Installing Samba Active Directory Domain Controller in Ubuntu Server

Jul 1, 2024

Lecture Notes: Installing Samba Active Directory Domain Controller in Ubuntu Server

Overview

  • Purpose: Setup Samba AD DC on Ubuntu Server, join Windows 10 client, manage AD via Microsoft RSAT.
  • Tools Used: VirtualBox, Ubuntu Server, Windows 10 Professional, Samba, RSAT, Group Policy Objects.
  • Main Steps:
    1. Install Samba AD DC on Ubuntu Server
    2. Test name resolution
    3. Join Windows 10 client to domain
    4. Perform system admin tasks on AD domain

Part 1: Setting Up the Environment

VirtualBox Configuration

  • Two machines: Ubuntu Server, Windows 10 Professional
  • Network Configuration: Static IP setup, use VirtualBox preferences to manage network settings.

Ubuntu Server Initialization

  • SSH Connection: Use ssh user@localhost for remote login.
  • System Update: sudo apt update and sudo apt upgrade.
  • Hostname and Static IP:
    • Change hostname using sudo vi /etc/hostname and sudo vi /etc/hosts.
    • Configure static IP using sudo vi /etc/netplan/....
  • Restart Network and Server: Apply settings and restart using sudo netplan apply and sudo reboot.

Part 2: Installing Samba AD DC

Install Required Packages

  • Command: apt install samba winbind krb5-config smbclient dnsutils net-tools -y.
  • Kerberos Configuration:
    • Enter HOME_NET.COM as default realm.
    • Kerberos server and admin server: dc1.homenet.com.

Configuring Samba

  • Backup Original Configuration: mv /etc/samba/smb.conf /etc/samba/smb.conf.original.
  • Provision Samba AD:
    • Command: samba-tool domain provision --use-rfc2307 --interactive.
    • Input realm, domain, DNS backend, DNS forwarder, admin password.
  • Copy Kerberos Config File: cp /var/lib/samba/private/krb5.conf /etc/krb5.conf.
  • Update resolv.conf:
    • Ensure DNS server points to AD DC IP: vi /etc/resolv.conf.
  • Disable Unnecessary Services: Use systemctl to disable and mask specific services.
  • Start Samba AD DC: Use systemctl enable --now samba-ad-dc.
  • Verify Services: netstat -a | grep smbd and restart if necessary.

Part 3: Joining Windows 10 to the Domain

  • Configure Network Settings: Ensure static IP and DNS pointing to Ubuntu Server on Windows client.
  • Join Domain: System properties > Change settings > Domain: homenet.com.
  • Restart Windows 10: To apply changes.

Part 4: Managing Active Directory with RSAT

Install RSAT on Windows 10

  • Download and Install: Microsoft RSAT tool for remote management.
  • Log in as Domain Admin: Use DOMAIN\username format.
  • Create MMC Snap-ins:
    • Add Active Directory Users and Computers, DNS, Group Policy Management, etc.

Creating Users and OUs

  • Create User: Use Active Directory Users and Computers.
  • Create Organizational Units (OUs): Manage users and apply targeted policies.
  • Move Users and Computers into OUs: Right-click to move them.
  • Set User Properties: Login hours, computers, home profiles.

Part 5: Network Shares and Group Policy

Creating Network Shares

  • Create Directories: mkdir in the appropriate directory on Samba server.
  • Edit smb.conf: Add new shares (e.g., apps, data).
  • Apply Changes: Restart Samba service.

Map Network Drives Using Group Policy

  • Create GPO for Mapping Drives:
    • User Configuration > Preferences > Windows Settings > Drive Maps.
    • Configure paths and labels for drives.
  • Link GPO to Domain or OU: Apply the policy to appropriate level.

Software Installation via GPO

  • Prepare MSI Packages: Upload to Samba share.
  • Create GPO for Software Installation: Under Computer Configuration > Software Settings > Software Installation.
  • Assign Packages: Setup paths to MSI files for automatic installation.
  • Restart Client Machines: To apply the installation policy.

Part 6: Restricted Access and Logon Scripts

Restricting Access to Control Panel

  • Create GPO for Restrictions:
    • User Configuration > Policies > Administrative Templates > Control Panel.
    • Enable “Prohibit access to Control Panel”.

Running Logon Scripts

  • Create Logon Script: Write script to perform tasks like software installation or drive mapping.
  • Add Script to GPO: User Configuration > Windows Settings > Scripts (Logon/Logoff).
  • Test Script Execution: By logging in and verifying tasks.

Conclusion

  • Summary: Install Samba AD DC, configure network, manage AD from Windows, create users and OUs, map drives, install software, restrict access, run scripts.
  • Importance: Despite cloud adoption, on-premises AD remains relevant.
  • Engagement: Subscribe, Like, Comment, and check out courses on Udemy.