I am looking for step-by-step tutorial of DC using samba on Opensuse Leap. I tried to follow instructions on samba.org but no success. Everything seams to be working, but when I tried to switch to new domain on Windows, I got error:
ote: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "off.end":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.off.end
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.45.5
192.168.45.4
- One or more of the following zones do not include delegation to its child zone:
off.end
end
. (the root zone)
I added SRV record (_ldap._tcp.dc._msdcs.off.end) to DNS and pointed it to DC (192.168.45.4) but then I got different error that domain controller could not be connected.
Anybody has a success with creating PDC on opensuse?
Also struggling to get a Samba PDC to work with OpenLDAP backend on Leap with Windows 10 clients, and also encountered your error. Have a look at https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains. People reported success e.g. for Win7 clients. Didn’t succeed here for Win10 clients, though.
Are you trying to have your openSUSE computer be the Active Directory? Because I thought that SAMBA on openSUSE did not support being an Active Directory. SAMBA supports Heimdal Kerberos for Active Directory, and openSUSE uses MIT Kerberos.
As having openSUSE be a PDC, I have been doing this for years. I am now running my SAMBA server on Leap 42.1. I use LDAP as my backend, and I use PAM_LDAP and NSS_LDAP not SSSD.
# smb.conf is the main Samba configuration file. You find a full commented# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
workgroup = ctl
passdb backend = ldapsam:ldap://127.0.0.1
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
# map to guest = badUser
syslog = 0
log file = /var/log/samba/log.%I
log level = 1
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U
logon drive = H:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = Yes
domain master = Yes
# idmap backend = ldap:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=CrewSystems
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap,ou=SambaDomain
ldap machine suffix = ou=MachineAccounts,ou=SambaDomain
ldap passwd sync = Yes
ldap ssl = Off
ldap suffix = dc=CTL,dc=CrewSystems
ldap user suffix = ou=People
local master = Yes
netbios name = Atlas
os level = 65
preferred master = Yes
security = user
wins support = Yes
time server = Yes
# restrict anonymous = 1
interfaces = XXX.XXX.XXX.129/25 XXX.XXX.XX.64/27 127.0.0.1
bind interfaces only = yes
hosts allow = XXX.XXX.XXX.128/25 XXX.XXX.XX.64/27 127.0.0.1
name resolve order = wins
[homes]
comment = Home Directories
# valid users = %S, %D%w%S
valid users = %S
force user = %S
create mask = 0600
directory mask = 0700
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
# path = /atlas/usr/samba/Profiles/
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = no
# [users]
# comment = All users
# path = /home
# read only = No
# inherit acls = Yes
# veto files = /aquota.user/groups/shares/
## Share disabled by YaST
# [groups]
# comment = All groups
# path = /home/groups
# read only = No
# inherit acls = Yes
## Share disabled by YaST
# [printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No
## Share disabled by YaST
# [print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = @ntadmin root
# force group = ntadmin
# create mask = 0664
# directory mask = 0775
[netlogon]
comment = Network Logon Service
# path = /var/lib/samba/netlogon
path = /atlas/usr/samba/netlogon
read only = No
browseable = No
# write list = root
[Atlas]
comment = Atlas RAID
inherit acls = Yes
path = /atlas
read only = No
create mask = 0664
directory mask = 0775