Howto Add a Samba4 Domain Controller

  • Follow the Arch provision guide
  • Add role: dc to the salt minion config.

Create a file called /etc/salt/minion.d/dc.conf

    - dc

Joining As a Domain Controller

   samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef

Checking and Fixing DNS

DNS doesn't always register correctly.

check it:

   host -t

If nothing comes back, re add it by hand.

   samba-tool dns add bob dc01 A

At this point you need the guid for the new server. The Samba Guide References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap.

   host -t CNAME

If it's missing add it:

   samba-tool dns add bob af4c9efd-56f6-4160-8335-cf8e5a5ada8f CNAME

Joining As a Domain Member

   net ads join -U hef

The samba-tool domain join command does not get winbindd working correctly. The net command is required.

Adding Users

Regular users need to get there account through

service and test accounts can be created with the following procedire

To create the user "hef" and set the user password, use the following command:

  samba-tool user add hef

To add the user "hef" to the "Domain Admins" group, use the following command:

  samba-tool group addmembers "Domain Admins" hef