Ken Jacobs's picture

Hi again,

 

So I decided to try out the Domain Controller app last night. Again, everything installed super smooth and fast. However, I noticed when i clicked on Samba File Sharing I got this message...

The configuration file /etc/samba/smb.conf was not found. Most likely Samba is not installed on your system, or your module configuration is incorrect.

I thought file sharing was part of the samba package and should be working by default. The screenshot shows file sharing working. Ultimately, I had to go searching for the smb.conf in the /usr/share/samba folder and copy it to the /etc/samba folder to get file sharing to work. Shouldn't this be setup to work on a fresh install?

 

Thanks,

Ken

Forum: 
Jeremy Davis's picture

As of Samba4 (in v14.x appliances) the (AD compatible) DC is configured quite differently to a "traditional" Samba (i.e. Samba3) setup. Although, having said that, I must admit that I wasn't aware that it didn't have an smb.conf at all! FWIW we do have a separate Fileserver appliance, although that is pre-configured to be a standalone fileserver (as opposed to being an AD domain member).

Obviously you can add fileserver functionality to a Domain Controller (or vice versa) because as you correctly note, it's all based on Samba (although FWIW Samba advise against using a Domain Controller as a fileserver).

Ideally we'd like to support easily joining a fileserver to an AD domain (or perhaps re-purposing a Domain Controller as a domain member fileserver). For v15.0, we're making a step towards that by providing support for the Domain Controller appliance to join an existing domain (as opposed to forcing creation of a new domain). We had also planned to support our Fileserver appliance joining an AD domain, but after we realised that would cause issues for the WebUI that we provide with the Fileserver, we backed out (for now).

Hopefully at some point in the future we can put in some more time and research to support an easy way to configure that. But we just don't have the spare resources ATM and v15.0 is already well behind schedule.

Please share your experience and let us know how you go and what things you need to configure. If you hit any walls, please feel free to ask and I'll do my best to help (although I can't offer any guarantees).

Any info you share will no doubt help others in a similar position. Plus it will also hopefully make it easier for us to find a way to support a more "TurnKey" implementation of that usage scenario in the future.

Ken Jacobs's picture

Hi Jeremy,

So I spent a bit more time playing with the Domain Controller app to see what I was missing. I started by removing Turnkey DC completely from the system and testing a copy of Univention Corporate Server, which also has domain controller features built in. The install went without any issues and, after answering a few questions at install for the domain controller, the domain controller took off running and was able to join 2 windows computers to the system without issue.

Now that I had a proof of concept and knew that it worked, I removed Univention Server and reinstalled Turnkey DC on the system. Once again, the smb.conf file was missing and the samba part of the system showed as not configured correctly. With a bit more research on configuring samba as a DC, I discovered that Turnkey was not initiating the samba AD interactive configuration at the time of installation.....

samba-tool domain provision --use-rfc2307 --interactive

Turnkey should be taking the info we enter during installation for REALM and DOMAIN and automatically run the samba interactive provision, which should create the smb.conf file and place it in the correct directory. It should also create a krb5.conf file and place it in the /etc folder, for kerberos.

I decided to run the samba interactive mode myself, which created the correct smb.conf file. I also moved the samba created krb5.conf file into the correct folder....

cp /var/lib/samba/private/krb5.conf /etc/

Once I restarted everything, I was able to join a windows machine to the domain without issue. As far as I can tell, turnkey should work out of box once the samba provisioning function is setup correctly.

Thanks, Ken

Jeremy Davis's picture

First up, it certainly sounds like there is a bug in your system. What you are describing is not how it should be. Please clarify that you are using the v14.2 TurnKey appliance and which platform you are using it on (i.e. virtualisation platform etc).

Regardless, our DC appliance should certainly be running "samba-tool domain provision ..." during firstboot initialisation. Assuming this is an ISO install and/or running in a VM, then it should be using the info that you provide interactively during firstboot initialisation to set everything up. If you're not seeing a smb.conf, then there is clearly something not working during your firstboot as it should!

FWIW you can see the "samba-tool domain provision" command being called on line 102 of the domain controller inithook. So my guess is that for some reason you aren't seeing that dialog, or it's failing for some reason or another...

In an effort to try to assist, I just downloaded the v14.2 ISO from the appliance page and installed to a local KVM VM. After completing the firstboot initialisation (using the default realm of "domain.lan" and domain of "DOMAIN"), I have a /etc/samba/smb.conf file:

# Global parameters
[global]
	workgroup = DOMAIN
	realm = domain.lan
	netbios name = DC1
	server role = active directory domain controller
	dns forwarder = 8.8.8.8
	idmap_ldb:use rfc2307 = yes

[netlogon]
	path = /var/lib/samba/sysvol/domain.lan/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

So I'm not really sure what's going wrong with your server?! The Webmin Samba module appears (at least on face value) to be working properly too?! Having said all that, I don't have a Windows computer handy to test it properly. But some quick commandline testing suggests that all is well?!:

root@dc1 ~# smbclient -L localhost -U%
Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian]

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk      
	sysvol          Disk      
	IPC$            IPC       IPC Service (Samba 4.2.14-Debian)
Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------
root@dc1 ~# smbclient //localhost/netlogon -UAdministrator -c 'ls'
Enter Administrator's password: 
Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian]
  .                                   D        0  Tue Jun  5 03:25:00 2018
  ..                                  D        0  Tue Jun  5 03:25:11 2018

		6779240 blocks of size 1024. 5203224 blocks available

I als double checked the DNS entries and they seem ok too?!

root@dc1 ~# host -t SRV _ldap._tcp.domain.lan.
_ldap._tcp.domain.lan has SRV record 0 100 389 dc1.domain.lan.
root@dc1 ~# host -t SRV _kerberos._udp.domain.lan.
_kerberos._udp.domain.lan has SRV record 0 100 88 dc1.domain.lan.
root@dc1 ~# host -t A dc1.domain.lan.
dc1.domain.lan has address 192.168.1.98
Finally I checked on kerberos too, seems ok too?!

root@dc1 ~# kinit administrator
Password for administrator@DOMAIN.LAN: 
root@dc1 ~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@DOMAIN.LAN

Valid starting     Expires            Service principal
06/05/18 03:26:59  06/05/18 13:26:59  krbtgt/DOMAIN.LAN@DOMAIN.LAN
	renew until 06/06/18 03:26:55

So TBH, I'm really unclear on what your issue might be?! It seems that you are not getting anywhere near as far as I am?!

Also it's possibly not much use to you yet, but probably worth noting that when using Samba4 in this configuration, Samba recommend that you connect a Windows machine to your domain and all further domain config (including users and groups) is done using Microsoft Remote Server Administration Tools (RSAT). Please see the Samba docs.

Ken Jacobs's picture

Hi Jeremy,

Thanks for the reply. I downloaded turnkey-domain-controller-14.2-jessie-amd64 from the website as an ISO and then used unetbootin to create a bootable thumb drive. I am installing on a bare metal HP ML310 server. As I said, the install itself goes through with flying colors....from intial install....to reboot and asking for the realm and domain. However, once fully booted up the samba windows section is missing until running the provisioning manually.

I suppose the problem could be with creating a bootable thumb drive, as I have seen that with other server ISOs. Again, once I ran the samba-tool domain provision from a terminal, everything began working and I was able to join both a windows 7 computer and windows 10 computer with no issues after that. So, I may have to try it from an actual burned CD instead of the thumb drive and see if something is askew using a thumb drive....as I have no other ideas at the moment....LOL.

As a side note, I am still installing mdadm from CLI to get the raid function working....

Ken

Jeremy Davis's picture

FWIW there is an old Debian (basis of TurnKey) bug suggesting that unetbootin isn't 100% compatible with Debian (and some other distros). Having said that, I didn't read the full thread and I'm sure that many use it without issues so who knows?! As a Linux desktop user, I just use the commandline dd tool to write hybrid ISOs to USB and that works fine, but I doubt Windows has that (or possibly anything like it).

Personally, I'm not a big fan of installing TurnKey (or anything headless server wise) onto bare metal (unless a particularly old or low powered machine). I prefer to install a hypervisor and then enjoy the redundancy of keeping all functionality to separate machines.

Anyway, I'm glad to hear that you have it working. Good luck with it all, and feel free to post back with any further info you have to share. Good luck! :)

Guest's picture

I spent a little bit of time trying to figure out why I was unable to use the bind to domain function on the webui before ultimately stumbling across this discussion. I already have a windows server running as my primary AD server and wanted to move away from it being my fileserver as well. I thought that turnkey fileserver would be the answer but I guess there isnt an easy way to configure it as a member server rather than a stand alone server. I will have to try another time when this is possible it seems.
Jeremy Davis's picture

Samba supports being added as a Domain member. It's just not pre-configured like that out of the box.

I don't have personal experience with it, but this Samba doc page should head you in the right direction. TBH, I haven't tried it, nor have I even read through it fully, but a quick glance suggests it should apply to TurnKey.

If you give it a go, please report back. If you hit any issues, I may be able to help out. Otherwise, it'd be awesome to have confirmation that it all works as described! We may even be able to consider adding it as an option to the initialisation of the Fileserver appliance in a future release! :)

Ken Jacobs's picture

Sooooo....I decided to try another installing using the ISO to burn a CD, instead of using the thumb drive. Install went smooth as usual, updated fine and rebooted. Once running, I still ended up without a smb.conf file....go figure!! So, apparently the issue is not with unetbootin or the thumb drive. There must be something completely different about running the install on a VM compared to a bare metal machine. Most systems I install are just single use systems on bare metal, although I have run VMs for other purposes.

Speaking of VMs...is there a TK appliance that specifically supports running VMs? I prefer to stay in a linux environment and avoid windows when I can....

Jeremy Davis's picture

Thanks for testing that out. At least we can rule out unetbootin then I guess. Still it is a bit weird. As I said, I tested it out and it all seemed to work fine for me. Admitedly though, I did just use the default values.

So I have 2 remaining guesses:
1) a corrupted ISO (I suggest that's highly unlikely considering how well everything else went, but not impossible)
2) (more likely) something in your config which our script isn't handling cleanly, but that isn't actually a problem for the underlying samba config tool. (So when you do it manually it works, but our script fails, but not loudly enough for you to notice).

If you can be bothered, if you could SSH in (so you can scroll back through history easily) and re-run the Samba setup inithook to check would be super awesome. You should be able to do that like this:

/usr/lib/inithooks/bin/domain-controller.py

You may notice some text flash up between the blue screens. Once you have completed it all, you should be able to scroll back through your terminal history and read it in detail.

Regarding running VMs, my personal favourite bare metal hypervisor is ProxmoxVE. It's free in the free open source sense and can be used free in the beer sense too (it does have a log in nag screen if you don't subscribe). It's based on Debian and supports both KVM (for proper VMs; including Windows machines if you wish) as well as LXC containers. It has a fairly powerful and quite intuitive WebUI, as well as powerful CLI tools. We actually partner with them and provide all our appliances for download (as LXC templates) from within the WebUI. LXC is awesome IMO as you get near bare metal performance with all (or at least most) of the advantages of a VM.

If you are a bit more familiar with LXC and know that you won't want to run anything other than Linux (LXC only supports Linux), then we have a host LXC appliance which might be worth a try?

Ken Jacobs's picture

Alrighty, I logged in via ssh and reran the Samba setup inithook. I got all the blue screens and answered the questions. After confirming the password I got this...

Traceback (most recent call last):
  File "/usr/lib/inithooks/bin/domain-controller.py", line 124, in <module>
    main()
  File "/usr/lib/inithooks/bin/domain-controller.py", line 100, in main
    remove('/etc/samba/smb.conf')
OSError: [Errno 2] No such file or directory: '/etc/samba/smb.conf'

 

Add new comment