Samba 4 – Active Directory Domain Controller 0n Centos -6.x

Samba 4 – Active Directory Domain Controller 0n Centos -6.x

by -
1 5829

Introduction of Samba - 4

Samba 4 is an open source and free software suit that brings Active Directory functionality to the open source SMB/CIFS (Server Message Block/Common Internet File System) file and print server. Samba 4 can serve as an Active Directory Domain Controller, provide DNS services, handle Kerberos-based authentication, and administer group policy.

Samba4 Server Features

1).Can act as ADDC(Active Directory Domain Controller)
2). Can create Local Profile in samba-4
3). Can create Roaming Profile in samba-4
4). Auto logon scripts
5). Centralized system administration using Group policy

Server Information

Operrating System: Centos6.3 64 bit
IP Address: 192.168.0.69
FQDN : server.kvit.in
Domain Name: kvit.in
Selinux : Disabled
DNS Forwarding IP Address:8.8.8.8 ( Change to yours)

Installation step

Install all dependencies package to build system samba-4

[[email protected] ~]# yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 libldap2-dev openldap-devel wget

Query old available rpm package of samba

[[email protected] ~]# rpm -qa | grep samba

If package are available remove them with YUM

[[email protected] ~]# yum remove samba-winbind-client samba-common samba-client

Install git to dowload the latest Samba 4 version

[[email protected] ~]# yum install git-core

Download the latest version of samba from git repository

[[email protected] ~]# git clone git://git.samba.org/samba.git samba-master

Reboot the server as a precaution so that all packages or kernel updates will be applied

[[email protected] ~]#shutdown -r now

Login again as root to build samba and then compile samba package

[[email protected] ~]#cd samba-master
[[email protected] ~]#./configure –enable-debug –enable-selftest
[[email protected] ~]#make

If everything reports okay you can then install samba

[[email protected] ~]#make install

You should now have samba installed to ‘/usr/local/samba

Provision Samba 4 steps: The provision step sets up a basic user database, and is used when you are setting up your Samba4 server in its own domain.

Issue this command from root:

[[email protected] ~]# /usr/local/samba/bin/samba-tool domain provision
Realm [KVIT.IN]: (press Enter)
Domain [KVIT]: (press Enter)
Server Role (dc, member, standalone) [dc]: (press Enter)
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: (press Enter)
DNS forwarder IP address (write ‘none’ to disable forwarding) [8.8.8.8]: (press Enter)
Administrator password:********* (Set Here DC Administrator password)
Retype password: *********

Result will show like this

Creating CN=MicrosoftDNS,CN=System,DC=kvit,DC=in
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: server
NetBIOS Domain: KVIT
DNS Domain: kvit.in
DOMAIN SID: S-1-5-21-1541916875-3099074859-2332263890

NOTE: You may need to remove the ‘/usr/local/samba/etc/smb.conf’ file if you are re-running the provision command. If you encounter any errors when running the provision command, you may need to install the necessary missing packages or fix errors and then run ‘./configure’, ‘make’ and ‘make install’ commands again as stated above. Remember to do a ‘make clean’ in the root of your ‘samba-master’ directory before running ‘make’ again.

If the provision setup was successful reboot the server

[[email protected] ~]#shutdown -r now

Start samba daemon manually

[[email protected] ~]# /usr/local/samba/sbin/samba

If you like to start samba at boot time, Add ‘/usr/local/samba/sbin/samba’ in /etc/rc.local file.

[[email protected] ~]#vim /etc/rc.local
/usr/local/samba/sbin/samba

Verify you are indeed running the correct version

[[email protected] ~]# /usr/local/samba/sbin/samba -V
Version 4.3.0pre1-GIT-d098b6c

Now run this command to list the shares on your Samba4 server

[[email protected] ~]# /usr/local/samba/bin/smbclient -L localhost -U%
Domain=[KVIT] OS=[Windows 6.1] Server=[Samba 4.3.0pre1-GIT-d098b6c]
Sharename Type Comment
——— —- ——-
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.3.0pre1-GIT-d098b6c)
Domain=[KVIT] OS=[Windows 6.1] Server=[Samba 4.3.0pre1-GIT-d098b6c]
Server Comment
——— ——-
Workgroup Master
——— ——-

Configure DNS Now

Interface settings

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
BOOTPROTO=”static”
ONBOOT=”yes”
TYPE=”Ethernet”
GATEWAY=”192.168.0.254″
IPADDR=”192.168.0.69″
NETMASK=255.255.255.0

Edit your ‘/etc/resolv.conf‘ file

[[email protected] ~]# vim /etc/resolv.conf
domain kvit.in
nameserver 192.168.0.69

Here is configuration file of samba 4 ‘/usr/local/samba/etc/smb.conf

[[email protected] ~]# cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
workgroup = KVIT
realm = KVIT.IN
netbios name = SERVER
server role = active directory domain controller
dns forwarder = 8.8.8.8
[netlogon]
path = /usr/local/samba/var/locks/sysvol/kvit.in/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No

Test DNS Now

[[email protected] ~]# nslookup kvit.in
Server: 192.168.0.69
Address: 192.168.0.69#53
Name: kvit.in
Address: 192.168.0.69

[[email protected] ~]# host -t SRV _ldap._tcp.kvit.in.
_ldap._tcp.kvit.in has SRV record 0 100 389 server.kvit.in.

[[email protected] ~]# host -t SRV _kerberos._udp.kvit.in.
_kerberos._udp.kvit.in has SRV record 0 100 88 server.kvit.in.

[[email protected] ~]# host -t A server.kvit.in.
server.kvit.in has address 192.168.0.69

Now, Flush and save Iptables

[[email protected] ~]# iptables -F
[[email protected] ~]# service iptables save
[[email protected] ~]# service iptables restart

Configure Kerberos file

In CentOS 6.3 or 6.4, kerberos is handled by the ‘/etc/krb5.conf’ file. Make a backup copy of this original file, and then replace the existing file, if any, with the sample from /usr/local/samba/share/setup/krb5.conf.

[[email protected] ~]# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
Edit file like below:
[[email protected] ~]# cat /etc/krb5.conf
[libdefaults]
default_realm = KVIT.IN
dns_lookup_realm = false
dns_lookup_kdc = true

Testing Kerberos

[[email protected] ~]# kinit [email protected]

‘kinit’ will not give you any output. To verify that Kerberos is working, and that you received a ticket, run the following

[[email protected] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting     Expires            Service principal
04/26/15 01:04:46  04/26/15 11:04:46  krbtgt/[email protected]
renew until 04/27/15 01:04:41

NTP (Network Time Protocol)

Make sure that ‘ntpd’ is running and installed. If ‘ntpd’ is not installed you can install it with YUM:

[[email protected] ~]# yum install ntp
[[email protected] ~]#/etc/init.d/ntpd start

Also, use the ‘chkconfig’ command to have ntpd run at boot:

[[email protected] ~]#chkconfig ntpd on

[[email protected] ~]# /usr/local/samba/sbin/samba

Put samba 4 command in bashrc

[[email protected] ~]# vi ~/.bashrc
export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin

Reboot the the server to update bashrc file

or,

[[email protected] ~]# bash

now restart samba daemon like this

[[email protected] ~]# samba

Check the process of samba service

[[email protected] ~]# ps -ef | grep samba

Join windows system in Domain

Client machine settings

IP address settings of your Windows 7 client NIC

ip settings

Click ‘OK’ to save the changes.

Now bring up a command prompt in windows and ping the Samba DC:

ping 192.168.0.69

Verify that DNS is working correctly by pinging the FQDN:

ping server.kvit.in

If you get replies from both then this is a good sign and should mean that your Samba DC is functional. Also, you may need to reboot Windows for network settings to take effect.

Configure data and time on client system

Date and time

Join windows client in to domain

1). Right-click ‘My Computer’ icon and choose ‘Properties’

2). From the left-side pane click ‘Advanced system settings’

3). Choose the ‘Computer Name’ tab and click ‘Change…’

4). Select option ‘Domain’, and insert KVIT.IN. If this fails just try KVIT

join in domain

5). When it requests a username and password, type ‘Administrator’ as the username and then enter your password. (password = the password you used when you ran the ‘samba-tool domain provision’ command)

6). You should get a message box stating ‘Welcome to the KVIT.IN domain’

7). Click OK on this message box and the Properties window, and you will then be instructed to restart your computer.

8). After restarting you should be presented with the normal login dialog. Click on ‘Switch User’ button.

9). Choose ‘Other user’ and then enter in the following.

login

Press ‘Enter’ or the arrow button.

10). You should then authenticate and then login to Windows.

Install windows Remote Administration toll

To install the GUI tools to manage the domain you must install the Remote Server Administration Tools . This will allow you easily manage the domain using Active Directory.

11). Download form link: http://www.microsoft.com/en-us/download/details.aspx?id=7887

12).Enable the necessary components in ‘Control Panel -> Programs -> Turn Windows features on or off -> Remote Server Administration Tools’

Enable remote tool

13). Now open AD Console and create one or more domain user

Go to Run type : dsa.msc ( For AD console)

AD Console14). Now create a domain user to login in to system

R/c on User ==> New ==> User:

First Name: Shahzad

Last Name: Alam

User Logon name: shahzad

Set user password: ******* (Minimum password length should be 7 and complex)

Now, login in to client machine with new domain user

local user login

Download PDF

CEO, KV IT-Solutions Pvt. Ltd. | [email protected] | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

SIMILAR ARTICLES

0 1574

0 1206

0 1101

1 COMMENT

Leave a Reply