This is how to create a Linux (Ubuntu 18.04 LTS) Domain Controller to work as a Windows Server Active Directory.
Let’s make a few assumptions and clarify some things before we start:
Be aware that in some moments the domain or the machine name has to be in ‘UPPERCASE‘ and other moments in ‘lowercase‘.
For this example, we will use the domain ‘company.com‘ and the server will have the name ‘srv‘.
Start by issuing the following commands:
sudo apt update && sudo apt upgrade -y sudo passwd root sudo hostnamectl set-hostname srv
At this point, create a password for the user ‘root‘, because you will need to proceed as ‘su‘ instead of using ‘sudo‘. Then switch to the root user:
su apt-get install samba krb5-config winbind net-tools smbclient -y
Three questions will pop up. Answer with the domain name in UPPERCASE:
COMPANY.COM
Then answer twice in lowercase with the FQDN for the server of your domain:
srv.company.com
Issue the command below, replacing the IP ‘10.0.2.254‘ with your ‘srv‘ IP and domain name:
echo '10.0.4.254 srv srv.company.com' >> /etc/hosts
Issue the following commands to start a new Samba configuration:
mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp samba-tool domain provision
Follow the steps from the image above. For the DNS forwarder, we are going to use the Google Public DNS Server (‘8.8.8.8‘). Then set the password for the ‘Administrator‘ user of the Active Directory. You should see a result like this:
Now configure Samba with the following commands:
cp /var/lib/samba/private/krb5.conf /etc/ systemctl disable --now smbd nmbd winbind systemd-resolved systemctl unmask samba-ad-dc.service systemctl enable --now samba-ad-dc.service samba-tool domain level show
rm /etc/resolv.conf echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
DONE! Now check that everything is working properly:
Go to the client computer (Windows or Linux) and change the DNS server to the IP address of your server (in this example, 10.0.2.254).
Then open a command prompt and try to ping ‘srv.company.com‘, ‘company.com‘, ‘srv‘, and ‘google.com‘.
If all the pings resolved successfully, go ahead and join the computer to the domain.
Now you can join computers to the domain and create users in the AD.
Most commonly used commands:
sudo samba-tool user list sudo samba-tool user create UserName sudo samba-tool user delete UserName sudo samba-tool user disable UserName sudo samba-tool user enable UserName sudo samba-tool user setpassword UserName sudo samba-tool user setexpiry UserName --days=30 sudo samba-tool group list sudo samba-tool group listmembers GroupName sudo samba-tool group add GroupName sudo samba-tool group delete GroupName sudo samba-tool group addmembers GroupName UserName sudo samba-tool group removemembers GroupName UserName sudo samba-tool computer list
A few other commands for specific needs:
sudo samba-tool group add –h sudo samba-tool user add -h sudo samba-tool user add domainName --given-name=givenName --surname=surName [email protected] --login-shell=/bin/bash sudo samba-tool domain passwordsettings show sudo samba-tool domain passwordsettings set -h sudo samba-tool gpo listall sudo samba-tool drs showrepl sudo samba-tool dns -help sudo samba-tool dns query 10.0.0.1 example.com zone A -U Administrator sudo samba-tool dns zonecreate domain.local 0.0.10.in-addr.arpa -U Administrator sudo samba-tool processes sudo samba-tool visualize ntdsconn sudo samba-tool visualize reps
It would not be complete without the Remote Server Administration Tools for Windows 10 [Link].