Tech Tutorial: Configuring Samba as an Active Directory Domain Controller #
Introduction #
In this tutorial, we will explore how to configure Samba as an Active Directory (AD) domain controller. Samba is a free software re-implementation of the SMB/CIFS networking protocol that allows end-users to access and use files, printers, and other commonly shared resources on a company’s intranet or the Internet. Setting up Samba as an AD domain controller can be a cost-effective alternative to Windows Server and provides a way for Linux servers to integrate seamlessly into a Windows-centric environment.
Key Knowledge Areas: #
- Installation and configuration of Samba as an AD domain controller.
- Management of the Samba domain controller.
- Basic AD operations, including user and group management.
- DNS and Kerberos configuration in the context of Samba.
- Integration with existing Active Directory environments.
Step-by-Step Guide #
Step 1: Installing Samba #
First, ensure your system is up-to-date and then install Samba. For Debian-based systems:
sudo apt update
sudo apt install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind
For Red Hat-based systems:
sudo yum update
sudo yum install samba krb5-workstation krb5-libs krb5-auth-dialog samba-winbind samba-winbind-clients
Step 2: Provisioning the Samba AD DC #
Before provisioning, make sure your system has a fully qualified domain name (FQDN). Here, we’ll use smbdc.example.com
as our domain controller name and EXAMPLE.COM
as our domain name.
sudo hostnamectl set-hostname smbdc.example.com
Provision the domain:
sudo samba-tool domain provision --use-rfc2307 --interactive
You will be prompted to enter the domain name (EXAMPLE.COM
), server role (dc
), DNS backend (SAMBA_INTERNAL
), and a strong administrator password.
Step 3: Configuring Kerberos #
Edit the Kerberos configuration file /etc/krb5.conf
generated by Samba:
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
Step 4: Managing DNS Settings #
If you are using Samba’s internal DNS, you can manage DNS records using samba-tool
:
sudo samba-tool dns add smbdc.example.com example.com newhost A 192.168.1.100
sudo samba-tool dns query smbdc.example.com example.com @ ALL
Step 5: Starting and Enabling Samba Services #
Enable and start Samba services:
sudo systemctl enable samba-ad-dc
sudo systemctl start samba-ad-dc
Step 6: Adding Users and Groups #
Add a new user:
sudo samba-tool user create johnsmith Password123!
Add a new group and add the user to the group:
sudo samba-tool group add Finance
sudo samba-tool group addmembers Finance johnsmith
Step 7: Setting Up File Sharing #
Create a shared directory and configure permissions:
sudo mkdir /srv/samba/Finance
sudo chown root:Finance /srv/samba/Finance
sudo chmod 2770 /srv/samba/Finance
Edit /etc/samba/smb.conf
to add the share:
[Finance]
path = /srv/samba/Finance
read only = no
group = Finance
Reload Samba configuration:
sudo systemctl restart samba-ad-dc
Conclusion #
Setting up Samba as an Active Directory domain controller can enhance your network’s capabilities by integrating Linux servers and desktops into a Windows-dominated environment. This setup allows for centralized management of users, groups, and resources, providing a cohesive and unified network management experience. Remember to secure your Samba installation and regularly update it to protect against vulnerabilities.