Quick and dirty Samba4 domain controller setup instructions

Copy this to your text editor, edit the variables, then paste line by line into the same shell session in a fresh install of Ubuntu 12.04 server with no optional packages installed other than OpenSSH.



For some reason it took doing an nslookup of testdc.testdomain.local at the command line on  the win7 box before the domain join worked... I will investigate why...

Also, there are interactive parts so it's not so great as a script

#!/bin/bash

# Set up Samba4 as Domain Controller

# To be run on a fresh install of Ubuntu Server 12.04 with no optional packages selected save SSH
# architecture is x86_64, but only 1 place in this script does it matter.





# Local Administrator provided Values:

REALMNAME="testdomain.local"
REALMNAMEALLCAPS="TESTDOMAIN.LOCAL"
WINDOMAINNAME="TESTDOMAIN"
ADMINPASS="AdminPass1"

# WINDOMAINNAME must be all-caps
# ADMINPASS must bed 8 or more chars, 1+ digits and 1+ upper and 1+ lower case letters



apt-get update
apt-get dist-upgrade
apt-get install samba4 krb5-user
mv /etc/samba/smb.conf /etc/samba/smb.conf.orig


chmod u+x /usr/share/samba/setoption.pl
apt-get install samba4-clients

/usr/share/samba/setup/provision --realm=$REALMNAME --domain=$WINDOMAINNAME --adminpass=$ADMINPASS --server-role=dc
service samba stop
service bind9 stop

mkdir /srv/sambashares
mkdir /srv/sambashares/mainshare

cat << EOF >>/etc/samba/smb.conf
[mainshare]
        path = /srv/sambashares/mainshare
        read only = No
EOF



echo "include \"/etc/bind/named.conf.samba\";" >>/etc/bind/named.conf.local 
chown root:bind  /var/lib/samba/private/named.conf
mv /var/lib/samba/private/named.conf /etc/bind/named.conf.samba

cat << EOF >>/etc/apparmor.d/local/usr.sbin.named
/var/lib/samba/private/dns/** rwk,
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so rm,
/usr/lib/x86_64-linux-gnu/samba/gensec/krb5.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/ldap.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/paged_results.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/paged_searches.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/rdn_name.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/acl.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/acl_read.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/anr.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/acl.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/aclread.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/anr.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/descriptor.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/dirsync.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/extended_dn_in.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/extended_dn_out.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/extended_dn_store.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/ildap.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/instancetype.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/lazy_commit.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/ldbsamba_extensions.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/linked_attributes.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/local_password.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/new_partition.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/objectclass.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/objectclass_attrs.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/objectguid.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/operational.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/partition.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/password_hash.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/ranged_results.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/repl_meta_data.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/resolve_oids.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/rootdse.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/samba3sam.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/samba3sid.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/samba_dsdb.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/samba_secrets.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/samldb.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/schema_data.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/schema_load.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/show_deleted.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/simple_dn.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/simple_ldap_map.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/subtree_delete.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/subtree_rename.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/update_keytab.so rm,
/usr/lib/x86_64-linux-gnu/samba/ldb/wins_ldb.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/sample.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/server_sort.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/skel.so rm,
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/tdb.so rm,
EOF

service apparmor restart
service bind9 start
service samba start


kinit administrator@$REALMNAMEALLCAPS

No comments:

Post a Comment