Samba 4 Domain Controller on Ubuntu Server 12.04 LTS

This tutorial will guide you through setting up a Samba 4 Domain Controller using Active Directory on Ubuntu Server 12.04. Samba 4 is the first version of Samba that have full Active Directory support and will allow newer versions of Windows (7 and 8) to join the domain without any registry hacks.

I installed Ubuntu Server 12.04 LTS and installed all of the latest updates and the latest kernel (3.2.0-35-generic).

We need a few extras installed before we can build Samba 4.

sudo apt-get install gcc python2.7-dev make libacl1-dev python

Next we download the source file (head to http://ftp.samba.org/pub/samba/ to check what the latest version is and change file name below) and extract it.

wget http://ftp.samba.org/pub/samba/samba-4.0.0.tar.gz
tar -zxvf samba-4.0.0.tar.gz

Change into the extracted folder

cd samba-4.0.0

Now we need to configure and make samba. These steps will take a while.

 ./configure
sudo make
sudo make install

Once this completes we can start configuring our Samba 4 Active Directory domain

 sudo /usr/local/samba/bin/samba-tool domain provision

It will ask for the realm first. We can use mydomain.local for this (replace mydomain with the name of your domain)

Realm: mydomain.local

Next it prompts for the short domain name

Domain [mydomain]:
press enter to accept the default  or enter an alternative

Next we choose the role of our server.

Server Role (dc, member, standalone) [dc]: 
press enter here to accept the default

Next up is the dns server you want to use. We’ll select the built in dns server to keep things simple

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]: press enter to select the default internal 
dns server:

Here we set the dns forwarder for web addresses the dns server cannot resolve. It defaulted to my router IP address and this should work for most people.

DNS forwarder IP address [router ip]: 
press enter to use default or enter your preferred dns server 
(opendns, google etc)

Finally we set the admin password for the domain (make sure this is a complex password or you might have issues adding users later-thanks to James for this tip)

Administrator Password: enter your password here

The system will then generate the domain and the associated files.

With this default setup there is no need to configure an external dns server, although one can be configured if required. By not specifying one during setup, the internal dns server is configured for us. We do have to configure our client to use this dns server as it’s primary dns server. We can do this two ways: Either through the router so it’ll be set for all PCs automatically or on each individual PC through the adapter settings.

Now we are are ready to start Samba 4.

sudo /usr/local/samba/sbin/samba

We need to make Samba 4 start when the system boots up.
First we need an upstart script to handle starting and stopping Samba.
I used a script from http://lists.samba.org/archive/samba/2011-April/161947.html
Attached here also samba.txt(right click to save this and rename from samba.txt to samba)
Place this file in the /etc/init.d/ folder and run the following to make it executable

sudo chmod +x /etc/init.d/samba

Next we add this script to the startup routine

sudo update-rc.d samba defaults 98 02

Then restart your server and make sure samba is running

sudo reboot

Add a user to Samba 4

sudo /usr/local/samba/bin/samba-tool user add USERNAME

Join the domain

I use User Profile Wizard from http://www.forensit.com/downloads.html
so I can transfer any existing user accounts into domain accounts faster.

Migrate a local user profile to a domain

 

Manage the Domain from a Windows 7 PC using Windows Remote Administration Tools

It is also possible to use windows based tools to manage the domain.
Download RSAT from the link below and follow the instructions to get it installed.

http://www.microsoft.com/en-us/download/details.aspx?id=7887

 

 

Unable to adduser.

Error(ldb): Failed to add user ‘test’: – objectclass; Cannot add CN=test,CN-Users,DC=mydomain,DC-local, parent does not exist!

Any ideas? Thanks

From above. Everything appeared to go smooth. The only difference was I did NOT update my Kernel.(3.2.0-29)

This is what I get from samba-tool dbcheck

ERROR(ldb): uncaught exception – operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:501
File “/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dbcheck.py”, line 108, in run
fix=fix, yes=yes, quiet=quiet, in_transaction=started_transaction)
File “/usr/local/samba/lib/python2.7/site-packages/samba/dbchecker.py”, line 60, in __init__
self.ntds_dsa = samdb.get_dsServiceName()
File “/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py”, line 855, in get_dsServiceName
res = self.search(base=””, scope=ldb.SCOPE_BASE, attrs=[“dsServiceName”])

Paul I figured out my error. I did NOT create a complex password for the administrator account during install.

Thanks for posting back. Did the password prompt tell you about using an password that wasn’t complex enough? I’ll take a look into this tonight and update the article with a warning.

It did but it scrolled so fast I didn’t notice it the first time. I watched each line as the install went by after entering the password. One typo in your tutorial. I had to change “cd samba4.0.0” to “cd samba-4.0.0”. Minor typo. Thanks for the tutorial. Now attempting to manage and connect to the server.

Hi,

I had the same issue, the password solution did not work. I tested it with Ubuntu 12.10 using samba4.0.3.

What could i possibly missed? I followed the tutorial and reached till adding users.

Hoping for your advice.

Thanks!
-IJ-

One other note. Your link to the Samba start up script is missing. Doesn’t download. Redirects to this page.

Paul, The Samba wiki page shows for Ubuntu to use libacl1- dev to install. Any difference? How would I also go about installing the optional development libraries and programs? ie. cups? Any examples. Thanks!

Paul, Disregard my prior comment about libacl1-dev. My Kindle truncated the website. Do you however know if Kerberos needs to be installed separately from the samba4.0.0 package?

As far as I know, Samba 4 contains everything it needs by default. I’ve been having a few problems with the internal dns server though. I might redo the tutorial using bind dns instead at the weekend.

Sometimes it seems to stop responding. I’m still trying to pinpoint what the problem is. It may be an issue with my install of Windows instead of the DNS component of samba. Or it may be a problem with my virtualisation server because I’m also have a separate issue with a database vm. I should get a bit of time to investigate at the weekend. Have you got your domain setup yet? Any issues on your end?

Domain is setup but I do have a few issues. First I can’t get my clients to have internet access. DNS will not resolve. I have to manually provide a second DNS on the client to access the internet(ie. 8.8.8.8). I tried changing the DNS forwarder to my router IP as well as my prior DNS server on the network. No luck. Second the start up script doesn’t “work”. I’m able to connect to the domain with the script but I have to run “/usr/local/samba/sbin/samba” after boot to allow access to smbclient shares. Weird. After reading the Wiki on the 4.0.0 release we do need a few prerequisites prior to install. May work even after install. https://wiki.samba.org/index.php/Samba_4/OS_Requirements#Recommended_optional_development_libraries_and_Programs:

Domain is setup but I do have a few issues. First I can’t get my clients to have internet access. DNS will not resolve. I have to manually provide a second DNS on the client to access the internet(ie. 8.8.8.8). I tried changing the DNS forwarder to my router IP as well as my prior DNS server on the network. No luck. Second the start up script doesn’t “work”. I’m able to connect to the domain with the script but I have to run “/usr/local/samba/sbin/samba” after boot to allow access to smbclient shares. Weird.

After reading the Wiki on the 4.0.0 release we do need a few prerequisites prior to install. May work even after install. https://wiki.samba.org/index.php/Samba_4/OS_Requirements#Recommended_optional_development_libraries_and_Programs:

Do you get any errors when you run sudo update-rc.d samba defaults 98 02
You need to be in the /etc/init.d/ folder to run this

On my router I give out three dns servers, my samba server, a google dns server and an opendns server. You should give out at least dns server to handle one failing. Can you samba server itself ping internet addresses? What’s in your /etc/network/interfaces file?

The only requirement I see on that wiki is python which is installed by default on most distros but I’ll add it to the tutorial.

Paul, No errors. Just tried again and it tells me already exist. Can you type “smbclient -L localhost -U%” and see your shares without having to start Samba from the command prompt after boot?

Oops maybe “need” wasn’t the correct term =). I find useful samba4-clients, krb5-clients and cups useful to install.

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.68.132
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.68.2
dns-nameservers 192.168.68.132 8.8.8.8
dns-domain samba4.cimglocal.local

By the way. I’ve searched all over for a tutorial on Samba4 that would at least get me working without success. Yours was the only one that would successfully build. I thank you for that! I think the issues I have now is how to correctly configure the interfaces and smb.conf files. I can administer with the RSAT tools so everything appears to work. The above is from a virtual server. If it makes a difference.

Yes smbclient works for me after reboot.

If you take out the 8.8.8.8 and reboot, can the samba server ping outside addresses?

I haven’t really looked into the sharing side of samba4 yet as I have another vm doing that with samba3 now. I’m also planning a new freenas box so I might not use samba for sharing at all.

Glad the tutorial work for you. It can be hard to find stuff online that works or has too much information(about other distros etc).

Paul, How do you have your Hosts file and what shows up in your resolv.conf file? I know we can’t directly edit this file any longer.

Hi, i follow step by step, but when i want to test the server with the command:
“$ /usr/local/samba/bin/smbclient -L localhost -U%”
the system display this error:
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

I can’t join to the server, any idea? thanks.-

the problem gone by adding the user account with the same name as the ubuntu server user.
But the boot script don’t work for me, i need to start the service manually to see the shares.
In the script this path is ok?? DAEMON=/usr/local/samba1/sbin/samba.
I try to change “samba1” to “samba” but still not work.

Thanks for the guide!

Hmmm, the script is working for me but I also have the samba1. Starting and stopping work properly.

Did you try creating the file yourself from the link I got the script from?

Paul, How do I add local entries to Samba’s internal DNS? I have other servers on the network I would like samba to resolve for clients. I edited my hosts file so the Samba4 server could ping it. But the clients can’t. Thanks.

Hi,

I dont know if this makes a difference, I didn’t not download the samba.txt but instead created samba file under it using nano command.

What configuration will most like trigger the error in adding user?

Can i execute some commands to check my configuration?

Pls. guide me.
Thanks,

-IJ-

Dear Paul,
thanks for the good tutorial!
Together with the Samba-Wiki it enables me to install an AD-like server using Ubuntu 12.04. Great!
One thing… There is a typo in the startup-script that can be downloaded: “samba.txt”. In the path there is “samba1”. The “1” has to be removed, than it works!

Regards,
Oliver

I am being taught about all this in college using windows server 2008 and would love to practice at home. I also use ubuntu(desktop 12.04) on my laptop but wouldn’t be up to scratch on the terminal commands but I can follow the instructions never the less.

Looks like a great guide all the same and I am going to try it.

I know the ubuntu server has no GUI by default(suppose I could add it)
Anyway, can I manage AD and group policies etc through a GUI
Or does everything need to go through the terminal?

Cheers,
Wil

Any steps on how to update samba 4 if you change the server IP address? Lets says the IP address was 192.168.1.5, then there was a change in network in the samba 4 server IP address needs to be change to 192.168.2.5? I changed the network adapter, host file and resolv.conf file but still samba 4 internal dns points to the old IP.

Thank you in advance.

Thank you @Paul, I found that website before and apply the said step but it seems not successful, if I type $ host -t A mySamba4.local the A record still points to old address. There was an old forum that instruct to delete the browse.dat and wins.dat but I don’t know where these files can be found.

Then I decided to setup another Ubuntu Server 12.04 and samba 4. I was able to create home folder and group share with quota. We have a 200+ employees and I am planning to use samba 4 as our PDC.

Good day, I was able to change my samba4 IP from the instruction in this link:
https://lists.samba.org/archive/samba-technical/2013-May/092279.html

After that steps, I must first log in using the command $ kinit administrator@MYDOMAIN.COM in order to proceed in using the command samba-tool dns update. My samba4 is now up and running using the new IP address. Now I am exploring on how to add/configure reverse lookup zone for its internal DNS.

Any advise regarding reverse lookup zone in samba4 internal DNS? Thank you.

Lost power and now when trying to use the samba-tool i get this message
“Traceback (most recent call last):
File “/usr/bin/samba-tool”, line 26, in
from samba.netcmd.main import cmd_sambatool
File “/usr/lib/python2.7/dist-packages/samba/netcmd/main.py”, line 23, in
from samba.netcmd.dbcheck import cmd_dbcheck
File “/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py”, line 23, in
from samba.auth import system_session
ImportError: libauth4.so: cannot open shared object file: No such file or directory”

any help would be great!

I’ve got a major issue after the step ‘Add a user to Samba 4’ I rebooted my server again and from that point on I cant log in with ANY account.
When logging in on the console it just returns to the login: prompt after typing the correct credentials. If I use the wrong credentials it says ‘Login Incorrect’ so it’s checking the password correctly but it just returns to the login prompt and I cant get into the server at all.
I also tried to change the password through the recovery mode but running passwd on any account now just returns to the command prompt and doesn’t ask for the new password. Any help greatly appreciated

Hey, I did all untill the point of “Realm:”;but I do not have a domain or anything like that.I just wanna exchange files between an Ubuntu and Windows laptops(both are in an ad hoc wireless network already).I follow all of your site instructions but it sounds it ‘s for somebody who wants the samba server side.I need the ubuntu to be a client and these instructions are not for that.
Q:How I do remove all of the samba I install untill the point of “Realm”.
Thanks.

Paul,

Your Script samba auto start when boot not run. I have to use manual ( /usr/local/samba/sbin/samba ).

Can you help me for fix this problem. So tired if we always start samba with manually..

Thanks

Hi,

I finally got samba4 running on Ubuntu 12.04 LTS but I was having issues starting it. In the logs it had an error that it couldnt bind to 0.0.0.0:389 as it was already in use. I have an OpenLDAP server running on this port for authentication for my mail users. When I stop OpenLDAP Samba works perfectly and my domain is functional. Is there any way to have both working? and maybe use OpenLDAP as the DC Authentication mechanism.

TIA
Trevor.

Hey,
don’t know if you’re still replying to this post, but I have gotten everything up and running. And I connect a win8 client to the domain. The problem is that the client gets no internet, it resolves IPs, but gets no response. just timeouts. Any ideas?

Kim

46 Comments

Leave a Reply

Your email address will not be published.

Linux
1
Hide a folder in Samba

To hide a folder in Samba you must edit the smb.conf file (/etc/samba/smb.conf).  To hide a folder globally put the following into the [global] section or into the relevant share section if it’s just for a single share. eg. To hide Lost+Found in all Samba shares [global] …. hide files …

Linux
3
Samba 4.0 released

Samba 4.0 has been released which includes full Active Directory support. I will be looking into running a small domain controller and will post a few tutorials showing how to get everything setup with both Windows and Linux. Official wiki HOWTO here: https://wiki.samba.org/index.php/Samba4/HOWTO

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close