Scribd Logo
Upload

Welcome to Scribd!

  • Ubuntu 16 SAMBA AD Member Server SAMBA - Ninja

    Uploaded by

    xmacaba
    137 views6 pages
    Ubuntu 16 SAMBA AD Member Server SAMBA.ninja

    Original Title

    Ubuntu 16 SAMBA AD Member Server SAMBA.ninja

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Ubuntu 16 SAMBA AD Member Server SAMBA.ninja

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    137 views6 pages

    Ubuntu 16 SAMBA AD Member Server SAMBA - Ninja

    Uploaded by

    xmacaba
    Ubuntu 16 SAMBA AD Member Server SAMBA.ninja

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Search for anything on this site...

    SAMBA.ninja
    (https://samba.ninja/)
    SAMBA SOLUTIONS FROM MILD TO WILD

    HOME (HTTPS://SAMBA.NINJA/)

    ABOUT (HTTPS://SAMBA.NINJA/ABOUT/)

    CONTACT (HTTPS://SAMBA.NINJA/CONTACT/)

    Ubuntu 16 SAMBA AD Member Server


    October 7, 2016 (https://samba.ninja/2016/10/ubuntu-16-04-samba-ad-memberserver/)
    Geoff Hodder (https://samba.ninja/author/admin/)
    This guide details the steps necessary to configure a SAMBA AD member server on

    Ubuntu 16.04 in an existing Windows Active Directory domain. It is assumed that you

    have already installed a basic, functional Ubuntu server and configured details such as

    timezone, fully-qualified hostname, etc. Your DNS servers should be set to IPs of AD DCs.
    I used Ubuntu 16.04.1 and only installed the standard system utilities and OpenSSH
    package sets through the installation wizard. I also specified the intended FQDN of the
    server during installation which seemed to automate the installation of the heimdalclient package.

    Update 14-10-2016: These instructions also work on Ubuntu 16.10

    1. Update your installation:

    # sudo apt-get update && sudo apt-get upgrade -y

    2. Set static network details in /etc/network/interfaces (Ensure you substitute your


    own details):

    # This file describes the network interfaces available on your system


    # and how to activate them. For more information, see interfaces(5).
    source /etc/network/interfaces.d/*
    # The loopback network interface
    auto lo
    iface lo inet loopback
    # The primary network interface
    auto ens33
    iface ens33 inet static
    address 10.1.1.2
    netmask 255.255.255.0
    gateway 10.1.1.254
    dns-nameservers 10.1.1.1
    dns-search TEST.LOCAL

    3. Restart networking:

    # sudo systemctl restart networking

    4. Install SAMBA and NTP:

    # sudo apt-get install -y ntp samba smbclient winbind libnss-winbind libp


    am-winbind

    5. Update NTP configuration for time synchronisation with your DC(s) (replacing the
    escaped TEST.LOCAL with your AD domain) and restart NTPd:

    # sudo sed -i 's/0\.ubuntu\.pool\.ntp\.org/TEST.lOCAL/' /etc/ntp.conf &&


    systemctl restart ntp

    6. Install Heimdal Kerberos:

    # sudo apt-get install -y heimdal-clients

    7. Test Kerberos authentication with a domain admin account:

    # sudo kinit administrator


    # administrator@TEST.LOCAL's Password:
    * Enter your AD administrator password when prompted, it should just retu
    rn to command prompt

    8. Show your Kerberos ticket for administrator@TEST.LOCAL:


    # sudo klist

    9. Update /etc/nsswitch.conf to pull users and groups from Winbind:

    # sudo sed -i 's/passwd:\s*compat/passwd: compat winbind/' /etc/nsswitch.


    conf
    # sudo sed -i 's/group:\s*compat/group: compat winbind/' /etc/nsswitch.c
    onf

    10. Set /etc/samba/smb.conf to the following (ensuring you replace the bold TEST and
    TEST.LOCAL with your own AD NetBIOS and domain names):

    [global]
    workgroup = TEST
    server string = Samba Server Version %v
    security = ads
    realm = TEST.LOCAL
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBU
    F=131072
    use sendfile = true
    idmap config * : backend = tdb
    idmap config * : range = 100000-299999
    idmap config TEST : backend = rid
    idmap config TEST : range = 10000-99999
    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind refresh tickets = yes
    restrict anonymous = 2
    log file = /var/log/samba/log.%m
    max log size = 50
    #============================ Share Definitions =========================
    =====
    [testshare]
    comment = Test share
    path = /samba/testshare
    read only = no
    force group = "Domain Users"
    directory mask = 0770
    force directory mode = 0770
    create mask = 0660
    force create mode = 0660

    11. Join your SAMBA server to the domain:

    # sudo net ads join test.local -U administrator


    * Should return:
    * Using short domain name -- TEST
    * Joined 'SERVER-NAME' to dns domain 'test.local'
    # sudo net ads testjoin
    * Should return "OK"

    12. Restart SAMBA services:

    # sudo systemctl restart winbind smbd nmbd

    13. Test domain join and Winbind AD user/group resolution:


    # wbinfo -u
    * Should list your AD users

    # wbinfo -g
    * Should list your AD groups
    # getent passwd
    * Should list AD users with UIDs in the 10000+ range
    # getent group
    * Should list AD groups with UIDS in the 10000+ range

    14. Create the location your SAMBA share will be stored:

    # sudo mkdir -p /samba/testshare


    # sudo chown administrator:"domain users" /samba/testshare
    # sudo chmod 0770 /samba/testshare

    15. You should now be able to browse the share from any domain-joined server/client.
    linux (https://samba.ninja/category/linux/), samba
    (https://samba.ninja/category/samba/), ubuntu (https://samba.ninja/category/ubuntu/)

    Leave a Reply

    Your email address will not be published. Required fields are marked *
    Comment

    Name *
    Email *
    Website
    Post Comment

    Recent Posts
    FreeBSD 11 SAMBA AD Member Server (https://samba.ninja/2016/10/freebsd-11samba-ad-member-server/) October 12, 2016

    Ubuntu 16 SAMBA AD Member Server (https://samba.ninja/2016/10/ubuntu-16-04samba-ad-member-server/) October 7, 2016

    CentOS 7 SAMBA AD Member Server (https://samba.ninja/2015/10/centos-7-samba-admember-server/) October 9, 2015


    Ubuntu 15 SAMBA AD Member Server (https://samba.ninja/2015/10/ubuntu-15-sambaad-member-server/) October 2, 2015

    Ubuntu 15 SAMBA Standalone Guest Server (https://samba.ninja/2015/06/ubuntu-14-xsamba-standalone-guest-server/) June 5, 2015

    Recent Comments
    Geoff Hodder (http://samba.ninja) on Ubuntu 15 SAMBA AD Member Server
    (https://samba.ninja/2015/10/ubuntu-15-samba-ad-member-server/#comment-1501)
    Bob Wooden on Ubuntu 15 SAMBA AD Member Server
    (https://samba.ninja/2015/10/ubuntu-15-samba-ad-member-server/#comment-1486)

    Ubuntu 14.x SAMBA Active Directory Member Server | SAMBA.Ninja


    (https://samba.ninja/2014/10/ubuntu-14-samba-ad-member-server/) on Ubuntu 15
    SAMBA AD Member Server (https://samba.ninja/2015/10/ubuntu-15-samba-ad-memberserver/#comment-1481)
    Geoff Hodder (http://samba.ninja) on Ubuntu 14 SAMBA Active Directory Member
    Server (https://samba.ninja/2014/10/ubuntu-14-samba-ad-member-server/#comment1474)
    Sasidhar G Betha on Ubuntu 14 SAMBA Active Directory Member Server
    (https://samba.ninja/2014/10/ubuntu-14-samba-ad-member-server/#comment-1473)

    Categories

    centos (https://samba.ninja/category/centos/) debian


    (https://samba.ninja/category/debian/)

    freebsd

    (https://samba.ninja/category/freebsd/) linux

    (https://samba.ninja/category/linux/) samba

    (https://samba.ninja/category/samba/)
    ubuntu (https://samba.ninja/category/ubuntu/)

    Copyright 2014-2015 Geoff Hodder.

    (http://twitter.com/geoffhodder)

    (http://au.linkedin.com/in/geoffhodder)

    You might also like