Samba4 can act as an Active Directory Domain Controller. Setting it up is a bit cumbersome, but here I have done most of the work for you. The link below leads to a VirtualBox VM exported using OVA format. The virtual machine runs Debian8. The root password is “Passw0rd”. That's a zero instead of an o.
Before you use the virtual machine, you will probably want to change the server name, domain, IP address, etc. As far as I know there is no GUI or script to easily change these values. You must edit the configurations files. Below are the instructions for customizing the VM.
1. decide on your server parameters. For this example I will use:
Hostname: Server IP: 192.168.3.94 DC is also DNS server: no forwarder DNS server: 192.168.3.1 Domain Information NT4 domain name: SAMBADOMAIN DNS Domain name: sambadomain.example.com kerberos realm: SAMBADOMAIN.EXAMPLE.COM Administrator password: Passw0rd
2. Set the hostname
# echo Server > /etc/hostname
3. You must delete the existing smb.conf file otherwise the samba-tool script will generate an error message:
# rm -fr /etc/samba/smb.conf
4. Run the samba-tool domain provision script, see step 5 regarding answers to the script's questions.
# samba-tool domain provision --use-rfc2307 --interactive
5. samba-tool will require input. Given my example configuration in item 1, the input is:
Realm: SAMBADOMAIN.EXAMPLE.COM Domain: SAMBADOMAIN Server Role: dc DNS backend: SAMBA_INTERNAL DNS forwarder IP address: 192.168.3.1 Administrator Password: Passw0rd
6. The samba-tool script generates a new krb5.conf file. Copy the krb.conf file to /etc
# cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
7. Add your server name as a loopback address in /etc/hosts:
127.0.0.1 Server.sambadomain.example.com Server
8. Edit /etc/network/interfaces to set your static IP address
9. Verify the time. If necessary edit the /etc/timezone file and restart the ntpd server. The domain controller and windows clients must have the same time or the windows client will fail to connect to the domain controller. Windows will say bad username/password but it is actually the clock.
10. Reboot the AD DC Virtual machine
11. The virtual machine doesn't generate enough entropy to initialize a kerberos realm. So I cheat and use the haveged tool. It is in the /root home directory. Start the haveged server to create entropy:
# /root/haveged-1.9.1/src/haveged -w 1024
12. Create a new kerberos realm
13. Add the domain and IP addresses to /etc/resolv.conf :
search sambadomain.example.com domain sambadomain.example.com nameserver 192.168.3.94 nameserver 192.168.3.1
15. Test samba
# smbclient -L localhost -U% ... # smbclient //localhost/netlogon -UAdministrator -c 'ls'
16. Test dns
# host -t SRV _ldap._tcp.samdom.example.com. # host -t SRV _kerberos._udp.samdom.example.com. # host -t A dc1.samdom.example.com.
17. Join a Windows 7 Pro machine to the domain.