Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )

Advanced DNS Management
New ZoneEdit. New Managment.


Sign Up Now
> Samba Active Directory Domain Controller, CentOS 6 + Samba 4
post Mar 30 2014, 06:45 AM
Post #1

Its GNU/

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069

Hello Everyone,

This one is going to be a SAMBA Active Directory on CentOS 6.x

STEP 1. - Install base system

Download CentOS 6.x iso from CentOS website ( sorry admin does not allow links )
Install system any way you like , with your partitioning layout does not matter .

In this example hostname is : samba4.home.lan and ip address is :

STEP 2 - Disable SeLINUX , Iptables

Now we disable SeLINUX like this :
chkconfig iptables off
chkconfig ip6tables off
vi /etc/selinux/config

Press i
Look for SELINUX= line and change it to SELINUX=disabled
Once you are done editing press ESC , then type :wq then press ENTER
Now we must reboot the server in order for SeLINUX to be disabled.

STEP 3. - Update System

yum update

STEP 4. - Enable SAMBA 4 repo

Why use different repo ? answer : CentOS 6 Samba misses a lot of tools, this is way better, and much much easier to setup , and works just as well.

touch /etc/yum.repos.d/SOGo.repo
vi /etc/yum.repos.d/SOGo.repo

Press i , then type in the following :
name=Inverse SOGo Repository

Once done editing press ESC , then type :wq and press ENTER

STEP 5 - Samba installation , configuration

yum install samba4

Once it is done you run the following command :

samba-tool domain provision --user-rfc2307 --interactive

Here a bunch of questions will be asked , but you only need to alter one for our setup :

Domain name : home.lan ( !!! in this example!!! )

After this all settings can be left at default, which means you should still read what it is asking, not just hit ENTER,ENTER,ENTER smile.gif

Somewhere at the end it will ask for domain password, this is the Administrator password, so this at least should be complex
the system requires you to enter at least one uppercase character, some regular characters , and at least one number.
For example : Tksh48k .

Now samba will generate all the necessary db files , setup the necessary groups , users etc for this domain.

Next step we create the directory for our Roaming Profiles

mkdir /home/Profiles

And make sure our /etc/samba4/smb.conf looks like this :

     workgroup = HOME
     realm = HOME.LAN
     netbios name = SAMBA4
     server role = active directory domain controller
     dns forwarder =
     idmap_ldb:use rfc2307 = yes

     path = /var/lib/samba4/sysvol/home.lan/scripts
     read only = No

    path = /var/lib/samba4/sysvol
    read only = No

    path = /home/Profiles/
    read only = No

If memory servers right you only need to add [Profiles] to your config file, everything else should already be there, I'm just posting my config
just in case.

STEP 6 - Configure Kerberos , Hosts, Resolv

Samba already generated the necessary Kerberos conf file for us , we only need to move it to the right place, but just in case something bad
could happen, we backup original Kerberos conf file.

mv /etc/krb5.conf /etc/krb5.conf.original
cp /var/lib/samba4/private/krb5.conf /etc/krb5.conf

Next step is to alter our hosts file it should look like this for the current test system :

CODE localhost localhost.localdomain localhost4 localhost4.localdomain4 samba4.home.lan samba4
::1  localhost localhost.localdomain localhost6 localhost6.localdomain6

Then the resolv conf should look like this for the current test system :

domain homa.lan
search home.lan
nameserver - this is Google, for TESTING ONLY , please play nice and later use your own DNS server, or the ISP's .


Robert Becskei
May the source be with us!
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
Go to the top of the page
+Quote Post

Posts in this topic

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 20th July 2018 - 11:23 PM