Setting up a samba-ad-dc

From Alpine Linux
Revision as of 03:10, 21 September 2017 by John3-16 (talk | contribs) (Categorized: Printers, Authentication)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

NOTES: In all examples below, replace EXAMPLE with your NetBIOS domain name in caps, with your DNS domain name, HOSTNAME with your system's host name in caps, and hostname with your system's host name.

Refer to the Active Directory naming FAQ before choosing your domain name.

CAVEATS: If you run your domain's PDC Emulator on Alpine, Windows members on your domain will have time sync issues. AD Domain time sync requires MS-SNTP signing support, and none of the NTP daemons available on Alpine (chrony, openntpd, busybox) currently support it, only the "ntpd" and Windows do.


Install packages:

apk add samba-dc krb5

Edit hosts file

You need to modify your /etc/hosts file to look similar to this.       localhost.localdomain localhost hostname

Create smb.conf

Alpine doesn't provide an example configuration file in the package so you'll need to create one at /etc/samba/smb.conf.

        server role = domain controller
        workgroup = EXAMPLE
        realm =
        netbios name = HOSTNAME
        passdb backend = samba4
        idmap_ldb:use rfc2307 = yes

        path = /var/lib/samba/sysvol/
        read only = No

        path = /var/lib/samba/sysvol
        read only = No

Provision your Samba domain

Answer the questions with your domain information:

samba-tool domain provision --use-rfc2307 --interactive

Use the SAMBA_INTERNAL DNS option. When asked for a forwarder IP, choose your internet DNS server. You can use your ISP or other public services (like Google) here.

Configure resolv.conf

Modify your /etc/resolv.conf to include your new domain as a search domain and point to itself as the first nameserver.


Configure Kerberos

You need to replace krb5.conf with a link to the one generated by samba.

ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf

Install new init script

As of 3/31/2016 and Alpine 3.3.3, the included samba init script doesn't support starting it as a domain controller. Modify your /etc/init.d/samba script like the one below.



SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
elif [ "$DAEMON" != "samba" ]; then

depend() {
        need net
        after firewall

start_samba() {
        mkdir -p /var/run/samba
        start-stop-daemon --start --quiet --exec /usr/sbin/samba --

stop_samba() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/

start_smbd() {
        start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \

stop_smbd() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/

start_nmbd() {
        start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \

stop_nmbd() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/

start_winbindd() {
        start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \

stop_winbindd() {
        start-stop-daemon --stop --quiet --pidfile /var/run/samba/

start() {
        for i in $daemon_list; do
                ebegin "Starting $i"
                eend $?

stop() {
        for i in $daemon_list; do
                ebegin "Stopping $i"
                eend $?

reload() {
        for i in $daemon_list; do
                ebegin "Reloading $i"
                killall -HUP $i
                eend $?

Configure the Samba service

Run this command to start the service on boot.

rc-update add samba

Run this command to start the service right now.

rc-service samba start