Samba4でのドメコン構築メモ
とりあえず初期設定回してみた。環境はFreeBSDのjail内。
# uname -a
FreeBSD xxxxxxxx 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #1: Sun May 5 16:30:38 JST 2013 yaizawa@xxxxxxxx.yaizawa.jp:/usr/obj/usr/src/sys/XXXXXXXX amd64
# /usr/local/bin/samba-tool domain provision
Realm: yaizawa.local
Domain [local]: yaizawa.local
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [a.b.c.d]:
Administrator password:
Retype password:
ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No such file or directory: '/var/db/samba4/tmplfeWo3'
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 366, in run
file = tempfile.NamedTemporaryFile(dir=os.path.abspath(os.path.dirname(lp.get("private dir"))))
File "/usr/local/lib/python2.7/tempfile.py", line 462, in NamedTemporaryFile
(fd, name) = _mkstemp_inner(dir, prefix, suffix, flags)
File "/usr/local/lib/python2.7/tempfile.py", line 239, in _mkstemp_inner
fd = _os.open(file, flags, 0600)portsから入れた場合は/var/db/samba4がそのままだと無い模様。
# mkdir /var/db/samba4
# /usr/local/bin/samba-tool domain provision
Realm: yaizawa.local
Domain [local]: yaizawa.local
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [a.b.c.d]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.InvalidNetbiosName'>): uncaught exception - The name ''YAIZAWA.LOCAL'' is not a valid NetBIOS name
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 398, in run
use_rfc2307=use_rfc2307, skip_sysvolacl=False)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 1988, in provision
sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 623, in guess_names
raise InvalidNetbiosName(domain)ADのドメイン名なんかは第5回 Active Directoryの導入準備(前編) (2/2):管理者のためのActive Directory入門 - @ITあたりが役に立った。
# rm -rf /var/db/samba4 && mkdir /var/db/samba4
# rm /usr/local/etc/smb4.conf
# /usr/local/bin/samba-tool domain provision
Realm: yaizawa.yaizawa.jp
Domain [yaizawa]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [a.b.c.d]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
set_sys_acl_conn: SMB_VFS_SYS_ACL_SET_FILE returned zero.
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 398, in run
use_rfc2307=use_rfc2307, skip_sysvolacl=False)
File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py", line 2052, in provision
raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.")今度はFSの問題か (ZFS rootしてる)。Samba4 Install Guide (Problems with Kerberos) | The FreeBSD Forumsを参考に、--use-ntvfsしてみる。あと--use-rfc2307忘れてたので追加。
# /usr/local/bin/samba-tool domain provision --use-ntvfs --use-rfc2307 --interactive Realm: yaizawa.yaizawa.jp Domain [yaizawa]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [a.b.c.d]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=yaizawa,DC=yaizawa,DC=jp Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=yaizawa,DC=yaizawa,DC=jp Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/db/samba4/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: samba NetBIOS Domain: YAIZAWA DNS Domain: yaizawa.yaizawa.jp DOMAIN SID: S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
なんとか通った。起動してみよう。
# /usr/local/etc/rc.d/samba_server start Performing sanity check on Samba configuration: OK Starting samba. [2014/07/07 00:07:32.797346, 0] ../lib/util/debug.c:595(reopen_logs_internal) Unable to open new log file '/var/log/samba4/log.samba': No such file or directory [2014/07/07 00:07:32.800068, 0] ../source4/smbd/server.c:370(binary_smbd_main) samba version 4.1.9 started. Copyright Andrew Tridgell and the Samba Team 1992-2013
…/var/log/samba4も作ってくれてないんかいな。
# /usr/local/etc/rc.d/samba_server stop samba not running? (check /var/run/samba4/samba.pid). # mkdir /var/log/samba4 # /usr/local/etc/rc.d/samba_server start Performing sanity check on Samba configuration: OK Starting samba. # /usr/local/etc/rc.d/samba_server status samba is not running.
え"
# cat /var/log/samba4/log.samba [2014/07/07 00:08:53.138318, 0] ../source4/smbd/server.c:370(binary_smbd_main) samba version 4.1.9 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2014/07/07 00:08:54.008108, 0] ../source4/smbd/server.c:488(binary_smbd_main) samba: using 'standard' process model [2014/07/07 00:08:54.033836, 0] ../source4/nbt_server/interfaces.c:205(nbtd_add_socket) [2014/07/07 00:08:54.049160, 0] ../source4/rpc_server/dcerpc_server.c:1708(add_socket_rpc_tcp_iface) Failed to bind to 192.168.xxx.xxx:137 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED service_setup_stream_socket(address=::,port=0) failed - NT_STATUS_UNSUCCESSFUL [2014/07/07 00:08:54.072378, 0] ../source4/cldap_server/cldap_server.c:122(cldapd_add_socket) [2014/07/07 00:08:54.100880, 0] ../source4/smbd/service_task.c:35(task_server_terminate) [2014/07/07 00:08:54.101038, 0] ../source4/smbd/service_task.c:35(task_server_terminate) [2014/07/07 00:08:54.121134, 0] ../source4/kdc/kdc.c:672(kdc_add_socket) Failed to bind to ipv6::::389 - NT_STATUS_UNSUCCESSFUL task_server_terminate: [nbtd failed to setup interfaces] task_server_terminate: [Failed to startup dcerpc server task] [2014/07/07 00:08:54.185327, 0] ../lib/util/become_daemon.c:136(daemon_ready) Failed to bind to :::88 TCP - NT_STATUS_UNSUCCESSFUL [2014/07/07 00:08:54.220283, 0] ../source4/smbd/service_task.c:35(task_server_terminate) [2014/07/07 00:08:54.266579, 0] ../source4/smbd/service_task.c:35(task_server_terminate) task_server_terminate: [cldapd failed to setup interfaces] STATUS=daemon 'samba' finished starting up and ready to serve connectionssamba_terminate: Failed to startup dcerpc server task task_server_terminate: [kdc failed to setup interfaces] [2014/07/07 00:08:54.323548, 0] ../source4/dns_server/dns_server.c:629(dns_add_socket) Failed to bind to :::53 TCP - NT_STATUS_UNSUCCESSFUL [2014/07/07 00:08:54.480097, 0] ../source4/smbd/service_task.c:35(task_server_terminate) task_server_terminate: [dns failed to setup interfaces] [2014/07/07 00:08:55.440396, 0] ../source4/ldap_server/ldap_server.c:821(add_socket) ldapsrv failed to bind to :::389 - NT_STATUS_UNSUCCESSFUL [2014/07/07 00:08:55.441252, 0] ../source4/smbd/service_task.c:35(task_server_terminate) task_server_terminate: [Failed to startup ldap server task]
Cannot start Samba4 from jail | The FreeBSD ForumsとSamba4によるADサーバーの構築3: はて?ここはどうしたっけ?を参考に、/usr/local/etc/smb4.confを変更。
# Global parameters
[global]
workgroup = YAIZAWA
realm = YAIZAWA.YAIZAWA.JP
netbios name = SAMBA
server role = active directory domain controller
dns forwarder = a.b.c.d
bind interfaces only = yes
interfaces = 192.168.xxx.xxx
server services = rpc,wrepl,ldap,cldap,kdc,drepl,winbind,ntp_signd,kcc,dnsupdate,dns,smb
[netlogon]
path = /var/db/samba4/sysvol/yaizawa.yaizawa.jp/scripts
read only = No
[sysvol]
path = /var/db/samba4/sysvol
read only = Noこれで再挑戦。
# /usr/local/etc/rc.d/samba_server start
Performing sanity check on Samba configuration: OK
Starting samba.
# /usr/local/etc/rc.d/samba_server status
samba is running as pid 83517.
# /usr/local/bin/smbclient -L localhost -U%
Domain=[YAIZAWA] OS=[Unix] Server=[Samba 4.1.9]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service
Domain=[YAIZAWA] OS=[Unix] Server=[Samba 4.1.9]
Server Comment
--------- -------
Workgroup Master
--------- -------
# /usr/local/bin/smbclient //localhost/netlogon -U Administrator
Enter Administrator's password:
Domain=[YAIZAWA] OS=[Unix] Server=[Samba 4.1.9]
smb: \> exitとりあえずは動いてくれた。/etc/resolve.confのnameserver指定をjailのIPアドレスに変更して、DNS機能の確認。
# host -t SRV _ldap._tcp.yaizawa.yaizawa.jp. _ldap._tcp.yaizawa.yaizawa.jp has SRV record 0 100 389 samba.yaizawa.yaizawa.jp.
