Samba AD DC : Configure DC2025/04/22 |
|
Configure Samba Active Directory Domain Controller. This example configures on the environment bellow.
|
|||||||
| [1] | Install Samba DC package. |
|
root@smb:~# apt -y install samba-ad-dc smbclient
|
| [2] | Configure Samba. |
|
root@smb:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.org root@smb:~# samba-tool domain provision # confirm or set Realm Realm [SRV.WORLD]: # confirm or set Domain name Domain [SRV]: SMB01 # select server role (select dc on here) Server Role (dc, member, standalone) [dc]: # select DNS backend (select Samba Built-in DNS on here) DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: # change DNS forwarder # because disable 127.0.0.53 later, change to available DNS DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]: 10.0.0.10 # set admin password Administrator password: Retype password: ..... ..... Applied Domain Update 78: c3c927a6-cc1d-47c0-966b-be8f9b63d991 Applied Domain Update 79: 54afcfb9-637a-4251-9f47-4d50e7021211 Applied Domain Update 80: f4728883-84dd-483c-9897-274f2ebcf11e Applied Domain Update 81: ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ff Applied Domain Update 82: 83c53da7-427e-47a4-a07a-a324598b88f7 Applied Domain Update 83: c81fc9cc-0130-4fd1-b272-634d74818133 Applied Domain Update 84: e5f9e791-d96d-4fc9-93c9-d53e1dc439ba Applied Domain Update 85: e6d5fd00-385d-4e65-b02d-9da3493ed850 Applied Domain Update 86: 3a6b3fbf-3168-4312-a10d-dd5b3393952d Applied Domain Update 87: 7f950403-0ab3-47f9-9730-5d7b0269f9bd Applied Domain Update 88: 434bb40d-dbc9-4fe7-81d4-d57229f7b080 Applied Domain Update 89: a0c238ba-9e30-4ee6-80a6-43f731e9a5cd
root@smb:~#
vi /etc/samba/smb.conf
[global]
dns forwarder = 10.0.0.10
netbios name = SMB
realm = SRV.WORLD
server role = active directory domain controller
workgroup = SMB01
# add the line in [global] section
ad dc functional level = 2016
root@smb:~# unlink /etc/resolv.conf
root@smb:~# cat <<'EOF' > /etc/resolv.conf
nameserver 127.0.0.1
search srv.world
EOF
root@smb:~# cp /var/lib/samba/private/krb5.conf /etc/ root@smb:~# systemctl disable --now smbd nmbd winbind systemd-resolved root@smb:~# systemctl mask smbd nmbd winbind root@smb:~# systemctl unmask samba-ad-dc
root@smb:~#
root@smb:~# systemctl enable --now samba-ad-dc
samba-tool domain info smb.srv.world Forest : srv.world Domain : srv.world Netbios domain : SMB01 DC name : smb.srv.world DC netbios name : SMB Server site : Default-First-Site-Name Client site : Default-First-Site-Name |
| [3] | Confirm function and domain level and add a Domain user. |
|
root@smb:~# samba-tool domain level show Domain and forest function level for domain 'DC=srv,DC=world' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2016 # raise the function and domain level to 2016 root@smb:~# samba-tool domain functionalprep --function-level=2016 root@smb:~# samba-tool domain level raise --domain-level=2016 --forest-level=2016 Domain function level changed! Forest function level changed! All changes applied successfully!root@smb:~# samba-tool domain level show Domain and forest function level for domain 'DC=srv,DC=world' Forest function level: (Windows) 2016 Domain function level: (Windows) 2016 Lowest function level of a DC: (Windows) 2016 # add a domain user root@smb:~# samba-tool user create ubuntu
New Password: # set password
Retype Password:
User 'ubuntu' added successfully
|
| Sponsored Link |