Fedora 41
Sponsored Link

Samba AD DC : Configure DC2024/11/29
 

Configure Samba Active Directory Domain Controller.

This example configures on the environment bellow.

Domain Name : SMB01
Realm : SRV.WORLD
Hostname : smb.srv.world

[1] Install Samba DC package.
[root@smb ~]#
dnf -y install samba samba-dc
[2] Configure Samba.
[root@smb ~]#
mv /etc/samba/smb.conf /etc/samba/smb.conf.org

[root@smb ~]#
samba-tool domain provision 

# confirm or set Realm
Realm [SRV.WORLD]: 
# confirm or set Domain name
Domain [SRV]: SMB01 
# select server role (select dc on here)
Server Role (dc, member, standalone) [dc]:
# select DNS backend (select Samba Built-in DNS on here)
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
# confirm or set DNS forwarder
DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]:
# set admin password
Administrator password:
Retype password:

.....
.....

Applied Domain Update 83: c81fc9cc-0130-4fd1-b272-634d74818133
Applied Domain Update 84: e5f9e791-d96d-4fc9-93c9-d53e1dc439ba
Applied Domain Update 85: e6d5fd00-385d-4e65-b02d-9da3493ed850
Applied Domain Update 86: 3a6b3fbf-3168-4312-a10d-dd5b3393952d
Applied Domain Update 87: 7f950403-0ab3-47f9-9730-5d7b0269f9bd
Applied Domain Update 88: 434bb40d-dbc9-4fe7-81d4-d57229f7b080
Applied Domain Update 89: a0c238ba-9e30-4ee6-80a6-43f731e9a5cd
[root@smb ~]#
vi /etc/samba/smb.conf 
[global]
        dns forwarder = 127.0.0.53
        netbios name = SMB
        realm = SRV.WORLD
        server role = active directory domain controller
        workgroup = SMB01
        # add the line in [global] section
        ad dc functional level = 2016
[root@smb ~]#
cp /var/lib/samba/private/krb5.conf /etc/

[root@smb ~]#
systemctl enable --now samba

[3] Confirm function and domain level and add a Domain user.
[root@smb ~]#
samba-tool domain level show 

Domain and forest function level for domain 'DC=srv,DC=world'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2016
# raise the function and domain level to 2016

[root@smb ~]#
samba-tool domain functionalprep --function-level=2016

[root@smb ~]#
samba-tool domain level raise --domain-level=2016 --forest-level=2016 

Domain function level changed!
Forest function level changed!
All changes applied successfully!
[root@smb ~]#
samba-tool domain level show 

Domain and forest function level for domain 'DC=srv,DC=world'

Forest function level: (Windows) 2016
Domain function level: (Windows) 2016
Lowest function level of a DC: (Windows) 2016
# add a domain user

[root@smb ~]#
samba-tool user create fedora 

New Password:     # set password
Retype Password:
User 'fedora' added successfully
[4] If Firewalld is running, allow related ports.
[root@smb ~]#
firewall-cmd --add-service={dns,kerberos,kpasswd,ldap,ldaps,samba}

success
[root@smb ~]#
firewall-cmd --add-port={135/tcp,137-138/udp,139/tcp,3268-3269/tcp,49152-65535/tcp}

success
[root@smb ~]#
firewall-cmd --runtime-to-permanent

success
Matched Content