Samba 4 - domain controller: Difference between revisions

From Skytech
Jump to navigation Jump to search
No edit summary
No edit summary
Line 12: Line 12:
== Verify correct filesystem support ==
== Verify correct filesystem support ==
* http://wiki.samba.org/index.php/Samba_4/OS_Requirements#File_System_Support
* http://wiki.samba.org/index.php/Samba_4/OS_Requirements#File_System_Support

== Install/setup ntpd ==
<pre>
# Associate to the public NTP pool servers
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org

# Location of drift file
driftfile /var/lib/ntp/ntp.drift

# Location of the log file
logfile /var/log/ntp

# Location of the update directory
ntpsigndsocket /var/lib/samba/ntp_signd/

# Restrictions
restrict default kod nomodify notrap nopeer mssntp
restrict 127.0.0.1
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
</pre>


= Setup as domain controller =
= Setup as domain controller =

Revision as of 09:54, 2 February 2014


Prereq

Install

apt-get install libacl1-dev libattr1-dev \
   libblkid-dev libgnutls-dev libreadline-dev python-dev \
   python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
   dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl

Verify correct filesystem support

Install/setup ntpd

# Associate to the public NTP pool servers
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org

# Location of drift file
driftfile /var/lib/ntp/ntp.drift

# Location of the log file
logfile /var/log/ntp

# Location of the update directory
ntpsigndsocket /var/lib/samba/ntp_signd/

# Restrictions
restrict default kod nomodify notrap nopeer mssntp
restrict 127.0.0.1
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery

Setup as domain controller

samba-tool domain provision --use-rfc2307 --interactive --use-xattrs=yes

Argument Explanations

--use-rfc2307
    this argument adds POSIX attributes (UID/GID) to the AD Schema. This will be necessary if you intend to authenticate Linux, BSD, or OS X clients (including the local machine) in addition to Microsoft Windows. 

--use-xattrs=yes
    this argument enables the use of unix extended attributes (ACLs) for files hosted on this server. If you intend not have file shares on the domain controller, you can omit this switch (but this is not recommended). You should also ensure that any filesystems that will host Samba shares are mounted with support for ACLs. 

--interactive
    this parameter forces the provision script to run interactively. Alternately, you can review the help for the provision step by running samba-tool domain provision --help