Wednesday, July 25, 2012

Create a roaming profile user from the command line

Use this to create a roaming profile user named potato with password potatopass

samba-tool user create potato potatopass --profile-path='\\testdc\profiles\potato'

Tuesday, July 24, 2012


I am currently working on a new version of the script that does the directory setup for roaming profiles and folder redirection, but it's not yet ready to share.

Saturday, July 21, 2012

BTRFS mirroring on root

If you have set up your system with btrfs mirroring for the root drive (ie by booting into the rescue environment on the installer, making the FS, then booting the installer, telling it to use one of the btrfs partitions as btrfs but not format... then when done doing a grub-install onto the other drives)...

If you lose a drive (on purpose or otherwise)...

When you reboot the first time if you have not replaced the drive you need to edit the kernel command line so that it says "rootflags=degraded,subvolid=@", not "rootflags=subvolid=@,degraded"...

Also, if you're testing by yanking the sata cables, re-adding, rebalanceing, removing the failed drive-id, etc over and over without rebooting, it will get to a point where all the data lives on only one drive without a mirror. If you reboot and rebalance again and remove any missing drive it should fix it.

(meta blog post) What is

I see a few people (possibly from Russia) have been visiting by following a link from , which appears to be a members-only site... What is Are you discussing this project internally?

Thursday, July 19, 2012

Updated Quick and Dirty Samba4 DC instructions

Made apparmor allow the specific libraries that bind9 needs, rather than any libraries under the samba heirarchy.

Monday, July 16, 2012

First version of the quick and dirty Samba4 Domain Controller Setup

Note that this requires the router to be configured to handle DHCP, passing the domain controller as primary DNS and WINS (see my earlier entry on router config).

For some reason it took doing an nslookup of testdc.testdomain.local at the command line on  the win7 box before the domain join worked... I will investigate why...

Sunday, July 15, 2012

Router Config

In order to work on the network, each device must find it's own numeric address, and the numeric address of any computer it wants to talk to. To work on the domain, it must know find the numeric address of local computers; the domain controller handles this. To work on the internet it must find the Ip of internet computers. With windows small network servers DHCP (handing each workstation it's own address) and DNS are often done only by the domain controller. This is simple, but if the server goes down all of the computers go down... If we let the router do DHCP, and point the first DNS to the server and the second DNS to the ISPs server or public DNS then local networking goes through the server, and if the server has a problem the workstations can still surf the web and/or remote in to the server.

You'll want to change a few settings to make your network clients use the Samba server for DNS -  without breaking DNS on the server.... Here my Samba Domain Controller will be on, and I have set it as the primary DNS and WINS servers. Also note that I am using google DNS just because it is much faster than my ISP.

Under services management I have set a static reservation for the DC. This means if you re-install the OS you don't have to manually reset it to static IP nor configure the secondary DNS. Note that when you enter the MAC address it must have any letters capitalized, and have the colons. If you replace the server motherboard you will need to update this.

On services tab, domain controller gets a reserved DHCP entry

Here's a few more changes to note, all of them somewhat self-explanatory.
Router gets time from your local official time source

For testing purposes it's handy to enable wake on LAN on your test network machines.

You'll want to port forward ssh to your domain controller if you administer it from outside the LAN

Saturday, July 14, 2012

What's working now, as I start this blog


Everything... and some... and none...

Most of this project is based on other's work, which is working... Samba 4 acts as a DC for many sites... In fact I have worked on a few big companies where locally assembled versions of older Samba, OpenLDAP, Bind, and Kerberos have been combined to act as a DC and groupware for windows hosts... but little of this is documented publicly and much of it is highly specialized to their needs.

In my house are 2 networks that I have set up for this project...

My Production network (for lack of a better term) has a  Linux host acting as server to Mac, Windows, Linux, Android, and iOS devices... It has Samba shares, IMAP email, Davical calendering and contacts,  iSCSI shares, and AppleTalk acting as a time capsule. My backup scripts work for my customized setup, and have even been tested in a baremetal recovery... but all of the services use local user authentication, and there was no easy, documented, repeatable way to build it from scratch...

My testing network consists of a donated consumer router running DD-WRT, an HP Proliant ML110 G3 ( a 2005 era Pentium 4 based small business server which was donated), and a Dell Optiplex Slim tower ( also donated) running Windows 7 Professional. I have successfully set up Samba4 as a domain controller on the server and added the workstation to the domain.

So, my first step will be to use the .bash_history on the test server to make a script to turn a fresh Ubuntu 12.04 server install into a Samba4 DC.

Blog Topic

This blog is about my ongoing experiments with heterogenous networking. 

Sure, you can build a small organization or home server with a domain controller, fileshares, groupware, database, and centralized backup on a Linux host... no problem... but how? 

All the documentation I could find is extremely poor, incorrect, covers only one aspect, or leaves out reasons behind major decisions. I intend to change that.

Likewise, all the related packages (for ubuntu at least) have default configurations that assume UNIX-like authentication and user profiles - despite having the capability to authenticate against an Active Directory server (like Samba 4). This in itself makes sense... they are after all on a Linux system, but I have found no integrated way to configure all the required services without manually editing each one, often putting in the same settings multiple times - in multiple config file languages. I intend to change that.

Furthermore there is little documentation offering an easy way to set up centralized backup for the server and the client devices it is supporting. I intend to change that too.

So, those are lofty goals and kind of nebulous... What deliverables do I expect to produce?

  1. A script to automate setup of a Samba4 Domain Controller using Ubuntu standard packages, sensible defaults, and only a few user supplied values
  2. A script to automate setup of Dovecot and Postfix to authenticate against and get virtual user configs from the Samba4 Domain controller of point 1
  3. A script to automate setup of DaviCal to work with the DC of point 1
  4. Documentation of how to use 1,2, and 3
  5. Scripts to backup 1, 2, and 3, and re-build them onto a fresh install Ubuntu server.
  6. Documentation of how to do 5, and how to do partial restores with the backup.
  7. Documentation of how to set up Windows Backup to back up to 1
  8. Scripts to configure NetATalk so that Macs can use time machine onto the same server, authenticating against 1
  9. Documentation of how to use 8
  10. PPA or mainline deb packages of 1-9