Experimenting with Samba Domain Controller

Development Testing
1

I tested again the installation and the configuration of the “Account provider: Samba Active Directory” (I have at home a computer for tests), without to reboot the server between the installation of the package and the configuration of the Samba AD.

I had the same error at the end of the configuration process but I observed that the “START DC” button was still active.
Without leaving the page, I have enabled the “Create a bridge interface for the green network” and then I pressed the “START DC” button. After that, the process of the Samba AD ended without issues.

After that, I have created a new user, with password setting during the process, without issues.

The link for the “message” log for this:
https://drive.google.com/open?id=0B1DQ23OY7TYkc3FSV3VVdHFLcjQ

Timeline in the “message” log:
19:20:02 - 19:20:19 → Install the Samba AD package
19:21:25 - 19:24:25 → First attempt of the Samba AD configuration
19:25:24 - 19:25:51 → Second attempt of the Samba AD configuration
19:27:21 - 19:27:14 → Changing the Admin password of the Samba AD

Samba AD_1.PNG1280×771 86.8 KB

Samba AD_2.PNG1280×769 88.5 KB

Samba AD_3.PNG1280×769 87.1 KB

2

Hi @GG_jr,

thank you for your report! I was digging your log file and noticed something strange:

is it possible you specified the same IP address (192.168.1.2) on both the container and the host machine?

IIRC the validator should forbid it, but I think if the bridge does not exist it might fail… (/cc @Stll0 @giacomo)

3

Hi Davide,

I don’t think so, because I’ve learned from you when I’ve tested NS 7a3 that the container must have different IP than the host.

EDIT: As you can see in the screenshots, the host has 192.168.1.1 and the container has 192.168.1.2

I will try another installation of the NS 7b1, from scratch and I will tell you what is happen.

The steps:

  1. fill the IP field with an IP which is different than the host’s IP but from the same subnet
  2. enable “Create a bridge interface for the green network”
  3. press the “START DC” button

Is this correct?

1 Like
4

can’t see any difference :wink:

5

Sorry!
Just corrected!

6

You’re absolutely right! And your log confirm this, my bad!

Another question: did you enable DHCP server on your green? Is it still enabled?

Last thing, should not be related: could you also check your gateway IP, 192.168.0.2? It seems out of the network…

Yes it is!

7

DHCP is not enabled now.
I don’t remember if was enabled during the installation of the NS.

This test is at home.
I have a wirelessrouter connected to the ISP through pppoe.
The WAN (192.168.0.17) of the NS 7b1 server is connected to the router’s LAN (192.168.0.1/24) and the GW is 192.168.0.2

I will try for the next installation of the NS 7b1 to connect the NS server to the Internet direcly, through pppoe (I will test in this case the pppoe protocol on NS. Is still available?), and I will use the wireless router through BLUE interface for my home wireless devices.

8

Hi @davidep ,

I’ve tried to install/configure Samba AD, twice, as follow:

Test 1

  1. Install NS 7b1, from scratch
  2. Install the updates
  3. Edit the “Organisation contacts”
  4. Edit the “Self-signed certificate”
  5. Add the “Account provider: Samba Active Directory” package
  6. Configure Samba AD

Test 2

  1. Install NS 7b1, from scratch
  2. Install the updates
  3. Edit the “Organisation contacts”
  4. Edit the “Self-signed certificate”
  5. Add the “Account provider: Samba Active Directory” package
  6. Reboot the system
  7. Configure Samba AD

Unfortunately, on both tests, I’ve encountered the same issue at the configuration of the Samba AD, no matter if the system was rebooted or not.

In both cases, the issue was solved in the same manner:

Without leaving the page, I have enabled the “Create a bridge interface for the green network” and then I have pressed the “START DC” button.
After that, the process of the Samba AD ended without issues.

Here is the link for the “message” log for the Test 2, maybe will help:
https://drive.google.com/open?id=0B1DQ23OY7TYkNDZlR29FWVd2a2c

Is there anybody else who encountered the same issue?

PS
The installation of the NS 7b1 was on a dedicated hardware.

1 Like
9

I noticed test.abt.ro is an already registered domain. I think this condition might break the “wait until DNS is up” check.

Please try with another (non-existing) domain name, like mytest.abt.ro.

10

OK!

I will do another installation from scratch with “dc-ad.home.abt.ro” (not registered on the external Name Server as subdomain of “abt.ro”).
I will report after that.

2 Likes
11

I have tried again, twice (dc-ad.home.abt.ro).

First, like the Test 1.

Second:

  1. Install NS 7b1, from scratch
  2. Add the “Account provider: Samba Active Directory” package
  3. Configure Samba AD

The same error, the same approach to resolve: Without leaving the page, …

:sweat::sweat::sweat:

It’s happen only to me?

:cry::cry::cry:

With all this, it seems that there is no other issue with Samba AD. Till now.

2 Likes
12

"With all this, it seems that there is no other issue with Samba AD. Till now."

I think I rushed.

There is a difference between the last two installation modes.

Shortly, the better approach is this (after/from my experience):

  1. Install the NS 7b1
  2. Make the updates
  3. Edit the Organisation contacts
  4. Edit the Self-signed certificate
  5. Choose the Account provider: Samba AD, OpenLDAP or join to the existing one. In this case, Samba AD.
  6. Proceed to add other packages you need

Why? When I did the Second type of installation:

  1. Installed NS 7b1
  2. Added the “Account provider: Samba Active Directory” package
  3. Configured Samba AD
  4. Made the updates
  5. Edited the Organisation contacts
  6. Edited the Self-signed certificate

were some issues (please see the attached screenshots) and of course, I’ve started from the beginning.

SSC 1.PNG1280×800 48.3 KB

SSC 2.PNG1280×800 72.6 KB

Samba audit.PNG1280×800 85.5 KB

1 Like
13

Samba Domain Controller - Shared folders

I have created a shared folder with the settings as in the attached screenshot.
I thought that with this settings, as a guest (not joined into the domain), I will have full access to the folder, especially for write.
From Windows File Explorer, I can see the folder, I can open the folder but I cannot create file or folder inside him.
There is something wrong, or I’m wrong? Again!?

Edit shared folder.PNG1280×800 115 KB

Try to create a file inside public.PNG1280×800 132 KB

2 Likes
14

About certificate: it takes a few seconds to complete httpd-admin reload. After changing the server certificate wait a while, then reload the web page (F5).

The guest access requires (fake) credentials anyway. That means a fake user name and a fake password must be provided. Some times Win Explorer keeps presenting the cached domain credentials. Try by mapping a network drive with explicit credentials.

About Samba Audit screenshot, I’ll ask @giacomo!

3 Likes
15

Also, I rebooted the NS 7b1 and the laptop. I have tried with IE and MS Edge.

Thank you. I will try!

1 Like
16

The certificate and samba audit problems are related: httpd-admin has not been restarted.

You can fix it with:

systemctl restart httpd-admin

We are searching the cause of the problem :slight_smile:

1 Like