How To Install Samba4 Active Directory on CentOS 7 Part 1

Posted by

What is Samba4? this is information about Samba4 from Samba.org

Samba4 is a massive reworking of the Samba 3 implementation, with a goal of providing full Active Directory, domain controller and file server support for all current Windows clients. What is Samba4 meant to accomplish? In simplest terms, Samba4 is an ambitious, yet achievable, reworking of the Samba code. Major features for Samba4 already include:

  1. Support for the ‘Active Directory’ logon and administration protocols that support Windows XP, Windows7, and Mac OS X clients
  2. Support for Group Policy definitions
  3. New ‘full coverage’ testsuites
  4. Full NTFS semantics for sharing backends
  5. An internal LDAP server, with AD semantics
  6. An internal Kerberos server, including PAC support
  7. Bind9 integration for AD DNS support (with DLS)
  8. Fully asynchronous internals
  9. Flexible process models
  10. Better scalability from micro to very large installations
  11. New RPC infrastructure (PIDL)
  12. A flexible database architecture (LDB)
  13. Python support – used extensively for client and management tools
  14. Generic security subsystem (GENSEC)
  15. Over 50% auto-generated code!

One of the goals of Samba4 is to implement an Active Directory compatible Domain Controller

On this section, i will explain how to Compile, Install and Provisioning Samba4 so that can used. For easy understanding, this is some information to known formerly.

Domain : imanudin.net
Hostname : samba4
IP Address : 192.168.26.11

# Disable Selinux & Firewall

Open file /etc/sysconfig/selinux and change SELINUX=enforcing become SELINUX=disabled. Also disable some service such as iptables, ip6tables and firewalld.

setenforce 0
service firewalld stop
service iptables stop
service ip6tables stop
systemctl disable firewalld
systemctl disable iptables
systemctl disable ip6tables

# Download & Compile Samba4

First, install packages required by Samba4 for compile and install

yum install libacl-devel e2fsprogs-devel gnutls-devel readline-devel python-devel gdb pkgconfig gcc libblkid-devel zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel krb5-workstation perl openldap-devel bind bind-sdb

Download Samba4 latest update and put on folder /opt. Extract and install. Samba4 stable can be downloaded at this link https://ftp.samba.org/pub/samba/stable/ . When this article written, Samba4 stable is version 4.1.13

cd /opt
wget -c https://ftp.samba.org/pub/samba/stable/samba-4.1.13.tar.gz
tar -zxvf samba-4.1.13.tar.gz
cd samba-4.1.13
./configure.developer
make
make install

Please wait a minutes for installation complete

compiling samba4

# Provisioning Samba

After samba4 has been success compile and install, you can provisioning samba4 and make it as Active Directory. Provisioning is like dcpromo on Windows Server

Do the following command on samba4 server

/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive

Fill as the following example :

Realm : Your domain. Example IMANUDIN.NET
Domain : Your Workgroup (Usually domain name without TLD). Example IMANUDIN
Server Role : dc
DNS backend : BIND9_DLZ
Password : VerySecret123 (fill password with minimum length of 8 characters, 1 upper case, 1 lowercase and 1 number)

If you see the following process/info as below, your samba4 has been success provisioned

provisioning samba4

# Starting Samba4

For stop/starting samba4, you can manually run this command

starting

/usr/local/samba/sbin/samba

stopping

pkill samba

For automatic starting while booting, you can make init script and also for easy starting or stopping samba

vi /etc/rc.d/init.d/samba4

fill with the following line

#! /bin/bash
#
# samba4 Bring up/down samba4 service
#
# chkconfig: - 90 10
# description: Activates/Deactivates all samba4 interfaces configured to \
# start at boot time.
#
### BEGIN INIT INFO
# Provides:
# Should-Start:
# Short-Description: Bring up/down samba4
# Description: Bring up/down samba4
### END INIT INFO
# Source function library.
. /etc/init.d/functions

if [ -f /etc/sysconfig/samba4 ]; then
. /etc/sysconfig/samba4
fi

CWD=$(pwd)
prog="samba4"

start() {
# Attach irda device
echo -n $"Starting $prog: "
/usr/local/samba/sbin/samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi
echo
}
stop() {
# Stop service.
echo -n $"Shutting down $prog: "
killall samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi
echo
}
status() {
/usr/local/samba/sbin/samba --show-build
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status irattach
;;
restart|reload)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit 0

run the following command for activate

chmod 755 /etc/rc.d/init.d/samba4
chmod +x /etc/rc.d/init.d/samba4
ln -s /etc/rc.d/init.d/samba4 /etc/rc3.d/S80samba4
chkconfig --add samba4
chkconfig samba4 on
service samba4 restart

Test insert to folder share

/usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123

VerySecret123 is password while provsioning samba4. if success, console would be changed like : smb: \> :

samba4 inser folder share

Hooray, for this section, we have been success install samba4 as Active Directory. But we still need another configuration for integrated with samba such as DNS and would be explained on part 2.

Good luck and hopefully useful 😀

74 comments

  1. Hello, to run the “service Samba4 restart”, the following error appears:
    [root @ xxxx] # service Samba4 restart
    Restarting Samba4 (via systemctl): Job for samba4.service failed. See ‘systemctl status samba4.service’ and ‘journalctl -xn’ for details.
                                                                [FAILED]

      1. I’m also getting “Restarting samba4 (via systemctl): Job for samba4.service failed. See ‘systemctl status samba4.service’ and ‘journalctl -xn’ for details.”

        When I run “systemctl status samba4.service” I get

        samba4.service – LSB: Bring up/down samba4
        Loaded: loaded (/etc/rc.d/init.d/samba4)
        Active: failed (Result: exit-code) since Thu 2015-06-11 16:31:21 CDT; 30s ago
        Process: 13950 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=203/EXEC)

        Jun 11 16:31:21 geronimo3.hillcountry.local systemd[1]: samba4.service: control process exited, code=exited status=203
        Jun 11 16:31:21 geronimo3.hillcountry.local systemd[1]: Failed to start LSB: Bring up/down samba4.
        Jun 11 16:31:21 geronimo3.hillcountry.local systemd[1]: Unit samba4.service entered failed state.

        When I run “systemctl status samba4 and systemctl status samba4” I get

        [root@geronimo3 ~]# systemctl status samba4
        samba4.service – LSB: Bring up/down samba4
        Loaded: loaded (/etc/rc.d/init.d/samba4)
        Active: failed (Result: exit-code) since Thu 2015-06-11 16:33:17 CDT; 15s ago
        Process: 13957 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=203/EXEC)

        Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: Starting LSB: Bring up/down samba4…
        Jun 11 16:33:17 geronimo3.hillcountry.local systemd[13957]: Failed at step EXEC spawning /etc/rc.d/init.d/samba4: Exe…rror
        Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: samba4.service: control process exited, code=exited status=203
        Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: Failed to start LSB: Bring up/down samba4.
        Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: Unit samba4.service entered failed state.
        Hint: Some lines were ellipsized, use -l to show in full.
        [root@geronimo3 ~]# systemctl restart samba4
        Job for samba4.service failed. See ‘systemctl status samba4.service’ and ‘journalctl -xn’ for details.
        [root@geronimo3 ~]# systemctl status samba4
        samba4.service – LSB: Bring up/down samba4
        Loaded: loaded (/etc/rc.d/init.d/samba4)
        Active: failed (Result: exit-code) since Thu 2015-06-11 16:41:27 CDT; 10s ago
        Process: 14064 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=203/EXEC)

        Jun 11 16:41:27 geronimo3.hillcountry.local systemd[1]: samba4.service: control process exited, code=exited status=203
        Jun 11 16:41:27 geronimo3.hillcountry.local systemd[1]: Failed to start LSB: Bring up/down samba4.
        Jun 11 16:41:27 geronimo3.hillcountry.local systemd[1]: Unit samba4.service entered failed state.

        I really like your tutorial. I hope you can clear this up.

        1. Hi Carl,

          Please start Samba4 service with this command :

          /usr/local/samba/sbin/samba

          please check with ps ax command

          ps ax | grep samba

          Please let me know if you success starting Samba4 with above command

      2. hello Ahmad sir,

        i have done all configuration, but when i run following command it gives (NT_STATUS_CONNECTION_REFUSED) error.

        pls help me

        [root@PuneNapster samba-4.1.13]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%npst123

        Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

        [root@PuneNapster samba-4.1.13]# ps ax |grep samba

        22656 pts/0 S+ 0:00 grep –color=auto samba

        [root@PuneNapster samba-4.1.13]# kinit administrator

        kinit: Configuration file does not specify default realm when parsing name administrator

        [root@PuneNapster samba-4.1.13]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%npst123

        Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
        [root@PuneNapster samba-4.1.13]#

  2. Thanks for this awesome tutorial. However, I’m having problems when I Run /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%Need4pwd
    . I receive the following error “session setup failed: NT_STATUS_LOGON_FAILURE” that’s the correct password that I set up on domain provision.

    1. Hi Ron,

      Are you sure your Samba4 service has been started? please paste the result of the following command :

      service samba4 status
      ps ax | grep samba

  3. I’m having problems when I Run /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%Need4pwd

    [root@sambaad Desktop]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123
    session setup failed: NT_STATUS_LOGON_FAILURE

    1. Hi Venkat,

      How if test firstly using kinit? please run the following command :

      kinit administrator

      enter your password administrator

  4. Hello There

    [root@sambaad Desktop]# service samba4 status
    Samba version: 4.1.13
    Build environment:
    Build host: Linux sambaad 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
    Paths:
    BINDIR: /usr/local/samba/bin
    SBINDIR: /usr/local/samba/sbin
    CONFIGFILE: /usr/local/samba/etc/smb.conf
    NCALRPCDIR: /usr/local/samba/var/run/ncalrpc
    LOGFILEBASE: /usr/local/samba/var
    LMHOSTSFILE: /usr/local/samba/etc/lmhosts
    DATADIR: /usr/local/samba/share
    MODULESDIR: /usr/local/samba/lib
    LOCKDIR: /usr/local/samba/var/lock
    STATEDIR: /usr/local/samba/var/locks
    CACHEDIR: /usr/local/samba/var/cache
    PIDDIR: /usr/local/samba/var/run
    PRIVATE_DIR: /usr/local/samba/private
    CODEPAGEDIR: /usr/local/samba/share/codepages
    SETUPDIR: /usr/local/samba/share/setup
    WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd
    WINBINDD_PRIVILEGED_SOCKET_DIR: /usr/local/samba/var/lib/winbindd_privileged
    NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd
    [root@sambaad Desktop]# ps ax | grep samba
    632 ? Ss 0:00 avahi-daemon: running [sambaad.local]
    20072 ? Ss 0:00 /usr/local/samba/sbin/samba
    20074 ? S 0:00 /usr/local/samba/sbin/samba
    20075 ? S 0:00 /usr/local/samba/sbin/samba
    20076 ? S 0:00 /usr/local/samba/sbin/samba
    20077 ? S 0:00 /usr/local/samba/sbin/samba
    20078 ? S 0:00 /usr/local/samba/sbin/samba
    20079 ? S 0:00 /usr/local/samba/sbin/samba
    20080 ? S 0:00 /usr/local/samba/sbin/samba
    20081 ? S 0:00 /usr/local/samba/sbin/samba
    20082 ? S 0:00 /usr/local/samba/sbin/samba
    20083 ? S 0:00 /usr/local/samba/sbin/samba
    20084 ? Ss 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
    20085 ? S 0:00 /usr/local/samba/sbin/samba
    20086 ? S 0:00 /usr/local/samba/sbin/samba
    20089 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
    20137 pts/1 R+ 0:00 grep –color=auto samba
    [root@sambaad Desktop]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123
    session setup failed: NT_STATUS_LOGON_FAILURE

  5. Hello all,

    I’d like to know if it’s safe to leave disabled SELinux. I read on a lot of sites it isn’t it.
    How can I leave SELinux in a ADDC?

    1. Hi Gionata,

      Disabled SELinux is used while installation process. You can enable SELinux again after installation done

  6. boa noite… fiz conforme esta no tutorial… o unico inconveniente é na hora de conectar no servidor dns pelo manager do windows ele da a seguinte mensagem: serviço de active directory nao diponivel. alguma dica???

  7. Tengo instalado y funcionando el samba 4 en CentOS 7 con el DNS nativo.los usuarios
    se conectan al dominio delpri.edu.
    Nombre del servidor primaria.delpri.edu

    La mayoria de los usuarios entran sin problema a la unidad remota T:\\primaria.delpri.edu\home\user
    pero otras estaciones no tienen acceso a su unidad remota, se ha solucionado cambiando la ruta a
    T:\\primaria\home\user dentro de su perfil de usuario.

    Debido a que los usuarios utilizan aleatoriamente las estaciones no se puede modificar el perfil de la
    ruta a cada momento.

    Deseo saber si alguien tiene un problema similar y como resolverlo…

  8. I have installed and running CentOS Samba 4 in 7 with the users DNS nativo.
    delpri.edu they connect to the domain.
    Primaria.delpri.edu name server

    Most users enter without problem to the remote unit T: \\primaria.delpri.edu\home\user
    but other stations do not have access to your remote unit , it has been solved by changing the route
    T: \\primaria\home\user in your user profile .

    Because users use randomly stations can not change the profile
    route each time.

    I want to know if anyone has a similar problem and how to solve it …

  9. THANKS 🙂 🙂
    Everything works perfect but i cant have another samba host join the domain…Ihave tried everything in authconfig-tui but i keep getting error DC not found.
    Realmd can detect the domain but it cant also join it….
    Any insights pleaaaseee with sugar on top 🙂
    PS a windowsxp host managed to join but i was totally unable to logon with any user

  10. I have done all setting and also done part2. But I want to integrate windows 2012 AD active directory with samba4 and want to sync all AD user on samba4. Please help me and update the step. Thanku

  11. when i run chkconfig –add samba4
    it returns error messages saying
    service start samba4 does not support chkconfig.

    any help

  12. Terimakasih mas iman atas tutorialnya, oh iya saya error mas
    [root@samba4 /]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%password
    Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

    coba di kinit juga error
    [root@samba4 /]# kinit administrator
    kinit: Configuration file does not specify default realm when parsing name administrator

  13. [root@localhost samba-4.1.13]# systemctl status samba4
    ● samba4.service – LSB: Bring up/down samba4
    Loaded: loaded (/etc/rc.d/init.d/samba4)
    Active: active (exited) since Tue 2016-05-24 10:35:53 EDT; 3min 38s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 16398 ExecStop=/etc/rc.d/init.d/samba4 stop (code=exited, status=0/SUCCESS)
    Process: 16405 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=0/SUCCESS)

    May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987739, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
    May 24 10:35:51 localhost.localdomain samba[16415]: ldb: schema_load_init: dsdb_get_schema failed
    May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987759, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
    May 24 10:35:51 localhost.localdomain samba[16415]: ldb: module schema_load initialization failed : Operations error
    May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987779, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
    May 24 10:35:51 localhost.localdomain samba[16415]: ldb: module rootdse initialization failed : Operations error
    May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987797, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
    May 24 10:35:51 localhost.localdomain samba[16415]: ldb: module samba_dsdb initialization failed : Operations error
    May 24 10:35:53 localhost.localdomain samba4[16405]: Starting samba4: [FAILED]
    May 24 10:35:53 localhost.localdomain systemd[1]: Started LSB: Bring up/down samba4.

    please help me

  14. systemctl status samba4
    [2016/05/24 10:35:51.987797, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
    ldb: module samba_dsdb initialization failed : Operations error

  15. Hi iman, I have a question how can I visualize in a pc with windows 7 a web page that I have in Centos 7 but with my domain name I can watch it with the ip address of Centos 7 but when I put tescha.com it does not appear the web page please help me!!!

    1. Hi Edgar,

      Please make sure name tescha.com has known by name from client (Win 7). you can check with nslookup or ping the name from command line

      1. Hi Iman, I made a ping to tescha.com and the client found ot as well when I did nslookup it recognize me the domain but with the next data:
        Server: Unknown
        Address: fe:80::1

        Respuesta no autoritativa:
        Nombre: tescha.com
        Address: 78.46.37.188

        The ip address that the server i put is 192.168.1.10

        1. I also have the pc client joint to the domain but there was something interesting because when I tried to enter with tescha.com it didn’t let me join until i wrote tescha only with that

  16. Hi imán I did not do that because I have configured dhcp is it neccesary to do it? When I configured dhcp I put this:
    Subnet 192.168.1.0 netmask 255.255.255.0
    Range 192.168.1.11 192.168.1.100;
    Option domain-name-servers 192.168.1.10;
    Option domain-name “tescha.com”;
    Option routers 192.168.1.254;
    Option broadcast-address 192.168.1.255;
    Default lease-time 600;
    Max-lease-time 7200;

  17. Looking up IPv4 addresses
    More than one IPv4 address found. Using 192.168.100.145
    Looking up IPv6 addresses
    No IPv6 address will be assigned
    Setting up secrets.ldb
    Setting up the registry
    Setting up the privileges database
    Setting up idmap db
    Setting up SAM db
    Setting up sam.ldb partitions and settings
    Setting up sam.ldb rootDSE
    Pre-loading the Samba 4 and AD schema
    Adding DomainDN: DC=cafebazaar,DC=ir
    Adding configuration container
    Setting up sam.ldb schema
    Setting up sam.ldb configuration data
    Setting up display specifiers
    Modifying display specifiers
    Adding users container
    Modifying users container
    Adding computers container
    Modifying computers container
    Setting up sam.ldb data
    Setting up well known security principals
    Setting up sam.ldb users and groups
    ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2164
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
    return self.run(*args, **kwargs)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 401, in run
    use_rfc2307=use_rfc2307, skip_sysvolacl=False)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2160, in provision
    skip_sysvolacl=skip_sysvolacl)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1788, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1442, in fill_samdb
    “KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 50, in setup_add_ldif
    ldb.add_ldif(data, controls)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 224, in add_ldif
    self.add(msg, controls)

      1. I fixed this by editing /etc/krb5.conf before doing the provisioning:

        [libdefaults]
        default_realm = YOURDOMAIN.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true

  18. Hi iman,

    I have hit a wall… while installing the packages.

    I got a “No package setools-libs-python available”

    I can continue with the configuration. But knowing that I have failed in installing one package, this might create problems for me in the future.

    Though I am tempted to install the old version, It might create problems too.

    Would you have a work around for this?

    Thank you in advance

  19. The init.d script does not work for stopping the service if you used a minimum install for CentOS, because the “killall” command simply does not exist. You need to install the “psmisc” package,

    BC

  20. One last hurdle I need to take is the fact that self added shares do not have a “Security” tab when you try to manage them in Windows. The correct privilege has been giving to the Admin group though …

  21. Hi Team,

    We establish Samba domain controller in Debian samba version is 4.2.10 in that through windows RSAT tool we are controlling the samba domain controller
    I pushed Account lock out group policy through Gpo but that policy is not working
    same policy i tried in windows 2012 server ,2003 server its working fine

    please guide me on the above issue

    Thanks,
    Mano

  22. Have problem comes in Redhat Server 7. I am creating a domain controller with usiing samba 4.5.1
    Domain has been creating successful but when try to add
    host -t SRV _ldap_tcp.kplinus.com.
    host -t _kerberos._udp.kplinus.com.
    error reflected NXDOMAIN
    And kinit administrator@KPLINUS.COM.
    Error comes kint: cannot find KDC for realm “KPLINUS.com” While getting initial credentials.

    But My DNS [root@linus7 ~]# nslookup webmail.kplinus.com
    Server: 192.168.21.129
    Address: 192.168.21.129#53

    webmail.kplinus.com canonical name = linus7.kplinus.com.
    Name: linus7.kplinus.com
    Address: 192.168.21.129
    [root@linus7 ~]# host -t SRV _kerberos._udp.kplinus.com.
    Host _kerberos._udp.kplinus.com. not found: 3(NXDOMAIN)
    [root@linus7 ~]# kinit administrator@KPLINUS.COM.
    kinit: Cannot find KDC for realm “KPLINUS.COM.” while getting initial credential

  23. [root@linus7 ~]# service samba4 status
    Samba version: 4.5.1
    Build environment:
    Build host: Linux linus7.kplinus.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
    Paths:
    BINDIR: /usr/local/samba/bin
    SBINDIR: /usr/local/samba/sbin
    CONFIGFILE: /usr/local/samba/etc/smb.conf
    NCALRPCDIR: /usr/local/samba/var/run/ncalrpc
    LOGFILEBASE: /usr/local/samba/var
    LMHOSTSFILE: /usr/local/samba/etc/lmhosts
    DATADIR: /usr/local/samba/share
    MODULESDIR: /usr/local/samba/lib
    LOCKDIR: /usr/local/samba/var/lock
    STATEDIR: /usr/local/samba/var/locks
    CACHEDIR: /usr/local/samba/var/cache
    PIDDIR: /usr/local/samba/var/run
    PRIVATE_DIR: /usr/local/samba/private
    CODEPAGEDIR: /usr/local/samba/share/codepages
    SETUPDIR: /usr/local/samba/share/setup
    WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd
    WINBINDD_PRIVILEGED_SOCKET_DIR: /usr/local/samba/var/lib/winbindd_privileged
    NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd
    [root@linus7 ~]# ps ax | grep samba
    2374 ? Ss 0:00 /usr/local/samba/sbin/samba
    2530 ? S 0:00 /usr/local/samba/sbin/samba
    2531 ? S 0:01 /usr/local/samba/sbin/samba
    2532 ? S 0:00 /usr/local/samba/sbin/samba
    2533 ? S 0:00 /usr/local/samba/sbin/samba
    2534 ? Ss 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
    2535 ? S 0:01 /usr/local/samba/sbin/samba
    2536 ? S 0:00 /usr/local/samba/sbin/samba
    2537 ? S 0:00 /usr/local/samba/sbin/samba
    2538 ? S 0:00 /usr/local/samba/sbin/samba
    2539 ? S 0:00 /usr/local/samba/sbin/samba
    2540 ? S 0:00 /usr/local/samba/sbin/samba
    2541 ? Ss 0:00 /usr/local/samba/sbin/winbindd -D –option=server role check:inhibit=yes –foreground
    2542 ? S 0:00 /usr/local/samba/sbin/samba
    2543 ? S 0:00 /usr/local/samba/sbin/samba
    2544 ? S 0:00 /usr/local/samba/sbin/samba
    2547 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
    2548 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
    2549 ? S 0:00 /usr/local/samba/sbin/winbindd -D –option=server role check:inhibit=yes –foreground
    2551 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
    3983 pts/0 S+ 0:00 grep –color=auto samba
    root@linus#] vim /etc/krb5.conf
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    [libdefaults]
    default_realm = KPLINUS.COM
    dns_lookup_realm = false
    dns_lookup_kdc = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true

    [realms]
    KPLINUS.COM = {
    kdc = kerberos.kplinus.com
    admin_server = kerberos.kplinus.com
    }

    [domain_realm]
    .kplinus.com = KPLINUS.COM
    kplinus.com = KPLINUS.COM

  24. When i run: /usr/local/samba/bin/samba-tool domain provision –use-rfc2307 –interactive at the end of this process, the follow message is shown: Setting up sam.ldb users and groups
    ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:3132
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 176, in _run
    return self.run(*args, **kwargs)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 474, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2175, in provision
    skip_sysvolacl=skip_sysvolacl)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1787, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1447, in fill_samdb
    “KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 55, in setup_add_ldif
    ldb.add_ldif(data, controls)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 229, in add_ldif
    self.add(msg, controls)
    Could anyone help me, please!

  25. Hi Iman, me again I’m Edgar I have the next problem when I’m provisioning

    Looking up IPv4 addresses
    More than one IPv4 address found. Using 192.168.100.145
    Looking up IPv6 addresses
    No IPv6 address will be assigned
    Setting up secrets.ldb
    Setting up the registry
    Setting up the privileges database
    Setting up idmap db
    Setting up SAM db
    Setting up sam.ldb partitions and settings
    Setting up sam.ldb rootDSE
    Pre-loading the Samba 4 and AD schema
    Adding DomainDN: DC=cafebazaar,DC=ir
    Adding configuration container
    Setting up sam.ldb schema
    Setting up sam.ldb configuration data
    Setting up display specifiers
    Modifying display specifiers
    Adding users container
    Modifying users container
    Adding computers container
    Modifying computers container
    Setting up sam.ldb data
    Setting up well known security principals
    Setting up sam.ldb users and groups
    ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2164
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
    return self.run(*args, **kwargs)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 401, in run
    use_rfc2307=use_rfc2307, skip_sysvolacl=False)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2160, in provision
    skip_sysvolacl=skip_sysvolacl)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1788, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1442, in fill_samdb
    “KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 50, in setup_add_ldif
    ldb.add_ldif(data, controls)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 224, in add_ldif
    self.add(msg, controls)

  26. after running /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123

    i got this error: session setup failed:NT_STATUS_INVALID_SERVER_STATE

    it is urgent please help

  27. [root@test samba-4.1.13]# /usr/local/samba/bin/samba-tool domain provision –use-rfc2307 –interactive
    Realm: AMFINDIA.COM
    Domain [AMFINDIA]:
    Server Role (dc, member, standalone) [dc]:
    DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND_DLZ
    Administrator password:
    Retype password:
    Looking up IPv4 addresses
    More than one IPv4 address found. Using 192.168.1.101
    Looking up IPv6 addresses
    No IPv6 address will be assigned
    Setting up share.ldb
    Setting up secrets.ldb
    Setting up the registry
    Setting up the privileges database
    Setting up idmap db
    Setting up SAM db
    Setting up sam.ldb partitions and settings
    Setting up sam.ldb rootDSE
    Pre-loading the Samba 4 and AD schema
    Adding DomainDN: DC=amfindia,DC=com
    Adding configuration container
    Setting up sam.ldb schema
    Setting up sam.ldb configuration data
    Setting up display specifiers
    Modifying display specifiers
    Adding users container
    Modifying users container
    Adding computers container
    Modifying computers container
    Setting up sam.ldb data
    Setting up well known security principals
    Setting up sam.ldb users and groups
    ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2164
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
    return self.run(*args, **kwargs)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 401, in run
    use_rfc2307=use_rfc2307, skip_sysvolacl=False)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2160, in provision
    skip_sysvolacl=skip_sysvolacl)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1788, in provision_fill
    next_rid=next_rid, dc_rid=dc_rid)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1442, in fill_samdb
    “KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 50, in setup_add_ldif
    ldb.add_ldif(data, controls)
    File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 224, in add_ldif
    self.add(msg, controls)

    1. # rm /etc/krb5.conf
      # ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf

      you can use that coment to solve that problem

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.