#4233 closed enhancement (fixed)
Add Samba AD DC configuration instructions
| Reported by: | Igor Živković | Owned by: | Igor Živković |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
We only start smbd and nmbd manually. Now days, those are spawned as needed by the 'samba' program if in a DC role (another bootscript is required), but I'm not sure if that works when standalone (Arch still includes individual smbd and nmbd service files).
I don't think I'd go so far as a full DC setup in the book, but it might be a usable resource for BLFS users, see https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller
Change History (7)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
I agree but AD DC with Samba4 is the hot topic nowadays so I'll see if I can arrange something basic in BLFS friendly format. It's not high on my LFS TODO list at the moment though.
comment:3 by , 10 years ago
I've created a wiki page regarding Samba4 DC some days ago. Maybe you find it usefull. It could be used as a starting point. It is http://wiki.linuxfromscratch.org/blfs/wiki/samba4
comment:4 by , 10 years ago
That looks pretty good Thomas, wish I had found it a few weeks ago! As to the DNS question, you can use samba, BIND, or both. If you are not already maintaining DNS in BIND and aren't already syncing with another BIND server, then internal is probably better if you have a windows box with RSAT on it. You won't have to do anything to get Windows clients configured via DHCP to update DNS (though you'll still have to create the reverse lookup zone) and *nix clients won't update unless you configure your DHCP server to do it (same thing applies to BIND only). Additionally, you probably only want to start samba, and let it manage nmbd, smbd, and winbindd. If you are using BIND already and already have transfers setup, then you'll likely want to use DLZ and keep at least the internal FW zones in AD simply because AD is so finicky about DNS (both internal.domain.tld and _msdcs.internal.domain.tld). Probably also best to reccomend the xattrs and rfc2307 switches to the provision command too if you want your *nix clients to store UID and GID in AD and want more than share level permissions. Most of what is in the Arch wiki should apply in LFS (though the paths are changed).
HTH
comment:5 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Priority: | low → normal |
| Status: | new → assigned |
comment:6 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I've just updated the link to Samba wiki page in BLFS and added Arch wiki to resources, Thomas. Thanks to both you and DJ.
I think this is a bit beyond the normal scope of BLFS. Samba is a very complex application and there have been several books written to describe how to do different things with Samba.
That said, go ahead if you want, but you might want to consider a separate document like a hint and adding a reference to that in the book.