How to Install and Configure Samba Active Directory

Edited 2 days ago by ExtremeHow Editorial Team

SambaActive DirectoryServer SetupConfigurationNetworkingUser ManagementAuthenticationCross-PlatformPermissionsAdmin

Samba is an open-source software suite that provides seamless file and print services to SMB/CIFS clients. An interesting feature of Samba is its ability to act as an Active Directory domain controller. This guide provides comprehensive steps to install and configure Samba as an Active Directory domain controller on a Linux server.

Introduction to Samba

Samba is a free software re-implementation of the SMB/CIFS networking protocol that allows you to interact with a Windows client or server. Samba enables interoperation between Linux/Unix servers and Windows-based clients. The protocol used by Samba falls under the category of "network file sharing protocols", and its main function is to share files and printers between Unix-like systems such as Windows and Linux.

Prerequisites

Before you begin setting up Samba Active Directory, make sure you have the following:

• A Linux machine, preferably Ubuntu Server 18.04 or later, or CentOS 7 or later.
• A static IP address for your server.
• Access to root or a user with sudo privileges.

Step 1: Setting up the hostname

The configuration of the hostname on your Linux server is important for the proper functioning of Samba. Use the following command to set or change the hostname:

sudo hostnamectl set-hostname

Verify the change by checking your current hostname:

hostnamectl

Step 2: Configuring the hosts file

You need to make sure that your machine's hosts file has the correct hostname and IP mapping. Edit the /etc/hosts file:

sudo nano /etc/hosts

If your server's IP address and newly set hostname don't already exist, add or modify them:

127.0.0.1 localhost 192.168.xx .yourdomain
127.0.0.1 localhost 192.168.xx .yourdomain

Step 3: Installing Samba

Install the Samba package and required dependencies. Use the appropriate package manager for your Linux distribution.

On Ubuntu:

sudo apt update sudo apt install samba smbclient krb5-user

On CentOS:

sudo yum update sudo yum install samba samba-client samba-common

During installation, you may be asked to configure Kerberos. If so, enter a description of the region (for example, EXAMPLE.COM) and domain in capital letters.

Step 4: Configuring Samba AD

Before you can promote your server to an Active Directory Domain Controller (AD DC), you must provision Samba AD.

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak sudo samba-tool domain provision --use-rfc2307 --realm=YOURDOMAIN.COM --domain=YOURDOMAIN --adminpass=YourStrongPassword

Replace "YOURDOMAIN.COM" with your actual domain name and "YourStrongPassword" with a secure password of your choice. The configuration process sets up a basic domain setup with Kerberos, DNS, LDAP, and SMB.

Step 5: Starting Samba Services

Start the Samba services using the following:

On Ubuntu:

sudo systemctl start smbd nmbd sudo systemctl enable smbd nmbd

On CentOS:

sudo systemctl start smb nmb sudo systemctl enable smb nmb

Verify if Samba services are running properly:

systemctl status smbd systemctl status nmbd

Step 6: Setup the DNS Server

Samba uses its own DNS server to manage AD Active Directory services. Make sure SAMBA_DNS is set to internal:

sudo nano /etc/samba/smb.conf

Make sure the parameter under the [global] section is:

dns forwarder = YourDNSIP #or leave it empty to disable

Restart Samba DNS:

sudo systemctl restart samba-ad-dc

Step 7: Test the configuration

To verify that the Active Directory domain controller is working, perform the following checks:

Domain/forest level verification

sudo samba-tool domain level show

Verifying DNS

host -t A . .com
host -t A . .com
host -t A . .com

LDAP Testing

ldapsearch -x -b "dc=yourdomain,dc=com" -H ldap://localhost

Step 8: Integration with Windows

To integrate your Samba AD DC with Windows machines:

• Go to your Windows client machine.
• Go to Settings > System > About > and select "Join domain."
• Enter your domain (for example, yourdomain.com).
• Use the administrative credentials setup during Samba provisioning.

Reboot the system and make sure users can log in with their domain credentials.

Troubleshooting

General issues

• Check firewall rules if Samba ports (e.g., 137, 138, 139, 445) are blocked.
• Make sure SELinux or AppArmor is configured to allow Samba.
• Verify DNS resolution with a command such as ping <hostname>.

Conclusion

Setting up Samba as an Active Directory domain controller can provide a strong alternative to Windows Server, bringing centralized user management and authentication to a Linux-based infrastructure. These steps provide a base configuration that can be expanded to match more specific enterprise needs.

  Share This Article

If you find anything wrong with the article content, you can request an update