Creating a Samba AD – Gladson Carneiro Ramos

Instalation

Check for file system support
install operating system
Choose a domain name
Add to /etc/hosts
Install packages

Debian 10 example:

# apt-get install acl attr autoconf bind9utils bison build-essential \
debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev krb5-user \
libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libgpgme-dev libjson-perl libldap2-dev \
libncurses5-dev libpam0g-dev libparse-yapp-perl libpopt-dev libreadline-dev \
nettle-dev perl perl-modules pkg-config   python-all-dev python-crypto python-dbg \
python-dev python-dnspython   python3-dnspython python-gpg python3-gpg \
python-markdown python3-markdown python3-dev xsltproc zlib1g-dev liblmdb-dev \
lmdb-utils acl attr samba samba-dsdb-modules samba-vfs-modules winbind krb5-config \
krb5-user dnsutils smbclient

Set realm ALL CAPS

Set servers

Set kerberos adm

If any mistake was made, it's possible to reconfigure

dpkg-reconfigure krb5-config

or edit /etc/krb5.conf to be like that:

[realms]
	MY.LOCAL.DOMAIN = {
		kdc = zero0.my.local.domain
		kdc = zero1.my.local.domain
		admin_server = zero0.my.local.domain
	}
	ATHENA.MIT.EDU = {
    [...]

Provisioning a Samba Active Directory

Backup smb.conf

# mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp

Provisioning:

# samba-tool domain provision --use-rfc2307 --interactive

# samba-tool domain provision --use-rfc2307 --realm=MY.LOCAL.DOMAIN --domain=my \
--server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass=P@ssw0rd

reboot and have fun

Using the script samba.sh

$ git clone https://github.com/ramosgladson/samba4.git
$ cd samba4
$ sudo chmod +x samba.sh
$ ./samba.sh
(change resolv.conf nameserver)
# ./samba2.sh