Wednesday, 16 July 2014

Setting Up Primary Domain Controller In Linux (CentOS) Using Samba

For setting up a domain controller in linux we need samba to be configured.

1) Setup proper host name for your machine, static IP and firewall settings.

For host name:-

run "vi /etc/sysconfig/network" and edit it as,

#you can use any hostname as per the requirement

For static IP Address:-

run "vi /etc/sysconfig/network-script/ifcfg-eth0" and edit it as,

#you can use any IP you want

2) Run "vi /etc/resolv.conf" and edit it as,

#enter the domain name
search dc.esshan.gupta
#nameserver is the IP of your domain or DNS

3) Run "vi /etc/hosts" and edit it as,   dc.esshan.gupta dc

4) Install prerequisites,

yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 git-core openldap-devel

5)  Download samba server,



git clone git:// sambaserver

6) Extract the tarball and change directory.

7) Run following commands,

./configure --enable-debug --enable-selftest


make install

Samba will be installed in the default location /usr/local/samba/bin. You’ll see several samba client utilities installed under this directory.

8) Setup domain provision, run "/usr/local/samba/bin/samba-tool domain provision". It will automatically take realm, domain from the files we configured previously.
Select server role, DNS backend, forwarder IP address as per your requirement or you can use default.
Set the password for administrator account.

9) Start samba services, "service smb start" and add the same in rc.local file so that samba service starts automatically during system startup.

10) Verify that you are able to login using administrator username and password, run /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator -c 'ls'.

11) Configure kerberos, you can copy sample krb5.conf file to /etc directory. run "cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf".
Set default_realm to your domain name, I am using mine.

        default_realm = ESSHAN.GUPTA
        dns_lookup_realm = false
        dns_lookup_kdc = true

12) Verify kerberos is setup properly by running, "kinit administrator@esshan.gupta".

Finally, you can use Windows remote administrator tool to connect to the Samba server and use it as a domain controller.
If you face any issues during the above process, make sure you bring the system up-to-date by updating all packages. You can also disable SELinux temporarily, and review the audit.log for any SELinux related error messages. Also, make sure your IPTables rules are not blocking the ports that are required by Samba to communicate between the servers.

No comments:

Post a Comment