Step 1 Configure network and firewall
In terminal type
Configure the Network to use a static address. Edit /etc/network/interfaces
auto lo eth0
iface lo inet loopback
iface eth0 inet static
address 10.61.61.179
netmask 255.255.0.0
gateway 10.61.4.1
dns-nameservers 10.61.61.179 8.8.8.8
dns-search samba4.jtop.net
Now run
hostname
hostname -f
$mail.jtop.net
Disable Firewall
sudo ufw disable
nano etc/sysctl.conf
Disable IPV6
net.ipv6.conf.all.disable_ipv6=1
Step 2 Install Samba4
Download samba4.0.0beta3.tar.gz from http://ftp.samba.org/pub/samba/samba4/ and save it to your HOME folder
apt-get install build-essential libacl1-dev libattr1-dev \
libblkid-dev libgnutls-dev libreadline-dev python-dev \
python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
bind9utils dnsutils samba4-clients emacs bind9
In terminal type
net.ipv6.conf.all.disable_ipv6=1
Step 2 Install Samba4
Download samba4.0.0beta3.tar.gz from http://ftp.samba.org/pub/samba/samba4/ and save it to your HOME folder
apt-get install build-essential libacl1-dev libattr1-dev \
libblkid-dev libgnutls-dev libreadline-dev python-dev \
python-dnspython gdb pkg-config libpopt-dev libldap2-dev \
bind9utils dnsutils samba4-clients emacs bind9
In terminal type
$cd /home
$tar –xvf samba4.0.0beta3.tar.gz ##Extract
$cd samba4.0.0beta3
$./configure
$make ##Compile
$make install ##Install
$ nano /etc/hosts
10.61.61.179 mail.jtop.net
$ rm /usr/local/samba/etc/smb.conf
$ sudo /usr/local/samba/sbin/provision \
--realm=samba4.jtop.net --domain=SAMBA4 \
--adminpass= abc123!@# --server-role=dc
Note: Domain must in capital letter (eg.SAMBA, JTOP or …)
Step 3: Configure Bind
Now you need to edit the bind configuration file to include the necessary configurations for Samba – Active Directory relies heavily on special DNS entries to find various services on the network.
Edit nano /etc/bind/named.conf and append the following line at the end:
include "/usr/local/samba/private/named.conf";
Edit nano /etc/bind/named.conf.options and append the following line at the end:
$tar –xvf samba4.0.0beta3.tar.gz ##Extract
$cd samba4.0.0beta3
$./configure
$make ##Compile
$make install ##Install
$ nano /etc/hosts
10.61.61.179 mail.jtop.net
$ rm /usr/local/samba/etc/smb.conf
$ sudo /usr/local/samba/sbin/provision \
--realm=samba4.jtop.net --domain=SAMBA4 \
--adminpass= abc123!@# --server-role=dc
Note: Domain must in capital letter (eg.SAMBA, JTOP or …)
Step 3: Configure Bind
Now you need to edit the bind configuration file to include the necessary configurations for Samba – Active Directory relies heavily on special DNS entries to find various services on the network.
Edit nano /etc/bind/named.conf and append the following line at the end:
include "/usr/local/samba/private/named.conf";
Edit nano /etc/bind/named.conf.options and append the following line at the end:
$nano etc/bind/named.conf.options
listen-on port 53 { 10.61.61.179; };
Allow-query { 10.61.61.179;any; };
Step 4: Adapt the AppArmor configuration
As Ubuntu is securing it’s services using AppArmor we need to make sure that Bind has the rights to access the files provided by Samba.
Edit nano /etc/apparmor.d/usr.sbin.named and append the following entries:
#Samba4
/usr/local/samba/etc/** rm,
/usr/local/samba/private/** rkw,
/usr/local/samba/private/dns/** rkw,
/usr/local/samba/lib/** rm,
/usr/local/samba/lib/bind9/** rkwm,
/usr/local/samba/lib/private/** rm,
/usr/lib/x86_64-linux-gnu/samba/bind9/** rm,
/usr/lib/x86_64-linux-gnu/samba/gensec/** rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/** rm,
Now reload the configuration to take effect:
/etc/init.d/apparmor reload
Step 5: Start and test Bind
Run the following command to start Bind:
/etc/init.d/bind9 start
nano etc/bind/named.conf.options
listen-on-v6 { none; };
Step 6: Start Samba4
$/usr/local/samba/sbin/samba
$ps –x
$ps –e | grep samba
##Now you need to test that DNS is working correctly
$host -t SRV _ldap._tcp.samba4.jtop.net.
_ldap._tcp.samba4.jtop.net has SRV record 0 100 389 mail.samba4.jtop.net.
$host -t SRV _kerberos._udp.samba4.jtop.net.
_kerberos._udp.samba4.jtop.net has SRV record 0 100 88 mail.samba4.jtop.net.
$host -t A samba4.jtop.net.
samba4.jtop.net has address 10.61.61.179
Step 7 Configure Kerberos
$cp /usr/local/samba/private/krb5.conf /etc/
$vi /etc/krb5.conf
[libdefaults]
default_realm = SAMBA4.JTOP.NET
dns_lookup_realm = false
dns_lookup_kdc = true
$kinit administrator@SAMBA4.JTOP.NET ß Domain must in capital letter
password= abc123!@#
$klist -e
Allow-query { 10.61.61.179;any; };
Step 4: Adapt the AppArmor configuration
As Ubuntu is securing it’s services using AppArmor we need to make sure that Bind has the rights to access the files provided by Samba.
Edit nano /etc/apparmor.d/usr.sbin.named and append the following entries:
#Samba4
/usr/local/samba/etc/** rm,
/usr/local/samba/private/** rkw,
/usr/local/samba/private/dns/** rkw,
/usr/local/samba/lib/** rm,
/usr/local/samba/lib/bind9/** rkwm,
/usr/local/samba/lib/private/** rm,
/usr/lib/x86_64-linux-gnu/samba/bind9/** rm,
/usr/lib/x86_64-linux-gnu/samba/gensec/** rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/** rm,
Now reload the configuration to take effect:
/etc/init.d/apparmor reload
Step 5: Start and test Bind
Run the following command to start Bind:
/etc/init.d/bind9 start
nano etc/bind/named.conf.options
listen-on-v6 { none; };
Step 6: Start Samba4
$/usr/local/samba/sbin/samba
$ps –x
$ps –e | grep samba
##Now you need to test that DNS is working correctly
$host -t SRV _ldap._tcp.samba4.jtop.net.
_ldap._tcp.samba4.jtop.net has SRV record 0 100 389 mail.samba4.jtop.net.
$host -t SRV _kerberos._udp.samba4.jtop.net.
_kerberos._udp.samba4.jtop.net has SRV record 0 100 88 mail.samba4.jtop.net.
$host -t A samba4.jtop.net.
samba4.jtop.net has address 10.61.61.179
Step 7 Configure Kerberos
$cp /usr/local/samba/private/krb5.conf /etc/
$vi /etc/krb5.conf
[libdefaults]
default_realm = SAMBA4.JTOP.NET
dns_lookup_realm = false
dns_lookup_kdc = true
$kinit administrator@SAMBA4.JTOP.NET ß Domain must in capital letter
password= abc123!@#
$klist -e
Debugging dynamic DNS updates
The way the automatic DNS update in Samba works is that the provision will create a file /usr/local/samba/private/dns_update_list, which contains a list of DNS entries that Samba will try to dynamically update at startup and every 10 minutes thereafter using samba_dnsupdate utility. Updates will only happen if the DNS entries do not already exist. Remember that you need nsupdate utility from bind distribution for all these to work (dnsutils package in Debian/Ubuntu).
/usr/local/samba/sbin/samba_dnsupdate --verbose
Step 8 Auto start samba4 & smbd
nano /etc/rc.local
rm -rf /usr/local/samba/var/run/smbd-fileserver.conf.pid
/usr/local/samba/sbin/samba
$reboot
The way the automatic DNS update in Samba works is that the provision will create a file /usr/local/samba/private/dns_update_list, which contains a list of DNS entries that Samba will try to dynamically update at startup and every 10 minutes thereafter using samba_dnsupdate utility. Updates will only happen if the DNS entries do not already exist. Remember that you need nsupdate utility from bind distribution for all these to work (dnsutils package in Debian/Ubuntu).
/usr/local/samba/sbin/samba_dnsupdate --verbose
Step 8 Auto start samba4 & smbd
nano /etc/rc.local
rm -rf /usr/local/samba/var/run/smbd-fileserver.conf.pid
/usr/local/samba/sbin/samba
$reboot
