Pre-Requisites for Samba DC

From Linux Infrastructure Advisory
Revision as of 10:27, 20 December 2024 by Adminforsysengwiki (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Before you proceed

The Active Directory domain used here is corp.atez.world. The TLD - atez.world is not owned by us nor is the sub-domain corp.atez.world. This is used only for demonstration and required dns entries for this domain have already been done to the host file to make the domain and any subdomains reachable on the network. This domain may be owned by someone else and we do not know who it is and we are not linked to them. Services configured for this domain or sub-domain are not reachable on internet for the servers on which these services are configured. Someone else may do similar configurations and make them available on internet. But we are not responsible for the same as we do not own the domain

Introduction

  • We shall be configuring Active Directory primary domain controller, a secondary Active Directory Domain Controller and using Bind9_DLZ as a DNS backend in place of Samba's internal DNS server
  • Bind9_DLZ server has everal benefits and this how to is the place to discuss that, however, one important advantage is that the DNS can be configured as forward only, recursive, and authoritative mode
  • Both VMs are fully patched and the user 'kedar' used here has sudo privileges

Prerequisites Installation

Basic Utilities

  • These are basic utils that need to be installed even before Samba is installed.
  • These need to be installed on both servers
sudo apt update && sudo apt upgrade -y
sudo apt install net-tools nano iputils-ping chrony dnsutils bind9 bind9-utils openssl rsyslog traceroute
  • Some services need to be stopped till Samba is configured
sudo systemctl stop systemd-resolved && sudo systemctl disable systemd-resolved 
sudo unlink /etc/resolv.conf
  • Make changes to the host file of both servers. Add these two lines to the host file: /etc/hosts
$ sudo nano /etc/hosts
172.16.141.115  dc1   dc1.corp.atez.world
172.16.141.116  dc2   dc2.corp.atez.world

Save & Exit

Configuring Chrony NTP

  • Chrony NTP server is used here in place of the older ntp server as chrony promises better performance and easy configuration. This is a recommendation from Canonical hence going by their recommendation. Users are free to use ntp services if it suits them.
  • Using ntp server will not impact any installation process of samba and bind9 DNS. This How To only covers installing Chrony NTP server.
  • Configure Chrony configuration file: /etc/chrony/chrony.conf. Hash out the default Ubuntu pool servers and add the India pool servers. Feel free to add whichever you want and are comfortable with
$ sudo nano /etc/chrony/chrony.conf

#pool ntp.ubuntu.com        iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2

server 0.in.pool.ntp.org
server 1.in.pool.ntp.org
server 2.in.pool.ntp.org
server 3.in.pool.ntp.org

Save & Exit
  • Restart chrony service
$ sudo systemctl restart chrony

Validation

  • Validate if chrony is working and is able to read the correct time.
  • Chrony takes 3 to 4 minutes to sync with the pool servers. use the below command to check if it is working
$ sudo chronyc tracking - the last line in the output 'Lead Status' should be 'Normal' and should not show 'Not Synching'
$ sudo chronyc online
$ sudo chronyc sources - shows all the sources that are available for synching
$ sudo chronyc sourcestats - shows details of offset and a few important parameters
$ sudo chronyc activity
$ sudo chronyc ntpdata
$ sudo chronyc makestep
$ sudo chronyc tracking
  • The output of the command: sudo chronyc tracking - should be as below
kedar@dc1:~$ sudo chronyc tracking
Reference ID    : 0DC814A6 (ec2-13-200-20-166.ap-south-1.compute.amazonaws.com)
Stratum         : 5
Ref time (UTC)  : Wed Nov 13 14:23:23 2024
System time     : 0.000005250 seconds slow of NTP time
Last offset     : -0.000003569 seconds
RMS offset      : 0.000024929 seconds
Frequency       : 0.099 ppm fast
Residual freq   : -0.000 ppm
Skew            : 0.005 ppm
Root delay      : 0.003231394 seconds
Root dispersion : 0.000719380 seconds
Update interval : 1043.5 seconds
Leap status     : Normal

Set Timezone

$ sudo timedatectl set-timezone Asia/Kolkata
  • Check if the timezone has been setup properly
$ sudo timedatectl
Local time: Wed 2024-11-13 20:01:32 IST
           Universal time: Wed 2024-11-13 14:31:32 UTC
                 RTC time: Wed 2024-11-13 14:31:32
                Time zone: Asia/Kolkata (IST, +0530)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

References

Retrieved from "https://infrastructure-advisory.org/index.php?title=Pre-Requisites_for_Samba_DC&oldid=36"