# NethServer Samba Domain Controller (obsolete)

  This document is obsolete. The nethserver-dc package performs 
  the configuration steps below automatically from the server-manager UI.

The ``nethserver-dc`` package runs a ``systemd-nspawn`` container with a vanilla [Samba 4.3.4](https://www.samba.org/samba/history/samba-4.3.4.html) inside of it. It downloads, installs, configures and runs the ``nsdc`` “machine”. It configures and provision an Active Directory domain controller based on Samba 4.3.4.

Random notes

* [ns-samba on GitHub](https://github.com/nethserver/ns-samba) * [nethserver-dc](https://github.com/nethserver/nethserver-dc)

## Installation

Install ``nethserver-dc`` on a clean NethServer 7 alpha2

  yum install --enablerepo=nethserver-testing nethserver-dc nethserver-base nethserver-sssd 

Configure a green bridge, say ``br0``.

When started, the ``nsdc`` container will be bounded to that bridge. Other networking settings are available from ``nsdc`` configuration key.

``` # config show nsdc nsdc=service


# config show DomainName DomainName=dpnet.nethesis.it ```

In my configuration the default value for Domain is ``DPNET`` and the Realm is ``dpnet.nethesis.it``. Default Domain and Realm should be good for most cases. Now I assign an IP address to the ``nsdc`` container and start it.

  config setprop nsdc status enabled IpAddress IpMask
  config setprop sssd Provider ad
  signal-event nethserver-dc-save

The event expands the container network configuration and spawns a ``samba-tool domain provision`` process. Parameters are read from ``/var/lib/machines/nsdc/etc/sysconfig/samba-provision``. Default password for the domain controller ``administrator`` account is ``Nethesis,1234``.

After a few minutes the domain controller becomes responsive.


  host -t SRV _ldap._tcp.`config get DomainName` 

_ldap._tcp.dpnet.nethesis.it has SRV record 0 100 389 nsdc-vm8.dpnet.nethesis.it. ```

Here ``nsdc-vm8.dpnet.nethesis.it`` is the container host name. It is derived from the machine host name, by adding ``nsdc-`` prefix.

The ``nethserver-dc`` package also configures the ``dnsmasq`` service to forward DNS requests for the AD realm to the ``nsdc`` container.

## Container log

``` journalctl -M nsdc ```

Add ``-f`` to _follow_ the journal.

## Join the domain

To join the Active Directory domain [install realmd](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/):



realm join `config get DomainName` expand-template /etc/sssd/sssd.conf ```

Provide DC administrator's password

``` Nethesis,1234 ```

If everything goes well


   getent passwd administrator@`config get DomainName`

administrator@dpnet.nethesis.it:*:261600500:261600513:Administrator:/home/administrator@dpnet.nethesis.it:/bin/bash ```

Realmd writes a lot of informations on the system journal. See ``journalctl`` command.

## User management

Manipulate users with *net* command: ``` yum –enablerepo=nethserver-testing install nethserver-samba config setprop smb ServerRole ADS expand-template /etc/samba/smb.conf

net ads info net ads user add giacomo -U Administrator%Nethesis,1234 net ads password giacomo -U Administrator%Nethesis,1234 ```

Enable the user:

``` systemd-run -M nsdc -t /bin/bash samba-tool user enable giacomo ```

## Update the container

Install the latest ``nethserver-dc`` package

  yum update nethserver-dc

Stop the ``nsdc`` container

  systemctl stop nsdc

Install RPM updates

  yum -y --installroot=/var/lib/machines/nsdc update /usr/lib/nethserver-dc/ns-samba-*.ns7.x86_64.rpm  \*

Start the container

  systemctl start nsdc