Since version 4.0, Samba can, additionally to an NT4 PDC, act as a Domain Controller that is compatible with Microsoft Active Directory. In the following, we explain how to set up Samba as an Active Directory Domain Controller from scratch.
- Turn off SELINUX
# vi /etc/sysconfig/selinux
SELINUX=disabled
[sourcecode language='css']
setenforce 0
- Set your IP to host-name as like below:
# vim /etc/hosts
192.168.1.13 samba4.example.com samba4
- Set your hostname in /etc/sysconfig/network file:
# vim /etc/sysconfig/network
HOSTNAME=samba4.example.com
- Install below packages by using Yum.
yum install bind bind-utils bind-chroot openldap openldap-devel libacl-devel libblkid-devel gnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel wget gcc
- Follow the below steps:
mkdir samba4
cd samba4/
wget --no-check-certificate https://download.samba.org/pub/samba/samba-latest.tar.gz
tar -zxvf samba-latest.tar.gz
cd samba-*
./configure.developer
make && make install
Now samba4 now has been installed, create /etc/init.d/samba file and copy below scripts in to that file:
Since version 4.0, Samba can, additionally to an NT4 PDC, act as a Domain Controller that is compatible with Microsoft Active Directory. In the following, we explain how to set up Samba as an Active Directory Domain Controller from scratch.
- Turn off SELINUX
# vi /etc/sysconfig/selinux
SELINUX=disabled
[sourcecode language='css']
setenforce 0
- Set your IP to host-name as like below:
# vim /etc/hosts
192.168.1.13 samba4.example.com samba4
- Set your hostname in /etc/sysconfig/network file:
# vim /etc/sysconfig/network
HOSTNAME=samba4.example.com
- Install below packages by using Yum.
yum install bind bind-utils bind-chroot openldap openldap-devel libacl-devel libblkid-devel gnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel wget gcc
- Follow the below steps:
mkdir samba4
cd samba4/
wget --no-check-certificate https://download.samba.org/pub/samba/samba-latest.tar.gz
tar -zxvf samba-latest.tar.gz
cd samba-*
./configure.developer
make && make install
Now samba4 now has been installed, cerate /etc/init.d/samba file and copy below scripts in to that file:
# vim /etc/init.d/samba
#Copy below script:
[sourcecode language='css']
#!/bin/bash
#
# samba4 This shell script takes care of starting and stopping
# samba4 daemons.
#
# chkconfig: - 58 74
# description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### BEGIN INIT INFO
# Provides: samba4
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba4
# Description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### END INIT INFO
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
start() {
[ "$NETWORKING" = "no" ] && exit 1
# [ -x /usr/sbin/ntpd ] || exit 5
# Start daemons.
echo -n $"Starting samba4: "
daemon $prog_dir/$prog -D
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
echo -n $"Shutting down samba4: "
killproc $prog_dir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
;;
restart)
stop
start
;;
reload)
echo "Not implemented yet."
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 2
esac
- Make it executable and restart samba services
chmod +x /etc/init.d/samba
/etc/init.d/samba restart
- Run following command and configure Samba4
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
- Fill like following example
Realm : Your domain. Example example.com
Domain : Your Workgroup (Usually domain name without TLD). Example example
Server Role : dc
DNS backend : BIND9_DLZ
Password : Password@123 (fill password with minimum length of 8 characters, 1 upper case, 1 lowercase and 1 number)
- Restart Saba Service
/etc/init.d/samba restart
- Test configuration Via below command
/usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%Password@123
- Open /etc/named.conf file and change like below
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
- Also add following line on the bottom:
include "/usr/local/samba/private/named.conf";
- Open /etc/sysconfig/named file and add below line on the bottom
NAMED_RUN_CHROOTED="no"
- And also remove or comment below line:
ROOTDIR=/var/named/chroot
- Change ownership to named by below command
chown named:named /usr/local/samba/private/named.conf
- Restart and enable Samba Service
/etc/init.d/named restart
chkconfig named on
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
(adsbygoogle = window.adsbygoogle || []).push({});
- Test configuration by following commands
host -t SRV _ldap._tcp.example.com.
host -t SRV _kerberos._udp.example.com.
host -t A example.com.
- The result will be like below
[root@samba4 ~]# host -t SRV _ldap._tcp.example.com.
_ldap._tcp.example.com. has SRV record 0 100 389 samba4.example.com.
[root@samba4 ~]# host -t SRV _kerberos._udp.example.com.
_kerberos._udp.example.com. has SRV record 0 100 88 samba4.example.com.
[root@samba4 ~]# host -t A example.com.
example.com has address 192.168.1.13
- Copy files like below
cp /etc/krb5.conf /etc/krb5.conf.ori
cp /usr/local/samba/private/krb5.conf /etc/krb5.con
- Testing Kerberos
kinit administrator
klist -e
- Configure kerberos DNS dynamic updates (Optional)
This configuration is optional. You can apply or skip this section. For configuration, adding this line tkey-gssapi-keytab “/usr/local/samba/private/dns.keytab”; on named.conf in the options section. See the following example
# vi /etc/named.conf
options {
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
- Run the following command to change owner and access on dns.keytab file
chgrp named /usr/local/samba/private/dns.keytab
chmod g+r /usr/local/samba/private/dns.keytab
- Check whether any updates about dynamic DNS with the following command
usr/local/samba/sbin/samba_nsupdate --verbose
- Configure NTP Server (Optional)
yum install ntp
- Open file /etc/ntp.conf and add the following line in the bottom
server 0.id.pool.ntp.org
server 1.id.pool.ntp.org
server 2.id.pool.ntp.org
server 3.id.pool.ntp.org
- Restart and enable NTP service
/etc/init.d/ntpd restart
chkconfig ntpd on
ntpq -p
- Make samba-tool to be run directly
cp -rvp /usr/local/samba/bin/samba-tool /usr/bin/
chmod +x /usr/bin/samba-tool
- Create Samba User account by below command
samba-tool user create pradeep Root@123
You can successfully installed samba4 Like AD. You can now join Windows client in to Domain.
/etc/init.d/samba file and copy below scripts in to that file:
# vim /etc/init.d/samba
#Copy below script:
[sourcecode language='css']
#!/bin/bash
#
# samba4 This shell script takes care of starting and stopping
# samba4 daemons.
#
# chkconfig: - 58 74
# description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### BEGIN INIT INFO
# Provides: samba4
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba4
# Description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### END INIT INFO
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog
start() {
[ "$NETWORKING" = "no" ] && exit 1
# [ -x /usr/sbin/ntpd ] || exit 5
# Start daemons.
echo -n $"Starting samba4: "
daemon $prog_dir/$prog -D
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
echo -n $"Shutting down samba4: "
killproc $prog_dir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
;;
restart)
stop
start
;;
reload)
echo "Not implemented yet."
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 2
esac
- Make it executable and restart samba services
chmod +x /etc/init.d/samba
/etc/init.d/samba restart
- Run following command and configure Samba4
/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
- Fill like following example
Realm : Your domain. Example example.com
Domain : Your Workgroup (Usually domain name without TLD). Example example
Server Role : dc
DNS backend : BIND9_DLZ
Password : Password@123 (fill password with minimum length of 8 characters, 1 upper case, 1 lowercase and 1 number)
- Restart Saba Service
/etc/init.d/samba restart
- Test configuration Via below command
/usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator%Password@123
- Open /etc/named.conf file and change like below
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
- Also add following line on the bottom:
include "/usr/local/samba/private/named.conf";
- Open /etc/sysconfig/named file and add below line on the bottom
NAMED_RUN_CHROOTED="no"
- And also remove or comment below line:
ROOTDIR=/var/named/chroot
- Change ownership to named by below command
chown named:named /usr/local/samba/private/named.conf
- Restart and enable Samba Service
/etc/init.d/named restart
chkconfig named on
//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
(adsbygoogle = window.adsbygoogle || []).push({});
- Test configuration by following commands
host -t SRV _ldap._tcp.example.com.
host -t SRV _kerberos._udp.example.com.
host -t A example.com.
- The result will be like below
[root@samba4 ~]# host -t SRV _ldap._tcp.example.com.
_ldap._tcp.example.com. has SRV record 0 100 389 samba4.example.com.
[root@samba4 ~]# host -t SRV _kerberos._udp.example.com.
_kerberos._udp.example.com. has SRV record 0 100 88 samba4.example.com.
[root@samba4 ~]# host -t A example.com.
example.com has address 192.168.1.13
- Copy files like below
cp /etc/krb5.conf /etc/krb5.conf.ori
cp /usr/local/samba/private/krb5.conf /etc/krb5.con
- Testing Kerberos
kinit administrator
klist -e
- Configure kerberos DNS dynamic updates (Optional)
This configuration is optional. You can apply or skip this section. For configuration, adding this line tkey-gssapi-keytab “/usr/local/samba/private/dns.keytab”; on named.conf in the options section. See the following example
# vi /etc/named.conf
options {
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
- Run the following command to change owner and access on dns.keytab file
chgrp named /usr/local/samba/private/dns.keytab
chmod g+r /usr/local/samba/private/dns.keytab
- Check whether any updates about dynamic DNS with the following command
usr/local/samba/sbin/samba_nsupdate --verbose
- Configure NTP Server (Optional)
yum install ntp
- Open file /etc/ntp.conf and add the following line in the bottom
server 0.id.pool.ntp.org
server 1.id.pool.ntp.org
server 2.id.pool.ntp.org
server 3.id.pool.ntp.org
- Restart ans enable NTP service
/etc/init.d/ntpd restart
chkconfig ntpd on
ntpq -p
- Make samba-tool to be run directly
cp -rvp /usr/local/samba/bin/samba-tool /usr/bin/
chmod +x /usr/bin/samba-tool
- Create Samba User account by below command
samba-tool user create pradeep Root@123
You can successfully installed samba4 Like AD. You can now join Windows client in to Domain.
3 thoughts on “Install Samba4 as Active Directory Server”
Hy !!! Very very nice tuto !!! But i have many problems 🙁 to install and configure samba4.
First error in ./configure.developer
/usr/bin/env: python3: No such file or directory
Hi marcos configure.developer is a python script , when you are running this script it is searching for the python , in a particular path , which I suppose is unavailable in your system.
Which OS are you using for running this script? I hoping that you have already installed all the dependance.
I have created this tutorial orignaly for Redhat and Centos.
sudo yum install centos-release-scl
sudo yum install rh-python36
scl enable rh-python36 bash