After Windows 2012 and vSphere 5.1 big announcement, samba also announced the first release candidate for version 4. This version is suppose to bring Unix the Microsoft Active Directory but is it true ?
Let’s take a good debian with the following package
# apt-get install build-essential libacl1-dev libattr1-dev \ libblkid-dev libgnutls-dev libreadline-dev python-dev \ python-dnspython gdb pkg-config libpopt-dev libldap2-dev \ dnsutils libbsd-dev lsb
Then get samba4 tarball ( debian package is not yet finalized as far as I saw ) and compile with
root@smb:/home/fjacquet/samba-master# ./configure.developer \ --with-ads --enable-iprint --enable-cups --enable-avahi \ --with-acl-support --with-dnsupdate --with-aio-support \ --fatal-errors
And when compile is done
root@smb:/home/fjacquet/samba-master# make install
We are ready to create a new domain controller (samba-tool is the all in one magic tool)
root@smb:/# /usr/local/samba/bin/samba-tool domain provision \ --realm feedback.eu.org --domain FEEDBACK \ --adminpass xxx --server-role=dc Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=feedback,DC=ch Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=feedback,DC=eu,DC=org Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: smb NetBIOS Domain: feedback DNS Domain: feedback.eu.org DOMAIN SID: S-1-5-21-2735747792-3624078016-2815364829 A phpLDAPadmin configuration file suitable for administering the Samba 4 LDAP server has been created in /usr/local/samba/private/phpldapadmin-config.php.
Thanks for that ! I know have samba taking care of Kerberos, SMB traffic, DNS and LDAP ! As the Active directory and no other package integration needed ( but still it create file templates for kerberos. Like in previous versions, you can decide to use ISC bind and OpenLDAP but … it is now optional, Samba team is proud of their version !
As you see, all services dns entries are ready
root@smb:/usr/local/samba/sbin# host -t SRV _ldap._tcp.feedback.eu.org. 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: _ldap._tcp.feedback.ch has SRV record 0 100 389 smb.feedback.org.
The same for kerberos
root@smb:/usr/local/samba/sbin# kinit Administrator Password for Administrator@FEEDBACK.EU.ORG: Warning: Your password will expire in 41 days on Wed Nov 7 08:07:09 2012 root@smb:/usr/local/samba/sbin#
No the funny part is to take a Windows 2003R2 VM and to make it join the domain and manage the domain as another DC : It works just fine ! And you use MS admin pack to manage samba
For any SMB enterprise with limited fund, that’s just a very nice way to put some redundancy at very low cost. Same for every one needing a DC for some lab like vCenter or Sharepoint 😉
Awesome job team !