Selanjutnya adalah proses provosioning samba4 sebagai pengganti dc-promo yang ada pada os windows.
Seperti biasa buka terminal remote server melalui ssh, login user sebagai root agar memudahkan proses instalasi dan konfigurasi pada server ubuntu ini.
Provosioning ini dapat kita lakukan dengan perintah sebagai berikut :
sudo /usr/local/samba/bin/samba-tool domain provision --realm DISTROUBUNTU.COM --domain DISTROUBUNTU --adminpass s@mbad1stro --server-role=dc --use-ntvfs
Note :
realm diisi : namadomainanada.com
domain : domaiananda
adminpass : password yang akan digunakan saat login diAD nanti harus komplex seperti contoh diatas.
Proses provosioning jika berhasil seperti ini :
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=distroubuntu,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=distroubuntu,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba4
NetBIOS Domain: DISTROUBUNTU
DNS Domain: distroubuntu.com
DOMAIN SID: S-1-5-21-2176471023-1056518906-69415402
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=distroubuntu,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=distroubuntu,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba4
NetBIOS Domain: DISTROUBUNTU
DNS Domain: distroubuntu.com
DOMAIN SID: S-1-5-21-2176471023-1056518906-69415402
Jika masih gagal cek error yang terjadi kemudian lakukan provosioning kembali. Sebelumnya remove konfigurasi provosioning yang sebelumnya mungkin sudah terjadi :
sudo rm /usr/local/samba/etc/smb.conf
START SERVICE SAMBA4
/usr/
local
/samba/sbin/samba restart
Agar service samba otomatis running pada saat server direstart tambahkan script berikut ini :
sudo nano /etc/init.d/samba4
Copy paste script di bawah ini
#! /bin/sh
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Samba daemons
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
SAMBAPID=/var/run/samba/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /usr/local/samba/sbin -a -r /usr/local/samba/etc/ || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba 4 daemon" "samba"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba 4 daemon" "samba"
start-stop-daemon --stop --quiet --name samba $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|restart|force-reload}"
exit 1
;;
esac
exit 0
### BEGIN INIT INFO
# Provides: samba
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start Samba daemons
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
SAMBAPID=/var/run/samba/samba.pid
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /usr/local/samba/sbin -a -r /usr/local/samba/etc/ || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting Samba 4 daemon" "samba"
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/local/samba/sbin/samba -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
;;
stop)
log_daemon_msg "Stopping Samba 4 daemon" "samba"
start-stop-daemon --stop --quiet --name samba $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|restart|force-reload}"
exit 1
;;
esac
exit 0
Simpan perubahannya.
Kemudian jalankan perintah berikut :
sudo chmod 755 /etc/init.d/samba4
sudo update-rc.d samba4 defaults
TESTING KONFIGURASI DNS
host -t SRV _ldap._tcp.distroubuntu.com.
Hasilnya :
host -t SRV _kerberos._udp.distroubuntu.com.
Hasilnya :
host -t A distroubuntu.com.
Hasilnya :
Jika masih gagal pada saat testing DNS lakukan pengecekan Hosts, Hostname, resolv.conf, dns-forwarder, ip addrs dan service sambanya. bila perlu lakukan provosioning kembali dengan meremove provosioning sebelumnya.
INSTALASI KERBEROS
sudo apt-get install krb5-user
Selesai install lakukan ujicoba kerberos :
kinit administrator
Jika keluar seperti ini maka konfigurasi semuanya berhasil.
Warning: Your password will expire in 41 days on Tue Sep 5 15:23:03 2013
Ini adalah masa berlakunya password administrator, kita dapat dengan mudah mengganti setelah join domain pada active directory nanti..
Sekian dulu..
Selanjutanya proses join domain pada windows, install remote administrator (ad) dan menambah user
Refrensi :
http://ahmad.imanudin.com/2013/08/01/membangun-linux-active-directory-dengan-samba4-pada-ubuntu-bagian-1-konfigurasi-network-repository/
http://www.jadota.com/2013/01/installing-samba4-on-ubuntu-12-04/
http://ahmad.imanudin.com/2013/08/01/membangun-linux-active-directory-dengan-samba4-pada-ubuntu-bagian-1-konfigurasi-network-repository/
http://www.jadota.com/2013/01/installing-samba4-on-ubuntu-12-04/