Oke, untuk artikel ini, tidak jauh berbeda dengan artikel sebelumnya yakni membangun active directory linux berbasis samba. bedanya hanya disini instalasi samba menggunakan source yang kemudian kita kompile sendiri, kemudian DNS yang digunakan adalah Bind9, tidak menggunakan Samba Internal DNS seperti pada artikel sebelumnya. oke langsung saja berikut caranya ;
Contents
Information System
Sistem Operasi = Ubuntu 18.04 Server
Samba versi = Samba 14.13.4
IP Address Server = 192.168.15.55/24
Gateway = 192.168.15.1
DNS Server = 192.168.15.55, 8.8.8.8
Hostname = samba4.ombangambing.com
Domain = ombangambing.com
Konfigurasi Operating Sistem
Konfigurasi Network
pada ubuntu 18.04, konfigurasi network seperti berikut ;
|
1 |
# nano /etc/netplan/50-cloud-init.yaml |
lalu berikut konfigurasi IP addressnya;
|
1 2 3 4 5 6 7 8 9 10 |
network: ethernets: ens160: dhcp4: false addresses: - 192.168.15.55/24 gateway4: 192.168.15.1 nameservers: addresses: [192.168.15.55, 8.8.8.8] version: 2 |
kemudian test apakah konfigurasi sudah benar, dengan cara ketikkan netplan try , Kemudian Tekan Enter ;
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# netplan try Warning: Stopping systemd-networkd.service, but it can still be activated by: systemd-networkd.socket Do you want to keep these settings? Press ENTER before the timeout to accept the new configuration <TEKAN ENTER> Changes will revert in 120 seconds Configuration accepted |
Note : Jika setelah tekan Enter muncul tulisan “Configuration Accepted”, artinya konfigurasi sudah benar.
|
1 |
# netplan apply |
setelah itu, lakukan pengecekkan apakah IP sudah sesuai dengan konfigurasi, dengan cara ;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# ifconfig -a ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.15.55 netmask 255.255.255.0 broadcast 192.168.15.255 inet6 fe80::250:56ff:fe9c:90ac prefixlen 64 scopeid 0x20<link> ether 00:50:56:9c:90:ac txqueuelen 1000 (Ethernet) RX packets 421771 bytes 445292962 (445.2 MB) RX errors 0 dropped 30154 overruns 0 frame 0 TX packets 250003 bytes 27056531 (27.0 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 10416 bytes 1301999 (1.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10416 bytes 1301999 (1.3 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
Atau bisa juga menggunakan ip addr ;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:50:56:9c:90:ac brd ff:ff:ff:ff:ff:ff inet 192.168.15.55/24 brd 192.168.15.255 scope global ens160 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe9c:90ac/64 scope link valid_lft forever preferred_lft forever |
konfigurasi network sudah selesai.
Konfigurasi /ETC/HOSTS
lakukan konfigurasi /etc/hosts seperti berikut;
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# nano /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.15.55 samba4.ombangambing.com samba4 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts |
lalu save dengan tekan ctrl + x kemudian tekan Y.
Konfigurasi Hostname
Untuk konfigurasi hostname jalankan perintah berikut ;
|
1 |
# hostnamectl set-hostname samba4.ombangambing.com |
setelah itu, lakukan pengecekkan perubahannya dengan cara ;
|
1 2 |
# hostname # hostname -f |
Namun konfigurasi hostname diatas akan otomatis berubah ketika dilakukan restart. Perubahan tersebut dilakukan secara otomatis oleh cloud-init. maka dari itu service cloud-init bisa di uninstall. dengan cara ;
|
1 |
# apt remove cloud-init |
Konfigurasi /ETC/RESOLV.CONF
Pada Ubuntu 18.04 terdapat services systemd-resolved. services ini sudah otomatis running dan menggunakan port 53 UDP. Dikarenakan port 53 UDP tersebut akan digunakan oleh Bind9, maka lakukan disable service tersebut dan konfigurasi /etc/resolve.conf secara manual.
|
1 2 3 4 |
~# systemctl disable systemd-resolved ~# systemctl stop systemd-resolved ~# rm /etc/resolv.conf ~# nano /etc/resolv.conf |
|
1 2 3 4 5 6 |
~# nano /etc/resolv.conf search ombangambing.com nameserver 192.168.15.55 nameserver 8.8.8.8 nameserver 8.8.4.4 |
kemudian save file dengan cara tekan ctrl + x, kemudian tekan Y.
Update & Upgrade Pakage
Agar sistem yang digunakan lebih uptodate, lakukan update dan upgrade ubuntu pakage sebelum masuk pada proses berikutnya;
|
1 |
# apt update -y && apt upgrade -y |
oke, jika sudah, lanjut ke instalasi samba4.
Instalasi Samba4
Pada Instalasi Samba4 menggunakan resource langsung dari Samba, perlu dilakukan pengecekkan dan perhatian sebelum melakukan instalasi. karena berbeda versi samba dan versi OS yang diinstall, mempunyai pakage depedensi yang berbeda, maka penting terlebih dahulu mencari informasi dulu ke website samba. :).
Instalasi Depedensi Samba4
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# apt-get -y install \ acl \ apt-utils \ attr \ autoconf \ bind9utils \ binutils \ bison \ build-essential \ ccache \ chrpath \ curl \ debhelper \ dnsutils \ docbook-xml \ docbook-xsl \ flex \ gcc \ gdb \ git \ glusterfs-common \ gzip \ heimdal-multidev \ hostname \ htop \ krb5-config \ krb5-kdc \ krb5-user \ language-pack-en \ lcov \ libacl1-dev \ libarchive-dev \ libattr1-dev \ libavahi-common-dev \ libblkid-dev \ libbsd-dev \ libcap-dev \ libcephfs-dev \ libcups2-dev \ libdbus-1-dev \ libglib2.0-dev \ libgnutls28-dev \ libgpgme11-dev \ libicu-dev \ libjansson-dev \ libjs-jquery \ libjson-perl \ libkrb5-dev \ libldap2-dev \ liblmdb-dev \ libncurses5-dev \ libpam0g-dev \ libparse-yapp-perl \ libpcap-dev \ libpopt-dev \ libreadline-dev \ libsystemd-dev \ libtasn1-bin \ libtasn1-dev \ libunwind-dev \ lmdb-utils \ locales \ lsb-release \ make \ mawk \ mingw-w64 \ patch \ perl \ perl-modules \ pkg-config \ procps \ psmisc \ python3 \ python3-cryptography \ python3-dbg \ python3-dev \ python3-dnspython \ python3-gpg \ python3-iso8601 \ python3-markdown \ python3-matplotlib \ python3-pexpect \ python3-pyasn1 \ rng-tools \ rsync \ sed \ sudo \ tar \ tree \ uuid-dev \ wget \ xfslibs-dev \ xsltproc \ zlib1g-dev \ bind9 # apt-get -y autoremove # apt-get -y autoclean # apt-get -y clean |
Download Pakage Samba4
Download samba4 pada website https://download.samba.org/pub/samba/stable/samba-latest.tar.gz dan pilih file tarball samba4 versi terakhir atau latest release. berukut caranya ;
|
1 2 3 4 5 6 |
# cd /opt # wget -c https://download.samba.org/pub/samba/samba-4.13.4.tar.gz atau # wget -c https://download.samba.org/pub/samba/samba-latest.tar.gz # tar -zxvf samba-4.13.4.tar.gz # cd samba-4.13.4 |
Install Samba4
Untuk melakukan instal, berikut perintahnya ;
|
1 2 3 |
# ./configure.developer # make # make install |
tunggu proses instalasi selesai, butuh wakktu yang cukup lama untuk ubuntu melakukan instalasi.
NOTE : kesuksesan dalam proses install samba4, tergantung dengan proses install pakage depedensi sebelumnya, masing-masing versi pada samba4, bisa saja memiliki file depedensi yang berbeda, maka pastikan dan perhatikan versi OS dan versi samba yang digunakan. kemudian cari informasi pada website samba. sebagai berikut ;
tepatnya pada bagian ini ;
Provisioning Samba4
Provisioning ini adalah proses menjadikan samba 4 sebagai Active Directory atau Domain Controller (tergantung saat melakukan provisioning).
Sesuai dengan Informasi Sistem diatas, nama domain yang digunakan adalah OMBANGAMBING.COM. nama Hostname samba4. maka provisioning dapat dilakukan seperti ;
|
1 |
# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive |
berikut contohnhya ;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive Realm [OMBANGAMBING.COM]: OMBANGAMBING.COM Domain [OMBANGAMBING]: OMBANGAMBING Server Role (dc, member, standalone) [dc]: dc DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ Administrator password: Ubuntu123 Retype password: Ubuntu123 INFO 2021-03-01 10:18:50,842 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses INFO 2021-03-01 10:18:50,843 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses WARNING 2021-03-01 10:18:50,844 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned INFO 2021-03-01 10:18:51,290 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2290: Setting up share.ldb INFO 2021-03-01 10:18:51,467 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb INFO 2021-03-01 10:18:51,613 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2299: Setting up the registry INFO 2021-03-01 10:18:51,947 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2302: Setting up the privileges database INFO 2021-03-01 10:18:52,185 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2305: Setting up idmap db INFO 2021-03-01 10:18:52,374 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2312: Setting up SAM db INFO 2021-03-01 10:18:52,437 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings INFO 2021-03-01 10:18:52,438 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE INFO 2021-03-01 10:18:52,483 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs INFO 2021-03-01 10:18:52,615 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1400: Adding DomainDN: DC=ombangambing,DC=com INFO 2021-03-01 10:18:52,674 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1432: Adding configuration container INFO 2021-03-01 10:18:52,764 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1447: Setting up sam.ldb schema INFO 2021-03-01 10:18:57,421 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1465: Setting up sam.ldb configuration data INFO 2021-03-01 10:18:57,660 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1506: Setting up display specifiers INFO 2021-03-01 10:19:00,421 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1514: Modifying display specifiers and extended rights INFO 2021-03-01 10:19:00,476 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1521: Adding users container INFO 2021-03-01 10:19:00,479 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1527: Modifying users container INFO 2021-03-01 10:19:00,480 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1530: Adding computers container INFO 2021-03-01 10:19:00,481 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1536: Modifying computers container INFO 2021-03-01 10:19:00,483 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1540: Setting up sam.ldb data INFO 2021-03-01 10:19:00,700 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1570: Setting up well known security principals INFO 2021-03-01 10:19:00,765 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1584: Setting up sam.ldb users and groups INFO 2021-03-01 10:19:01,209 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #1592: Setting up self join Repacking database from v1 to v2 format (first record CN=Default-Object-Category,CN=Schema,CN=Configuration,DC=ombangambing,DC=com) Repack: re-packed 10000 records so far Repacking database from v1 to v2 format (first record CN=IntellimirrorGroup-Display,CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=ombangambing,DC=com) Repacking database from v1 to v2 format (first record CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=ombangambing,DC=com) INFO 2021-03-01 10:19:04,254 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/sambadns.py #1143: Adding DNS accounts INFO 2021-03-01 10:19:04,368 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/sambadns.py #1177: Creating CN=MicrosoftDNS,CN=System,DC=ombangambing,DC=com INFO 2021-03-01 10:19:04,394 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/sambadns.py #1190: Creating DomainDnsZones and ForestDnsZones partitions INFO 2021-03-01 10:19:04,538 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/sambadns.py #1195: Populating DomainDnsZones and ForestDnsZones partitions Repacking database from v1 to v2 format (first record DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ombangambing,DC=com) Repacking database from v1 to v2 format (first record DC=ForestDnsZones,DC=ombangambing,DC=com) INFO 2021-03-01 10:19:05,630 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/sambadns.py #1277: See /usr/local/samba/bind-dns/named.conf for an example configuration include file for BIND INFO 2021-03-01 10:19:05,631 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/sambadns.py #1279: and /usr/local/samba/bind-dns/named.txt for further documentation required for secure DNS updates INFO 2021-03-01 10:19:05,747 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2026: Setting up sam.ldb rootDSE marking as synchronized INFO 2021-03-01 10:19:05,763 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2031: Fixing provision GUIDs INFO 2021-03-01 10:19:07,699 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2365: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf INFO 2021-03-01 10:19:07,699 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink! INFO 2021-03-01 10:19:08,137 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #2096: Setting up fake yp server settings INFO 2021-03-01 10:19:08,315 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #490: Once the above files are installed, your Samba AD server will be ready to use INFO 2021-03-01 10:19:08,315 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #494: Server Role: active directory domain controller INFO 2021-03-01 10:19:08,316 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #495: Hostname: samba4 INFO 2021-03-01 10:19:08,316 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #496: NetBIOS Domain: OMBANGAMBING INFO 2021-03-01 10:19:08,316 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #497: DNS Domain: ombangambing.com INFO 2021-03-01 10:19:08,316 pid:7162 /usr/local/samba/lib/python3.6/site-packages/samba/provision/__init__.py #498: DOMAIN SID: S-1-5-21-2747010695-1432569596-2287361233 |
Hasil instalasi samba4 diatas berada pada folder “/usr/local/samba/”.
jika sudah selesai dan berhasil, lakukan start dengan cara ;
|
1 |
# /etc/init.d/samba4 start |
untuk melakukan stop service, dapat menggunakan perintah pkill ;
|
1 |
# pkill samba |
Automatic Running Samba Service
Agar otomatis service samba running pada saat setelah booting, maka perlu script untuk menjalankan secara otomatis. scrip ini saya dapat dari mas imanudin dari excellent. melalui http://imanudin.com/wp-content/uploads/2013/08/samba4.txt
Berikut caranya ;
|
1 2 3 4 5 6 7 |
# cd /opt # wget -c http://imanudin.com/wp-content/uploads/2013/08/samba4.txt # mv samba4.txt /etc/init.d/samba4 # chmod +x /etc/init.d/samba4 # update-rc.d samba4 defaults 98 02 # /etc/init.d/samba4 start # /usr/local/samba/sbin/samba --version |
Konfigurasi Dynamic DNS Server
Ada beberapa tahapan dalam konfigurasi Dynamic DNS ;
Edit File /etc/bind/named.conf.
Samba memiliki file named.conf sendiri untuk konfigurasi DNS dengan metode DLZ. tambahkan perintah include “/usr/local/samba/bind-dns/named.conf” ke dalam file named.conf. berikut contohnya ;
|
1 2 3 4 5 6 |
# nano /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/bind-dns/named.conf"; |
kemudian save dengan menekan tombol CTRL + X lalu tekan Y.
Disable Apparmor Service
Apparmor menimbulkan konflik dengan Dynamic DNS.
|
1 2 3 4 |
# systemctl disable apparmor # systemctl stop apparmor # sudo ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/ # sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.named |
Setting DNS Bind9 Service
Kemudian checking versi dari DNS Server Bind9 yang digunakan dengan perintaah dpkg -l bind9 atau named -v. Informasi tentang versi yang digunakan ini berguna untuk memastikan agar samba4 menggunakan bind versi 9.8.x keatas yang sudah mendukung model dynamic dns. Ubuntu yang saya pakkai menggunakan Bind versi 9.11.x. berikut cara ngeceknya ;
# named -V
BIND 9.11.3-1ubuntu1.14-Ubuntu (Extended Support Version) <id:a375815>
running on Linux x86_64 4.15.0-136-generic #140-Ubuntu SMP Thu Jan 28 05:20:47 UTC 2021
built by make with ‘–build=x86_64-linux-gnu’ ‘–prefix=/usr’ ‘–includedir=/usr/include’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–disable-silent-rules’ ‘–libdir=/usr/lib/x86_64-linux-gnu’ ‘–libexecdir=/usr/lib/x86_64-linux-gnu’ ‘–disable-maintainer-mode’ ‘–disable-dependency-tracking’ ‘–libdir=/usr/lib/x86_64-linux-gnu’ ‘–sysconfdir=/etc/bind’ ‘–with-python=python3’ ‘–localstatedir=/’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-gost=no’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-libjson=/usr’ ‘–without-lmdb’ ‘–with-gnu-ld’ ‘–with-geoip=/usr’ ‘–with-atf=no’ ‘–enable-ipv6’ ‘–enable-rrl’ ‘–enable-filter-aaaa’ ‘–enable-native-pkcs11’ ‘–with-pkcs11=/usr/lib/softhsm/libsofthsm2.so’ ‘–with-randomdev=/dev/urandom’ ‘–with-eddsa=no’ ‘build_alias=x86_64-linux-gnu’ ‘CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-kJUjhc/bind9-9.11.3+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE’ ‘LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now’ ‘CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2’
compiled by GCC 7.5.0
compiled with OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
linked to OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with libjson-c version: 0.12.1
linked to libjson-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
juga pastikan pada file named.conf pada bind, menggunakan database Bind 9.11.x. berikut cara ketik perintah “nano /usr/local/samba/bind-dns/named.conf” , Kemudian untuk mengetahui database mana saja yang digunakan Bind yaitu dimana versi yang tidak ditandai dengan tanda komentar “#”;
# nano /usr/local/samba/bind-dns/named.conf
dlz “AD DNS Zone” {
# For BIND 9.8.x
# database “dlopen /usr/local/samba/lib/bind9/dlz_bind9.so”;# For BIND 9.9.x
# database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so”;# For BIND 9.10.x
# database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so”;# For BIND 9.11.x
database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so”;# For BIND 9.12.x
# database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_12.so”;# For BIND 9.14.x
# database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_14.so”;# For BIND 9.16.x
# database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_16.so”;#
};
Maka dapat dilihat, Bind menggunakan Database Bind 9.11.x.
Restart Bind9 Service
lakukan restart DNS Service, caranya ;
|
1 2 3 |
# systemctl restart bind9 # systemctl status bind9 # systemctl enable bind9 |
Setelah restart, lakukan 3 perintah berikut ini untuk mengecek apakah konfigurasi DNS sudah berjalan dengan baik, berikut caranya ;
|
1 2 3 |
# host -t SRV _ldap._tcp.ombangambing.com # host -t SRV _kerberos._udp.ombangambing.com # host -t A samba4.ombangambing.com |
Berikut ini contoh respon yang benar ;
|
1 2 3 4 5 6 |
# host -t SRV _ldap._tcp.ombangambing.com _ldap._tcp.ombangambing.com has SRV record 0 100 389 samba4.ombangambing.com. # host -t SRV _kerberos._udp.ombangambing.com _kerberos._udp.ombangambing.com has SRV record 0 100 88 samba4.ombangambing.com. # host -t A samba4.ombangambing.com samba4.ombangambing.com has address 192.168.15.55 |
Konfigurasi Kerberos
Sebelum mulai konfigurasi kerberos, copy terlebih dahulu file asli kerberos, agar jika terjadi kegagalan, dapat restore config menggunakan file asli. berikut caranya;
|
1 |
# cp /etc/krb5.conf /etc/krb5.conf.ori |
kemudian salin juga file krb5.conf yang sudah ada pada folder /usr/local/samba/private
|
1 |
# cp /usr/local/samba/private/krb5.conf /etc/krb5.conf |
Kemudian lakukan konfigurasi Password untuk Kerberos dengan menjalankan perintah berikut ;
|
1 2 3 |
# kinit administrator Password for administrator@OMBANGAMBING.COM: Ubuntu123 Warning: Your password will expire in 41 days on Mon 12 Apr 2021 10:19:01 AM UTC |
Note : Dalam hal ini saya masukkan password adalah “Ubuntu123”.
jika sudah, lakukan pengecekkan hasil konfigurasi Kerberos, dengan cara ;
|
1 2 3 4 5 6 7 |
# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@OMBANGAMBING.COM Valid starting Expires Service principal 03/01/2021 11:06:02 03/01/2021 21:06:02 krbtgt/OMBANGAMBING.COM@OMBANGAMBING.COM renew until 03/02/2021 11:05:58, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 |
Setelah itu, lakukan konfigurasi Kerberos DNS dynamic updates dengan cara menambahkan parameter berikut tkey-gssapi-keytab “/usr/local/samba/binddns/dns.keytab” ; dengan masuk ke /etc/bind/named.conf.options
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# nano /etc/bind/named.conf.options options { tkey-gssapi-keytab "/usr/local/samba/binddns/dns.keytab"; directory "/var/cache/bind"; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; |
Kemudian restart DNS Server dan cek apakah Dynamic update sudah berjalan semestinya, dengan cara ;
|
1 2 |
# systemctl restart bind9 # /usr/local/samba/sbin/samba_dnsupdate --verbose |
Berikut hasilnya ;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# /usr/local/samba/sbin/samba_dnsupdate --verbose IPs: ['192.168.15.55'] Looking for DNS entry A samba4.ombangambing.com 192.168.15.55 as samba4.ombangambing.com. Looking for DNS entry CNAME 1a53acba-97cd-4d3e-998b-caab68697a12._msdcs.ombangambing.com samba4.ombangambing.com as 1a53acba-97cd-4d3e-998b-caab68697a12._msdcs.ombangambing.com. Looking for DNS entry NS ombangambing.com samba4.ombangambing.com as ombangambing.com. Looking for DNS entry NS _msdcs.ombangambing.com samba4.ombangambing.com as _msdcs.ombangambing.com. Looking for DNS entry A ombangambing.com 192.168.15.55 as ombangambing.com. Looking for DNS entry SRV _ldap._tcp.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.dc._msdcs.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.dc._msdcs.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _ldap._tcp.8870ec86-6b55-4a4c-80eb-3f6bf27bad9f.domains._msdcs.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.8870ec86-6b55-4a4c-80eb-3f6bf27bad9f.domains._msdcs.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.8870ec86-6b55-4a4c-80eb-3f6bf27bad9f.domains._msdcs.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _kerberos._tcp.ombangambing.com samba4.ombangambing.com 88 as _kerberos._tcp.ombangambing.com. Checking 0 100 88 samba4.ombangambing.com. against SRV _kerberos._tcp.ombangambing.com samba4.ombangambing.com 88 Looking for DNS entry SRV _kerberos._udp.ombangambing.com samba4.ombangambing.com 88 as _kerberos._udp.ombangambing.com. Checking 0 100 88 samba4.ombangambing.com. against SRV _kerberos._udp.ombangambing.com samba4.ombangambing.com 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.ombangambing.com samba4.ombangambing.com 88 as _kerberos._tcp.dc._msdcs.ombangambing.com. Checking 0 100 88 samba4.ombangambing.com. against SRV _kerberos._tcp.dc._msdcs.ombangambing.com samba4.ombangambing.com 88 Looking for DNS entry SRV _kpasswd._tcp.ombangambing.com samba4.ombangambing.com 464 as _kpasswd._tcp.ombangambing.com. Checking 0 100 464 samba4.ombangambing.com. against SRV _kpasswd._tcp.ombangambing.com samba4.ombangambing.com 464 Looking for DNS entry SRV _kpasswd._udp.ombangambing.com samba4.ombangambing.com 464 as _kpasswd._udp.ombangambing.com. Checking 0 100 464 samba4.ombangambing.com. against SRV _kpasswd._udp.ombangambing.com samba4.ombangambing.com 464 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.Default-First-Site-Name._sites.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.Default-First-Site-Name._sites.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.ombangambing.com samba4.ombangambing.com 88 as _kerberos._tcp.Default-First-Site-Name._sites.ombangambing.com. Checking 0 100 88 samba4.ombangambing.com. against SRV _kerberos._tcp.Default-First-Site-Name._sites.ombangambing.com samba4.ombangambing.com 88 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ombangambing.com samba4.ombangambing.com 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ombangambing.com. Checking 0 100 88 samba4.ombangambing.com. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ombangambing.com samba4.ombangambing.com 88 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.pdc._msdcs.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.pdc._msdcs.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry A gc._msdcs.ombangambing.com 192.168.15.55 as gc._msdcs.ombangambing.com. Looking for DNS entry SRV _gc._tcp.ombangambing.com samba4.ombangambing.com 3268 as _gc._tcp.ombangambing.com. Checking 0 100 3268 samba4.ombangambing.com. against SRV _gc._tcp.ombangambing.com samba4.ombangambing.com 3268 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.ombangambing.com samba4.ombangambing.com 3268 as _ldap._tcp.gc._msdcs.ombangambing.com. Checking 0 100 3268 samba4.ombangambing.com. against SRV _ldap._tcp.gc._msdcs.ombangambing.com samba4.ombangambing.com 3268 Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.ombangambing.com samba4.ombangambing.com 3268 as _gc._tcp.Default-First-Site-Name._sites.ombangambing.com. Checking 0 100 3268 samba4.ombangambing.com. against SRV _gc._tcp.Default-First-Site-Name._sites.ombangambing.com samba4.ombangambing.com 3268 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ombangambing.com samba4.ombangambing.com 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ombangambing.com. Checking 0 100 3268 samba4.ombangambing.com. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ombangambing.com samba4.ombangambing.com 3268 Looking for DNS entry A DomainDnsZones.ombangambing.com 192.168.15.55 as DomainDnsZones.ombangambing.com. Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.DomainDnsZones.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.DomainDnsZones.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry A ForestDnsZones.ombangambing.com 192.168.15.55 as ForestDnsZones.ombangambing.com. Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.ForestDnsZones.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.ForestDnsZones.ombangambing.com samba4.ombangambing.com 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ombangambing.com samba4.ombangambing.com 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ombangambing.com. Checking 0 100 389 samba4.ombangambing.com. against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ombangambing.com samba4.ombangambing.com 389 No DNS updates needed root@samba4:/opt# |
dan sampai tahap ini sudah selesai melakukan konfigurasi Dynamic DNS dan Kerberos. Konfigurasi DNS merupakan hal yang vital bagi keberhasilan konfigurasi Active Directory. jadi jika masih menemui masalah pada DNS, maka umumnya komputer client akan sulit mengenali server active directory maupun melakukan join domain.
Konfigurasi NTP Server
konfigurasi NTP merupakan langkah tambahan namun penting keberadaannya, dikarenakan komputer klien maupun server haruslah sama waktunya. agar service berjalan lancar.
|
1 |
# apt-get install ntp |
Lakukan edit file /jetc/ntp.conf dan masukkan server ntp indonesia, berikut contohnya ;
|
1 2 3 4 5 6 7 8 9 |
# nano /etc/ntp.conf pool 0.id.pool.ntp.org iburst pool 1.id.pool.ntp.org iburst pool 2.id.pool.ntp.org iburst pool 3.id.pool.ntp.org iburst # Use Ubuntu's ntp server as a fallback. pool ntp.ubuntu.com |
jika sudah, lakukan save (ctrl + x) dan tekan Y.
setelah itu, jalankan Service NTP.
|
1 2 3 4 |
# systemctl restart ntp # systemctl enable ntp # systemctl status ntp # ntpq -p |
Berikut Contohnya jika berhasil ;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# systemctl status ntp ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2021-03-01 11:13:13 UTC; 15s ago Docs: man:ntpd(8) Main PID: 8525 (ntpd) Tasks: 2 (limit: 2317) CGroup: /system.slice/ntp.service └─8525 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 113:116 Mar 01 11:13:17 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 162.159.200.1 Mar 01 11:13:17 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 119.110.74.101 Mar 01 11:13:17 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 162.159.200.1 Mar 01 11:13:18 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 103.28.56.14 Mar 01 11:13:18 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 203.114.224.31 Mar 01 11:13:18 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 91.189.89.199 Mar 01 11:13:19 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 91.189.89.198 Mar 01 11:13:20 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 91.189.94.4 Mar 01 11:13:21 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 91.189.91.157 Mar 01 11:13:22 samba4.ombangambing.com ntpd[8525]: Soliciting pool server 2001:67c:1560:8003::c8 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 0.id.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 1.id.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 2.id.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 3.id.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 0.000 0.000 -103.123.108.190 216.239.35.4 2 u 10 64 3 56.061 -0.156 1.973 -203.89.31.10 (s 203.89.31.13 3 u 4 64 3 16.390 -2.729 1.019 +2.ntp.maxindo.n 203.123.48.219 2 u 7 64 3 3.874 -2.511 0.945 -ntp.skyline.net 5.32.10.107 2 u 3 64 3 4.477 -1.619 0.674 -ntp.uii.net.id 103.1.106.69 2 u 8 64 3 28.287 6.214 0.960 *1.ntp.maxindo.n 203.123.48.219 2 u 4 64 3 3.934 -0.781 0.645 +time.cloudflare 10.35.14.16 4 u 3 64 3 16.954 -1.729 0.528 -ns1.matrixgloba 203.123.48.219 2 u 6 64 3 4.659 -0.568 0.752 golem.canonical 17.253.34.251 2 u 7 64 3 236.419 -37.581 0.989 chilipepper.can 17.253.34.253 2 u 4 64 3 231.072 -34.867 0.660 pugot.canonical 17.253.108.253 2 u 5 64 3 333.451 -2.694 0.239 alphyn.canonica 17.253.108.253 2 u 67 64 1 229.738 -4.090 0.000 |
Note : jika terdapat tanda asterisk (*) maka tandanya NTP server sudah sinkron dan dapat digunakan oleh klien.
Samba Syntax
Nah, untuk syntax-syntax untuk manage operationalnya, karena direktori instalasinya di “/usr/local/samba”. berikut contohnya ;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
Restart Samba Service # /etc/init.d/samba4 start atau restart Start and Stop Samba Service # /usr/local/samba/sbin/samba Adding User Samba # /usr/local/samba/bin/samba-tool user add USERNAME Adding User & Password samba # /usr/local/samba/bin/samba-tool user create USERNAME PASSWORD Show Samba User List # /usr/local/samba/bin/samba-tool user list Provisioning Samba # / usr/local/samba/bin/samba-tool domain provisioning --use-rfc2307 --interactive Samba Configuration File # /usr/local/samba/etc/smb.conf Adding Samba User & Password # /usr/local/samba/bin/smbpasswd -a john |
Oke sampai disini, sudah berhasil membangun Samba4 Active Directory Server berbasis Linux Ubuntu 18.04. untuk melakukan Administrasi Server, Join Domain, membuat file sharing, create GPO, management GPO, dan lainnya, dapat kunjungi artikel berikut ;
- https://restusetiawan.com/join-domain-controller-active-directory-pada-windows-10-client/
- https://restusetiawan.com/bermain-administration-server-pada-active-domain-server-samba-4/
- https://restusetiawan.com/bermain-dengan-group-policy-object-pada-active-directory-server/
- https://restusetiawan.com/installasi-dan-konfigurasi-dasar-file-sharing-samba/
References
https://wiki.samba.org/index.php/Installing_Samba
Leave a Comment