TomS.

Experiment: Getting Samba 4 AD DC on DSM 5.2 to work

Recommended Posts

Greetings all,

 

DSM 5.2.5967 Update 2 ships with Samba 4.1.18.

 >smbd -V
Version 4.1.18
Synology Build 5967, Apr 26 2016 17:22:47

Samba 4.x is capable of acting as a standalone Active Directory Domain Controller, AD Directory Services in Windows Server Role terms. Build option indicate AD_DC is enabled

 >smmd -b
Build environment:
  Built by:    root@build1
  Built on:    Tue Apr 26 17:22:21 CST 2016
  Built using: /usr/local/i686-pc-linux-gnu/bin/i686-pc-linux-gnu-ccache-gcc
  Build host:  Linux build1 3.14.30-1-lts #1 SMP Fri Jan 30 13:27:48 CST 2015 x86_64 GNU/Linux
  SRCDIR:      /source/samba-4.x/source3
  BUILDDIR:    /source/samba-4.x/source3
[…]
Build Options:
  AD_DC_BUILD_IS_ENABLED

Attempting to provision the AD DC according to tha Samba wiki HOWTO yields python script errors that appear to involve directory locations.

 

Like the BTRFS effort, it seems that there is a gap between features available, and those exposed in the web gui. I'm aiming to get the AD DC to work in DSM, or run a current Samba > 4.4 in a Docker container, and join the DSM instance to that AD.

 

I'd love to hear any ideas. Thanks for any and all help.

//TomS.

Share this post


Link to post
Share on other sites

But if you use docker system you obtain a sort of VM, could be interesting make package with rigth options to samba to act AD domain

 

But this involves the use of Dynami Dns to store AD data, have you checked if original Synology samba has the rigth compiled options?

Share this post


Link to post
Share on other sites
But this involves the use of Dynami Dns to store AD data, have you checked if original Synology samba has the rigth compiled options?

I don't know enough about Samba to tell whether the options are "right" or not. In the extensive output from smbd -b, I see

--with Options:
  […]
  WITH_ADS
  […]
  WITH_DNS_UPDATES

It looks like Synology kept Samba 4.x's internal DNS server as well as the option to use external BIND dynamic loading zones.

> samba_upgradedns --help
Usage: upgradedns [options]

Options:
 -h, --help            show this help message and exit
 --dns-backend=
                       The DNS server backend, default SAMBA_INTERNAL

I like the Docker container for the AD DC for three reasons:

  • The ability to run a current, supported version of Samba >4.2.x. There are a lot of fixes between DSM's 4.1.18 and 4.4x.
  • Microsoft and Samba recommend against File & Print services on the same host as a Domain Controller. With the DC in a container, and joining the DSM Samba to the container hosted AD, that separation is achieved.
  • Additionally, one isn't performing tasks in the CLI that might get undone by the GUI.

 

I was looking at it natively on DSM to get acquainted with Samba.

 

How's your Docker container knowledge?

Share this post


Link to post
Share on other sites

Hi TomS interesting, my knoweldge in docker is poor i'm in "try to understand" :grin:

In my regular job i work with VM environement

Share this post


Link to post
Share on other sites

Any of you guys continue to work on this past the August posts? I just learned of this coming with DSM 6.1 and now that we have DSM 6 I thought I might try to get it running in Docker since Docker 5.2 was a bit neutered.

 

Some info I found that may help;

 

https://wiki.samba.org/index.php/Settin ... Controller

 

https://hub.docker.com/r/pitkley/samba-ad-dc/

Share this post


Link to post
Share on other sites