Latest News:
*New 11.2 series Release:
2019-06-20: XigmaNAS 11.2.0.4.6766 - released!

*New 12.0 series Release:
2019-06-20: XigmaNAS 12.0.0.4.6766 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS cost money, please consider a donation to our project so we can continue to offer you the best.
We need your support! eg: PAYPAL

[HOW TO] Samba Active Directory Domain Controller

Samba Active Directory Domain Controller.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

[HOW TO] Samba Active Directory Domain Controller

#1

Post by daoyama » 13 Jun 2015 17:35

In this how to, I use ODROID-C1(ARM version) but you can use any NAS4Free later 10.1.0.2.1665.

For ZFS only user, you need create UFS partition.
viewtopic.php?f=55&t=9126

Preparation:
Disable CIFS/SMB
Use static IP address for LAN interface
Enable NTP
Use unused hostname and unused domain name
Empty directory on UFS partition for AD DC data
20150613E.png
20150613F.png
20150613G.png
Note:
AD DC will create DNS records of the specified domain.
You must set IP addres of the AD DC server to all clients via DHCP or static IP.
sysvol on ZFS is not supported. You must use UFS for sysvol storing.
To clear cached buffer, routing table, arp table and more, reboot the server is recommended before creating Samba AD DC.


Configure Samba Active Directory Domain Controller:
You can create AD DC from Initialize page of Services|Samba AD.

Example setting:
Hostname: nas4free-oc1
DNS fowrder: 8.8.8.8
DNS domain: mydomain.local
NetBIOS domain: MYDOMAIN
20150613H.png
Set DNS forwarder to ISP's DNS server. Don't use local server/router.
If you don't know it, try to use Google Public DNS.
https://developers.google.com/speed/public-dns/

Set Path on your permanent device such as HDD.

Optinally, check "User shares" if you want use shares defined in Services|CIFS/SMB|Shares.

Note: You can change DNS forwarder and User shares after initializing anytime.

After few seconds(some time few minutes), you can see the result.
20150613I.png
If you don't specify password, the admin password is shown in the result.
If you don't want such complex password, you can reset the password by CLI after enabling.

# samba-tool user setpassword administrator

After initializing, DNS server of the N4F will be changed to 127.0.0.1 to use Samba AD DC's internal DNS.
To flush created AD DC data to the disk completely, you need reboot the server.

Enable AD DC:
After enabling, you can see many of samba process.
Now your AD DC is running, you can join the AD from Windows, other N4F and other OSs.
First time you have only adminitrator account.
You need create your account on AD DC.
20150613J.png
20150613K.png
Join Windows to AD DC:

If you use DHCP, set DNS server to N4F's static IP address.
Otherwise, you can set DNS server address manually.
20150613L.png
Change System Properties.
20150613M.png
Login with AC DC user.
20150613P.png
You can manage domain user by RSAT(Remote Server Administration Tools):
20150613Q.png
For more detail, see also:
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
https://wiki.samba.org/index.php/Joinin ... o_a_Domain
https://wiki.samba.org/index.php/DNS_Co ... on_Windows
https://wiki.samba.org/index.php/Instal ... Management
You do not have the required permissions to view the files attached to this post.
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#2

Post by daoyama » 13 Jun 2015 17:36

I will update this later.
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#3

Post by daoyama » 13 Jun 2015 18:19

If you want create CIFS/SMB shares, you need enable non-default settings.
Here is important setting on it.
For shares on UFS:
20150613R.png
For shares on ZFS:
20150613S.png
Additionally, you need passthrough of ACL inherit and ACL mode on ZFS dataset.
20150613T.png
You do not have the required permissions to view the files attached to this post.
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
zoon01
Developer
Developer
Posts: 747
Joined: 20 Jun 2012 21:06
Location: Netherlands
Contact:
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#4

Post by zoon01 » 14 Jun 2015 02:15

Nice posting daoyama :D

This is something for the wiki too
anyone able to write it?
http://wiki.nas4free.org/doku.php?id=do ... &#services
System specs: XigmaNAS 11.2.0.4 -embedded on Samsung 860 EVO 256GB and Supermicro X10SL7-F w / Bios v3.2, IPMI v.03.77 / CPU E3-1241 v3 @ 3.50GHz - 32GB Crucial DDR3L 1600mhz ECC 1.35v , LSI 2308 on PH20.00.07.00 IT mode, Storage: 5x Western Digital Red (WD30EFRX) raidz

Development system is same system in virtualbox.

User avatar
alexey123
Moderator
Moderator
Posts: 1568
Joined: 19 Aug 2012 08:22
Location: Israel, Karmiel
Contact:
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#5

Post by alexey123 » 17 Jun 2015 17:59

I use dnsmasq based DHCP server extension on my NAS. I meed define dnsforvarder as "localhost" or nas4free ip address (10.0.0.1) ?
Home11.0.0.4 - Sayyadina (revision 4249)/ x64-embedded on SAPPHIRE Pure Mini E350 / 8G RAM / UPS Ippon Back Power Pro 600
Lab 10.2.0.2 - Prescience (revision 2545) /x64-embedded on Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz / H61M-DS2 / 4G RAM / UPS Ippon Back Power Pro 600
New XigmanasXigmaNAS version 11.2.0.4.6026 on x64-embedded on AMD A8-7600 Radeon R7 A88XM-PLUS/ 16G RAM
TEST1 11.0.0.4 - Pilingitam (revision 4333) bpi-embedded on Allwinner a20 / 1015MiB RAM

User avatar
ChriZathens
Forum Moderator
Forum Moderator
Posts: 830
Joined: 23 Jun 2012 09:14
Location: Athens, Greece
Contact:
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#6

Post by ChriZathens » 25 Jun 2015 14:02

zoon01 wrote:Nice posting daoyama :D

This is something for the wiki too
anyone able to write it?
http://wiki.nas4free.org/doku.php?id=do ... &#services
I have started writing it, but due to my inexperience with the wiki (and lack of time.. :? ), it might take a while.
If anyone is willing to help, most welcomed..
My Nas
  1. Case: Fractal Design Define R2
  2. M/B: Supermicro x9scl-f
  3. CPU: Intel Celeron G1620
  4. RAM: 16GB DDR3 ECC (2 x Kingston KVR1333D3E9S/8G)
  5. PSU: Chieftec 850w 80+ modular
  6. Storage: 8x2TB HDDs in a RaidZ2 array ~ 10.1 TB usable disk space
  7. O/S: XigmaNAS 11.2.0.4.6625 -amd64 embedded
  8. Extra H/W: Dell Perc H310 SAS controller, crosflashed to LSI 9211-8i IT mode, 8GB Innodisk D150SV SATADOM for O/S

Backup Nas: HP N40L (4x1TB HP branded Seagate disks in RaidZ configuration - 8GB ECC RAM)

noclaf
experienced User
experienced User
Posts: 125
Joined: 08 Dec 2013 12:37
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#7

Post by noclaf » 20 Jul 2015 15:51

Really thanks for that guide!

I have two question :

1) Can I (how?) create&use UFS partition on my USB stick where I have my embedded N4F?
2) Is that recommended?

Unfortunately I have only this USB stick&HW RAID which is encrypted and thus must be manually mounted. Therefore the only "place" where I can have UFS partition for SAMBA AD is the stick.

antal
NewUser
NewUser
Posts: 1
Joined: 20 Jul 2015 14:34
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#8

Post by antal » 21 Jul 2015 16:06

I did all preparations:

"Preparation:
Disable CIFS/SMB
Use static IP address for LAN interface
Enable NTP
Use unused hostname and unused domain name
Empty directory on UFS partition for AD DC data"


so when I go to Services ->Samba AD and click "Initialize" button i get a blank window and nothig happens..
123.JPG
I have a UFS filepartition.


My conf.

What is wrong?
You do not have the required permissions to view the files attached to this post.

tdrivas
NewUser
NewUser
Posts: 3
Joined: 01 Jun 2015 03:34
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#9

Post by tdrivas » 27 Jul 2015 22:11

Why do you need a UFS partition?

User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#10

Post by daoyama » 10 Aug 2015 02:47

alexey123 wrote:I use dnsmasq based DHCP server extension on my NAS. I meed define dnsforvarder as "localhost" or nas4free ip address (10.0.0.1) ?
You must use samba DNS to provide service record for domain server.
Probably you cannot install other DNS service with Samba AD DC in same machine.

Use 127.0.0.1 on Samba AD DC and specify DNS forwarder as your DNS server.

Also you must specify Samba AD DC IP address only as DNS server in DHCP.
You cannot use your DNS server for AD member clients.
(You can set DNS manually as fixed address on client side instead of DHCP)
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#11

Post by daoyama » 10 Aug 2015 02:55

noclaf wrote:1) Can I (how?) create&use UFS partition on my USB stick where I have my embedded N4F?
2) Is that recommended?
If you install N4F by recommended method you have always #3 data partition on USB stick.
You can use it but I recommend that you use RAID volume for samba data.
Using without redundancy is high risk.
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#12

Post by daoyama » 10 Aug 2015 03:00

antal wrote: so when I go to Services ->Samba AD and click "Initialize" button i get a blank window and nothig happens..
Do you reboot before Initialize?
Please post your initialize page (parameters).
If possible, try to use other web browser.
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
daoyama
Developer
Developer
Posts: 423
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#13

Post by daoyama » 10 Aug 2015 03:13

tdrivas wrote:Why do you need a UFS partition?
The samba setup will create default NTFS ACL(not permission) on initial sysvol.
ZFS cannot handle NTFS ACL by default.
At this time, I have no solution for it.
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

User avatar
alexey123
Moderator
Moderator
Posts: 1568
Joined: 19 Aug 2012 08:22
Location: Israel, Karmiel
Contact:
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#14

Post by alexey123 » 11 Aug 2015 21:40

daoyama wrote:
alexey123 wrote: You cannot use your DNS server for AD member clients.
(You can set DNS manually as fixed address on client side instead of DHCP)
Hmm, I'm noob in AD//
I have win8.1 Home. for me I cannot be AD-member, but I want to make Dnsmasq compatible with NAS4Free.
I see:
AD controller open sockets udp and tcp *:53 , also mdnsresponder open socket *:5353 - so I must define DNS port for dnsmasq to any another number.
Dns will not work, but DHCP server will work for netboot.
Part for dnsmasq startup script is:

Code: Select all

command="/usr/local/sbin/dnsmasq"
_sambaad=`/usr/local/bin/xml sel -t -v "count(//sambaad/enable)" /conf/config.xml`
if [ 0 -eq "${_sambaad}" ]; then
	dnsmasqport=""
else
	dnsmasqport="-p 5354"
fi
command_args="-x $pidfile -C $dnsmasq_conf ${dnsmasqport}"
Is this way correct?

Also I see very strangle issue.
If I disable AD controller, then enable it - I must reboot NAS4Free server for give to start AD controller. But Gui not prompt me make reboot.
Home11.0.0.4 - Sayyadina (revision 4249)/ x64-embedded on SAPPHIRE Pure Mini E350 / 8G RAM / UPS Ippon Back Power Pro 600
Lab 10.2.0.2 - Prescience (revision 2545) /x64-embedded on Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz / H61M-DS2 / 4G RAM / UPS Ippon Back Power Pro 600
New XigmanasXigmaNAS version 11.2.0.4.6026 on x64-embedded on AMD A8-7600 Radeon R7 A88XM-PLUS/ 16G RAM
TEST1 11.0.0.4 - Pilingitam (revision 4333) bpi-embedded on Allwinner a20 / 1015MiB RAM

marcos
NewUser
NewUser
Posts: 14
Joined: 27 Jul 2013 16:50
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#15

Post by marcos » 11 Sep 2015 20:10

I just can thank again all the developers and the rest of the crew involved in this project: it's pretty cool to have the chance of deploying a small AD environment with just one computer (the NAS) that's already always on.
In a production environment having just one DC can be useless, but in a home/testing/educational environment is quite useful.

I've got a few questions about this topic:

- Can I use the DC deployed with NAS4free with vmware sphere? I mean, can I use it as the domain controller for vcenter server (and the ESXi hosts, the virtual machines etc..)? I don't see why not, but I'm not sure.Has anybody tried it?
- nas4free 10.2.0.2 uses samba version 4.2.3, does this version of samba support SMB 3.02? (for windows 8.1 and server 2012r2 integration) I answer myself: yes, it does.
- Are there any indications about the space needed for the UFS data partition used by AD? In my setup I only got one ZFS pool (3x2tb disks in raidZ1) and a 8gb USB2.0 stick. I know in this case it's recommended to use a UFS data partition with redundancy in the zfs pool, but I'd rather using the 3rd partition in my usb stick. -> I answer myself: in an enviroment with 6 computers joined to the domain and 6 active users, I'm using about 60mb in a lz4 ZFS volume formated in UFS2 (following the guide at the beginning of this thread). Instead of 2gb I assigned 3gb, so I've got a lot of free unused space

I know some of these questions may be answered at the freebsd 10.2 documentation or forums, but I haven't found anything. (that's another topic, I think I may be helpful with the documentation/wiki, although my English is not very good)

I've been using NAS4free for nearly 3 years, mainly as a iSCSI target for vmware sphere storage and for samba shares among windows, linux, android phones and TVs, iOS, pcbsd...clients. I'm using at the moment SMB3 with the "old" CFIS/samba shares in NAS4free 10.2.0.2 and everything is working fine even with an "old" Panasonic Viera smartTV , that's why I'm trying to see the pros and cons before upgrading to samba 4 and an active directory environment with NAS4free as the only DC. I answer myself again: the only non-working device at the moment is the mentioned panasonic viera smart TV (it seems it has some restrictions in file names) the rest are working fine inside an AD enviroment, with all the benefits of being inside a domain.

I've got another questions, anyway:
- Can I manipulate file permissions on my shared folders from windows using the Computer Management tool? (loged as a domain admin in my nas4free domain controller)
Image

I know it's always better to manipulate permissions using UNIX permissions (being a ZFS filesystem, a BSD box...) at least that's what I've read in the samba documentation, but I wonder if there is any issue if I manipulate them from here using windows tools
Thanks
10.2.0.2 - Prester (revisión 1868)
x64-embedded on Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz, 6gb DDR2 RAM + 4gb swap
3 x 2tb Toshiba DT01ACA200 raid-Z1
sphere 5.5 iSCSI target for VMs + samba shares
------------------------------------------------------
testing 10.2.0.2 arm @ Raspberry Pi 2

meirick
NewUser
NewUser
Posts: 4
Joined: 10 Sep 2015 01:17
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#16

Post by meirick » 27 Jan 2016 12:36

Hello,

I follow your "How do", and the work weel.
I use ZFS for the file system

But i don't understand how manage the permission? What manage the permission the CiFS share, ZFS, AD, Unix?

Thank for your help.

philm
Starter
Starter
Posts: 24
Joined: 20 Jul 2016 01:10
Status: Offline

Re: [HOW TO] Samba Active Directory Domain Controller

#17

Post by philm » 05 Jul 2017 21:10

Hey all, I was wondering if anyone knew of a fix for the issue found in this posting:

viewtopic.php?f=98&t=10812&p=79031#p79031

I am getting the OP error when I initilize the samba AD. And talking to the samba mailing listing, they say that it is not possible to get the samba service working on ZFS file system. I did inform them that I created a UFS Zvol but they are insisting it is not possible but here we are.

Please, any help will be much appreciated

Post Reply

Return to “Samba AD”