Derwynd's Weblog

Samba4 HOWTO + Fedora

$ cd samba-master/
$ rm .git/objects/info/alternates
$ rm .git/refs/tags/*
$ rm -r .git/refs/remotes/
$ git config remote.origin.url git://git.samba.org/samba.git
$ git config –add remote.origin.fetch +refs/tags/*:refs/tags/* (this line is optional)
$ git fetch

untar samba4.tgz
$ cd samba-master/source4
$ ./autogen.sh

$ cd samba-master/source4
$ ./configure
$ make

$ make install

PATH=/usr/local/samba/bin:/usr/local/samba/sbin:$PATH
export PATH

cd source4

./setup/provision –realm=SAMBA –domain=example.com –adminpass=qwerasdf –server-role=’domain controller’

Output
——————————-
Note
Server Role: domain controller
Hostname: samba
NetBIOS Domain: EXAMPLE.COM
DNS Domain: samba
DOMAIN SID: S-1-5-21-3157024369-3348094622-1625297388
Admin password: qwerasdf
——————————-

this will setup /usr/local/samba/etc/smb.conf
——————————-
[globals]
netbios name = samba
workgroup = example.com
realm = SAMBA
server role = domain controller

[netlogon]
path = /usr/local/samba/var/locks/sysvol/your.realm/scripts
read only = no

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = no
——————————-

vim /usr/local/samba/etc/smb.conf

[test]
path = /data/test
read only = no

To start in single instance for testing purpose

cd /usr/local/samba/sbin/
./samba -i -M single

on another konsole
smbclient //localhost/test -Uadministrator%qwerasdf

for ldap
test
ldapsearch -h -x -b DC=samba

cd /usr/local/samba/private

install bind-9.5.1-0.5.b1.i386.rpm bind-libs-9.5.1-0.5.b1.i386.rpm bind-devel-9.5.1-0.5.b1.i386.rpm bind-utils-9.5.1-0.5.b1.i
386.rpm

or upgrade what comes with centos

Copy *just* your.realm.zone to /etc/bind/ (or wherever you want to store zone files) and then take a look at named.conf in th
e local directory.
cd /usr/local/samba/private

cp *.zone /etc/named/
cp named.conf /etc/named.samba
mv /etc/krb5.conf /etc/krb5.conf.ORIG
cp krb5.conf /etc/
cp /usr/local/samba/private/dns.keytab /etc/named/dns.keytab

chgrp named /etc/named/dns.keytab
chmod g+r /etc/named/dns.keytab

please read named.txt file

in the /etc/named.conf file under the options section below
// query-source address * port 53;
add
tkey-gssapi-credential “DNS/samba”;
tkey-domain “SAMBA”;

and and
include “/etc/named.samba”; below the option section

in the /etc/init.d/named add
KEYTAB_FILE=”/usr/local/samba/private/dns.keytab”;
export KRB5_KTNAME=”/usr/local/samba/private/dns.keytab”;

and now restart the service

test via
dig _ldap._tcp.dc._msdcs.samba SRV @localhost
respose

; <> DiG 9.5.1b1-RedHat-9.5.1-0.5.b1 <> _ldap._tcp.dc._msdcs.samba SRV @localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65383
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.samba. IN SRV

;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.samba. 604800 IN SRV 0 100 389 samba.samba.

;; AUTHORITY SECTION:
samba. 604800 IN NS samba.samba.

;; ADDITIONAL SECTION:
samba.samba. 604800 IN A 192.168.50.80

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan 21 11:01:40 2009
;; MSG SIZE rcvd: 105

stop iptables
chkconfig –level 2345 iptables off
chkconfig –level 2345 named on

ln -s /usr/local/samba/lib/libtalloc.so.1 /lib/
ln -s /usr/local/samba/lib/libtalloc.so.1 /usr/lib/
ln -s /usr/local/samba/lib/libtdb.so.1 /usr/lib/
ln -s /usr/local/samba/lib/libtdb.so.1 /lib/
ln -s /usr/local/samba/lib/libwbclient.so.0 /lib/
ln -s /usr/local/samba/lib/libwbclient.so.0 /usr/lib/

################################Windows for samba#########################################

configure a windows mc and download the exe for Domain administration & services.
Connect to the dns for administration and add users as in windows.
Use the added user to test linux compatibility

#########################################################################
On linux mc to configure the auth to the samba4 server
first configure samba3 and start service
smb.conf

————————Other Linux mc for samba———————————————-
[global]
#–authconfig–start-line–

# Generated by authconfig on 2009/01/28 13:30:34
# DO NOT EDIT THIS SECTION (delimited by –start-line–/–end-line–)
# Any modification may be deleted or altered by authconfig in future

workgroup = EXAMPLE.COM
password server = samba.example.com
realm = SAMBA
security = domain
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
template homedir = /samba/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
#–authconfig–end-line–
; workgroup = EXAMPLE.COM
; security = DOMAIN
; password server = samba.example.com
ldap ssl = no
; idmap uid = 16777216-33554431
; idmap gid = 16777216-33554431
; template homedir = /samba/%U
; template shell = /bin/bash
; winbind separator = +
winbind cache time = 10
; winbind use default domain = Yes
username = %u
add user script = /usr/sbin/adduser –quiet –disabled-password –gecos “” %u

[homes]
comment = Home Directories
path = %H
read only = No

———————————————————————-
configure authentication
system-config-authentication
User info
enable winbind support
Authentication
enable kerberos support

/usr/bin/net join -w EXAMPLE.COM -S samba.example.com -U Administrator

check with
wbinfo -u samba.example.com

April 6, 2009 - Posted by derwynd | Uncategorized