The status of SAMBA 4 at the moment

This is not really a post like “apt-get howto”, I just wanted to summarize the results of my output and the current state of SAMBA4, can I use it at all.

Well, I hope everyone knows that this irony without a wonderful file server has exceeded the beta level in its 4th version. This actually made her twist a little bit. I have not been afraid of the status of beta in the development of the project for a long time, I still use gmail and dropbox;) The main thing is that developers adequately imagine this stage. SAMBA Team I deeply respect, and I attribute them just to this type of developers.

System on which I will deploy all this, ubuntu 12.04 LTS. And at the moment there is a version of samba4 alpha18 there, which I was a little upset about.
')
The installation fails successfully, one of the files does not have permissions to execute, but this is easily treated. The step-by-step instruction and the map "where you can step on a rake in Mordor " is here:
Installing Samba4 as a domain controller on Ubuntu Server 12.04

After aptitue finishes, the procedure for creating a workable domain is reduced to the line:

root@mserv:#/usr/share/samba/setup/provision --realm=example.local --domain=example --adminpass=4sweNdooG --server-role='domain controller' Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=example,DC=local Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=example,DC=local Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions See /var/lib/samba/private/named.conf for an example configuration include file for BIND and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf A phpLDAPadmin configuration file suitable for administering the Samba 4 LDAP server has been created in /var/lib/samba/private/phpldapadmin-config.php . Once the above files are installed, your Samba4 server will be ready to use Server Role: domain controller Hostname: mserv NetBIOS Domain: EXAMPLE DNS Domain: example.local DOMAIN SID: S-1-5-21-1715263971-3761441621-3169644295 

It's all.
After the end of the script, you need to add a couple of lines to the bind and apparmor config (if you have one), so that bind can work with the zone files generated by samba. However, it is not difficult, all the information is in howto on the link above.

Well, DHCP itself, I really did not need it.
After starting samba4 and bind we see that samba will listen to much more ports than the 3rd version before.

 root@mserv:# netstat -tupl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:3268 *:* LISTEN 1327/samba tcp 0 0 *:3269 *:* LISTEN 1327/samba tcp 0 0 *:ldap *:* LISTEN 1327/samba tcp 0 0 *:loc-srv *:* LISTEN 1324/samba tcp 0 0 *:netbios-ssn *:* LISTEN 1323/samba tcp 0 0 *:kpasswd *:* LISTEN 1329/samba tcp 0 0 mserv.example.lo:domain *:* LISTEN 1301/named tcp 0 0 localhost:domain *:* LISTEN 1301/named tcp 0 0 *:ssh *:* LISTEN 658/sshd tcp 0 0 *:kerberos *:* LISTEN 1329/samba tcp 0 0 localhost:953 *:* LISTEN 1301/named tcp 0 0 *:ldaps *:* LISTEN 1327/samba tcp 0 0 *:microsoft-ds *:* LISTEN 1323/samba tcp 0 0 *:1024 *:* LISTEN 1324/samba tcp6 0 0 [::]:3268 [::]:* LISTEN 1327/samba tcp6 0 0 [::]:3269 [::]:* LISTEN 1327/samba tcp6 0 0 [::]:ldap [::]:* LISTEN 1327/samba tcp6 0 0 [::]:loc-srv [::]:* LISTEN 1324/samba tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 1323/samba tcp6 0 0 [::]:kpasswd [::]:* LISTEN 1329/samba tcp6 0 0 [::]:ssh [::]:* LISTEN 658/sshd tcp6 0 0 [::]:kerberos [::]:* LISTEN 1329/samba tcp6 0 0 [::]:ldaps [::]:* LISTEN 1327/samba tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 1323/samba tcp6 0 0 [::]:1024 [::]:* LISTEN 1324/samba udp 0 0 mserv.example.loca:ldap *:* 1328/samba udp 0 0 *:ldap *:* 1328/samba udp 0 0 mserv.example.l:kpasswd *:* 1329/samba udp 0 0 *:kpasswd *:* 1329/samba udp 0 0 mserv.example.lo:domain *:* 1301/named udp 0 0 localhost:domain *:* 1301/named udp 0 0 mserv.example.:kerberos *:* 1329/samba udp 0 0 *:kerberos *:* 1329/samba udp 0 0 mserv.exampl:netbios-ns *:* 1325/samba udp 0 0 192.168.2.25:netbios-ns *:* 1325/samba udp 0 0 *:netbios-ns *:* 1325/samba udp 0 0 mserv.examp:netbios-dgm *:* 1325/samba udp 0 0 192.168.2.2:netbios-dgm *:* 1325/samba udp 0 0 *:netbios-dgm *:* 1325/samba udp6 0 0 fe80::5054:ff:fe8c:ldap [::]:* 1328/samba udp6 0 0 [::]:ldap [::]:* 1328/samba udp6 0 0 fe80::5054:ff:f:kpasswd [::]:* 1329/samba udp6 0 0 [::]:kpasswd [::]:* 1329/samba udp6 0 0 fe80::5054:ff::kerberos [::]:* 1329/samba udp6 0 0 [::]:kerberos [::]:* 1329/samba 

Result: you get a workable AD domain, into which Windows stations (in my case XPSP3 and W7SP1) are started up without any extra gestures.



Adminpak is needed to manage the domain, the download link is in howto.



Group Policies



All this looks quite rosy, but let's talk about sad things. What does not work:

• The web browser does not work at all. The wiki tells that for this purpose it is necessary to use nmbd and smbd (as I understood with the 3rd version of Samba in parallel with the 4th), but I did not succeed.
• There is no printing support, again they suggest using smbd. I have not tried.
• Various replication problems, in particular, I did not manage to join the existing 2008 AD domain, but there is a nuance, the domain was renamed, and I fully admit that the procedure was crooked, at least those errors that I received when joining referred to the incomplete renaming of the domain. I did not have the opportunity to raise the net 2008 AD to check whether the join with the new domain will work.
• As a file server, ntvfs is used, a not very stable new file server. As far as I understood, in beta version 4 it was disabled, and by default s3fs, that is, the file server from version 3, were used.

In general, the work of the SAMBA team is still a sea, but progress is good. If the network browser works, then for small networks this is quite a replacement for Microsoft’s AD, however, I didn’t test the stability and performance of the new server, and therefore I cannot recommend samba4 for serious tasks. Although..;)

PS: I wanted to finish on this, but decided to try to install the latest fresh beta version, which is available in the ubuntu reporter for version 12.10. Let us leave aside questions of the danger of breaking the LTS, while experimenting.

Immediately I warn you, in beta2 s3fs is not functional, smbd falls due to various reasons. It only helps to disable smbd and use ntvfs, for this you need to add in smb.conf:

 server services = +smb -s3fs dcerpc endpoint servers = +winreg +srvsvc 

Update Track Packets

 libdcerpc-server0 libdcerpc0 libgensec0 libndr-standard0 libndr0 libregistry0 libsamba-credentials0 libsamba-hostconfig0 libsamba-policy0 libsamdb0 libsmbclient-raw0 python-samba samba-dsdb-modules samba4 samba4-common-bin python-ldb libsamba-util0 

There will be no errors during the update if you do not delete the contents of / var / lib / samba

The method for creating a domain is the same.

Unfortunately, there are no noticeable changes compared to alpha18 from repository 12.04.