Ubuntu 20.04 LTS is the latest long term support version of Ubuntu. It is possible to install and use a simple Active Directory on top of Ubuntu, based on the open source SAMBA 4 software. I have checked this with Ubuntu 18.04 and 20.04 LTS and it works. The Acttive Directory works at the Server 2008 R2 functional level. We can maintain the AD using RSAT (Remote Administration Tools) from Windows 10. It is also possible to use roaming user profiles and home folders, more about this in a later post.
Are you interested to try this out on your own server? Active Directory is used in corporations for centralized authentication and management of users, groups and computers. So, it is recommended to host the server at your own premises. I have not added a second domain controller to active directory; you are free to try that out.
Shall we start?
First, assign a static IP to your server. Ubuntu Server uses netplan for network management. Your network configuration will look similar to this:
sudo vim /etc/netplan/00-installer
---
network:
ethernets:
enp0s3:
dhcp4: no
addresses:
- 192.168.1.51/24
gateway4: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
search: []
version: 2
---
Apply the network config
sudo netplan apply
Check if time synchronization with an Internet server is working
timedatectl
Update the apt cache
sudo apt update
Change the hostname and update the hosts file
sudo vim /etc/hostname
---
dc1.mvcloud.tech
---
sudo vim /etc/hosts
---
192.168.1.51 dc1.mvcloud.tech dc1
---
sudo reboot
Now, install the SAMBA 4 Active Directory packages
sudo apt -y install samba krb5-config winbind smbclient
---
Kerberos Realm: MVCLOUD.TECH
Kerberos servers for your realm: dc1.mvcloud.tech
Administrative server for your Kerberos realm: dc1.mvcloud.tech
Rename the SAMBA config file
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original
Provision the domain controller
sudo samba-tool domain provision
---
Realm [MVCLOUD.TECH]:
Domain [MVCLOUD]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]: 8.8.8.8,8.8.4.4
Administrator password:
Retype password:
Copy the Kerberos config file
sudo cp /var/lib/samba/private/krb5.conf /etc/
Stop and disable the samba services and the dns resolver service
sudo systemctl disable --now smbd nmbd winbind systemd-resolved
Unmask the SAMBA AD service
sudo systemctl unmask samba-ad-dc
Enable and start the AD service
sudo systemctl enable --now samba-ad-dc
Show the functtional levels of the AD
sudo samba-tool domain level show
---
Domain and forest function level for domain 'DC=mvcloud,DC=tech'
Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2
Recreate the dns nameserver file
sudo rm -f /etc/resolv.conf && sudo vim /etc/resolv.conf
---
nameserver 127.0.0.1
domain mvcloud.tech
Active Directory is now ready! Try joining a Windows 10 PC to your AD domain.
You may use the samba-tool command to administer AD from the server itself. For example, this is how you create a user:
sudo samba-tool user create melvin
thanks a lot for this tuto
so much better than the Samba docs! Thanks!