What is Samba4? this is information about Samba4 from Samba.org
Samba4 is a massive reworking of the Samba 3 implementation, with a goal of providing full Active Directory, domain controller and file server support for all current Windows clients. What is Samba4 meant to accomplish? In simplest terms, Samba4 is an ambitious, yet achievable, reworking of the Samba code. Major features for Samba4 already include:
- Support for the ‘Active Directory’ logon and administration protocols that support Windows XP, Windows7, and Mac OS X clients
- Support for Group Policy definitions
- New ‘full coverage’ testsuites
- Full NTFS semantics for sharing backends
- An internal LDAP server, with AD semantics
- An internal Kerberos server, including PAC support
- Bind9 integration for AD DNS support (with DLS)
- Fully asynchronous internals
- Flexible process models
- Better scalability from micro to very large installations
- New RPC infrastructure (PIDL)
- A flexible database architecture (LDB)
- Python support – used extensively for client and management tools
- Generic security subsystem (GENSEC)
- Over 50% auto-generated code!
One of the goals of Samba4 is to implement an Active Directory compatible Domain Controller
On this section, i will explain how to Compile, Install and Provisioning Samba4 so that can used. For easy understanding, this is some information to known formerly.
Domain : imanudin.net Hostname : samba4 IP Address : 192.168.26.11
# Disable Selinux & Firewall
Open file /etc/sysconfig/selinux and change SELINUX=enforcing become SELINUX=disabled. Also disable some service such as iptables, ip6tables and firewalld.
setenforce 0 service firewalld stop service iptables stop service ip6tables stop systemctl disable firewalld systemctl disable iptables systemctl disable ip6tables
# Download & Compile Samba4
First, install packages required by Samba4 for compile and install
yum install libacl-devel e2fsprogs-devel gnutls-devel readline-devel python-devel gdb pkgconfig gcc libblkid-devel zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel krb5-workstation perl openldap-devel bind bind-sdb
Download Samba4 latest update and put on folder /opt. Extract and install. Samba4 stable can be downloaded at this link https://ftp.samba.org/pub/samba/stable/ . When this article written, Samba4 stable is version 4.1.13
cd /opt wget -c https://ftp.samba.org/pub/samba/stable/samba-4.1.13.tar.gz tar -zxvf samba-4.1.13.tar.gz cd samba-4.1.13 ./configure.developer make make install
Please wait a minutes for installation complete
# Provisioning Samba
After samba4 has been success compile and install, you can provisioning samba4 and make it as Active Directory. Provisioning is like dcpromo on Windows Server
Do the following command on samba4 server
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
Fill as the following example :
Realm : Your domain. Example IMANUDIN.NET Domain : Your Workgroup (Usually domain name without TLD). Example IMANUDIN Server Role : dc DNS backend : BIND9_DLZ Password : VerySecret123 (fill password with minimum length of 8 characters, 1 upper case, 1 lowercase and 1 number)
If you see the following process/info as below, your samba4 has been success provisioned
# Starting Samba4
For stop/starting samba4, you can manually run this command
starting
/usr/local/samba/sbin/samba
stopping
pkill samba
For automatic starting while booting, you can make init script and also for easy starting or stopping samba
vi /etc/rc.d/init.d/samba4
fill with the following line
#! /bin/bash # # samba4 Bring up/down samba4 service # # chkconfig: - 90 10 # description: Activates/Deactivates all samba4 interfaces configured to \ # start at boot time. # ### BEGIN INIT INFO # Provides: # Should-Start: # Short-Description: Bring up/down samba4 # Description: Bring up/down samba4 ### END INIT INFO # Source function library. . /etc/init.d/functions if [ -f /etc/sysconfig/samba4 ]; then . /etc/sysconfig/samba4 fi CWD=$(pwd) prog="samba4" start() { # Attach irda device echo -n $"Starting $prog: " /usr/local/samba/sbin/samba sleep 2 if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi echo } stop() { # Stop service. echo -n $"Shutting down $prog: " killall samba sleep 2 if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi echo } status() { /usr/local/samba/sbin/samba --show-build } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status irattach ;; restart|reload) stop start ;; *) echo $"Usage: $0 {start|stop|restart|status}" exit 1 esac exit 0
run the following command for activate
chmod 755 /etc/rc.d/init.d/samba4 chmod +x /etc/rc.d/init.d/samba4 ln -s /etc/rc.d/init.d/samba4 /etc/rc3.d/S80samba4 chkconfig --add samba4 chkconfig samba4 on service samba4 restart
Test insert to folder share
/usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123
VerySecret123 is password while provsioning samba4. if success, console would be changed like : smb: \> :
Hooray, for this section, we have been success install samba4 as Active Directory. But we still need another configuration for integrated with samba such as DNS and would be explained on part 2.
Good luck and hopefully useful 😀
Hello, to run the “service Samba4 restart”, the following error appears:
[root @ xxxx] # service Samba4 restart
Restarting Samba4 (via systemctl): Job for samba4.service failed. See ‘systemctl status samba4.service’ and ‘journalctl -xn’ for details.
[FAILED]
Hi Rafael,
Please try this command :
systemctl restart samba4
systemctl status samba4
I’m also getting “Restarting samba4 (via systemctl): Job for samba4.service failed. See ‘systemctl status samba4.service’ and ‘journalctl -xn’ for details.”
When I run “systemctl status samba4.service” I get
samba4.service – LSB: Bring up/down samba4
Loaded: loaded (/etc/rc.d/init.d/samba4)
Active: failed (Result: exit-code) since Thu 2015-06-11 16:31:21 CDT; 30s ago
Process: 13950 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=203/EXEC)
Jun 11 16:31:21 geronimo3.hillcountry.local systemd[1]: samba4.service: control process exited, code=exited status=203
Jun 11 16:31:21 geronimo3.hillcountry.local systemd[1]: Failed to start LSB: Bring up/down samba4.
Jun 11 16:31:21 geronimo3.hillcountry.local systemd[1]: Unit samba4.service entered failed state.
When I run “systemctl status samba4 and systemctl status samba4” I get
[root@geronimo3 ~]# systemctl status samba4
samba4.service – LSB: Bring up/down samba4
Loaded: loaded (/etc/rc.d/init.d/samba4)
Active: failed (Result: exit-code) since Thu 2015-06-11 16:33:17 CDT; 15s ago
Process: 13957 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=203/EXEC)
Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: Starting LSB: Bring up/down samba4…
Jun 11 16:33:17 geronimo3.hillcountry.local systemd[13957]: Failed at step EXEC spawning /etc/rc.d/init.d/samba4: Exe…rror
Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: samba4.service: control process exited, code=exited status=203
Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: Failed to start LSB: Bring up/down samba4.
Jun 11 16:33:17 geronimo3.hillcountry.local systemd[1]: Unit samba4.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
[root@geronimo3 ~]# systemctl restart samba4
Job for samba4.service failed. See ‘systemctl status samba4.service’ and ‘journalctl -xn’ for details.
[root@geronimo3 ~]# systemctl status samba4
samba4.service – LSB: Bring up/down samba4
Loaded: loaded (/etc/rc.d/init.d/samba4)
Active: failed (Result: exit-code) since Thu 2015-06-11 16:41:27 CDT; 10s ago
Process: 14064 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=203/EXEC)
Jun 11 16:41:27 geronimo3.hillcountry.local systemd[1]: samba4.service: control process exited, code=exited status=203
Jun 11 16:41:27 geronimo3.hillcountry.local systemd[1]: Failed to start LSB: Bring up/down samba4.
Jun 11 16:41:27 geronimo3.hillcountry.local systemd[1]: Unit samba4.service entered failed state.
I really like your tutorial. I hope you can clear this up.
Hi Carl,
Please start Samba4 service with this command :
/usr/local/samba/sbin/samba
please check with ps ax command
ps ax | grep samba
Please let me know if you success starting Samba4 with above command
can u help me i got error when i start samba service it always failed
Hi,
Can you give me more information like log, error log or something else?
hello Ahmad sir,
i have done all configuration, but when i run following command it gives (NT_STATUS_CONNECTION_REFUSED) error.
pls help me
[root@PuneNapster samba-4.1.13]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%npst123
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
[root@PuneNapster samba-4.1.13]# ps ax |grep samba
22656 pts/0 S+ 0:00 grep –color=auto samba
[root@PuneNapster samba-4.1.13]# kinit administrator
kinit: Configuration file does not specify default realm when parsing name administrator
[root@PuneNapster samba-4.1.13]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%npst123
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
[root@PuneNapster samba-4.1.13]#
Hello,
I think your password is not complexity. So that Samba refuse. Please try to change the password with complexity
are there need to configure dns server for samba4
Thanks for this awesome tutorial. However, I’m having problems when I Run /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%Need4pwd
. I receive the following error “session setup failed: NT_STATUS_LOGON_FAILURE” that’s the correct password that I set up on domain provision.
Hi Ron,
Are you sure your Samba4 service has been started? please paste the result of the following command :
service samba4 status
ps ax | grep samba
Hello there
Do you know when samba 4 would be added to the yum repo
of centos 7?
Thank you
Hi Yanni,
i don’t know. But you could check with yum info before installing Samba via YUM 😀
There’s already a repo for the 4.0, 4.1 and 4.2 branch. https://portal.enterprisesamba.com/
Hi Jonathan Montero,
Thanks for your information 😀
I’m having problems when I Run /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%Need4pwd
[root@sambaad Desktop]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123
session setup failed: NT_STATUS_LOGON_FAILURE
Hi Venkat,
How if test firstly using kinit? please run the following command :
kinit administrator
enter your password administrator
Hello There
[root@sambaad Desktop]# service samba4 status
Samba version: 4.1.13
Build environment:
Build host: Linux sambaad 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Paths:
BINDIR: /usr/local/samba/bin
SBINDIR: /usr/local/samba/sbin
CONFIGFILE: /usr/local/samba/etc/smb.conf
NCALRPCDIR: /usr/local/samba/var/run/ncalrpc
LOGFILEBASE: /usr/local/samba/var
LMHOSTSFILE: /usr/local/samba/etc/lmhosts
DATADIR: /usr/local/samba/share
MODULESDIR: /usr/local/samba/lib
LOCKDIR: /usr/local/samba/var/lock
STATEDIR: /usr/local/samba/var/locks
CACHEDIR: /usr/local/samba/var/cache
PIDDIR: /usr/local/samba/var/run
PRIVATE_DIR: /usr/local/samba/private
CODEPAGEDIR: /usr/local/samba/share/codepages
SETUPDIR: /usr/local/samba/share/setup
WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd
WINBINDD_PRIVILEGED_SOCKET_DIR: /usr/local/samba/var/lib/winbindd_privileged
NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd
[root@sambaad Desktop]# ps ax | grep samba
632 ? Ss 0:00 avahi-daemon: running [sambaad.local]
20072 ? Ss 0:00 /usr/local/samba/sbin/samba
20074 ? S 0:00 /usr/local/samba/sbin/samba
20075 ? S 0:00 /usr/local/samba/sbin/samba
20076 ? S 0:00 /usr/local/samba/sbin/samba
20077 ? S 0:00 /usr/local/samba/sbin/samba
20078 ? S 0:00 /usr/local/samba/sbin/samba
20079 ? S 0:00 /usr/local/samba/sbin/samba
20080 ? S 0:00 /usr/local/samba/sbin/samba
20081 ? S 0:00 /usr/local/samba/sbin/samba
20082 ? S 0:00 /usr/local/samba/sbin/samba
20083 ? S 0:00 /usr/local/samba/sbin/samba
20084 ? Ss 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
20085 ? S 0:00 /usr/local/samba/sbin/samba
20086 ? S 0:00 /usr/local/samba/sbin/samba
20089 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
20137 pts/1 R+ 0:00 grep –color=auto samba
[root@sambaad Desktop]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123
session setup failed: NT_STATUS_LOGON_FAILURE
Hello all,
I’d like to know if it’s safe to leave disabled SELinux. I read on a lot of sites it isn’t it.
How can I leave SELinux in a ADDC?
Hi Gionata,
Disabled SELinux is used while installation process. You can enable SELinux again after installation done
Great tutorial, i followed that, it has been worked. When The tutorial part2 established? I am waiting for that because i want develop active directory in my office with centos. Is it working if i follow your tutorial in http://ahmad.imanudin.com/2013/08/01/membangun-linux-active-directory-dengan-samba4-pada-ubuntu-bagian-1-konfigurasi-network-repository/?
Thank you.
Regards,
Arief
Hi Arief,
For part2, you can check at this link : https://imanudin.net/2014/11/17/how-to-install-samba4-active-directory-on-centos-7-part-2/
boa noite… fiz conforme esta no tutorial… o unico inconveniente é na hora de conectar no servidor dns pelo manager do windows ele da a seguinte mensagem: serviço de active directory nao diponivel. alguma dica???
Tengo instalado y funcionando el samba 4 en CentOS 7 con el DNS nativo.los usuarios
se conectan al dominio delpri.edu.
Nombre del servidor primaria.delpri.edu
La mayoria de los usuarios entran sin problema a la unidad remota T:\\primaria.delpri.edu\home\user
pero otras estaciones no tienen acceso a su unidad remota, se ha solucionado cambiando la ruta a
T:\\primaria\home\user dentro de su perfil de usuario.
Debido a que los usuarios utilizan aleatoriamente las estaciones no se puede modificar el perfil de la
ruta a cada momento.
Deseo saber si alguien tiene un problema similar y como resolverlo…
I have installed and running CentOS Samba 4 in 7 with the users DNS nativo.
delpri.edu they connect to the domain.
Primaria.delpri.edu name server
Most users enter without problem to the remote unit T: \\primaria.delpri.edu\home\user
but other stations do not have access to your remote unit , it has been solved by changing the route
T: \\primaria\home\user in your user profile .
Because users use randomly stations can not change the profile
route each time.
I want to know if anyone has a similar problem and how to solve it …
Hi,
How about if using domain instead of hostname? please try to use T:\\delpri.edu\home\user
THANKS 🙂 🙂
Everything works perfect but i cant have another samba host join the domain…Ihave tried everything in authconfig-tui but i keep getting error DC not found.
Realmd can detect the domain but it cant also join it….
Any insights pleaaaseee with sugar on top 🙂
PS a windowsxp host managed to join but i was totally unable to logon with any user
I have done all setting and also done part2. But I want to integrate windows 2012 AD active directory with samba4 and want to sync all AD user on samba4. Please help me and update the step. Thanku
Hi,
I do not have Windows 2012 AD. But you can try this guidance : https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
when i run chkconfig –add samba4
it returns error messages saying
service start samba4 does not support chkconfig.
any help
Hi Abass,
You can try to use this guidance to add service into systemctl : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Unit_Files.html
Terimakasih mas iman atas tutorialnya, oh iya saya error mas
[root@samba4 /]# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%password
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
coba di kinit juga error
[root@samba4 /]# kinit administrator
kinit: Configuration file does not specify default realm when parsing name administrator
Hi mas Dedy,
Pastikan services DNS dan konfigurasi Kerberos nya sudah OK mas.
[root@localhost samba-4.1.13]# systemctl status samba4
● samba4.service – LSB: Bring up/down samba4
Loaded: loaded (/etc/rc.d/init.d/samba4)
Active: active (exited) since Tue 2016-05-24 10:35:53 EDT; 3min 38s ago
Docs: man:systemd-sysv-generator(8)
Process: 16398 ExecStop=/etc/rc.d/init.d/samba4 stop (code=exited, status=0/SUCCESS)
Process: 16405 ExecStart=/etc/rc.d/init.d/samba4 start (code=exited, status=0/SUCCESS)
May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987739, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
May 24 10:35:51 localhost.localdomain samba[16415]: ldb: schema_load_init: dsdb_get_schema failed
May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987759, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
May 24 10:35:51 localhost.localdomain samba[16415]: ldb: module schema_load initialization failed : Operations error
May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987779, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
May 24 10:35:51 localhost.localdomain samba[16415]: ldb: module rootdse initialization failed : Operations error
May 24 10:35:51 localhost.localdomain samba[16415]: [2016/05/24 10:35:51.987797, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
May 24 10:35:51 localhost.localdomain samba[16415]: ldb: module samba_dsdb initialization failed : Operations error
May 24 10:35:53 localhost.localdomain samba4[16405]: Starting samba4: [FAILED]
May 24 10:35:53 localhost.localdomain systemd[1]: Started LSB: Bring up/down samba4.
please help me
Hi Silvar,
How about if starting Samba use this command?
Thankyou
systemctl status samba4
[2016/05/24 10:35:51.987797, 0] ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
ldb: module samba_dsdb initialization failed : Operations error
Hi iman, I have a question how can I visualize in a pc with windows 7 a web page that I have in Centos 7 but with my domain name I can watch it with the ip address of Centos 7 but when I put tescha.com it does not appear the web page please help me!!!
Hi Edgar,
Please make sure name tescha.com has known by name from client (Win 7). you can check with nslookup or ping the name from command line
Hi Iman, I made a ping to tescha.com and the client found ot as well when I did nslookup it recognize me the domain but with the next data:
Server: Unknown
Address: fe:80::1
Respuesta no autoritativa:
Nombre: tescha.com
Address: 78.46.37.188
The ip address that the server i put is 192.168.1.10
I also have the pc client joint to the domain but there was something interesting because when I tried to enter with tescha.com it didn’t let me join until i wrote tescha only with that
Hi Edgar,
Please see the example configuration on Windows Client : https://imanudin.net/2014/11/18/tips-join-windows-client-to-samba4-active-directory/.
Hi imán I did not do that because I have configured dhcp is it neccesary to do it? When I configured dhcp I put this:
Subnet 192.168.1.0 netmask 255.255.255.0
Range 192.168.1.11 192.168.1.100;
Option domain-name-servers 192.168.1.10;
Option domain-name “tescha.com”;
Option routers 192.168.1.254;
Option broadcast-address 192.168.1.255;
Default lease-time 600;
Max-lease-time 7200;
Looking up IPv4 addresses
More than one IPv4 address found. Using 192.168.100.145
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=cafebazaar,DC=ir
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2164
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 401, in run
use_rfc2307=use_rfc2307, skip_sysvolacl=False)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2160, in provision
skip_sysvolacl=skip_sysvolacl)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1788, in provision_fill
next_rid=next_rid, dc_rid=dc_rid)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1442, in fill_samdb
“KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 50, in setup_add_ldif
ldb.add_ldif(data, controls)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 224, in add_ldif
self.add(msg, controls)
I have the same issue ad Mohammed. I chose for the internal DNS server though.
I fixed this by editing /etc/krb5.conf before doing the provisioning:
[libdefaults]
default_realm = YOURDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
Hi Bart,
Thanks for your information. Glad to hear that 🙂
Hi iman,
I have hit a wall… while installing the packages.
I got a “No package setools-libs-python available”
I can continue with the configuration. But knowing that I have failed in installing one package, this might create problems for me in the future.
Though I am tempted to install the old version, It might create problems too.
Would you have a work around for this?
Thank you in advance
Hi Jun,
I don’t know if will problem on the future. Please always backup your Samba4 as preventive 😉
The init.d script does not work for stopping the service if you used a minimum install for CentOS, because the “killall” command simply does not exist. You need to install the “psmisc” package,
BC
Hi Bart,
Thanks for your information. Noted
One last hurdle I need to take is the fact that self added shares do not have a “Security” tab when you try to manage them in Windows. The correct privilege has been giving to the Admin group though …
Hi Bart,
Thanks for your information 🙂
The autostart on Samba 4.6.0rc4 works perfectly on CentOS 7.1611. Thanks!
Hi Team,
We establish Samba domain controller in Debian samba version is 4.2.10 in that through windows RSAT tool we are controlling the samba domain controller
I pushed Account lock out group policy through Gpo but that policy is not working
same policy i tried in windows 2012 server ,2003 server its working fine
please guide me on the above issue
Thanks,
Mano
Hi Mano,
Please try to reset sysvol by perform the following command
Have problem comes in Redhat Server 7. I am creating a domain controller with usiing samba 4.5.1
Domain has been creating successful but when try to add
host -t SRV _ldap_tcp.kplinus.com.
host -t _kerberos._udp.kplinus.com.
error reflected NXDOMAIN
And kinit administrator@KPLINUS.COM.
Error comes kint: cannot find KDC for realm “KPLINUS.com” While getting initial credentials.
But My DNS [root@linus7 ~]# nslookup webmail.kplinus.com
Server: 192.168.21.129
Address: 192.168.21.129#53
webmail.kplinus.com canonical name = linus7.kplinus.com.
Name: linus7.kplinus.com
Address: 192.168.21.129
[root@linus7 ~]# host -t SRV _kerberos._udp.kplinus.com.
Host _kerberos._udp.kplinus.com. not found: 3(NXDOMAIN)
[root@linus7 ~]# kinit administrator@KPLINUS.COM.
kinit: Cannot find KDC for realm “KPLINUS.COM.” while getting initial credential
Hi Abhi CN,
Are you have another separate DNS and use for Samba4 or use internal DNS of Samba4?
[root@linus7 ~]# service samba4 status
Samba version: 4.5.1
Build environment:
Build host: Linux linus7.kplinus.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
Paths:
BINDIR: /usr/local/samba/bin
SBINDIR: /usr/local/samba/sbin
CONFIGFILE: /usr/local/samba/etc/smb.conf
NCALRPCDIR: /usr/local/samba/var/run/ncalrpc
LOGFILEBASE: /usr/local/samba/var
LMHOSTSFILE: /usr/local/samba/etc/lmhosts
DATADIR: /usr/local/samba/share
MODULESDIR: /usr/local/samba/lib
LOCKDIR: /usr/local/samba/var/lock
STATEDIR: /usr/local/samba/var/locks
CACHEDIR: /usr/local/samba/var/cache
PIDDIR: /usr/local/samba/var/run
PRIVATE_DIR: /usr/local/samba/private
CODEPAGEDIR: /usr/local/samba/share/codepages
SETUPDIR: /usr/local/samba/share/setup
WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd
WINBINDD_PRIVILEGED_SOCKET_DIR: /usr/local/samba/var/lib/winbindd_privileged
NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd
[root@linus7 ~]# ps ax | grep samba
2374 ? Ss 0:00 /usr/local/samba/sbin/samba
2530 ? S 0:00 /usr/local/samba/sbin/samba
2531 ? S 0:01 /usr/local/samba/sbin/samba
2532 ? S 0:00 /usr/local/samba/sbin/samba
2533 ? S 0:00 /usr/local/samba/sbin/samba
2534 ? Ss 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
2535 ? S 0:01 /usr/local/samba/sbin/samba
2536 ? S 0:00 /usr/local/samba/sbin/samba
2537 ? S 0:00 /usr/local/samba/sbin/samba
2538 ? S 0:00 /usr/local/samba/sbin/samba
2539 ? S 0:00 /usr/local/samba/sbin/samba
2540 ? S 0:00 /usr/local/samba/sbin/samba
2541 ? Ss 0:00 /usr/local/samba/sbin/winbindd -D –option=server role check:inhibit=yes –foreground
2542 ? S 0:00 /usr/local/samba/sbin/samba
2543 ? S 0:00 /usr/local/samba/sbin/samba
2544 ? S 0:00 /usr/local/samba/sbin/samba
2547 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
2548 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
2549 ? S 0:00 /usr/local/samba/sbin/winbindd -D –option=server role check:inhibit=yes –foreground
2551 ? S 0:00 /usr/local/samba/sbin/smbd -D –option=server role check:inhibit=yes –foreground
3983 pts/0 S+ 0:00 grep –color=auto samba
root@linus#] vim /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = KPLINUS.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
KPLINUS.COM = {
kdc = kerberos.kplinus.com
admin_server = kerberos.kplinus.com
}
[domain_realm]
.kplinus.com = KPLINUS.COM
kplinus.com = KPLINUS.COM
donot WORK!!!!
Hello,
Could you inform me what and which configuration that did not work? 🙂
I hope i can help you 🙂
When i run: /usr/local/samba/bin/samba-tool domain provision –use-rfc2307 –interactive at the end of this process, the follow message is shown: Setting up sam.ldb users and groups
ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:3132
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 176, in _run
return self.run(*args, **kwargs)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 474, in run
nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2175, in provision
skip_sysvolacl=skip_sysvolacl)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1787, in provision_fill
next_rid=next_rid, dc_rid=dc_rid)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1447, in fill_samdb
“KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 55, in setup_add_ldif
ldb.add_ldif(data, controls)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 229, in add_ldif
self.add(msg, controls)
Could anyone help me, please!
Hi,
Please try to use strong password when asking password
Hi Iman, me again I’m Edgar I have the next problem when I’m provisioning
Looking up IPv4 addresses
More than one IPv4 address found. Using 192.168.100.145
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=cafebazaar,DC=ir
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2164
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 401, in run
use_rfc2307=use_rfc2307, skip_sysvolacl=False)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2160, in provision
skip_sysvolacl=skip_sysvolacl)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1788, in provision_fill
next_rid=next_rid, dc_rid=dc_rid)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1442, in fill_samdb
“KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 50, in setup_add_ldif
ldb.add_ldif(data, controls)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 224, in add_ldif
self.add(msg, controls)
Hello,
What’s your Samba version?
I’m using samba 4.1.13
Hi Edgar,
Okay, i will try in my lab
To fix it, please comment out the below line in /etc/krb5.conf.
——–
#includedir /etc/krb5.conf.d/
——–
Hi Chris Van,
Thanks for your help 🙂
after running /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123
i got this error: session setup failed:NT_STATUS_INVALID_SERVER_STATE
it is urgent please help
[root@test samba-4.1.13]# /usr/local/samba/bin/samba-tool domain provision –use-rfc2307 –interactive
Realm: AMFINDIA.COM
Domain [AMFINDIA]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND_DLZ
Administrator password:
Retype password:
Looking up IPv4 addresses
More than one IPv4 address found. Using 192.168.1.101
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=amfindia,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2164
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py”, line 401, in run
use_rfc2307=use_rfc2307, skip_sysvolacl=False)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 2160, in provision
skip_sysvolacl=skip_sysvolacl)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1788, in provision_fill
next_rid=next_rid, dc_rid=dc_rid)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py”, line 1442, in fill_samdb
“KRBTGTPASS_B64”: b64encode(krbtgtpass.encode(‘utf-16-le’))
File “/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py”, line 50, in setup_add_ldif
ldb.add_ldif(data, controls)
File “/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py”, line 224, in add_ldif
self.add(msg, controls)
# rm /etc/krb5.conf
# ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf
you can use that coment to solve that problem