Setting up Samba4 for Linux AD-DC on Ubuntu 18.04 is our current goal. In an earlier article we prepared the ground to now initiate the domain. Successfully initiated domain will allow us to advance to the next article and tweak bind9.
All articles in best to study order:
-
Configuring BIND9 for Linux AD-DC on Ubuntu 18.04 – Part 1
-
Linux AD-DC on Ubuntu 18.04 – Setting Samba4 – Part 1
-
Set up BIND9 for Linux AD-DC on Ubuntu 18.04 – Part 2
-
Linux Samba4 AD-DC on Ubuntu 18.04 – Settings – Part 2
-
DHCP server for Linux AD-DC Ubuntu 18.04. Integration with BIND9
-
Domain Controller on Ubuntu 18.04 – Time Synchronization – NTP
-
Administering the Linux domain controller
Key package versions
Remember that recently versions of packages have become a critical element. Despite this, in the Ubuntu 18 repository, updates rolling out now in the Ubuntu 20 repository should not be reached.
- Samba4: Version 4.7.6-Ubuntu
- bind9 (named): BIND 9.11.3-1ubuntu1.13-Ubuntu (Extended Support Version) <id:a375815>
Attention!!! DO NOT .local !!! IF YOU CALL YOUR DOMAIN somedom.local YOU CAN FACE IRREVERSIBLE PROBLEMS
-
Set up Samba4 for Linux AD-DC on Ubuntu 18.04 – Part 1
-
Turn off systemd-resolved
-
Stop the service
sudo service systemd-resolved stop
-
We remove from the auto-start
sudo systemctl disable systemd-resolved.service
-
Remove simlink/etc/resolv.conf
sudo rm /etc/resolv.conf
-
Open and change the config
sudo nano /etc/resolv.conf
-
Set up the address of the server name as in the picture.
nameserver 192.168.1.1 search adminguide.lan
Now, nameserver should be configured to the address of our current DNS server, which is located for example on a router or where
Search lists the name of our future domain
Keep the Ctrl’O changes
-
-
Set up file /etc/hosts
Be sure that AD DC can be opted for by name to your IP address inside a customizable network, even when pinging from AD DC
Open the file and make changessudo nano /etc/hosts
127.0.0.1 localhost.localdomain localhost 192.168.1.100 ag-dc-1.adminguide.lan ag-dc-1
We apply changes
-
We check that the system does not work self-propelled processes
ps ax | egrep "samba|smbd|nmbd|winbindd"
There should be no process, as in the picture:
-
Linux AD-DC on Ubuntu 18.04 – Install Samba
It is very important to remember that the domain controller on the samba is initiated once and for all. The possibility to change its name in the future – is absent in principle. Once called it, with such a name it will exist until the end of centuries or until you kill him. Calling the domain ADMINGUIDE. LAN, it will always remain with this name ADMINGUIDE. Lan. Samba4 does not support domain renaming. Once you’ve initiated it, to change the name, you’ll have to exclude from the domain all the machines that have managed to enter it, remove AD DC, set everything up from scratch and enter the machines already in it. So I strongly recommend thinking through every step before you start initialing the domain, reading this instruction to the very end, thinking over the nuances to avoid future mistakes.
-
Install samba4 and all the packages you want with the following line:
sudo apt -y install samba krb5-config winbind smbclient krb5-user
In order to initiate Linux AD-DC on Ubuntu 18.04 successfully, it is important not to make any mistake when entering data on kerberos configuration screens
-
Default area for Kerberos 5
On this screen, we should automatically put the name of our domain in large letters: ADMINGUIDE. Lan
Default area for Kerberos v5
-
Kerberos server for your area
Here we have to enter the name of the domain controller.rialm.zone everything in the lower register, in this case it is:
ag-dc-1.adminguide.lan
Server kerberos for our area
-
Managing server of your area Kerberos
At this stage we are introducing the same as in the previous one:
ag-dc-1.adminguide.lan
Kerberos field server manager
-
We expect the installation to end
Samba 4
-
Backup file with original Samba settings
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp
-
-
Linux AD-DC on Ubuntu 18.04 – Initialize domain controller
-
Start initialization with option –interactive
From our AD DC, we will be driving users and groups of computers with linux operatings. Therefore, we activate compatibility with NIS more contagiously using the command –use-rfc2307
sudo samba-tool domain provision --use-rfc2307 --interactive
Turning on Network Information Service (NIS) support won’t hurt AD DC, even though it will never run into Linux servers or computers. At the same time, if you set up a controller without this option, and someday you’ll have Linux machines in it, you’ll have to modify the AD scheme and add NIS support. To do this of course will have to kill the controller at great risk.
-
Linux AD-DC on Ubuntu 18.04 – Domain Settings
If there were no errors in the set-up process, the parameters you need to adjust other than the DNS backend installer will place in brackets as defaulted values.
Realm[ADMINGUIDE.LAN]: Domain [ADMINGUIDE]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]: Administrator password: Retype password:
At the moment when the installer asks to enter the password, the best way to set such that is more reliable, because. We will use it for authorization under the AD DC administrator.
If at the moment in the default values are not the values that you expect, most likely admitted a serious joint, it is better to start to adjust again.
-
Linux AD-DC on Ubuntu 18.04 – Check the effects of initialization
If we see information similar to the one below, it means that the domain controller on Ubuntu has successfully completed the initialization:
At the end see where the samba holds the config and config krb5
The result of domain initialization
-
-
Let’s move on to “Ubuntu Domain Controller – BIND9 Configuration – Part 2”
At this point, we can consider that the setting of Samba4 for Linux AD-DC on Ubuntu 18.04, or rather the first part of it, completed successfully.
-
At the moment, all text content a week earlier is published in my zen blog. Russian-language premieres of video lessons 🙂
The same videos are published on Youtube channel, but there are first English-language premieres 🙂
Vkontakte Comments
Default Comments