#cat /etc/issue -centos 6.5 or more
#uname -r - 64 bit
need to disable iptables and selinux
#service iptables stop
#chkconfig iptables off
#vi /etc/selinux/config
edit SELINUX=disabled
#hostname
adserver.boobal.com (FQDN)
Verify you domain name and IP address // boobal.com & 192.168.1.1
install dependencies for samba4
#yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 libldap2-dev openldap-devel wget
query old available rpm packages of samba
# rpm -qa | grep samba
if packages are available remove them from yum
#yum remove samba-winbind-client samba-common samba-client
install git to download the latest samba4 version
# yum install git-core
download the latest version of samba from git repository
# git clone git://git.samba.org/samba.git samba-master
#reboot the server /// here if you haven't get clone you can download directly to the latest software from here
if successfully get samba-master
#cd samba-master
#./configure –enable-debug –enable-selftest
here facing error like that
#make
#make install
# /usr/local/samba/bin/samba-tool domain provision
realm: enter
domain: enter
server:enter
dns:enter
dns forward:enter
adminpassword : password
final result should come
A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: adserver
NetBIOS Domain: BOOBAL
DNS Domain: boobal.com
DOMAIN SID: S-1-5-21-2438265942-4203611404-860777952
then reboot
start samba daemon mannually
# /usr/local/samba/sbin/samba
to know the version
# /usr/local/samba/sbin/samba -V
Version 4.6.0pre1-GIT-77b51ba
Here is configuration file of samba 4 ‘/usr/local/samba/etc/smb.conf‘
# cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
netbios name = ADSERVER
realm = BOOBAL.COM
workgroup = BOOBAL
dns forwarder = 8.8.8.8
server role = active directory domain controller
[netlogon]
path = /usr/local/samba/var/locks/sysvol/boobal.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
NTP (network time protocol)
Make sure that ‘ntpd’ is running and installed.
# yum install ntp
#/etc/init.d/ntpd start
#chkconfig ntpd on
# /usr/local/samba/sbin/samba
Put samba 4 command in bashrc
# vi ~/.bashrc
export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin
Reboot the the server to update bashrc file
(or)
# bash
now restart samba daemon like this
# samba
Check the process of samba service
# ps -ef | grep samba
finally join windows system in domain
from your windows pc set preferred dns server as 192.168.1.117
add this pc as member of Domain BOOBAL.COM (from computer name domain name change) When it requests a username and password, type ‘Administrator’ as the username and then enter your password. (password = the password you used when you ran the ‘samba-tool domain provision’ command)
you should get message "welcome to the BOOBAL.COM domain"
now restart the PC
after reboot, login with other users
username BOOBAL\administrator
password ********
Now you should install remote administrative tool.This will allow you easily manage the domain using Active Directory.
download link windows
Enable the necessary components in ‘Control Panel -> Programs -> Turn Windows features on or off -> Remote Server Administration Tools’
#uname -r - 64 bit
need to disable iptables and selinux
#service iptables stop
#chkconfig iptables off
#vi /etc/selinux/config
edit SELINUX=disabled
#hostname
adserver.boobal.com (FQDN)
Verify you domain name and IP address // boobal.com & 192.168.1.1
install dependencies for samba4
#yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 libldap2-dev openldap-devel wget
query old available rpm packages of samba
# rpm -qa | grep samba
if packages are available remove them from yum
#yum remove samba-winbind-client samba-common samba-client
install git to download the latest samba4 version
# yum install git-core
download the latest version of samba from git repository
# git clone git://git.samba.org/samba.git samba-master
#reboot the server /// here if you haven't get clone you can download directly to the latest software from here
if successfully get samba-master
#cd samba-master
#./configure –enable-debug –enable-selftest
here facing error like that
Checking for gnutls >= 1.4.0 and broken versions : not found /usr/src/samba-x.y.z/source4/lib/tls/wscript:37: error: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol
# yum install perl gcc attr libacl-devel libblkid-devel \
gnutls-devel readline-devel python-devel gdb pkgconfig \
krb5-workstation zlib-devel setroubleshoot-server libaio-devel \
setroubleshoot-plugins policycoreutils-python \
libsemanage-python perl-ExtUtils-MakeMaker perl-Parse-Yapp \
perl-Test-Base popt-devel libxml2-devel libattr-devel \
keyutils-libs-devel cups-devel bind-utils libxslt \
docbook-style-xsl openldap-devel autoconf python-crypto pam-devel
#make
#make install
# /usr/local/samba/bin/samba-tool domain provision
realm: enter
domain: enter
server:enter
dns:enter
dns forward:enter
adminpassword : password
final result should come
A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: adserver
NetBIOS Domain: BOOBAL
DNS Domain: boobal.com
DOMAIN SID: S-1-5-21-2438265942-4203611404-860777952
then reboot
start samba daemon mannually
# /usr/local/samba/sbin/samba
to know the version
# /usr/local/samba/sbin/samba -V
Version 4.6.0pre1-GIT-77b51ba
if you want to start samba at boot time add /usr/local/samba/sbin/samba in /etc/rc.local file
#vi /etc/rc.local
/usr/local/samba/sbin/samba
Now run this command to list the shares on your Samba4 server
# /usr/local/samba/bin/smbclient -L localhost -U% //want to check
Configuring DNS
verify you ip configuration
Edit your ‘/etc/resolv.conf‘ file
# vi /etc/resolv.conf
# Generated by NetworkManager
search boobal.com
nameserver 192.168.1.117
# cat /usr/local/samba/etc/smb.conf
[global]
netbios name = ADSERVER
realm = BOOBAL.COM
workgroup = BOOBAL
dns forwarder = 8.8.8.8
server role = active directory domain controller
[netlogon]
path = /usr/local/samba/var/locks/sysvol/boobal.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Test DNS Now
# nslookup boobal.com
Server: 192.168.1.117
Address: 192.168.1.117#53
Name: boobal.com
Address: 192.168.1.117
#host -t SRV _ldap._tcp.boobal.com.
_ldap._tcp.kvit.in has SRV record 0 100 389 adserver.boobal.com.
# host -t SRV _kerberos._udp.boobal.com.
_kerberos._udp.kvit.in has SRV record 0 100 88 adserver.boobal.com.
# host -t A adserver.boobal.com
adserver.boobal.com has address 192.168.1.117
Now, Flush and save Iptables
#iptables -F
Configure Kerberos file
In CentOS 6.3 or 6.4, kerberos is handled by the ‘/etc/krb5.conf’ file. Make a backup copy of this original file, and then replace the existing file, if any, with the sample from /usr/local/samba/share/setup/krb5.conf.
# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
now edit the /etc/krb5.conf like as follows
# cat /etc/krb5.conf
[libdefaults]
default_realm = boobal.com
dns_lookup_realm = false
dns_lookup_kdc = true
Testing Kerberos
# kinit administrator@BOOBAL.COM
here create your administrator password
then check the list
]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@BOOBAL.COM
Valid starting Expires Service principal
12/23/16 22:05:03 12/24/16 08:05:03 krbtgt/BOOBAL.COM@BOOBAL.COM
renew until 12/24/16 22:04:53
Make sure that ‘ntpd’ is running and installed.
# yum install ntp
#/etc/init.d/ntpd start
#chkconfig ntpd on
# /usr/local/samba/sbin/samba
Put samba 4 command in bashrc
# vi ~/.bashrc
export PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin
Reboot the the server to update bashrc file
(or)
# bash
now restart samba daemon like this
# samba
Check the process of samba service
# ps -ef | grep samba
finally join windows system in domain
from your windows pc set preferred dns server as 192.168.1.117
add this pc as member of Domain BOOBAL.COM (from computer name domain name change) When it requests a username and password, type ‘Administrator’ as the username and then enter your password. (password = the password you used when you ran the ‘samba-tool domain provision’ command)
you should get message "welcome to the BOOBAL.COM domain"
now restart the PC
after reboot, login with other users
username BOOBAL\administrator
password ********
Now you should install remote administrative tool.This will allow you easily manage the domain using Active Directory.
download link windows
Enable the necessary components in ‘Control Panel -> Programs -> Turn Windows features on or off -> Remote Server Administration Tools’
Now open AD Console and create one or more domain user
0 Comments