15 steps to setup Samba Active Directory DC CentOS 8

Deepak Prasad

CentOS 8

In this tutorial I will share step by step instructions to install and configure Samba as Active Directory Domain Controller (AD DC) using CentOS 8 Linux server. You may also want to look at FreeIPA which may not be a complete alternative to Windows AD but is an integrated Identity and Authentication solution for Linux/UNIX networked environments. You get a GUI access to manage and control all the user authentications and servers in your organization.

Creating an Active Directory DC implies that we need to have many different services (DNS, Kerberos, LDAP, etc.) working in perfect coordination. Luckily the Samba team has done a great job in easing this process, but it is not simple yet.

Samba as an AD DC only supports:

  • Integrated LDAP server as AD back end.
  • Heimdal Kerberos Key Distribution Center (KDC).


Lab Environment

I have brought up a CentOS 8 Virtual Machine using Oracle VirtualBox to setup my Samba Domain Controller. Below are the VM specs

Component Value
FQDN samba-ad.example.com
IP Address
OS CentOS 8
Storage 30GB
vCPU 4


1. Pre-requisites

According to the official Samba documentation, there are a few steps we must complete before installing an Active Directory domain controller in Samba.

1.1 Check FileSystem Support

To set up shares with extended access control list (ACL) support, the file system hosting the share must have the user and system xattr name space enabled. On a Samba Active Directory (AD) domain controller (DC), samba-tool verifies this setting automatically for the file system the Sysvol share is created on.

Ensure that your kernel has the following options enabled:


To check this, first check the kernel version which is loaded on your server

[root@samba-ad ~]# uname -r

Next check the boot configuration file of this kernel version

[root@samba-ad ~]# grep -E "CONFIG_EXT4_FS_SECURITY|CONFIG_EXT4_FS_POSIX_ACL" /boot/config-4.18.0-147.5.1.el8_1.x86_64


1.2 Configure hosts file

Verify that the /etc/hosts file on the DC correctly resolves the fully-qualified domain name (FQDN) and short host name to the LAN IP address of the DC. For example:   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6  samba-ad        samba-ad.example.com


1.3 Perform Cleanup

If you previously ran a Samba installation on this host or else you can skip this section:

Verify that no Samba processes are running:

# ps ax | egrep "samba|smbd|nmbd|winbindd

If the output lists any samba, smbd, nmbd, or winbindd processes, shut down the processes.

Remove the existing smb.conf file. To list the path to the file:

# smbd -b | grep "CONFIGFILE"
   CONFIGFILE: /usr/local/samba/etc/samba/smb.conf

Remove all Samba database files, such as *.tdb and *.ldb files. To list the folders containing Samba databases:

  LOCKDIR: /usr/local/samba/var/lock/
  STATEDIR: /usr/local/samba/var/locks/
  CACHEDIR: /usr/local/samba/var/cache/
  PRIVATE_DIR: /usr/local/samba/private/

Remove an existing /etc/krb5.conf file:

[root@samba-ad ~]# rm /etc/krb5.conf
rm: remove regular file '/etc/krb5.conf'? y


1.4 Enable Required Repositories

For CentOS 8 we would need following additional repositories apart from the ones which are enabled by default with CentOS 8.

EPEL repo is not part of the default CentOS installation but we can install epel-release rpm to install this repo

[root@samba-ad ~]# yum -y install epel-release

Next install dnf-plugins-core to be able to enable repo using yum config-manager and later enable PowerTools repo from CentOS

[root@samba-ad ~]# yum -y install dnf-plugins-core
[root@samba-ad ~]# yum config-manager --set-enabled PowerTools

The list of enabled repos on my server.

[root@samba-ad ~]# yum repolist


CentOS 8 repositories for Samba AD
CentOS 8 repositories for Samba AD


2. Install Dependency Packages

Install the following packages to build Samba as an Active Directory (AD) domain controller (DC) on a minimal Red Hat Enterprise Linux (RHEL) 8 or CentOS 8 installation:

[root@samba-ad ~]# yum -y install docbook-style-xsl gcc gdb gnutls-devel gpgme-devel jansson-devel \
      keyutils-libs-devel krb5-workstation libacl-devel libaio-devel \
      libarchive-devel libattr-devel libblkid-devel libtasn1 libtasn1-tools \
      libxml2-devel libxslt lmdb-devel openldap-devel pam-devel perl \
      perl-ExtUtils-MakeMaker perl-Parse-Yapp popt-devel python3-cryptography \
      python3-dns python3-gpg python36-devel readline-devel rpcgen systemd-devel \
      tar zlib-devel


3. Download latest stable samba build

At the time of writing this tutorial, 4.12.5 was the latest available stable samba build. You can manually navigate to https://download.samba.org/pub/samba/stable and download the latest stable build.

[root@samba-ad ~]# wget https://download.samba.org/pub/samba/stable/samba-4.12.5.tar.gz


Download Samba4
Download Samba4

Once downloaded, extract the content of this archive

[root@samba-ad ~]# tar -xzvf samba-4.12.5.tar.gz

Change into the directory with the extracted sources:

[root@samba-ad ~]# cd samba-4.12.5

The configure script is located in the root of the sources directory. The main purpose of the script is to create a Makefile which is used by the command make. The configure script enables you to set various options, like installation paths. We will execute it without any additional options.

[root@samba-ad ~]# ./configure
<Output trimmed>

If the configure script exits without an error, you see the following output:

'configure' finished successfully (2m32.681s)

If you observe any errors, check the official documentation for more help

To start the compilation, run make as shown below. This may take some time to complete so you can go and have some coffee in the mean time.

[root@samba-ad ~]# make
<Output trimmed>

If the installation exits without an error, you see the following output:

Waf: Leaving directory `/root/samba-4.12.5/bin/default'
Build commands will be stored in bin/default/compile_commands.json
'build' finished successfully (32m20.012s)

To install the compiled software, you require root permissions to write to the destination directories and set the correct permissions.

[root@samba-ad ~]# make install
<Output trimmed>

If the installation exits without an error, you see the following output:

Waf: Leaving directory `/root/samba-4.12.5/bin/default'
Build commands will be stored in bin/default/compile_commands.json
'install' finished successfully (8m56.726s)


4. Set environment variable

If you have defined a custom PATH for your samba binaries with configure then you can modify the PATH accordingly. Since I have configure samba Active Directory with default values, I will execute the below command to add the samba binary paths into the PATH variable to avoid writing the full path of the samba commands

export PATH=/usr/local/samba/bin/:/usr/local/samba/sbin/:$PATH

Executing this will update PATH variable only for current session, to make this permanent for root user, add this into the user root's .bash_profile or if you want normal users also to be able to access samba commands then you can just add this in /etc/profile

update environment variable
update environment variable


5. Provisioning Samba Active Directory

Provisioning consists of setting up all the infrastructure needed for a Samba Active Directory domain to run such as LDAP, Kerberos, and DNS servers. The Samba AD provisioning process creates the AD databases and adds initial records, such as the domain administrator account and required DNS entries.

When provisioning a new AD, it is recommended to enable the NIS extensions by passing the --use-rfc2307 parameter to the samba-tool domain provision command. This enables you to store Unix attributes in AD, such as user IDs (UID), home directories paths, group IDs (GID). Enabling the NIS extensions has no disadvantages. However, enabling them in an existing domain requires manually extending the AD schema.
[root@samba-ad samba-4.12.5]# samba-tool domain provision --use-rfc2307 --interactive --option="interfaces= lo eth1" --option="bind interfaces only=yes"
Realm [EXAMPLE.COM]:  EXAMPLE.COM  <-- provide the realm name
Domain [EXAMPLE]:  EXAMPLE  <-- provide the domain name
Server Role (dc, member, standalone) [dc]:  dc   <-- Since we are configuring samba active directory, we use dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:  SAMBA_INTERNAL   <-- We will let samba configure it's own DNS and zone files
DNS forwarder IP address (write 'none' to disable forwarding) []:   <-- We will use google's dns
Administrator password:   <-- Provide the Administrator user's password
Retype password:
INFO 2020-08-11 15:40:59,849 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2133: Looking up IPv4 addresses
INFO 2020-08-11 15:40:59,849 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2150: Looking up IPv6 addresses
INFO 2020-08-11 15:41:01,763 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2305: Setting up secrets.ldb
INFO 2020-08-11 15:41:01,798 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2311: Setting up the registry
INFO 2020-08-11 15:41:01,839 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2314: Setting up the privileges database
INFO 2020-08-11 15:41:01,925 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2317: Setting up idmap db
INFO 2020-08-11 15:41:01,984 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2324: Setting up SAM db
INFO 2020-08-11 15:41:01,998 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2020-08-11 15:41:01,999 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2020-08-11 15:41:02,011 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1338: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2020-08-11 15:41:02,075 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1416: Adding DomainDN: DC=example,DC=com
INFO 2020-08-11 15:41:02,102 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1448: Adding configuration container
INFO 2020-08-11 15:41:02,129 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1463: Setting up sam.ldb schema
INFO 2020-08-11 15:41:12,465 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1481: Setting up sam.ldb configuration data
INFO 2020-08-11 15:41:13,108 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1522: Setting up display specifiers
INFO 2020-08-11 15:41:20,575 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1530: Modifying display specifiers and extended rights
INFO 2020-08-11 15:41:20,714 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1537: Adding users container
INFO 2020-08-11 15:41:20,719 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1543: Modifying users container
INFO 2020-08-11 15:41:20,722 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1546: Adding computers container
INFO 2020-08-11 15:41:20,727 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1552: Modifying computers container
INFO 2020-08-11 15:41:20,730 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1556: Setting up sam.ldb data
INFO 2020-08-11 15:41:21,320 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1586: Setting up well known security principals
INFO 2020-08-11 15:41:21,476 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1600: Setting up sam.ldb users and groups
INFO 2020-08-11 15:41:22,590 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #1608: Setting up self join
Repacking database from v1 to v2 format (first record CN=ms-net-ieee-80211-GP-PolicyGUID,CN=Schema,CN=Configuration,DC=example,DC=com)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=IntellimirrorSCP-Display,CN=816,CN=DisplaySpecifiers,CN=Configuration,DC=example,DC=com)
Repacking database from v1 to v2 format (first record CN=Group Policy Creator Owners,CN=Users,DC=example,DC=com)
INFO 2020-08-11 15:41:27,599 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1130: Adding DNS accounts
INFO 2020-08-11 15:41:27,649 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1164: Creating CN=MicrosoftDNS,CN=System,DC=example,DC=com
INFO 2020-08-11 15:41:27,740 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1177: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2020-08-11 15:41:27,885 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/sambadns.py #1182: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=_msdcs,DC=example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=com)
Repacking database from v1 to v2 format (first record DC=@,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com)
INFO 2020-08-11 15:41:28,439 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2037: Setting up sam.ldb rootDSE marking as synchronized
INFO 2020-08-11 15:41:28,449 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2042: Fixing provision GUIDs
INFO 2020-08-11 15:41:32,080 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2377: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
INFO 2020-08-11 15:41:32,080 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2378: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2020-08-11 15:41:32,531 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #2107: Setting up fake yp server settings
INFO 2020-08-11 15:41:32,795 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #490: Once the above files are installed, your Samba AD server will be ready to use
INFO 2020-08-11 15:41:32,796 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #494: Server Role:           active directory domain controller
INFO 2020-08-11 15:41:32,796 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #495: Hostname:              samba-ad
INFO 2020-08-11 15:41:32,796 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #496: NetBIOS Domain:        EXAMPLE
INFO 2020-08-11 15:41:32,797 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #497: DNS Domain:            example.com
INFO 2020-08-11 15:41:32,797 pid:53118 /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py #498: DOMAIN SID:            S-1-5-21-2126248986-2501897089-2532841763


6. Configure the DNS Resolver

Domain members in an AD use DNS to locate services, such as LDAP and Kerberos. For that, they need to use a DNS server that is able to resolve the AD DNS zone.

On your DC, set the AD DNS domain in the search and the IP of your DC in the nameserver parameter of the /etc/resolv.conf file. For example:

[root@samba-ad samba-4.12.5]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com


7. Start Samba Service

Execute from the terminal as root user

# samba

We don't have any systemd service to manage samba service, although you can create a systemd unit file. Once you execute the above command, it will start the samba service

[root@samba-ad ~]# ps -ef | grep samba


Start Samba AD DC service
Start Samba Active Directory service


8. Verify Samba Service

After launching the Samba service we can check that everything is working as expected. If we execute testparm we’ll see that our server is recognized as an Active Directory DC.

[root@samba-ad ~]# testparm
Load smb config files from /usr/local/samba/etc/smb.conf
Loaded services file OK.

Press enter to see a dump of your service definitions

# Global parameters
        dns forwarder =
        passdb backend = samba_dsdb
        realm = EXAMPLE.COM
        server role = active directory domain controller
        workgroup = EXAMPLE
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        vfs objects = dfs_samba4 acl_xattr

        path = /usr/local/samba/var/locks/sysvol
        read only = No

        path = /usr/local/samba/var/locks/sysvol/example.com/scripts
        read only = No


Testing samba4

# smbclient --version
Version 4.12.5

This should show you a version starting with "Version 4.0.XXXXX"

Now try this command:

# smbclient -L localhost -U%

and check if you get a proper reply with all the shared directories including sysvol and netlogon. The 'netlogon' and 'sysvol' shares are basic shares needed for Active Directory server operation.

To test that authentication is working, you should try to connect to the netlogon share using the administrator password you set earlier.

[root@samba-ad samba-4.12.5]# smbclient //localhost/netlogon -Uadministrator%Abhideep@12 -c 'ls'
  .                                   D        0  Tue Aug 11 15:32:02 2020
  ..                                  D        0  Tue Aug 11 15:32:23 2020

                22185808 blocks of size 1024. 4609788 blocks available


9. Create Reverse Zone

You can optionally add a reverse lookup zone.

[root@samba-ad samba-4.12.5]# samba-tool dns zonecreate 43.168.192.in-addr.arpa -U administrator
Password for [EXAMPLE\administrator]:
Zone 43.168.192.in-addr.arpa created successfully

If you need more than one reverse zone (multiple subnets), just run the above command again but with the data for the other subnet.

The reverse zone is directly live without restarting Samba or BIND.


10. Configure Network Time Synchronization

If we want our Active Directory to work properly, synchronizing the time is mandatory. We will use chronyd for time synchronization

Steps to configure Chrony as NTP Server & Client (CentOS/RHEL 8)


11. Configuring Kerberos

In an AD, Kerberos is used to authenticate users, machines, and services. During the provisioning, Samba created a Kerberos configuration file for your DC. Copy this file to your operating system's Kerberos configuration. For example:

[root@samba-ad samba-4.12.5]# cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

The pre-created Kerberos configuration uses DNS service (SRV) resource records to locate the KDC.


12. Verifying DNS

The tcp-based _ldap SRV record in the domain:

[root@samba-ad samba-4.12.5]# host -t SRV _ldap._tcp.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 samba-ad.example.com.

The udp-based _kerberos SRV resource record in the domain:

[root@samba-ad samba-4.12.5]# host -t SRV _kerberos._udp.example.com.
_kerberos._udp.example.com has SRV record 0 100 88 samba-ad.example.com.

The A record of the domain controller:

[root@samba-ad samba-4.12.5]# host -t A samba-ad.example.com.
samba-ad.example.com has address


13. Verifying Kerberos

Request a Kerberos ticket for the domain administrator account:

[root@samba-ad samba-4.12.5]# kinit Administrator
Password for Administrator@EXAMPLE.COM:
Warning: Your password will expire in 41 days on Tue 22 Sep 2020 03:41:22 PM IST

List the cached Kerberos tickets:

[root@samba-ad samba-4.12.5]# klist


List Kerberos Tickets
List Kerberos Tickets


14. Configure Firewall

We are using firewalld in our CentOS 8 environment so we will use firewalld to enable ports and services part of Samba Active Directory

[root@samba-ad ~]# firewall-cmd --add-service={dns,ldap,ldaps,kerberos}

[root@samba-ad ~]# firewall-cmd --add-port={389/udp,135/tcp,135/udp,138/udp,138/tcp,137/tcp,137/udp,139/udp,139/tcp,445/tcp,445/udp,3268/udp,3268/tcp,3269/tcp,3269/udp,49152/tcp}


15. Managing Samba AD Domain Controller

We have already provisioned the new Samba Active Directory domain with samba-tool . In addition, though, there are many more things that we can do with this versatile tool. For instance, we can list the current users.

[root@samba-ad ~]# samba-tool user list

We can also create an additional user

[root@samba-ad ~]# samba-tool user create deepak
New Password:
Retype Password:
User 'deepak' created successfully

Now verify the list of users

[root@samba-ad ~]# samba-tool user list

To list the available groups

[root@samba-ad ~]# samba-tool user list

We can also add the user we just created to the Domain Admins group

[root@samba-ad ~]# samba-tool group addmembers "Domain Admins" deepak
Added members to group Domain Admins

Verify the list of members from "Domain Admins" group

[root@samba-ad ~]# samba-tool group listmembers "Domain Admins"



In this tutorial we have successfully setup a Samba Active Directory Domain Controller using Samba4 on CentOS 8 Linux server. The provisioning step would be same across all Linux distributions, although the dependency package to be installed will vary based on different Linux distros. We have used an interactive method for provisioning the Samba4 AD but you can also provide all the values as input and perform non-interactive configuration.

Lastly I hope the steps from the article to configure Samba AD DC on CentOS 8Linux was helpful. So, let me know your suggestions and feedback using the comment section.



I have used below external references for this tutorial guide
Setting up Samba as Active Directory as Domain Controller

Views: 292

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can reach out to him on his LinkedIn profile or join on Facebook page.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

22 thoughts on “15 steps to setup Samba Active Directory DC CentOS 8”

  1. Great tutorial!
    But I still miss creating a data share, home share and creating user profiles. Only then can this Samba DC be used for Windows clients…..

  2. HowTo only works if you disable AD server firewall. Missing info is you need to allow port 464 TCP/UDP and possibly also DNS port 53 for the Kerberos password authentication to work when adding Linux – Ubuntu 20.x and Centos 8 clients to domain using realm and adcli. For some reason Win 10 clients joined domain just fine without needing this. Refer url for more info on ports to allow: docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts

    I added both ports and everything now works with firewall enabled. Full rule used below:

    firewall-cmd --add-port={389/udp,135/tcp,135/udp,138/udp,138/tcp,137/tcp,137/udp,139/udp,139/tcp,445/tcp,445/udp,3268/udp,3268/tcp,3269/tcp,3269/udp,49152/tcp,53/udp,53/tcp,464/tcp,464/udp}
    • For completeness maybe I should also add I built samba 4 on top of Oracle Enterprise Linux 8 in case my firewall issue was a particular nuance to that flavour.

      If you are going to try this on OEL8 then note that you’ll need to adapt your repos to suit so that you can build from source. So add epel repo the OEL8 way, enter the text below into the file and then update the repo cache.

      vim /etc/yum.repos.d/ol8-epel.repo 
      name= Oracle Linux $releasever EPEL ($basearch)
      dnf makecache

      Also Centos Powertools repo doesn’t exist in OEL8 so you must use ol8_codeready_builder instead, i,e:

      yum config-manager ol8_codeready_builder

      Aside from this everything else works pretty much verbatim.

      • Thank you for taking time to share this information, it will help others as with CentOS going Stream now people would most likely look for other free alternatives and OEL seems to be one of the alternatives.

  3. i really hope you can make a tutorial about 3 nodes with glusterfs over zfs file system and installing ctdb on top of them i’ve really tried and searched in the internet but nothing is working for me i dont know what i missing thank you

    • Thank you for your suggestion. With RHEL 8 we have Stratis file system which has similar features as with ZFS and BRTFS, zfs requires license and Red Hat does not supports installing ZFS over their OS. I will try to do some research and see if I can write an article on this topic.

  4. You need to add port 464 tcp and udp to the list of firewall ports to open. It is required for Kerberos password change requests which is needed for joining a computer to a domain.

  5. Hello,
    I have a problem when doing the make:
    Waf: Leaving directory `/usr/local/samba-4.13.0/bin/default ‘
    Build failed
    -> task in ‘pytalloc-util.cpython-38-x86_64-linux-gnu’ failed with exit status 1 (run with -v to display more information)

    Do you have a solution ?

  6. Great tutorial.
    I have one question. How can i update samba if they release new versions? It’s done, when I repeat step 3 with the new sources?


Leave a Comment

GoLinuxCloud Logo

We try to offer easy-to-follow guides and tips on various topics such as Linux, Cloud Computing, Programming Languages, Ethical Hacking and much more.

Programming Languages