Introduction

This wiki page will be used to track the integration effort of Samba 4 into SME 9+

	Note:
	At this point, I'm just going to randomly ramble on this wiki page as I work on Samba 4. Once I get some workable pieces, I'll go back and format this page so that it makes more sense. - Gzartman

Samba 4 Packages

Upstream Centos 6 & 7 do not provide support for the full version of Samba 4. Packages available in the upstream repos are a crippled version of Samba 4, with many of the features associates with Active Directory disabled. The reason for this is detailed here. A solution to provide Samba 4 active directory does not look to be forthcoming by viewing Samba status in the Fedora project.

To further development of support for Samba 4 on the Koozali SME Server, Samba 4 packages from Sernet were selected. These packages will not immediately install cleaning on SME 9 due to the customization of Centos associated with SME 9, so the Sernet packages where re-built for SME 9. Details of this rebuild along with a link to the rebuilt packages are located in bugzilla:8075

After rebuilding, these packages do install cleanly but the services will not start using the init.d scripts provided with the packaged due to changes made during the re-build of the packages for SME 9. A Daemontools run script will need to be developed to start the Samba 4 service.

General Development Notes

Template Fragments

/etc/smb.conf

Complete rewrite of all template fragments

smb.conf Considerations

The smb.conf configuration file can be simplified significantly for Samba 4. Of specific interest are the following new parameters:

Server Services: This parameter is not very well documented, but from what I could find thefollow services can be provided by the Samba daemon: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate, dns, smb, nmb, winbind. The default for this parameter is: server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns. Services can be added/remove from the default by a +/- and the service to add/remove. Example server services = -s3fs (remove) +smb (add). Note that the smb, nmb, and windbind services are services equivalent to the older, Samba 3, type services (stand alone daemons). Of specific interest to SME 9 may be the use of the nmb service for WINS support. As we begin testing we may need to enable this service and possibly smb for simple share access.

Server Role: Samba 4 currently only supports the active directory domain controller server role. For now, we'll force Samba config into DC server role, but provide a fragment for expansion later. There is a long explanation behind this, but for now, restriction doesn't hurt us. SME as a DC will provide auth for both domain membership and simple shares by either joining the domain or logging into the server every time.

/etc/raddb/radius.conf

Need to check and/or modify the following existing fragments:

etc/raddb/radiusd.conf/25modules30smbpasswd:    #  An example configuration for using /etc/samba/smbpasswd.
etc/raddb/radiusd.conf/25modules30smbpasswd:}   passwd smbpasswd \{
etc/raddb/radiusd.conf/25modules30smbpasswd:            filename = /etc/samba/smbpasswd
etc/raddb/radiusd.conf/25modules25mschap:               #  reading from /etc/smbpasswd.
etc/raddb/radiusd.conf/25modules25mschap:               #  If you are using /etc/smbpasswd, see the 'passwd'
etc/raddb/radiusd.conf/25modules25mschap:               #  module for an example of how to use /etc/smbpasswd
etc/raddb/radiusd.conf/65authorization40default:        #  If you are using /etc/smbpasswd, and are also doing
etc/raddb/radiusd.conf/65authorization40default:        #  configure the 'smbpasswd' module, above.
etc/raddb/radiusd.conf/65authorization40default:        ( $ldap{Authentication} || 'disabled' ) eq 'enabled' ? 'ldap' : 'smbpasswd';

/etc/krb5.conf

Create based new template fragments for this configuration file

Configuration Database Parameters

SMBD : Delete

NMBD : Delete

SMB : In general, all of the template fragments will be redesigned to allow dbase parameters to override many Samba defaults. Specific parameters that need to be defined or modified are as follows:

Remove from current default
- UnixCharSet: Delete

Default
- Workgroup: Defaulted to sme-server
- ServerString: Defaulted to SME Server
- ServerRole: Redefine with the following:
  - SA: Stand Alone Server Mode
  - BD: Backup Domain Controller/Member
  - DC: Domain Controller (Current default. See server role explanation)
- OpLocks: Defaulted to enabled
- KernelOplocks: Add and default to enabled
- Level2Oplocks: Add and default to enabled
- AllowDNSUpdates: nonsecure
- DNSForwarder: New parameter that could be defined to forward DNS requests from the Samba DNS to another DNS.

Others (optional): These parameters are meant to take smb.conf inputs as defined the man pages. Defaults for these parameters are the same as the corresponding defaults in the smb.conf man page. Template fragments feed these parameters into the smb.conf file with minimal syntax checking, as it is assumed those who manually input them know what they are doing.
- NameResolveOrder: The order in which name resolution will take place by the Samba daemon.
- ServerServices: See the server services discussion detailed under smb.conf section
- SMBPorts:
- SocketOptions:
- WideLinks:
- GuestAccount:
- GuestOK: y/n
- LogonDrive: Drive letter to be used to the login drive when users login to a domain
- RoamingProfiles: y/n
- LogonPath:
- BindInterfacesOnly: y/n
- CaseSensitive: y/n
- MaxLogSize: Samba log size in kilobytes. Default set to 50.

KRB5 : Create new configuration dbase entry for Kerberos service in Samba

default_realm: This parameter is built into a template fragment, but we will not define it at default. The template fragment will build the default realm by concatenating the SystemName and DomainName reordered elsewhere in the configuration dbase.
dns_lookup_realm = false;
dns_lookup_kdc = true;

Services to Modify

smbd : Remove

Remove /var/service/smbd
Remove /services/smbd
Remove /etc/rc.d/init.d/supervise/smb
REmove /etc/rc.d/rc7.d/S91smb
Remove /etc/rc.d/init.d/smbd

nmbd : Remove

Remove /var/service/smbd
Remove /services/smbd
Remove /etc/rc.d/init.d/smbd

smb: Create (Note: I would have liked to have called this "Samba," but that would have meant changing alot of existing code that looks for "smb"

Create /var/service/smb, using smbd as a template. Samba 4 should be started with /usr/sbin/samba -D
Create symlink /service/smb -> /var/service/smb
Create symlink /etc/rc.d/init.d/smb -> /etc/rc.d/init.d/daemontools
Create symlink /etc/rc.d/rc7.d/S91smb -> /etc/rc.d/init.d/e-smith-service

DNS

Samba 4 includes an builtin DNS server that is required for proper operation of active directory. This internal DNS server is for AD functions only and does not provide caching DNS functions.

SME Server 9.0 includes a caching DNS (djb dnscache) that listens for DNS requests on the LAN IP address and the localhost. This caching DNS then routes DNS requests for domains defined in the server-manager to tinyDNS and other requests to a resolving dns cache (djb dnscache.forwarder).

One approach for DNS architecture with Samba 4 would have samba 4 primary dns requests to LAN clients, forwarding to the dnscache.forwarder service. The primary dnscache instance and tinydns would then be obsoleted.

LDAP

Need to look at the LDAP authentication backend and mechanism on SME. On the surface, it looks like all of the Samba related LDAP code will be dropped and much of the standard authentication code will need to be converted to Active Directory auth. This task should include looking at openldap-proxy.

Local and Samba Authenticaion

Local Authentication: Samba 4 provides support for local authentication through PAM. This will need to be looked and and sorted out, especially as it relates to the previous LDAP authentication work.
Updates to esmith::util perl module: This perl module contains function for setting and modifying user passwords. We will need to redesign these functions to integrate with AD. Specific changes:
- setSambaPassword function: This function needs to be completely re-written to set the Active directory password instead of the old samba password in smbpasswd
- cancelSambaPassword function: Needs to be re-written for active directory instead of old smbpasswd file
- local password functions: We need to look at these once we decide how we are going to handle local authentication on SME with Active directory.
- ldapPassword function: Need to look at this and likely deprecate it, as we will likely set active directory passwords differently.

Other Development Tasks to Research and Complete

Domain Server-Manager Panel: A new Domain server-manager panel should be developed and the workgroup panel removed. Further discussion will need to take place to determine what needs to go into this new panel. This panel will likely be fairly simple, as much of the configuration parameters associated Samba Active directory will be incorporated into template fragments and database entries.
User/Group Server-Manager Panels: These panels will need to be looked at as they relate to template fragments, adjusting services, and updating database entries associated with Samba.
Ibay Server-Manager Panel: This panel will need to be looked at as it relates to template fragments, adjusting services, and updating database entries associated with Samba.
Events/Actions': Existing events and actions related to samba will need to be reviewed and updated accordingly. A new event/action may need to be developed to provision a new Active Directory Domain using the Samba-Tool utility.
e-smith-samba: This package needs to be updated with development pieces detailed in this wiki page, for wider testing and development assistance.

Status

#	Task	Status
1.	Sernet Samba 4 package rebuild	DONE
2.	Create daemontools service for Samba 4	DONE
3.	Re-Write smb.conf template fragments	DONE
4.	Create Kerberos template fragments	DONE
5.	Add/Modify SMB database entries	DONE
6.	Create krb5 configuration dbase key	DONE
7.	Re-configure init.d start-up/shutdown scripts	DONE
8.	Configure Samba DNS Service	DONE
9.	Configure DNS Cache Resolver	DONE
10.	Create Active Directory Provision/Re-Provision SME Event	DONE
11.	Add Active Directory Provisioning to Bootstrap-Console	DONE
12.	Reconfigure SME User Authentication for Active Directory	UNDERWAY

References

Active Directory Schema

Following is a direct dump of the active directory schema from a freshly provisioned SME Server domain. The DNS/Kerberos domain is domain.com, the hostname is virgin, and the windows domain is sme-server. The ipaddress for this test machine is 192.168.0.67. These data is quite long, but I found it very useful; as it is extremely difficult to find these attributes in any documentation about Samba 4 and ADDC:

record 1

dn: CN=IIS_IUSRS,CN=Builtin,DC=domain,DC=com

record 2

dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 3

dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 4

dn: CN=10b3ad2a-6883-4fa7-90fc-6377cbdc1b26,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 5

dn: CN=byaddr,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 6

dn: CN=bynumber,CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 7

dn: CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 8

dn: CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 9

dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 10

dn: CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 11

dn: CN=d85c0bfd-094f-4cad-a2b5-82ac9268475d,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 12

dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=domain,DC=com

record 13

dn: CN=2416c60a-fe15-4d7a-a61e-dffd5df864d3,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 14

dn: CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 15

dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 16

dn: CN=byuser,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 17

dn: CN=byname,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 18

dn: CN=Domain Controllers,CN=Users,DC=domain,DC=com

record 19

dn: CN=bygid,CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 20

dn: CN=Meetings,CN=System,DC=domain,DC=com

record 21

dn: CN=Policies,CN=System,DC=domain,DC=com

record 22

dn: CN=f607fd87-80cf-45e2-890b-6cf97ec0e284,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 23

dn: CN=FileLinks,CN=System,DC=domain,DC=com

record 24

dn: CN=Schema Admins,CN=Users,DC=domain,DC=com

record 25

dn: CN=Cert Publishers,CN=Users,DC=domain,DC=com

record 26

dn: CN=byuid,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 27

dn: CN=Account Operators,CN=Builtin,DC=domain,DC=com

record 28

dn: CN=Cryptographic Operators,CN=Builtin,DC=domain,DC=com

record 29

dn: CN=Print Operators,CN=Builtin,DC=domain,DC=com

record 30

dn: CN=Replicator,CN=Builtin,DC=domain,DC=com

record 31

dn: CN=6E157EDF-4E72-4052-A82A-EC3F91021A22,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 32

dn: CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 33

dn: CN=Terminal Server License Servers,CN=Builtin,DC=domain,DC=com

record 34

dn: CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

record 35

dn: CN=DomainUpdates,CN=System,DC=domain,DC=com

record 36

dn: CN=Performance Monitor Users,CN=Builtin,DC=domain,DC=com

record 37

dn: CN=AppCategories,CN=Default Domain Policy,CN=System,DC=domain,DC=com

record 38

dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 39

dn: CN=ComPartitions,CN=System,DC=domain,DC=com

record 40

dn: CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 41

dn: CN=Denied RODC Password Replication Group,CN=Users,DC=domain,DC=com

record 42

dn: CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 43

dn: CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 44

dn: CN=2951353e-d102-4ea5-906c-54247eeec741,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 45

dn: CN=6bcd5689-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 46

dn: CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 47

dn: CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 48

dn: CN=5c82b233-75fc-41b3-ac71-c69592e6bf15,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 49

dn: CN=Read-only Domain Controllers,CN=Users,DC=domain,DC=com

record 50

dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 51

dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 52

dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 53

dn: CN=6bcd5680-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 54

dn: CN=byname,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 55

dn: CN=IP Security,CN=System,DC=domain,DC=com

record 56

dn: CN=6bcd568c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 57

dn: CN=6bcd5685-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 58

dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

record 59

dn: CN=WMIPolicy,CN=System,DC=domain,DC=com

record 60

dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 61

dn: CN=RID Manager$,CN=System,DC=domain,DC=com

record 62

dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 63

dn: CN=Password Settings Container,CN=System,DC=domain,DC=com

record 64

dn: CN=Default Domain Policy,CN=System,DC=domain,DC=com

record 65

dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=domain,DC=com

record 66

dn: CN=byaddr,CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 67

dn: CN=6bcd568d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 68

dn: CN=6bcd567d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 69

dn: CN=NTDS Quotas,DC=domain,DC=com

record 70

dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 71

dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 72

dn: CN=Distributed COM Users,CN=Builtin,DC=domain,DC=com

record 73

dn: CN=293f0798-ea5c-4455-9f5d-45f33a30703b,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 74

dn: CN=Domain Guests,CN=Users,DC=domain,DC=com

record 75

dn: CN=6bcd567e-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 76

dn: CN=RAS and IAS Servers Access Check,CN=System,DC=domain,DC=com

record 77

dn: CN=Dfs-Configuration,CN=System,DC=domain,DC=com

record 78

dn: CN=RID Set,CN=VIRGIN,OU=Domain Controllers,DC=domain,DC=com

record 79

dn: CN=Certificate Service DCOM Access,CN=Builtin,DC=domain,DC=com

record 80

dn: CN=Builtin,DC=domain,DC=com

record 81

dn: CN=byhost,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 82

dn: CN=Microsoft,CN=Program Data,DC=domain,DC=com

record 83

dn: CN=bynumber,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 84

dn: CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 85

dn: CN=Enterprise Read-only Domain Controllers,CN=Users,DC=domain,DC=com

record 86

dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=domain,DC=com

record 87

dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 88

dn: CN=System,DC=domain,DC=com

record 89

dn: CN=sme-server,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 90

dn: CN=71482d49-8870-4cb3-a438-b6fc9ec35d70,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 91

dn: CN=Backup Operators,CN=Builtin,DC=domain,DC=com

record 92

dn: CN=8ca38317-13a4-4bd4-806f-ebed6acb5d0c,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 93

dn: CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 94

dn: CN=krbtgt,CN=Users,DC=domain,DC=com

record 95

dn: CN=Domain Computers,CN=Users,DC=domain,DC=com

record 96

dn: CN=Server,CN=System,DC=domain,DC=com

record 97

dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 98

dn: CN=Program Data,DC=domain,DC=com

record 99

dn: CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

record 100

dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 101

dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 102

dn: CN=aliases,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 103

dn: OU=Domain Controllers,DC=domain,DC=com

record 104

dn: CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

record 105

dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 106

dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 107

dn: CN=Guests,CN=Builtin,DC=domain,DC=com

record 108

dn: CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 109

dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 110

dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 111

dn: CN=PolicyTemplate,CN=WMIPolicy,CN=System,DC=domain,DC=com

record 112

dn: CN=61b34cb0-55ee-4be9-b595-97810b92b017,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 113

dn: CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 114

dn: CN=bab5f54d-06c8-48de-9b87-d78b796564e4,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 115

dn: CN=9738c400-7795-4d6e-b19d-c16cd6486166,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 116

dn: CN=byname,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 117

dn: CN=admin,CN=Users,DC=domain,DC=com

record 118

dn: CN=b96ed344-545a-4172-aa0c-68118202f125,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 119

dn: CN=byname,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 120

dn: CN=0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 121

dn: CN=bydefaults,CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 122

dn: CN=ComPartitionSets,CN=System,DC=domain,DC=com

record 123

dn: CN=File Replication Service,CN=System,DC=domain,DC=com

record 124

dn: CN=sme-server,CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 125

dn: CN=51cba88b-99cf-4e16-bef2-c427b38d0767,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 126

dn: CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

record 127

dn: CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 128

dn: CN=57428d75-bef7-43e1-938b-2e749f5a8d56,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 129

dn: CN=4dfbb973-8a62-4310-a90c-776e00f83222,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 130

dn: CN=446f24ea-cfd5-4c52-8346-96e170bcb912,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 131

dn: CN=root,CN=Users,DC=domain,DC=com

record 132

dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=domain,DC=com

record 133

dn: CN=de10d491-909f-4fb0-9abb-4b7865c0fe80,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 134

dn: CN=4c93ad42-178a-4275-8600-16811d28f3aa,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 135

dn: CN=byname,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 136

dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 137

dn: CN=Infrastructure,DC=domain,DC=com

record 138

dn: CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

record 139

dn: CN=6bcd5681-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 140

dn: CN=ForeignSecurityPrincipals,DC=domain,DC=com

record 141

dn: CN=6bcd5686-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 142

dn: CN=aed72870-bf16-4788-8ac7-22299c8207f1,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 143

dn: CN=Users,CN=Builtin,DC=domain,DC=com

record 144

dn: CN=netid,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 145

dn: CN=Remote Desktop Users,CN=Builtin,DC=domain,DC=com

record 146

dn: CN=Event Log Readers,CN=Builtin,DC=domain,DC=com

record 147

dn: CN=byname,CN=services,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 148

dn: CN=Enterprise Admins,CN=Users,DC=domain,DC=com

record 149

dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 150

dn: CN=6bcd5682-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 151

dn: CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 152

dn: CN=6bcd5687-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 153

dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=domain,DC=com

record 154

dn: CN=sme-server,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 155

dn: CN=sme-server,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 156

dn: CN=services,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 157

dn: CN=9cac1f66-2167-47ad-a472-2a13251310e4,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 158

dn: CN=sme-server,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 159

dn: CN=byname,CN=netid,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 160

dn: DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 161

dn: CN=6bcd568a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 162

dn: CN=6bcd567a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 163

dn: CN=bydefaults,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 164

dn: DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 165

dn: CN=Allowed RODC Password Replication Group,CN=Users,DC=domain,DC=com

record 166

dn: CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 167

dn: CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 168

dn: CN=sme-server,CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 169

dn: CN=sme-server,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 170

dn: CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 171

dn: CN=sme-server,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 172

dn: CN=Machine,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

record 173

dn: CN=bydefaults,CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 174

dn: CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 175

dn: DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 176

dn: CN=231fb90b-c92a-40c9-9379-bacfc313a3e3,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 177

dn: CN=PolicyType,CN=WMIPolicy,CN=System,DC=domain,DC=com

record 178

dn: CN=sme-server,CN=services,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 179

dn: CN=7868d4c8-ac41-4e05-b401-776280e8e9f1,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 180

dn: DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 181

dn: CN=3051c66f-b332-4a73-9a20-2d6a7d6e6a1c,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 182

dn: CN=Incoming Forest Trust Builders,CN=Builtin,DC=domain,DC=com

record 183

dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 184

dn: CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 185

dn: CN=Users,DC=domain,DC=com

record 186

dn: CN=byaddr,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 187

dn: CN=WinsockServices,CN=System,DC=domain,DC=com

record 188

dn: DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 189

dn: CN=860c36ed-5241-4c62-a18b-cf6ff9994173,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 190

dn: CN=Guest,CN=Users,DC=domain,DC=com

record 191

dn: CN=DnsUpdateProxy,CN=Users,DC=domain,DC=com

record 192

dn: CN=sme-server,CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 193

dn: DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 194

dn: CN=8437C3D8-7689-4200-BF38-79E4AC33DFA0,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 195

dn: CN=WMIGPO,CN=WMIPolicy,CN=System,DC=domain,DC=com

record 196

dn: CN=AdminSDHolder,CN=System,DC=domain,DC=com

record 197

dn: CN=bydefaults,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 198

dn: DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 199

dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

record 200

dn: CN=RAS and IAS Servers,CN=Users,DC=domain,DC=com

record 201

dn: CN=Computers,DC=domain,DC=com

record 202

dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 203

dn: CN=VIRGIN,OU=Domain Controllers,DC=domain,DC=com

record 204

dn: DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 205

dn: CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 206

dn: CN=DnsAdmins,CN=Users,DC=domain,DC=com

record 207

dn: CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 208

dn: CN=Administrator,CN=Users,DC=domain,DC=com

record 209

dn: DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 210

dn: CN=SOM,CN=WMIPolicy,CN=System,DC=domain,DC=com

record 211

dn: CN=Network Configuration Operators,CN=Builtin,DC=domain,DC=com

record 212

dn: DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 213

dn: CN=sme-server,CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 214

dn: CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 215

dn: CN=Content,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

record 216

dn: DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 217

dn: CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 218

dn: CN=7ffef925-405b-440a-8d58-35e8cd6e98c3,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 219

dn: CN=LostAndFound,DC=domain,DC=com

record 220

dn: CN=Server Operators,CN=Builtin,DC=domain,DC=com

record 221

dn: CN=f7ed4553-d82b-49ef-a839-2f38a36bb069,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 222

dn: DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 223

dn: CN=7cfb016c-4f87-4406-8166-bd9df943947f,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 224

dn: CN=f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 225

dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=domain,DC=com

record 226

dn: CN=byaddr,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 227

dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 228

dn: CN=sme-server,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 229

dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

record 230

dn: CN=sme-server,CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 231

dn: CN=6bcd5683-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 232

dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 233

dn: CN=6bcd5688-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 234

dn: CN=Domain Users,CN=Users,DC=domain,DC=com

record 235

dn: DC=domain,DC=com

record 236

dn: CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 237

dn: CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 238

dn: CN=3c784009-1f57-4e2a-9b04-6915c9e71961,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 239

dn: CN=User,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

record 240

dn: CN=Administrators,CN=Builtin,DC=domain,DC=com

record 241

dn: CN=RpcServices,CN=System,DC=domain,DC=com

record 242

dn: CN=byname,CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 243

dn: CN=6bcd568b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 244

dn: CN=6bcd5684-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 245

dn: CN=6bcd567b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 246

dn: CN=Domain Admins,CN=Users,DC=domain,DC=com

record 247

dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=domain,DC=com

record 248

dn: CN=6bcd5679-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 249

dn: CN=Group Policy Creator Owners,CN=Users,DC=domain,DC=com

record 250

dn: CN=ebad865a-d649-416f-9922-456b53bbb5b8,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 251

dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

record 252

dn: CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 253

dn: CN=Performance Log Users,CN=Builtin,DC=domain,DC=com

record 254

dn: CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

record 255

dn: CN=Windows Authorization Access Group,CN=Builtin,DC=domain,DC=com

record 256

dn: CN=3e4f4182-ac5d-4378-b760-0eab2de593e2,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 257

dn: CN=6bcd567c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 258

dn: CN=byaddr,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 259

dn: CN=sme-server,CN=netid,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 260

dn: CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

record 261

dn: CN=13d15cf0-e6c8-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 262

dn: CN=c4f17608-e611-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

record 263

dn: CN=sme-server,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

Referral

ref: ldap://domain.com/CN=Configuration,DC=domain,DC=com

Referral

ref: ldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com

Referral

ref: ldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com

returned 266 records
263 entries
3 referrals

Samba4 Development

Contents

Introduction

Samba 4 Packages

General Development Notes

Template Fragments

/etc/smb.conf

smb.conf Considerations

/etc/raddb/radius.conf

/etc/krb5.conf

Configuration Database Parameters

Services to Modify

DNS

LDAP

Local and Samba Authenticaion

Other Development Tasks to Research and Complete

Status

References

Active Directory Schema

Navigation menu

Page actions

Page actions

Personal tools

Koozali SME Server

Recent activities

Koozali resources

Koozali SME Server wiki

Tools

Search