Difference between revisions of "Samba-dc"
Bunkobugsy (talk | contribs) |
Bunkobugsy (talk | contribs) |
||
| Line 84: | Line 84: | ||
Provisioning will also reserve the administrator user in SME for domain administrator, make sure it is not already used. | Provisioning will also reserve the administrator user in SME for domain administrator, make sure it is not already used. | ||
===Provisioning=== | ===Provisioning=== | ||
| − | By default provisioning will use for realm current Windows workgroup name and append .INTERNAL to it. | + | By default provisioning will use for realm current Windows workgroup name (default: sme-server) and append .INTERNAL to it. |
Active Directory DC locating algorithm relies on DNS resolution, samba internal DNS back end will handle this via SME's domain-remote | Active Directory DC locating algorithm relies on DNS resolution, samba internal DNS back end will handle this via SME's domain-remote | ||
| Line 90: | Line 90: | ||
Make sure realm does not match any secondary domain set up or it will be overwritten. | Make sure realm does not match any secondary domain set up or it will be overwritten. | ||
| + | |||
| + | WARNING: make sure to change Windows workgroup name before provisioning because domain rename is not supported. | ||
| + | provision | ||
===Testing=== | ===Testing=== | ||
After a successful provisioning you can confirm the domain functionality | After a successful provisioning you can confirm the domain functionality | ||
domaininfo | domaininfo | ||
sambastatus | sambastatus | ||
| − | realm -v discover | + | realm -v discover SME-SERVER.INTERNAL #in this example |
kinit -V administrator | kinit -V administrator | ||
klist | klist | ||
| − | Other tools available | + | sambatool user list |
| − | + | sambatool computer list | |
| + | Other tools available for debugging | ||
| + | sambatool | ||
| + | syncadusers | ||
===Uninstall=== | ===Uninstall=== | ||
/sbin/e-smith/db yum_repositories delete fasttrack-updates | /sbin/e-smith/db yum_repositories delete fasttrack-updates | ||
| − | |||
signal-event dnf-modify | signal-event dnf-modify | ||
dnf remove {{#var:smecontribname}} | dnf remove {{#var:smecontribname}} | ||
| + | |||
| + | /sbin/e-smith/db domains delete sme-server.internal #in this example | ||
| + | signal-event domain-modify | ||
===Bugs=== | ===Bugs=== | ||
Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}} | Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title= bugzilla}} | ||
Revision as of 22:41, 10 December 2024
 | |
| samba-dc logo | |
| Maintainer | maintainer |
|---|---|
| Url | https://wiki.koozali.org |
| Category | |
| Tags | File, this, with, a, list, of, tags |
Maintainer
initial work of Bunkobugsy
Version
Description
This package provides templates for samba Active Directory support. More details found here.
It will replace upstream samba packages with AD enabled ones from SIG/FastTrack repo. More details found here.
Installation
/sbin/e-smith/db yum_repositories set fasttrack-updates repository \ Name 'Rocky Linux 8.10 - SIG FastTrack Updates' \ BaseURL 'http://dl.rockylinux.org/$sigcontentdir/$releasever/fasttrack/$basearch/fasttrack-updates/' \ EnableGroups no \ GPGCheck no \ Visible yes \ Priority 9 \ status enabled
signal-event dnf-modify
dnf --enablerepo=smecontribs install smeserver-samba-dc
Configuration
you can list the available configuration with the following command :
config show samba
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
| property | default | values |
|---|---|---|
| SambaIP | numeric | |
| Password | string | |
| status | disabled | enabled,disabled |
Add samba virtual interface
Samba in AD mode provides services that need a separate virtual interface.
A free static IP address needs to be chosen from the same range as SME's local network that is outside the DHCP pool.
WARNING: changing this IP address after the domain is provisioned can cause problems and is not supported.
/sbin/e-smith/db configuration setprop samba SambaIP a.b.c.d
Set domain administrator password
Provisioning will fail unless a password is chosen that matches the complexity requirements. More details found here.
Random Strong Password Generator can be used.
WARNING: make sure to keep a copy of this password and do not modify this key after the domain is provisioned.
/sbin/e-smith/db configuration setprop samba Password Blu3Onyx!
Provisioning will also reserve the administrator user in SME for domain administrator, make sure it is not already used.
Provisioning
By default provisioning will use for realm current Windows workgroup name (default: sme-server) and append .INTERNAL to it.
Active Directory DC locating algorithm relies on DNS resolution, samba internal DNS back end will handle this via SME's domain-remote feature.
Make sure realm does not match any secondary domain set up or it will be overwritten.
WARNING: make sure to change Windows workgroup name before provisioning because domain rename is not supported.
provision
Testing
After a successful provisioning you can confirm the domain functionality
domaininfo sambastatus realm -v discover SME-SERVER.INTERNAL #in this example kinit -V administrator klist sambatool user list sambatool computer list
Other tools available for debugging
sambatool syncadusers
Uninstall
/sbin/e-smith/db yum_repositories delete fasttrack-updates signal-event dnf-modify
dnf remove smeserver-samba-dc
/sbin/e-smith/db domains delete sme-server.internal #in this example signal-event domain-modify
Bugs
Please raise bugs under the SME-Contribs section in bugzilla
and select the smeserver-samba-dc component or use this link
Below is an overview of the current issues for this contrib:
Changelog
Only released version in smecontrib are listed here.
