Differences

This shows you the differences between two versions of the page.

--- ubuntu:samba:configure_samba_active_directory_domain_controller [2019/12/08 21:54] – created peter
+++ ubuntu:samba:configure_samba_active_directory_domain_controller [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 71: / Line 71: @@
 ----
+===== Configure Samba AD DC =====
+Rename or remove the default config.
+<code bash>
+sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
+</code>
+<code bash>
+samba-tool domain provision
+</code>
+and
+<code bash>
+# specify Realm
+Realm [SRV.SHAREWIZ]:
+# specify Domain name
+ Domain [SRV]: SMB01
+# Enter with default because it sets DC
+ Server Role (dc, member, standalone) [dc]:
+# Enter with default because it uses Built-in DNS
+ DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
+# if you set DNS forwarder, specify it, if not, specify [none]
+ DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]: 192.168.1.8
+# set admin password
+# Do not set trivial password, if you input it, configuration wizard shows error and stops
+Administrator password:
+Retype password:
+Looking up IPv4 addresses
+Looking up IPv6 addresses
+No IPv6 address will be assigned
+Setting up share.ldb
+Setting up secrets.ldb
+Setting up the registry
+Setting up the privileges database
+Setting up idmap db
+Setting up SAM db
+Setting up sam.ldb partitions and settings
+Setting up sam.ldb rootDSE
+Pre-loading the Samba 4 and AD schema
+Adding DomainDN: DC=srv,DC=sharewiz
+Adding configuration container
+Setting up sam.ldb schema
+Setting up sam.ldb configuration data
+Setting up display specifiers
+Modifying display specifiers
+Adding users container
+Modifying users container
+Adding computers container
+Modifying computers container
+Setting up sam.ldb data
+Setting up well known security principals
+Setting up sam.ldb users and groups
+Setting up self join
+Adding DNS accounts
+Creating CN=MicrosoftDNS,CN=System,DC=srv,DC=sharewiz
+Creating DomainDnsZones and ForestDnsZones partitions
+Populating DomainDnsZones and ForestDnsZones partitions
+Setting up sam.ldb rootDSE marking as synchronized
+Fixing provision GUIDs
+A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
+Once the above files are installed, your Samba AD server will be ready to use
+Server Role:           active directory domain controller
+Hostname:              smb
+NetBIOS Domain:        SMB01
+DNS Domain:            srv.sharewiz
+DOMAIN SID:            S-1-5-21-1186834725-214749683-942878845
+</code>
+Copy krb file.
+<code bash>
+sudo cp /var/lib/samba/private/krb5.conf /etc/
+</code>
+Setup service which need to run.
+<code bash>
+sudo systemctl stop smbd nmbd winbind systemd-resolved
+sudo systemctl disable smbd nmbd winbind systemd-resolved
+sudo systemctl unmask samba-ad-dc
+Removed /etc/systemd/system/samba-ad-dc.service.
+</code>
+Rmove the link of resolv.conf and create new one
+<code bash>
+sudo ll /etc/resolv.conf
+lrwxrwxrwx 1 root root 39 Apr 27 10:30 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
+sudo rm /etc/resolv.conf
+vi /etc/resolv.conf
+</code>
+Replace the domain name to your own environment:
+<file bash /etc/resolv.conf>
+domain srv.sharewiz
+nameserver 127.0.0.1
+</file>
+Start Samba DC
+<code bash>
+sudo systemctl start samba-ad-dc
+sudo systemctl enable samba-ad-dc
+</code>
+----
+===== Confirm doman level and add a Domain user =====
+==== Confirm doman level ====
+<code bash>
+sudo samba-tool domain level show
+Domain and forest function level for domain 'DC=srv,DC=sharewiz'
+Forest function level: (Windows) 2008 R2
+Domain function level: (Windows) 2008 R2
+Lowest function level of a DC: (Windows) 2008 R2
+</code>
+----
+==== Add a domain user ====
+<code bash>
+sudo samba-tool user create testuser
+New Password:   # set password
+Retype Password:
+User 'testuser' created successfully
+</code>