Revision as of 11:51, 21 November 2017

Notes

Active Directory Naming

In all examples below, replace EXAMPLE with your NetBIOS domain name in caps, example.com with your DNS domain name, HOSTNAME with your system's host name in caps, and hostname with your system's host name.

Refer to the Active Directory naming FAQ before choosing your domain name.

MS-SNTP signing support

AD Domain time sync requires MS-SNTP signing support, so be sure to check whether the NTP server you choose to deploy, does support it.

Some of the NTP server versions available in the Alpine repositories (chrony, openntpd, busybox) do not currently support it. This will cause time sync issues for the domain, so be forewarned.

NTP implementations which do support MS-SNTP signing:

chrony (version >= 3.2) Alpine package in edge Source download v3.2 - Source code commit
The ntp.org "ntpd" server - Download ntpd
Windows

Install Chrony version 3.2 on Alpine 3.6.2:

Uncomment and pin the edge/main repository in /etc/apk/repositories

Note that the below URLs are invalid and used for illustrative purposes only. Replace with the valid repository URLs used by your installation.

See Package Repository Pinning for further details.

http://mirror/alpine/v3.6/main
@edge http://mirror/alpine/edge/main

Update the package index:

apk update

Upgrade chrony using the @edge tag

apk add chrony chrony@edge

Upgrade chrony-doc using the @edge tag

apk add chrony-doc chrony-doc@edge

Confirm that the installed version is from the edge repository:

cat /etc/apk/world

chrony@edge
chrony-doc@edge

Restart chronyd to use the newly upgraded version:

/etc/init.d/chronyd restart

Installation

Install packages:

apk add samba-dc krb5

Edit hosts file

You need to modify your /etc/hosts file to look similar to this.

127.0.0.1       localhost.localdomain localhost
10.1.1.10       hostname.example.com hostname

Create smb.conf

Alpine doesn't provide an example configuration file in the package so you'll need to create one at /etc/samba/smb.conf.

[global]
        server role = domain controller
        workgroup = EXAMPLE
        realm = example.com
        netbios name = HOSTNAME
        passdb backend = samba4
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/example.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

Provision your Samba domain

Answer the questions with your domain information:

samba-tool domain provision --use-rfc2307 --interactive

Use the SAMBA_INTERNAL DNS option. When asked for a forwarder IP, choose your internet DNS server. You can use your ISP or other public services (like Google) here.

Configure resolv.conf

Modify your /etc/resolv.conf to include your new domain as a search domain and point to itself as the first nameserver.

search example.com
nameserver 10.1.1.10

Configure Kerberos

You need to replace krb5.conf with a link to the one generated by samba.

ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf

Install new init script

As of 3/31/2016 and Alpine 3.3.3, the included samba init script doesn't support starting it as a domain controller. Modify your /etc/init.d/samba script like the one below.

#!/sbin/openrc-run

extra_started_commands="reload"

DAEMON=${SVCNAME#samba.}
SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
        daemon_list="samba"
elif [ "$DAEMON" != "samba" ]; then
        daemon_list=$DAEMON
fi

depend() {
        need net
        after firewall
}


start_samba() {
        mkdir -p /var/run/samba
        start-stop-daemon --start --quiet --exec /usr/sbin/samba --
}

stop_samba() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/samba.pid
}


start_smbd() {
        start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \
                ${smbd_options:-"-D"}
}

stop_smbd() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/smbd.pid
}

start_nmbd() {
        start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \
                ${nmbd_options:-"-D"}
}

stop_nmbd() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/nmbd.pid
}

start_winbindd() {
        start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \
                $winbindd_options
}

stop_winbindd() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/winbindd.pid
}

start() {
        for i in $daemon_list; do
                ebegin "Starting $i"
                start_$i
                eend $?
        done
}

stop() {
        for i in $daemon_list; do
                ebegin "Stopping $i"
                stop_$i
                eend $?
        done
}

reload() {
        for i in $daemon_list; do
                ebegin "Reloading $i"
                killall -HUP $i
                eend $?
        done
}

Configure the Samba service

Run this command to start the service on boot.

rc-update add samba

Run this command to start the service right now.

rc-service samba start

@@ Line 1: / Line 1: @@
-NOTES:
+= Notes =
-In all examples below, teplace EXAMPLE with your NetBIOS domain name in caps, example.com with your DNS domain name, HOSTNAME with your system's host name in caps, and hostname with your system's host name.
+==== Active Directory Naming ====
+In all examples below, replace EXAMPLE with your NetBIOS domain name in caps, example.com with your DNS domain name, HOSTNAME with your system's host name in caps, and hostname with your system's host name.
 Refer to the [https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ Active Directory naming FAQ] before choosing your domain name.
+==== MS-SNTP signing support ====
+AD Domain time sync requires MS-SNTP signing support, so be sure to check whether the NTP server you choose to deploy, does support it.
+<span style="color:red">Some of the NTP server versions available in the Alpine repositories (chrony, openntpd, busybox) do not currently support it. This will cause time sync issues for the domain, so be forewarned.</span>
+NTP implementations which do support MS-SNTP signing:
+* chrony (version >= 3.2) [https://pkgs.alpinelinux.org/packages?name=chrony&branch=edge&repo=&arch=&maintainer= Alpine package in edge] [https://git.tuxfamily.org/chrony/chrony.git/tag/?h=3.2 Source download v3.2] [https://git.tuxfamily.org/chrony/chrony.git/commit/?h=3.2&id=577aed484207addd054441ee8be7e6e30ce36cb2 - Source code commit]
+* The ntp.org "ntpd" server [http://ntp.org/downloads.html - Download ntpd]
+* Windows
+'''Install Chrony version 3.2 on Alpine 3.6.2:'''
+Uncomment and pin the edge/main repository in /etc/apk/repositories
+Note that the below URLs are invalid and used for illustrative purposes only. Replace with the valid repository URLs used by your installation.
+See [https://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management#Repository_pinning Package Repository Pinning] for further details.
+<pre>
+http://mirror/alpine/v3.6/main
+@edge http://mirror/alpine/edge/main
+</pre>
+Update the package index:
+{{Cmd|apk update}}
+Upgrade chrony using the @edge tag
+{{Cmd|apk add chrony chrony@edge}}
+Upgrade chrony-doc using the @edge tag
+{{Cmd|apk add chrony-doc chrony-doc@edge}}
+Confirm that the installed version is from the edge repository:
+{{Cmd|cat /etc/apk/world | grep chrony}}
+<pre>
+chrony@edge
+chrony-doc@edge
+</pre>
+Restart chronyd to use the newly upgraded version:
+{{Cmd|/etc/init.d/chronyd restart}}
 = Installation =
@@ Line 9: / Line 62: @@
 = Edit hosts file =
-You need to modify the hosts file to look similar to this.
+You need to modify your {{Path|/etc/hosts}} file to look similar to this.
 .0.0.1       localhost.localdomain localhost
@@ Line 15: / Line 68: @@
 = Create smb.conf =
-Alpine doesn't provide an example configuration file in the package so you'll need to create one.
+Alpine doesn't provide an example configuration file in the package so you'll need to create one at {{Path|/etc/samba/smb.conf}}.
   [global]
@@ Line 24: / Line 77: @@
           passdb backend = samba4
           idmap_ldb:use rfc2307 = yes
   [netlogon]
           path = /var/lib/samba/sysvol/example.com/scripts
           read only = No
   [sysvol]
           path = /var/lib/samba/sysvol
@@ Line 40: / Line 93: @@
 = Configure resolv.conf =
-Modify your /etc/resolv.conf to include your new domain as a search domain and point to itself as the first nameserver.
+Modify your {{Path|/etc/resolv.conf}} to include your new domain as a search domain and point to itself as the first nameserver.
   search example.com
@@ Line 47: / Line 100: @@
 = Configure Kerberos =
 You need to replace krb5.conf with a link to the one generated by samba.
-{{Cmd|ln -sf /usr/local/samba/private/krb5.conf /etc/krb5.conf}}
+{{Cmd|ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf}}
 = Install new init script =
-As of 3/31/2016 and Alpine 3.3.3, the included samba init script doesn't support starting it as a domain controller. Modify your /etc/init.d/samba script like the one below.
+As of 3/31/2016 and Alpine 3.3.3, the included samba init script doesn't support starting it as a domain controller. Modify your {{Path|/etc/init.d/samba}} script like the one below.
   #!/sbin/openrc-run
@@ Line 71: / Line 124: @@
   start_samba() {
+         mkdir -p /var/run/samba
           start-stop-daemon --start --quiet --exec /usr/sbin/samba --
   }
@@ Line 129: / Line 183: @@
           done
   }
 = Configure the Samba service =
-Run these two commands to start the service on boot and to start the service right now.
+Run this command to start the service on boot.
 {{Cmd|rc-update add samba}}
+Run this command to start the service right now.
 {{Cmd|rc-service samba start}}
+[[Category:Printers]]
+[[Category:Authentication]]