Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to use Samba4 on the Ubuntu system to create active directory architecture" related knowledge, editor through the actual case to show you the process of operation, the method of operation is simple and fast, practical, I hope that this "how to use Samba4 on the Ubuntu system to create active directory architecture" article can help you solve the problem.

Samba is a set of open source resource sharing software, its main purpose is to realize resource sharing between Windows operating system and Linux/Unix system.

Samba can not only provide independent file and printer sharing services between Windows and Linux systems through SMB/CIFS protocol components, but also realize the function of active directory Active Directory domain controller Domain Controller, or let Linux hosts join to the domain environment as domain member servers. The AD DC domain and forest functional levels implemented by the current version of Samba4 can replace the domain-related functions of the Windows 2008 R2 system.

The following installation configuration document describes the main configuration points for user, machine, shared volume, permissions, and other resource information in a mixed system environment of Windows and Linux.

Environmental requirements:

Ubuntu 16.04 server installation

Ubuntu 14.04 server installation

Set a static IP address for your AD DC server

Step 1: initialize the Samba4 installation environment

1. Before we start installing Samba4 AD DC, let's do some preparatory work. First run the following command to ensure that the system has updated the latest security features, kernel, and other patches:

$sudo apt-get update $sudo apt-get upgrade$ sudo apt-get dist-upgrade

2. Second, open the / etc/fstab file on the server and make sure that the ACL of the file system partition is enabled, as shown in the following figure.

In general, current common Linux file systems, such as ext3, ext4, xfs, or btrfs, are supported by default and have been enabled. If not, open and edit the / etc/fstab file, add acl in the third column, and then restart the system to take effect with the modified configuration.

Start the ACL function of the Linux file system

3. Finally, use a descriptive name to set the host name, such as the adc1 used in the previous article. Set the hostname by editing the / etc/hostname file or using the command shown in the following figure.

$sudo hostnamectl set-hostname adc1

The server must be restarted for the modified hostname to take effect.

Step 2: install the necessary software packages for the Samba4 AD DC server

4. In order to convert your server to a domain controller, you need to use an account with root privileges on the server to execute the following command to install the Samba suite and all necessary software packages.

$sudo apt-get install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind

Install the Samba suite on a Ubuntu system

5. During the execution of the installation package, you will be asked a series of questions to complete the configuration of the domain controller.

In the first screen you need to enter a name in uppercase for the Kerberos default REALM. Enter a name for your domain environment in uppercase, and then click enter to continue.

Configure the Kerosene authentication service

6. Next, enter the hostname of the Kerberos server in your domain. Use the same name as above, this time in lowercase, and then click enter to continue.

Set the hostname of the Kerberos server

7. Finally, specify the hostname of the Kerberos realm management server. Using the same name above, click enter to complete the installation.

Set the hostname of the management server

Step 3: enable Samba AD DC services for your domain environment

Before configuring the Samba service for the domain server, run the following command to stop and disable all Samba processes.

$sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service$ sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service

9. Next, rename or delete the original Samba configuration file. This step must be performed before starting the Samba service, because Samba will create a new profile during the service startup process, and will report an error if the original smb.conf profile is detected.

$sudo mv / etc/samba/smb.conf / etc/samba/smb.conf.initial

10. Now, use the account with root permission and accept the default option prompted by Samba to start the domain provisioning domain provision interactively.

Also, enter the correct DNS server address and set a strong password for the Administrator account. If a weak password is used, the domain provisioning process fails.

$sudo samba-tool domain provision-use-rfc2307-interactive

Samba domain supply

11. Finally, rename or delete the main configuration file certified by Kerberos in the / etc directory using the following command, and create a soft link to the / etc directory for the newly generated Kerberos configuration file of Samba.

$sudo mv / etc/krb6.conf / etc/krb5.conf.initial$ sudo ln-s / var/lib/samba/private/krb5.conf / etc/

Create a Kerberos profile

12. Start and start the Samba active Directory Domain Controller background process

$sudo systemctl start samba-ad-dc.service$ sudo systemctl status samba-ad-dc.service$ sudo systemctl enable samba-ad-dc.service

Enable the Samba active Directory domain controller service

Next, use the netstat command to verify that the service started by the active Directory is normal.

$sudo netstat-tulpn | egrep 'smbd | samba'

Verify Samba active Directory

Step 4: final configuration of Samba

14. At this point, Samba should be fully functioning as you might imagine. Samba now implements a domain functional level that is completely comparable to Windows AD DC 2008 R2.

You can use the samba-tool tool to verify that the Samba service is working:

$sudo samba-tool domain level show

Verify the Samba domain service level

15. In order to meet the needs of DNS local resolution, you can edit the network card configuration file, modify the value of the dns-nameservers parameter to the domain controller address (using 127.0.0.1 as the local DNS resolution address), and set the dns-search parameter to your realm value.

$sudo cat / etc/network/interfaces$ sudo cat / etc/resolv.conf

Configure the DNS server address for Samba

Once set up, restart the server and check that the parsing file points to the correct DNS server address.

Finally, use the ping command to query the results to check whether some important AD DC records are normal, and replace the corresponding domain name with a command similar to the following.

$ping-c3 tecmint.lan # domain name $ping-c3 adc1.tecmint.lan # FQDN$ ping-c3 adc1 # host

Check Samba AD DNS record

Execute some of the following query commands to check that the Samba active Directory domain controller is working.

$host-t A tecmint.lan$ host-t An adc1.tecmint.lan$ host-t SRV _ kerberos._udp.tecmint.lan # UDP Kerberos SRV record$ host-t SRV _ ldap._tcp.tecmint.lan # TCP LDAP SRV record

17. Also, list the cached ticket information by requesting the identity of a domain administrator account to verify that Kerberos authentication is normal. Note that the domain name is capitalized.

$kinit administrator@TECMINT.LAN$ klist

Check whether the Kerberos authentication in the domain environment is correct

This is the end of the introduction to "how to create an active Directory architecture using Samba4 on Ubuntu systems". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.