DFT Wiki

This is how to create one Linux (Ubuntu 18.04 LTS) Domain Controller to work as a Windows Server Active Directory.

Lets make few assumptions and clarify something before the start:

Be aware that in some moments the domain or the machine name has to be in ‘UPPERCASE‘ and other moments in ‘lowercase‘.

For this example, we will use the domain ‘company.com‘ and the server will have the name ‘srv‘.

Start issuing the commands:

sudo apt update && sudo apt upgrade -y
sudo passwd root
sudo hostnamectl set-hostname srv

At this point create one password for the user ‘root‘, because you will have to proceed as ‘su‘ instead of the command ‘sudo‘. Then switch to root user:

su
apt-get install samba krb5-config winbind net-tools smbclient -y

Three questions will popup. Answer the domain name in UPPERCASE:

COMPANY.COM

Than answer twice in lowercase the FQDN for the server of your domain:

srv.company.com

Issue the command below, but replace the IP ‘10.0.2.254‘ with your ‘srv‘ IP and domain name:

echo '10.0.4.254 srv srv.company.com' >> /etc/hosts

Issue the commands to start a new Samba configuration:

mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp
samba-tool domain provision

Follow the steps from the image above. For the DNS Forward, we are going to use the Google Public DNS Server (‘8.8.8.8‘). Then set the password to the user ‘Administrator‘ of the Active Directory, and you may get the same result:

Here the Samba configuration starts:

cp /var/lib/samba/private/krb5.conf /etc/
systemctl disable --now smbd nmbd winbind systemd-resolved
systemctl unmask samba-ad-dc.service
systemctl enable --now samba-ad-dc.service
samba-tool domain level show

rm /etc/resolv.conf
echo 'nameserver 127.0.0.1' >> /etc/resolv.conf

DONE! Now check that everything is working properly:

Go to the client computer (Windows or Linux) and change the DNS server to the IP address of your server (in my example was 10.0.2.254).

Then go to the command prompt and try to ping ‘srv.company.com‘, ‘company.com‘, ‘srv‘, and ‘google.com‘.

If all the ping were resolved and the pings went through, go ahead and try to join the computer to de domain.

Now joining the computers to the domain and create users in the AD.

Most popular commands of commands:

sudo samba-tool user list
sudo samba-tool user create UserName
sudo samba-tool user delete UserName
sudo samba-tool user disable UserName
sudo samba-tool user enable UserName
sudo samba-tool user setpassword UserName
sudo samba-tool user setexpiry UserName --days=30
sudo samba-tool group list
sudo samba-tool group listmembers GroupName
sudo samba-tool group add GroupName
sudo samba-tool group delete GroupName
sudo samba-tool group addmembers GroupName UserName
sudo samba-tool group removemembers GroupName UserName
sudo samba-tool computer list

Few other commands for special requests:

sudo samba-tool group add –h
sudo samba-tool user add -h
sudo samba-tool user add domainName --given-name=givenName --surname=surName [email protected] --login-shell=/bin/bash
sudo samba-tool domain passwordsettings show
sudo samba-tool domain passwordsettings set -h
sudo samba-tool gpo listall
sudo samba-tool drs showrepl
sudo samba-tool dns -help
sudo samba-tool dns query 10.0.0.1 example.com zone A -U Administrator
sudo samba-tool dns zonecreate domain.local 0.0.10.in-addr.arpa -U Administrator
sudo samba-tool processes
sudo samba-tool visualize ntdsconn
sudo samba-tool visualize reps

Wouldn’t be complete without the Remote Server Administration Tools for Windows 10 [Link].