Difference between revisions of "Howto Add a Samba4 Domain Controller"

Setup

• Follow the Arch provision guide
• Add role: dc to the salt minion config.

Create a file called /etc/salt/minion.d/dc.conf

grains:
  roles:
    - dc

Joining As a Domain Controller

   samba-tool domain join AD.PUMPINGSTATIONONE.ORG DC -U hef

Checking and Fixing DNS

DNS doesn't always register correctly.

check it:

   host -t dc01.ad.pumpingstationone.org.

If nothing comes back, re add it by hand.

   samba-tool dns add bob ad.pumpingstationone.org dc01 A 10.100.0.112

At this point you need the guid for the new server. The [ https://wiki.samba.org/index.php/Join_a_domain_as_a_DC Samba Guide ] References the ldbsearch commmand. I couldn't get it to work, so I grabbed the objectGuid field from CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=pumpingstationone,DC=org in ldap.

   host -t CNAME f4f939cf-6c2f-4d51-b360-256f5c6bb1ac._msdcs.ad.pumpingstationone.org

If it's missing add it:

   samba-tool dns add bob _msdcs.ad.pumpingstationone.org f4f939cf-6c2f-4d51-b360-256f5c6bb1ac CNAME dc01.ad.pumpingstationone.org

Joining As a Domain Member

   net ads join -U hef

The samba-tool domain join command does not get winbindd working correctly. The net command is required.

Adding Users

Regular users need to get there account through https://members.pumpingstationone.org.

service and test accounts can be created with the following procedire

To create the user "hef" and set the user password, use the following command:

  samba-tool user add hef

To add the user "hef" to the "Domain Admins" group, use the following command:

  samba-tool group addmembers "Domain Admins" hef