This page is meant to give a platform to develop and to collect infos and hints for the way to setup an AD-DC using Samba 4.

Prerequisites ¶

OpenLDAP ¶

The build instructions in the book are pretty fine. Samba4 brings its own LDAP compatible implementation. The support of other LDAP backends is not maintained any longer ^*).

NTP ¶

The switch --enable-ntp-signd must be added

BIND (DNS) ¶

The Samba4 comes with an internal DNS server, too. Its up to us which way to go, using Bind or the internal DNS. AFAIK, when using Bind, the instructions in the book should be ok. For the later Samba4 build add

options_dns="--dns-backend=SAMBA_INTERNAL --with-dnsupdate"

Kerberos ¶

As for now, it's the best way to have no Kerberos installation around. Samba4 comes with an own Heimdal-based Kerberos implementation. Even Samba4 compiles fine against MIT-Krb5, the AD controller functionality gets disabled. This is not what we want to have.

Miscellaneous ¶

For testing, I add following options

options_misc="--with-ads --with-swat --with-winbind --enable-gnutls"

Building Samba4 ¶

CPPFLAGS="-I/usr/include/tirpc" CFLAGS="-I/usr/include/tirpc" \
LINKFLAGS="-ltirpc" \
./configure --prefix=/usr \
            --sysconfdir=/etc \
            --localstatedir=/var \
            --with-piddir=/run \
            --enable-fhs \
            --enable-nss-wrapper \
            --enable-socket-wrapper \
            --disable-rpath-install \
            $options_dns $options_misc &&
make &&
make install

Setting up the domain ¶

./samba-tool domain provision ...

Resources ¶

• ​http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
• ^*) ​http://wiki.samba.org/index.php/Samba4/LDAP_Backend