Samba AD DC installation on Rocky Linux 9 (issues)

Rocky Linux Help & Support
1

I have gone through 3(and a half) attempts of installing and configuring a Samba AD DC Server based on Rocky Linux 9:

1st attempt:
(success, but SELinux not active/no firewall, just for testing purposes)

  • I used the guide of synack2 ((h)ttps://forums.rockylinux.org/t/samba-ad-domain-controller-how-to/6588), which was very helpful, but I had to make some tweaks, because some things were not working properly. And within this attempt I have built Samba AD from scratch/source, which is not recommended, but I did it just to test the functionality and crossover with existing Windows AD domains (which worked). Here is my minimalistic doc of commands: (h)ttps://www.dropbox.com/scl/fi/x50ixm9u4klaknytcgmfp/AD_commands-for-building-Samba-AD-DC-from-scratch.paper?rlkey=l0wrqx171rrleiscrtlfnioe6&dl=0

2nd attempt:
(failed, trying proper build based on paket manager RPM)

  • I followed the commands listed/explained from nazunalika ((h)ttps://forums.rockylinux.org/t/samba-ad-dc-active-directory-domain-controller/6399/13)
  • This is where I got until I could not proceed any futher:
#Initial build
*% dnf install epel-release createrepo -y*
*% crb enable*
*% dnf install mock -y*
*% dnf download samba --source*
*% mock -r rocky-9-x86_64 --enablerepo=devel --define 'dist .el9_6.dc' --with dc samba-4.21.3-7.el9_6.src.rpm*
(can take quite some time and it resulted in an error)

This is the last paragraph in the log of /var/lib/mock/rocky-9-86x_64/result/build.log:

"collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped
compilation terminated.
Node /builddir/build/BUILD/samba-4.21.3/bin/default/source3/rpc_server/mdssvc/es_parser.tab.c is created more than once (full message on 'waf -v -v'). The task generators are:
   'spotlight2es.objlist' in /builddir/build/BUILD/samba-4.21.3/source3
Waf: Leaving directory `/builddir/build/BUILD/samba-4.21.3/bin/default'
   'rpcd_mdssvc.objlist' in /builddir/build/BUILD/samba-4.21.3/source3/rpc_server
If you think that this is an error, set no_errcheck_out on the task instance
Node /builddir/build/BUILD/samba-4.21.3/bin/default/source3/rpc_server/mdssvc/es_parser.tab.h is created more than once (full message on 'waf -v -v'). The task generators are:
   'spotlight2es.objlist' in /builddir/build/BUILD/samba-4.21.3/source3
   'rpcd_mdssvc.objlist' in /builddir/build/BUILD/samba-4.21.3/source3/rpc_server
If you think that this is an error, set no_errcheck_out on the task instance
Node /builddir/build/BUILD/samba-4.21.3/bin/default/source3/rpc_server/mdssvc/es_lexer.lex.c is created more than once (full message on 'waf -v -v'). The task generators are:
   'spotlight2es.objlist' in /builddir/build/BUILD/samba-4.21.3/source3
  'rpcd_mdssvc.objlist' in /builddir/build/BUILD/samba-4.21.3/source3/rpc_server
If you think that this is an error, set no_errcheck_out on the task instance
Build failed
 -> task in 'service_dns' failed with exit status 1: 
	{task 139865864288736: cshlib samba_server_gensec.c.9.o,dns_server.c.4.o,dns_query.c.4.o,dns_update.c.4.o,dns_utils.c.4.o,dns_crypto.c.4.o -> libservice_module_dns.so}make: *** [Makefile:7: all] Error 1
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.Tc5oMy (%build)
    Bad exit status from /var/tmp/rpm-tmp.Tc5oMy (%build)
Child return code was: 1
EXCEPTION: [Error('Command failed: \n # /usr/bin/systemd-nspawn -q -M ac006f093a0f40eab1ffa117bee58331 -D /var/lib/mock/rocky-9-x86_64/root -a -u mockbuild --capability=cap_ipc_lock --bind=/tmp/mock-resolv.p3uwtjnh:/etc/resolv.conf --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin \'--setenv=PROMPT_COMMAND=printf "\\033]0;<mock-chroot>\\007"\' \'--setenv=PS1=<mock-chroot> \\s-\\v\\$ \' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c \'/usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/samba.spec\'\n', 1)]
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/mockbuild/trace_decorator.py", line 93, in trace
    result = func(*args, **kw)
  File "/usr/lib/python3.9/site-packages/mockbuild/util.py", line 610, in do_with_status
    raise exception.Error("Command failed: \n # %s\n%s" % (cmd_pretty(command, env), output), child.returncode)
mockbuild.exception.Error: Command failed: 
 /usr/bin/systemd-nspawn -q -M ac006f093a0f40eab1ffa117bee58331 -D /var/lib/mock/rocky-9-x86_64/root -a -u mockbuild --capability=cap_ipc_lock --bind=/tmp/mock-resolv.p3uwtjnh:/etc/resolv.conf --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin '--setenv=PROMPT_COMMAND=printf "\033]0;<mock-chroot>\007"' '--setenv=PS1=<mock-chroot> \s-\v\$ ' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c '/usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/samba.spec"

This is /var/lib/mock/rocky-9-86x_64/result/state.log:

*"2025-07-23 12:38:19,110 - Mock Version: 6.3*
*2025-07-23 12:38:19,128 - Start(bootstrap): chroot init*
*2025-07-23 12:38:19,304 - Start(bootstrap): cleaning package manager metadata*
*2025-07-23 12:38:19,307 - Finish(bootstrap): cleaning package manager metadata*
*2025-07-23 12:38:19,887 - Finish(bootstrap): chroot init*
*2025-07-23 12:38:19,914 - Start: chroot init*
*2025-07-23 12:38:19,961 - Start: unpacking root cache*
*2025-07-23 12:38:21,939 - Finish: unpacking root cache*
*2025-07-23 12:38:22,005 - Start: cleaning package manager metadata*
*2025-07-23 12:38:22,014 - Finish: cleaning package manager metadata*
*2025-07-23 12:38:22,628 - Start: dnf4 update*
*2025-07-23 12:38:27,157 - Finish: dnf4 update*
*2025-07-23 12:38:27,945 - Finish: chroot init*
*2025-07-23 12:38:27,952 - Start: build phase for samba-4.21.3-7.el9_6.src.rpm*
*2025-07-23 12:38:27,957 - Start: build setup for samba-4.21.3-7.el9_6.src.rpm*
*2025-07-23 12:39:40,647 - Finish: build setup for samba-4.21.3-7.el9_6.src.rpm*
*2025-07-23 12:39:40,664 - Start: rpmbuild samba-4.21.3-7.el9_6.src.rpm*
*2025-07-23 12:39:40,718 - Start: Outputting list of installed packages*
*2025-07-23 12:39:41,286 - Finish: Outputting list of installed packages*
*2025-07-23 13:06:20,710 - Finish: rpmbuild samba-4.21.3-7.el9_6.src.rpm*
*2025-07-23 13:06:20,715 - Finish: build phase for samba-4.21.3-7.el9_6.src.rpm"*
  • I was running the build once more:
**% mock -r rocky-9-x86_64 --enablerepo=devel --define 'dist .el9_6.dc' --with dc samba-4.21.3-7.el9_6.src.rpm*

Unfortunately this results in the same error.

  • According to the log files, when trying to build samba-4.21.3-7.el9_6.src.rpm, the linker crashes with signal 11. This usually points to a deep internal bug, lack of system memory , or possibly corrupt build dependencies, not sure..

  • On top of that, the waf build system reports duplicate file generation errors, like:

`es_parser.tab.c,
es_parser.tab.h, es_lexer.lex.c`
These files are created more than once by different task generators (`spotlight2es.objlist` and `rpcd_mdssvc.objlist` ) — and I assume that breaks the build process?
  • Lastly I did:
*mock -r rocky-9-x86_64 --define '_smp_mflags -j1' --enablerepo=devel --define 'dist .el9_3.dc' --with dc samba-4.21.3-7.el9_6.src.rpm*

which resulted in a mismatch in the SHA256 checksum in the verification of the package

After some time I just gave up and went for another method which was:

the 3rd attempt:
I went for the automatic installation script following these guides:
Official documentation: (h)ttps://docs.google.com/document/d/19C8WNTDG6j7Xs_dP6wTQmVHob12q3IRk/edit?rtpof=true&sd=true&pli=1&tab=t.0
YT-VIdeo: (h)ttps://www.youtube.com/watch?v=daaX67Ovegk
GitHub repo: (h)ttps://github.com/fumatchu/RADS/tree/main

which is neat and well explained, but…

…on two different occasions the script exits as there seems to be a problem:
1st:

The installation script ended after 3 minutes and samba was not installed, neither provisioned etc.

2nd time:
Same happens here:

grafik
grafik604×632 85.8 KB

Sorry for the super long article, I just wanted to be as detailed/transparent as possible.
And if you could help I’d be very grateful and aprreciate it, as I can’t figure it out with my (noobie) troubleshooting expertise.

Regards
nk

2

I’ve updated your post, it helps to use the code blocks for things when posting command output, or logs etc. Makes it easier to read, and also stops the post being extremely long.

1 Like
3

Thank you so much, I’ll be aware of that in future posts. :slight_smile:
Regards nk

1 Like
4

First, stop building Samba packages yourself, use the ones from Tranquil IT, they even have a howto:

The thing to do is, do not follow any redhat documentation, just forget it is a redhat based distro and apart from Selinux, pretend it is Debian.

1 Like
5

Alrighty, thanks for the input. I’ll go try it. ((:

6

So the samba package appears to exist (already built) in Rocky 9.x, so why do you need to build from the src rpm?

7

Prob because the samba packages in RHEL do not include the Active Directory stuff. There’s a lot of posts on it already here :slight_smile:

8

No ‘Prob’ about it, redhat said a long time ago that you would never be able to provision an AD DC with their Samba packages.

1 Like
9

I read further into the dependencies of MIT and Heimdal Kerberos regarding the packet managers and AD functionalities, which left me with these three options:

The 1st option would be to (not recommended):
To stick to building Samba from source code (with SELinux preferably, but I have only succeeded by deactivating SELinux + Firewall).

The 2nd option would be to go for another attempt based on the reply on my forum post pointing to a documentation guide link:

Quote:
"hortimech
First, stop building Samba packages yourself, use the ones from Tranquil IT, they even have a howto:
samba.tranquil.it
Installing and configuring Samba-AD on RHEL and derivatives — Samba-AD 4.20...
Installing and configuring Samba-AD on RHEL8 / RHEL9 and derivatives
https://samba.tranquil.it/doc/en/samba_config_server/redhat/server_install_samba_redhat.html
Repos:
https://samba.tranquil.it/redhat8/
https://samba.tranquil.it/redhat9/
https://github.com/nkadel/samba4repo/

The thing to do is, do not follow any redhat documentation, just forget it is a redhat based distro and apart from Selinux, pretend it is Debian."

The 3rd option:
Implementing SerNet'S SAMBA+
https://samba.plus/howto/set-up-samba
Only downside: it's not free.
10

Forget MIT, Samba uses its own builtin version of Heimdal, in fact if you do use MIT, you have to explicitly tell Samba to use it when you build Samba and it is classed as experimental.

The only real difference between the Tranquil IT & Sernet packages are package names (sernet appears a lot in the package names) and the Tranquil IT packages are free, while the Sernet ones have, as you have pointed out, to be paid for.

Somewhere I have an howto on setting up a DC on Rocky Linux 9 (I thought it was on my github page, but it isn’t, only a Unix domain member howto), I will dig it out tomorrow.

2 Likes
11

OK, try this:

1 Like
12

It worked, thanks you so much for your help! :smiling_face:

One question:

I tried following the guide you mentioned earlier ( Installing and configuring Samba-AD on RHEL and derivatives — Samba-AD 4.20 documentation ) where I have to configure the repository:

echo "[tis-samba]

name=tis-samba

baseurl=Index of /redhat9/samba-4.20

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-9" > /etc/yum.repos.d/tissamba.repo

As I was doing the steps one by one I got stuck at the same issue, where samba-dc was not available and to be found in the repository (samba-tool command not found etc.).

In your guide the content is:

[tis-samba]

name=tis-samba

baseurl=Index of /redhat9/samba-4.22

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-9

My understanding regarding this key difference is that samba-dc is not in the samba-4.20, but in the samba-4.22 package. Is that correct?

13

No, it should have been there, it is just that, when it comes to Samba, it always best to use the latest possible version. Perhaps there was typo somewhere ?

1 Like
14

Interesting, might be a typo then. :smiley:

15

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.