Results 1 to 3 of 3

Thread: Primary Active Directory Controller using SAMBA and opensuse Leap

  1. #1
    Join Date
    Sep 2008
    Location
    New York
    Posts
    63

    Default Primary Active Directory Controller using SAMBA and opensuse Leap

    Hi All,

    I am looking for step-by-step tutorial of DC using samba on Opensuse Leap. I tried to follow instructions on samba.org but no success. Everything seams to be working, but when I tried to switch to new domain on Windows, I got error:
    Code:
    ote: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\windows\debug\dcdiag.txt.
    
    
    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "off.end":
    
    
    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)
    
    
    The query was for the SRV record for _ldap._tcp.dc._msdcs.off.end
    
    
    Common causes of this error include the following:
    
    
    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
    
    
    192.168.45.5
    192.168.45.4
    
    
    - One or more of the following zones do not include delegation to its child zone:
    
    
    off.end
    end
    . (the root zone)
    I added SRV record (_ldap._tcp.dc._msdcs.off.end) to DNS and pointed it to DC (192.168.45.4) but then I got different error that domain controller could not be connected.

    Anybody has a success with creating PDC on opensuse?

  2. #2

    Default Re: Primary Active Directory Controller using SAMBA and opensuse Leap

    Hi

    Also struggling to get a Samba PDC to work with OpenLDAP backend on Leap with Windows 10 clients, and also encountered your error. Have a look at https://wiki.samba.org/index.php/Req...-style_domains. People reported success e.g. for Win7 clients. Didn't succeed here for Win10 clients, though.

    HTH

  3. #3
    Join Date
    Aug 2008
    Location
    Maryland
    Posts
    208

    Default Re: Primary Active Directory Controller using SAMBA and opensuse Leap

    mr_lukes,

    Are you trying to have your openSUSE computer be the Active Directory? Because I thought that SAMBA on openSUSE did not support being an Active Directory. SAMBA supports Heimdal Kerberos for Active Directory, and openSUSE uses MIT Kerberos.

    As having openSUSE be a PDC, I have been doing this for years. I am now running my SAMBA server on Leap 42.1. I use LDAP as my backend, and I use PAM_LDAP and NSS_LDAP not SSSD.

    Code:
     # smb.conf is the main Samba configuration file. You find a full commented# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
    # samba-doc package is installed.
    [global]
        workgroup = ctl
        passdb backend = ldapsam:ldap://127.0.0.1
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
    #    map to guest = badUser
        syslog = 0
        log file = /var/log/samba/log.%I
        log level = 1
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U
        logon drive = H:
        usershare allow guests = No
        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
        domain logons = Yes
        domain master = Yes
    #    idmap backend = ldap:ldap://127.0.0.1
        ldap admin dn = cn=Manager,dc=CrewSystems
        ldap group suffix = ou=Group
        ldap idmap suffix = ou=Idmap,ou=SambaDomain
        ldap machine suffix = ou=MachineAccounts,ou=SambaDomain
        ldap passwd sync = Yes
        ldap ssl = Off
        ldap suffix = dc=CTL,dc=CrewSystems
        ldap user suffix = ou=People
        local master = Yes
        netbios name = Atlas
        os level = 65
        preferred master = Yes
        security = user
        wins support = Yes
        time server = Yes
    #    restrict anonymous = 1
        interfaces = XXX.XXX.XXX.129/25 XXX.XXX.XX.64/27 127.0.0.1
        bind interfaces only = yes
        hosts allow = XXX.XXX.XXX.128/25 XXX.XXX.XX.64/27 127.0.0.1
        name resolve order =  wins
    
    [homes]
        comment = Home Directories
    #    valid users = %S, %D%w%S
        valid users = %S
        force user = %S
        create mask = 0600
        directory mask = 0700
        browseable = No
        read only = No
        inherit acls = Yes
    
    
    [profiles]
        comment = Network Profiles Service
        path = %H
    #    path = /atlas/usr/samba/Profiles/
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
        browseable = no
    
    # [users]
    #    comment = All users
    #    path = /home
    #    read only = No
    #    inherit acls = Yes
    #    veto files = /aquota.user/groups/shares/
    
    
    ## Share disabled by YaST
    # [groups]
    #    comment = All groups
    #    path = /home/groups
    #    read only = No
    #    inherit acls = Yes
    
    
    ## Share disabled by YaST
    # [printers]
    #    comment = All Printers
    #    path = /var/tmp
    #    printable = Yes
    #    create mask = 0600
    #    browseable = No
    
    
    ## Share disabled by YaST
    # [print$]
    #    comment = Printer Drivers
    #    path = /var/lib/samba/drivers
    #    write list = @ntadmin root
    #    force group = ntadmin
    #    create mask = 0664
    #    directory mask = 0775
    
    [netlogon]
        comment = Network Logon Service
    #    path = /var/lib/samba/netlogon
        path = /atlas/usr/samba/netlogon
        read only = No
        browseable = No
    #    write list = root
    
    
    [Atlas]
        comment = Atlas RAID
        inherit acls = Yes
        path = /atlas
        read only = No
        create mask = 0664
        directory mask = 0775


    I used the SAMBA LDAP setup instructions.

    Dave W

    Last edited by dwestf; 04-Apr-2016 at 04:50. Reason: A second code window was added by mistake.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •