302.1 Samba as Active Directory Domain Controller (weight: 5)

Tech Tutorial: Configuring Samba as an Active Directory Domain Controller #

Introduction #

In this tutorial, we will explore how to configure Samba as an Active Directory (AD) domain controller. Samba is a free software re-implementation of the SMB/CIFS networking protocol that allows end-users to access and use files, printers, and other commonly shared resources on a company’s intranet or the Internet. Setting up Samba as an AD domain controller can be a cost-effective alternative to Windows Server and provides a way for Linux servers to integrate seamlessly into a Windows-centric environment.

Key Knowledge Areas: #

  • Installation and configuration of Samba as an AD domain controller.
  • Management of the Samba domain controller.
  • Basic AD operations, including user and group management.
  • DNS and Kerberos configuration in the context of Samba.
  • Integration with existing Active Directory environments.

Step-by-Step Guide #

Step 1: Installing Samba #

First, ensure your system is up-to-date and then install Samba. For Debian-based systems:

sudo apt update
sudo apt install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind

For Red Hat-based systems:

sudo yum update
sudo yum install samba krb5-workstation krb5-libs krb5-auth-dialog samba-winbind samba-winbind-clients

Step 2: Provisioning the Samba AD DC #

Before provisioning, make sure your system has a fully qualified domain name (FQDN). Here, we’ll use smbdc.example.com as our domain controller name and EXAMPLE.COM as our domain name.

sudo hostnamectl set-hostname smbdc.example.com

Provision the domain:

sudo samba-tool domain provision --use-rfc2307 --interactive

You will be prompted to enter the domain name (EXAMPLE.COM), server role (dc), DNS backend (SAMBA_INTERNAL), and a strong administrator password.

Step 3: Configuring Kerberos #

Edit the Kerberos configuration file /etc/krb5.conf generated by Samba:

[libdefaults]
    default_realm = EXAMPLE.COM
    dns_lookup_realm = false
    dns_lookup_kdc = true

Step 4: Managing DNS Settings #

If you are using Samba’s internal DNS, you can manage DNS records using samba-tool:

sudo samba-tool dns add smbdc.example.com example.com newhost A 192.168.1.100
sudo samba-tool dns query smbdc.example.com example.com @ ALL

Step 5: Starting and Enabling Samba Services #

Enable and start Samba services:

sudo systemctl enable samba-ad-dc
sudo systemctl start samba-ad-dc

Step 6: Adding Users and Groups #

Add a new user:

sudo samba-tool user create johnsmith Password123!

Add a new group and add the user to the group:

sudo samba-tool group add Finance
sudo samba-tool group addmembers Finance johnsmith

Step 7: Setting Up File Sharing #

Create a shared directory and configure permissions:

sudo mkdir /srv/samba/Finance
sudo chown root:Finance /srv/samba/Finance
sudo chmod 2770 /srv/samba/Finance

Edit /etc/samba/smb.conf to add the share:

[Finance]
   path = /srv/samba/Finance
   read only = no
   group = Finance

Reload Samba configuration:

sudo systemctl restart samba-ad-dc

Conclusion #

Setting up Samba as an Active Directory domain controller can enhance your network’s capabilities by integrating Linux servers and desktops into a Windows-dominated environment. This setup allows for centralized management of users, groups, and resources, providing a cohesive and unified network management experience. Remember to secure your Samba installation and regularly update it to protect against vulnerabilities.