Samba version 4 can work as a domain controller which is compatible with Microsoft Active Directory, companies can save licensing cost by switching to Samba4 for Active Directory. I will put below the complete steps.
Software Requirements:
1. A latest linux based operating system, I will be using Centos 7 for this example, you can use any flavor of linux
2. We will be using Sernet Samba version 4.2, because the samba package provided in Centos 7 DVD uses MIT Kerberos which does not support Active Directory.
Hardware Requirements:
1. A system with at least 1 GB RAM for better performance, at least 10 GB of disk space and a decent processor
2. You can use a desktop class or server class system depending on choice
Download Links for required softwares:
1. Download Centos 7 DVD from the below link
2. Download Sernet Samba & other required rpm packages
Sernet Samba 4.2 and other dependent packages for Sernet Samba
Installing Centos 7:
I will be using be a virtual machine on Citrix Xen Server, you can use a Physical machine or any other virtualisation platform of your choice.
1. Boot from the Centos 7 DVD (you can use any other boot methods of your choice instead of DVD) and follow the below steps:
Select Install Centos 7 and press enter
Choose your preferred language and click continue
Click on Software Selection and choose minimal install, also select compatibility libraries and development tools (Compatibility and Development Tools are not required to configure Active Directory, but it will useful if you want to compile any other software on this system in future).
Click on Network & Hostname to configure networking, I am not going enable IPv6 for this setup, choose ignore in ipv6 Tab
Set root password of your choice
Let the installation complete and click on reboot.
When the system boots up login as root. Set system hostname, type vi /etc/hostname and press enter replace default hostname with the hostname and domain name of your choice.
Open /etc/hosts file and delete all lines except the below one
I will be disabling Firewall and Selinux to reduce complexity of this Active Directory Setup. Follow the below steps to disable firewall
Do this to disable selinux, Run vi /etc/selinux/config and type SELINUX=disabled
Now I will be installing the sernet samba packages. To make sernet samba rpm installation smooth I will be configure yum repository. Run mkdir /rpms and copy all rpm files from the Packages folder from the DVD. Upload the downloaded sernetsamba.zip file to this machine and extract it (you can upload the files from a pendrive or using sftp from another linux host). Copy the extracted rpm files to /rpms folder.
To configure a local YUM repository the createrepo software is necessary. Install createrepo rpm. Go to /rpms folder and run rpm -ivh createrepo-0.9.9-23.el7.noarch.rpm package name may vary on your dvd, install any dependent packages if needed for createrepo from the /rpms folder.
Once the createrepo package is installed run createrepo -v /rpms
Remove unnecessary yum repo files go to /etc/yum.repos.d/ and rename the unwanted repo files. And create a new local.repo file with the contents as shown below
Refresh yum repository list type yum repolist
Now our repository is ready and we can install the sernet samba packages, type yum install sernet\* and press enter.
DNS service is a necessity to run active directory. Samba4 has its own internal dns service which is enough to run your active directory, if you want more advanced dns service you can use bind as a dns service. To use bind as a dns service we need to install it. Type yum install bind bind-dyndb-ldap and press enter, it will install the bind and bind dyndb packages, do no install bind-chroot, because samba4 does not support it.
Now sernet-smaba has been installed and we are ready to provision our new linux based domain controller.
Run the command samba-tool domain provision --use-rfc2307 --interactive as root and press enter, and choose the proper options of your choice. The first question is REALM, which is your domain name in capital letters, the command will choose it automatically just press enter, next is domain name, it will also be set automatically, press enter, choose the server role, in our case it will be dc, next choose dns backend, will be using SAMBA_INTERNAL, choose none for dns forwarder ip, type administrator password and remember it.
Set samba start mode in /etc/default/sernet-samba, type delete none and type ad on the line SAMBA_START_MODE and save the file. Run /etc/init.d/sernet-samba-ad start and press enter.
Kerberos is a necessary to run active directory, so we need to configure and check whether it is configured properly. Intall krb5-workstation package, run yum install krb5-workstation and press enter. Copy the /var/lib/samba/private/krb5.conf which has been created by samba-tool during our domain provisioning to /etc/krb5.conf.
Run "smbclient", to check if Samba provides the AD DC default shares "netlogon" and "sysvol", that were created in your "smb.conf" during provisioning/upgrading:
Type smbclient -L localhost -U% and press enter.
Now our domain controller is configured, try to join some windows client to this new domain controller.
Installing Centos 7:
I will be using be a virtual machine on Citrix Xen Server, you can use a Physical machine or any other virtualisation platform of your choice.
1. Boot from the Centos 7 DVD (you can use any other boot methods of your choice instead of DVD) and follow the below steps:
Select Install Centos 7 and press enter
Choose your preferred language and click continue
Click on Software Selection and choose minimal install, also select compatibility libraries and development tools (Compatibility and Development Tools are not required to configure Active Directory, but it will useful if you want to compile any other software on this system in future).
Set root password of your choice
Let the installation complete and click on reboot.
When the system boots up login as root. Set system hostname, type vi /etc/hostname and press enter replace default hostname with the hostname and domain name of your choice.
Open /etc/hosts file and delete all lines except the below one
I will be disabling Firewall and Selinux to reduce complexity of this Active Directory Setup. Follow the below steps to disable firewall
Do this to disable selinux, Run vi /etc/selinux/config and type SELINUX=disabled
Now I will be installing the sernet samba packages. To make sernet samba rpm installation smooth I will be configure yum repository. Run mkdir /rpms and copy all rpm files from the Packages folder from the DVD. Upload the downloaded sernetsamba.zip file to this machine and extract it (you can upload the files from a pendrive or using sftp from another linux host). Copy the extracted rpm files to /rpms folder.
To configure a local YUM repository the createrepo software is necessary. Install createrepo rpm. Go to /rpms folder and run rpm -ivh createrepo-0.9.9-23.el7.noarch.rpm package name may vary on your dvd, install any dependent packages if needed for createrepo from the /rpms folder.
Once the createrepo package is installed run createrepo -v /rpms
Remove unnecessary yum repo files go to /etc/yum.repos.d/ and rename the unwanted repo files. And create a new local.repo file with the contents as shown below
Refresh yum repository list type yum repolist
Now our repository is ready and we can install the sernet samba packages, type yum install sernet\* and press enter.
DNS service is a necessity to run active directory. Samba4 has its own internal dns service which is enough to run your active directory, if you want more advanced dns service you can use bind as a dns service. To use bind as a dns service we need to install it. Type yum install bind bind-dyndb-ldap and press enter, it will install the bind and bind dyndb packages, do no install bind-chroot, because samba4 does not support it.
Now sernet-smaba has been installed and we are ready to provision our new linux based domain controller.
Run the command samba-tool domain provision --use-rfc2307 --interactive as root and press enter, and choose the proper options of your choice. The first question is REALM, which is your domain name in capital letters, the command will choose it automatically just press enter, next is domain name, it will also be set automatically, press enter, choose the server role, in our case it will be dc, next choose dns backend, will be using SAMBA_INTERNAL, choose none for dns forwarder ip, type administrator password and remember it.
Set samba start mode in /etc/default/sernet-samba, type delete none and type ad on the line SAMBA_START_MODE and save the file. Run /etc/init.d/sernet-samba-ad start and press enter.
Kerberos is a necessary to run active directory, so we need to configure and check whether it is configured properly. Intall krb5-workstation package, run yum install krb5-workstation and press enter. Copy the /var/lib/samba/private/krb5.conf which has been created by samba-tool during our domain provisioning to /etc/krb5.conf.
Run "smbclient", to check if Samba provides the AD DC default shares "netlogon" and "sysvol", that were created in your "smb.conf" during provisioning/upgrading:
Type smbclient -L localhost -U% and press enter.
Good job..
ReplyDelete