This page is meant to give a platform to develop and to collect infos and hints for the way to setup an AD-DC using Samba 4.

Prerequisites

OpenLDAP

The build instructions in the book are pretty fine.

NTP

The switch --enable-ntp-signd must be added

BIND (DNS)

The Samba4 comes with an internal DNS server, too. Its up to us which way to go, using Bind or the internal DNS. AFAIK, when using Bind, the instructions in the book should be ok. For the later Samba4 build add

options_dns="--dns-backend=SAMBA_INTERNAL --with-dnsupdate"

Kerberos

As for now, it's the best way to have no Kerberos installation around. Samba4 comes with an own Heimdal-based Kerberos implementation. Even Samba4 compiles fine against MIT-Krb5, the AD controller functionality gets disabled. This is not what we want to have.

Miscellaneous

For testing, I add following options

options_misc="--with-ads --with-ldap --with-swat --with-winbind --enable-gnutls"

Building Samba4

CPPFLAGS="-I/usr/include/tirpc" CFLAGS="-I/usr/include/tirpc" \
LINKFLAGS="-ltirpc" \
./configure --prefix=/usr \
            --sysconfdir=/etc \
            --localstatedir=/var \
            --with-piddir=/run \
            --enable-fhs \
            --enable-nss-wrapper \
            --enable-socket-wrapper \
            --disable-rpath-install \
            $options_dns $options_misc &&
make &&
make install

Setting up the domain

./setup-domain ...