Installing Samba4 (4.1) on Ubuntu 12.04 LTS
Filed Under (Samba 4, Ubuntu, Windows Networking) by Just An Admin on 23-01-2013
It has been several months now since the Samba 4.1 release is available for download; A version I’ve been looking forward to for a long time now. But the installation documentation and blog posts of users actually installing it are still limited, outdated, to general or incomplete. But I’m very interested to see how this new version works and how well it installs, so I’ll give it a go.
For this setup we will use a basic Ubuntu 12.04.1 LTS (Precise Pangolin) install and the most recent version of Samba 4.1 (GIT source).
Throughout this document i will be using the following information, which you can replace with your own settings:
Servername: SAMBA
DNS Domain name: mydomain.local
NETBIOS Domain name: MYDOMAIN
IP number: 192.168.1.10 with subnetmask 255.255.255.0
Default gateway: 192.168.1.1
Installing Ubuntu 12.04 LTS
For this test we installed Ubuntu 12.04.1 LTS x64 in a VMWare ESXi virtual machine. This will be a standard install with no extra software or packages selected during the initial installation. I will not go in to the installation of Ubuntu in to much detail, as it is very straightforward. We used a 32GB disk which was automatically partitioned. If you know what you’re doing, you can can select a manual partition schema and disk size that suites your wishes.
After the install of Ubuntu is complete and the first boot of the OS has finished, we need to address some minor configurations tasks. First we need to make sure we are up to date on the latest patches and hotfixes:
[cc width=”600″ lang=”bash”]
sudo apt-get update
sudo apt-get upgrade
[/cc]
Install a SSH server.
To make the copy/paste from this guide easier (VMWare console lacks a good copy/paste support) we will install SSH. Besides the ease of copy/paste this is a useful way to manage your server remotely.
[cc width=”600″ lang=”bash”]
sudo apt-get install openssh-server
sudo reboot now
[/cc]
Reboot the server. Use Putty or other SSH client to connect.
Change the root password
Change the password for your root account and make sure you use a password with a solid complexity.
[cc width=”600″ lang=”bash”]
sudo passwd root
[/cc]
Configure a fixed IP for your new server.
Edit /etc/network/interfaces and change the config to set a static IP. Please use your own IP information where applicable:
[cc width=”600″ lang=”bash”]
sudo nano /etc/network/interfaces
[/cc]
[cc width=”600″ lang=”bash”]
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.10 8.8.8.8
dns-search mydomain.local
[/cc]
Now reboot the server
[cc width=”600″ lang=”bash”]
sudo reboot now
[/cc]
After the reboot has finished and you logged on to the server, you can check if the new IP configuration has been applied:
[cc width=”600″ lang=”bash”]
ifconfig
[/cc]
Install a NTP service to sync the time.
Active Directory and Kerberos rely on a correct time and date settings.
[cc width=”600″ lang=”bash”]
sudo apt-get install ntp
[/cc]
Edit /etc/ntp.conf and replace the server with a Time server of your own or use one from http://www.pool.ntp.org/en/. if you are not familiar with this, you can leave the default server (0.ubuntu.pool.ntp.org) as is.
Example:
[cc width=”600″ lang=”bash”]
sudo nano /etc/ntp.conf
[/cc]
and change:
[cc width=”600″ lang=”bash”]
server 0.north-america.pool.ntp.org
[/cc]
To set the time for a first time, do:
[cc width=”600″ lang=”text”]
sudo service ntp stop
sudo ntpdate -B (replace with preferred timeserver)
example: sudo ntpdate -B server 0.north-america.pool.ntp.org
sudo service ntp start
[/cc]
To check if all went well, do:
[cc width=”600″ lang=”bash”]
ntpq -p
[/cc]
Installing Samba 4 (4.1)
Before we can begin installing Samba, we need to install some prerequisites:
[cc width=”600″ lang=”bash”]
sudo apt-get install build-essential libacl1-dev python-dev libldap2-dev pkg-config gdb libgnutls-dev libblkid-dev libreadline-dev libattr1-dev python-dnspython libpopt-dev libbsd-dev attr docbook-xsl libcups2-dev git
[/cc]
We will be installing Samba 4, most current release, from the GIT repository, Samba 4.1.0pre1-GIT-0a4a4ba at the time of writing:
[cc width=”600″ lang=”bash”]
sudo git clone git://git.samba.org/samba.git /usr/src/samba4/
[/cc]
Make sure port 9418 is open on your firewall. GIT uses this port. You will know when you’re in trouble if you get this error: errno=Connection timed out
[cc width=”600″ lang=”bash”]
cd /usr/src/samba4
[/cc]
Use the following line only if you want to fix the install to version 4.1.0, instead of the most recent build. If you want to use 4.1.0 stable, please use the following command:
[cc width=”600″ lang=”bash”]
sudo git checkout tags/samba-4.1.0
[/cc]
Now we continue the installation of Samba:
[cc width=”600″ lang=”bash”]
sudo ./configure –enable-debug
sudo make
[/cc]
You will receive a lot of subcontext() and pointer messages. From what is was able to find so far is that all these warnings can be discarded. That is what i did.
[cc width=”600″ lang=”bash”]
sudo make install
[/cc]
After the install we will add the path to the bin and sbin directory of Samba:
[cc width=”600″ lang=”bash”]
sudo nano /etc/sudoers
[/cc]
and add the following to the end of the Defaults secure_path= before the closing “:
[cc width=”600″ lang=”bash”]
:/usr/local/samba/sbin:/usr/local/samba/bin
[/cc]
and write the changes and exit nano.
Make the same change to the system environment PATH variable:
[cc width=”600″ lang=”bash”]
sudo nano /etc/environment
[/cc]
and add the following to the end of the PATH, before the closing “:
[cc width=”600″ lang=”bash”]
:/usr/local/samba/sbin:/usr/local/samba/bin
[/cc]
and write the changes and exit nano.
Now that Samba is installed, we can start constructing a new domain using the samba-tool domain provision command:
[cc width=”600″ lang=”bash”]
sudo /usr/local/samba/bin/samba-tool domain provision –realm mydomain.local –domain MYDOMAIN –adminpass Pa$$w1rd –server-role=dc
[/cc]
NB. Be sure to pick a strong password. The password complexity requirement is at least one uppercase letter, one number and at least eight characters long. If you have to rerun the command because the password was not strong enough or has failed for any other reason, first remove your partial config, otherwise a new provision will fail. you can do this by running this command: sudo rm /usr/local/samba/etc/smb.conf
If you receive this error:
"ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option"
There is much debate about the solution to solving this problem. Please educate and inform yourself, using google or other resource, on how to fix this problem. One common solution is to add [cc lang=”bash”]–use-ntvfs[/cc] to the end of the provision command to fix this error. But you will be using legacy file server technology, as Mark stated in his comment.
Setting DNS forwarding allows queries the server can’t resolve to be forwarded to another DNS that can. This is required to be able to browse the Internet or download updates during the rest of this post. We will also allow automatic DNS updates. Make the following adjustment to enable forwarding:
[cc width=”600″ lang=”bash”]
sudo nano /usr/local/samba/etc/smb.conf
[/cc]
add or change the following lines, where the IP of the forwarder is your router. If your router does not forward DNS request, use 8.8.8.8 (Google DNS):
[cc width=”600″ lang=”bash”]
dns forwarder = 192.168.1.1
allow dns updates = nonsecure and secure
[/cc]
Now reboot the server
[cc width=”600″ lang=”bash”]
sudo reboot now
[/cc]
Now we need to make this server point to it’s own DNS for resolving.
[cc width=”600″ lang=”bash”]
sudo nano /etc/network/interfaces
[/cc]
And remove the 8.8.8.8 from the dns-nameservers line. Afterwards it looks like this:
[cc width=”600″ lang=”bash”]
dns-nameservers 192.168.1.10
[/cc]
After you have finished the provisioning command successfully and made teh required changes for DNS forwarding, we are ready to start the Samba server and see if all works as expected.
[cc width=”600″ lang=”bash”]
sudo /usr/local/samba/sbin/samba start
[/cc]
A working DNS server is required for Samba or any Active Directory to function properly, specifically Kerberos will fail. We will be using the default DNS service that comes with Samba. If you specify --dns-backend=SAMBA_INTERNAL in the above mentioned provision command or didn’t specify this options at all, the internal DNS of Samba will be installed.
As our DNS server was already installed with Samba, we now need to test if the DNS is functioning properly. We will test a few basic DNS queries and see if they return a valid repsonse:
[cc width=”600″ lang=”bash”]
host -t SRV _ldap._tcp.mydomain.local.
[/cc]
Should return something like:
_ldap._tcp.mydomain.local has SRV record 0 100 389 samba.mydomain.local.
[cc width=”600″ lang=”bash”]
host -t SRV _kerberos._udp.mydomain.local.
[/cc]
Should return something like:
_kerberos._udp.mydomain.local has SRV record 0 100 88 samba.mydomain.local.
[cc width=”600″ lang=”bash”]
host -t A samba.mydomain.local.
[/cc]
Should return something like:
samba.mydomain.local has address 192.168.1.10
If the DNS works as expected, we will test if Kerberosis running correctly. First we install the Kerberos 5 utilities:
[cc width=”600″ lang=”bash”]
sudo apt-get install krb5-user
[/cc]
Once the Kerberos utilities are installed, we will try to log on to the domain using Kerberos. Be sure to log on using the password you specified in the provision command.
[cc width=”600″ lang=”bash”]
kinit administrator
[/cc]
Should return something like:
Warning: Your password will expire in 41 days on Tue Mar 5 15:23:03 2013
You can check if a Kerberos ticket has been processed correctly using the following command:
[cc width=”600″ lang=”bash”]
klist
[/cc]
This should return something like:
Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: administrator@MYDOMAIN.LOCAL Valid starting Expires Service principal 23/01/2013 13:27 23/01/2013 23:27 krbtgt/MYDOMAIN.LOCAL@MYDOMAIN.LOCAL renew until 24/01/2013 13:27
Finally we will test the SMB function of the domain and see if all shares required for a functional Active Directory are up and running. Especially the netlogon and sysvol share should be visible.
[cc width=”600″ lang=”bash”] /usr/local/samba/bin/smbclient -L localhost -U% [/cc] Should return something like:
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-0a4a4ba] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.1.0pre1-GIT-0a4a4ba) Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-0a4a4ba] Server Comment --------- ------- Workgroup Master --------- -------
And finally we will check if the user administrator can log in using SMB:
[cc width=”600″ lang=”bash”]
/usr/local/samba/bin/smbclient //localhost/netlogon -U ‘administrator’
[/cc]
Should return something like:
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-0a4a4ba]
Type quit to exit the SMBClient prompt.
We are done! Congratulations, we have installed a Samba4 server on Ubuntu 12.04.
Init script for auto start
When rebooting the server, it would be nice if the Samba service would start automatically. The following init.d startup script will take care of that:
[cc width=”600″ lang=”bash”]
sudo nano /etc/init.d/samba4
[/cc]
and add the following:
[cc escaped="true" width=”600″ lang=”text”]
#! /bin/sh
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Samba daemons
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
SAMBAPID=/var/run/samba/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /usr/local/samba/sbin -a -r /usr/local/samba/etc/ || exit 0
. /lib/lsb/init-functions
case “$1” in
start)
log_daemon_msg “Starting Samba 4 daemon” “samba”
if ! start-stop-daemon –start –quiet –oknodo –exec /usr/local/samba/sbin/samba — -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg “Stopping Samba 4 daemon” “samba”
start-stop-daemon –stop –quiet –name samba $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
*)
echo “Usage: /etc/init.d/samba {start|stop|restart|force-reload}”
exit 1
;;
esac
exit 0
[/cc]
After you have created the file, be sure to change the permissions and set the script to autostart using update-rc.d:
[cc width=”600″ lang=”bash”]
sudo chmod 755 /etc/init.d/samba4
sudo update-rc.d samba4 defaults
[/cc]
Homefolders for Acitve Directory users
First we need to create a folder where all the Home folders will reside:
[cc width=”600″ lang=”bash”]
sudo mkdir -m 770 /Users
sudo chmod g+s /Users
sudo chown root.users /Users
[/cc]
Next we will add the the following to /usr/local/samba/etc/smb.conf:
[cc width=”600″ lang=”bash”]
[Users]
directory_mode: parameter = 0700
read only = no
path = /Users
csc policy = documents
[/cc]
You can either map that by using net use h: \\samba\Users\%USERNAME% or by adding the same path to the home folder paragraph under the profile tab of the AD user. The home folder will be created automatically if you use the last option.
Before you add a workstation to this new domain, be sure to point the DNS server on this client to the new domain controller. Now join the domain as you would with a Windows domain.
Extra tips:
- samba -b (shows paths to application and config files)
- Install the Windows Server 2003 Service Pack 2 Administration Tools Pack for x86 editions to manage the Active Directory server from a Windows client :
http://www.microsoft.com/en-us/download/details.aspx?id=6315 - If you want to debug your Samba server, please use the following command to start Samba in single user and debug mode. This will log all information to stdout and makes debugging easy.
gdb --args /usr/local/samba/sbin/samba -i -M single
- Use the command /usr/local/samba/sbin/samba -V to see what version of Samba you’re running, or try /usr/local/samba/bin/smbclient –version
Parts of the following online resources were used for this tutorial:
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
http://praxis.edoceo.com/howto/samba4
http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04
http://frednotes.wordpress.com/2012/09/27/samba-4-as-a-domain-controller/
Updates:
24-1-2013 added init.d startup script
10-2-2013 added update-rc.d for autostart and added home folder creation
11-2-2013 corrected DNS forwarder and DNS updates for smb.conf
22-4-2013 changed the password example in the provisioning command to comply with minimum password requirements
28-6-2013 changed the ‘allow dns updates’ value in smb.conf as the new GIT commit does not support ‘True’ anymore. Thanks José
3-7-2013 changed the way the PATH environment variable is set. It is now made permanent by adding it to the ~/bashrc
4-7-2013 changed the creation of the Home Folders to allow for auto creation through ADUC. This seemed broken.
6-1-2014 added root password change and a PATH change for sudoers and system env. Added a tip by DoitDave: fixing the git branche to 4.1.0
25-2-2014 added a comment to the ‘solution’ of adding –ntvfs to solve the ACL error. As Mark commented, this ‘solution’ is using old technology.
Hi
I found problem when installing samba4 in ubuntu server 12.04. My problem is when I run
host -t SRV _ldap._tcp.mydomain.local
occure:
Host _ldap._tcp.mydomain.local not found: 3(NXDOMAIN)
please help.
Thanks
I have some problem like Wael. My sistem is Ubuntu 12.04 desktop, clean install like you said. Here is /etc/krb5.conf:
[libdefaults]
default_realm = acasa.local
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn’t know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
}
fcc-mit-ticketflags = true
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = vice28.fs.andrew.cmu.edu
kdc = vice2.fs.andrew.cmu.edu
kdc = vice11.fs.andrew.cmu.edu
kdc = vice12.fs.andrew.cmu.edu
admin_server = vice28.fs.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementia.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = vice28.fs.andrew.cmu.edu
kdc = vice2.fs.andrew.cmu.edu
kdc = vice11.fs.andrew.cmu.edu
kdc = vice12.fs.andrew.cmu.edu
admin_server = vice28.fs.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementia.org
kdc = kerberos2.dementia.org
admin_server = kerberos.dementia.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
master_kdc = krb5auth1.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
[login]
krb4_convert = true
krb4_get_tickets = false
@Badday, could you change the following:
default_realm = acasa.local
to
default_realm = ACASA.LOCAL
and try again?
Hi,
I’ve following your great toto and all works perfectly until i’ve try to connect to samba as administrator. This is the return :
root@ubuntuAD:~# /usr/local/samba/bin/smbclient //localhost/netlogon -U administrator
Enter administrator’s password:
Domain=[EQUINOXE] OS=[Unix] Server=[Samba 4.2.0pre1-GIT-944e9fb]
tree connect failed: NT_STATUS_INTERNAL_ERROR
Have you an idea for this failure ?
Thanks !
you can also get the binary packages for samba 4.1 from sernet: https://www.enterprisesamba.com
Thanks a thousand times. The first out of (you don’t dare asking how many!) tutorials which worked just without any shit.
I would only add that, as the 4.1 git branch evolves, too, it is a good idea to do
cd /usr/src/samba4
git checkout tags/samba-4.1.0
which is the official release tag for 4.1 and with which I had no difficulties while installing it on a Ubuntu 12.4.3 (latest upgrades) x64 server.
Again: Thanks so much for this tutorial! So appreciated!
Additional hint, because I ran into that many times before after desperately switching branches and stuff: I had set up a bare 12.4.3 server with nothing else installed, not even LAMP. And immediately followed this tutorial here.
However, if you had several unsuccessful tests before, you should at least remove the installation dir (mostly /usr/local/samba and below) before starting your compilation. If you don’t, you are likely to have settings confused and get stuck, just like I did.
sudo ./configure –enable-debug
give me the following messages:
Checking for custom code : Could not find the python development headers
/usr/src/samba4/wscript:93: error: the configuration failed (see ‘/usr/src/samba4/bin/config.log’)
I work on ubuntu 13.10 64bit
Passing the NTVFS option is not the solution at all. The solution is to remount the filesystem serving the files with the acl flag and not to create hundreds of people stuck on the old legacy fileserver that the samba4 people no longer maintain.
Hi,
Installation works fine, even join domain Windows and Linux also work fine.. but I’m trying to achieve Roaming Profile and Login script for Linux Desktops.
Hi,
Great tutorial, thank you! Everything worked as expected using Samba 4.1.6 up until the point of trying kinit, where the password prompt gave me an error.
I solved it by running:
sudo samba-tool user set password administrator
and resetting the password.
Hi,
First off I’d like to say thanks – everything is working perfectly (had a few issues initially but think I may havbe missed a step, following exactly this just works)
I’ve posted in a couple of places as I have a specific requirement, but you seem to know it all, so I thought I’d ask the question that is realyy bugging me.
A lot of other tutorials refer to smb.conf being in /etc/samba. Obviously v4.1 upwards uses /usr/local/samba/etc.
Is there any reason for this change of directory? It’s causing me a big headache with openchange (don’t ask me why but openchange decides to reprovision samba) and from what I can see it’s looking in the wrong place. Now have I done something wrong or am I just waiting for other developers to catch up with the latest release?
When installing from Source, like in this guide, Samba is indeed placed in /usr/local.
It is my understanding that software you compiled yourself is places in /usr/local/ to separate them from the distribution installs (/etc/ location), using apt.
“… is widely regarded as a good place in which to keep self-compiled or third-party programs”
http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/usr.html
“…is for use by the system administrator when installing software locally”
http://www.linuxbase.org/betaspecs/fhs/fhs/ch04s09.html
Hi there!
Great article! Just wanted to inform you and your readers that my new book: Implementing Samba 4 is now published! Until friday you may get a free digital version if you be one of the three luck ones:
http://www.eall.com.br/blog/?p=3071
I’m willing to provide free copies to people willing to write about the book (good, not so good, bad and etc). Any comment would be appreciated!
–Leal
Hello together,
i have followed your tutorial and ich have problems with the reverselookupzone.
When I try this, its working
host -t SRV _ldap._tcp.mydomain.local.host -t SRV _kerberos._udp.mydomain.local.host -t A samba.mydomain.local.
But when i try “nslookup IP” he doesn’t find a reverse lookupzone (ip.in.addr-arpa).
I use the internel DNS-Server of samba4
–Oliver
hi,
i was working on installation part and while executing
./configure –enable-debug
i got this error .
Checking for custom code : Could not find the python development headers
/home/sai/samba-4.1.14/wscript:100: error: the configuration failed (see ‘/home/sai/samba-4.1.14/bin/config.log’)
please do help. Thanks
HI all,
think it is once of the best how to´s to make an DC!
Thank you very much for this howTo
But I always fail after the installing / configuring samba part.
The install and configuring works fine and all seems to be correct.
Installing krb5-user works also but then the trouble comes if I type “kinit administrator” with the failure Preauthentication …, and I think it depends once that the kerberos server have to be installed and second that the “administrator” user have to be insert into the kerberos database.
I searched for some info and all sites I´ve found tell me different things.
Have some guys also trouble by these step or have someone a solution?
It would be nice when we find together a solution.
I also use Ubunut 32bit 12.04 Server version!
This tutorial is great, it seems to work even I got a small problem.
I have install on ubuntu 64 bit version 15.04 and samba 4.3 from the git.
This command don’t work
kinit administrator
It give the error:
kinit: KDC reply did not match expectations while getting initial credentials.
I should say when installing krb5-user, I got some questions I didn’t know all the answers to. So I put in what I think was the obvious right answers.
I can add a machine without error.
I can login from that machine with my administrator account.
I can add a new user, but the new user can’t login on my machine
just an update…
kinit work if you do it as:
kinit administrator@MYDOMAIN.LOCAL
then klist will show information.
Hi, great post, I am trying to setup an Ubuntu server on EC2 have followed the prerequisites but getting stuck below:
ubuntu@ip-172-31-16-216:~$ sudo make install
make: *** No rule to make target `install’. Stop.
ubuntu@ip-172-31-16-216:~$
Always thought make was pre installed any ideas as:
sudo apt-get install build-essential
runs without errors thanks a lot.
[…] Installing Samba4 (4.1) on Ubuntu 12.04 LTS […]
Update to my original post:
I can add a new user, but the new user can’t login on my machine
That was a Windows 7 error somehow. A brand new installation worked without any trouble.
Great tutorial.