Filed Under (, , ) by Just An Admin on 23-01-2013
It has been several months now since the Samba 4.1 release is av A version I’ve been looking forward to for a long time now. But the installation documentation and blog posts of users actually installing it are still limited, outdated, to general or incomplete. But I’m very interested to see how this new version works and how well it installs, so I’ll give it a go.
For this setup we will use a basic Ubuntu 12.04.1 LTS (Precise Pangolin) install and the most recent version of Samba 4.1 (GIT source).
Throughout this document i will be using the following information, which you can replace with your own settings:
Servername: SAMBA
DNS Domain name: mydomain.local
NETBIOS Domain name: MYDOMAIN
IP number: 192.168.1.10 with subnetmask 255.255.255.0
Default gateway: 192.168.1.1
Installing Ubuntu 12.04 LTS
For this test we installed Ubuntu 12.04.1 LTS x64 in a VMWare ESXi virtual machine. This will be a standard install with no extra software or packages selected during the initial installation. I will not go in to the installation of Ubuntu in to much detail, as it is very straightforward. We used a 32GB disk which was automatically partitioned. If you know what you’re doing, you can can select a manual partition schema and disk size that suites your wishes.
After the install of Ubuntu is complete and the first boot of the OS has finished, we need to address some minor configurations tasks. First we need to make sure we are up to date on the latest patches and hotfixes:
sudo apt-get update
sudo apt-get upgrade
Install a SSH server.
To make the copy/paste from this guide easier (VMWare console lacks a good copy/paste support) we will install SSH. Besides the ease of copy/paste this is a useful way to manage your server remotely.
sudo apt-get install openssh-server
sudo reboot now
Reboot the server. Use Putty or other SSH client to connect.
Change the root password
Change the password for your root account and make sure you use a password with a solid complexity.
sudo passwd root
Configure a fixed IP for your new server.
Edit /etc/network/interfaces and change the config to set a static IP. Please use your own IP information where applicable:
sudo nano /etc/network/interfaces
iface lo inet loopback
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.10 8.8.8.8
dns-search mydomain.local
Now reboot the server
sudo reboot now
After the reboot has finished and you logged on to the server, you can check if the new IP configuration has been applied:
Install a NTP service to sync the time.
Active Directory and Kerberos rely on a correct time and date settings.
sudo apt-get install ntp
Edit /etc/ntp.conf and replace the server with a Time server of your own or use one from . if you are not familiar with this, you can leave the default server (0.ubuntu.pool.ntp.org) as is.
sudo nano /etc/ntp.conf
and change:
server 0.north-america.pool.ntp.org
To set the time for a first time, do:
sudo service ntp stop
sudo ntpdate -B (replace with preferred timeserver)
example: sudo ntpdate -B server 0.north-america.pool.ntp.org
sudo service ntp start
To check if all went well, do:
Installing Samba 4 (4.1)
Before we can begin installing Samba, we need to install some prerequisites:
sudo apt-get install build-essential libacl1-dev python-dev libldap2-dev pkg-config gdb libgnutls-dev libblkid-dev libreadline-dev libattr1-dev python-dnspython libpopt-dev libbsd-dev attr docbook-xsl libcups2-dev git
We will be installing Samba 4, most current release, from the GIT repository, Samba 4.1.0pre1-GIT-0a4a4ba at the time of writing:
sudo git clone git://git.samba.org/samba.git /usr/src/samba4/
Make sure port 9418 is open on your firewall. GIT uses this port. You will know when you’re in trouble if you get this error:
errno=Connection timed out
cd /usr/src/samba4
Use the following line only if you want to fix the install to version 4.1.0, instead of the most recent build. If you want to use 4.1.0 stable, please use the following command:
sudo git checkout tags/samba-4.1.0
Now we continue the installation of Samba:
sudo ./configure --enable-debug
You will receive a lot of subcontext() and pointer messages. From what is was able to find so far is that all these warnings can be discarded. That is what i did.
sudo make install
After the install we will add the path to the bin and sbin directory of Samba:
sudo nano /etc/sudoers
and add the following to the end of the Defaults secure_path=
before the closing “:
:/usr/local/samba/sbin:/usr/local/samba/bin
and write the changes and exit nano.
Make the same change to the system environment PATH variable:
sudo nano /etc/environment
and add the following to the end of the PATH, before the closing “:
:/usr/local/samba/sbin:/usr/local/samba/bin
and write the changes and exit nano.
Now that Samba is installed, we can start constructing a new domain using the samba-tool domain provision command:
sudo /usr/local/samba/bin/samba-tool domain provision --realm mydomain.local --domain MYDOMAIN --adminpass Pa$$w1rd --server-role=dc
NB. Be sure to pick a strong password. The password complexity requirement is at least one uppercase letter, one number and at least eight characters long. If you have to rerun the command because the password was not strong enough or has failed for any other reason, first remove your partial config, otherwise a new provision will fail. you can do this by running this command:
sudo rm /usr/local/samba/etc/smb.conf
If you receive this error:
"ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs
requires. Try the mounting the filesystem with the 'acl' option"
There is much debate about the solution to solving this problem. Please educate and inform yourself, using google or other resource, on how to fix this problem. One common solution is to add
--use-ntvfs
to the end of the provision command to fix this error. But you will be using legacy file server technology, as Mark stated in his comment.
Setting DNS forwarding allows queries the server can’t resolve to be forwarded to another DNS that can. This is required to be able to browse the Internet or download updates during the rest of this post. We will also allow automatic DNS updates. Make the following adjustment to enable forwarding:
sudo nano /usr/local/samba/etc/smb.conf
add or change the following lines, where the IP of the forwarder is your router. If your router does not forward DNS request, use 8.8.8.8 (Google DNS):
dns forwarder = 192.168.1.1
allow dns updates = nonsecure and secure
Now reboot the server
sudo reboot now
Now we need to make this server point to it’s own DNS for resolving.
sudo nano /etc/network/interfaces
And remove the 8.8.8.8 from the dns-nameservers line. Afterwards it looks like this:
dns-nameservers 192.168.1.10
After you have finished the provisioning command successfully and made teh required changes for DNS forwarding, we are ready to start the Samba server and see if all works as expected.
sudo /usr/local/samba/sbin/samba start
A working DNS server is required for Samba or any Active Directory to function properly, specifically Kerberos will fail. We will be using the default DNS service that comes with Samba. If you specify --dns-backend=SAMBA_INTERNAL in the above mentioned provision command or didn’t specify this options at all, the internal DNS of Samba will be installed.
As our DNS server was already installed with Samba, we now need to test if the DNS is functioning properly. We will test a few basic DNS queries and see if they return a valid repsonse:
host -t SRV _ldap._tcp.mydomain.local.
Should return something like:
_ldap._tcp.mydomain.local has SRV record 0 100 389 samba.mydomain.local.
host -t SRV _kerberos._udp.mydomain.local.
Should return something like:
_kerberos._udp.mydomain.local has SRV record 0 100 88 samba.mydomain.local.
host -t A samba.mydomain.local.
Should return something like:
samba.mydomain.local has address 192.168.1.10
If the DNS works as expected, we will test if Kerberosis running correctly. First we install the Kerberos 5 utilities:
sudo apt-get install krb5-user
Once the Kerberos utilities are installed, we will try to log on to the domain using Kerberos. Be sure to log on using the password you specified in the provision command.
kinit administrator
Should return something like:
Warning: Your password will expire in 41 days on Tue Mar
5 15:23:03 2013
You can check if a Kerberos ticket has been processed correctly using the following command:
This should return something like:
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrator@MYDOMAIN.LOCAL
Valid starting
Service principal
krbtgt/MYDOMAIN.LOCAL@MYDOMAIN.LOCAL
renew until 24/01/
Finally we will test the SMB function of the domain and see if all shares required for a functional Active Directory are up and running. Especially the netlogon and sysvol share should be visible.
&/usr/local/samba/bin/smbclient -L localhost -U%
Should return something like:
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-0a4a4ba]
IPC Service (Samba 4.1.0pre1-GIT-0a4a4ba)
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-0a4a4ba]
And finally we will check if the user administrator can log in using SMB:
/usr/local/samba/bin/smbclient //localhost/netlogon -U 'administrator'
Should return something like:
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-0a4a4ba]
Type quit to exit the SMBClient prompt.
We are done! Congratulations, we have installed a Samba4 server on Ubuntu 12.04.
Init script for auto start
When rebooting the server, it would be nice if the Samba service would start automatically. The following init.d startup script will take care of that:
sudo nano /etc/init.d/samba4
and add the following:
#! /bin/sh
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Samba daemons
### END INIT INFO
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
SAMBAPID=/var/run/samba/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /usr/local/samba/sbin -a -r /usr/local/samba/etc/ || exit 0
. /lib/lsb/init-functions
case &$1& in
log_daemon_msg &Starting Samba 4 daemon& &samba&
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
log_end_msg 1
log_end_msg 0
log_daemon_msg &Stopping Samba 4 daemon& &samba&
start-stop-daemon --stop --quiet --name samba $SAMBAPID
# Wait a little and remove stale PID file
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` & /dev/null
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
log_end_msg 0
restart|force-reload)
echo &Usage: /etc/init.d/samba {start|stop|restart|force-reload}&
After you have created the file, be sure to change the permissions and set the script to autostart using update-rc.d:
sudo chmod 755 /etc/init.d/samba4
sudo update-rc.d samba4 defaults
Homefolders for Acitve Directory users
First we need to create a folder where all the Home folders will reside:
sudo mkdir -m 770 /Users
sudo chmod g+s /Users
sudo chown root.users /Users
Next we will add the the following to /usr/local/samba/etc/smb.conf:
[Users]
directory_mode: parameter = 0700
read only = no
path = /Users
csc policy = documents
You can either map that by using net use h: \\samba\Users\%USERNAME% or by adding the same path to the home folder paragraph under the profile tab of the AD user. The home folder will be created automatically if you use the last option.
Before you add a workstation to this new domain, be sure to point the DNS server on this client to the new domain controller. Now join the domain as you would with a Windows domain.
Extra tips:
samba -b (shows paths to application and config files)
Install the Windows Server 2003 Service Pack 2 Administration Tools Pack for x86 editions to manage the Active Directory server from a Windows client :
If you want to debug your Samba server, please use the following command to start Samba in single user and debug mode. This will log all information to stdout and makes debugging easy.
gdb --args /usr/local/samba/sbin/samba -i -M single
Use the command /usr/local/samba/sbin/samba -V to see what version of Samba you’re running, or try /usr/local/samba/bin/smbclient –version
Parts of the following online resources were used for this tutorial:
24-1-2013 added init.d startup script
10-2-2013 added update-rc.d for autostart and added home folder creation
11-2-2013 corrected DNS forwarder and DNS updates for smb.conf
22-4-2013 changed the password example in the provisioning command to comply with minimum password requirements
28-6-2013 changed the ‘allow dns updates’ value in smb.conf as the new GIT commit does not support ‘True’ anymore. Thanks José
3-7-2013 changed the way the PATH environment variable is set. It is now made permanent by adding it to the ~/bashrc
4-7-2013 changed the creation of the Home Folders to allow for auto creation through ADUC. This seemed broken.
6-1-2014 added root password change and a PATH change for sudoers and system env. Added a tip by DoitDave: fixing the git branche to 4.1.0
25-2-2014 added a comment to the ‘solution’ of adding –ntvfs to solve the ACL error. As Mark commented, this ‘solution’ is using old technology.
Incoming search terms: -
74 Comments
102,301 views
Tagged Under : , , ,
Post a commentAutomatic online activation fails to connect to activation server. | StorageCraft Support CenterCSGODev Server.cfg for CS:GO | CS:GO Development
CSGODev Server.cfg for CS:GO
This is a nice baseline for all of you out there running servers but dont have the ability to make a cfg. This should be more then good enough to handle everything you need to do.
CSGO Beta Server.cfg Version 1
// Created by:
// DO NOT REMOVE THIS INFORMATION.
// Server Name
hostname CSGO Server” //Hostname for the server, will show up in server browsers.
// RCON Password
rcon_password “” //Rcon password. If nothing in the quotes then RCON is disabled. We suggest you
put +rcon_password in your server command line instead. Its more secure.
// Private Server Password
sv_password “” //Leave blank unless you want your server set as private.
// Server CVARs
mp_friendlyfire + //Enable Friendly Fire 1 =Enable 0 =Disable
//ff_damage_reduction_grenade + //Reduces damage done to your teammates with grenades.
//ff_damage_reduction_bullets + //Reduces damage done to teammates when shot.
//ff_damage_reduction_other + //Reduces damage done to teammates regarding non bullets/grenades
mp_autoteambalance + //Auto balaces the teams
mp_autokick + //kicks idle or teamkilling players.
mp_tkpunish + //Enables team killer punishment.
sv_alltalk + //Players can hear all other players’ voice communication, no team restrictions
sv_deadtalk + //Dead players can speak (voice, text) to the living players.
sv_full_alltalk + //Any player (including Spectator team) can speak to any other player
sv_pausable + //Sets the server as pausable. If set as 1 anyone can pause it.
mp_limitteams + //Maximum amount teams can be out of balance. 0 is off.
sv_voiceenable + //Enabled and disables voice chat. Default: 1 which is on.
sv_allow_lobby_connect_only + //If set to 1 it will only allow matchmaking games and not direct connections.
sv_allow_wait_command + //Allow or disallow the wait command on clients connected to this server.
sv_cheats + //Allow cheats on server. LE***E OFF
sv_alternateticks + //If set to 1 server only simulates entities on even numbered ticks.
//sv_downloadurl”” //Location from which clients can download missing files
sv_forcepreload + //Forces server side pre-loading.
sv_friction + //World friction.
sv_pure + // 0 is off, 1 uses whitelist, 2 is forced default.
sv_consistency + // 0 is off and allows skins, 1 is on and forced defaults.
//sv_pure_kick_clients + //If set to 1, the server will kick clients with mismatching files.
//sv_pure_trace + //If set to 1, the server will print a message whenever a client is verifying a
CRC for a file.
// Round Convars
mp_freezetime + //How many seconds to keep players frozen when the round starts
mp_afterroundmoney + //Amount of money awared to every player after each round
mp_playercashawards + //Players can earn money by performing in-game actions
mp_teamcashawards + //Teams can earn money by performing in-game actions
mp_maxrounds + //Maximum amount of rounds per map
mp_timelimit + //How many minutes for the whole map
mp_roundtime + //How many minutes each round takes.
mp_freezetime+ //how many seconds to keep players frozen when the round starts
mp_buytime + //How many seconds after round start players can buy items for.
mp_forcecamera + //Set to 1 for team only spectating.
mp_defuser_allocation + //How to allocate defusers to CTs at start or round: 0=none, 1=random, 2=everyone
mp_death_drop_defuser + //Drop defuser on player death
mp_death_drop_grenade + //Which grenade to drop on player death: 0=none, 1=best, 2=current or best
mp_death_drop_gun + //Which gun to drop on player death: 0=none, 1=best, 2=current or best
mp_buytime + //How many seconds after round start players can buy items for.
mp_c4timer + //how long from when the C4 is armed until it blows
mp_do_warmup_period + //Whether or not to do a warmup period at the start of a match.
mp_force_pick_time + //The amount of time a player has on the team screen to make a selection before
being auto-teamed
mp_halftime_duration + //Number of seconds that halftime lasts
mp_join_grace_time “15 //Number of seconds after round start to allow a player to join a game
mp_match_end_restart + //At the end of the match, perform a restart instead of loading a new map
mp_maxrounds + //Max amount of rounds per map
mp_playercashawards + //Players can earn money by performing in-game actions
mp_playerid + //Controls what information player see in the status bar: 0 1 team
2 no names
mp_playerid_delay + //Number of seconds to delay showing information in the status bar
mp_playerid_hold + //Number of seconds to keep showing old information in the status bar
mp_restartgame + //If non-zero, game will restart in the specified number of seconds
mp_round_restart_delay + //Number of seconds to delay before restarting a round after a win
mp_roundtime + //How many minutes each round takes.
mp_warmuptime + //If true, there will be a warmup period/round at the start of each match to
allow to connect.
mp_win_panel_display_time + //The amount of time to show the win panel between matches / halfs
// The Bot Convars
bot_difficulty 1 //Defines the skill of bots joining the game. Values are: 0=easy, 1=normal,
2=hard, 3=expert.
bot_chatter “off” //Control how bots talk. Allowed values: ‘off’, ‘radio’, ‘minimal’, or ‘normal
bot_join_after_player 1 //If nonzero, bots wait until a player joins before entering the game.
bot_quota 10 //Determines the total number of bots in the game.
bot_quota_mode “fill” //Determines the type of quota. Allowed values: ‘normal’, ‘fill’, and ‘match
// Logging
//log on //This is set to turn on logging!
sv_log_onefile + //Log server information to only one file.
sv_logbans + //Log server bans in the server logs.
sv_logecho + //Echo log information to the console.
sv_logfile + //Log server information in the log file.
sv_logflush + //Flush the log file to disk on each write (slow).
sv_logsdir + //Folder in the game directory where server logs will be stored.
// Server Rates
sv_maxcmdrate + //(If sv_mincmdrate is & 0), this sets the maximum value for cl_cmdrate.
sv_maxrate + //Max bandwidth rate allowed on server, 0 == unlimited
sv_mincmdrate + //This sets the minimum value for cl_cmdrate. 0 == unlimited.
sv_minrate ″ //Min bandwidth rate allowed on server, 0 == unlimited
//CVARS for bhopping
sv_accelerate + //Acceleration. Default 10
sv_friction + //World friction. Default 4
sv_staminajumpcost + //Stamina penalty for jumping. Default .1
sv_staminalandcost + //Stamina penalty for landing. Default .1
sv_staminamax + //Maximum stamina penalty. Degault 80
sv_staminarecoveryrate + //Rate at which stamina recovers (units/sec). Default 50
// Money cvars
mp_startmoney + //Amount of money each player gets when they reset.
mp_maxmoney ″ //Maximum amount of money allowed in a player’s account.
cash_team_terrorist_win_bomb ″ //How much the team will win for the bomb.
cash_team_elimination_hostage_map ″ //How much a player earns when they eliminate all hostages.
cash_team_elimination_bomb_map ″ //How much the team will win when the bomb is eliminated.
cash_team_win_by_time_running_out ″ //How much the team will win when the time runs out.
cash_team_win_by_defusing_bomb ″ //How much the team will win when bomb has been defused.
cash_team_win_by_hostage_rescue ″ //How much the team will win when all hostages have been rescued.
cash_team_loser_bonus ″ //How much the team will win when when the team looses.
cash_team_loser_bonus_consecutive_rounds + //How much the team will win when the team looses consecutive rounds.
cash_team_rescued_hostage + //How much the team will win when team has recued a hostage.
cash_team_hostage_alive + //How much the team will win when a hostage is still alive
cash_team_planted_bomb_but_defused + //How much the team will win when when a team has planted a bomb and been defused
cash_team_hostage_interaction + //How much the team will win when hostages are saved
cash_player_killed_teammate ″ //How much the player will loose when a teamate has been team killed
cash_player_killed_enemy_default + //How much the player will win when killing an enemy
cash_player_killed_enemy_factor ″ //How much the player will win when killing an enemy
cash_player_bomb_planted + //How much the player will win when the bomb has been planted.
cash_player_bomb_defused + //How much the player will win when the bomb has been defused
cash_player_rescued_hostage + //How much the player will win when rescuing hostages
cash_player_interact_with_hostage + //How much the player will win when interacting with hostages
cash_player_damage_hostage + //How much the player will loose when demaging a hostage
cash_player_killed_hostage ″ //How much the player will loose when a hostage has been killed
// Voting Options
sv_allow_votes + //Turns server voting on and off.
sv_vote_allow_spectators + //Allow spectators to vote?”
sv_vote_command_delay + //How long after a vote passes until the action happens
sv_vote_creation_time + //How often someone can individually call a vote.
sv_vote_failure_timer + //A vote that fails cannot be re-submitted for this long
sv_vote_quorum_ratio + //The minimum ratio of players needed to vote on an issue to resolve it.
sv_vote_timer_duration + //How long to allow voting on an issue
sv_lan + //This should always be set, so you know it’s not on
sv_region + //The region of the world to report this server in.
sv_tags “CSGODEV” //Server tags. Used to provide extra information to clients when they’re browsing
for servers
exec banned_user.cfg
exec banned_ip.cfg
This entry was posted in . Bookmark the .
Leave a Reply
You must be signed in through Steam to post a comment.
Copyright & 2012 Code, All Rights Reserved
Design, and code are property
- All trademarks are property of their respective owners in the US and other countries.
This website is in no way, shape or form affiliated with Steam or VALVe Corporation.