Introduction:
Installation and configuration of Samba Server version 4 as a Domain Controller which is compatible with Microsoft’s Active Directory, to use of Microsoft Windows clients for domain services such as Domain Logon, share folder etc.
Assumption:
1. Domain: testdomain.com
2. Netbios name: TESTDOMAIN
3. SELINUX is disabled
Note:
Before start the installation make sure system has static IP configured, all softwares are up to date and have made the changes hostname entry in host file:
Network Configuration:
[root@samba4 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
HWADDR=”00:0C:29:CE:91:33″
NM_CONTROLLED=”no”
ONBOOT=”yes”
IPADDR=10.x.x.41
PREFIX=24
GATEWAY=10.x.x.1
System Update:
[root@samba4 ~]#yum update -y //to update the system
Host Entry:
[root@samba4 ~]# vi /etc/hosts //host file path
10.x.x.41 samba4.testdomain.com samba4 //host file entry
[root@samba4 ~]#reboot
Software Dependecies:
[root@samba4 ~]# yum install -y wget gcc make libacl-devel libblkid-devel gnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel cups-devel perl ntp bind-utils
Download and install samba 4 tar:
[root@samba4 ~]#wget http://ftp.samba.org/pub/samba/stable/samba-4.0.6.tar.gz //download link
[root@samba4 ~]#tar -zxvf samba-4.0.6.tar.gz //Extact tar file
[root@samba4 ~]#cd samba-4.0.16 //change directory
[root@samba4 samba-4.0.6]#./configure –enable-debug –enable-selftest
[root@samba4 samba-4.0.6]#make
[root@samba4 samba-4.0.6]#make install
Note: above samba4 will install into /usr/local/samba directory
Configure Samba 4 Server as Domain Controller:
[root@samba4 ~]#cd /usr/local/samba/bin
[root@samba4 bin]# ./samba-tool domain provision
Realm [testdomain.com]: //full domain name
Domain [TESTDOMAIN]: //domain
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write ‘none’ to disable forwarding) [10.x.x.41]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=testdomain,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=testdomain,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba4
NetBIOS Domain: TESTDOMAIN
DNS Domain: testdomain.com
DOMAIN SID: S-1-5-21-1906947604-2377111914-2672793986
Note:
1. [root@samba4 ~]#cp /usr/local/samba/private/krb5.conf /etc/krb5.conf //copy krb5.conf into /etc
2. Make DNS entry into /etc/resolve.conf
nameserver 10.x.x.41 //dns entry
Add/create Service for samba4 into /etc/init.d/samba4:
[root@samba4 ~]#vi /etc/init.d/samba4
https://wiki.samba.org/index.php/Samba4/InitScript
#!/bin/bash
#
# samba4 This shell script takes care of starting and stopping
# samba4 daemons.
#
# chkconfig: - 58 74
# description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### BEGIN INIT INFO
# Provides: samba4
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba4
# Description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### END INIT INFO
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
start() {
[ "$NETWORKING" = "no" ] && exit 1
# [ -x /usr/sbin/ntpd ] || exit 5
# Start daemons.
echo -n $"Starting samba4: "
daemon $prog_dir/$prog -D
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
echo -n $"Shutting down samba4: "
killproc $prog_dir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
;;
restart)
stop
start
;;
reload)
echo "Not implemented yet."
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 2
esac
|
Start Services:
[root@samba4 ~]# /etc/init.d/samba4 start
[root@samba4 ~]#chkconfig samba4 on
[root@samba4 ~]# /etc/init.d/ntpd start
[root@samba4 ~]#chkconfig ntpd on
Checking Samba Services and ports:
[root@samba4 ~]# netstat -pntl | grep samba
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1235/samba
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1241/samba
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1235/samba
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1232/samba
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1229/samba
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 1232/samba
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1232/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1232/samba
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1229/samba
[root@samba4 ~]# nslookup google.com
[root@samba4 ~]# nslookup google.com
Server: 10.x.x..41
Address: 10.x.x.41#53
Non-authoritative answer:
Name: google.com
Address: 173.194.36.101
output omitted…
[root@samba4 ~]#
[root@samba4 ~]# /usr/local/samba/bin/smbclient -L //localhost -U%
Domain=[TESTDOMAIN] OS=[Unix] Server=[Samba 4.0.6]
Sharename Type Comment
——— —- ——-
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service (Samba 4.0.6)
Domain=[TESTDOMAIN] OS=[Unix] Server=[Samba 4.0.6]
Server Comment
——— ——-
Workgroup Master
——— ——-
[root@samba4 ~]#
Security Setting/ IPTABLES:
[root@samba4 ~]# iptables -N SAMBA4
[[root@samba4 ~]# iptables -I INPUT 5 -j SAMBA4
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p udp –dport 53 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p udp –dport 88 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p udp –dport 123 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p udp –dport 464 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 53 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 80 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 88 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 123 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 389 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 464 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 443 -j ACCEPT
[[root@samba4 ~]# iptables -I SAMBA4 -s 0.0.0.0/0 -p tcp –dport 636 -j ACCEPT
[[root@samba4 ~]# service iptables save
Now your Samba Active Directory Server is ready to communicate with Windows client.
IMPORTANT:
After Joining the Samba Server you May Manage the Samba AD/DNS Server from windows 7 machine using below tool:
Samba4 Active Directory/DNS Server Management Tool form Windows 7 Client Machine:
Install Active Directory management tools on Windows 7
The Remote Server Administration Tools (RSAT) for Windows 7 can be downloaded from Microsoft’s web site:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d
After downloading and installing the tool on your Windows 7 computer, use the Turn Windows features on or off function to enable AD management tools.
1. From the Control Panel, click on Programs.
2. Under Programs and Features, select Turn Windows features on or off.
3. Under Remote Server Administration Tools > Role Administration Tools, select AD DS DNS and AD LDS Tools.
Different remedies existing from the Web to why to waste time and visit dispensary if you can easily purchase medications sit at home. There are numerous of legal online drugstores that will deliver remedies to your home. If you are considering Cialis, you probably want to study more about Cialis. (See also Amoxicillin Over the Counter). This website provides you with some useful information on the benefits of remedies and how they are evaluated for safety. Generally, both men and women are afflicted by sexual disorders. Often, when people think about Cialis, they mean Generic Amoxil Amoxicillin. The very momentous matter you must look for is Cialis. (Read more Other Forms of Metronidazole). Finally, such kind of difficulties can be an early warning symptom of serious health problems, such as heart disease. Finally ordering remedies online can save money, but keep these tips in mind.
Leave a Reply
You must be logged in to post a comment.