How to Setup PDC (Primary Domain Controller) samba4 in linux as Active Directory on Red Hat Enterprise Linux 7

-

 

Starting from version 4.0 (released in 2012,) Samba is able to serve as an Active Directory (AD) domain controller (DC). Samba can operates at a forest functional level of Windows Server 2008 R2 which is more that sufficient to manage sophisticated enterprises that use Windows 10/11 with strict compliance requirements (including NIST 800-171.)

If you are installing Samba in a production environment, it is recommended to run two or more DCs for failover reasons, more detail on the provisioning of a failover DC can be found elsewhere on the wiki. This documentation describes how to set up Samba as the first DC to build a new AD forest. Additionally, use this documentation if you are migrating a Samba NT4 domain to Samba AD. To join Samba as an additional DC to an existing AD forest

Source : https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

In this learning scenario, there are 2 operating systems, namely Linux and Windows.

The server is Red Hat Enterprise Linux 7, while the client is Windows7

=======================================

1. SERVER

Operating System : Red Hat Enterprise Linux 7.9

Ram                      : 4 GB

Hard Disk             : 160 GB

Hostname             : svr-pdc

IP Address            : 192.168.1.200/24


=======================================

2. CLIENT  

Operating System : Windows 7 Pro

Ram                      : 4 GB

Hard Disk             : 80 GB

Hostname             : PC-USER1

IP Address            : 192.168.1.240/24

=======================================

Okay, let's go.

First, change hostname, make static ip address, and configure hosts. 

Before configure host, you need to backup the files

cp /etc/hosts /etc/hosts.ori

if you haven't installed nano, please install it with the command

yum install nano -y

nano /etc/hosts

Press ctrl + x

Disable Selinux

nano /etc/selinux/config


Press ctrl + x

Reboot the server

reboot

Install the packages needed to install the pdc samba4

yum install libacl-devel e2fsprogs-devel gnutls-devel readline-devel python-devel gdb pkgconfig gcc libblkid-devel zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel krb5-workstation perl openldap-devel bind bind-sdb bind-utils wget nano -y

Go to directory /opt

cd /opt

Download samba 4.6.0 version

wget -c https://ftp.samba.org/pub/samba/stable/samba-4.6.0.tar.gz

Extract file

tar -zxvf samba-4.6.0.tar.gz

Go directory samba-4.6.0

cd samba-4.6.0

Follow commands below :

./configure.developer && make && make install

nano /etc/krb5.conf

Comment # in front of "includedir /etc/krb5.conf.d/



/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive


DNS Backend type BIND9_DLZ

Input your admin password


/usr/local/samba/sbin/samba

pkill samba

nano /etc/rc.d/init.d/samba4

input script for samba4 (copy script)

===================================================================
#! /bin/bash
#
# samba4 Bring up/down samba4 service
#
# chkconfig: - 90 10
# description: Activates/Deactivates all samba4 interfaces configured to \
# start at boot time.
#
### BEGIN INIT INFO
# Provides:
# Should-Start:
# Short-Description: Bring up/down samba4
# Description: Bring up/down samba4
### END INIT INFO
# Source function library.
. /etc/init.d/functions

if [ -f /etc/sysconfig/samba4 ]; then
. /etc/sysconfig/samba4
fi

CWD=$(pwd)
prog="samba4"

start() {
# Attach irda device
echo -n $"Starting $prog: "
/usr/local/samba/sbin/samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi
echo
}
stop() {
# Stop service.
echo -n $"Shutting down $prog: "
killall samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi
echo
}
status() {
/usr/local/samba/sbin/samba --show-build
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status irattach
;;
restart|reload)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit 0
==================================================================

chmod 755 /etc/rc.d/init.d/samba4

chmod +x /etc/rc.d/init.d/samba4

ln -s /etc/rc.d/init.d/samba4 /etc/rc3.d/S80samba4

chkconfig --add samba4

chkconfig samba4 on

service samba4 restart

/usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%VerySecret123

systemctl restart named

nano /etc/named.conf

add line below so that become based on arrows  :
====
options {
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; <=== add or type this
        listen-on port 53 { 127.0.0.1;any; }; <=== add any
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost;any; }; <=== add any

Add line below on the bottom

include "/usr/local/samba/private/named.conf";
=====

yum info bind

nano /usr/local/samba/private/named.conf

make sure on database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so"; no hash sign (#)




chown named.named /var/named/

service named restart

host -t SRV _ldap._tcp.agl.net

host -t SRV _kerberos._udp.agl.net

host -t A agl.net

chgrp named /usr/local/samba/private/dns.keytab

chmod g+r /usr/local/samba/private/dns.keytab

systemctl enable named.service

/usr/local/samba/sbin/samba_dnsupdate --verbose

firewall-cmd --add-port={53/tcp,53/udp,88/tcp,88/udp,135/tcp,137-138/udp,139/tcp,389/udp,445/tcp,464/tcp,464/udp,636/tcp,1024-5000/tcp,3268-3269/tcp} --permanent && firewall-cmd --reload

if the administrator password doesn't want to expire, run this command


/usr/local/samba/bin/samba-tool user setexpiry Administrator --noexpiry

kinit Administrator@AGL.NET

Input your password.

For the test, please join the domain from windows 7 or windows 8 to your pdc server.

If you have problems. Can be written in the comments column.

Thanks, good luck :)

~Created By AGL Net~


Comments

Post a Comment

Popular posts from this blog

How to Install Zabbix 6.0 LTS on Ubuntu 22

-
Image
  Zabbix was created by Alexei Vladishev, and currently is actively developed and supported by Zabbix SIA. Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is a software that monitors numerous parameters of a network and the health and integrity of servers, virtual machines, applications, services, databases, websites, the cloud and more. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistics, as well as configuration parameters, are accessed through a web-based frontend. A web-based frontend ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, Zabbix ...
Read more

How to Install Nagios 4.4.9 On ubuntu 22.04

-
Image
  Nagios is a strong IT foundation checking device planned to give a smooth execution of cycles in an association. Nagios screens the continuous exercises of the host and it gives a caution assuming something awful occurs. The Nagios support is accessible for Linux and Microsoft-based working frameworks. Ubuntu is a generally utilized dispersion of Linux which is outfitted with the most recent elements and an intuitive connection point. Ubuntu 22.04 is the most recent LTS delivered as of late. Keeping in view the significance of Nagios, this post gives a bit by bit methodology to introduce Nagios on Ubuntu 22.04. First, change hostname your server hostnamectl set-hostname nagios-ubnt22 Change static IP Address I set the IP address 192.168.1.20/24 Match your network nano /etc/netplan/00-installer-config.yaml press ctrl + x for save hostnamectl     Update and upgrade the Ubuntu system’s packages via the following command. apt update -y && apt upgrade -y   In...
Read more

How To Install Nextcloud 25 On Red Hat 8.6 With PHP 7.4

-
Image
Nextcloud offers a cutting edge, on-premises content joint effort stage with continuous record altering, video visit and groupware on versatile, work area and web. My Spesification Server Lab on virtualbox OS            : Red Hat Enterprise Linux 8.6 Hard Disk     : 160 GB RAM           :  4 GB Hostname      : cloud-rhel IP Address    : 192.168.1.86/24 =================================== Change hostname to cloud-rhel hostnamectl set-hostname cloud-rhel Change ip address nmtui Follow steps change the ip address and reboot server Restart your putty and login again Install php 7.4 dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf -y install dnf-utils dnf module reset php -y dnf update -y dnf module install php:...
Read more