{"id":1910,"date":"2021-04-14T23:54:45","date_gmt":"2021-04-14T23:54:45","guid":{"rendered":"https:\/\/dft.wiki\/?p=1910"},"modified":"2021-04-17T15:31:39","modified_gmt":"2021-04-17T15:31:39","slug":"linux-as-active-directory-domain-controller-ad-dc-replication","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=1910","title":{"rendered":"Linux as Active Directory \/ Domain Controller (AD-DC) Replication"},"content":{"rendered":"<pre>sudo apt update &amp;&amp; sudo apt upgrade -y\r\nsudo hostnamectl set-hostname ad1\r\nsudo nano \/etc\/hosts<\/pre>\n<p>Add the following line replacing the IP with the Principal AD-DC&#8217;s IP:<\/p>\n<pre>10.0.0.1 ad0.test.local ad0<\/pre>\n<p>Define a static IP to the secondary AD-DC:<\/p>\n<pre>network:\r\n  ethernets:\r\n    eth0:\r\n...\r\n<strong>      nameservers:\r\n        addresses:\r\n        - 10.0.0.1           # Primary DC\r\n<\/strong>  renderer: networkd\r\n  version: 2<\/pre>\n<p>Apply, reboot, and test the domain resolution.<\/p>\n<pre>sudo netplan apply\r\nsudo reboot\r\nping test.local<\/pre>\n<p>Verify the time in both AD and AD2, if necessary adjust using a common NTP server.<\/p>\n<p>Install:<\/p>\n<pre>sudo apt-get install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind -y<\/pre>\n<p>Answer the domain in <strong>UPPER CASE<\/strong>:<\/p>\n<pre>TEST.LOCAL<\/pre>\n<p>Verify the settings by requesting a Kerberos ticket for the domain administrator using <strong>kinit<\/strong> command:<\/p>\n<pre>kinit administrator@TEST.LOCAL\r\nklist<\/pre>\n<p>Join the AD DC as a Domain Controller:<\/p>\n<pre>sudo systemctl stop samba-ad-dc smbd nmbd winbind\r\nsudo mv \/etc\/samba\/smb.conf \/etc\/samba\/smb.conf.initial\r\nsudo samba-tool domain join <strong>test.local<\/strong> DC -U \"<strong>administrator<\/strong>\"<\/pre>\n<p>Edit <strong>\/etc\/samba\/smb.conf<\/strong> and append:<\/p>\n<pre>dns forwarder = <strong>8.8.8.8<\/strong>\r\nidmap_ldb:use rfc2307 = yes\r\n\r\n   template shell = \/bin\/bash\r\n   winbind use default domain = true\r\n   winbind offline logon = false\r\n   winbind nss info = rfc2307\r\n        winbind enum users = yes\r\n        winbind enum groups = yes<\/pre>\n<p>Then:<\/p>\n<pre>sudo systemctl unmask samba-ad-dc\r\nsudo systemctl start samba-ad-dc\r\nsudo samba-tool drs showrepl\r\nsudo mv \/etc\/krb5.conf \/etc\/krb5.conf.initial\r\nsudo ln -s \/var\/lib\/samba\/private\/krb5.conf \/etc\/\r\nsudo kinit administrator<\/pre>\n<p>If everything went well validate the domain services:<\/p>\n<pre>sudo host test.local\r\nsudo host -t SRV _kerberos._udp.test.local\r\nsudo host -t SRV _ldap._tcp.rcnd.local\r\nsudo samba-tool user create <strong>TestUser<\/strong><\/pre>\n<p>On the Principal AD look for the new user:<\/p>\n<pre>sudo samba-tool user list | grep <strong>TestUser<\/strong><\/pre>\n<p>You can also list users and groups with the following commands:<\/p>\n<pre>wbinfo -u\r\nwbinfo -g<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>sudo apt update &amp;&amp; sudo apt upgrade -y sudo hostnamectl set-hostname ad1 sudo nano \/etc\/hosts [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6],"tags":[],"class_list":["post-1910","post","type-post","status-publish","format-standard","hentry","category-linux","category-raspberry-pi"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1910"}],"version-history":[{"count":9,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1910\/revisions"}],"predecessor-version":[{"id":1963,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1910\/revisions\/1963"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}