Show pagesourceOld revisionsBacklinksBack to top Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Yammer RedditRecent ChangesSend via e-MailPrintPermalink × # NethServer Samba Domain Controller (obsolete) This document is obsolete. The nethserver-dc package performs the configuration steps below automatically from the server-manager UI. The ``nethserver-dc`` package runs a ``systemd-nspawn`` container with a vanilla [Samba 4.3.4](https://www.samba.org/samba/history/samba-4.3.4.html) inside of it. It downloads, installs, configures and runs the ``nsdc`` “machine”. It configures and provision an Active Directory domain controller based on Samba 4.3.4. Random notes * [ns-samba on GitHub](https://github.com/nethserver/ns-samba) * [nethserver-dc](https://github.com/nethserver/nethserver-dc) ## Installation Install ``nethserver-dc`` on a clean NethServer 7 alpha2 yum install --enablerepo=nethserver-testing nethserver-dc nethserver-base nethserver-sssd Configure a green bridge, say ``br0``. When started, the ``nsdc`` container will be bounded to that bridge. Other networking settings are available from ``nsdc`` configuration key. ``` # config show nsdc nsdc=service IpAddress=192.168.122.55 IpMask=255.255.255.0 status=disabled # config show DomainName DomainName=dpnet.nethesis.it ``` In my configuration the default value for Domain is ``DPNET`` and the Realm is ``dpnet.nethesis.it``. Default Domain and Realm should be good for most cases. Now I assign an IP address to the ``nsdc`` container and start it. config setprop nsdc status enabled IpAddress 192.168.122.55 IpMask 255.255.255.0 config setprop sssd Provider ad signal-event nethserver-dc-save The event expands the container network configuration and spawns a ``samba-tool domain provision`` process. Parameters are read from ``/var/lib/machines/nsdc/etc/sysconfig/samba-provision``. Default password for the domain controller ``administrator`` account is ``Nethesis,1234``. After a few minutes the domain controller becomes responsive. ``` host -t SRV _ldap._tcp.`config get DomainName` _ldap._tcp.dpnet.nethesis.it has SRV record 0 100 389 nsdc-vm8.dpnet.nethesis.it. ``` Here ``nsdc-vm8.dpnet.nethesis.it`` is the container host name. It is derived from the machine host name, by adding ``nsdc-`` prefix. The ``nethserver-dc`` package also configures the ``dnsmasq`` service to forward DNS requests for the AD realm to the ``nsdc`` container. ## Container log ``` journalctl -M nsdc ``` Add ``-f`` to _follow_ the journal. ## Join the domain To join the Active Directory domain [install realmd](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/): ``` /etc/sssd/sssd.conf realm join `config get DomainName` expand-template /etc/sssd/sssd.conf ``` Provide DC administrator's password ``` Nethesis,1234 ``` If everything goes well ``` getent passwd administrator@`config get DomainName` administrator@dpnet.nethesis.it:*:261600500:261600513:Administrator:/home/administrator@dpnet.nethesis.it:/bin/bash ``` Realmd writes a lot of informations on the system journal. See ``journalctl`` command. ## User management Manipulate users with *net* command: ``` yum –enablerepo=nethserver-testing install nethserver-samba config setprop smb ServerRole ADS expand-template /etc/samba/smb.conf net ads info net ads user add giacomo -U Administrator%Nethesis,1234 net ads password giacomo -U Administrator%Nethesis,1234 ``` Enable the user: ``` systemd-run -M nsdc -t /bin/bash samba-tool user enable giacomo ``` ## Update the container Install the latest ``nethserver-dc`` package yum update nethserver-dc Stop the ``nsdc`` container systemctl stop nsdc Install RPM updates yum -y --installroot=/var/lib/machines/nsdc update /usr/lib/nethserver-dc/ns-samba-*.ns7.x86_64.rpm \* Start the container systemctl start nsdc developer, rpm, git, dev tips, obsolete samba_dc.txt Last modified: 2016/05/17 08:32by Davide Principi