Samba 4 Domain Controller on Ubuntu 14.04 LTS
1. Configure network with a static ip address
$sudo nano /etc/network/interfaces
auto eth0 iface eth0 inet static address 192.168.0.35 gateway 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 dns-nameservers 192.168.0.1 114.114.114.114 8.8.8.8
dns-search szhnbc.com
2. Name your domain controller
$sudo hostname rd-server $sudo echo "rd-server" > /etc/hostname $sudo nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 rd-server.szhnbc.com RD-Server
192.168.0.35 rd-server.szhnbc.com rd-server
$sudo apt-get update && apt-get upgrade $sudo reboot
3. Install packages ntp, acl, samba + tools
$apt-get install ntp acl samba krb5-user smbclient
在安装Kerberos时,会提示输入相关信息
Your realm: SZHNBC.COM Kerberos servers for your realm: rd-server.szhnbc.com Administrative server: rd-server.szhnbc.com
4. Configure samba
Remove automatically created configuration
$sudo rm /etc/samba/smb.conf
Configure samba with samba-tool
$sudo samba-tool domain provision --realm szhnbc.com --domain szhnbc --adminpass Password123 --server-role=dc
注意:如果设置安全比较低的密码,会导致命令失败。
安装成功信息:
Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=szhnbc,DC=com Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=szhnbc,DC=com Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: rd-server NetBIOS Domain: SZHNBC DNS Domain: szhnbc.com DOMAIN SID: S-1-5-21-1719461813-2380486383-56883530
5. Configure DNS
对于大型,复杂的网络部署,建议你应该使用BIND,但在我的实际环境中,内建的DNS已经足够用了。
$sudo nano /etc/samba/smb.conf
dns forwarder = 8.8.8.8 allow dns updates = nonsecure
$sudo nano /etc/network/interfaces
dns-nameservers 192.168.0.35
$sudo reboot now
6. Test your new domain controller
$ host -t SRV _ldap._tcp.szhnbc.com. _ldap._tcp.szhnbc.com has SRV record 0 100 389 rd-server.szhnbc.com. $ host -t SRV _kerberos._udp.szhnbc.com. _kerberos._udp.szhnbc.com has SRV record 0 100 88 rd-server.szhnbc.com. $ host -t A rd-server.szhnbc.com. rd-server.szhnbc.com has address 192.168.0.35$ kinit administrator Password for administrator@SZHNBC.COM: Warning: Your password will expire in 41 days on Fri Jan 23 11:48:22 2015$ klist Ticket cache: FILE:/tmp/krb5cc_999 Default principal: administrator@SZHNBC.COM Valid starting Expires Service principal 12/12/14 13:04:09 12/12/14 23:04:09 krbtgt/SZHNBC.COM@SZHNBC.COM renew until 12/13/14 13:04:01 benny@RD-SERVER:~$ smbclient -L localhost -U% Domain=[SZHNBC] OS=[Unix] Server=[Samba 4.1.6-Ubuntu] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.1.6-Ubuntu) Domain=[SZHNBC] OS=[Unix] Server=[Samba 4.1.6-Ubuntu] Server Comment --------- ------- Workgroup Master --------- ------- HAICHUAN YANGXINFENG MSHOME RD-SERVER WORKGROUP HC-JXS $ smbclient //localhost/netlogon -U'administrator' Enter administrator's password: Domain=[SZHNBC] OS=[Unix] Server=[Samba 4.1.6-Ubuntu] smb: \> quit
7. Manage your new domain controller
Recommended way of managing your server is to use "Remote Server Administration Tools", which you can install on Windows 7 desktop pc as a feature.
You can also manage users & groups with samba-tool
samba-tool user add john --surname=Smith --given-name=John
samba-tool group add test_group
samba-tool group addmembers test_group john
samba-tool user list
getent passwd john
id john