Pre-Requisites for Samba DC: Difference between revisions
Created page with "=Before you proceed= The Active Directory domain used here is '''corp.atez.world'''. The TLD - '''atez.world''' is not owned by us nor is the sub-domain '''corp.atez.world'''. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Services configur..." |
mNo edit summary |
||
| Line 102: | Line 102: | ||
* [https://ubuntu.com/server/docs/how-to-serve-the-network-time-protocol-with-chrony Setting up Chrony] | * [https://ubuntu.com/server/docs/how-to-serve-the-network-time-protocol-with-chrony Setting up Chrony] | ||
* [https://ubuntu.com/server/docs/use-timedatectl-and-timesyncd Using timedatectl] | * [https://ubuntu.com/server/docs/use-timedatectl-and-timesyncd Using timedatectl] | ||
[[Category:How Tos]] | |||
Latest revision as of 10:27, 20 December 2024
Before you proceed
The Active Directory domain used here is corp.atez.world. The TLD - atez.world is not owned by us nor is the sub-domain corp.atez.world. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Services configured for this domain or sub-domain are not reachable on internet for the servers on which these services are configured. Someone else may do similar configurations and make them available on internet. But we are not responsible for the same as we do not own the domain
Introduction
- We shall be configuring Active Directory primary domain controller, a secondary Active Directory Domain Controller and using Bind9_DLZ as a DNS backend in place of Samba's internal DNS server
- Bind9_DLZ server has everal benefits and this how to is the place to discuss that, however, one important advantage is that the DNS can be configured as forward only, recursive, and authoritative mode
- Both VMs are fully patched and the user 'kedar' used here has sudo privileges
Prerequisites Installation
Basic Utilities
- These are basic utils that need to be installed even before Samba is installed.
- These need to be installed on both servers
sudo apt update && sudo apt upgrade -y sudo apt install net-tools nano iputils-ping chrony dnsutils bind9 bind9-utils openssl rsyslog traceroute
- Some services need to be stopped till Samba is configured
sudo systemctl stop systemd-resolved && sudo systemctl disable systemd-resolved sudo unlink /etc/resolv.conf
- Make changes to the host file of both servers. Add these two lines to the host file: /etc/hosts
$ sudo nano /etc/hosts 172.16.141.115 dc1 dc1.corp.atez.world 172.16.141.116 dc2 dc2.corp.atez.world Save & Exit
Configuring Chrony NTP
- Chrony NTP server is used here in place of the older ntp server as chrony promises better performance and easy configuration. This is a recommendation from Canonical hence going by their recommendation. Users are free to use ntp services if it suits them.
- Using ntp server will not impact any installation process of samba and bind9 DNS. This How To only covers installing Chrony NTP server.
- Configure Chrony configuration file: /etc/chrony/chrony.conf. Hash out the default Ubuntu pool servers and add the India pool servers. Feel free to add whichever you want and are comfortable with
$ sudo nano /etc/chrony/chrony.conf #pool ntp.ubuntu.com iburst maxsources 4 #pool 0.ubuntu.pool.ntp.org iburst maxsources 1 #pool 1.ubuntu.pool.ntp.org iburst maxsources 1 #pool 2.ubuntu.pool.ntp.org iburst maxsources 2 server 0.in.pool.ntp.org server 1.in.pool.ntp.org server 2.in.pool.ntp.org server 3.in.pool.ntp.org Save & Exit
- Restart chrony service
$ sudo systemctl restart chrony
Validation
- Validate if chrony is working and is able to read the correct time.
- Chrony takes 3 to 4 minutes to sync with the pool servers. use the below command to check if it is working
$ sudo chronyc tracking - the last line in the output 'Lead Status' should be 'Normal' and should not show 'Not Synching' $ sudo chronyc online $ sudo chronyc sources - shows all the sources that are available for synching $ sudo chronyc sourcestats - shows details of offset and a few important parameters $ sudo chronyc activity $ sudo chronyc ntpdata $ sudo chronyc makestep $ sudo chronyc tracking
- The output of the command: sudo chronyc tracking - should be as below
kedar@dc1:~$ sudo chronyc tracking Reference ID : 0DC814A6 (ec2-13-200-20-166.ap-south-1.compute.amazonaws.com) Stratum : 5 Ref time (UTC) : Wed Nov 13 14:23:23 2024 System time : 0.000005250 seconds slow of NTP time Last offset : -0.000003569 seconds RMS offset : 0.000024929 seconds Frequency : 0.099 ppm fast Residual freq : -0.000 ppm Skew : 0.005 ppm Root delay : 0.003231394 seconds Root dispersion : 0.000719380 seconds Update interval : 1043.5 seconds Leap status : Normal
Set Timezone
$ sudo timedatectl set-timezone Asia/Kolkata
- Check if the timezone has been setup properly
$ sudo timedatectl
Local time: Wed 2024-11-13 20:01:32 IST
Universal time: Wed 2024-11-13 14:31:32 UTC
RTC time: Wed 2024-11-13 14:31:32
Time zone: Asia/Kolkata (IST, +0530)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no