Difference between revisions of "Howto Add a Samba4 Domain Controller"
Jump to navigation
Jump to search
(→Wordpress: Finishing out wordpress settings) |
|||
Line 53: | Line 53: | ||
{| | {| | ||
− | |Server ||Domain Controllers ||auth. | + | |Server || Domain Controllers || auth.pumpingstationonei.org |
|- | |- | ||
− | | | + | | || Base DN ||cn=Users,dc=ad,dc=pumpingstationone,dc=org |
− | |Base DN | ||
− | |cn=Users,dc=ad,dc=pumpingstationone,dc=org | ||
|- | |- | ||
− | |User | + | |User || Account Suffix || @ad.pumpingstationone.org |
− | |Account Suffix | + | |- |
− | |@ad.pumpingstationone.org | + | | || Automatic User Creation || check |
+ | |- | ||
+ | | || Automatic User Update || check | ||
+ | |- | ||
+ | | || Prevent Email Change || check (maybe not, might be an easy way for users to update email address) | ||
+ | |- | ||
+ | |Authorization || Role Equivalent Groups || Domain Admins=administrator | ||
+ | |- | ||
+ | |Security || User Notification || check | ||
|} | |} |
Revision as of 05:46, 12 April 2013
DNS Records
- Set an A record for auth.pumpingstationone.org
- Set a NS record for ad.pumpingstationone.org to auth.pumpingstationone.org
Host Setup
echo "auth.pumpingstationone.org" > /etc/hostname add 66.228.35.181 auth.ad.arbitrarion.com auth to beginning of /etc/hosts
Samba
There is no stable, working version of Samba 4 shipping with ubuntu. You have to download it from source for now. As of writing, version 4.0.5 works
git clone -b v4-0-stable git://git.samba.org/samba.git samba ./configure make make install
Provisioning
/usr/local/samba/bin/samba-tool domain provision --realm=ad.pumpingstationone.org --domain=PS1 --server-role=dc
Make a note of the admin password. You may need it later.
Kerberos
apt-get install kerberos
/etc/krb5.conf
[libdefaults] default_realm = AD.ARBITRARION.COM dns_lookup_realm = false dns_lookup_kdc = true
Adding Users
To create the user "hef" and set the user password, use the following command:
/usr/local/samba/bin/samba-tool user add hef
To add the user "hef" to the "Domain Admins" group, use the following command:
/usr/local/samba/bin/samba-tool group addmembers "Domain Admins" hef
Services
Wordpress
- Log in as admin user.
- Install the active-directory-integration plugin.
Under Settings >> Active Directory Integration set the following:
Server | Domain Controllers | auth.pumpingstationonei.org |
Base DN | cn=Users,dc=ad,dc=pumpingstationone,dc=org | |
User | Account Suffix | @ad.pumpingstationone.org |
Automatic User Creation | check | |
Automatic User Update | check | |
Prevent Email Change | check (maybe not, might be an easy way for users to update email address) | |
Authorization | Role Equivalent Groups | Domain Admins=administrator |
Security | User Notification | check |