Sunday, August 17, 2014

Domain Controller with SAMBA

   Hello guys, i know a lot of you already know about this configuration, and you can find many tutorial about this configuration on the internet. The reason why i decided to made this tutorial because in my university used file system like this too but with windows server, so i wanna know how to it work but in this case i will use ubuntu server 12.04.
   You can find what is domain controller over here. Ok for details let's see when you used samba server without domain controller configuration
source :   http://data-analytics-tools.blogspot.com/2009/02/four-simple-steps-to-secure-samba.html

And when you used domain controller configuration the directory will be look like this
see melody is user, in this tutorial when you setting samba server with domain controller configuration you must log in for access the user directory. OK let's begin :
ip server = 192.168.56.1
domain = rizal.local
dns server 192.168.56.1
in this tutorial i'm just made 2 users "melody" and "nabilah"

setting ip address, i'm used virtual box so i need 2 lan card, first for connection to the internet and the another one for local connection, edit on /etc/network/interfaces and restart the networking

next step
  • apt-update
  • apt-get install samba samba-common samba-doc libcupsys2 winbind smbclient smbfs
edit file /etc/samba/smb.conf
[global] 
workgroup = rizal.local
netbios name = ubuntu 
server string = %h server (Samba, Ubuntu) 
passdb backend = tdbsam 
security = user 
username map = /etc/samba/smbusers 
name resolve order = wins lmhosts bcast hosts 
domain logons = yes 
preferred master = yes 
domain master = yes 
wins support = yes 
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 
os level = 65 
logon driver : H:
path = /var/tmp 
lm announce = yes 
lm interval = 10 

# Useradd scripts 
add user script = /usr/sbin/useradd -m %u 
delete user script = /usr/sbin/userdel -r %u 
add group script = /usr/sbin/groupadd %g 
delete group script = /usr/sbin/groupdel %g 
add user to group script = /usr/sbin/usermod -G %g %u 
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u 

# sync smb passwords woth linux passwords 
passwd program = /usr/bin/passwd %u 
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . 
passwd chat debug = yes 
unix password sync = yes 
# set the loglevel 
log level = 3 

[homes] 
comment = Home 
valid users = %S 
read only = no 
browsable = no 

[netlogon] 
comment = Network Logon Service 
path = /home/samba/netlogon 
admin users = Administrator 
valid users = %U 
read only = no 

[profile] 
comment = User profiles 
path = /home/samba/profiles 
valid users = %U 
create mode = 0600 
directory mode = 0700 
writable = yes 
browsable = no 

find this word and edited to be like this (in smb.conf)

next step, make some file and folder
  • # mkdir /home/samba 
  • # mkdir /home/samba/netlogon 
  • # mkdir /home/samba/profiles 
  • # mkdir /var/spool/samba
  • # chmod 777 /var/spool/samba/
  • # chown -R root:users /home/samba/
  • # chmod -R 771 /home/samba/
  • # touch /home/samba/netlogon/logon.cmd
and then restart samba server : service smbd restart

next step, i will set the root to be Administrator :
  • smbdpasswd -a root
  • edit file /etc/samba/smbusers :
    • root = Administrator 
next step, test samba configuration : smbclient -L localhost -%U

next step, setup domain group for windows :
  • # net groupmap add ntgroup="Domain Users" unixgroup=users 
  • # net groupmap add ntgroup="Domain Guests" unixgroup=nogroup
  •  
next step, add user (nabilah and melody) :

next step, install dns server : apt-get install bind9 :
  • edit /etc/bind/name.conf.local to be like this
  • copy /etc/bind/db.local to /etc/bind/db.rizal and /etc/bind/db.192 and then edited to be like this :


next step, edit /etc/hosts to be like this and then restart bind  :

127.0.0.1         localhost
192.168.56.1   ubuntu rizal.local

next step, check dns configuration on resolv.conf

test your dns settings with nslookup


install dhcp server : apt-get install isc-dhcp-server, and then configure /etc/dhcp/dhcpd.conf to be like this :

and then, restart dhcp server : service isc-dhcp-server restart
now, we will switch to the client and join client to the samba server
first, setting ip client with dhcp and then make sure the configuration it's correct



next step, click start and right click on my computer and then choose properties, switch to then computer name tab,click change and then click more finally type the domain, in this case "rizal.local.".

next step, clik domain and then type the domain again "rizal.local"
finally, just restart you client and log in with account has created before


ok thx for visited my blog, see you next time

reference : http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
                http://www.opikdesign.com/kios/tutorial_ubuntu/Domain_Controller.pdf