Samba_4_Configuration#

Overview#

This page describes the steps to configure Samba server using DS backend.

Prerequisites#

Install DS.
Install Samba. Replace all occurrence of SAMBA_HOME in this document with the actual installation folder.
Add virtual IP address (e.g. eth0:0).

Configuration#

Create SAMBA_HOME/etc/smb.conf:

[globals]
        netbios name     = samba
        workgroup        = EXAMPLE
        realm            = SAMBA.EXAMPLE.COM
        server role      = domain controller
        system:anonymous = yes
        sid generator    = backend

        krb5 port        = 0
        kpasswd port     = 0

        interfaces           = eth0:0
        bind interfaces only = yes

[netlogon]
        path      = SAMBA_HOME/var/locks/sysvol/samba.example.com/scripts
        read only = no

[sysvol]
        path      = SAMBA_HOME/var/locks/sysvol
        read only = no

Copying Examples#

Copy the examples folder from Samba source directory into Samba installation folder.

Provisioning Samba Backend#

Execute the following command to provision Samba backend:

% cd SAMBA_HOME
% export PYTHONPATH=SAMBA_HOME/lib64/python2.6/site-packages
% share/setup/provision --server-role="domain controller" \
 --domain=EXAMPLE --realm=SAMBA.EXAMPLE.COM \
 --adminpass=Secret123 \
 --ldap-backend-type=fedora-ds \
 --root=root --ldapadminpass=Secret123 \
 --host-name=samba --host-ip=127.0.0.1 \
 --slapd-path=/usr/sbin/ns-slapd --setup-ds-path=/usr/sbin/setup-ds.pl

Server Role:           domain controller
Hostname:              samba
NetBIOS Domain:        EXAMPLE
DNS Domain:            samba.example.com
DOMAIN SID:            S-1-5-21-1463069339-4227668456-4007226777
Admin password:        Secret123
LDAP Backend Admin DN: CN=Manager,DC=samba,DC=example,DC=com
LDAP Admin Password:   Secret123

Starting DS Instance#

% cd SAMBA_HOME
% private/ldap/slapd-samba4/start-slapd

Enabling DS Change Log#

Copy common schema into SAMBA_HOME/private/ldap/slapd-samba4/schema:

% cp /etc/dirsrv/schema/02common.ldif SAMBA_HOME/private/ldap/slapd-samba4/schema

Enable change log plugin:

% ldapmodify -H ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi \
-x -D "cn=Manager,dc=samba,dc=example,dc=com" -w Secret123
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
-

Restart DS:

% cd SAMBA_HOME
% private/ldap/slapd-samba4/stop-slapd
% private/ldap/slapd-samba4/start-slapd

Starting Samba#

% cd SAMBA_HOME
% sbin/samba -i -M single

Create Sync User Account#

Add Sync user:

% ldapadd -H ldap://samba.example.com -x \
-D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" -w Secret123
dn: cn=Sync,cn=Users,dc=samba,dc=example,dc=com
objectClass: user
userPassword: Secret123
sAMAccountName: sync
userAccountControl: 512

Add user into Administrators group:

% ldapmodify -H ldap://samba.example.com -x \
-D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" -w Secret123
dn: cn=Administrators,cn=Builtin,dc=samba,dc=example,dc=com
changetype: modify
add: member
member: cn=Sync,cn=Users,dc=samba,dc=example,dc=com

Verify:

% ldapsearch -H ldap://samba.example.com -x \
-D "cn=Sync,cn=Users,dc=samba,dc=example,dc=com" -w Secret123 \
-b "dc=samba,dc=example,dc=com" -s base

Enable Clear Text Password#

ldapmodify -H ldap://samba.example.com -x \
-D "cn=Administrator,cn=Users,dc=samba,dc=example,dc=com" -w Secret123 \
dn: dc=samba,dc=example,dc=com
changetype: modify
replace: pwdProperties
pwdProperties: 17

Administration#

% fedora-idm-console

Enter the following information:

User ID: cn=Directory Manager
Password: Secret123
Administration URL: http://hostname:port

Users#

% cd samba/source4
% setup/newuser -U Administrator --password=Secret123 edewata
New Password: Secret123

DNS#

Configure DNS using the zone file generated by Samba (/usr/local/samba/private/domain1.com.zone).

References#

Category:Obsolete

Samba_4_Configuration

Contents