Setup a Samba4 Domain Controller on Debian 6.0 Squeeze

SAMBA Logo

SAMBA Logo

An Active Directory Domain Controller is a vital tool for business network administrators.  It allows the centralized management of all the computers in a business network, whether it’s local, nation or worldwide.  You can add a user to the network with all there information, set their limits to features on a computer and they will be able to login to any computer on the business network.

Active Directory Domain Controllers used to be a costly feature exculsive to Microsoft Windows Servers, but with the recent open source release of Samba 4.0 stable all of these features are now avaliable for free.  This will allow small businesses and home users to utilize this Active Directory Domain Controllers on a limited budget.  Today we will walk you through the steps to setup your own Samba4 Active Directory Domain Controller on Debian 6.0 “aka Squeeze”.

Tips Before we Begin

  • Before setting up your Samba4 domain controller you will want to remove any older versions of Samba 3.x to prevent interference with Samba4, unless you plan on migrating an old NT style Samba3 domain controller to Samba4.  ***If this is the case, this tutorial is not for you***
  • If you are starting with a fresh install make sure to enable xattr on any partition that Samba will be running on or accessing.  This will be addressed later if you have a currently running install.
  • Resolv.conf is often a source if issues as it typically gets overwritten automatically.  If you run into issues down the road make sure that this file hasn’t changed.
  • If you are new to Linux tutorials commands that are typed into the command prompt “aka Bash” will appear in a grey box and will start with “$ “.  You can omit the “$” sign and just type that command.  See the example below:

$ echo “This is an example of a command to type at the Bash prompt”

  • If the grey box doesn’t contain the “$ ” then apply the contents as described in that step of the process.

Installing Debian 6.0

If already have a working install of debian 6.0 then you may skip this section.

Installing Dependancies

1) Install Samba4 dependencies and utilities required for this tutorial with the following command.

$ apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev libgnutls-dev libreadline-dev python-dev python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user docbook-xsl libcups2-dev git acl nano

2) The krb5-user package will ask for the following questions, highlighted in bold text.  We have included the proper responses in the example below.

Default Realm: test.local
Default Realm: 127.0.0.1
Administrative Server: 127.0.0.1

 FSTAB File Setup

Now that all dependencies for Samba4 are installed we will now configure the /etc/fstab file.
Warning: If you are not farmiliar with the contents of this file read your distrobutions manual.  Edit at your own risk!!!

1) Open the /etc/fstab file in your preferred text editor.  For this example we will use nano.

$ nano /etc/fstab

2) Within the fstab file you will find your hard drive partition configuration.  Add the following parameters if they aren’t present: user_xattr, acl and barrier=1.  View the example below.

UUID=db6f8346-60ca-47b4-8ab2-046337abd834 / ext4 user_xattr,acl,barrier=1,errors=remount-ro 0 1

3) You must apply these setting to all partitions that Samba4 will access and remount your partition with the following command.

$ mount -a

Download Samba4

We will download the latest version of Samba4 via a program called git.  The following command will download the latest stable version.

$ git clone -b v4-0-stable git://git.samba.org/samba.git samba4

Compile and Install Samba4

Compile and install Samba4 with the following commands.

$ ./configure –enable-debug –enable-selftest
$ make
$ make install

Provision Samba4

1) Provisioning the Samba4 Domain Controller creates the configuration files and the Active Directory database.  Use the following command to start the process.

$ /usr/local/samba/bin/samba-tool domain provision

2) The provision command will ask you for some information about your network.  Use the following example as a guideline, but modify the info as needed for your network.

Realm [test.local]: test.local
Domain [S4]: SAMBA4TEST
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
DNS forwarder IP address (write ‘none’ to disable forwarding) [192.168.2.1]: 8.8.8.8
Administrator password: Ex@mpleP@$$word
Retype password: Ex@mpleP@$$word

You should see output similar to the following example:

Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=test,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=test,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: LinuxServer
NetBIOS Domain: SAMBA4TEST
DNS Domain: test.local
DOMAIN SID: S-1-5-21-1811932520-1978264231-2890610938

Modify resolv.conf and hosts File

1) Edit your resolv.conf file in nano

$ nano /etc/resolv.conf

2) The following info should be sufficient as long as this system is running only Samba4.

domain test.local
nameserver 192.168.1.2

3) Debian by default will overwrite the /etc/resolv.conf file with updated DHCP and other network services.  To prevent this we make the resolv.conf file read only. 

$ chattr +i /etc/resolv.conf

Note: This is not the most elegant solution, especially if you are running other services.  Other solutions to this issue are out of the scope of this tutorial.

Mangage Kerberos

1) Samba4 has created a krb5.conf for you to use as a replacement for the existing configuration file.  Use the following commands to backup the old file and copy the new configuration file.

$ mv /etc/krb5.conf /etc/krb5.conf.bak
$ cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

2) Now you must edit the new krb5.conf file to include your domain realm info.

$ nano /etc/krb5.conf

3) Modify the “default_realm = SAMDOM.EXAMPLE.COM” line to contain your domain info.  In our tutorial it is “TEST.LOCAL”

NOTE: The domain realm MUST be typed in uppercase!

Start Samba

You should now have a functioning Samba4 Domain Controller.  Start Your Domain Controller by using the following command. You should now be able to connect your Windows and other device to your Active Directory Domain Controller.

$ /usr/local/samba/sbin/samba

Add Samba Directories to PATH Variable (optional):

 1) Edit your enviromental variables with nano.

$ nano ~/.bashrc

2) Add the following to your .bashrc config file

PATH=$PATH:/usr/local/samba/sbin

PATH=$PATH:/usr/local/samba/bin

Post Setup Tips:

  • Any devices that you will connect to your domain should have the primary DNS of your Samba4 server. (ie:192.168.1.2)
  • If your windows machine doesn’t seem to be connecting to the Samba4 DNS server, try the following command at the Windows command prompt.

ipconfig /flushdns

Ubuntu for phones announced, adding one more mobile OS to the mix

Ubuntu Phone

Ubuntu Phone

Canonical, the company behind the Ubuntu linux Distro, has announced Ubuntu for phones.  Ubuntu for phones seems to use the same Linux kernel that powers the desktop version of ubuntu, but with a touch based UI optimized for mobile phones and tablets.

The major benefit of Ubuntu for Phones is that you will be able to run the same apps on both the Desktop and Phone versions of Ubuntu.  App developers don’t even need to compile a separate version from each platform.  This interoperability between each version of Ubuntu will surely continue to Ubuntu for TV’s and Automobiles.

Not only will this phone run the same apps as the Ubuntu Desktop distro, but it can function as a desktop as well.  Canonical has stated that they would like Ubuntu phones to dock to standard a keyboard, mouse and monitor a la the Motorola Atrix.  Docking the phone will allow users to use the phone as a thin client or to run the standard Ubuntu Unity desktop UI, essentially giving users a full featured PC in their pocket.

Canonical has stated that Ubuntu phones will not available until 2014, but in the mean time any phone that runs Android will do.  Ubuntu for Phones uses the same drivers as the Android platform allowing users to easily run Ubuntu on their current phones.  Not only will Ubuntu run on Android phones, but its only a matter of time until you can run Android apps as well.

One major advantage that Ubuntu for phones seems to have is that native apps will not rely on Java for its apps like Android does, instead apps will run on native code.  Because Java has so much overhead this should mean better performance out of the same hardware that a Android uses. 

In a crowded mobile OS world it’s hard to be optimistic about a new mobile OS, but Ubuntu seems to have a well formulated game plan to take on Android, iOS, Windows Phone and BlackBerry devices.  Ubuntu for Phones looks to be gunning for the coveted #3 spot in the mobile OS world, and may be an a position to become #1 in the future. It looks like 2013 is shaping up to be and intresting year for mobile phone users.

Feature Highlights

  • Uses the same device drivers as Android
  • Can run on any device that runs Android
  • The phone becomes a full PC and thin client when docked
  • Docked phones can feature standard desktop Unity UI
  • Flow naturally from app to app with edge magic
  • Native or HTML5 based apps
  • Apps will work on both Ubuntu Desktop and for Phone without recompiling

Source: http://www.ubuntu.com/devices/phone


Samba 4 with Active Directory gets a stable release

SAMBA Logo

Samba 4 has been a long time coming, and now the world has a stable, free and full featured alternative to a Microsoft Server Active Directory Domain Controller on Linux/Unix based systems.  Head over to http://Samba.org and download Samba 4 now!

Samba Press Release:

The Samba Team is proud to announce the release of Samba 4.0, a major new release of the award-winning Free Software file, print and authentication server suite for Microsoft Windows® clients.

The First Free Software Active Directory Compatible Server

As the culmination of ten years’ work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations.

Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and implementations of all necessary remote procedure calls for Active Directory. Samba 4.0 provides everything needed to serve as an Active Directory Compatible Domain Controller for all versions of Microsoft Windows clients currently supported by Microsoft, including the recently released Windows 8.

The Samba 4.0 Active Directory Compatible Server provides support for features such as Group Policy, Roaming Profiles, Windows Administration tools and integrates with Microsoft Exchange and Free Software compatible services such as OpenChange.

The Samba 4.0 Active Directory Compatible Server can also be joined to an existing Microsoft Active Directory domain, and Microsoft Active Directory Domain Controllers can be joined to a Samba 4.0 Active Directory Compatible Server, showing true peer-to-peer interoperability of the Microsoft and Samba implementations of the Active Directory protocols.

Acknowledging the value of the interoperability of the Samba 4.0 Active Directory Compatible Server, Steve van Maanen, the co-founder of Starsphere LLC, an IT services company in Tokyo, said:

“Thanks to Samba 4, I have two fully replicating Active Directory Domain controllers that boot in under 10 seconds ! It is nice to have alternatives, and Samba 4 is a great one.”

Upgrade scripts are also provided for organizations using the previous Microsoft Windows NT Domain Controller functionality in Samba 3.x, to allow them to migrate smoothly to Samba 4.0.

Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments.

Created Using Microsoft Documentation

The Samba 4.0 Active Directory Compatible Server was created with help from the official protocol documentation published by Microsoft Corporation and the Samba Team would like acknowledge the documentation help and interoperability testing by Microsoft engineers that made our implementation interoperable.

“Active Directory is a mainstay of enterprise IT environments, and Microsoft is committed to support for interoperability across platforms,” said Thomas Pfenning, director of development, Windows Server. “We are pleased that the documentation and interoperability labs that Microsoft has provided have been key in the development of the Samba 4.0 Active Directory functionality.”

Introducing SMB2.1 File Serving Support

Samba 4.0 includes the first Free Software implementation of Microsoft’s SMB2.1 file serving protocol. Building on the success of the SMB2.0 server in Samba 3.6, the Samba 4.0 file server component is an evolution of the trusted Samba file serving code that is used worldwide by vendors of file servers, such as IBM’s clustered Scale Out Network Attached Storage (SONAS), and many other commercial products.

In addition, the Samba 4.0 file server contains an initial implementation of SMB3, which will be further developed in later Samba 4 releases into a fully-featured SMB3 clustered file server implementation.

Future developments of our SMB3 server and client suite, in combination with our expanding number of SMB3 tests, will keep driving the performance improvements and improved compatibility with Microsoft Windows that Samba users have come to expect from our software.

Integrated Clustered File Server Support

Building on our success as the first commercial implementation of a clustered SMB/CIFS server, Samba 4.0 provides industry-leading scalability and performance as a clustered SMB2/SMB/CIFS file server, using our “clustered tdb” (ctdb) technology – also available as Free Software.

Clustered Samba provides a “Single Server” view of clustered file storage, allowing clients to connect to the least loaded server and still providing a completely coherent view of the underlying clustered file system.

Written and tested to be compatible with most clustered file systems, both Free Software and proprietary, Samba 4.0 with ctdb provides a scalable clustered file server solution with full Windows file sharing semantics.

Samba and ctdb have been shipping in production file serving products for many years, to some of the most demanding customers in the world.

Easy Integration into Existing Directory Services

Samba 4.0 ships with an improved winbind, which allows Samba 4.0 file servers to easily integrate into existing Active Directory services as member servers. Both Microsoft Active Directory and Samba 4.0 Active Directory Compatible servers are supported.

Stability, Security and Performance

Samba 4.0 has been tested using our widely accepted smbtorture test suite, created by the Samba Team to test Samba itself and now used by most of the companies writing SMB3/SMB2/SMB/CIFS file server software to test their own products. We also regularly test interoperability with other major vendors at plug-fest events to make sure Samba 4.0 deployments work correctly with existing customer equipment.

In addition, Samba is one of eleven open source projects that leading software integrity vendor Coverity has certified as “secure” and has reached Coverity “Integrity Rung 2” certification.

The Samba Team provides immediate responses to any security vulnerabilities, and provides fixes to all vendors using the Samba code in coordination with industry standard security reporting agencies.

A Modular Toolbox for OEM Vendor Needs

As Free Software, Samba 4.0 is the ideal choice for Original Equipment Manufacturers (OEMs) to use for their file, print and authentication products. It is easily integrated into a whole host of different tasks, and can be customized at will by the vendor to satisfy their needs.

In addition, Samba 4.0 includes a modular “Virtual File System” (VFS) interface that vendors can use to quickly and efficiently customize Samba to take advantage of any specific features of their underlying technology without having to modify any of the core Samba code. From advanced file systems to network traffic analysis, the Samba VFS layer allows external code to be easily integrated with Samba. Example modules are provided as source code for vendors to customize as they wish.

Samba is the leading choice for Microsoft Windows connectivity

Samba is the leading technology choice for Windows file serving on Linux and UNIX platforms and in embedded Network Attached Storage (NAS) solutions. Samba is used by vendors selling NAS solutions ranging from high end clustered business-critical systems, to low end consumer devices, and everything in between. Samba is fully IPv6 enabled and meets all mandates for modern network interoperability.

Commercial support is available for Samba from many different vendors.

Getting Samba 4.0

Samba 4.0 source code is available now from the Samba Web site.

About Active Directory

Microsoft Windows and Active Directory are trademarks of Microsoft Corporation.

About the Samba Team

The Samba Team is a worldwide group of computer professionals working together via the Internet to produce the highest quality Free Software Windows (SMB3/SMB2/SMB/CIFS) server and client software. We are the undisputed experts in providing interoperability with computers running Microsoft Windows. Members of the Samba Team work for many of the largest companies in the software Industry and even helped Microsoft produce the protocol documentation that fully specifies the SMB/CIFS protocol.

OpenELEC 3.0 Beta 1 released, adding all XBMC 12 features

OpenELEC HTPC Setup

OpenELEC HTPC Setup

The OpenELEC team has been busy. They just released version OpenELEC 2.0 a few weeks ago, and now we get OpenELEC 3.0 beta 1 that includes XBMC in all of it’s glory 12.0 glory.  This includes PVR support,  the modern audio engine that now supports formats like TrueHD and DTS-HD, the Linux kernel 3.6 and support for ARM devices in the form of Raspberry Pi boards.

For those of you that are not familiar with OpenELEC it is, for the most part, an unmodified version of XBMC that runs with only the minimum amount of software needed.  This makes OpenELEC more stable and easier to use.  The setup is even more simplified then the XBMC installer(didn’t think it was needed).  Of course if you would still like the flexibility of Ubuntu or Windows under the hood you can still download the installs over at http://XBMC.org.  Essentially OpenELEC is a XBMC distro of Linux that can auto update itself.

New Features:

  • Based on XBMC 12.0 Frodo
  • ARM Support (Raspberry Pi)
  • Linux 3.6 kernel
  • Improved PRV support
  • Brand New Audio Engine with True HD and DTS-HD support
  • Updated Drivers
  • Boot to RAM option

Manual Update Instructions:

  1. Browse to your OpenELEC boxes SAMBA share  in operating system of your choice.   (if you don’t know what the IP address is, go to the menu of the OpenELEC machine, and browse to the main item “System” and then its subitem “System Info”. This will open a page that shows the IP address among with other information.)
  2. Once you have found the SAMBA share navigate to the “Update” folder.  This is where you will copy the files in step 5
  3. Download the latest version of OpenELEC for your device.  Available for download here: http://openelec.tv/get-openelec
  4. Extract all files from the downloaded file.
  5. Navigate to the “Target” Folder which will be found in the location you extracted the downloaded file.
  6. Copy the files from the “Target” folder to the “Update” folder found on the SAMBA share. The files are KERNEL, KERNEL.md5, SYSTEM and SYSTEM.md5.
  7. Restart OpenELEC and the update will be installed automatically.
  8. When the reboot has finished navigate to the “System > Settings > System > Audio output” menu.  Make sure that the output settings properly reflect your receivers capabilities. (ie: Does your receiver support TrueHD?)

Source: http://openelec.tv/

Hello Linux Mint 14

Screenshot from 2012-11-28 22:12:40

Everyone’s favorite Ubuntu variation Linux Mint has reached version 14.  Currently Linux Mint comes in two GUI variations MATE, that is based off GNOME 2, and Cinnamon, which is based off GNOME 3 project.  The KDE GUI will inevitably follow in the near future.  Update:  KDE and xfce have been given an RC release.

Overall Linux Mint 14 seems to be as stable as ever with some useful GUI tweaks.  I have been using Linux Mint 14 with the Cinnamon GUI for several hours to complete some work while watching Hulu on my second monitor.  The HD Hulu stream ran with any hiccups while writing this blog entry, browsing the web and work on other websites.  Considering that I am running Linux Mint 14 on a USB pen drive it has been quite stable and snappy.

Linux Mint has always been my preferred Desktop Linux distro, and Linux Mint 14 continues the trend of stability and ease of use on the first boot.  I threw MKV, MP3, WMV and several other media formats at Linux Mint as usual Linux Mint didn’t hesitate to play the files.  For those of you that want to use Linux on your desktop machine, but don’t want to get use to Ubuntus’ Unity GUI give Linux Mint a try.

New features:

  • MATE 1.4 (Fork of GNOME 2)
  • Cinnamon 1.6 (Fork of GNOME 3)
  • MDM
  • Software Manager Updates
  • System Improvements
  • Artwork Improvements
  • Upstream Components

For a complete overview and to see screenshots of the new features, visit: “What’s new in Linux Mint 14“.

This Article was written while running Linux Mint 14.

Free Game: Battlezone 1 (1998)

Battlezone 1 1998 Cover Art

Battlezone 1 1998 Cover Art

Release Date: February 28, 1998
Publisher: Activision
Platform: Windows

Battlezone got a refresh in 1998 as a FPS/RTS hybrid(aka Action-Strategy).  The genre combination sounds odd but worked out extremely well.  You play as a commander in the first person view, while building a base in a similar manner to other RTS on the market.  The game was released in 1998, but after shutting down the multiplayer servers Activision released the game under GNU license.  The game is available for free at: http://www.Battlezone1.com

Story

The story in based in an alternate cold war era universe in which the moon missions are a cover up for a much larger campaign.   The US and the Soviet Union have moved an entire military to space in the pursuit of a extraterrestrial material called “Bio Medal”, which had landed on earth via meteors.  This “Bio Medal” was created by an ancient alien civilization called the Cthonians.

Single Player

The single player is divided into two campaigns; one following the United States(NSDF), the other follows the Soviets(CCA) forces.  Throughout each mission you will build up your RTS style base, offensive and defensive units in attempt to defeat the opposing forces.

Multi Player

The multi player system includes two modes: Strategy and Deathmatch.  Strategy plays like the single player campaign and allows two or more players to collect resources, build units and the winner is determined by the last man standing.  Deathmatch gives two or more players a map with power-up to kill each other.  The winner is determined by the highest score.

Expansion pack

An expansion pack know as “The Red Odyssey” was released that featured the US, Soviets and Chinese.  This expansion contains an entirely new Single Player story arc pitting the Chinese Red Army forces against both their allies, the CCA, and their enemies the “Black Dogs”.  This expansion was also released under the open source GNU license, but has not yet received the compatibility updates for the latest versions of Windows that the original campaign has been given.

Whats new in the open source v1.5

  • Bug fixes
  • Windows compatibility updates
  • Multiplayer exploits closed
  • Xbox 360 controller support
  • Support for HD and widescreen resolutions

Conculsion

This classic games from the 90’s has held up very well over time, and to this day still has active players on the multiplayer servers.  The compatibility fixes for the latest versions of Windows made avaliable thanks to the fact that Activision released the source code under the GNU license.  The game play has also received small tweaks to improve game play.  Multi player exploits have been closed to make sure that Battlezone’s multiplayer afterlife is just as fun as the original.

Download

Both the original and Red Odyssey campaigns can be legally downloaded for free at: http://Battlezone1.com/downloads.index.htm

Screenshots

 

Cyanogenmod.com domain held hostage

Cyanogenmod Logo

Visit Cyanogenmod.org for the latest builds of cyanogenmod.

The Cyanogenmod team lost control of there .com domain over when a team member was confronted for impersonating another for personal gain. The Cyanogenmod team refused to identify the former team member out of respect for his personal well being and future career.  According to the blog post a former unnamed team member had control of the .com domain and demanded a $10,000 ransom in return.  The Cyanogenmod team refused to pay the ransom, but instead began using Cyanogenmod.org as their primary domain.

The Cyanogenmod team successfully talked down the individual in question.  The ex-team member agreed to retain control of the .com domain, but instead 301 redirect it to their new .org domain name.  The Cyanogenmod team is insisting that there be no retaliation toward the ex-team member because of his actions.

Kudos to the Cyanogenmod team for their cool heads in such a outrageous situation.  They have stated they learned their lesson and will restructure the team to prevent one person from having full control of any one asset.  In addition they advised the members on the Cyanogenmod community to not take any action toward the ex-team member, as they are pursuing all legal avenues to regain control of all their domain and email systems.