Membangun Active Directory / Domain Controller menggunakan BlankOn & Samba4

Posted on


Berikut adalah langkah-langkah instalasi dan konfigurasi membuat Active Directory / Domain Controller menggunakan  SAMBA4 di Linux BlankOn, tutorial ini didemokan saat BlanKonf4.

Install software-software yang dibutuhkan :

# apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev 
libgnutls-dev  libreadline-dev python-dev python-dnspython gdb pkg-config 
libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user

1. Konfigurasi Samba4

Download, extract, install dan lakukan konfigurasi

# cd /usr/local/src
# wget http://ftp.samba.org/pub/samba/rc/samba-4.0.0rc5.tar.gz
# tar -xvf samba-4.0.0rc5.tar.gz
# cd samba-4.0.0rc5
# ./configure --enable-debug --enable-selftest
# make
# make install

Provisioning domain, sesuaikan dengan nama domain Anda

# /usr/local/samba/bin/samba-tool domain provision --realm=blankonf.blankon.in 
--domain=BLANKONF --adminpass='p@ssw0rd' --server-role=dc --dns-backend=BIND9_DLZ

Jalankan samba4, “-d3” melambangkan debug level, semakin tinggi nilainya maka semakin detail debug yang ditampilkan

# /usr/local/samba/sbin/samba -i -M single -d3

Testing menggunakan smbclient

# /usr/local/samba/bin/smbclient -L localhost -U%
Domain=[BLANKONF] OS=[Unix] Server=[Samba 4.0.0rc5]

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk
	sysvol          Disk
	profiles        Disk
	share           Disk      Sharing Data
	IPC$            IPC       IPC Service (Samba 4.0.0rc5)
Domain=[BLANKONF] OS=[Unix] Server=[Samba 4.0.0rc5]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------
# smbclient //localhost/netlogon -UAdministrator%'p@ssw0rd' -c 'ls'
Domain=[BLANKONF] OS=[Unix] Server=[Samba 4.0.0rc5]
  .                                   D        0  Tue Nov 27 16:55:37 2012
  ..                                  D        0  Tue Nov 27 16:55:52 2012

		48991 blocks of size 131072. 14072 blocks available

Testing membuat user via samba

# /usr/local/samba/bin/samba-tool user add demo1

Check user yang barusan dibuat

# /usr/local/samba/bin/wbinfo -u
Administrator
Guest
krbtgt
dns-samba
demo1

2. Konfigurasi Bind untuk DNS

Setting berkas network interface, sesuaikan dengan domain dan network environtment Anda

# vi /etc/network/interfaces
auto lo
iface lo inet loopback

iface eth0 inet static
address 192.168.1.4
netmasks 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.4
dns-search blankonf.blankon.in

Install Bind9

# apt-get install bind9
# vi /etc/resolv.conf
domain blankonf.blankon.in
nameserver 192.168.1.4

# vi /etc/bind/named.conf
include "/usr/local/samba/private/named.conf";

# vi /etc/default/bind9
RESOLVCONF=no
OPTIONS="-4 -u bind"

Periksa konfigurasi Bind, jika tidak ada error maka konfigurasi Anda sudah benar

# named-checkconf

Restart service Bind

# /etc/init.d/bind9 restart

3. Konfigurasi Kerberos

Salin tempel berkas konfigurasi “krb5.conf”

# mv /etc/krb5.conf /etc/krb5.conf.orig
# cp /usr/local/samba/share/setup/krb5.conf /etc/

Ganti ${REALM} dengan nama domain Anda

# vi /etc/krb5.conf
[libdefaults]
default_realm = BLANKONF.BLANKON.IN
dns_lookup_realm = false
dns_lookup_kdc = true

Testing Bind dan Kerberos, jika hasilnya error, silakan periksa kembali konfigurasinya.

# host -t A samba.blankonf.blankon.in.
samba.blankonf.blankon.in has address 192.168.1.4

# host -t SRV _ldap._tcp.blankonf.blankon.in.
_ldap._tcp.blankonf.blankon.in has SRV record 0 100 389 samba.blankonf.blankon.in.

# host -t SRV _kerberos._udp.blankonf.blankon.in.
_kerberos._udp.blankonf.blankon.in has SRV record 0 100 88 samba.blankonf.blankon.in.

Konfigurasi dynamic DNS update Bind via kerberos

# vi /etc/bind/named.conf.options
options {
	directory "/var/cache/bind";
	dnssec-validation auto;
	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
	tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

Testing kerberos

# kinit administrator@BLANKONF.BLANKON.IN
Password for administrator@BLANKONF.BLANKON.IN:
Warning: Your password will expire in 36 days on Tue Jan  8 16:55:50 2013
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@BLANKONF.BLANKON.IN

Valid starting     Expires            Service principal
12/03/12 16:48:27  12/04/12 02:48:27  krbtgt/BLANKONF.BLANKON.IN@BLANKONF.BLANKON.IN
renew until 12/04/12 16:48:22

Buat init script untuk start/stop/restart samba4

# wget http://anonscm.debian.org/loggerhead/pkg-samba/samba4/unstable/download/head:/1833%40fc4039ab-9d04-0410-8cac-899223bdd6b0:trunk%252Fsamba4:debian%252Fsamba4.init/samba4.init -O /etc/init.d/samba4
# sed -i 's|/usr/sbin|/usr/local/samba/sbin|g' /etc/init.d/samba4
# chmod 755 /etc/init.d/samba4
# update-rc.d samba4 defaults

Jika semua langkah diatas sudah berjalan normal, tinggal testing join domain, setting GPO dll.

Referensi : Samba4/HOWTO

2 thoughts on “Membangun Active Directory / Domain Controller menggunakan BlankOn & Samba4

    arief said:
    March 10, 2015 at 5:56 pm

    Mas saya mencoba error : Host _ldap._tcp.sdxidubuntu.com. not found: 3(NXDOMAIN)
    Kenapa yah? Thanks

      invaleed responded:
      March 10, 2015 at 6:10 pm

      Coba diikutin lagi step2nya, terutama step 2. Konfigurasi Bind untuk DNS🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s