How to Make an Ubuntu Active Directory Domain Controller With Samba

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys david here from googoo 255 tech tutorials and today i'm going to be showing how to make an Active Directory domain controller using Samba for on a bun 2 server ok so let's get started so basically what I'm going to be showing you how to do in this video is how to make an Active Directory domain controller that you can use to authenticate Windows users across and networks this will be creating a domain that users can log into and it'll save the personal settings and stuff like that now a Samba for Active Directory domain controllers the equivalent to a Windows Server 2003 Active Directory domain controller so just keep that in mind this isn't the newest technology but it definitely does work very well as a free server for today's standards so this should be able to do everything that you want to do ok so like I said we are going to be doing this on Ubuntu server so what you're going to need to do is you're going to need to go to bunt is website I'll leave a link down in the description below and grab yourself a copy of that here I have mundo server 13.10 which is currently out however this step should be the same in older or newer versions of Ubuntu server also I realized that they don't have a 32-bit option on the website if you do Google search for a 32-bit version of Ubuntu server 13.10 there is a version that is 32-bit if that's what you need it is kind of hidden but it is very easy to find on Google so just go ahead and google that if you need a 32-bit version otherwise if you just go to boondis website it should be just right there where you can download the 64-bit version also keep in mind that this will work on other distributions of Linux I just prefer Ubuntu server because my opinion is the best server OS that is Linux space ok so the first thing that we're going to do is we're just going to go ahead and install Ubuntu 13.10 server here so I'm just going to select the language so English and hit install ubuntu server ok again select your language English select your country I'm in Canada now it'll ask if we want it to detect your keyboard layout most likely you have a u.s. keyboard if you're in North America or if you're in Europe you might have a UK version of a keyboard so I'm just going to hit no and I'm just gonna select it myself but if you're not sure you can hit yes there and it'll just bring you through a few steps and it'll detect your keyboard layout so I'm just going to hit us okay so now it'll have finished setting up your network with DHCP and you should be at this screen here now you can change the host name if you want this is basically the computer name I'm just going to type in go Gouda server so this is what other computers will see the server eyes on the network once you type in your host name hit continue okay so now it's just going to ask you to create a new user so it's going to ask you your name so I'm just going to put in David you can make a username I'll just make that David again and you're going to need to make a password and it'll ask you to verify your password and now it'll ask if you want to encrypt your home directory if this server is going to be on a network where privacy for the user is very important you are going to want to hit yes if privacy isn't really a big issue you can hit no but to be on the safe side here I'm just going to hit yes just for this tutorial that's very important to have a working time and time zone on a server so this time zone is not correct if it is you could hit yes if not you're going to want to hit now and I guess the closest city I am to is Montreal so I'm just going to hit Montreal okay so now I'll ask you what you want to do for your partitioning method you can actually set this up yourself if you would like but for the purpose of this server since it's not going to be a file server and we are aiming more towards an Active Directory domain controller it's not really as big of an issue to have separate partitions and everything so unlike in my other tutorial where we set up a file server I'm just going to hit guided and use entire disk and set up LVM select the disk and it will ask you if you want to write the changes to the disk it yes it continue unless you want to specify a different amount for the volume group to use for guided partitioning and when it asks you for want to write the changes to disk hit yes and it'll start formatting your hard drive ok now it will start installing the actual system itself now this part can take a little while depending on the speed of your computer so just be patient ok now you might get this message about an HTTP proxy just leave it blank for none and hit continue unless you need to access the internet through a proxy server now when you get this prompt about updates I highly suggest hitting install security updates automatically to make sure that your server is always as secure as possible but ever if you know what you're doing you can also choose no automatic updates or manage system with landscape ok now at this point where it asked you to select your software we're not actually going to install anything because we want the most up-to-date software as possible which this CD might not contain the only thing that we're going to install right now is OpenSSH server in case you want to manage the server remotely on another computer after it has been installed hit continue ok so once it's done installing the software it will start installing the bootloader and it's going to ask you if you want to install the boot loader to the Master Boot Record now if you don't have any other operating system on the server you should click yes here if you do it's probably better to click no ok and once the installation is complete it's going to tell you and it should have ejected the disk itself but if not you can want to eject that and just hit continue and it should boot into your new server operating ok now we have rebooted into the OS so what you need to do is you need to login with the username and password that we created earlier and the last thing that we need to do to setup our operating system is create a root password which will help us move along faster later so to do that I just type in sudo space PA SS WD space root now it's going to ask you for your password type in your password and now type in a new root password and it should tell you that the password has been updated successfully okay so now what we're going to do is we're actually going to go ahead and create the Active Directory domain controller here okay now what we need to do is actually go ahead and give this computer a static IP address because servers should always have static IP addresses so what you're going to want to do is the first thing is you're going to need to type in su and hit enter type in the root password that we just created and hit enter again now we are logged in to the server's root so you won't need to type in sudo in front of every command in order to grant us root access so the first thing that we're going to do is type in ifconfig and hit enter now you should see your connected network adapter so it's not going to be the loopback adapter it's going to be the other one that is there that is connected so here mine is Ethernet 0 or e 0 and what you're going to want to take note of is the broadcast so in this case that is 192.168 to 255 so the second last set of digits in that IP address is the most important so in my case this is just a 2 normally it's either a 0 a 1 or a 2 take note of that digit because in order to set our static IP address properly we need to know that digit so next to set our static IP address I'm just going to type in VI space slash et Cie slash Network slash interfaces now I'm going to go down to my Ethernet 0 adapter here the one that is connected and I'm going to hit insert now I'm going to backspace DHCP and replace it with static hit enter twice and now we are going to give it a static IP address so I'm just going to type in address space 192.168.0 missed so that's a 2 and then dot 100 now it doesn't have to be 100 just make sure that the IP address isn't already being used on your network because that will cause conflicts again make sure that the second last string of numbers there in the IP address is the same as the one in the broadcast that we saw earlier with the DHCP set up hit enter and type in nut mask 255.255.255.0 hit enter again type in network space 192.168 and then that digit again that we're remembering from earlier 2.0 type in broadcast space 192.168 digit 255 hit enter type in gateway and then the IP address of your router so in my case this is 192.168 2.1 normally this is 192.168.0.1 192.168.1.1 or 192.168 2.1 after you've entered in all that hit enter Gann type in DNS - name servers space the IP address that we're giving this server here so in my case that is 192.168.0.1 hundred space and we're also just going to put in Google DNS there as a backup so that's 8.8.8.8 hit enter again type in DNS - search space and this is where you are going to create the name for your domain my domain name is just going to be go Gouda for the purpose of this tutorial so I'm going to type in goo goo de dot local most domains have the dot local after them it's just customary basically put the name that you want your domain to be recognized in Windows as dot local once you've done all that hit escape on your keyboard hit colon and type in WQ - right and quit and hit enter next we need to change our hosts file so in order to do that type in VI space slash et Cie slash hosts hit enter and the next thing that you're going to want to do is beside the computer name that we set up earlier you should see an IP address this is actually a loopback address right now we are going to want to change that to the static IP address that we just set up hit insert and just change that to the static IP address that we just set up so in my case that is 192.168 2.1 hundred and then you should see your computer named after the computer name put a period and type in your domain name and then dot local again so now we have gugu de server google local it escape on your keyboard tip and : WQ hit enter now we actually need to write that into our hostname file too so in order to do that just hip an echo space and then the computer name and domain that we just edited earlier in the host file so in my case that was googa server goo-goo dot local space greater than symbol space slash etc' slash host name hit enter and now the easiest thing to do is just go ahead and restart the survey now once you have restarted the server just again type in su and then your root password and now we need to update the repositories and we also need to upgrade the system so that we have the newest and most secure software installed so in order to do that just type in apps - get update space - n symbols space apt - get space upgrade space - why hit enter and it'll just start refreshing and it'll also upgrade your systems this might take a little while so again just be patient ok so now once it's done upgrading and updating the repositories so now we need to install a bunch of software here so listen carefully so type in apt - get space install space get so that's GI T space build - essential space Lib ACL one - dev space Lib attr one - - dev space lib BLK ID - dev space l ib g nu t ILS - dev space lib read line - dev space python - dev space python - dns python space gdb space pkg - config space lib the opt dev space lib LD AP - - dev space DNS utils space Lib BSD dev space attr space k RB v - user space doc book - XSL space lib cups - - dev space Lib EA m0g dev space NTP space - why - just allowed to go ahead and install it and hit enter now just a correction here in Lib GNU toeses actually no I so hit enter after that and it'll go ahead and install all those packages now I'll also leave that command down in the description below in case you didn't catch all that so that you could type it in or even just copy and paste it okay now one point during this process is going to ask you for some information about your Kerberos authentication so now for the default Kerberos version five real um you're going to want to type in your domain name so here that's just goo goo Dada local it okay when it asks you for these servers what you need to do is just type in the computer name so that's for this one it's good go to server and hit OK again and again for the administrative server you're going to need to do that again so goo goo test server and hit OK and it'll just go ahead and install the rest of the packages ok so now once that's done we need to download the same before source code now currently the stable version is 4.1 so that's what we're going to be downloading in this video however by the time this is up there might be a newer version out such as 4.2 so if you want to see for yourself you could go to jet samba org and check what the newest version is there so what we're going to do is we're just going to download the same before sources so to do this just type in JIT space clone space - B space v4 - 1 - stable space JIT colon slash slash JIT samba org slash Samba JIT space Samba 4 and hit enter and now it will clone into Sam before and it will start downloading the source code now one thing that I did notice here is that the download speed from this JIT server is actually really slow so this part can take a while so just be patient ok so now once it is done downloading the source code we actually need to build the source code so in order to do this we need to CD into the Samba for directory so type in CD space Samba for hit enter and now we're going to type in dot slash configure space - - enable - debug space - - enable - self-test and hit enter now this part might take a little while but it should run through without any errors if you installed all the packages that I said in the beginning okay now once the configure command is done you need to type in make and hit enter okay so now once that has completed you actually need to go ahead and install these files to the system so just type in make space install okay so now once that's done what we need to do is we need to provision our domain so in order to do that we're going to use samba tool so what you need to do now is type in slash users so that's USR slash local slash Samba slash bin slash Samba - tool space domain space provision space - - real um equals and the name of your domain this is the full name so in my case that would be goo goo - dot local space - - domain equals and then the short name of your domain or the one that windows is going to label the domain as so in all capitals I'm just going to put go Gouda space - - admin pass equals quotation mark and in here you want to type in a password so the password should I have capitals lowercase letters and numbers in it to be as secure as possible so just for this tutorial I'm just going to put go getta server one two three and then once you're done typing in the password just close it off with a quotation its space - - server - role equals DC for domain controller space - - DNS - back-end equals samba and all capitals underscore internal in all capitals and hit enter and it'll go ahead and just configure the domain itself okay now we need to start samba so to do that just type in slash user USR slash local slash Samba slash Aspen slash Samba and hit enter and there we go now Samba should have been started now keep in mind that every time you need to restart your server you are going to have to run that command again in order for samba to be started and for this to work if you want you could also make this command run on startup so that you don't need to run it every time anyway so now just to be safe what we're going to do is we're going to check the Samba and SMB client version they should match so in order to do that type in slash USR slash slash Samba slash a spin slash Samba space v hit enter and you can see here that we have Samba version 4.1 point 3 installed and then just run the same command again except into the last Samba to SMB client and change the S pin - just bin and you should see that they're both the same version if they're not you're going to have to sort that out yourself so uninstall one of them and reinstall the correct version ok now to just kind of confirm that everything is working properly we are going to list the administrative share so type in slash USR slash slash Samba slash bin slash SMB client space - El space local host space - u capital u percent symbol and hit enter and you should see something like this and that means that the Samba server is up and running correctly ok so now we're just going to check our authentication so again I'm just going to hit the up arrow on my keyboard just to get the user local Samba pin SMB client that first part of the command and then after that I'm going to hit bass / / localhost / net logon space - you administrator % quotation and then the password that you set up earlier so in my case that was Gugu - server 1 2 3 close the quotations space - see and then apostrophe LS another apostrophe and hit enter and again if it's up and running correctly you should see something along the lines of this okay next we need to configure the Samba internal DNS so in order to do that just type in echo space domain space and then in all capitals the full domain names that's Google a dot local in my case space 2 greater than signs space / e TC / re Sol V dot conf and hit enter now we need to edit the SMB configuration file so in order to do that just type in VI space slash USR slash local slash Samba slash e TC slash SMB conf hit enter and now it's not necessarily the most efficient way but your best bet in getting this server working is actually to change the DNS forwarder from what it has there to Google DNS so but that'll just ensure that the server will always work so that's 8.8.8.8 hit escape on the keyboard hit : WQ to write and quit and there we go so now we're going to configure and test Kerberos so in order to do that type in VI slash USR slash slash Samba / share / setup / k RB v dot conf and hit enter okay and change the default real um to your full domain name so hit insert and in all capitals type in goo goo dot local in my case it escaped again : WQ enter and now we're just going to run a few commands to test Kerberos so in order to do that type in ki NIT space administrator at and then an all capitals full domain name so I go get a dot local hit enter it's gonna ask you for the password go get a server one two three and it'll tell you that your password will expire in 41 days or something like that if it works correctly so again another test Kay list space stash II hit enter and it'll just show you the ticket that you got from that login so you could see here if you get something similar to this it is working properly now since we did install NTP servers earlier in order to have the correct time on our computers that are logged into the domain the time on all the computer should be the same and it should be correct however if you do feel that you need to edit that you could do that by typing in VI space slash etc' slash NTP GL n F and you can specify your own NTP server there if you'd like but other than that it should be fine to go already so we I'm not going to bother with that so next you need to add user home folder x' so in order to do that we're just going to actually make the folder first of all so mkdir space - M space seven seven zero those are our permissions space slash users and hit enter CHM OD space g+ s space slash users enter CH o WN space root : users space slash users and there we go we created our user directory so now we need to add that to the SMB configuration file so in order to do that type in VI space slash USR slash slash Samba slash etc' slash SMB conf and hit enter go down to the very bottom hit insert hit enter twice open square bracket type in users close the square bracket hit enter directory underscore mode colon parameter equals zero seven zero zero hit enter read-only equals no path equals slash users CSC policy equals documents hit escape : WQ hit enter and now the very last thing that you're going to want to do is set a no expiration flag for your Active Directory administrator password or else you can run into problems after 42 days because you won't have a way to change it so this part here is very important you have to do this or else you will run into problems and you might have to reinstall your whole server so in order to do this just type in slash USR slash local slash Samba slash bin slash Samba - tool space user space set expiry space administrator space - - no expiry and hit enter and there you go we just disabled the expiry for the administrator user so now you are done and your domain is properly setup and now other computers can join to it ok so now let's actually go about joining a client to the new domain that we just created so I'm here in Windows 7 Professional however the steps are similar for versions of Windows XP Vista 7 and 8 that are able to connect to a domain ok so the first thing that we're going to do is we need to go ahead and open up control panel and we need to find our network adapter once you find your adapter right click it hit properties go to Internet Protocol version 4 hit properties again and down here you're going to want to hit use the following DNS server addresses and in the preferred DNS server box you're going to want to type in the IP address of your server so in my case that was 192.168 - dot 100 and once you've done that hit OK and hit close now that step is probably the most important step if you don't do this you'll have a lot of problems joining the domain next what you need to do is you need to right click on computer or my computer in Windows XP and what you're going to want to do is find system properties so in Windows 7 and Vista here just on the side advanced system settings and you're going to want to go to the computer name tab next you're going to want to hit change choose domain and type in the full domain name so not the short name and in my case that is goo goo - a dot local and just hit OK now if it works correctly you're going to be prompted for a username and password type in administrator for the username and the password is the password that we set up back on the server so in my case this was GU Gouda server 1 2 3 and once to type that in to sit okay give it a minute to get a new message welcoming you to the domain so once you get that just hit OK and you'll get another message saying that you need to restart your computer so I'm just going to go ahead and restart the computer and then we'll authenticate ourselves through the domain ok now once you restart your computer you should see that it wants you to press ctrl Alt Delete to log on ok now in Windows XP you're going to have a drop-down menu which will ask you what domain you want to log on to in Vista 7 and I'm pretty sure in Windows 8 - at the login screen you're going to want to hit switch user choose other user and down here you'll see it'll say logon to go Gudda now we're going to log in using our administrator account that we raided back on the server because that's the only account that we have so far on this domain however if I just type in administrator here you can see that it automatically wants to log on to the PC itself so in order to override that what you need to do is type in the short name of your domain so in my case that was go Gouda put a slash and then type an administrator that will just ensure that you log on to the domain and not the computer itself ok and now you can type in the password that you also created so go Gouda server 1 2 3 and hit enter and you can see now that we are now logged in as the administrator on the domain okay so now I'm actually just going to go about actually managing the Active Directory domain that we created now this domain does have to be managed from a Windows client because as you could tell we can't really do much from the command line on the ubuntu server itself so in order to manage this domain in Windows XP you're going to want to install the administration tools package and in Windows Vista seven and eight you're going to want to install remote server administration tools now the links for both those will be down in the description below it should be outlined on Microsoft's website how to install each one if you do need extra help though just leave a comment down below and I'll try my best to help you out however just a quick note with the remote server administration tools when you go to install the actual snap-ins make sure to install these snap ins that are pertaining to the active directory itself the active directory snap ins are what we need to use in order to manage this domain so the most important ones in my opinion are probably the Active Directory users and computers and also group policy management those are the two that are most likely going to be helpful to you if you're doing this so the first thing that I'm going to do is just show you how to add new users and stuff like that so in order to do that you have to just open up Active Directory users and computers find your domain in the side here and you should actually see a folder for users and in order to add a new one all you have to do is hit create a new user up here you could give them a first name so let me create a new user here okay and you can see that you have a few options here now one thing here you'll see that it cannot set the new password that's because on the Samba server itself there's actually a password length or password complexity requirement so I'm just going to show you how to turn that off on the server real quickly to because it can be kind of inconvenient ok so now back on the server just to turn off the password complexity thing what you need to do is type in slash USR slash / Samba /bin slash Samba tool so we're using samba tool to do this domain password settings set - - complexity equals off and hit enter and there you go now there aren't certain password requirements so passwords can be whatever you want them to be hey now back in Windows here we're just going to try and create this password again and you can see that the password complexity has been turned off so and we could see all the user properties by right-clicking and I can also make this user and administrator if I'd like which I'm going to do here so now that user is a domain administrator so let's login to that account so that you can see it's worse it's going to hit switch user and this time I don't have to put the go Gouda in front of the user because there isn't a user named David that is saved specifically on this computer the only user David that exists is on this domain so it's not going to try and default to logging into the computer again so I'm logging on to the goo-goo de domain right now with the new user that we just create I like I said the other module that you're probably going to use is the group policy management so if we go ahead and open that up you can see here our domain is in the side basically what I can do in here is I can actually give certain users or certain groups of users certain permissions and basically I can also customize their Windows experience so the theme that they get when they log in their background what they have access to what they don't I'm not going to go to in depth in this because that'll take a lot of time but there's a lot of stuff on the internet about how to customize the users experience and how to use the group policy manager for certain groups of users and certain users themselves so anyways that's it for this tutorial so thanks for watching and I hope I helped if you like this video don't forget to click the like button down below don't forget to rate comment subscribe for more and also don't forget to check out my Facebook and Twitter page also don't forget to check out my website at www.keytime.com in the description below
Info
Channel: goguda55 Tech Tutorials
Views: 279,921
Rating: undefined out of 5
Keywords: Active Directory (Software), Domain Controller, Ubuntu (Software), How-to (Media Genre), Windows, Computer, Linux, Tutorial, Desktop, GNU/Linux (Operating System), Apple, software, samba, networking, domain, login, authentication, password, username, network, source code, terminal, server, linux server, windows server, internet, opensuse, centos, file server, samba4, kerberos, group policy, lamp server, print server, openssh, ssh, build, programming, python, users, computers, tech, technology, Program
Id: Rf7Hk8qWt1Q
Channel Id: undefined
Length: 34min 11sec (2051 seconds)
Published: Mon Jan 06 2014
Related Videos
Active Directory Best Practices That Frustrate Pentesters
Black Hills Information Security
23K
Setting Up Samba 4 Active Directory Domain Controller on Ubuntu in VirtualBox
Rocket City Tech
33K
ADMT (Active Directory Migration Tool) - ADMT 3.2 Step by Step Installation and Migration Full
Labs Hands On
95K
How does a USB keyboard work?
Ben Eater
1M
Active Directory Tutorial for Beginners - Live Training
Server Academy
41K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.4M
Ubuntu 18 04 : Active Directory Doman Controller
theurbanpenguin
54K
Don't Talk to the Police
Regent University School of Law
16M
07 Group Policy Objects - Windows Server 2008 Tutorial
Harsha S Srinivas
20K
Kubernetes Crash Course for Absolute Beginners [NEW]
TechWorld with Nana
308K
I bought 1000 meters of wire to settle a physics debate
AlphaPhoenix
924K
The Insane Engineering of James Webb Telescope
Real Engineering
1.5M
The Most Powerful Computers You've Never Heard Of
Veritasium
3.1M
Azure Active Directory (AD, AAD) Tutorial | Identity and Access Management Service
Adam Marczak - Azure for Everyone
302K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.