Membuat Active Directory Domain Controller Server di Ubuntu Server 18.04 Menggunakan Samba
Setup
1 Konfigurasi IP Address menggunakan Netplan.
$ nano /etc/netplan/50-cloud-init.yaml
------------------------------------------------------------------
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
addresses: []
dhcp4: true
enp0s8:
dhcp4: no
dhcp6: no
addresses:
- 192.168.1.1/24
nameservers:
search: [ubuntu.local]
addresses: [192.168.1.1, 8.8.8.8]
------------------------------------------------------------------
2. Konfigurasi hostname.
$ nano /etc/hosts
------------------------------------------------------------------
192.168.1.1 server.ubuntu.local server
------------------------------------------------------------------
$ hostname
$ hostname -f
3. Hapus cloud-init.
$ apt remove cloud-init
4. Stop servis systemd-resolved.
$ systemctl disable systemd-resolved
$ systemctl stop systemd-resolved
5. Konfigurasi DNS.
$ nano /etc/resolv.conf
------------------------------------------------------------------
search ubuntu.local
nameserver 192.168.1.1
nameserver 8.8.8.8
------------------------------------------------------------------
6. Update & Upgrade.
$ apt update && apt upgrade
7. Install paket software yang dibutuhkan.
# acl
# attr
# autoconf
# bind9utils
# bison
# build-essential
# debhelper
# dnsutils
# docbook-xml
# dockbook-xsl
# flex
# gdb
# libjansson-dev
# krb5-user
# libacl1-dev
# libaio-dev
# libarchive-dev
# libattr1-dev
# libblkid-dev
# libbsd-dev
# libcap-dev
# libcups2-dev
# libgnutls28-dev
# libgpgme-dev
# libjson-perl
# libldap2-dev
# libncurses5-dev
# libpam0g-dev
# libparse-yapp-perl
# libpopt-dev
# libreadline-dev
# nettle-dev
# perl
# perl-modules
# pkg-config
# python-all-dev
# python-crypto
# python-dbg
# python-dev
# python-dnspython
# python3-dnspython
# python-markdown
# python3-markdown
# python3-dev
# xsltproc
# zlib1g-dev
# liblmdb-dev
# lmdb-utils
# bind9
# ntp
8. Download & Compile Samba4.
$ cd /opt/
$ wget -c https://download.samba.org/pub/samba/samba-latest.tar.gz
$ tar -xzvf samba-latest.tar.gz
$ cd samba-*/
$ ./configure.developer
$ make
$ make install
9. Provision.
$ /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
------------------------------------------------------------------
Realm: UBUNTU.LOCAL
Domain: UBUNTU
Server Role: dc
DNS Backend: BIND9_DLZ
------------------------------------------------------------------
10. Verifikasi Samba yang sudah terinstall.
$ /usr/local/samba/sbin/samba --version
$ /usr/local/samba/sbin/samba
$ ps aux | grep samba
// Untuk stop Samba
$ pkill samba
11. Membuat Samba bisa running secara otomatis.
$ nano /etc/init.d/samba4
------------------------------------------------------------------
#! /bin/bash -e
### BEGIN INIT INFO
# Provides: samba
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Samba
# Description: Samba Domain controller
# scheduler
### END INIT INFO
#
#
#
set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/local/samba/sbin/samba
test -x $DAEMON || exit 0
case "$1" in
start)
echo -ne "Starting Samba" "samba \n"
$DAEMON -D
;;
stop)
echo -ne "Stopping Samba" "samba \n"
PIDSMB=`ps -e | grep samba | awk '{ print $1 }'`
killall samba
;;
restart)
$0 stop
echo -ne "Sleeping 5 Seconds Before Start: \n"
sleep 5
$0 start
;;
*)
echo "Usage: /etc/init.d/samba {start|stop|restart)"
exit 1
;;
esac
exit 0
------------------------------------------------------------------
$ chmod +x /etc/init.d/samba4
$ update-rc.d samba4 defaults 98 02
$ /etc/init.d/samba4 start
12. Tes Samba menggunakan smbclient.
$ smbclient -L localhost -U%
$ smbclient -L localhost -UAdministrator%Admin123
13. Konfigurasi DNS Server dinamis.
$ nano /etc/bind/named.conf
------------------------------------------------------------------
include "/usr/local/samba/bind-dns/named.conf";
------------------------------------------------------------------
14. Nonaktifkan AppArmor agar tidak crash dengan Samba4.
$ systemctl disable apparmor
$ systemctl stop apparmor
$ ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
$ apparmor_parser -R /etc/apparmor.d/usr.sbin.named
15. Periksa versi bind9. Pastikan versinya di atas 9.8.x. Pastikan juga versinya sama dengan yang ada di file named.conf.
$ dpkg -l bind9
$ named -v
$ cat /usr/local/samba/bind-dns/named.conf
------------------------------------------------------------------
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
------------------------------------------------------------------
16. Restart DNS Server.
$ systemctl restart bind9
$ systemctl status bind9
$ systemctl enable bind9
17. Pastikan DNS Server terkonfigurasi dengan baik.
$ host -t SRV _ldap._tcp.ubuntu.local
$ host -t SRV _kerberos._tcp.ubuntu.local
$ host -t A ubuntu.local
18. Ganti file konfigurasi Kerberos.
$ mv /etc/krb5.conf /etc/krb5.conf.backup
$ cp /usr/local/samba/private/krb5.conf /etc/
19. Tes Kerberos.
$ kinit administrator
$ klist -e
20. Konfigurasi update pada DNS dinamis. Tambahkan baris di atas ‘directory …’.
$ nano /etc/bind/named.conf.options
------------------------------------------------------------------
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
------------------------------------------------------------------
21. Restart bind9.
$ systemctl restart bind9
$ /usr/local/samba/sbin/samba_dnsupdate --verbose
22. Konfigurasi NTP.
$ nano /etc/ntp.conf
------------------------------------------------------------------
pool 0.id.ntp.org iburst
pool 1.id.ntp.org iburst
pool 2.id.ntp.org iburst
pool 3.id.ntp.org iburst
------------------------------------------------------------------
23. Restart & jalankan NTP.
$ systemctl restart ntp
$ systemctl enable ntp
$ systemctl status ntp
$ ntpq -p
//if there's asterisk (*), ntp can be used by client.
Setup on Windows
1 Setup IP Address & DNS. Pastikan primary DNS Server menggunakan IP milik domain controller.
2. Atur waktu agar sinkron dengan server. Gunakan update waktu dari server.ubutu.local.
3. Lakukan join domain. Gunakan akun administrator.
Tidak ada komentar:
Posting Komentar