Hi folks,
Is able SAMBA on CentOS 7 to work as Active Directory Domain Controller? If it's not, what is the recommended way of doing? Compiling from sources? Install packages from SerNet?
Thanks in advance!
Yes Samba4 is capable of working as a AD domain controller and more.
See link.
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Aly On Sep 6, 2014 4:16 PM, "Sergio Belkin" sebelk@gmail.com wrote:
Hi folks,
Is able SAMBA on CentOS 7 to work as Active Directory Domain Controller? If it's not, what is the recommended way of doing? Compiling from sources? Install packages from SerNet?
Thanks in advance!
-- Sergio Belkin http://www.sergiobelkin.com LPIC-2 Certified - http://www.lpi.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hmmmm perhaps I don't explain myself enough.
I already know that Samba "capable of working as a AD domain controller and more".
I'm asking about the official packages of CentOS, I mean from official repo's.
Thanks in advance
2014-09-06 18:01 GMT-03:00 Aly Khimji aly.khimji@gmail.com:
Yes Samba4 is capable of working as a AD domain controller and more.
See link.
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Aly On Sep 6, 2014 4:16 PM, "Sergio Belkin" sebelk@gmail.com wrote:
Hi folks,
Is able SAMBA on CentOS 7 to work as Active Directory Domain Controller?
If
it's not, what is the recommended way of doing? Compiling from sources? Install packages from SerNet?
Thanks in advance!
-- Sergio Belkin http://www.sergiobelkin.com LPIC-2 Certified - http://www.lpi.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It would appear the samba4 DC isn't available for C7 just yet.
"As Fedora and RHEL are using MIT Kerberos implementation as its Kerberos infrastructure of choice, the Samba Active Directory Domain Controller implementation is not available with MIT Kereberos at the moment."
Ref: http://community.spiceworks.com/topic/535153-centos-7-samba-domain-controlle...
HTH
Aly Hmmmm perhaps I don't explain myself enough.
I already know that Samba "capable of working as a AD domain controller and more".
I'm asking about the official packages of CentOS, I mean from official repo's.
Thanks in advance
2014-09-06 18:01 GMT-03:00 Aly Khimji aly.khimji@gmail.com:
Yes Samba4 is capable of working as a AD domain controller and more.
See link.
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Aly On Sep 6, 2014 4:16 PM, "Sergio Belkin" sebelk@gmail.com wrote:
Hi folks,
Is able SAMBA on CentOS 7 to work as Active Directory Domain Controller?
If
it's not, what is the recommended way of doing? Compiling from sources? Install packages from SerNet?
Thanks in advance!
-- Sergio Belkin http://www.sergiobelkin.com LPIC-2 Certified - http://www.lpi.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- -- Sergio Belkin http://www.sergiobelkin.com LPIC-2 Certified - http://www.lpi.org _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Aly Khimji wrote:
It would appear the samba4 DC isn't available for C7 just yet.
"As Fedora and RHEL are using MIT Kerberos implementation as its Kerberos infrastructure of choice, the Samba Active Directory Domain Controller implementation is not available with MIT Kereberos at the moment."
Ref: http://community.spiceworks.com/topic/535153-centos-7-samba-domain-controlle...
HTH
Aly Hmmmm perhaps I don't explain myself enough.
I already know that Samba "capable of working as a AD domain controller and more".
I'm asking about the official packages of CentOS, I mean from official repo's.
Thanks in advance
2014-09-06 18:01 GMT-03:00 Aly Khimji aly.khimji@gmail.com:
Yes Samba4 is capable of working as a AD domain controller and more.
See link.
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Aly On Sep 6, 2014 4:16 PM, "Sergio Belkin" sebelk@gmail.com wrote:
Hi folks,
Is able SAMBA on CentOS 7 to work as Active Directory Domain Controller?
If
it's not, what is the recommended way of doing? Compiling from sources? Install packages from SerNet?
Thanks in advance!
-- Sergio Belkin http://www.sergiobelkin.com LPIC-2 Certified - http://www.lpi.org
IMO there is _lot_ of Fedora/RHEL/Centos users (including me) which does not use FreeIPA or other Kerberos-based stuff, but want use Samba4 with AD enabled. For them it is not important whether they use MIT or Heimdal Kerberos implementation. Then logical question: Are somewhere for these distribution available (unofficial) Samba4 RPMs packages with Heimdal Kerberos?
I'm rather skeptic about near implementation MIT Kerberos in Samba4, because this work has been going on for many years and still without success (maybe nor any clear roadmap for it).
Franta Hanzlik
On 7 Sep 2014 13:01, "Frantisek Hanzlik" franta@hanzlici.cz wrote:
Are somewhere for these distribution available (unofficial) Samba4 RPMs packages with Heimdal Kerberos?
http://www.enterprisesamba.com
We use these at my workplace.
As for the MIT bit according to the samba technical list if it doesn't land in 4.2 it will in 4.3 ...
James Hogarth wrote:
On 7 Sep 2014 13:01, "Frantisek Hanzlik" franta@hanzlici.cz wrote:
Are somewhere for these distribution available (unofficial) Samba4 RPMs packages with Heimdal Kerberos?
http://www.enterprisesamba.com
We use these at my workplace.
As for the MIT bit according to the samba technical list if it doesn't land in 4.2 it will in 4.3 ...
Hi James, thanks for reply. It seems as at SerNet's site have packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora versions, at least this.
Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still is not even in rc, thus final release can be perhaps at the turn of the year. And when time between releases is approx. 9 month, then we can wait around for year... I'll keep my fingers crossed, that it happen in 4.2
Franta Hanzlik
On 8 Sep 2014 17:00, "Frantisek Hanzlik" franta@hanzlici.cz wrote ...
Hi James, thanks for reply. It seems as at SerNet's site have packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora versions, at least this.
Indeed but fortunately EL6 has many years ahead of it yet.
Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still is not even in rc, thus final release can be perhaps at the turn of the year.
The rc is due Sep 15th last I heard.
And when time between releases is approx. 9 month, then we can wait around for year... I'll keep my fingers crossed, that it happen in 4.2
Andrew Bartlett has expressed an opinion on the samba technical list that he'd be in favour of a very short 4.2 cycle if it means getting these sort of updates out.
Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha scritto:
On 8 Sep 2014 17:00, "Frantisek Hanzlik" franta@hanzlici.cz wrote ...
Hi James, thanks for reply. It seems as at SerNet's site have packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora versions, at least this.
Indeed but fortunately EL6 has many years ahead of it yet.
Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still is not even in rc, thus final release can be perhaps at the turn of the year.
The rc is due Sep 15th last I heard.
And when time between releases is approx. 9 month, then we can wait around for year... I'll keep my fingers crossed, that it happen in 4.2
Andrew Bartlett has expressed an opinion on the samba technical list that he'd be in favour of a very short 4.2 cycle if it means getting these sort of updates out.
There is some news for this tread?
Samba 4.3 is out: https://www.samba.org/samba/history/samba-4.3.0.html
and into Fedora Development there's already new package: https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/os/...
But the "samba-ad" package still missing.
Someone have more info?
Many thanks
Hello,
On 11 September 2015 at 14:04, Dario Lesca d.lesca@solinos.it wrote:
Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha scritto:
On 8 Sep 2014 17:00, "Frantisek Hanzlik" franta@hanzlici.cz wrote ...
Hi James, thanks for reply. It seems as at SerNet's site have packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora versions, at least this.
Indeed but fortunately EL6 has many years ahead of it yet.
Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still is not even in rc, thus final release can be perhaps at the turn of the year.
The rc is due Sep 15th last I heard.
And when time between releases is approx. 9 month, then we can wait around for year... I'll keep my fingers crossed, that it happen in 4.2
Andrew Bartlett has expressed an opinion on the samba technical list that he'd be in favour of a very short 4.2 cycle if it means getting these sort of updates out.
There is some news for this tread?
Samba 4.3 is out: https://www.samba.org/samba/history/samba-4.3.0.html
and into Fedora Development there's already new package:
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x86_64/os/...
But the "samba-ad" package still missing.
Someone have more info?
Many thanks
It is a decision of red hat over MIT or Heimdal. Red hat chooses MIT and Samba 4 AD chooses Heimdal.
You have more info in https://access.redhat.com/discussions/1235263
Regards,
Il giorno ven, 11/09/2015 alle 14.25 +0200, Oscar Osta Pueyo ha scritto:
Hello,
On 11 September 2015 at 14:04, Dario Lesca d.lesca@solinos.it wrote:
Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha scritto:
On 8 Sep 2014 17:00, "Frantisek Hanzlik" franta@hanzlici.cz wrote ...
Hi James, thanks for reply. It seems as at SerNet's site have packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora versions, at least this.
Indeed but fortunately EL6 has many years ahead of it yet.
Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still is not even in rc, thus final release can be perhaps at the turn of the year.
The rc is due Sep 15th last I heard.
And when time between releases is approx. 9 month, then we can wait around for year... I'll keep my fingers crossed, that it happen in 4.2
Andrew Bartlett has expressed an opinion on the samba technical list that he'd be in favour of a very short 4.2 cycle if it means getting these sort of updates out.
There is some news for this tread?
Samba 4.3 is out: https://www.samba.org/samba/history/samba-4.3.0.html
and into Fedora Development there's already new package:
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x 86_64/os/Packages/s/
But the "samba-ad" package still missing.
Someone have more info?
Many thanks
It is a decision of red hat over MIT or Heimdal. Red hat chooses MIT and Samba 4 AD chooses Heimdal.
You have more info in https://access.redhat.com/discussions/1235263
Ok, thanks for reply.
I read from last message of discussion:
February 9 2015 at 1:54 PM - Razvan Corneliu Vilt say:
The Samba 4 release in RHEL 7 does not support the Active Directory Domain Controller role. It is however a good NT4 Style Primary Domain Controller, a decent SMB3 file server, etc. What's more interesting is that you CAN make Samba 4 from EL 7 work with FreeIPA for authentication via NTLM AND Kerberos. I already have implemented this using the stock Red Hat Packages and authentication works via FreeIPA using both MS-RPC authentication in NTLM form and Kerberised authentication. ....
This means that that never will be a samba-ad for redhat/centos.
Then, if I as I understand the reply, with Centos7 + Samba 4 in old NT4 -DC mode + Kerberos + FreeIPA ( I do not know what it is FreeIPA) it's possible setup a Linux PDC working with all versions of Windows client, without changing the registry into win7/8 to join to domain?
I'm not a guru of Linux, someone can point me to the right way?
Many thanks Dario
On 09/11/2015 08:56 AM, Dario Lesca wrote:
Il giorno ven, 11/09/2015 alle 14.25 +0200, Oscar Osta Pueyo ha scritto:
Hello,
On 11 September 2015 at 14:04, Dario Lesca d.lesca@solinos.it wrote:
Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha scritto:
On 8 Sep 2014 17:00, "Frantisek Hanzlik" franta@hanzlici.cz wrote ...
Hi James, thanks for reply. It seems as at SerNet's site have packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora versions, at least this.
Indeed but fortunately EL6 has many years ahead of it yet.
Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still is not even in rc, thus final release can be perhaps at the turn of the year.
The rc is due Sep 15th last I heard.
And when time between releases is approx. 9 month, then we can wait around for year... I'll keep my fingers crossed, that it happen in 4.2
Andrew Bartlett has expressed an opinion on the samba technical list that he'd be in favour of a very short 4.2 cycle if it means getting these sort of updates out.
There is some news for this tread?
Samba 4.3 is out: https://www.samba.org/samba/history/samba-4.3.0.html
and into Fedora Development there's already new package:
https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x 86_64/os/Packages/s/
But the "samba-ad" package still missing.
Someone have more info?
Many thanks
It is a decision of red hat over MIT or Heimdal. Red hat chooses MIT and Samba 4 AD chooses Heimdal.
You have more info in https://access.redhat.com/discussions/1235263
Ok, thanks for reply.
I read from last message of discussion:
February 9 2015 at 1:54 PM - Razvan Corneliu Vilt say:
The Samba 4 release in RHEL 7 does not support the Active Directory Domain Controller role. It is however a good NT4 Style Primary Domain Controller, a decent SMB3 file server, etc. What's more interesting is that you CAN make Samba 4 from EL 7 work with FreeIPA for authentication via NTLM AND Kerberos. I already have implemented this using the stock Red Hat Packages and authentication works via FreeIPA using both MS-RPC authentication in NTLM form and Kerberised authentication. ....
This means that that never will be a samba-ad for redhat/centos.
Then, if I as I understand the reply, with Centos7 + Samba 4 in old NT4 -DC mode + Kerberos + FreeIPA ( I do not know what it is FreeIPA) it's possible setup a Linux PDC working with all versions of Windows client, without changing the registry into win7/8 to join to domain?
I'm not a guru of Linux, someone can point me to the right way?
I have been building a Samba4 AD on Centos7 (actually C7-armv7 beta) using the sernet rpms.
https://portal.enterprisesamba.com/
Though we had to build an armv7 distro from sernet sources:
http://repo.shivaserv.fr/centos/7/
This is Samba 4.2. It includes their Kerberos, ldap, and internal DNS. You MUST use their Kerberos and strongly recommend their ldap. I am using the Bind 9.9 that comes with C7; not to hard to integrate. I am also using the C& dhcpd.
WRT Samba 4.3 and MIT Kerberos. Samba 4.3 has shipped. But MIT Kerberos support did not make it into the initial release. Sernet has not released a 4.3 ver to date.
There is pretty good help on the Samba list:
https://lists.samba.org/mailman/options/samba
The wiki is quite good. Particularly as I have been asking lots of newbie questions and Marc has been busy incorporating the obvious answers into the wiki :)
Frantisek Hanzlik wrote:
Are somewhere for these distribution available (unofficial) Samba4 RPMs packages with Heimdal Kerberos?
I am trying to build some - as I want them, too.
See http://rghost.net/57999078 for a xompressed tarball with the mock result (i. e. srpm, rpm and build logs).
The package is working, but there is one problem I need help to fix it:
Starting samba by "systemctl start samba.service" or "service start samba" seems to start samba, but if you try to join a domain from a windows client, it will fail reproting that the rpc server is not available.
If you start samba by running "/usr/sbin/samba" from a console where root is logged in, samba is working as expected: Windows clients can join the domain.
Any idea how to fix that issue?
Thanks + Greetings from Germany
Markus Steinborn
On 09/14/2014 06:39 AM, Markus Steinborn wrote:
Frantisek Hanzlik wrote:
Are somewhere for these distribution available (unofficial) Samba4 RPMs packages with Heimdal Kerberos?
I am trying to build some - as I want them, too.
See http://rghost.net/57999078 for a xompressed tarball with the mock result (i. e. srpm, rpm and build logs).
The package is working, but there is one problem I need help to fix it:
Starting samba by "systemctl start samba.service" or "service start samba" seems to start samba, but if you try to join a domain from a windows client, it will fail reproting that the rpc server is not available.
If you start samba by running "/usr/sbin/samba" from a console where root is logged in, samba is working as expected: Windows clients can join the domain.
Any idea how to fix that issue?
Would this be due to not starting the nmb service? Samba provide two services smb AND nmb, you want to ensure both are running. HTH
Thanks + Greetings from Germany
Markus Steinborn
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Rob,
Rob Kampen wrote:
Would this be due to not starting the nmb service? Samba provide two services smb AND nmb, you want to ensure both are running. HTH
Well, for AC DC mode, starting samb and/or nmbd ussues an error saying you would have to start "samba" instead - in this mode smbd and nmbd are not supposed to be started directly.
And "ps xa" shows identical process lists for the working variant "startet by "/usr/sbin/samba" and for the non working variant "/service samba start".
But I also had an idea what to check: Turning selinux off did fix the samba started by systemd. So it is a selinux issue.
Greetings
Markus Steinborn
-
Aly Khimji -
Dario Lesca -
Frantisek Hanzlik -
James Hogarth -
Markus Steinborn -
Oscar Osta Pueyo -
Rob Kampen -
Robert Moskowitz -
Sergio Belkin