Comments on Samba 4 Domain Controller Installation on CentOS 7

For the love of everything, people writing tutorials, stop telling users to disable SELinux. It's very bad practise, no excuses!

Agreed Maciej .Point noted will have it enabled in the next tutorial.

There are two types of people on the planet.  The first type works at Redhat.  The second type isn't paid to figure out why rsyslog rotation has been failing on a selinux problem because it can't write a temp file.  Don't get me wrong:  I've watched selinux evolve from nothing to the hindrance it is now, and I've been rooting for it every step of the way.  Every new RHL (now RHEL) distro that drops, I install an apache server and try to serve a simple page.  When it can't even start the service because of some bug not caught during testing by RH itself, I know the venn diagram of the two groups above has overlap.  And I uninstall my test server and I disable selinux.

Well. Nice on doing a tuturial but I fail to understand why samba is compiled from source since packages are available in cemtos 7.

Further more why does SELinux get disabled if it is very very easy to find the information on how to add rules and change booleans to allow samba to act as a dc.

I strongly suggest the writer of the article actually goes RTFM.

Central authentication and we haphazardly turn of a system that does really well to protect breaches from happening on the main server that does authentication for a whole network.

Makes me wonder where botnets come from.

Bradipo,

Samba 4 rpm on Fedora/Redhat/CentOS does not support AD-DC mode

Samba 4 for ubuntu doesnt support CTDB (cluster config).

Sernet enterprise supplies rpm for centos 7 but you will need to pay for it.

Hence that is the reason I compiled it from the source. Selinux I agreed that I should have it enforced. When I was preparing this document selinux was disabled on my system , but when you setup the environment , please have it enabled .

Let me know how your setup goes , incase you still face any issue I will help you resolve it 

Cheers

Do you need Windows pro OR is a Windows home machine able to join The domain as well?

Win home edition doesn't support domain joining I think

Yes you need Pro, Enterprise or Education versions of Windows to connect the computer to a domain.

Hi There,

 

I have installed centos 7 on VM Player and trying to configure Samba4 AD but I am stuck with below.

 

When I ran samba-tool as shown in article, I got below error. Could you please help here?

samba-tool domain provision --use-rfc2307 --interactive[root@win10-samba4 bin]# samba-tool domain provision --use-rfc2307 --interactive-bash: samba-tool: command not found[root@win10-samba4 bin]# ./samba-tool domain provision --use-rfc2307 --interactiveTraceback (most recent call last): File "./samba-tool", line 33, in <module> from samba.netcmd.main import cmd_sambatoolImportError: No module named samba.netcmd.main

I had the same problem, fixed it by adding the samba path to my path:

# export PATH=$PATH:/usr/local/samba/bin

and, towards the bottom of /etc/profile:

pathmunge /usr/local/samba/bin after

 

Have followed the article step-by-step and have a functioning DC and connected Windows 10 client - thanks for the excellent instructions!

Is there any chance that you could add a section on setting up home and group shares? This is the next step in completing the process, but seems to be more difficult to accomplish than it should be - at least compared with a non-DC samba environment.

"samba-tool: command not found......"

how to solve it? Please..help me...!

Hello Hasan,you can use the samba-tool with full path:/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactiveGreetz!

Hi Micael,

Excellent article and it is working fine for single subnet but when i am trying to work on multiple subnets then the windows systems are not able to contact the pdc server.

My testing network is 192.168.1.0/24 and working environment is 192.168.2.0/24 and 192.168.4.0/24.

I am able to connect to the machine in the 192.168.1.0/24 network but i am unable to connect from 192.168.2.0 & 192.168.4.0.

How to resolve this. Can any one help me.

Hello I had error when i fill,please help..

ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: guess_names: 'realm=CENTONG7.ID' in /usr/local/samba/etc/smb.conf must match chosen realm 'CENTONG.ID'!  Please remove the smb.conf file and let provision generate it

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 471, in run

    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2028, in provision

    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", line 609, in guess_names

    raise ProvisioningError("guess_names: 'realm=%s' in %s must match chosen realm '%s'!  Please remove the smb.conf file and let provision generate it" % (lp.get("realm").upper(), lp.configfile, realm))

 

when i compile my code(make && make install) after we use ( samba-tool domain provision --use-rfc2307 --interactive

bash: samba-tool: command not found...

) this command that time i am face this issue please as soon as possiable reply me...

this command not work proper...

Is this only for windows 10 or i can use it windows7 as well?

samba-tool domain provision --use-rfc2307 --interactiveshowing samba-tool: command not found

hello, good tutorial, well explained

but I get the following error on my windows PC

An error occurred when making a query to the DNS for the resource record

Service Location (SRV) used to locate a domain controller

for the her.local domain:

 

The error was: "The DNS name does not exist."

(error code 0x0000232B RCODE_NAME_ERROR)

 

The request was for the SRV record for _ldap._tcp.dc._msdcs.her.local

 

The following are common causes of this error:

 

-The DNS SRV record is not registered in the DNS.

 

-One or more of the following zones does not include delegation to their zones

high schools:

 

her.local

local

. (the root zone)

Hello. I had the same problem. What have fixed for me was terminating the dnsmasq which was taking control of needed ports for the samba here is the link to the original post https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Samba_DNS_Server_Does_Not_Start

For me was that server had IPV6 enabled, seems this Samba sample doesn't support it.

Disabling IPV6 from server did the trick

No package samba45 available.No package samba45-winbind-clients available.No package samba45-winbind available.No package samba45-clientsamba45-dc available.No package samba45-pidl available.No package samba45-python available.No package samba45-winbind-krb5-locator available.No package perl-Parse-Yappperl-Test-Base available.Package python2-crypto-2.6.1-15.el7.x86_64 already installed and latest versionNo package samba45-common-tools available.Nothing to do

can i help me ,

thanks

 

Hello. Finally i "successfully" run Samba4 AD on Centos 7. Fistly i was strugling with unavailable NIC (mobo with nVidia chipset, had to instal kernel 4.4).

Why quotation marks around "successfully"? I added Win10 Pro to domain, but logging to ANY user account (local or domain) lasts for ages (5 mins or so, or sometimes even login process just breaks). When i shut down Samba4 server or just disconnect network cable (server od Win10 client) then login process is much faster.

I can ping Samba4 server from Win10 client successfully with short name or FQDN. I cannot ping Win10 client from Samba4 server. Pings to direct IP address works fine.

I think poor performance may be due to problem with dns and resolving names. I appended Win10 IP and name to /etc/hosts and its much faster now. But is it the whay it should be done or is it just a workaround?

Hi, I am getting the following error and I am unable to connect from Windows system.One thing I have observed that "samba-tool" and "samba" is not accessible from any path. I need to reach absolute path to access those tool. Can you put some light on it?

 

May 19 14:14:49 server.entranscend samba[22733]: [2018/05/19 14:14:49.780921,  0] ../source4/smbd/service_stream.c:371(stream_setup_socket)

May 19 14:14:49 server.entranscend samba[22733]:   stream_setup_socket: Failed to listen on 0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

May 19 14:14:49 server.entranscend samba[22733]: [2018/05/19 14:14:49.780980,  0] ../source4/dns_server/dns_server.c:649(dns_add_socket)

May 19 14:14:49 server.entranscend samba[22733]:   Failed to bind to 0.0.0.0:53 TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

May 19 14:14:49 server.entranscend winbindd[22736]: [2018/05/19 14:14:49.867996,  0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)

May 19 14:14:49 server.entranscend winbindd[22736]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2

May 19 14:14:49 server.entranscend winbindd[22736]: [2018/05/19 14:14:49.989064,  0] ../lib/util/become_daemon.c:138(daemon_ready)

May 19 14:14:49 server.entranscend winbindd[22736]:   daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections

May 19 14:14:50 server.entranscend smbd[22723]: [2018/05/19 14:14:50.309530,  0] ../lib/util/become_daemon.c:138(daemon_ready)

May 19 14:14:50 server.entranscend smbd[22723]:   daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections

 

Job for samba.service failed because a timeout was exceeded. See "systemctl status samba.service" and "journalctl -xe" for details.

 

please reply 

Hi

In latest versions seems there is a bug in configure code. Add the following to the end of the configure options.

--without-ldb-lmdb

ie for example:- ./configure --enable-debug --with-ads --with-systemd --with-winbind --without-ldb-lmdb

It seems the parameters got a bit messed up when coded. Bug still in there.

Cheers Joe.

I have followed the article step by step but when i am trying to create new user in window nothing pops up

Can't sign issue in windows. after login change domain client. please help.