NethServer Samba Domain Controller (obsolete)

This document is obsolete. The nethserver-dc package performs 
the configuration steps below automatically from the server-manager UI.

The nethserver-dc package runs a systemd-nspawn container with a vanilla Samba 4.3.4 inside of it. It downloads, installs, configures and runs the nsdc “machine”. It configures and provision an Active Directory domain controller based on Samba 4.3.4.

Random notes

Install nethserver-dc on a clean NethServer 7 alpha2

yum install --enablerepo=nethserver-testing nethserver-dc nethserver-base nethserver-sssd 

Configure a green bridge, say br0.

When started, the nsdc container will be bounded to that bridge. Other networking settings are available from nsdc configuration key.

# config show nsdc
# config show DomainName

In my configuration the default value for Domain is DPNET and the Realm is Default Domain and Realm should be good for most cases. Now I assign an IP address to the nsdc container and start it.

config setprop nsdc status enabled IpAddress IpMask
config setprop sssd Provider ad
signal-event nethserver-dc-save

The event expands the container network configuration and spawns a samba-tool domain provision process. Parameters are read from /var/lib/machines/nsdc/etc/sysconfig/samba-provision. Default password for the domain controller administrator account is Nethesis,1234.

After a few minutes the domain controller becomes responsive.

    host -t SRV _ldap._tcp.`config get DomainName` has SRV record 0 100 389

Here is the container host name. It is derived from the machine host name, by adding nsdc- prefix.

The nethserver-dc package also configures the dnsmasq service to forward DNS requests for the AD realm to the nsdc container.

journalctl -M nsdc

Add -f to follow the journal.

To join the Active Directory domain install realmd:

> /etc/sssd/sssd.conf
realm join `config get DomainName`
expand-template /etc/sssd/sssd.conf

Provide DC administrator's password


If everything goes well

     getent passwd administrator@`config get DomainName`*:261600500:261600513:Administrator:/home/   

Realmd writes a lot of informations on the system journal. See journalctl command.

Manipulate users with net command:

yum --enablerepo=nethserver-testing install nethserver-samba
config setprop smb ServerRole ADS
expand-template /etc/samba/smb.conf

net ads  info
net ads user add giacomo -U Administrator%Nethesis,1234
net ads password giacomo -U Administrator%Nethesis,1234

Enable the user:

systemd-run -M nsdc -t /bin/bash
samba-tool user enable giacomo

Install the latest nethserver-dc package

yum update nethserver-dc

Stop the nsdc container

systemctl stop nsdc

Install RPM updates

yum -y --installroot=/var/lib/machines/nsdc update /usr/lib/nethserver-dc/ns-samba-*.ns7.x86_64.rpm  \*

Start the container

systemctl start nsdc