Primary Active Directory Controller using SAMBA and opensuse Leap

Hi All,

I am looking for step-by-step tutorial of DC using samba on Opensuse Leap. I tried to follow instructions on samba.org but no success. Everything seams to be working, but when I tried to switch to new domain on Windows, I got error:


ote: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\windows\debug\dcdiag.txt.


The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "off.end":


The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)


The query was for the SRV record for _ldap._tcp.dc._msdcs.off.end


Common causes of this error include the following:


- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:


192.168.45.5
192.168.45.4


- One or more of the following zones do not include delegation to its child zone:


off.end
end
. (the root zone)

I added SRV record (_ldap._tcp.dc._msdcs.off.end) to DNS and pointed it to DC (192.168.45.4) but then I got different error that domain controller could not be connected.

Anybody has a success with creating PDC on opensuse?

Hi

Also struggling to get a Samba PDC to work with OpenLDAP backend on Leap with Windows 10 clients, and also encountered your error. Have a look at https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains. People reported success e.g. for Win7 clients. Didn’t succeed here for Win10 clients, though.

HTH

mr_lukes,

Are you trying to have your openSUSE computer be the Active Directory? Because I thought that SAMBA on openSUSE did not support being an Active Directory. SAMBA supports Heimdal Kerberos for Active Directory, and openSUSE uses MIT Kerberos.

As having openSUSE be a PDC, I have been doing this for years. I am now running my SAMBA server on Leap 42.1. I use LDAP as my backend, and I use PAM_LDAP and NSS_LDAP not SSSD.

 # smb.conf is the main Samba configuration file. You find a full commented# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
    workgroup = ctl
    passdb backend = ldapsam:ldap://127.0.0.1
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
#    map to guest = badUser
    syslog = 0
    log file = /var/log/samba/log.%I
    log level = 1
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U
    logon drive = H:
    usershare allow guests = No
    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
    domain logons = Yes
    domain master = Yes
#    idmap backend = ldap:ldap://127.0.0.1
    ldap admin dn = cn=Manager,dc=CrewSystems
    ldap group suffix = ou=Group
    ldap idmap suffix = ou=Idmap,ou=SambaDomain
    ldap machine suffix = ou=MachineAccounts,ou=SambaDomain
    ldap passwd sync = Yes
    ldap ssl = Off
    ldap suffix = dc=CTL,dc=CrewSystems
    ldap user suffix = ou=People
    local master = Yes
    netbios name = Atlas
    os level = 65
    preferred master = Yes
    security = user
    wins support = Yes
    time server = Yes
#    restrict anonymous = 1
    interfaces = XXX.XXX.XXX.129/25 XXX.XXX.XX.64/27 127.0.0.1
    bind interfaces only = yes
    hosts allow = XXX.XXX.XXX.128/25 XXX.XXX.XX.64/27 127.0.0.1
    name resolve order =  wins

[homes]
    comment = Home Directories
#    valid users = %S, %D%w%S
    valid users = %S
    force user = %S
    create mask = 0600
    directory mask = 0700
    browseable = No
    read only = No
    inherit acls = Yes


[profiles]
    comment = Network Profiles Service
    path = %H
#    path = /atlas/usr/samba/Profiles/
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700
    browseable = no

# [users]
#    comment = All users
#    path = /home
#    read only = No
#    inherit acls = Yes
#    veto files = /aquota.user/groups/shares/


## Share disabled by YaST
# [groups]
#    comment = All groups
#    path = /home/groups
#    read only = No
#    inherit acls = Yes


## Share disabled by YaST
# [printers]
#    comment = All Printers
#    path = /var/tmp
#    printable = Yes
#    create mask = 0600
#    browseable = No


## Share disabled by YaST
# [print$]
#    comment = Printer Drivers
#    path = /var/lib/samba/drivers
#    write list = @ntadmin root
#    force group = ntadmin
#    create mask = 0664
#    directory mask = 0775

[netlogon]
    comment = Network Logon Service
#    path = /var/lib/samba/netlogon
    path = /atlas/usr/samba/netlogon
    read only = No
    browseable = No
#    write list = root


[Atlas]
    comment = Atlas RAID
    inherit acls = Yes
    path = /atlas
    read only = No
    create mask = 0664
    directory mask = 0775






I used the SAMBA LDAP setup instructions.

Dave W