Create an Active Directory Infrastructure with Samba4 on Ubuntu

Active Directory is a powerful tool for managing users, groups, and computers in a Windows environment. Samba is an open-source implementation of the SMB/CIFS networking protocol used by Windows for file and printer sharing. Samba4 provides a complete implementation of Active Directory and can be used to create an Active Directory infrastructure on Linux. In this article, we will go through the steps to set up an Active Directory infrastructure with Samba4 on Ubuntu.

Step 1: Install Samba4

First, we need to install Samba4. Open a terminal and enter the following command to install Samba4 −

sudo apt-get install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind libpam-krb5 libpam-ccreds ntp

This command installs the necessary packages for Samba4, as well as Kerberos, which is used for authentication in Active Directory.

Step 2: Configure Kerberos

Next, we need to configure Kerberos. Enter the following command to open the Kerberos configuration file −

sudo nano /etc/krb5.conf

In this file, we need to define our realm and the domain controllers that we will be using. Add the following lines to the bottom of the file, replacing example.com with your own domain name −

[libdefaults] default_realm = EXAMPLE.COM dns_lookup_kdc = truedns_lookup_realm = true 
[realms] EXAMPLE.COM = { kdc = dc1.example.comkdc = dc2.example.com admin_server = dc1.example.com default_domain =example.com }

Save and exit the file.

Step 3: Configure Samba

Now we need to configure Samba. Enter the following command to open the Samba configuration file −

sudo nano /etc/samba/smb.conf

We need to make a few changes to this file. First, add the following lines to the [global] section of the file, replacing example.com with your own domain name −

workgroup = EXAMPLE realm = EXAMPLE.COM netbios name = SAMBA4 server role= active directory domain controller dns forwarder = 8.8.8.8

These lines configure Samba as an Active Directory domain controller. Next, add the following lines to the end of the file −

[netlogon] comment = Network Logon Service path =/var/lib/samba/sysvol/example.com/scripts read only = No [sysvol] comment = System Volume path = /var/lib/samba/sysvol read only = No

These lines define the locations of the Netlogon and Sysvol shares. Save and exit the file.

Step 4: Create the Samba Active Directory Database

Before we can start the Samba Active Directory domain controller, we need to create the Samba Active Directory database. Enter the following command to create the database −

sudo samba-tool domain provision --use-rfc2307 --interactive

This command will prompt you for various pieces of information to create the domain. Follow the prompts and enter the appropriate information.

Step 5: Start the Samba Active Directory Domain Controller

Now we are ready to start the Samba Active Directory domain controller. Enter the following command −

sudo systemctl start samba-ad-dc

This command starts the Samba Active Directory domain controller.

Step 6: Verify

After starting the Samba Active Directory domain controller, it is important to verify that it is running correctly. Here are a few commands that you can use to verify the status of the Samba AD DC −

• Verify the status of the Samba AD DC service −

sudo systemctl status samba-ad-dc

This command should display output indicating that the service is active (running) and that there were no errors during startup.

• Verify that the DNS server is running −

sudo systemctl status bind9

This command should display output indicating that the BIND DNS server is running and that there were no errors during startup.

• Verify the Samba AD DC DNS configuration −

sudo samba-tool dns query localhost <domain-name> @ ALL -U administrator

This command should display output indicating that the DNS queries were successful and that the domain name was resolved correctly.

If any of these commands fail or indicate errors, you may need to troubleshoot your Samba AD DC configuration.

Step 7: Create an Active Directory User

Now that the Samba AD DC is up and running, we can create an Active Directory user account. Here's how to do it −

• Create a user account with the "samba-tool" command −

sudo samba-tool user create  <username> <password>

Replace <username> with the desired username and <password> with the desired password for the user.

• Verify that the user was created successfully −

sudo samba-tool user list

This command should display a list of all the users in the Active Directory domain, including the user account that you just created.

Congratulations! You have now created an Active Directory infrastructure with Samba4 on Ubuntu. This is just the beginning - there are many more features and configurations that you can explore with Samba4 and Active Directory.

Conclusion

In conclusion, setting up an Active Directory infrastructure using Samba4 on Ubuntu is a relatively straightforward process. With Samba4, Ubuntu users can create an environment similar to Microsoft's Active Directory without the need for expensive licenses or proprietary software.

In this guide, we have covered the essential steps required to set up an Active Directory domain controller, including installing Samba4, configuring DNS, joining a client to the domain, and creating users and groups.

By following these steps, Ubuntu users can create a secure, reliable, and scalable Active Directory infrastructure that can manage users, computers, and resources across an organization. This infrastructure can help streamline IT management tasks, reduce costs, and enhance security.