Howto Add a Samba4 Domain Controller: Difference between revisions
From Pumping Station One
No edit summary |
→Wordpress: Finishing out wordpress settings |
||
| Line 53: | Line 53: | ||
{| | {| | ||
|Server ||Domain Controllers ||auth. | |Server || Domain Controllers || auth.pumpingstationonei.org | ||
|- | |- | ||
| | | || Base DN ||cn=Users,dc=ad,dc=pumpingstationone,dc=org | ||
|Base DN | |||
|cn=Users,dc=ad,dc=pumpingstationone,dc=org | |||
|- | |- | ||
|User | |User || Account Suffix || @ad.pumpingstationone.org | ||
|Account Suffix | |- | ||
|@ad.pumpingstationone.org | | || Automatic User Creation || check | ||
|- | |||
| || Automatic User Update || check | |||
|- | |||
| || Prevent Email Change || check (maybe not, might be an easy way for users to update email address) | |||
|- | |||
|Authorization || Role Equivalent Groups || Domain Admins=administrator | |||
|- | |||
|Security || User Notification || check | |||
|} | |} | ||
Revision as of 23:46, 11 April 2013
DNS Records
- Set an A record for auth.pumpingstationone.org
- Set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org
Host Setup
echo "auth.pumpingstationone.org" > /etc/hostname add 66.228.35.181 auth.ad.arbitrarion.com auth to beginning of /etc/hosts
Samba
There is no stable, working version of Samba 4 shipping with ubuntu. You have to download it from source for now. As of writing, version 4.0.5 works
git clone -b v4-0-stable git://git.samba.org/samba.git samba ./configure make make install
Provisioning
/usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc
Make a note of the admin password. You may need it later.
Kerberos
apt-get install kerberos
/etc/krb5.conf
[libdefaults]
default_realm = AD.ARBITRARION.COM
dns_lookup_realm = false
dns_lookup_kdc = true
Adding Users
To create the user "hef" and set the user password, use the following command:
/usr/local/samba/bin/samba-tool user add hef
To add the user "hef" to the "Domain Admins" group, use the following command:
/usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
Services
Wordpress
- Log in as admin user.
- Install the active-directory-integration plugin.
Under Settings >> Active Directory Integration set the following:
| Server | Domain Controllers | auth.pumpingstationonei.org |
| Base DN | cn=Users,dc=ad,dc=pumpingstationone,dc=org | |
| User | Account Suffix | @ad.pumpingstationone.org |
| Automatic User Creation | check | |
| Automatic User Update | check | |
| Prevent Email Change | check (maybe not, might be an easy way for users to update email address) | |
| Authorization | Role Equivalent Groups | Domain Admins=administrator |
| Security | User Notification | check |
