In my earlier post I had shown you the steps to install and configure Samba 4.0 but since then the Samba4 developers have upgraded the Samba version from 4.0 to 4.1. I will be releasing my post for upgrading Samba 4 very soon but in the mean time for the new users planning to configure Samba 4.1 in their machine. Please follow the below steps.You can look out for the pre-requisites before installing Samba 4.1
In my case I am using CentOS 6.2 and have verified all the pre requisite rpms and conditions.
NOTE: Make sure you have python version more than 2.5 installed in your machine
For configuring Samba 4.0 follow this link
NOTE: Make sure you don't have any earlier version of Samba installed
Downloading Samba 4.1 package
# git clone git://git.samba.org/samba.git samba-masterIn case you get
-bash: git command not found
In RedHat, fedora and CentOS
# yum install git
Or you can manually download git package from the below location
http://rpm.pbone.net/index.php3?stat=3&search=git&srodzaj=3
Once the package is completely downloaded
http://rpm.pbone.net/index.php3?stat=3&search=git&srodzaj=3
Once the package is completely downloaded
# cd samba-masterIf the above steps complete without any error then you can move ahead for provisioning step
# ./configure
# make
# make install
Add the new path location to your bash file for samba
# vi ~/.bashrc
export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin
# . .bashrcBefore running the provision step make sure the following things are in place
# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.20.42 test test.example.com
# vi /etc/resolv.conf
search example.com
nameserver 10.10.20.42
# hostname
test.example.com
Provision Samba
# samba-tool domain provision
Realm [EXAMPLE.COM]: EXAMPLE.COM
Domain [EXAMPLE]: EXAMPLE
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_FLATFILE
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=example,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example,DC=com
See /usr/local/samba/private/named.conf for an example configuration include filefor BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: test
NetBIOS Domain: EXAMPLE
DNS Domain: example.com
DOMAIN SID: S-1-5-21-3668134952-3729197751-3642420208
Once you successfully run the provision step, Its time to run and test your samba
# samba
# ps -ef | grep sambaSo our samba has started as you can see above
root 20465 1 0 10:26 ? 00:00:00 samba
root 20466 20465 0 10:26 ? 00:00:00 samba
root 20467 20465 0 10:26 ? 00:00:00 samba
root 20468 20465 0 10:26 ? 00:00:00 samba
root 20469 20465 0 10:26 ? 00:00:00 samba
root 20470 20465 0 10:26 ? 00:00:00 samba
root 20471 20465 0 10:26 ? 00:00:00 samba
root 20472 20466 0 10:26 ? 00:00:00 /usr/local/samba/sbin/smbd -D --option=serverrole check:inhibit=yes --foreground
root 20473 20465 0 10:26 ? 00:00:00 samba
root 20474 20465 0 10:26 ? 00:00:00 samba
root 20475 20465 0 10:26 ? 00:00:00 samba
root 20476 20465 0 10:26 ? 00:00:00 samba
root 20477 20465 0 10:26 ? 00:00:00 samba
root 20478 20465 0 10:26 ? 00:00:00 samba
root 20481 20472 0 10:26 ? 00:00:00 /usr/local/samba/sbin/smbd -D --option=serverrole check:inhibit=yes --foreground
root 21502 21310 0 11:15 pts/2 00:00:00 grep samba
Check the version
When you run the mentioned command you should get the above output.# samba -VOnce you run the provision command following files should be automatically created.
Version 4.1.0pre1-GIT-55add52
- /usr/local/samba/private/named.conf
- /usr/local/samba/private/dns/example.com.zone
- /usr/local/samba/private/krb5.conf
# smbclient -L localhost -U%
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-55add52]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.1.0pre1-GIT-55add52)
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-55add52]
Server Comment
--------- -------
Workgroup Master
-------- ------
NOTE: In case you are getting any error make sure all the pre-requisites are fulfilled correctly and your hostname and all files are proper.
Check your SeLinux and firewall as in my case I have disabled both of them
Configure your BIND server
NOTE: Make sure your bind version is 9.8/9.9# rpm -q bindThis is a copy of my named.conf file
bind-9.8.2-0.17.rc1.el6_4.4.i686
# vi /etc/named.confRestart your named server
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
forwarders { 8.8.8.8; 8.8.4.4; };
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";
# service named restart
Check if your DNS server is working on localhost
# ping google.comIn case you get
PING google.com (74.125.236.32) 56(84) bytes of data.
64 bytes from maa03s04-in-f0.1e100.net (74.125.236.32): icmp_seq=1 ttl=56 time=19.1 ms
64 bytes from maa03s04-in-f0.1e100.net (74.125.236.32): icmp_seq=2 ttl=56 time=18.7 ms
unknown host google.comCheck your bind configuration files again. Make sure the Time zone setting and time is properly set in your linux machine as in some cases that is another reason for failure of DNS server.
Verify if your Samba server is listening to DNS server
Verify if your Samba server is listening to DNS server
# host -t SRV _kerberos._udp.example.com.NOTE: In case you get error while using the last command above
_kerberos._udp.example.com has SRV record 0 100 88 test.example.com.
# host -t SRV _ldap._tcp.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 test.example.com.
# host -t A samba.example.com.
samba.example.com has address 10.10.20.42
Host samba.example.com. not found: 3(NXDOMAIN)then follow the below mentioned steps# vi /usr/local/samba/private/dns/example.com.zoneRestart your bind server and try the above command again. You should get a positive reply.
Add a last line
samba IN A 10.10.20.42
Configure Kerberos
Replace your krb5.conf file inside /etc with the file krb5.conf created after provision step
Sample krb
Follow this page for
Configuring a Windows Client for Samba 4 AD
Sample krb
# vi /etc/krb5.confTesting kerberos
[libdefaults]
default_realm = ${REALM}
dns_lookup_realm = false
dns_lookup_kdc = true
# kinit administrator@EXAMPLE.COMNow try adding your Windows client to the domain server
Password:
Warning: Your password will expire in 41 days on Wed Jul 17 10:26:06 2013
Follow this page for
Configuring a Windows Client for Samba 4 AD
