Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba4 provision, change private dir?
172 views
Skip to first unread message
Greg Zartman
Oct 29, 2014, 1:20:03 AM10/29/14
to
When you first provision an AD DC, is there a way to control where
samba-tool puts all of the AD data files?
--
Greg J. Zartman
Board Member
Koozali Foundation, Inc.
2755 19th Street SE
Salem, Oregon 97302
Cell: 541-5218449
SME Server user and community member since 2000
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
samba-tool puts all of the AD data files?
--
Greg J. Zartman
Board Member
Koozali Foundation, Inc.
2755 19th Street SE
Salem, Oregon 97302
Cell: 541-5218449
SME Server user and community member since 2000
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Greg Zartman
Oct 29, 2014, 1:30:03 AM10/29/14
to
Just a quick follow up to this question:
The Samba4 packages I have (Sernet) default the provision private dir to
/var/lib/samba/private, with the smb.conf file planted in /etc/samba. Once
I start the samba deamon, it seems to copy most of the tdb files into
/etc/samba, but I'm not sure why it's doing this and if it's leaving some
pieces back in /var/lib/samba/private.
Is this normal behavior?
Thanks,
The Samba4 packages I have (Sernet) default the provision private dir to
/var/lib/samba/private, with the smb.conf file planted in /etc/samba. Once
I start the samba deamon, it seems to copy most of the tdb files into
/etc/samba, but I'm not sure why it's doing this and if it's leaving some
pieces back in /var/lib/samba/private.
Is this normal behavior?
Thanks,
L.P.H. van Belle
Oct 29, 2014, 4:10:02 AM10/29/14
to
Hai Greg,
no, its not normal behavior.
I also run the sernet packages. ( on debian )
but i dont have any tbd fils in /etc/samba.
can you post your smb.conf
and the output of samba -b
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: gzar...@koozali.org
>[mailto:samba-...@lists.samba.org] Namens Greg Zartman
>Verzonden: woensdag 29 oktober 2014 6:27
>Aan: sambalist
>Onderwerp: Re: [Samba] Samba4 provision, change private dir?
no, its not normal behavior.
I also run the sernet packages. ( on debian )
but i dont have any tbd fils in /etc/samba.
can you post your smb.conf
and the output of samba -b
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: gzar...@koozali.org
>[mailto:samba-...@lists.samba.org] Namens Greg Zartman
>Verzonden: woensdag 29 oktober 2014 6:27
>Aan: sambalist
>Onderwerp: Re: [Samba] Samba4 provision, change private dir?
L.P.H. van Belle
Oct 30, 2014, 4:20:03 AM10/30/14
to
Hai Greg,
The setup ( your smb.con) below is not workable.
Did you save the smb.conf after provisioning?
If you server is setup as AD DC, as im seeing, than this is really wrong.
You have mixed samba3 with samba4 settings.
I see you use Red Hat, RH, is bit out of my scoop, but i'll give it a try.
remove the old ( now smb.conf) at put back the backuped ( i hope ) version of the one after provisioning.
Start from there, and for the AD Dc you dont need to change much. the lesser the better.
Have a look at my setup of my AD-DC.
# Global parameters
[global]
workgroup = DOMAIN
realm = DOMAIN.DOMAINNAME.TLD
netbios name = DC1
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
interfaces = 127.0.0.1 192.168.1.1/24
bind interfaces only = yes
time server = yes
wins support = yes
## KEEP THIS OFF !! Only used for modify-ing the AD Schema
## ONLY DONE ONE THE DC WITH THE FSMO Roles
sdb:schema update allowed = no
## Dont forget to set the idmap_ldb on ALL DC's if you use it
idmap_ldb:use rfc2307 = yes
## map id's outside to domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 50001-80000
## map ids from the domain the range may not overlap !
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
template shell = /bin/sh
template homedir = /home/users/%U
##---- disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[netlogon]
path = /home/samba/sysvol/domain.domainname.tld/scripts
read only = No
acl_xattr:ignore system acl = yes
[sysvol]
path = /home/samba/sysvol
read only = No
acl_xattr:ignore system acl = yes
Van: Greg Zartman [mailto:gzar...@koozali.org]
Verzonden: donderdag 30 oktober 2014 0:47
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Samba4 provision, change private dir?
[global]
workgroup = sme-server
realm = test.test.com
server string = SME Server
netbios name = test
security = auto
server role = active directory domain controller
name resolve order = lmhosts wins host bcast
idmap_ldb:use rfc2307 = yes
os level = 65
password server = *
pid directory = /var/run/samba
smb ports = 139 445
socket options = TCP_NODELAY
strict locking = no
guest account = public
guest ok = no
smb ports = 139 445
socket options = TCP_NODELAY
strict locking = no
guest account = public
guest ok = no
logon drive = Z:
kernel oplocks = no
level2 oplocks = no
oplocks = yes
bind interfaces only = yes
case sensitive = no
Deadtime = 10080
hosts allow = 127.0.0.1
interfaces = 127.0.0.1
log file = /var/log/samba/log.%m
max log size = 50
load printers = yes
printing = lprng
print command = /usr/bin/lpr -b -h -r -P%p %s
Output from samba -B:
Build environment:
Build host: Linux www.reetspetit.com 2.6.32-431.29.2.el6.x86_64 #1 SMP Tue S ep 9 21:36:05 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Paths:
BINDIR: /usr/bin
SBINDIR: /usr/sbin
CONFIGFILE: /etc/samba/smb.conf
NCALRPCDIR: /var/run/samba/ncalrpc
LOGFILEBASE: /var/log/samba
LMHOSTSFILE: /etc/samba/lmhosts
DATADIR: /usr/share
MODULESDIR: /usr/lib64/samba
LOCKDIR: /var/cache/samba
STATEDIR: /var/lib/samba
CACHEDIR: /var/cache/samba
PIDDIR: /var/run/samba
PRIVATE_DIR: /var/lib/samba/private
CODEPAGEDIR: /usr/share/samba/codepages
SETUPDIR: /usr/share/samba/setup
WINBINDD_SOCKET_DIR: /var/run/samba/winbindd
WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd
[root@test samba]#
The setup ( your smb.con) below is not workable.
Did you save the smb.conf after provisioning?
If you server is setup as AD DC, as im seeing, than this is really wrong.
You have mixed samba3 with samba4 settings.
I see you use Red Hat, RH, is bit out of my scoop, but i'll give it a try.
remove the old ( now smb.conf) at put back the backuped ( i hope ) version of the one after provisioning.
Start from there, and for the AD Dc you dont need to change much. the lesser the better.
Have a look at my setup of my AD-DC.
# Global parameters
[global]
workgroup = DOMAIN
realm = DOMAIN.DOMAINNAME.TLD
netbios name = DC1
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
interfaces = 127.0.0.1 192.168.1.1/24
bind interfaces only = yes
time server = yes
wins support = yes
## KEEP THIS OFF !! Only used for modify-ing the AD Schema
## ONLY DONE ONE THE DC WITH THE FSMO Roles
sdb:schema update allowed = no
## Dont forget to set the idmap_ldb on ALL DC's if you use it
idmap_ldb:use rfc2307 = yes
## map id's outside to domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 50001-80000
## map ids from the domain the range may not overlap !
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
template shell = /bin/sh
template homedir = /home/users/%U
##---- disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[netlogon]
path = /home/samba/sysvol/domain.domainname.tld/scripts
read only = No
acl_xattr:ignore system acl = yes
[sysvol]
path = /home/samba/sysvol
read only = No
acl_xattr:ignore system acl = yes
Van: Greg Zartman [mailto:gzar...@koozali.org]
Verzonden: donderdag 30 oktober 2014 0:47
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Samba4 provision, change private dir?
On Wed, Oct 29, 2014 at 1:04 AM, L.P.H. van Belle <be...@bazuin.nl> wrote:
Hai Greg,
no, its not normal behavior.
I also run the sernet packages. ( on debian )
but i dont have any tbd fils in /etc/samba.
can you post your smb.conf
and the output of samba -b
smb.conf:
Hai Greg,
no, its not normal behavior.
I also run the sernet packages. ( on debian )
but i dont have any tbd fils in /etc/samba.
can you post your smb.conf
and the output of samba -b
[global]
workgroup = sme-server
realm = test.test.com
server string = SME Server
netbios name = test
security = auto
server role = active directory domain controller
name resolve order = lmhosts wins host bcast
idmap_ldb:use rfc2307 = yes
os level = 65
password server = *
pid directory = /var/run/samba
smb ports = 139 445
socket options = TCP_NODELAY
strict locking = no
guest account = public
guest ok = no
smb ports = 139 445
socket options = TCP_NODELAY
strict locking = no
guest account = public
guest ok = no
logon drive = Z:
kernel oplocks = no
level2 oplocks = no
oplocks = yes
bind interfaces only = yes
case sensitive = no
Deadtime = 10080
hosts allow = 127.0.0.1
interfaces = 127.0.0.1
log file = /var/log/samba/log.%m
max log size = 50
load printers = yes
printing = lprng
print command = /usr/bin/lpr -b -h -r -P%p %s
Output from samba -B:
Build environment:
Build host: Linux www.reetspetit.com 2.6.32-431.29.2.el6.x86_64 #1 SMP Tue S ep 9 21:36:05 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Paths:
BINDIR: /usr/bin
SBINDIR: /usr/sbin
CONFIGFILE: /etc/samba/smb.conf
NCALRPCDIR: /var/run/samba/ncalrpc
LOGFILEBASE: /var/log/samba
LMHOSTSFILE: /etc/samba/lmhosts
DATADIR: /usr/share
MODULESDIR: /usr/lib64/samba
LOCKDIR: /var/cache/samba
STATEDIR: /var/lib/samba
CACHEDIR: /var/cache/samba
PIDDIR: /var/run/samba
PRIVATE_DIR: /var/lib/samba/private
CODEPAGEDIR: /usr/share/samba/codepages
SETUPDIR: /usr/share/samba/setup
WINBINDD_SOCKET_DIR: /var/run/samba/winbindd
WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd
[root@test samba]#
Marc Muehlfeld
Oct 30, 2014, 6:30:03 PM10/30/14
to
Hello Greg,
Am 29.10.2014 um 06:13 schrieb Greg Zartman:
> When you first provision an AD DC, is there a way to control where
> samba-tool puts all of the AD data files?
Self compiled or packages?
* Self compiled:
# ./configure --help
--with-lockdir=
--with-statedir=
etc.
* Packages:
1) # samba-tool domain provision --help
--targetdir=DIR: This is the only parameter that looks
interesting. But I don't know what goes into this directory.
There's currently no parameter description. If you try what
it does, let me know and I'll add a better description. :-)
2) Put the databases on a place you like and put a SymLink
on it's original location (haven't tried if that works!)
Regards,
Marc
Am 29.10.2014 um 06:13 schrieb Greg Zartman:
> When you first provision an AD DC, is there a way to control where
> samba-tool puts all of the AD data files?
* Self compiled:
# ./configure --help
--with-lockdir=
--with-statedir=
etc.
* Packages:
1) # samba-tool domain provision --help
--targetdir=DIR: This is the only parameter that looks
interesting. But I don't know what goes into this directory.
There's currently no parameter description. If you try what
it does, let me know and I'll add a better description. :-)
2) Put the databases on a place you like and put a SymLink
on it's original location (haven't tried if that works!)
Regards,
Marc
Greg Zartman
Oct 31, 2014, 5:00:04 AM10/31/14
to
On Oct 31, 2014 1:12 AM, "L.P.H. van Belle" <be...@bazuin.nl> wrote:
>
> Start with the "smb.conf" from your provisioning.
> Dont add anything untill something isnt working.
>
> this is all i have. and really keep it as clean as possible, ( see below )
>
> but are you setting up for and ADDC setup or a PDC/BDC (old nt4 style )
setup.
> and a tip for you, for the SME server setup.
> i advice you to use an include file for the extra SME settings, this way
you can have 1 base config
> like below and add settings depending on functions for the server.
Yep that is my though. Most of my config can be dynamically altered by
feeding config data base values into the config file. These will ultimate
be controlled by a Web gui.
> [sysvol]
> path = /home/samba/sysvol
> read only = No
> acl_xattr:ignore system acl = yes
> and please, keep this questions directed to the samba list, there are
more people who can helpout.
Sorry mate. Was a mistake I made responding from my not so smart phone :)
>
> Start with the "smb.conf" from your provisioning.
> Dont add anything untill something isnt working.
>
> this is all i have. and really keep it as clean as possible, ( see below )
>
> but are you setting up for and ADDC setup or a PDC/BDC (old nt4 style )
setup.
> and a tip for you, for the SME server setup.
> i advice you to use an include file for the extra SME settings, this way
you can have 1 base config
> like below and add settings depending on functions for the server.
Yep that is my though. Most of my config can be dynamically altered by
feeding config data base values into the config file. These will ultimate
be controlled by a Web gui.
> [sysvol]
> path = /home/samba/sysvol
> read only = No
> acl_xattr:ignore system acl = yes
more people who can helpout.
Sorry mate. Was a mistake I made responding from my not so smart phone :)
0 new messages