| Version 4 (modified by , 11 years ago) ( diff ) |
|---|
This page is meant to give a platform to develop and to collect infos and hints for the way to setup an AD-DC using Samba 4.
Prerequisites
OpenLDAP
The build instructions in the book are pretty fine. Samba4 brings its own LDAP compatible implementation. The support of other LDAP backends is not maintained any longer *).
NTP
The switch --enable-ntp-signd must be added
BIND (DNS)
The Samba4 comes with an internal DNS server, too. Its up to us which way to go, using Bind or the internal DNS. AFAIK, when using Bind, the instructions in the book should be ok. For the later Samba4 build add
options_dns="--dns-backend=SAMBA_INTERNAL --with-dnsupdate"
Kerberos
As for now, it's the best way to have no Kerberos installation around. Samba4 comes with an own Heimdal-based Kerberos implementation. Even Samba4 compiles fine against MIT-Krb5, the AD controller functionality gets disabled. This is not what we want to have. But, the Kerberos tools (kinit, klist ...) should be installed as the bundled Heimdal packet does not include them. For this, even MIT-krb5 is good to use. Just make sure that the Kerberos-server does not start or is not started as the Kerberos server function will be provided by Samba4.
Miscellaneous
For testing, I add following options
options_misc="--with-ads --with-swat --with-winbind --enable-gnutls"
Building Samba4
CPPFLAGS="-I/usr/include/tirpc" CFLAGS="-I/usr/include/tirpc" \
LINKFLAGS="-ltirpc" \
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-piddir=/run \
--enable-fhs \
--enable-nss-wrapper \
--enable-socket-wrapper \
--disable-rpath-install \
$options_dns $options_misc &&
make &&
make install
Setting up the domain
before you try a provisioning, make sure that the realm specified in the /etc/samba/smb.conf is the same as you want to use. Best is to move the /etc/samba/smb.conf out of the way if exist.
samba-tool domain provision
