Create an Active Directory Infrastructure with Samba4 on Ubuntu – Part 1

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

69 Responses

  1. Attila Ruzsinszky says:


    It was the best doc for Samba AD DC!
    I tried to this description in my notebook with LXD containers, so not everything was trivial. (xattr + LXD!)

    I followed step-by-step and some things are not clear:

    0. The Kerberos example screenshots are almost unreadable (and that was the most problematic part of the setup for me). I haven’t used Kerberos, yet.
    1. Why do I need A record for domain itself? I don’t have.
    2. Where are these records? In my DNS server or AD?

    $ host –t SRV _kerberos._udp.tecmint.lan  # UDP Kerberos SRV record
    $ host -t SRV _ldap._tcp.tecmint.lan # TCP LDAP SRV record

    Are those a must? They don’t have,too.

    With this Samba AD DC I want to setup a user auth system for Win10 and Squid+SquidGuard using NTLM with SSO. I found squid normal plain text auth system – htpasswd – not accept UTF-8 characters, so the Win “long” (or full) name login ID not working and I don’t want two different ids for login and squid. I very hope it will work shortly.

  2. James says:

    Great guide! I did have a question: I currently run DHCP on my Windows AD controller too. Could I also run DHCP on an Ubuntu using the documentation on AND still manage it with the RSAT tools in Windows?

    • Matei Cezar says:

      You cannot control in any a Linux dhcp server via RSAT. They have different inplementations in Linux and Windows, altough they offer the same services. In linux you can manage the server from cli and through its config files. However, you can setup both dhcp servers to assign ip addresses for your network, but use different network ranges and setup only one server as authorative.

    • Attila Ruzsinszky says:

      It doesn’t work.

      I think and I can see from the log the problem is in DNS. Because of dnsmasq is a very simple server and I don’t know which records need.

  3. Rafael Pereira says:

    Congratulations!! Thanks a lot!!!

  4. Pat says:

    What a great article! Quick question. I had this running nicely for a while, but all of a sudden, my Windows 7 hosts cannot connect to shares in the AD anymore. I haven’t touched anything on the settings side of things.

    Are you aware of an update that might have broken things? My Mac hosts are still happily connecting with their domain accounts, but any windows 7 hosts just keep prompting for the password without allowing connection.

    • Matei Cezar says:

      It can be some update issues with windows file sharing clients. Consult Microsoft docs and verify if samba SMBv1 has been disabled in Windows client, after applying wannacry updates.

      • Pat says:

        Thanks for the reply Matei. It turns out it was user error.

        The servers I was trying to connect to had been reconfigured in the DNS and there was a mistake with the CNAME and A Record being inverted. Simply fixing the DNS resolved the issue.

        I’m surprised it worked for so long after changing the DNS, I assume the entries were cached.

  5. Chris Restemayer says:

    kinit [email protected]

    Everything worked all the way up until that point. That command doesn’t work for me. It rejects the password. This is a fresh install. I’ve put one, and only one, password on this computer, and that doesn’t work, so I have no idea what its asking for here.

    I’ve tried the one password that I’ve actually set; I’ve tried leaving it blank; I’ve tried “password,” “administrator,” and “admin.” I’m out of ideas. What is this default password? More importantly, how do I root change the password.

    Kpassword demands the old password, which I obviously don’t have.

  6. Bas Auer says:

    Hi Matei,

    Yet again a great manual. You make admin life a lot easier!

    I have a question. Do you know when Ubuntu will release a more up to date samba4 version. The version which is installed with Ubuntu 16.04.3 LTS is version 4.3.11-Ubuntu. Samba 4 version 4.3.11 is already EOL since 2017-03-07.

    Or does Ubuntu maintain this version till the EOL of Ubuntu 16.04?

    • Matei Cezar says:

      You should check out on Ubuntu launchpad. I don’t know what Ubuntu is planning with maintaining their versions of the samba project.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *