Samba Active Directory Setup [Step-by-Step]


Written by - Deepak Prasad

 

Samba Active Directory - Introduction

Samba is a free protocol that is utilized for communication between Windows and Linux servers. Principally to allow Windows hosts like a workstation to grab and communicate off of the Linux hosts. Samba is a  re-implementation of the SMB (Server Message Block) protocol and is available for most UNIX-based systems, including Linux, Solaris, BSD variants, and AIX. It is also available for OpenVMS and IBM operating systems. Samba makes use of the Common Internet File System (CIFS) and can be used to perform actions like;

  • File and print services
  • Name resolution
  • Allows Windows to share files and printers on the Unix host
  • Authorization
  • Authentication
  • Service announcement

In this post, we will look at setting up Samba Active directory on Rocky Linux 8. We already have Rocky Linux installed on a virtual machine, accessing it over an SSH connection.

 

Pre-requisites

Update and upgrade your system with the commands below to ensure you are only running the latest packages:

sudo yum update
sudo yum upgrade

 

Step 1: Set a Static IP Address on Rocky Linux

Before getting started with Samba4 AD DC installation, you need to set up a static server on Rocky Linux. We already posted this - Setting a Static IP in Rocky Linux [6 Different Methods]. Please feel free to check it out. In this post, we will set up a static IP using the ifconfig command. First, execute the command below to get the currently assigned IP address and netmask.

ifconfig

Sample Output:
Samba Active Directory Setup [Step-by-Step]

From the image above, we can see we are connected to the interface ens33 with IP 192.168.1.61. We will use the syntax below to set up our static IP address.

ifconfig <interface> <IP Address> netmask <netmask_value>
e.g
ifconfig ens33 192.168.1.61 netmask 255.255.255.0

Sample Output:
Samba Active Directory Setup [Step-by-Step]

Next, we need to set the default gateway address. First, run the command below to see the gateway address of your network.

route -n

Sample Output:
Samba Active Directory Setup [Step-by-Step]

To set the default gateway address, we will use the syntax below:

sudo route add default gw <your_gateway_address> <network_interface>
e.g
sudo route add default gw 192.168.1.21 ens33

Sample Output:
Samba Active Directory Setup [Step-by-Step]

That's it! Now, we can start to install and configure Samba Active Directory on our Rocky Linux installation.

NOTE:
These configurations (static gateway and IP address) can only work on the network you are currently connected to. If you connect to another network that is subnetted differently, it will not work.

 

Step 2: Disable SELINUX

Security-Enhanced Linux (SELinux) is a security feature present on various Linux distributions which give administrators more control over users of a system. Unfortunately, SELinux doesn't work well with Samba unless with additional configurations. For this particular tutorial, we will disable selinux to avoid any arising future issues. Execute the command below to check SELinux status.

sestatus

Sample Output:

Samba Active Directory Setup [Step-by-Step]

From the image above, we can see SELinux is enabled on our system. To disable it, execute the command below to edit the selinux configuration with the nano editor.

sudo nano /etc/sysconfig/selinux

Find the line SELINUX, which might be set to enforcing or permissive. Set it to disabled as shown below:

Samba Active Directory Setup [Step-by-Step]

Save the file (Ctrl + S) and Exit (Ctrl + X). Reboot your system and confirm SELinux status again.

sudo reboot now

Samba Active Directory Setup [Step-by-Step]

 

Step 3: Setup a Hostname (update /etc/hosts files)

You can check your currently set hostname with the command below:

sudo cat /etc/hostname

Samba Active Directory Setup [Step-by-Step]

To set a new hostname such as golinuxcloud_adc1, use the command below:

sudo hostnamectl set-hostname golinuxcloud_adc1

Sample Output:
Samba Active Directory Setup [Step-by-Step]

We also need to edit the /etc/hosts file and ensure the DC resolves to our Fully Qualified Domain Name (FQDN), which we will set as glc.com. See the image below:

Sample Output:
Samba Active Directory Setup [Step-by-Step]

Reboot the server to apply the changes.

sudo reboot now

Sample Output:
Samba Active Directory Setup [Step-by-Step]

 

Step 4: Install epel-repo

EPEL stands for Extra Packages for Enterprise Linux. As the name suggests, this repository contains additional packages not present in the Rocky Linux repository. Execute the command below to add the peel repository to your system.

sudo yum install epel-release -y

Sample Output:
Samba Active Directory Setup [Step-by-Step]

After installing the repository, we can now install the required packages to compile Samba on our system.

 

Step 5: Install Packages Required to Compile Samba Active Directory (Important!)

When trying to compile and install Samba from the source on Rocky Linux 8, you will encounter many errors and missing packages. Additionally, installing these packages one by one can be quite a tiresome and hectic process since some packages are already installed, but Samba can't detect them. You might need to create numerous symlinks for these packages. A solution I found to all these was to use the dependencies installation scripts provided by the Samba developers.

Follow the steps below:

Head over to this Samba git repository and search for bootstrap.sh script based on your distribution and Samba version.

On the terminal, create a script with the command below:

sudo nano installDependencies.sh

Paste all the contents you copied here (Ctrl + V). Don't add/delete any line unless you are well-versed with Linux systems and with a good understanding of what you are doing.

Save the file (Ctrl + S) and Exit (Ctrl + X)

For reference, I am placing the content I have added:

set -xueo pipefail

yum update -y
yum install -y dnf-plugins-core
yum install -y epel-release

yum -v repolist all
yum config-manager --set-enabled PowerTools -y || \
    yum config-manager --set-enabled powertools -y
yum config-manager --set-enabled Devel -y || \
    yum config-manager --set-enabled devel -y
yum update -y

yum install -y \
    --setopt=install_weak_deps=False \
    "@Development Tools" \
    acl \
    attr \
    autoconf \
    avahi-devel \
    bind-utils \
    binutils \
    bison \
    ccache \
    chrpath \
    cups-devel \
    curl \
    dbus-devel \
    docbook-dtds \
    docbook-style-xsl \
    flex \
    gawk \
    gcc \
    gdb \
    git \
    glib2-devel \
    glibc-common \
    glibc-langpack-en \
    glusterfs-api-devel \
    glusterfs-devel \
    gnutls-devel \
    gpgme-devel \
    gzip \
    hostname \
    htop \
    jansson-devel \
    keyutils-libs-devel \
    krb5-devel \
    krb5-server \
    libacl-devel \
    libarchive-devel \
    libattr-devel \
    libblkid-devel \
    libbsd-devel \
    libcap-devel \
    libcephfs-devel \
    libicu-devel \
    libnsl2-devel \
    libpcap-devel \
    libtasn1-devel \
    libtasn1-tools \
    libtirpc-devel \
    libunwind-devel \
    libuuid-devel \
    libxslt \
    lmdb \
    lmdb-devel \
    make \
    mingw64-gcc \
    ncurses-devel \
    openldap-devel \
    pam-devel \
    patch \
    perl \
    perl-Archive-Tar \
    perl-ExtUtils-MakeMaker \
    perl-JSON \
    perl-Parse-Yapp \
    perl-Test-Simple \
    perl-generators \
    perl-interpreter \
    pkgconfig \
    popt-devel \
    procps-ng \
    psmisc \
    python3 \
    python3-cryptography \
    python3-devel \
    python3-dns \
    python3-gpg \
    python3-iso8601 \
    python3-libsemanage \
    python3-markdown \
    python3-policycoreutils \
    python3-pyasn1 \
    python3-setproctitle \
    quota-devel \
    readline-devel \
    redhat-lsb \
    rng-tools \
    rpcgen \
    rpcsvc-proto-devel \
    rsync \
    sed \
    sudo \
    systemd-devel \
    tar \
    tree \
    wget \
    which \
    xfsprogs-devel \
    yum-utils \
    zlib-devel

yum clean all

Or alternatively you can follow the same guide to get the list of packages to be installed and then install them manually based on your distribution.

Make the file executable with the command below:

sudo chmod +x installDependencies.sh

Execute the script with the command below:

sudo bash installDependencies.sh

The script will install all the required packages for compiling and installing Samba on Rocky Linux 8. This process might take some time, depending on your internet speed.

 

Step 6: Download and Install the Latest Samba Archive

After successfully installing the packages, we can proceed to install Samba. Head over to the Samba website and get the link to the latest Samba release. Use the wget command to download Samba on your Rocky Linux system.

cd /
wget https://download.samba.org/pub/samba/samba-latest.tar.gz

Sample Output:
Samba Active Directory Setup [Step-by-Step]

Execute the commands below to extract the setup file and configure the Samba Active Directory setup for installation. This might take a few minutes.

tar -zxvf samba-latest.tar.gz
cd samba-4.12.5  #The vesion might be different to mine
sudo ./configure

If the ./configure command executes successfully without any errors; you should see a message similar to the image below.

Sample Output:
Samba Active Directory Setup [Step-by-Step]

Now, execute the command below to install Samba Active Directory on Rocky Linux 8. This step will also take a few minutes. Please be patient.

sudo make && make install

After a successful installation, you should see a message similar to the image below:

Samba Active Directory Setup [Step-by-Step]

 

Step 7: Provisioning Samba Active Directory

Domain provisioning involves configuring and setting up all the needed infrastructure for Samba AD. That includes LDAP, Kerberos, and DNS servers. Execute the command below:

samba-tool domain provision --use-rfc2307 --interactive

Tip:

If you get the error "-bash: samba-tool: command not found," use the command below.

/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive

Sample Output:
Samba Active Directory Setup [Step-by-Step]

You will see several prompts:

  • Realm: Here, enter the Realm name and press Enter. In our case, the set Realm name is GLC.COM
  • Domain: Type the domain name and hit Enter. In our case, we used GLC.
  • Server Role: Type dc and hit Enter.
  • DNS backend: Here, we will let samba configure its own DNS and zone files. Type SAMBA_INTERNAL and hit Enter.
  • DNS forwarder: Here, we will use Google's DNS. Type 8.8.8.8 and hit Enter

Next, you need to set a strong administrator password. Press Enter when done.

 

Step 8: Configure Samba DC as systemd service

Now, we need to create a script to start the Samba service on boot. Execute the command below:

cat /etc/systemd/system/samba.service

If you get an error like "cat: /etc/systemd/system/samba.service: No such file or directory," you will need to create the file manually. Execute the command below to create a samba.service file using the nano editor.

sudo nano /etc/systemd/system/samba.service

Paste the contents below on the window that opens:

[Unit] 
Description= Samba 4 Active Directory 
After=syslog.target 
After=network.target 

[Service] 
Type=forking 
PIDFile=/usr/local/samba/var/run/samba.pid 
ExecStart=/usr/local/samba/sbin/samba 

[Install] 
WantedBy=multi-user.target

Save the file (Ctrl + S) and Exit (Ctrl + X). When you run that cat command again, you should see an output similar to the image below.

cat /etc/systemd/system/samba.service

Sample Output:
Samba Active Directory Setup [Step-by-Step]

Start the Samba service using the commands below:

sudo systemctl daemon-reload
sudo systemctl enable samba
sudo systemctl start samba

Sample Output:
Samba Active Directory Setup [Step-by-Step]

 

Step 9: Configure Firewall

We are using firewalld in our CentOS 8 environment so we will use firewalld to enable ports and services part of Samba Active Directory

[root@samba-ad ~]# firewall-cmd --add-service={dns,ldap,ldaps,kerberos}
success

[root@samba-ad ~]# firewall-cmd --add-port={389/udp,135/tcp,135/udp,138/udp,138/tcp,137/tcp,137/udp,139/udp,139/tcp,445/tcp,445/udp,3268/udp,3268/tcp,3269/tcp,3269/udp,49152/tcp}
success

 

Step 10: Join Windows Host to Samba Domain Controller

For this post, we will use a Windows 7 virtual machine. However, the same procedure can be used on the latest Windows 10 releases. On your Windows system, navigate to the Network Adapter settings and click on Properties.

Click on IPV4 and enter the DNS server similar to the IP address of your Samba4 server's IP, as shown in the image below.

Samba Active Directory Setup [Step-by-Step]

Click OK to save and apply the new configurations.

 

Next, right-click on "This PC" or "Computer" on the file manager and select "Properties." On the new window that appears, click "Advanced System Settings" to open the "System Properties" window, as shown below.

Samba Active Directory Setup [Step-by-Step]

 

Select the "Computer Name" tab and click the Change button. This will open the Computer Name/Domain Changes window. Select the Domain radio button and enter the Realm of your Samba4 server. In our case, we used glc.com. Click OK.

Samba Active Directory Setup [Step-by-Step]

 

A window will pop up, prompting you to enter the name and password of an account with permission to join the domain. We will use "Administrator," which is the user we created during Domain provisioning. Enter the password that you set


Samba Active Directory Setup [Step-by-Step]

 

If everything was set up correctly, you should see a welcome message after a few seconds, as shown in the image below. Click OK.

Samba Active Directory Setup [Step-by-Step]

 

Now, you need to restart your PC to apply the new configurations. After a successful reboot, we can now use our newly added account to log in to the Windows system.

Samba Active Directory Setup [Step-by-Step]

 

It might take a few seconds to launch the Desktop for the new user. When you click on the "Properties" option again, you should see that you are now connected to the samba4 domain.

Samba Active Directory Setup [Step-by-Step]

If you wish to manage the Samba4 server from the Windows system, you must install Microsoft Remote Server Tools (RSAT).

 

Conclusion

In this post, we have given you a step-by-step guide on configuring Samba4 AD using Rocky Linux. We have also looked at how to solve any arising errors when executing the Samba commands. Please note, when executing any samba command and you get an error like "command not found," try executing it from the /usr/local/samba/bin/ directory. For example, to use the samba-tool command, you would write. /usr/local/samba/bin/samba-tool.

If you encounter an error that you can't seem to find a solution to, please let us know in the comments, and we will be happy to help. Also, if you have any additional tips for our readers, feel free to hit the comments below.

 

Views: 79

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can reach out to him on his LinkedIn profile or join on Facebook page.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

8 thoughts on “Samba Active Directory Setup [Step-by-Step]”

  1. “sudo make && make install” returns: The project was not configured: run “waf configure” first! Any idea of how to get rid of it?

    Reply
  2. After install samba, only administrator can enter into the domain . When instal RSAT tool and create users , neether one can not login into the domain on windows machines.

    Reply
  3. Hello. I hope you are well. Thank you for the quality of the work done. I get when I am on the windows computer to join the Active directory. What to do? Thank you
    The error was: “DNS name does not exist” (error code 0x00000232B RCODE_NAME_ERROR). The request was for the SRV record for _ldap._tcp.dc._msdcs.domain name. The causes of this error: – The DNS SRV records required to locate an Active Directory domain controller for the domain are not registered in the DNS. One or more of the following zones do not include delegation to their child zone

    Reply
  4. Hello, Incase SElinux is NOT disabled you need to enter this command to execute samba

    From https://serverfault.com/questions/1032710/samba-wont-start-with-systemd

    “The SELinux restricts binaries that can be used in ExecStart to paths that has system_u:object_r:bin_t:s0 attribute set. Typically those are /usr/bin /usr/sbin /usr/libexec /usr/local/bin directories. You need to move samba binary into one of this directories or change selinux policy to allow systemd to use binaries in /usr/local/samba/sbin/ as:

    chcon -R -t bin_t /usr/local/samba/sbin/ “

    Reply
  5. Hello Alex,

    Thanks for your feedback.

    In my case, SElinux is deactivated after running the command: sestatus on Sever
    (Rocky Linux 8)

    The problem persists on the Windows 10 Client side.

    What to do in this case, I’m really out of ideas.

    Thanks for your help.

    Reply

Leave a Comment