Uncategorized

Configute Samba Active Directory Domain Controller. (Centos)

Leave a comment

The Samba package provided from official repository does not provide the DC function yet, so Download Samba RPM package from the EnterpriseSAMBA.com ( http://enterprisesamba.com/ ) which is introduced by Samba official site ( https://www.samba.org/ ).
[1]
Register your user info on the site below first to download Samba RPM package.
https://portal.enterprisesamba.com/
[2]
After registration, access to the URL above again and click ‘Login’ to login the site.
[3]
After login, remember your username and accesskey which is displayed on the site. It’s necessarry to set in repo file for yum later.
[4]
Scroll down the page and download ‘sernet-samba-4.1.repo’ for CentOS 7 to your PC or server. Next, upload it to the server you will install Samba4 and move it under the ‘/etc/yum.repos.d’.
[5] Set your username and accesskey in repo file.
[root@smb ~]# vi /etc/yum.repos.d/sernet-samba-4.1.repo
# change to your username and accesskey
[sernet-samba-4.1]
name=SerNet Samba 4.1 Packages (centos-7)
type=rpm-md
baseurl=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/centos/7/
gpgcheck=1
gpgkey=https://USERNAME:ACCESSKEY@download.sernet.de/packages/samba/4.1/centos/7/repodata/repomd.xml.key
enabled=1
[6] Install Samba.
[root@smb ~]# yum -y install sernet-samba sernet-samba-ad
[7] Configure Samba AD DC.
[root@smb ~]# samba-tool domain provision
# specify Realm
Realm [SERVER.WORLD]: SERVER.WORLD
# specify Domain name
Domain [SERVER]: SMB01
# Enter with default because it sets DC
Server Role (dc, member, standalone) [dc]:
# Enter with default because it uses Built-in DNS
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
# confirm DNS setting and Enter if it’s OK
DNS forwarder IP address (write ‘none’ to disable forwarding) [10.0.0.1]:
# set admin password
# Do not set trivial password, if you input it, configuration wizard shows error and stops.
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses


A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: smb
NetBIOS Domain: SMB01
DNS Domain: server.world
DOMAIN SID: S-1-5-21-1554426047-3808867033-1778000025

[root@smb ~]# vi /etc/default/sernet-samba
# line 7: change
SAMBA_START_MODE=”ad”
[root@smb ~]# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
[root@smb ~]# systemctl start sernet-samba-ad
[root@smb ~]# chkconfig sernet-samba-ad on
[root@smb ~]# chkconfig sernet-samba-smbd off
[root@smb ~]# chkconfig sernet-samba-nmbd off
[root@smb ~]# chkconfig sernet-samba-winbindd off
[8] Raise the domain level to 2008 R2.
[root@smb ~]# samba-tool domain level raise –domain-level 2008_R2 –forest-level 2008_R2
Domain function level changed!
Forest function level changed!
All changes applied successfully!
# show domain level
[root@smb ~]# samba-tool domain level show
Domain and forest function level for domain ‘DC=server,DC=world’

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

Leave a Reply