modules winbind > libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-userYou missed dnsutils and ntp or chrony The list is the minimum packages required to setup a Unix domain member and, as it points out, you do not need all of them for a DC.> > with the cryptic note: > Note: For a DC you do not need libpam-winbind libnss-winbind > libpam-krb5, unless you require AD users to login > > I think this means I only need these packages if I plan to have AD > users > log in directly to the AD server? I don't, why would anyone want > this?You are correct, they are only required if you want to use a DC as a fileserver, but this does happen.> This leaves: > > acl attr samba samba-dsdb-modules samba-vfs-modules winbind > krb5-config krb5-user > > I'm pretty sure acl and attr are installed by default on Ubuntu > 20.04 > server.They possibly are, but there would only be complaints if they were not listed and they were not installed.> > However, my question has to do with samba-dsdb-modules and > samba-vfs-modules packages. > > None of the online howto's I've looked at install these packages. > For > example, this seems to be the typical minimal package list: > > samba krb5-user krb5-config winbind smbclient > > (krb5-config is a dependency of krb5-user and could be omitted)They may be dependencies of other packages, but you need them and it doesn't hurt to list them in the apt list.> > What exactly are they needed for?Your DC will not work without them, 'vfs_acl_xattr' is part of samba- vfs-modules and is required to allow the use of acl's and attrs in shares. Rowland
Patrick Goetz
2021-Sep-17 19:13 UTC
[Samba] Packages necessary to set up a Samba AD controller on Ubuntu?
Thanks very much for the clear and quick response. I've been binding Ubuntu linux machines to an existing (MS) AD domain and have just been using timedatectl for time synchronization, as this is dead simple to enable and comes installed by default on systemd based systems. Presumably this should be adequate for a domain controller as well, so no need for ntp or chrony? (I understand the frustrations of the Samba team having to deal with many different distros, some which don't use systemd.) On 9/17/21 1:46 PM, Rowland Penny via samba wrote:> On Fri, 2021-09-17 at 13:02 -0500, Patrick Goetz via samba wrote: >> Hi - >> >> I'm setting up a Samba AD controller for the first time, and have >> been >> looking over available documentation and Internet HOWTOs. I'm a bit >> confused about what packages need to be installed for Ubuntu 20.04. >> >> According to the Samba Wiki, I need: >> >> acl attr samba samba-dsdb-modules samba-vfs-modules winbind >> libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user > > You missed dnsutils and ntp or chrony > > The list is the minimum packages required to setup a Unix domain member > and, as it points out, you do not need all of them for a DC. > >> >> with the cryptic note: >> Note: For a DC you do not need libpam-winbind libnss-winbind >> libpam-krb5, unless you require AD users to login >> >> I think this means I only need these packages if I plan to have AD >> users >> log in directly to the AD server? I don't, why would anyone want >> this? > > You are correct, they are only required if you want to use a DC as a > fileserver, but this does happen. > >> This leaves: >> >> acl attr samba samba-dsdb-modules samba-vfs-modules winbind >> krb5-config krb5-user >> >> I'm pretty sure acl and attr are installed by default on Ubuntu >> 20.04 >> server. > > They possibly are, but there would only be complaints if they were not > listed and they were not installed. > >> >> However, my question has to do with samba-dsdb-modules and >> samba-vfs-modules packages. >> >> None of the online howto's I've looked at install these packages. >> For >> example, this seems to be the typical minimal package list: >> >> samba krb5-user krb5-config winbind smbclient >> >> (krb5-config is a dependency of krb5-user and could be omitted) > > They may be dependencies of other packages, but you need them and it > doesn't hurt to list them in the apt list. > >> >> What exactly are they needed for? > > Your DC will not work without them, 'vfs_acl_xattr' is part of samba- > vfs-modules and is required to allow the use of acl's and attrs in > shares. > > Rowland > > >