Introduction of Samba- 4
Samba 4 is an open source and free software suit that brings Active
Directory functionality to the open source SMB/CIFS (Server Message
Block/Common Internet File System) file and print server. Samba 4 can serve as
an Active Directory Domain Controller, provide DNS services, handle
Kerberos-based authentication, and administer group policy.
Samba4 Server Features
1).Can act as ADDC(Active Directory Domain Controller)
2). Can create Local Profile in samba-4
3). Can create Roaming Profile in samba-4
4). Auto logon scripts
5). Centralized system administration using Group policy
2). Can create Local Profile in samba-4
3). Can create Roaming Profile in samba-4
4). Auto logon scripts
5). Centralized system administration using Group policy
Server
Information
Operrating System: Centos6.3 64 bit
IP Address: 192.168.0.69
FQDN : server.kvit.in
Domain Name: kvit.in
Selinux : Disabled
DNS Forwarding IP Address:8.8.8.8 ( Change to yours)
IP Address: 192.168.0.69
FQDN : server.kvit.in
Domain Name: kvit.in
Selinux : Disabled
DNS Forwarding IP Address:8.8.8.8 ( Change to yours)
Installation
step
Install
all dependencies package to build system samba-4
[root@server
~]# yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation
krb5-libs pam_krb5 libldap2-dev openldap-devel wget
Query old available rpm
package of samba
[root@server
~]# rpm -qa | grep samba
If package are available
remove them with YUM
[root@server
~]# yum remove samba-winbind-client samba-common samba-client
Install git to dowload the
latest Samba 4 version
[root@server
~]# yum install git-core
Download the latest version
of samba from git repository
[root@server ~]#
git clone git://git.samba.org/samba.git samba-master
Reboot the server as a
precaution so that all packages or kernel updates will be applied
[root@server
~]#shutdown -r now
Login again as root to build
samba and then compile samba package
[root@server
~]#cd samba-master
[root@server
~]#./configure –enable-debug –enable-selftest
[root@server
~]#make
If everything reports okay
you can then install samba
[root@server
~]#make install
You should now have samba
installed to ‘/usr/local/samba‘
Provision Samba 4 steps: The provision step
sets up a basic user database, and is used when you are setting up your Samba4
server in its own domain.
Issue this command from root:
[root@server
~]# /usr/local/samba/bin/samba-tool domain provision
Realm
[KVIT.IN]: (press Enter)
Domain
[KVIT]: (press Enter)
Server
Role (dc, member, standalone) [dc]: (press Enter)
DNS
backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
(press Enter)
DNS
forwarder IP address (write ‘none’ to disable forwarding) [8.8.8.8]: (press
Enter)
Administrator
password:********* (Set Here DC Administrator password)
Retype
password: *********
Result will show like this
Creating
CN=MicrosoftDNS,CN=System,DC=kvit,DC=in
Creating
DomainDnsZones and ForestDnsZones partitions
Populating
DomainDnsZones and ForestDnsZones partitions
Setting up
sam.ldb rootDSE marking as synchronized
Fixing
provision GUIDs
A Kerberos
configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Once the
above files are installed, your Samba4 server will be ready to use
Server
Role: active directory domain controller
Hostname:
server
NetBIOS
Domain: KVIT
DNS
Domain: kvit.in
DOMAIN
SID: S-1-5-21-1541916875-3099074859-2332263890
Note: You may need to remove the ‘/usr/local/samba/etc/smb.conf’
file if you are re-running the provision command. If you encounter any errors
when running the provision command, you may need to install the necessary
missing packages or fix errors and then run ‘./configure’, ‘make’ and ‘make
install’ commands again as stated above. Remember to do a ‘make clean’ in the
root of your ‘samba-master’ directory before running ‘make’ again.
If the provision setup was
successful reboot the server
[root@server ~]#shutdown -r now
Start samba daemon manually
[root@server ~]# /usr/local/samba/sbin/samba
If you like to start samba at boot time, Add ‘/usr/local/samba/sbin/samba’ in /etc/rc.local
file.
[root@server
~]#vim /etc/rc.local
/usr/local/samba/sbin/samba
Verify you are indeed
running the correct version
[root@server
~]# /usr/local/samba/sbin/samba -V
Version
4.3.0pre1-GIT-d098b6c
Now run this command to list the shares on your Samba4 server
[root@server
~]# /usr/local/samba/bin/smbclient -L localhost -U%
Domain=[KVIT]
OS=[Windows 6.1] Server=[Samba 4.3.0pre1-GIT-d098b6c]
Sharename
Type Comment
——— —- ——-
netlogon
Disk
sysvol
Disk
IPC$ IPC
IPC Service (Samba 4.3.0pre1-GIT-d098b6c)
Domain=[KVIT]
OS=[Windows 6.1] Server=[Samba 4.3.0pre1-GIT-d098b6c]
Server
Comment
——— ——-
Workgroup
Master
——— ——-
Configure DNS Now
Interface settings
[root@server
~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
BOOTPROTO=”static”
ONBOOT=”yes”
TYPE=”Ethernet”
GATEWAY=”192.168.0.254″
IPADDR=”192.168.0.69″
NETMASK=255.255.255.0
Edit your ‘/etc/resolv.conf‘ file
[root@server
~]# vim /etc/resolv.conf
domain
kvit.in
nameserver
192.168.0.69
Here is configuration file of samba 4 ‘/usr/local/samba/etc/smb.conf‘
[root@server
~]# cat /usr/local/samba/etc/smb.conf
# Global
parameters
[global]
workgroup
= KVIT
realm =
KVIT.IN
netbios
name = SERVER
server
role = active directory domain controller
dns
forwarder = 8.8.8.8
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/kvit.in/scripts
read only
= No
[sysvol]
path =
/usr/local/samba/var/locks/sysvol
read only
= No
Test DNS Now
[root@server
~]# nslookup kvit.in
Server:
192.168.0.69
Address:
192.168.0.69#53
Name:
kvit.in
Address:
192.168.0.69
[root@server
~]# host -t SRV _ldap._tcp.kvit.in.
_ldap._tcp.kvit.in
has SRV record 0 100 389 server.kvit.in.
[root@server
~]# host -t SRV _kerberos._udp.kvit.in.
_kerberos._udp.kvit.in
has SRV record 0 100 88 server.kvit.in.
[root@server
~]# host -t A server.kvit.in.
server.kvit.in
has address 192.168.0.69
Now, Flush and save Iptables
[root@server
~]# iptables -F
[root@server
~]# service iptables save
[root@server
~]# service iptables restart
Configure Kerberos file
In CentOS 6.3 or 6.4, kerberos is handled by the ‘/etc/krb5.conf’ file.
Make a backup copy of this original file, and then replace the existing file,
if any, with the sample from /usr/local/samba/share/setup/krb5.conf.
[root@server
~]# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
Edit file
like below:
[root@server
~]# cat /etc/krb5.conf
[libdefaults]
default_realm
= KVIT.IN
dns_lookup_realm
= false
dns_lookup_kdc
= true
Testing Kerberos
[root@server
~]# kinit administrator@KVIT.IN
‘kinit’ will not give you any output. To verify
that Kerberos is working, and that you received a ticket, run the following
[root@server
~]# klist
Ticket
cache: FILE:/tmp/krb5cc_0
Default
principal: administrator@KVIT.IN
Valid
starting Expires Service principal
04/26/15
01:04:46 04/26/15 11:04:46 krbtgt/KVIT.IN@KVIT.IN
renew
until 04/27/15 01:04:41
NTP (Network Time Protocol)
Make sure that ‘ntpd’ is running and installed. If ‘ntpd’ is not
installed you can install it with YUM:
[root@server
~]# yum install ntp
[root@server
~]#/etc/init.d/ntpd start
Also, use the ‘chkconfig’ command to have ntpd run at boot:
[root@server
~]#chkconfig ntpd on
[root@server
~]# /usr/local/samba/sbin/samba
Put samba 4 command in bashrc
[root@server
~]# vi ~/.bashrc
export
PATH=$PATH:/usr/local/samba/sbin:/usr/local/samba/bin
Reboot the the server to update bashrc file
or,
[root@server
~]# bash
Now restart samba daemon like this
[root@server
~]# samba
Check the process of samba service
[root@server
~]# ps -ef | grep samba
Join windows system
in Domain
Client machine settings
IP address settings of your Windows 7 client
NIC
Click ‘OK’ to
save the changes.
Now bring up
a command prompt in windows and ping the Samba DC:
ping
192.168.0.69
Verify that
DNS is working correctly by pinging the FQDN:
ping
server.kvit.in
If you get
replies from both then this is a good sign and should mean that your Samba DC
is functional. Also, you may need to reboot Windows for network settings to
take effect.
Configure data and time on client system
Join windows client in to domain
1).
Right-click ‘My Computer’ icon and choose ‘Properties’
2).
From the left-side pane click ‘Advanced system settings’
3).
Choose the ‘Computer Name’ tab and click ‘Change…’
4).
Select option ‘Domain’, and insert KVIT.IN. If this fails just try KVIT
5). When it requests a username and password,
type ‘Administrator’ as the username and then enter your password. (password =
the password you used when you ran the ‘samba-tool domain provision’ command)
6). You should get a
message box stating ‘Welcome to the KVIT.IN domain’
7). Click OK on this
message box and the Properties window, and you will then be instructed to
restart your computer.
8). After restarting
you should be presented with the normal login dialog. Click on ‘Switch User’
button.
9). Choose ‘Other
user’ and then enter in the following.
Press ‘Enter’ or the arrow button.
10). You should then
authenticate and then login to Windows.
Install windows Remote Administration
tool
To install the GUI
tools to manage the domain you must install the Remote Server Administration
Tools . This will allow you easily manage the domain using Active Directory.
11). Download form
link: http://www.microsoft.com/en-us/download/details.aspx?id=7887
12).Enable the
necessary components in ‘Control Panel -> Programs -> Turn Windows
features on or off -> Remote Server Administration Tools’
13). Now open AD Console and
create one or more domain user
Go to
Run type : dsa.msc ( For AD console)
14). Now create a domain user to login in to
system
R/c on User ==>
New ==> User:
First Name: Shahzad
Last Name: Alam
User Logon name:
shahzad
Set user password:
******* (Minimum password length should be 7 and complex)
Now, login in to client machine with new
domain user
nice
ReplyDeleteMost of the users today don't require a significant knowledge of the server side programming for the administration of their system. Learn more about active directory user import on this link .
ReplyDeletegreat work
ReplyDeleteI think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. word combiner for names
ReplyDelete