fbpx

How to install Active Directory on Ubuntu 20.04 LTS

Ubuntu 20.04 LTS is the latest long term support version of Ubuntu. It is possible to install and use a simple Active Directory on top of Ubuntu, based on the open source SAMBA 4 software. I have checked this with Ubuntu 18.04 and 20.04 LTS and it works. The Acttive Directory works at the Server 2008 R2 functional level. We can maintain the AD using RSAT (Remote Administration Tools) from Windows 10. It is also possible to use roaming user profiles and home folders, more about this in a later post.

Are you interested to try this out on your own server? Active Directory is used in corporations for centralized authentication and management of users, groups and computers. So, it is recommended to host the server at your own premises. I have not added a second domain controller to active directory; you are free to try that out.

Shall we start?

First, assign a static IP to your server. Ubuntu Server uses netplan for network management. Your network configuration will look similar to this:

sudo vim /etc/netplan/00-installer
---
network:
  ethernets:
    enp0s3:
      dhcp4: no
      addresses:
      - 192.168.1.51/24
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
        search: []
  version: 2
---

Apply the network config

sudo netplan apply

Check if time synchronization with an Internet server is working

timedatectl

Update the apt cache

sudo apt update

Change the hostname and update the hosts file

sudo vim /etc/hostname
---
dc1.mvcloud.tech
---
sudo vim /etc/hosts
---
192.168.1.51 dc1.mvcloud.tech dc1
---
sudo reboot

Now, install the SAMBA 4 Active Directory packages

sudo apt -y install samba krb5-config winbind smbclient
---
Kerberos Realm: MVCLOUD.TECH
Kerberos servers for your realm: dc1.mvcloud.tech
Administrative server for your Kerberos realm: dc1.mvcloud.tech

Rename the SAMBA config file

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original

Provision the domain controller

sudo samba-tool domain provision
---
Realm [MVCLOUD.TECH]:
Domain [MVCLOUD]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
DNS forwarder IP address (write 'none' to disable forwarding) [127.0.0.53]:  8.8.8.8,8.8.4.4
Administrator password:
Retype password:

Copy the Kerberos config file

sudo cp /var/lib/samba/private/krb5.conf /etc/

Stop and disable the samba services and the dns resolver service

sudo systemctl disable --now smbd nmbd winbind systemd-resolved

Unmask the SAMBA AD service

sudo systemctl unmask samba-ad-dc

Enable and start the AD service

sudo systemctl enable --now samba-ad-dc

Show the functtional levels of the AD

sudo samba-tool domain level show
---
Domain and forest function level for domain 'DC=mvcloud,DC=tech'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

Recreate the dns nameserver file

sudo rm -f /etc/resolv.conf && sudo vim /etc/resolv.conf
---
nameserver 127.0.0.1
domain mvcloud.tech

Active Directory is now ready! Try joining a Windows 10 PC to your AD domain.

You may use the samba-tool command to administer AD from the server itself. For example, this is how you create a user:

sudo samba-tool user create melvin

2 thoughts on “How to install Active Directory on Ubuntu 20.04 LTS”

Leave a Reply