This tutorial will guide you through setting up a Samba 4 Domain Controller using Active Directory on Ubuntu Server 12.04. Samba 4 is the first version of Samba that have full Active Directory support and will allow newer versions of Windows (7 and 8) to join the domain without any registry hacks.
I installed Ubuntu Server 12.04 LTS and installed all of the latest updates and the latest kernel (3.2.0-35-generic).
We need a few extras installed before we can build Samba 4.
sudo apt-get install gcc python2.7-dev make libacl1-dev python
Next we download the source file (head to http://ftp.samba.org/pub/samba/ to check what the latest version is and change file name below) and extract it.
tar -zxvf samba-4.0.0.tar.gz
Change into the extracted folder
Now we need to configure and make samba. These steps will take a while.
./configure sudo make sudo make install
Once this completes we can start configuring our Samba 4 Active Directory domain
sudo /usr/local/samba/bin/samba-tool domain provision
It will ask for the realm first. We can use mydomain.local for this (replace mydomain with the name of your domain)
Next it prompts for the short domain name
Domain [mydomain]: press enter to accept the default or enter an alternative
Next we choose the role of our server.
Server Role (dc, member, standalone) [dc]: press enter here to accept the default
Next up is the dns server you want to use. We’ll select the built in dns server to keep things simple
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: press enter to select the default internal dns server:
Here we set the dns forwarder for web addresses the dns server cannot resolve. It defaulted to my router IP address and this should work for most people.
DNS forwarder IP address [router ip]: press enter to use default or enter your preferred dns server (opendns, google etc)
Finally we set the admin password for the domain (make sure this is a complex password or you might have issues adding users later-thanks to James for this tip)
Administrator Password: enter your password here
The system will then generate the domain and the associated files.
With this default setup there is no need to configure an external dns server, although one can be configured if required. By not specifying one during setup, the internal dns server is configured for us. We do have to configure our client to use this dns server as it’s primary dns server. We can do this two ways: Either through the router so it’ll be set for all PCs automatically or on each individual PC through the adapter settings.
Now we are are ready to start Samba 4.
We need to make Samba 4 start when the system boots up.
First we need an upstart script to handle starting and stopping Samba.
I used a script from http://lists.samba.org/archive/samba/2011-April/161947.html
Attached here also samba.txt(right click to save this and rename from samba.txt to samba)
Place this file in the /etc/init.d/ folder and run the following to make it executable
sudo chmod +x /etc/init.d/samba
Next we add this script to the startup routine
sudo update-rc.d samba defaults 98 02
Then restart your server and make sure samba is running
Add a user to Samba 4
sudo /usr/local/samba/bin/samba-tool user add USERNAME
Join the domain
I use User Profile Wizard from http://www.forensit.com/downloads.html
so I can transfer any existing user accounts into domain accounts faster.
Manage the Domain from a Windows 7 PC using Windows Remote Administration Tools
It is also possible to use windows based tools to manage the domain.
Download RSAT from the link below and follow the instructions to get it installed.