Active Directory

Add and use UPN in Samba Active Directory

If you want to use your E-Mail as User-Login, you have to add a upn and change the users to use it. My default upn is „local.lordotter.de“. So this is very long and not good to write. I want it shorter.

The next step is to change it in my account.

This will open you an editor. Go to the line „userPrincipalName“ and change it to your added UPN. Save the file and exit. If you did it the right way, you get the message „Modified User ‚<account>‘ successfully“ back.

Sources:

New Active Directory via Samba4

Today I set up my new Samba Active Directory cause I read so much about it and can see, that I did so many faults.

First I set up 2 VMs dc1.local.lordotter.de and dc2.local.lordotter.de

  • 1 CPU; 2Cores
  • 1GB Ram
  • 20GB Disk
    • 500MB EFI
    • 500MB /boot
    • 2GB Swap
    • 10GB /var
    • 8GB /

Step 1: Prerequisites on dc1 and dc2

Ensure that everything is up to date

Next step is the time. It is essential to have a synced time across your Active Directory. Without there can be serious problems. Do this on dc1 and dc2.

and than configure it in /etc/ntp.conf

Restart ntp and check the status.

Step 2: Update system and install Samba

Ensure that everything is up to date, so we can begin first on dc1

During the installation you will be asked for the Kerberos realm. This is your domainname in uppercase. In my case LOCAL.LORDOTTER.DE
The next question is about the kerbos hostnames. Use the same domainname in lowercase. In my case local.lordotter.de
The last question is about the administrative hosts. It is the same like kerberos hostnames. local.lordotter.de

Step 3: Provision the Domain

Stop and disable default services

Rename the default samba configuration file. Because during provisioning it will get recreated. After that you can start provisioning. Ensure that you set your upstream DNS Server as forwarder.

Add some more configuration to the samba configuration in the „global“ directive

Next task will be kerberos. Rename the default configuration and link the samba kerberos configuration the /etc

The last task in this step is activating, starting and checking the samba service.

Step 4: Set DNS Servers

In /etc/resolv.conf you have to set your local IP as nameserver to resolv every DNS Name used in Active Directory. To test it use this:

Next test is to request a kerberos ticket.

Setting Up Samba Active Directory

Today I want to set up an active directory server for my home network.
Several problems were found during the installation.
Only the forest, domain and function level „Windows 2008 R2“ is available.

For Installation I use a fresh installed Debian Stretch.
IP config static; no dhcp!

Quellen:
  • https://jimshaver.net/2016/05/30/setting-up-an-active-directory-domain-controller-using-samba-4-on-ubuntu-16-04/
  • https://de.slideshare.net/AshwinPawar/krb5