Samba: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 209: / Line 209: @@
 ==== Active Directory Domain Controller ====
-To set up an AD DC on your installation, first start with a disabled installation of Samba, so we have all the tools to setup the configuration:
+We will setup an AD DC just like the the [https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller Samba Wiki].
+Let's add the following nix config, updating the <code>adDomain</code>, <code>adWorkgroup</code>, <code>adNetbiosName</code> and <code>staticIp</code> according to your needs.
 <syntaxhighlight lang=nix>
-{
+{ config, lib, pkgs, ... }:
-  services.samba = { enable = false; };
+with lib;
-}
-</syntaxhighlight>
-{{Evaluate}}
-Then follow the configuration steps from https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
-If everything works properly, we will now update the previous nix config. Replace it with the following, and update the <code>services.samba.configText</code> field with the content of your freshly set up <code>/etc/samba/smb.conf</code>:
-<syntaxhighlight lang=nix>
-{ config, pkgs, ... }:
 let
@@ Line 230: / Line 220: @@
    samba = cfg.package;
    nssModulesPath = config.system.nssModules.path;
+  adDomain = 'samdom.example.com';
+  adWorkgroup = 'SAM';
+  adNetbiosName = 'SAMDOM';
+  staticIp = '10.42.129.160';
 in {
+  # Disable resolveconf, we're using Samba internal DNS backend
+  systemd.services.resolvconf.enable = false;
+  environment.etc = {
+    resolvconf = {
+      text = ''
+        search ${adDomain}
+        nameserver ${staticIp}
+      '';
+    };
+  };
+  # Rebuild Samba with LDAP, MDNS and Domain Controller support
+  nixpkgs.overlays = [ (self: super: {
+    samba = super.samba.override {
+      enableLDAP = true;
+      enableMDNS = true;
+      enableDomainController = true;
+    };
+  } ) ];
+  # Disable default Samba `smbd` service, we will be using the `samba` server binary
    systemd.services.samba-smbd.enable = false;
    systemd.services.samba = {
@@ Line 248: / Line 263: @@
      unitConfig.RequiresMountsFor = "/var/lib/samba";
    };
-  nixpkgs.overlays = [ (self: super: {
-    samba = super.samba.override {
-      enableLDAP = true;
-      enableMDNS = true;
-      enableDomainController = true;
-    };
-  } ) ];
    services.samba = {
      enable = true;
@@ Line 262: / Line 270: @@
        # Global parameters
        [global]
-           dns forwarder = 10.99.0.1
+           dns forwarder = ${staticIp}
-           netbios name = SAMDOM
+           netbios name = ${adNetbiosName}
-           realm = SAMDOM.EXAMPLE.COM
+           realm = ${toUpper adDomain}
            server role = active directory domain controller
-           workgroup = SAM
+           workgroup = ${adWorkgroup}
            idmap_ldb:use rfc2307 = yes
@@ Line 274: / Line 282: @@
        [netlogon]
-           path = /var/lib/samba/sysvol/samdom.example.com/scripts
+           path = /var/lib/samba/sysvol/${adDomain}/scripts
            read only = No
      '';
    };
 }
 </syntaxhighlight>
+{{Evaluate}}
+After evaluating, you should see that the Samba service crashed because we haven't setup the database yet.
+To do that, let's run the following command, updated with your own configuration:
+<code>
+samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=SAMDOM.EXAMPLE.COM --domain=SAMDOM --adminpass=Passw0rd
+</code>
+Then restart the samba service with <code>sudo systemctl restart samba</code>, and you're ready to go!
 ==Troubleshooting==