File server questions

classic Classic list List threaded Threaded
44 messages Options
123
Reply | Threaded
Open this post in threaded view
|

File server questions

Samba - General mailing list
Good evening,

   I am trying to setup Samba as file server using this tutorial:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

   The version I am using is 4.6.7 from Van Belle's repo, on Debian
Stretch 9.1.

   I have a server subnet (192.168.13.x) and a client subnet
(192.168.11.x), currently, for testing purposes, the server is on the
same subnet as the clients. Will I have problems if after the tests I
move to the server subnet?

   Clients are Windows 10 x64 build 1703 and it seems Master Browser is
broken on this version as "net view" gives me error 2184.

   For my share structure I am thinking in dividing them in departments
(groups in this case):

- Commercial (/srv/data/commercial)

- Finances (/srv/data/finances)

- Production (/srv/data/production)

- Marketing (/srv/data/marketing)

   and so on.

   I can show all departments if needed, I need better ideas anyway, as
I can't figure out a way to give read/write access to a single folder
per department, if they need to exchange files for some reason.

   The only thing I've changed in smb.conf from the tutorial was adding
"name resolve order" and putting dns as first.

   Am I going in the right path here?

Regards,
   Flavio Silveira




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
On Tue, 29 Aug 2017 17:20:06 -0300
Flávio Silveira via samba <[hidden email]> wrote:

> Good evening,
>
>    I am trying to setup Samba as file server using this tutorial:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

Why ? your last post was about setting up an AD DC, see here for how
to setup a Unix domain member:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

>
>    The version I am using is 4.6.7 from Van Belle's repo, on Debian
> Stretch 9.1.
>
>    I have a server subnet (192.168.13.x) and a client subnet
> (192.168.11.x), currently, for testing purposes, the server is on the
> same subnet as the clients. Will I have problems if after the tests I
> move to the server subnet?

No, not if you set up a Unix domain member, in which case you will only
need the smb.conf and you can then just reuse this on all your unix
machines.

>
>    Clients are Windows 10 x64 build 1703 and it seems Master Browser
> is broken on this version as "net view" gives me error 2184.
>
>    For my share structure I am thinking in dividing them in
> departments (groups in this case):
>
> - Commercial (/srv/data/commercial)
>
> - Finances (/srv/data/finances)
>
> - Production (/srv/data/production)
>
> - Marketing (/srv/data/marketing)
>
>    and so on.
>
>    I can show all departments if needed, I need better ideas anyway,
> as I can't figure out a way to give read/write access to a single
> folder per department, if they need to exchange files for some reason.
>
>    The only thing I've changed in smb.conf from the tutorial was
> adding "name resolve order" and putting dns as first.

AD relies on dns so there is no need for that line in smb.conf

>
>    Am I going in the right path here?

No, probably not, you should set up a Unix domain member instead, by
trying to set up a standalone server, you are basically trying to set a
workgroup member.

If you do go down the 'workgroup' line, you will have to create the
groups in AD and on the standalone server, along with ALL the users.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
Hi Rowland,

On 29/08/2017 17:55, Rowland Penny via samba wrote:

> On Tue, 29 Aug 2017 17:20:06 -0300
> Flávio Silveira via samba <[hidden email]> wrote:
>
>> Good evening,
>>
>>     I am trying to setup Samba as file server using this tutorial:
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> Why ? your last post was about setting up an AD DC, see here for how
> to setup a Unix domain member:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

I think you are confusing me with someone else, my last post was
regarding running AD DC and File Server with the same Samba, no Unix at
all. Andrew answered it wasn't recommended, and as I am new, I have
decided to focus on the file server only, as it is what I need for now,
AD would be a plus.

>>     The version I am using is 4.6.7 from Van Belle's repo, on Debian
>> Stretch 9.1.
>>
>>     I have a server subnet (192.168.13.x) and a client subnet
>> (192.168.11.x), currently, for testing purposes, the server is on the
>> same subnet as the clients. Will I have problems if after the tests I
>> move to the server subnet?
> No, not if you set up a Unix domain member, in which case you will only
> need the smb.conf and you can then just reuse this on all your unix
> machines.

I don't have any Unix machine, the only machine I have runs Debian
Stretch 9.1.

>>     Clients are Windows 10 x64 build 1703 and it seems Master Browser
>> is broken on this version as "net view" gives me error 2184.
>>
>>     For my share structure I am thinking in dividing them in
>> departments (groups in this case):
>>
>> - Commercial (/srv/data/commercial)
>>
>> - Finances (/srv/data/finances)
>>
>> - Production (/srv/data/production)
>>
>> - Marketing (/srv/data/marketing)
>>
>>     and so on.
>>
>>     I can show all departments if needed, I need better ideas anyway,
>> as I can't figure out a way to give read/write access to a single
>> folder per department, if they need to exchange files for some reason.
>>
>>     The only thing I've changed in smb.conf from the tutorial was
>> adding "name resolve order" and putting dns as first.
> AD relies on dns so there is no need for that line in smb.conf

I don't have an AD, my network is a simple WORKGROUP, and I gave up the
idea of setting up both AD and File Server for now as I would need 2
machines, I only have one.

>
>>     Am I going in the right path here?
> No, probably not, you should set up a Unix domain member instead, by
> trying to set up a standalone server, you are basically trying to set a
> workgroup member.
>
> If you do go down the 'workgroup' line, you will have to create the
> groups in AD and on the standalone server, along with ALL the users.

So if I don't have an AD, I will just need to create the groups on the
standalone server, along with the users, correct?

I am guessing the wiki tutorial I am following (Setting up Samba as a
Standalone server) is to create a File Server, right?

Sorry for all this confusion.

> Rowland
>
>

Regards,
   Flavio Silveira

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
Hai,

If you have a small network, yes, a DC only is not recommended, but if configured correcly it works fine.
I see you have only one linux server, so i can assum only windows clients.
Then, i say yes, setup an AD DC as fileserver.

What i dont understand, yes, everybody even MS tells AD DC as fileserver is not recommended.
So why was there a MS SBS servers. ADDC, FILE SERVER, SQL, EXCHANGE.
Now you dont want SQL and Exchange on the same server and especialy not on the ADDC but i did deploy lots of them.
and if needed sql on separated server. ( most offices i did, did not use MS Sql.)

What im trying to say here.

If you have a small network, say max 50 users/computer, and not to many groups and nested groups.
Running ADDC als fileserver works fine.
I install AD DC as of 5-10 computers.
The why; it standarizes the setup more, so less problems or problems on all pc's.
And in my case much less problems.
So yes, setup AD DC, especialy if you have only windows clients.
Make life more easy.
The hard part, is the learning part if it,   ;-) and not running it.
Just start simple.


But thats just my opinion.

Greetz,

Louis



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 30 Aug 2017 10:04:18 -0300
Flávio Silveira via samba <[hidden email]> wrote:

> Hi Rowland,
>
> On 29/08/2017 17:55, Rowland Penny via samba wrote:
> > On Tue, 29 Aug 2017 17:20:06 -0300
> > Flávio Silveira via samba <[hidden email]> wrote:
> >
> >> Good evening,
> >>
> >>     I am trying to setup Samba as file server using this tutorial:
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
> > Why ? your last post was about setting up an AD DC, see here for how
> > to setup a Unix domain member:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> I think you are confusing me with someone else, my last post was
> regarding running AD DC and File Server with the same Samba, no Unix
> at all. Andrew answered it wasn't recommended, and as I am new, I
> have decided to focus on the file server only, as it is what I need
> for now, AD would be a plus.
>
> >>     The version I am using is 4.6.7 from Van Belle's repo, on
> >> Debian Stretch 9.1.
> >>
> >>     I have a server subnet (192.168.13.x) and a client subnet
> >> (192.168.11.x), currently, for testing purposes, the server is on
> >> the same subnet as the clients. Will I have problems if after the
> >> tests I move to the server subnet?
> > No, not if you set up a Unix domain member, in which case you will
> > only need the smb.conf and you can then just reuse this on all your
> > unix machines.
>
> I don't have any Unix machine, the only machine I have runs Debian
> Stretch 9.1.
>
> >>     Clients are Windows 10 x64 build 1703 and it seems Master
> >> Browser is broken on this version as "net view" gives me error
> >> 2184.
> >>
> >>     For my share structure I am thinking in dividing them in
> >> departments (groups in this case):
> >>
> >> - Commercial (/srv/data/commercial)
> >>
> >> - Finances (/srv/data/finances)
> >>
> >> - Production (/srv/data/production)
> >>
> >> - Marketing (/srv/data/marketing)
> >>
> >>     and so on.
> >>
> >>     I can show all departments if needed, I need better ideas
> >> anyway, as I can't figure out a way to give read/write access to a
> >> single folder per department, if they need to exchange files for
> >> some reason.
> >>
> >>     The only thing I've changed in smb.conf from the tutorial was
> >> adding "name resolve order" and putting dns as first.
> > AD relies on dns so there is no need for that line in smb.conf
>
> I don't have an AD, my network is a simple WORKGROUP, and I gave up
> the idea of setting up both AD and File Server for now as I would
> need 2 machines, I only have one.
>
> >
> >>     Am I going in the right path here?
> > No, probably not, you should set up a Unix domain member instead, by
> > trying to set up a standalone server, you are basically trying to
> > set a workgroup member.
> >
> > If you do go down the 'workgroup' line, you will have to create the
> > groups in AD and on the standalone server, along with ALL the users.
>
> So if I don't have an AD, I will just need to create the groups on
> the standalone server, along with the users, correct?
>
> I am guessing the wiki tutorial I am following (Setting up Samba as a
> Standalone server) is to create a File Server, right?
>
> Sorry for all this confusion.
>
> > Rowland
> >
> >
>
> Regards,
>    Flavio Silveira
>

No, it must be me getting confused, or is that more confused ;-)

How many users/computers do you have ?

If it is only a small number, then (whatever Andrew says) you can use a
Samba AD DC as a fileserver as well (it better be, Clearos use it as a
DC and fileserver).
It is better to use more than one DC with separate fileservers, but
sometimes you have to make do with what you have ;-)

The problem with setting up a standalone server is that you will need
to create any users and groups, that will connect from windows, on the
standalone server, this gives you multiple places to admin users and
groups. Workgroups do not scale well, especially if users move about
from computer to computer, this is the reason behind domains.

Just because Samba doesn't recommend using a DC as a fileserver,
doesn't mean you cannot do this.

For 'standalone server' read (in windows parlance) 'A PC that isn't
connected to a domain aka workgroup member)

Rowland
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hi Louis

On 30/08/2017 10:28, L.P.H. van Belle via samba wrote:
> Hai,

First I want to thank you for maintaining a debian repo with updated
packages, made my life much easier!

> If you have a small network, yes, a DC only is not recommended, but if configured correcly it works fine.
> I see you have only one linux server, so i can assum only windows clients.
> Then, i say yes, setup an AD DC as fileserver.

Do you have any pointers on which wiki tutorial I should follow to get
things started?

> What i dont understand, yes, everybody even MS tells AD DC as fileserver is not recommended.
> So why was there a MS SBS servers. ADDC, FILE SERVER, SQL, EXCHANGE.
> Now you dont want SQL and Exchange on the same server and especialy not on the ADDC but i did deploy lots of them.
> and if needed sql on separated server. ( most offices i did, did not use MS Sql.)
>
> What im trying to say here.
>
> If you have a small network, say max 50 users/computer, and not to many groups and nested groups.
> Running ADDC als fileserver works fine.
> I install AD DC as of 5-10 computers.
> The why; it standarizes the setup more, so less problems or problems on all pc's.
> And in my case much less problems.
> So yes, setup AD DC, especialy if you have only windows clients.
> Make life more easy.
> The hard part, is the learning part if it,   ;-) and not running it.
> Just start simple.
>
>
> But thats just my opinion.
>
> Greetz,
>
> Louis
>
>
>

Regards,
   Flavio Silveira

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list


On 30/08/2017 10:59, Rowland Penny via samba wrote:

> On Wed, 30 Aug 2017 10:04:18 -0300
> Flávio Silveira via samba <[hidden email]> wrote:
>
>> Hi Rowland,
>>
>> On 29/08/2017 17:55, Rowland Penny via samba wrote:
>>> On Tue, 29 Aug 2017 17:20:06 -0300
>>> Flávio Silveira via samba <[hidden email]> wrote:
>>>
>>>> Good evening,
>>>>
>>>>      I am trying to setup Samba as file server using this tutorial:
>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
>>> Why ? your last post was about setting up an AD DC, see here for how
>>> to setup a Unix domain member:
>>>
>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> I think you are confusing me with someone else, my last post was
>> regarding running AD DC and File Server with the same Samba, no Unix
>> at all. Andrew answered it wasn't recommended, and as I am new, I
>> have decided to focus on the file server only, as it is what I need
>> for now, AD would be a plus.
>>
>>>>      The version I am using is 4.6.7 from Van Belle's repo, on
>>>> Debian Stretch 9.1.
>>>>
>>>>      I have a server subnet (192.168.13.x) and a client subnet
>>>> (192.168.11.x), currently, for testing purposes, the server is on
>>>> the same subnet as the clients. Will I have problems if after the
>>>> tests I move to the server subnet?
>>> No, not if you set up a Unix domain member, in which case you will
>>> only need the smb.conf and you can then just reuse this on all your
>>> unix machines.
>> I don't have any Unix machine, the only machine I have runs Debian
>> Stretch 9.1.
>>
>>>>      Clients are Windows 10 x64 build 1703 and it seems Master
>>>> Browser is broken on this version as "net view" gives me error
>>>> 2184.
>>>>
>>>>      For my share structure I am thinking in dividing them in
>>>> departments (groups in this case):
>>>>
>>>> - Commercial (/srv/data/commercial)
>>>>
>>>> - Finances (/srv/data/finances)
>>>>
>>>> - Production (/srv/data/production)
>>>>
>>>> - Marketing (/srv/data/marketing)
>>>>
>>>>      and so on.
>>>>
>>>>      I can show all departments if needed, I need better ideas
>>>> anyway, as I can't figure out a way to give read/write access to a
>>>> single folder per department, if they need to exchange files for
>>>> some reason.
>>>>
>>>>      The only thing I've changed in smb.conf from the tutorial was
>>>> adding "name resolve order" and putting dns as first.
>>> AD relies on dns so there is no need for that line in smb.conf
>> I don't have an AD, my network is a simple WORKGROUP, and I gave up
>> the idea of setting up both AD and File Server for now as I would
>> need 2 machines, I only have one.
>>
>>>>      Am I going in the right path here?
>>> No, probably not, you should set up a Unix domain member instead, by
>>> trying to set up a standalone server, you are basically trying to
>>> set a workgroup member.
>>>
>>> If you do go down the 'workgroup' line, you will have to create the
>>> groups in AD and on the standalone server, along with ALL the users.
>> So if I don't have an AD, I will just need to create the groups on
>> the standalone server, along with the users, correct?
>>
>> I am guessing the wiki tutorial I am following (Setting up Samba as a
>> Standalone server) is to create a File Server, right?
>>
>> Sorry for all this confusion.
>>
>>> Rowland
>>>
>>>
>> Regards,
>>     Flavio Silveira
>>
> No, it must be me getting confused, or is that more confused ;-)
>
> How many users/computers do you have ?

About 30 users/computers, a bit less

> If it is only a small number, then (whatever Andrew says) you can use a
> Samba AD DC as a fileserver as well (it better be, Clearos use it as a
> DC and fileserver).
> It is better to use more than one DC with separate fileservers, but
> sometimes you have to make do with what you have ;-)

Indeed, in my case I only have poor PC hardware for now, maybe in the
future I will get better hardware with lots of processing power, so I
can have more VMs and then separate them.

> The problem with setting up a standalone server is that you will need
> to create any users and groups, that will connect from windows, on the
> standalone server, this gives you multiple places to admin users and
> groups. Workgroups do not scale well, especially if users move about
> from computer to computer, this is the reason behind domains.

When you say "multiple places to admin users and groups", what do you
mean? If I have only one standalone server, wouldn't it be the only
place to admin them?

The users tend to be static over here, but if they could move from
computer to computer it would be a nice thing to have.

> Just because Samba doesn't recommend using a DC as a fileserver,
> doesn't mean you cannot do this.
>
> For 'standalone server' read (in windows parlance) 'A PC that isn't
> connected to a domain aka workgroup member)

Got it, thanks!

> Rowland
>  
>

Regards,
   Flavio Silveira

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 30 Aug 2017 12:48:09 -0300
Flávio Silveira via samba <[hidden email]> wrote:

> Hi Louis
>
> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote:
> > Hai,
>
> First I want to thank you for maintaining a debian repo with updated
> packages, made my life much easier!
>
> > If you have a small network, yes, a DC only is not recommended, but
> > if configured correcly it works fine. I see you have only one linux
> > server, so i can assum only windows clients. Then, i say yes, setup
> > an AD DC as fileserver.
>
> Do you have any pointers on which wiki tutorial I should follow to
> get things started?
>

Follow the DC wiki page:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

There is even a section: Using the Domain Controller as a File Server

This will send you to:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Where you will need to read this section:

Configuring the Name Service Switch

Which will refer you to:

https://wiki.samba.org/index.php/Libnss_winbind_Links

This will tell you how to set up the libnns_winbind links

Having said all that, you can do it all by installing

samba attr winbind libpam-winbind libpam-krb5 libnss-winbind
krb5-config krb5-user ntp dnsutils ldb-tools

set up ntp as per the wiki:

https://wiki.samba.org/index.php/Time_Synchronisation

provision the domain, run 'pam-auth-update' ensure everything is
checked and tab to <OK> and press enter, now start 'samba'

It should just work.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 30 Aug 2017 12:54:10 -0300
Flávio Silveira via samba <[hidden email]> wrote:

> > How many users/computers do you have ?
>
> About 30 users/computers, a bit less

One DC should cope with that

>
> > If it is only a small number, then (whatever Andrew says) you can
> > use a Samba AD DC as a fileserver as well (it better be, Clearos
> > use it as a DC and fileserver).
> > It is better to use more than one DC with separate fileservers, but
> > sometimes you have to make do with what you have ;-)
>
> Indeed, in my case I only have poor PC hardware for now, maybe in the
> future I will get better hardware with lots of processing power, so I
> can have more VMs and then separate them.

As I said, sometimes you have to make do with what you have.

>
> > The problem with setting up a standalone server is that you will
> > need to create any users and groups, that will connect from
> > windows, on the standalone server, this gives you multiple places
> > to admin users and groups. Workgroups do not scale well, especially
> > if users move about from computer to computer, this is the reason
> > behind domains.
>
> When you say "multiple places to admin users and groups", what do you
> mean? If I have only one standalone server, wouldn't it be the only
> place to admin them?

OK, I will try to explain this:
If your users move from computer to computer, they will need to to be
created on ALL computers they will actually use, the same goes for
groups. You are now saying, lets create a standalone fileserver, all
your users and groups will need to be created on the fileserver, both
as Unix users & groups and as Samba users & groups. If that wasn't bad
enough, Whilst the user could have different password on each computer
they log into, this would only allow them to log into that computer, if
they tried to connect to another computer they can log into, they would
be denied because they use a different password on that computer. You
wouldn't want that, so you make them use the same password everywhere,
with me so far ?
Now, a user decides to change their password (or you make them), this
means they have to go to every computer (including your fileserver) and
change the password.

Compare this with an AD domain, all the user information is stored in
AD and so there is only place to change the password, only one place to
create users, you can disable users everywhere by disabling them in
just one place, you can use GPOs I could go on, but I think you get the
point (or at least I hope you do), using AD is just so much easier ;-)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list


On 30/08/2017 13:16, Rowland Penny via samba wrote:

> On Wed, 30 Aug 2017 12:48:09 -0300
> Flávio Silveira via samba <[hidden email]> wrote:
>
>> Hi Louis
>>
>> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote:
>>> Hai,
>> First I want to thank you for maintaining a debian repo with updated
>> packages, made my life much easier!
>>
>>> If you have a small network, yes, a DC only is not recommended, but
>>> if configured correcly it works fine. I see you have only one linux
>>> server, so i can assum only windows clients. Then, i say yes, setup
>>> an AD DC as fileserver.
>> Do you have any pointers on which wiki tutorial I should follow to
>> get things started?
>>
> Follow the DC wiki page:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>
> There is even a section: Using the Domain Controller as a File Server
>
> This will send you to:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Where you will need to read this section:
>
> Configuring the Name Service Switch
>
> Which will refer you to:
>
> https://wiki.samba.org/index.php/Libnss_winbind_Links
>
> This will tell you how to set up the libnns_winbind links
>
> Having said all that, you can do it all by installing
>
> samba attr winbind libpam-winbind libpam-krb5 libnss-winbind
> krb5-config krb5-user ntp dnsutils ldb-tools
>
> set up ntp as per the wiki:
>
> https://wiki.samba.org/index.php/Time_Synchronisation
>
> provision the domain, run 'pam-auth-update' ensure everything is
> checked and tab to <OK> and press enter, now start 'samba'
>
> It should just work.
>
> Rowland
>

I can't thank you enough for this, great walk through!

I will probably have more questions during the setup, but I have only
one left for now:

Will it create any issues if I do it within the current network or do
you recommend doing in network lab?

Regards,
   Flavio Silveira


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
On Wed, 30 Aug 2017 14:12:09 -0300
Flávio Silveira via samba <[hidden email]> wrote:

>
>
> On 30/08/2017 13:16, Rowland Penny via samba wrote:
> > On Wed, 30 Aug 2017 12:48:09 -0300
> > Flávio Silveira via samba <[hidden email]> wrote:
> >
> >> Hi Louis
> >>
> >> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote:
> >>> Hai,
> >> First I want to thank you for maintaining a debian repo with
> >> updated packages, made my life much easier!
> >>
> >>> If you have a small network, yes, a DC only is not recommended,
> >>> but if configured correcly it works fine. I see you have only one
> >>> linux server, so i can assum only windows clients. Then, i say
> >>> yes, setup an AD DC as fileserver.
> >> Do you have any pointers on which wiki tutorial I should follow to
> >> get things started?
> >>
> > Follow the DC wiki page:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> >
> > There is even a section: Using the Domain Controller as a File
> > Server
> >
> > This will send you to:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
> > Where you will need to read this section:
> >
> > Configuring the Name Service Switch
> >
> > Which will refer you to:
> >
> > https://wiki.samba.org/index.php/Libnss_winbind_Links
> >
> > This will tell you how to set up the libnns_winbind links
> >
> > Having said all that, you can do it all by installing
> >
> > samba attr winbind libpam-winbind libpam-krb5 libnss-winbind
> > krb5-config krb5-user ntp dnsutils ldb-tools
> >
> > set up ntp as per the wiki:
> >
> > https://wiki.samba.org/index.php/Time_Synchronisation
> >
> > provision the domain, run 'pam-auth-update' ensure everything is
> > checked and tab to <OK> and press enter, now start 'samba'
> >
> > It should just work.
> >
> > Rowland
> >
>
> I can't thank you enough for this, great walk through!

No problem.

>
> I will probably have more questions during the setup, but I have only
> one left for now:

Any questions, just ask, the only stupid question is the one you don't
ask ;-)

>
> Will it create any issues if I do it within the current network or do
> you recommend doing in network lab?
>

I would do a test run first, that way, if there are any questions,
you can ask them and errors wont affect anything.

There is just one thing I missed, you will probably want homedirs for
the users, to get them created automatically the first time a user
connects, you will need to add this line to /etc/pam.d/common-session

session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list


On 30/08/2017 14:36, Rowland Penny via samba wrote:

> On Wed, 30 Aug 2017 14:12:09 -0300
> Flávio Silveira via samba <[hidden email]> wrote:
>
>>
>> On 30/08/2017 13:16, Rowland Penny via samba wrote:
>>> On Wed, 30 Aug 2017 12:48:09 -0300
>>> Flávio Silveira via samba <[hidden email]> wrote:
>>>
>>>> Hi Louis
>>>>
>>>> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote:
>>>>> Hai,
>>>> First I want to thank you for maintaining a debian repo with
>>>> updated packages, made my life much easier!
>>>>
>>>>> If you have a small network, yes, a DC only is not recommended,
>>>>> but if configured correcly it works fine. I see you have only one
>>>>> linux server, so i can assum only windows clients. Then, i say
>>>>> yes, setup an AD DC as fileserver.
>>>> Do you have any pointers on which wiki tutorial I should follow to
>>>> get things started?
>>>>
>>> Follow the DC wiki page:
>>>
>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>>>
>>> There is even a section: Using the Domain Controller as a File
>>> Server
>>>
>>> This will send you to:
>>>
>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>>>
>>> Where you will need to read this section:
>>>
>>> Configuring the Name Service Switch
>>>
>>> Which will refer you to:
>>>
>>> https://wiki.samba.org/index.php/Libnss_winbind_Links
>>>
>>> This will tell you how to set up the libnns_winbind links
>>>
>>> Having said all that, you can do it all by installing
>>>
>>> samba attr winbind libpam-winbind libpam-krb5 libnss-winbind
>>> krb5-config krb5-user ntp dnsutils ldb-tools
>>>
>>> set up ntp as per the wiki:
>>>
>>> https://wiki.samba.org/index.php/Time_Synchronisation
>>>
>>> provision the domain, run 'pam-auth-update' ensure everything is
>>> checked and tab to <OK> and press enter, now start 'samba'
>>>
>>> It should just work.
>>>
>>> Rowland
>>>
>> I can't thank you enough for this, great walk through!
> No problem.
>
>> I will probably have more questions during the setup, but I have only
>> one left for now:
> Any questions, just ask, the only stupid question is the one you don't
> ask ;-)
>
>> Will it create any issues if I do it within the current network or do
>> you recommend doing in network lab?
>>
> I would do a test run first, that way, if there are any questions,
> you can ask them and errors wont affect anything.
>
> There is just one thing I missed, you will probably want homedirs for
> the users, to get them created automatically the first time a user
> connects, you will need to add this line to /etc/pam.d/common-session
>
> session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
>
> Rowland
>
>
>

As suggested I am reading
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller 
and https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ

As Active Directory Naming seem very important, I want to do it right.

My company domain is tecnopon.com.br but it is not hosted by me, it is
hosted by a hosting company.

After reading Active Directory Naming FAQ, if I understand what I have
read, I can use ad.tecnopon.com.br and I won't need to change any DNS
zone files as it will only be used internally. Am I correct?

Regards,
   Flavio Silveira


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
Yes, correct.

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Flávio Silveira via samba
> Verzonden: maandag 11 september 2017 15:41
> Aan: Rowland Penny; [hidden email]
> Onderwerp: Re: [Samba] File server questions
>
>
>
> On 30/08/2017 14:36, Rowland Penny via samba wrote:
> > On Wed, 30 Aug 2017 14:12:09 -0300
> > Flávio Silveira via samba <[hidden email]> wrote:
> >
> >>
> >> On 30/08/2017 13:16, Rowland Penny via samba wrote:
> >>> On Wed, 30 Aug 2017 12:48:09 -0300
> >>> Flávio Silveira via samba <[hidden email]> wrote:
> >>>
> >>>> Hi Louis
> >>>>
> >>>> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote:
> >>>>> Hai,
> >>>> First I want to thank you for maintaining a debian repo with
> >>>> updated packages, made my life much easier!
> >>>>
> >>>>> If you have a small network, yes, a DC only is not recommended,
> >>>>> but if configured correcly it works fine. I see you
> have only one
> >>>>> linux server, so i can assum only windows clients. Then, i say
> >>>>> yes, setup an AD DC as fileserver.
> >>>> Do you have any pointers on which wiki tutorial I should
> follow to
> >>>> get things started?
> >>>>
> >>> Follow the DC wiki page:
> >>>
> >>>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Direc
> >>> tory_Domain_Controller
> >>>
> >>> There is even a section: Using the Domain Controller as a File
> >>> Server
> >>>
> >>> This will send you to:
> >>>
> >>>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >>>
> >>> Where you will need to read this section:
> >>>
> >>> Configuring the Name Service Switch
> >>>
> >>> Which will refer you to:
> >>>
> >>> https://wiki.samba.org/index.php/Libnss_winbind_Links
> >>>
> >>> This will tell you how to set up the libnns_winbind links
> >>>
> >>> Having said all that, you can do it all by installing
> >>>
> >>> samba attr winbind libpam-winbind libpam-krb5 libnss-winbind
> >>> krb5-config krb5-user ntp dnsutils ldb-tools
> >>>
> >>> set up ntp as per the wiki:
> >>>
> >>> https://wiki.samba.org/index.php/Time_Synchronisation
> >>>
> >>> provision the domain, run 'pam-auth-update' ensure everything is
> >>> checked and tab to <OK> and press enter, now start 'samba'
> >>>
> >>> It should just work.
> >>>
> >>> Rowland
> >>>
> >> I can't thank you enough for this, great walk through!
> > No problem.
> >
> >> I will probably have more questions during the setup, but
> I have only
> >> one left for now:
> > Any questions, just ask, the only stupid question is the
> one you don't
> > ask ;-)
> >
> >> Will it create any issues if I do it within the current
> network or do
> >> you recommend doing in network lab?
> >>
> > I would do a test run first, that way, if there are any
> questions, you
> > can ask them and errors wont affect anything.
> >
> > There is just one thing I missed, you will probably want
> homedirs for
> > the users, to get them created automatically the first time a user
> > connects, you will need to add this line to
> /etc/pam.d/common-session
> >
> > session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
> >
> > Rowland
> >
> >
> >
>
> As suggested I am reading
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> _Directory_Domain_Controller
> and https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ
>
> As Active Directory Naming seem very important, I want to do it right.
>
> My company domain is tecnopon.com.br but it is not hosted by
> me, it is hosted by a hosting company.
>
> After reading Active Directory Naming FAQ, if I understand
> what I have read, I can use ad.tecnopon.com.br and I won't
> need to change any DNS zone files as it will only be used
> internally. Am I correct?
>
> Regards,
>    Flavio Silveira
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 11 Sep 2017 10:40:50 -0300
Flávio Silveira <[hidden email]> wrote:

> My company domain is tecnopon.com.br but it is not hosted by me, it
> is hosted by a hosting company.
>
> After reading Active Directory Naming FAQ, if I understand what I
> have read, I can use ad.tecnopon.com.br and I won't need to change
> any DNS zone files as it will only be used internally. Am I correct?
>

Well, yes and no ;-)

When you provision your AD domain, you will get DNS records for
'ad.tecnopon.com.br' created in AD, you should get your domain members
to use the AD DC as their nameserver and set the DC to forward anything
else to your existing domains nameserver.

To put it it another way, create your AD domain as a subdomain of
'tecnopon.com.br', use the DC as the nameserver for the subdomain and
your domain for every thing else.

HTH

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list


On 11/09/2017 12:14, Rowland Penny via samba wrote:

> On Mon, 11 Sep 2017 10:40:50 -0300
> Flávio Silveira <[hidden email]> wrote:
>
>> My company domain is tecnopon.com.br but it is not hosted by me, it
>> is hosted by a hosting company.
>>
>> After reading Active Directory Naming FAQ, if I understand what I
>> have read, I can use ad.tecnopon.com.br and I won't need to change
>> any DNS zone files as it will only be used internally. Am I correct?
>>
> Well, yes and no ;-)
>
> When you provision your AD domain, you will get DNS records for
> 'ad.tecnopon.com.br' created in AD, you should get your domain members
> to use the AD DC as their nameserver and set the DC to forward anything
> else to your existing domains nameserver.
>
> To put it it another way, create your AD domain as a subdomain of
> 'tecnopon.com.br', use the DC as the nameserver for the subdomain and
> your domain for every thing else.
>
> HTH
>
> Rowland
>
>

My question is actually if I have to deal with the hosting company DNS
zones or not, because 'tecnopon.com.br' is hosted there, my guess,
giving Louis's answer and yours, is I don't need to.

Also, I am currently using a DHCP Server to give static IPs based on mac
address, I guess I don't need to set the ip manually if I use something
like "method 3" described in [1] to prevent /etc/resolv.conf updates,
what do you think?

[1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
On Mon, 11 Sep 2017 13:08:16 -0300
Flávio Silveira via samba <[hidden email]> wrote:

> My question is actually if I have to deal with the hosting company
> DNS zones or not, because 'tecnopon.com.br' is hosted there, my
> guess, giving Louis's answer and yours, is I don't need to.

As you will only be forwarding unknown requests (such as
www.google.com) to your hosting company, you do not have to deal with
their dns servers at all.

>
> Also, I am currently using a DHCP Server to give static IPs based on
> mac address, I guess I don't need to set the ip manually if I use
> something like "method 3" described in [1] to
> prevent /etc/resolv.conf updates, what do you think?
>
> [1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
>

Never really understood using dhcp for fixed ipaddresses, well
possibly for one or two machines, but even then, what is the point ?
I would give a fixed IP to all the machines that should have one
(servers, printers etc). Then for any other machines that can and
should have a dhcp IP (laptops etc), create a pool based around the
fixed machines. This way, you can tell, just from the IP, just what
the machine is likely to be.

Rowland
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Rowland Penny via samba
> Verzonden: maandag 11 september 2017 18:50
> Aan: [hidden email]
> Onderwerp: Re: [Samba] File server questions
>
> On Mon, 11 Sep 2017 13:08:16 -0300
> Flávio Silveira via samba <[hidden email]> wrote:
>
> > My question is actually if I have to deal with the hosting
> company DNS
> > zones or not, because 'tecnopon.com.br' is hosted there, my guess,
> > giving Louis's answer and yours, is I don't need to.
>
> As you will only be forwarding unknown requests (such as
> www.google.com) to your hosting company, you do not have to
> deal with their dns servers at all.
>
> >
> > Also, I am currently using a DHCP Server to give static IPs
> based on
> > mac address, I guess I don't need to set the ip manually if I use
> > something like "method 3" described in [1] to prevent
> /etc/resolv.conf
> > updates, what do you think?
> >
> > [1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
> >
>
> Never really understood using dhcp for fixed ipaddresses,
> well possibly for one or two machines, but even then, what is
> the point ?
> I would give a fixed IP to all the machines that should have
> one (servers, printers etc). Then for any other machines that
> can and should have a dhcp IP (laptops etc), create a pool
> based around the fixed machines. This way, you can tell, just
> from the IP, just what the machine is likely to be.
>
> Rowland
>  
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

When i look at that link, https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf 
Then only option 1 is the "real" correct one. Imho.
Option 2, and options 3 are masking a configuration errors.

If you want to use dhcp with servers, sure possible, no problem at all, but not recommended.
Now have a look at : /etc/dhcp/dhclient.conf

That shows, something like this ( the default on debian )

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, domain-name-servers, domain-search, host-name,
        dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
        netbios-name-servers, netbios-scope, interface-mtu,
        rfc3442-classless-static-routes, ntp-servers;

DHCP Server requests. : ( involving your points. )
 domain-name, domain-name-servers, domain-search
( ntp-servers and time-offset are also very important )

As long as the dhcp server sends the correct info here, you resolv.conf is always correct.
The search setting should be : ad.tecnopon.com.br
You need the domain-name so you have the correct zone for name server changes. (ad.tecnopon.com.br)
You need the domain-search so you can resolv hostname -s and hostname -f within the same domain. (ad.tecnopon.com.br)

If you also use resolvconf then add the needed options, for example if you have a proxy server with bind,
Then resolvconf is the best options, because you can add named_options and named_zones,
Which can be handy for the external zones. ( you can add a forward zone in bind for the internet zone.)
Should not be needed but also here, can be handy, this all depending on you setup.

But key here is, if you rebooted you server and your resolv.conf settings are wrong, then you have a setting in dhcp thats incorrect.
( or if resolvconf is installed, review /etc/network/interfaces ( missing dns-
Since you have ips assigned by mac, review that config.
Look in this file : cat /var/lib/dhcp/dhclient.eth0.leases
( if you interface is eth0, change to your interface name. )

And i agree with Rowland's suggestion to create pools, that makes is much better to handle these settings.
So i suggest, review you dhcp server settings and dhcp client settings.
That is, imo, the correct way to set this up. ( If you must use the dhcp server for the members. )
This wil also hold for the long run.



Greetz,

Louis



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list


Em 12/09/2017 04:32, L.P.H. van Belle via samba escreveu:

>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:[hidden email]] Namens
>> Rowland Penny via samba
>> Verzonden: maandag 11 september 2017 18:50
>> Aan: [hidden email]
>> Onderwerp: Re: [Samba] File server questions
>>
>> On Mon, 11 Sep 2017 13:08:16 -0300
>> Flávio Silveira via samba <[hidden email]> wrote:
>>
>>> My question is actually if I have to deal with the hosting
>> company DNS
>>> zones or not, because 'tecnopon.com.br' is hosted there, my guess,
>>> giving Louis's answer and yours, is I don't need to.
>> As you will only be forwarding unknown requests (such as
>> www.google.com) to your hosting company, you do not have to
>> deal with their dns servers at all.
>>
>>> Also, I am currently using a DHCP Server to give static IPs
>> based on
>>> mac address, I guess I don't need to set the ip manually if I use
>>> something like "method 3" described in [1] to prevent
>> /etc/resolv.conf
>>> updates, what do you think?
>>>
>>> [1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
>>>
>> Never really understood using dhcp for fixed ipaddresses,
>> well possibly for one or two machines, but even then, what is
>> the point ?
>> I would give a fixed IP to all the machines that should have
>> one (servers, printers etc). Then for any other machines that
>> can and should have a dhcp IP (laptops etc), create a pool
>> based around the fixed machines. This way, you can tell, just
>> from the IP, just what the machine is likely to be.
>>
>> Rowland
>>    
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> When i look at that link, https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
> Then only option 1 is the "real" correct one. Imho.
> Option 2, and options 3 are masking a configuration errors.
>
> If you want to use dhcp with servers, sure possible, no problem at all, but not recommended.
> Now have a look at : /etc/dhcp/dhclient.conf
>
> That shows, something like this ( the default on debian )
>
> option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
>
> send host-name = gethostname();
> request subnet-mask, broadcast-address, time-offset, routers,
>          domain-name, domain-name-servers, domain-search, host-name,
>          dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
>          netbios-name-servers, netbios-scope, interface-mtu,
>          rfc3442-classless-static-routes, ntp-servers;
>
> DHCP Server requests. : ( involving your points. )
>   domain-name, domain-name-servers, domain-search
> ( ntp-servers and time-offset are also very important )
>
> As long as the dhcp server sends the correct info here, you resolv.conf is always correct.
> The search setting should be : ad.tecnopon.com.br
> You need the domain-name so you have the correct zone for name server changes. (ad.tecnopon.com.br)
> You need the domain-search so you can resolv hostname -s and hostname -f within the same domain. (ad.tecnopon.com.br)
>
> If you also use resolvconf then add the needed options, for example if you have a proxy server with bind,
> Then resolvconf is the best options, because you can add named_options and named_zones,
> Which can be handy for the external zones. ( you can add a forward zone in bind for the internet zone.)
> Should not be needed but also here, can be handy, this all depending on you setup.
>
> But key here is, if you rebooted you server and your resolv.conf settings are wrong, then you have a setting in dhcp thats incorrect.
> ( or if resolvconf is installed, review /etc/network/interfaces ( missing dns-
> Since you have ips assigned by mac, review that config.
> Look in this file : cat /var/lib/dhcp/dhclient.eth0.leases
> ( if you interface is eth0, change to your interface name. )
>
> And i agree with Rowland's suggestion to create pools, that makes is much better to handle these settings.
> So i suggest, review you dhcp server settings and dhcp client settings.
> That is, imo, the correct way to set this up. ( If you must use the dhcp server for the members. )
> This wil also hold for the long run.
>
>
>
> Greetz,
>
> Louis
>
>
>

Thanks for the replies Rowland and Louis!

Giving all that was said here is a snippet of what I have in
/var/lib/dhcp/dhclient.enp2s0.leases

Don't know why my interface is named enp2s0, but I only have one, this
might be a driver thing.

lease {
   interface "enp2s0";
   fixed-address 192.168.11.6;
   option subnet-mask 255.255.255.0;
   option routers 192.168.11.1;
   option dhcp-lease-time 86400;
   option dhcp-message-type 5;
   option domain-name-servers 192.168.11.1;
   option dhcp-server-identifier 192.168.11.1;
   option domain-name "local";
   renew 2 2017/09/12 15:28:36;
   rebind 3 2017/09/13 01:09:09;
   expire 3 2017/09/13 04:09:09;
}

This is the server that will be the AD DC, it currently is in client
subnet (192.168.11.x) for testing, but I will put it in server subnet
(192.168.13.x) when in production.

I can't change these settings now as it will break the whole network,
can I use the "method 3" from the link for now and manually edit
/etc/resolv.conf and then when it is ready for production I drop that
script and configure it properly into the DHCP Server?

Speaking of AD DC tutorial, I've read it over and over and especifically
the provisioning part, does this sound correct?

samba-tool domain provision --server-role=dc --use-rfc2307
--dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD
--adminpass=mypass --option="interfaces=lo enp2s0" --option="bind
interfaces only=yes" --option="dns forwarder=192.168.11.1"

If I understand correctly, domain is what will be NetBIOS Name, right?
What about Hostname? How do I set it in non-interactive mode?

It seems it isn't possible to set it also in interactive mode, as shown
in the example from the tutorial:

> # samba-tool domain provision --use-rfc2307 --interactive
> Realm [SAMDOM.EXAMPLE.COM]: SAMDOM.EXAMPLE.COM
>   Domain [SAMDOM]: SAMDOM
>   Server Role (dc, member, standalone) [dc]: dc
>   DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
>   DNS forwarder IP address (write 'none' to disable forwarding) [10.99.0.1]: 8.8.8.8
> Administrator password: Passw0rd
> Retype password: Passw0rd
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=samdom,DC=example,DC=com
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
> Setting up fake yp server settings
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role:           active directory domain controller
> Hostname:              DC1
> NetBIOS Domain:        SAMDOM
> DNS Domain:            samdom.example.com
> DOMAIN SID:            S-1-5-21-2614513918-2685075268-614796884

Where DC1 came from? Can I use that as NetBIOS Name?

Regards,
   Flavio Silveira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
On Tue, 12 Sep 2017 10:40:50 -0300
Flávio Silveira via samba <[hidden email]> wrote:


> Thanks for the replies Rowland and Louis!
>
> Giving all that was said here is a snippet of what I have in
> /var/lib/dhcp/dhclient.enp2s0.leases
>
> Don't know why my interface is named enp2s0, but I only have one,
> this might be a driver thing.

No, it is a systemd thing.

>
> lease {
>    interface "enp2s0";
>    fixed-address 192.168.11.6;
>    option subnet-mask 255.255.255.0;
>    option routers 192.168.11.1;
>    option dhcp-lease-time 86400;
>    option dhcp-message-type 5;
>    option domain-name-servers 192.168.11.1;
>    option dhcp-server-identifier 192.168.11.1;
>    option domain-name "local";
>    renew 2 2017/09/12 15:28:36;
>    rebind 3 2017/09/13 01:09:09;
>    expire 3 2017/09/13 04:09:09;
> }
>
> This is the server that will be the AD DC, it currently is in client
> subnet (192.168.11.x) for testing, but I will put it in server subnet
> (192.168.13.x) when in production.
>
> I can't change these settings now as it will break the whole network,
> can I use the "method 3" from the link for now and manually edit
> /etc/resolv.conf and then when it is ready for production I drop that
> script and configure it properly into the DHCP Server?

Not sure, I run a DHCP server on my DC, but not in the way you are
proposing, see the Samba wiki for more info.

>
> Speaking of AD DC tutorial, I've read it over and over and
> especifically the provisioning part, does this sound correct?
>
> samba-tool domain provision --server-role=dc --use-rfc2307
> --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD
> --adminpass=mypass --option="interfaces=lo enp2s0" --option="bind
> interfaces only=yes" --option="dns forwarder=192.168.11.1"

Yes, but the --server-role and --dns-backend are defaults and as such
are not really required.
 
>
> If I understand correctly, domain is what will be NetBIOS Name,
> right?

Wrong, the domain name, also known as the workgroup, is really the
NetBIOS domain name. This should not be confused with the NetBIOS name,
which is the hosts short name in UPPERCASE.
If you are confused, don't blame me or Samba, blame Microsoft, they
came up with the names.

> What about Hostname? How do I set it in non-interactive mode?

You don't, Samba will set it for you from your shorthostname.

> Where DC1 came from? Can I use that as NetBIOS Name?

Yes, provided the output from 'hostname -s' is 'dc1' ;-)

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: File server questions

Samba - General mailing list
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Rowland Penny via samba
> Verzonden: dinsdag 12 september 2017 16:04
> Aan: [hidden email]
> Onderwerp: Re: [Samba] File server questions
>
> On Tue, 12 Sep 2017 10:40:50 -0300
> Flávio Silveira via samba <[hidden email]> wrote:
>
>
> > Thanks for the replies Rowland and Louis!
> >
> > Giving all that was said here is a snippet of what I have in
> > /var/lib/dhcp/dhclient.enp2s0.leases
> >
> > Don't know why my interface is named enp2s0, but I only
> have one, this
> > might be a driver thing.
>
> No, it is a systemd thing.
Yep, and some good info here if you want your old names back.
And why its used.
https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ 


>
> >
> > lease {
> >    interface "enp2s0";
> >    fixed-address 192.168.11.6;
> >    option subnet-mask 255.255.255.0;
> >    option routers 192.168.11.1;
> >    option dhcp-lease-time 86400;
> >    option dhcp-message-type 5;
> >    option domain-name-servers 192.168.11.1;
> >    option dhcp-server-identifier 192.168.11.1;
> >    option domain-name "local";
> >    renew 2 2017/09/12 15:28:36;
> >    rebind 3 2017/09/13 01:09:09;
> >    expire 3 2017/09/13 04:09:09;
> > }
> >
> > This is the server that will be the AD DC, it currently is
> in client
> > subnet (192.168.11.x) for testing, but I will put it in
> server subnet
> > (192.168.13.x) when in production.
> >
> > I can't change these settings now as it will break the
> whole network,
> > can I use the "method 3" from the link for now and manually edit
> > /etc/resolv.conf and then when it is ready for production I
> drop that
> > script and configure it properly into the DHCP Server?
>
> Not sure, I run a DHCP server on my DC, but not in the way
> you are proposing, see the Samba wiki for more info.


Why not adjust the dhcp client reservation to :
host dc1 {
  hardware ethernet DD:GH:DF:E5:F7:D7;
  fixed-address 192.168.11.6;
  option domain-name-servers 192.168.11.6,8.8.8.8;
  option domain-search "ad.tecnopon.com.br";
}

The other settings are adapted from the dhcp pool its in.
As install DNS is slow. But this is ok, for the install, once samba and dns is up,
you wil notice some speedups in resolving. Due to the fact that at install,
there is no dns (yet) at 192.168.11.6, the DC itself.

That should work.


>
> >
> > Speaking of AD DC tutorial, I've read it over and over and
> > especifically the provisioning part, does this sound correct?
> >
> > samba-tool domain provision --server-role=dc --use-rfc2307
> > --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD
> > --adminpass=mypass --option="interfaces=lo enp2s0" --option="bind
> > interfaces only=yes" --option="dns forwarder=192.168.11.1"
>
> Yes, but the --server-role and --dns-backend are defaults and
> as such are not really required.
>  
> >
> > If I understand correctly, domain is what will be NetBIOS
> Name, right?
>
> Wrong, the domain name, also known as the workgroup, is
> really the NetBIOS domain name. This should not be confused
> with the NetBIOS name, which is the hosts short name in UPPERCASE.
> If you are confused, don't blame me or Samba, blame
> Microsoft, they came up with the names.
>
> > What about Hostname? How do I set it in non-interactive mode?
>
> You don't, Samba will set it for you from your shorthostname.
>
> > Where DC1 came from? Can I use that as NetBIOS Name?
>
> Yes, provided the output from 'hostname -s' is 'dc1' ;-)
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Greetz,

Louis


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
123