samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] samba4 + ubuntu 10.0.4

[Samba] samba4 + ubuntu 10.0.4

From: <felix_at_nospam>
Date: Mon Aug 16 2010 - 13:47:56 GMT

I have samba4 (installed from package 4.0.0~alpha8+git20090912-1) running
on my Ubunut 10.0.4 Lucid server. For anyone to replicate this, install
samba4, import the DisplaySpecifiers from source and edit
/usr/lib/python2.6/dist-packages/samba/ to contain the right
setup path;

$ vi /usr/lib/python2.6/dist-packages/samba/
# In source tree
# ret = os.path.join(dirname, "../../../setup") <----- change this ret =
os.path.join(dirname, "/usr/share/samba/setup") <--- to this or equiv

this will generate the initial setup as described in the howto. According
to the reported bugs in the package there are some complains about missing but this does not seem to be trival in the
functioning. Also the setup option "server role = 'domain controller'"
seems to report errors (also when running testparm) but it needs this
option for the krb server to run. According to the howto you'll now have
to setup bind9, when including files in the bind config files make sure to
update the apparmor profile of named with the right files. Also make sure
the created files contain your Lan address and not localhost. For some
reason the bind9 refuses to start with the tkey-gssapi-credential and
apparomor running so for now the profile needs to be disabled unless
anyone can tell me what external files named needs to access when it runs
with this option. When this is done you should be able to log on to the
domain and administer it trough the AD snap in.

Adding user trough the snap in won't work as it is complaining about the
password policy, also adding users trough the 'net ads user add' command
won't work. The correct way of adding a user is done like this;
$ cd /usr/share/samba/setup
$ sudo ./newuser USERNAME
You will be prompted to enter a password for the user, by issuing the
$ sudo net ads user list -UAdministrator
You'll be able to list the domain users, managing these users can be done
trough the AD snap in including the group policy configuration.

When using folders for user content such as roaming profiles it seems the
group of the linux folder should be set to 'users' and given write
permissions or else it won't be possible to create the folders when
logging in for the first time. The problem with this is that users are
able to see each others profile folders and access them. Perhaps anyone
can help me with this?

Keep up the good work!

-- To unsubscribe from this list go to the following URL and read the instructions: