1. Configure network with a static IP address
$sudo nano/etc/network/interfaces
Auto eth0iface eth0 inet staticaddress 192.168.0.35gateway 192.168.0.1netmask 255.255.255.0network 192.168.0.0broadcast 192.168.0.255dns-nameservers 192.168.0.1 114.114.114.114 8.8.8.8
Dns-search szhnbc.com
2. Name your domain controller
$sudo hostname rd-server$sudo echo "Rd-server" >/etc/hostname$sudo nano/etc/hosts
127.0.0.1 localhost
127.0.1.1st-server.szhnbc.com Rd-server
192.168.0.35th-server.szhnbc.com Rd-server
$sudo apt-get update && apt-get upgrade$sudo reboot
3. Install packages NTP, ACL, samba + tools
$apt-get install NTP ACL samba Krb5-user smbclient
When you install Kerberos, you are prompted to enter the relevant information
Your realm:SZHNBC.COMKerberos servers for Your realm:rd-server.szhnbc.comadministrative server:rd-server.szhnbc.com
4. Configure Samba
Remove automatically created configuration
$sudo rm/etc/samba/smb.conf
Configure Samba with Samba-tool
$sudo samba-tool domain provision--realm szhnbc.com--domain SZHNBC--adminpass Password123--SERVER-ROLE=DC
Note: If you set a password that is less secure, the command will fail.
Installation Success Information:
looking up IPv4 addresseslooking up IPv6 addressesno IPv6 address would be assignedsetting up share.ldbsetting up Secre Ts.ldbsetting up the registrysetting up the privileges databasesetting up Idmap dbsetting up SAM dbsetting up sam.ldb part Itions and settingssetting up sam.ldb rootdsepre-loading the Samba4and AD schemaadding DOMAINDN:DC=szhnbc,dc=comadding configuration containersetting up sam.ldb schemasetting up SAM.LDB configuration datasetting up Display spec ifiersmodifying Display specifiersadding users containermodifying users containeradding computers containermodifying Computers containersetting up Sam.ldb datasetting up well known security principalssetting up Sam.ldb users andgroupsSetting up selfJoinAdding DNS accountscreating CN=microsoftdns,cn=system,dc=szhnbc,dc=comcreating DomainDNSZones and ForestDNSZones partitionspopulating DomainDNSZones and ForestDNSZones Partitionssetting up Sam.ldb RootDSE marking as synchronizedfixing provision GUIDSA Kerberos configuration suitable forSamba4has been generated at/var/lib/samba/private/Krb5.confonce The above files are installed, your SAMBA4 server would be ready to useserver role:active dire Ctory Domain Controllerhostname:rd-servernetbios domain:szhnbcdns Domain:szhnbc.comDOMAIN sid:s-1-5- +-1719461813-2380486383-56883530
5. Configure DNS
For large, complex network deployments, it is recommended that you use bind, but in my actual environment, the built-in DNS is sufficient.
$sudo nano/etc/samba/smb.conf
8.8. 8.8 = nonsecure
$sudo nano/etc/network/interfaces
192.168. 0.35
$sudo reboot now
6. Test your new domain controller
$ host-t SRV _ldap._tcp.szhnbc.com._ldap._tcp.szhnbc.com has SRV record0 - 389rd-server.szhnbc.com.$ host-t SRV _kerberos._udp.szhnbc.com._kerberos._udp.szhnbc.com has SRV record0 - therd-server.szhnbc.com.$ host-t A rd-Server.szhnbc.com.rd-server.szhnbc.com has address192.168.0.35$ kinit AdministratorPassword for[email protected]: warning:your password'll expireinch ADays on Fri Jan at One: -: A -$ klistticket cache:file:/tmp/krb5cc_999default Principal: [email protected]valid starting Expires Service principal A/ A/ - -:Geneva: the A/ A/ - at:Geneva: thekrbtgt/[email protected] Renewuntil A/ -/ - -:Geneva: on[email protected]-server:~$ smbclient-l localhost-u%Domain=[SZHNBC] Os=[unix] Server=[samba4.1.6-Ubuntu] Sharename Type Comment--------- ---- -------Netlogon disk SYSVOL disk ipc$ IPC IPC Service (Sam BA4.1.6-Ubuntu) Domain=[SZHNBC] Os=[unix] Server=[samba4.1.6-Ubuntu] Server Comment--------- -------Workgroup Master--------- -------Haichuan Yangxinfeng mshome RD-SERVER WORKGROUP HC-Jxs$ smbclient//localhost/netlogon-u ' Administrator 'Enter Administrator's Password:DOMAIN=[SZHNBC] Os=[unix] Server=[samba4.1.6-UBUNTU]SMB: \> Quit
7. Manage your new domain controller
Recommended-on-Managing your server is-use "Remote Server Administration Tools", which-can install on Windows 7 Desktop PC as a feature.
You can also manage users & groups with Samba-tool
Samba-tool User add John--surname=smith--given-name=john
Samba-tool Group Add Test_group
Samba-tool group AddMembers Test_group John
Samba-tool User List
Getent passwd John
ID John
Samba 4 Domain Controller on Ubuntu 14.04 LTS