[Samba] Samba 4 Additional DC existing domain
Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Hello Dino, Am 11.06.2013 17:11, schrieb Dino Edwards: Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Also do what Marc says samba -i -M single and see where samba is failing the startup. Ricky On Tue, Jun 11, 2013 at 10:38 AM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Hello Dino, Am 11.06.2013 17:11, schrieb Dino Edwards: Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot Did you followed *all* steps from the http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
On 6/11/2013 10:58 AM, Ricky Nance wrote: Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Also do what Marc says samba -i -M single and see where samba is failing the startup. If I migh add issue the command with some debug level so you see some more info: samba -i -M single -d3 Cheers Ricky On Tue, Jun 11, 2013 at 10:38 AM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Hello Dino, Am 11.06.2013 17:11, schrieb Dino Edwards: Using Ubuntu 10.04 LTS 32-bit. Tried following the wiki to install an additional DC in an existing AD domain. Here are the steps I took: 1. Installed the Ubuntu prerequisites and then I built from source. It compiled and installed successfully to /usr/local/samba 2. Skipped Step 1 Provision Samba according to the wiki It's not required to install as an additional DC in existing domain 3. Went to step 2 Starting your Samba AD DC located here: http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 4. Set /etc/krb5.conf with the following: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true default_realm = mydomain.local 5. Ran kinit Administrator and put in the domain admin password and I got absolutely no output. The command ran and I got no error or any indication that anything happened. Apparently I'm supposed to get something like this: 6. Ticket cache: FILE:/tmp/krb5cc_0 7. Default principal: administrator@mydomain.local 8. 9. Valid starting ExpiresService principal 10.11/11/12 17:29:51 11/12/12 03:29:51 krbtgt/ Additionally, running /usr/local/samba/sbin/samba does nothing also. When I c heck for any samba running processes I get nothing. I'm stuck. I would appreciate some assistance on this. Thanks a lot Did you followed *all* steps from the http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DChttp://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
I'm pretty sure I did unless I'm missing something. According to what I'm reading, the very first step is running the kinit administrator command which of course shows no output on the screen. So, to address the second suggestion when I run: /usr/local/samba/sbin/samba -i -M single I get this: samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks Dino Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Can you start Samba with the following command and see, what it outputs: # samba -i -M single Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of David González Herrera - [DGHVoIP] Sent: Tuesday, June 11, 2013 12:02 PM To: Ricky Nance Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 4 Additional DC existing domain On 6/11/2013 10:58 AM, Ricky Nance wrote: Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Also do what Marc says samba -i -M single and see where samba is failing the startup. If I migh add issue the command with some debug level so you see some more info: samba -i -M single -d3 When I run: /usr/local/samba/sbin/samba -i -M single -d3 I get the following: samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered NTPTR backend 'simple_ldb' NTVFS backend 'default' for type 1 registered NTVFS backend 'posix' for type 1 registered NTVFS backend 'unixuid' for type 1 registered NTVFS backend 'unixuid' for type 3 registered NTVFS backend 'unixuid' for type 2 registered NTVFS backend 'cifs' for type 1 registered NTVFS backend 'smb2' for type 1 registered NTVFS backend 'simple' for type 1 registered NTVFS backend 'cifsposix' for type 1 registered NTVFS backend 'default' for type 3 registered NTVFS backend 'default' for type 2 registered NTVFS backend 'nbench' for type 1 registered PROCESS_MODEL 'single' registered PROCESS_MODEL 'onefork' registered PROCESS_MODEL 'prefork' registered PROCESS_MODEL 'standard' registered AUTH backend 'sam' registered AUTH backend 'sam_ignoredomain' registered AUTH backend 'anonymous' registered AUTH backend 'winbind' registered AUTH backend 'winbind_wbclient' registered AUTH backend 'name_to_ntstatus' registered AUTH backend 'unix' registered SHARE backend [classic] registered. SHARE backend [ldb] registered. At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server task -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Kinit doesn't have output on all systems (ubuntu is one of them) after running that, klist should show that you have an active ticket. Running: Klist I get the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@MYDOMAIN.LOCAL Valid starting ExpiresService principal 06/11/13 12:22:52 06/11/13 22:22:42 krbtgt/MYDOMAIN.LOCAL@MYDOMAIN.LOCAL renew until 06/12/13 12:22:52 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Am 11.06.2013 18:21, schrieb Dino Edwards: samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote' You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. Because, if you haven't joined the domain, then you don't have an smb.conf either. And without a smb.conf, you get this error, too If you have an smb.conf, then please post it. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I wasn't aware that I had to run klist in Ubuntu in order to get the output that I needed. Once I did that, I went ahead and followed the steps to join the domain and I was able to get it working. Now I have a smb.conf file like I should. However, now I have a few other questions if you could be so kind to answer. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. Is this behavior because I'm not using Bind with the samba 4 DC but instead I'm using the int ernal samba DNS? What do I need to do to rectify that? I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Thanks in advance. Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
did you put in a dns forwarder = ip.of.external.dns.server line? 2013/6/11 Dino Edwards dino.edwa...@mydirectmail.net You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I wasn't aware that I had to run klist in Ubuntu in order to get the output that I needed. Once I did that, I went ahead and followed the steps to join the domain and I was able to get it working. Now I have a smb.conf file like I should. However, now I have a few other questions if you could be so kind to answer. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. Is this behavior because I'm not using Bind with the samba 4 DC but instead I'm using the int ernal samba DNS? What do I need to do to rectify that? I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Thanks in advance. Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
Hello Dino, Am 11.06.2013 22:04, schrieb Dino Edwards: I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I changed the HowTo a bit, to make it more clear, that the output shown is from klist and not kinit. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. You have to add dns forwarder = 8.8.8.8 to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host is, to which you want to forward queries to, your Samba isn't authoritative for. I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? You can use the IP of any host, that is able to resolve your AD DNS domain(s). And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Yes, you need something that start the service if you want Samba to come up on reboots. See https://wiki.samba.org/index.php/Samba4/InitScript Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
On Tue, Jun 11, 2013 at 3:19 PM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: I changed the HowTo a bit, to make it more clear, that the output shown is from klist and not kinit. Marc, thanks for adding that :). Also dns forwarder = 8.8.8.8 the 8.8.8.8 there is a Google dns server, so that ip WILL work :) but if you have a local one you'd rather use, then use it. (8.8.4.4 is another google one if I recall right) Ricky -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
-Original Message- From: Marc Muehlfeld [mailto:sa...@marc-muehlfeld.de] Sent: Tuesday, June 11, 2013 4:19 PM To: Dino Edwards Cc: samba@lists.samba.org Subject: Re: [Samba] Samba 4 Additional DC existing domain Hello Dino, I changed the HowTo a bit, to make it more clear, that the output shown is from klist and not kinit. Awesome, thanks! When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. You have to add dns forwarder = 8.8.8.8 to your smb.conf and restart Samba. Adapt 8.8.8.8 to whatever you host is, to which you want to forward queries to, your Samba isn't authoritative for. I added it in the [global] section of the smb.conf and it seems to work I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? You can use the IP of any host, that is able to resolve your AD DNS domain(s). And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Yes, you need something that start the service if you want Samba to come up on reboots. See https://wiki.samba.org/index.php/Samba4/InitScript Awesome that worked too. Cheers, Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Additional DC existing domain
That's exactly what I did From: Michael De Groote [mailto:i...@sint-pietersschool.be] Sent: Tuesday, June 11, 2013 4:15 PM To: Dino Edwards Cc: Marc Muehlfeld; samba@lists.samba.org Subject: Re: [Samba] Samba 4 Additional DC existing domain did you put in a dns forwarder = ip.of.external.dns.server line? 2013/6/11 Dino Edwards dino.edwa...@mydirectmail.netmailto:dino.edwa...@mydirectmail.net You haven't answered my previous question: Did you followed *all* steps from the http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC HowTo? I didn't saw, in the steps you had listed, that you joined the domain, etc. I believe I answered it albeit indirectly. One of the first steps of joining a domain as a DC was to run the kinit command and upon success proceed with joining the domain. Since I wasn't getting any output from running that command, I stopped and didn't go any further with joining the domain because I thought there was something wrong. I wasn't aware that I had to run klist in Ubuntu in order to get the output that I needed. Once I did that, I went ahead and followed the steps to join the domain and I was able to get it working. Now I have a smb.conf file like I should. However, now I have a few other questions if you could be so kind to answer. When I pointed one of the windows machines to use the samba 4 DC as its DNS server, I was able to resolve hosts in the mydomain.local domain. However, I wasn't able to resolve hosts outside my domain. A Windows DNS server is able to do that. Is this behavior because I'm not using Bind with the samba 4 DC but instead I'm using the int ernal samba DNS? What do I need to do to rectify that? I'm also assuming that I should use 127.0.0.1 or the IP of the samba 4 DC as the DNS server of the samba 4 DC in /etc/network/interfaces file vs. pointing to the Windows DC. Is that a correct assumption? And finally, rebooting the server does not automatically start samba. I have to start it manually. Do I need to create a script in /etc/init.d/ and if that's the case, is there a template for that somewhere? Thanks in advance. Dino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
