Selasa, 12 September 2023

DOMAIN CONTROLLER-ubntu 18.04

 

Membuat Active Directory Domain Controller Server di Ubuntu Server 18.04 Menggunakan Samba

 ZAKKY MUHAMMADonLEAVE A COMMENTON MEMBUAT ACTIVE DIRECTORY DOMAIN CONTROLLER SERVER DI UBUNTU SERVER 18.04 MENGGUNAKAN SAMBA
Ubuntu Server 18.04

Setup

1 Konfigurasi IP Address menggunakan Netplan.

$ nano /etc/netplan/50-cloud-init.yaml
------------------------------------------------------------------
network:
 		version: 2
 		renderer: networkd
		ethernets: 
			enp0s3:
				addresses: []
				dhcp4: true
			enp0s8:
				dhcp4: no
				dhcp6: no
				addresses:
					- 192.168.1.1/24
				nameservers:
					search: [ubuntu.local]
					addresses: [192.168.1.1, 8.8.8.8]
------------------------------------------------------------------

2. Konfigurasi hostname.

$ nano /etc/hosts
------------------------------------------------------------------
192.168.1.1	server.ubuntu.local	server
------------------------------------------------------------------ 
$ hostname
$ hostname -f

3. Hapus cloud-init.

$ apt remove cloud-init

4. Stop servis systemd-resolved.

$ systemctl disable systemd-resolved
$ systemctl stop systemd-resolved

5. Konfigurasi DNS.

$ nano /etc/resolv.conf
------------------------------------------------------------------
search ubuntu.local
nameserver 192.168.1.1
nameserver 8.8.8.8
------------------------------------------------------------------

6. Update & Upgrade.

$ apt update && apt upgrade

7. Install paket software yang dibutuhkan.

# acl
# attr
# autoconf
# bind9utils
# bison
# build-essential
# debhelper
# dnsutils
# docbook-xml
# dockbook-xsl
# flex
# gdb
# libjansson-dev
# krb5-user
# libacl1-dev
# libaio-dev
# libarchive-dev
# libattr1-dev
# libblkid-dev
# libbsd-dev
# libcap-dev
# libcups2-dev
# libgnutls28-dev
# libgpgme-dev
# libjson-perl
# libldap2-dev
# libncurses5-dev
# libpam0g-dev
# libparse-yapp-perl
# libpopt-dev
# libreadline-dev
# nettle-dev
# perl
# perl-modules
# pkg-config
# python-all-dev
# python-crypto
# python-dbg
# python-dev
# python-dnspython
# python3-dnspython
# python-markdown
# python3-markdown
# python3-dev
# xsltproc
# zlib1g-dev
# liblmdb-dev
# lmdb-utils
# bind9
# ntp

8. Download & Compile Samba4.

$ cd /opt/
$ wget -c https://download.samba.org/pub/samba/samba-latest.tar.gz
$ tar -xzvf samba-latest.tar.gz
$ cd samba-*/
$ ./configure.developer
$ make
$ make install

9. Provision.

$ /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
------------------------------------------------------------------
Realm: UBUNTU.LOCAL
Domain: UBUNTU
Server Role: dc
DNS Backend: BIND9_DLZ
------------------------------------------------------------------

10. Verifikasi Samba yang sudah terinstall.

$ /usr/local/samba/sbin/samba --version
$ /usr/local/samba/sbin/samba
$ ps aux | grep samba

// Untuk stop Samba
$ pkill samba

11. Membuat Samba bisa running secara otomatis.

$ nano /etc/init.d/samba4
------------------------------------------------------------------
#! /bin/bash -e
### BEGIN INIT INFO
# Provides:          samba
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Samba
# Description:       Samba Domain controller
#                    scheduler
### END INIT INFO
#
#
#
set -e

PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/local/samba/sbin/samba

test -x $DAEMON || exit 0

case "$1" in
     start)
          echo -ne "Starting Samba" "samba \n"
          $DAEMON -D
        ;;
      stop)
          echo -ne "Stopping Samba" "samba \n"
          PIDSMB=`ps -e | grep samba | awk '{ print $1 }'`
          killall samba
        ;;
      restart)
          $0 stop
          echo -ne "Sleeping 5 Seconds Before Start: \n"
          sleep 5
          $0 start
     ;;
  *)
     echo "Usage: /etc/init.d/samba {start|stop|restart)"
     exit 1
     ;;
 esac

 exit 0
------------------------------------------------------------------

$ chmod +x /etc/init.d/samba4
$ update-rc.d samba4 defaults 98 02
$ /etc/init.d/samba4 start

12. Tes Samba menggunakan smbclient.

$ smbclient -L localhost -U%
$ smbclient -L localhost -UAdministrator%Admin123

13. Konfigurasi DNS Server dinamis.

$ nano /etc/bind/named.conf
------------------------------------------------------------------
include "/usr/local/samba/bind-dns/named.conf";
------------------------------------------------------------------

14. Nonaktifkan AppArmor agar tidak crash dengan Samba4.

$ systemctl disable apparmor
$ systemctl stop apparmor
$ ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
$ apparmor_parser -R /etc/apparmor.d/usr.sbin.named

15. Periksa versi bind9. Pastikan versinya di atas 9.8.x. Pastikan juga versinya sama dengan yang ada di file named.conf.

$ dpkg -l bind9
$ named -v

$ cat /usr/local/samba/bind-dns/named.conf
------------------------------------------------------------------
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
------------------------------------------------------------------

16. Restart DNS Server.

$ systemctl restart bind9
$ systemctl status bind9
$ systemctl enable bind9

17. Pastikan DNS Server terkonfigurasi dengan baik.

$ host -t SRV _ldap._tcp.ubuntu.local
$ host -t SRV _kerberos._tcp.ubuntu.local
$ host -t A ubuntu.local

18. Ganti file konfigurasi Kerberos.

$ mv /etc/krb5.conf /etc/krb5.conf.backup
$ cp /usr/local/samba/private/krb5.conf /etc/

19. Tes Kerberos.

$ kinit administrator
$ klist -e

20. Konfigurasi update pada DNS dinamis. Tambahkan baris di atas ‘directory …’.

$ nano /etc/bind/named.conf.options
------------------------------------------------------------------
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
------------------------------------------------------------------

21. Restart bind9.

$ systemctl restart bind9
$ /usr/local/samba/sbin/samba_dnsupdate --verbose

22. Konfigurasi NTP.

$ nano /etc/ntp.conf
------------------------------------------------------------------
pool 0.id.ntp.org iburst
pool 1.id.ntp.org iburst
pool 2.id.ntp.org iburst
pool 3.id.ntp.org iburst
------------------------------------------------------------------

23. Restart & jalankan NTP.

$ systemctl restart ntp
$ systemctl enable ntp
$ systemctl status ntp

$ ntpq -p
//if there's asterisk (*), ntp can be used by client.

Setup on Windows

1 Setup IP Address & DNS. Pastikan primary DNS Server menggunakan IP milik domain controller.

2. Atur waktu agar sinkron dengan server. Gunakan update waktu dari server.ubutu.local.

3. Lakukan join domain. Gunakan akun administrator.

Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)