Setting up Samba4 as PDC and BDC

on slackware64 14.2

Requirements

find /var/log/packages/ | grep samba
#slackpkg install samba

Hostname issues

The domain provisioning creates some certificates. Therefore, to avoid any issues, use the same name for your dc service as your local FQDN. For example host.example.local or change your system hostname to dc1.example.local.

Installation

vi /etc/hosts

INTERNAL-IP dc1.example.local dc1

pwgen
samba-tool domain provision --use-rfc2307 --interactive --option="interfaces=lo INTERNAL-NIC" --option="bind interfaces only=yes"

ls -lhF /var/lib/samba/private/tls

vi /etc/resolv.conf

domain example.local
nameserver INTERNAL-IP

Note. some additional tuning may be required for NIS extensions to be enabled.

Ready to go

Disable the provided init scripts (seems outdated, as there is no need to start smbd and nmbd speparately),

ls -lhF /etc/rc.d/rc.samba
chmod -x /etc/rc.d/rc.samba

Start the daemon while watching the logs,

tail -n0 -F /var/log/* /var/log/samba/*
/usr/sbin/samba
pgrep -a samba

and do not forget to enable it at boot time,

vi /etc/rc.d/rc.local

echo -n Starting Samba 4 on `grep 'interfaces =' /etc/samba/smb.conf`...
/usr/sbin/samba && echo \ Done

vi /etc/rc.d/rc.local_shutdown

echo -n Shutting down Samba4...
pkill samba && echo \ Done

chmod +x /etc/rc.d/rc.local_shutdown

Accept local network resolution/forwarding,

host opendns.com
#host opendns.com 127.0.0.1

And proceed with some further testing from some client.

Maintenance

Restart the service,

tail -n0 -F /var/log/* /var/log/samba/*
pgrep -a samba
pkill samba
pgrep -a samba
/usr/sbin/samba
pgrep -a samba

User Management

Create a new user quick and dirty,

pwgen
samba-tool user add user1

or with some details,

pwgen
samba-tool user add user2 --given-name="user2 firstname" --surname="user2 surname" --mail-address=pbraun@nethence.com --login-shell=/bin/bash

and check,

samba-tool user list

review the password policy and statuses,

samba-tool domain passwordsettings show

and eventually changing the policy,

samba-tool domain passwordsettings -h
...

Backup DC

Same DNS and Kerberos setup as for a member. Then joining the domain as DC,

samba-tool domain join example.local DC -U"EXAMPLE\administrator" --dns-backend=SAMBA_INTERNAL --option="interfaces=lo INTERNAL-NIC" --option="bind interfaces only=yes"

Troubleshooting

To start from scratch,

#pkill samba
#removepkg samba
#rm -rf /etc/samba/ /var/lib/samba 
#slackpkg install samba

If you get this msg,

==> /var/log/syslog <==
Feb 27 23:49:52 lenovo smbd[5653]: [2018/02/27 23:49:52.355883,  0] ../source3/smbd/server.c:1440(main) 
Feb 27 23:49:52 lenovo smbd[5653]:   server role = 'active directory domain controller' not compatible with running smbd standalone.  
Feb 27 23:49:52 lenovo smbd[5653]:   You should start 'samba' instead, and it will control starting smbd if required 
Feb 27 23:49:52 lenovo nmbd[5654]: [2018/02/27 23:49:52.402628,  0] ../source3/nmbd/nmbd.c:923(main) 
Feb 27 23:49:52 lenovo nmbd[5654]:   server role = 'active directory domain controller' not compatible with running nmbd standalone.  
Feb 27 23:49:52 lenovo nmbd[5654]:   You should start 'samba' instead, and it will control starting the internal nbt server 

==> do not use rc.samba. Use samba directly as described above.

References

user mgmt