Samba4 on Freebsd

Introduction

As beta4  is out from samba4 I think it’s time to test the upcoming version of the open source samba server. With Samba4 you will have the option to run it as a DC, allowing you a centralized login in your office. We had some of those features in samba3 but with samba4 you will be able to deploy GPO s within you organization. With this you will be able to customize windows clients as you had done it with Windows DCs for years. Also there is a LDAP server integrated which is also a new feature and you can forgo to make LDAP server by hand. Also there are new python programs to help you administrate the organization. Also you can easily manage vpn access with radius from RSAT.

In this article I will show you the samba4 server on a FreeBSD9 machine.

First steps

First of all you have to install a FreeBSD 9 OS. Also you will need GCC and compiler utilities because you will need to compile the samba4 sources. Also it is recommended to have ports installed as it will help you installing some dependencies. You also need to have an ACL ready filesystem, as samba4 source will do checks for it. With FreeBSD9 in my opinion it’s not the best idea to hack it to run the root filesystem on ZFS so I’m usually running it on UFS2 with gmirror. I usually make a separate zpool for the storage. So first of all make sure that you mount the filesystems with ACL option. To do this you have to edit /etc/fstab and insert the option ’acls’ into the options column. Also if you don’t want to restart you have to remount the filesystem with acls option:

mount -o acls /

After these steps you can download the source from the official server:

wget http://ftp.samba.org/pub/samba/samba4/samba-4.0.0beta4.tar.gz

wget http:// http://ftp.samba.org/pub/samba/samba4/samba-4.0.0beta4.tar.asc

After you downloaded it verify the file.

Installing

Now go with uncompressing the compressed file:

tar xvpzf samba-4.0.0beta4.tar.gz

Go into the uncompressed folder and now you can simply run configure:

cd samba-4.0.0beta4

./configure

You can configure prefix or anything you want but I think the default location is fine.

After configure if everything went fine just compile it:

make

If it was ok, you can now install it:

make install

If everything is ok, now the samba installation will be at /usr/local/samba.

Configuration

The next step is to run the provision which will create the necessary configuration files for the DC role(also will make the LDAP scheme and all necessary things):

/usr/local/samba/sbin/provision –realm=fbsddom.local –domain=FBSDDOM –adminpass=VerySecurepassW0rd! –server-role=dc

It will create you several files which will help you to continue with installation:

/usr/local/samba/private/named.conf

/usr/local/samba/private/named.txt

/usr/local/samba/private/krb5.conf

It will display you the details of the configuration.

Server Role:           domain controller

Hostname:              fbsddc

NetBIOS Domain:        FBSDDOM

DNS Domain:            fbsddom.local

DOMAIN SID:            S-1-5-21-292606287-3833067553-3225826363

And you will get a configuration file for phpLDAPadmin. In my opinion it’s better to use RSAT tools but it’s your choice. Now it’s time to configure the DNS server for our DC.

pkg_add –r bind98

It will download and install Bind 9.8.0 which is supported by samba4 (if you want dynamic dns update you will need to install it from source after patching it)

Bind configuration is simple.

You have to include the the configuration what samba installer made at provisioning, so simply edit /etc/namedb/named.conf and instert this line:

include “/usr/local/samba/private/named.conf”;

As it is running in chrooted environment, I’ve entered some nullfs mounts into fstab (of course there are other methods):

/usr/local/samba/ /var/named/usr/local/samba/ nullfs rw 0 0

/lib /var/named/lib nullfs rw 0 0

/usr/local/lib/ /var/named/usr/local/lib nullfs rw 0 0

Also you have to edit bind config for the listening addresses.  You now just want to add named into rc.conf to start daemon at system boot.

If there is any problem, check log files. So for next step we will install krb5 package. I’ve installed it from ports. In the config I’ve checked DNS_FOR_REALM option.

It will help you debugging the Kerberos in samba4 (samba4 is coming with integrated Kerberos server).

You can start samba with the samba binary file (if you want to debug you can use ‘samba –i –M single’ command).

/usr/local/samba/sbin/samba

There is no startup script for samba4 yet. You can check the Kerberos server with kinit, and klist commands. I’ve configured a dhcpd server to make the windows client network configuration easier. I’ve added those options:

option domain-name-servers 172.16.1.1;

option domain-name “fbsddom.local”;

option routers 172.16.1.1;

If you can resolve the server from the dns server (fbsddc.fbsddom.local in this case) you can try to join the domain.  You will need the domain administrator password what you’ve used at the provision. Afte you enteted everything your client is now joined into the domain:

2 thoughts on “Samba4 on Freebsd”

  1. Wow thank you very much!!!! However I’m still looking for an official FreeBSD port as I’m too scared to try this out by myself.

  2. Great job!
    I am trying to follow you but I failed. One thing is that, the new samba4 has bind built-in. I cannot find the named.conf file in “/usr/local/samba/private/named.conf”. So I cannot follow your instruction. Besides, samba4 uses ldap and kerberos are needed for samba4. You did not mention how to set them up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s