I’ve been doing a fair amount of work lately setting up Samba4 domains and can tell you from experience that it can be a pain. I started out using 64 bit Debian 7 installer and compiling Samba4 from source. This method is frustrating to say the least, there is a lot to go wrong if you don’t have your methods down solid. After setting up a few domains this way, I began looking around for a better way. That better way is the Sernet Samba4 appliance, available at http://www.enterprisesamba.com/samba4app/
The Sernet appliance is built on Debian and works fairly well. The issues I ran into with the Sernet appliance .iso however made it impractical. I found that the .iso installer has issues with some non-free drivers (NIC drivers on my dell server), and with XENserver 6 (display issues and trouble with XORG). After fighting with the issues for a while and not making much headway I looked for another way. In my searching I found angryelectrons automate script available at http://angryelectron.com/samba4-notes/
I ran angryelectron’s script on a vanilla 32 bit Debian 7 install and it works without much fuss, both in xenserver and on bare metal. The only issues I’ve found is a real lack of documentation or forums regarding Sernet’s appliance as far as installing and configuring Samba4. Below are some useful things I found while setting things up that may be useful to others who want to try building their own Samba4 domain.
Running angryelectrons automate script will ask you a few basic questions about your domain. After running the script I checked DNS resolution for my domain server by running the following commands (swapping mydomain for what you named your domain in the setup):
#host -t SRV _ldap._tcp.mydomain.local.
result: _ldap._tcp.mydomain.local has SRV record 0 100 389 samba.mydomain.local.
#host -t A samba.mydomain.local.
result: samba.mydomain.local has address 192.168.1.10
Where I ran int trouble was with the Kerberos config. The automate script doesn’t seem to complete the Kerberos setup and when I ran:
#kinit administrator
I received an error that a KDC could not be found for the domain. Checking the Kerberos config:
#vi /etc/kerb5.conf
I found it was not fully configured with only the following in the file:
[libdefaults]
default_realm = MYDOMAIN.LOCAL
dns_lookup_kdc = true
dns_lookup_realm = false
To get the Kerberos setup completed I added the following lines to the bottom:
[realms]
MYDOMAIN.LOCAL = {
kdc = server.mydomain.local
default_domain = mydomain.local
}
[domain_realm]
.mydomain.local = MYDOMAIN.LOCAL
mydomain.local = MYDOMAIN.LOCAL
After adding those lines to my krb5.conf I got the expected output from:
result: Warning: Your password will expire in 41 days on Tue Mar 5 15:23:03 2013
From here its just a matter of editing your smb.conf to add shares and printing if you so desire. This is where I ran into another little hiccup that I couldn't find any documentation on, namely which smb.conf the Sernet appliance uses. I ran:
and got 4 or 5 files in response. After some trial and error I found the Sernet appliance uses the smb.conf located at:
and to restart the Sernet appliance Samba:
After these minor things I was able to get my Samba4 domain up and running in under 20 minutes, not bad for a free Active Directory domain. Once everything is up you can you the standard microsoft RSAT to add users, logon scripts, share permissions and all the usual fun stuff.