Ubuntu as a Domain Controller

In this guide, we will be setting up Ubuntu as a domain controller with kerberos and samba.

sudo apt update && sudo apt upgrade -y
sudo passwd root
sudo hostnamectl set-hostname srv

At this point create one password for the user ‘root‘, because you will have to proceed as ‘su‘ instead of the command ‘sudo‘. Then switch to root user:

su
apt-get install samba krb5-config winbind net-tools smbclient -y

Three questions will popup. Answer the Default Kerberos v5 realm in UPPERCASE:

COMPANY.COM

Than answer twice in lowercase the FQDN for the server of your domain:

srv.company.com

Issue the command below, but replace the IP ‘10.0.2.254‘ with your ‘srv‘ IP and domain name:

echo '10.0.4.254 srv srv.company.com' >> /etc/hosts

Issue the commands to start a new Samba configuration:

mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp
samba-tool domain provision

For the DNS Forward, we are going to use the Google Public DNS Server (‘8.8.8.8‘).

Set the password to the user ‘Administrator‘

Finally, enable and start the service -

cp /var/lib/samba/private/krb5.conf /etc/
systemctl disable --now smbd nmbd winbind systemd-resolved
systemctl unmask samba-ad-dc.service
systemctl enable --now samba-ad-dc.service
samba-tool domain level show

rm /etc/resolv.conf
echo 'nameserver 127.0.0.1' >> /etc/resolv.conf

Some useful samba-tool commands

sudo samba-tool user list
sudo samba-tool user create UserName
sudo samba-tool user delete UserName
sudo samba-tool user disable UserName
sudo samba-tool user enable UserName
sudo samba-tool user setpassword UserName
sudo samba-tool user setexpiry UserName --days=30
sudo samba-tool group list
sudo samba-tool group listmembers GroupName
sudo samba-tool group add GroupName
sudo samba-tool group delete GroupName
sudo samba-tool group addmembers GroupName UserName
sudo samba-tool group removemembers GroupName UserName
sudo samba-tool computer list

sudo samba-tool group add –h
sudo samba-tool user add -h
sudo samba-tool user add domainName --given-name=givenName --surname=surName --mail-address=userName@example.com --login-shell=/bin/bash
sudo samba-tool domain passwordsettings show
sudo samba-tool domain passwordsettings set -h
sudo samba-tool gpo listall
sudo samba-tool drs showrepl
sudo samba-tool dns -help
sudo samba-tool dns query 10.0.0.1 example.com zone A -U Administrator
sudo samba-tool dns zonecreate domain.local 0.0.10.in-addr.arpa -U Administrator
sudo samba-tool processes
sudo samba-tool visualize ntdsconn
sudo samba-tool visualize reps

netplan example

network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      addresses:
        - 192.168.227.135/24
      nameservers:
        search: [COMPANY.COM]
        addresses: [192.168.227.131, 1.1.1.1]
      routes:
        - to: default
          via: 192.168.227.2