Setup Samba4 Active Directory/Domain Controller

Adakah solusi untuk menggantikan Windows 200x  Server dengan fungsi  sebagai Domain Name Server,  Domain Controller, Active Directory,  DHCP,  Filesharing ?

Jawabannya ada dan bisa dengan Open Source/Free Software yaitu :
-Windows 2003 Server Edition diganti dengan Sistem operasi Linux Debian,Centos,Ubuntu,OpenSuse
-Microsoft DNS diganti dengan Bind9
-Microsoft Domain Controller,Active Directory diganti dengan Samba4
-Microsoft DHCP diganti dengan dhcp for Linux
-Fungsi Filesharing bisa dijalankan dengan Samba3/4

Dengan migrasi diatas dapat menekan biaya lisensi product Microsoft.  Dengan lisensi model user yang sangat banyak tentu bisa bayar ratusan juta untuk lisensi Windows saja.  Tekan bujet IT dengan memakai produk Open source, fasilitas dan kualitas tidak jauh dan lebih baik dari produk-produk Microsoft.

Saya berhasil menggantikan/migrasi fungsi Domain Controller,Active Directory,File Sharing yang sangat populer dikuasai pasar Microsoft Windows 2000/2003/2008 Server Edition.  Solusinya dengan sistem operasi Linux dan Samba4.  Migrasi ini saya implementasikan pada perusahaan finance group yang memiliki banyak kantor cabang yang semuanya pakai server Microsoft Windows sebagai Active Directory.

Setup ngelab kali ini adalah menginstall server dengan Linux Debian 5, Bind9, Samba4,DHCP.  Dengan instalasi dan konfigurasi ini diharapakan dapat menjalankan fungsi Active Directory/File Sharing menggunakan open source  pada user/client dengan sistem operasi Windows XP,Windows 7,Windows Vista,Mac,Linux.

Proses Instalasi dan konfigurasi ini terdiri dari :

SERVER :
– Instalasi sistem operasi Linux Debian 5 Lenny
– Instalasi dan konfigurasi Samba4 (Active Directory & Filesharing)
– Instalasi dan konfigurasi BIND (DNS)
– Instalasi dan konfigurasi DHCP

CLIENT :
– Konfigurasi Windows XP Pro client untuk join Samba 4 Active Directory
– Konfigurasi DNS Setting untuk Windows XP Pro
– Konfigurasi date/time dan time zone
– Joining windows XP Pro ke Domain
– Menampilkan Samba 4 Active Directory object dari Windows XP Pro
– Menampilkan isi samba 4 Active directory
– Managing Samba 4 Active Directory dari Windows XP Pro(menambah user dan group ke Samba 4 Active Directory,menambah organization unit (ou) kedalam samba 4 domain )
– Implementasi Group Policy (GPO) ke dalam samba 4 domain

Berikut proses instalasi dan konfigurasinya :

– Instalasi sistem operasi Linux Debian 5 Lenny

Menggunakan Linux sistem operasi Debian 5.0.3 Lenny, dengan instalasi standar sebagai server.

hostname : samba4
realm : gultom.lab
domain : gultom
workgroup : gultom
server role : domain controller

samba4:/etc/bind# nano /etc/hosts
127.0.0.1       localhost
127.0.1.1       samba4.gultom.lab   samba4
192.168.1.253   samba4.gultom.lab   samba4

samba4:/home/gtoms# cat /etc/debian_version
5.0.3

samba4:/home/gtoms# uname -a
Linux samba4 2.6.26-2-686 #1 SMP Wed Aug 19 06:06:52 UTC 2009 i686 GNU/Linux

samba4:/home/gtoms# hostname
samba4

Proses selanjutnya menginstall keperluan environment untuk Compiling Samba 4 :

samba4:/home/gtoms# apt-get install gcc
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
binutils gcc-4.3 libc6-dev linux-libc-dev
Suggested packages:
binutils-doc gcc-multilib make manpages-dev autoconf automake1.9 libtool flex bison gdb gcc-doc gcc-4.3-multilib libmudflap0-4.3-dev gcc-4.3-doc
gcc-4.3-locales libgcc1-dbg libgomp1-dbg libmudflap0-dbg glibc-doc
The following NEW packages will be installed:
binutils gcc gcc-4.3 libc6-dev linux-libc-dev
0 upgraded, 5 newly installed, 0 to remove and 18 not upgraded.
Need to get 9565kB of archives.
After this operation, 29.7MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id lenny/main binutils 2.18.1~cvs20080103-7 [2686kB]
Get:2 http://security.debian.org lenny/updates/main linux-libc-dev 2.6.26-19lenny2 [750kB]
Get:3 http://debian.indika.net.id lenny/main gcc-4.3 4.3.2-1.1 [2747kB]
Get:4 http://debian.indika.net.id lenny/main gcc 4:4.3.2-2 [5008B]
Get:5 http://debian.indika.net.id lenny/main libc6-dev 2.7-18 [3377kB]
Fetched 9565kB in 1min56s (82.0kB/s)
Selecting previously deselected package binutils.
(Reading database … 80326 files and directories currently installed.)
Unpacking binutils (from …/binutils_2.18.1~cvs20080103-7_i386.deb) …
Selecting previously deselected package gcc-4.3.
Unpacking gcc-4.3 (from …/gcc-4.3_4.3.2-1.1_i386.deb) …
Selecting previously deselected package gcc.
Unpacking gcc (from …/gcc_4%3a4.3.2-2_i386.deb) …
Selecting previously deselected package linux-libc-dev.
Unpacking linux-libc-dev (from …/linux-libc-dev_2.6.26-19lenny2_i386.deb) …
Selecting previously deselected package libc6-dev.
Unpacking libc6-dev (from …/libc6-dev_2.7-18_i386.deb) …
Processing triggers for man-db …
Setting up binutils (2.18.1~cvs20080103-7) …
Setting up gcc-4.3 (4.3.2-1.1) …
Setting up gcc (4:4.3.2-2) …
Setting up linux-libc-dev (2.6.26-19lenny2) …
Setting up libc6-dev (2.7-18) …
samba4:/home/gtoms#

samba4:/home/gtoms# apt-get install python-dev
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
python2.5-dev
The following NEW packages will be installed:
python-dev python2.5-dev
0 upgraded, 2 newly installed, 0 to remove and 18 not upgraded.
Need to get 1899kB of archives.
After this operation, 5620kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id lenny/main python2.5-dev 2.5.2-15 [1898kB]
Get:2 http://debian.indika.net.id lenny/main python-dev 2.5.2-3 [928B]
Fetched 1899kB in 30s (63.0kB/s)
Selecting previously deselected package python2.5-dev.
(Reading database … 81667 files and directories currently installed.)
Unpacking python2.5-dev (from …/python2.5-dev_2.5.2-15_i386.deb) …
Selecting previously deselected package python-dev.
Unpacking python-dev (from …/python-dev_2.5.2-3_all.deb) …
Setting up python2.5-dev (2.5.2-15) …
Setting up python-dev (2.5.2-3) …
samba4:/home/gtoms#

samba4:/home/gtoms# apt-get install autoconf
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
automake autotools-dev
Suggested packages:
autobook autoconf-archive autoconf-doc autoconf2.13 gnu-standards libtool
The following NEW packages will be installed:
autoconf automake autotools-dev
0 upgraded, 3 newly installed, 0 to remove and 18 not upgraded.
Need to get 1061kB of archives.
After this operation, 3629kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id lenny/main autoconf 2.61-8 [448kB]
Get:2 http://debian.indika.net.id lenny/main autotools-dev 20080123.1 [63.0kB]
Get:3 http://debian.indika.net.id lenny/main automake 1:1.10.1-3 [550kB]
Fetched 1061kB in 12s (84.7kB/s)
Selecting previously deselected package autoconf.
(Reading database … 81871 files and directories currently installed.)
Unpacking autoconf (from …/autoconf_2.61-8_all.deb) …
Selecting previously deselected package autotools-dev.
Unpacking autotools-dev (from …/autotools-dev_20080123.1_all.deb) …
Selecting previously deselected package automake.
Unpacking automake (from …/automake_1%3a1.10.1-3_all.deb) …
Processing triggers for man-db …
Setting up autoconf (2.61-8) …
Setting up autotools-dev (20080123.1) …
Setting up automake (1:1.10.1-3) …
samba4:/home/gtoms#

samba4:/home/gtoms# apt-get install make
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
make-doc
The following NEW packages will be installed:
make
0 upgraded, 1 newly installed, 0 to remove and 18 not upgraded.
Need to get 382kB of archives.
After this operation, 991kB of additional disk space will be used.
Get:1 http://debian.indika.net.id lenny/main make 3.81-5 [382kB]
Fetched 382kB in 5s (64.0kB/s)
Selecting previously deselected package make.
(Reading database … 82089 files and directories currently installed.)
Unpacking make (from …/archives/make_3.81-5_i386.deb) …
Processing triggers for man-db …
Setting up make (3.81-5) …
samba4:/home/gtoms#

samba4:/home/gtoms# apt-get install acl libattr1-dev libblkid-dev libgnutls-dev libreadline5-dev
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
libgcrypt11-dev libgnutls26 libgpg-error-dev libncurses5-dev libtasn1-3-dev zlib1g-dev
Suggested packages:
libgcrypt11-doc gnutls-doc gnutls-bin guile-gnutls
The following NEW packages will be installed:
acl libattr1-dev libblkid-dev libgcrypt11-dev libgnutls-dev libgpg-error-dev libncurses5-dev libreadline5-dev libtasn1-3-dev zlib1g-dev
The following packages will be upgraded:
libgnutls26
1 upgraded, 10 newly installed, 0 to remove and 17 not upgraded.
Need to get 3767kB of archives.
After this operation, 11.2MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id lenny/main acl 2.2.47-2 [56.9kB]
Get:2 http://debian.indika.net.id lenny/main libgpg-error-dev 1.4-2 [33.6kB]
Get:3 http://debian.indika.net.id lenny/main libgcrypt11-dev 1.4.1-1 [320kB]
Get:4 http://security.debian.org lenny/updates/main libgnutls26 2.4.2-6+lenny2 [464kB]
Get:5 http://debian.indika.net.id lenny/main zlib1g-dev 1:1.2.3.3.dfsg-12 [157kB]
Get:6 http://debian.indika.net.id lenny/main libtasn1-3-dev 1.4-1 [374kB]
Get:7 http://debian.indika.net.id lenny/main libncurses5-dev 5.7+20081213-1 [1546kB]
Get:8 http://security.debian.org lenny/updates/main libgnutls-dev 2.4.2-6+lenny2 [539kB]
Get:9 http://debian.indika.net.id lenny/main libreadline5-dev 5.2-3.1 [222kB]
Get:10 http://debian.indika.net.id lenny/main libattr1-dev 1:2.4.43-2 [31.3kB]
Get:11 http://debian.indika.net.id lenny/main libblkid-dev 1.41.3-1 [24.0kB]
Fetched 3767kB in 37s (100kB/s)
(Reading database … 82123 files and directories currently installed.)
Preparing to replace libgnutls26 2.4.2-6+lenny1 (using …/libgnutls26_2.4.2-6+lenny2_i386.deb) …
Unpacking replacement libgnutls26 …
Selecting previously deselected package acl.
Unpacking acl (from …/archives/acl_2.2.47-2_i386.deb) …
Selecting previously deselected package libgpg-error-dev.
Unpacking libgpg-error-dev (from …/libgpg-error-dev_1.4-2_i386.deb) …
Selecting previously deselected package libgcrypt11-dev.
Unpacking libgcrypt11-dev (from …/libgcrypt11-dev_1.4.1-1_i386.deb) …
Selecting previously deselected package zlib1g-dev.
Unpacking zlib1g-dev (from …/zlib1g-dev_1%3a1.2.3.3.dfsg-12_i386.deb) …
Selecting previously deselected package libtasn1-3-dev.
Unpacking libtasn1-3-dev (from …/libtasn1-3-dev_1.4-1_i386.deb) …
Selecting previously deselected package libgnutls-dev.
Unpacking libgnutls-dev (from …/libgnutls-dev_2.4.2-6+lenny2_i386.deb) …
Selecting previously deselected package libncurses5-dev.
Unpacking libncurses5-dev (from …/libncurses5-dev_5.7+20081213-1_i386.deb) …
Selecting previously deselected package libreadline5-dev.
Unpacking libreadline5-dev (from …/libreadline5-dev_5.2-3.1_i386.deb) …
Selecting previously deselected package libattr1-dev.
Unpacking libattr1-dev (from …/libattr1-dev_1%3a2.4.43-2_i386.deb) …
Selecting previously deselected package libblkid-dev.
Unpacking libblkid-dev (from …/libblkid-dev_1.41.3-1_i386.deb) …
Processing triggers for man-db …
Setting up libgnutls26 (2.4.2-6+lenny2) …
Setting up acl (2.2.47-2) …
Setting up libgpg-error-dev (1.4-2) …
Setting up libgcrypt11-dev (1.4.1-1) …
Setting up zlib1g-dev (1:1.2.3.3.dfsg-12) …
Setting up libtasn1-3-dev (1.4-1) …
Setting up libgnutls-dev (2.4.2-6+lenny2) …
Setting up libncurses5-dev (5.7+20081213-1) …
Setting up libreadline5-dev (5.2-3.1) …
Setting up libattr1-dev (1:2.4.43-2) …
Setting up libblkid-dev (1.41.3-1) …
samba4:/home/gtoms#
– Instalasi dan konfigurasi Samba4

samba4:/home/gtoms# wget -c http://samba.org/samba/ftp/samba4/samba-4.0.0alpha8.tar.gz
–2009-11-28 14:07:40–  http://samba.org/samba/ftp/samba4/samba-4.0.0alpha8.tar.gz
Resolving samba.org… 216.83.154.106
Connecting to samba.org|216.83.154.106|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 12119314 (12M) [application/x-gzip]
Saving to: `samba-4.0.0alpha8.tar.gz’

100%[=================================>] 12,119,314   102K/s   in 2m 5s
2009-11-28 14:09:47 (94.5 KB/s) – `samba-4.0.0alpha8.tar.gz’ saved [12119314/12119314]

samba4:/home/gtoms# ls
samba-4.0.0alpha8.tar.gz

samba4:/home/gtoms# tar zxvf samba-4.0.0alpha8.tar.gz
…..skip……….
……………
……………
samba-4.0.0alpha8/libcli/ldap/
samba-4.0.0alpha8/libcli/ldap/ldap_message.c
samba-4.0.0alpha8/libcli/ldap/ldap_ndr.h
samba-4.0.0alpha8/libcli/ldap/config.mk
samba-4.0.0alpha8/libcli/ldap/ldap_message.h
samba-4.0.0alpha8/libcli/ldap/ldap_ndr.c
samba-4.0.0alpha8/libcli/ldap/ldap_errors.h
samba-4.0.0alpha8/libcli/netlogon.h
samba-4.0.0alpha8/libcli/nbt/
samba-4.0.0alpha8/libcli/nbt/tools/
samba-4.0.0alpha8/libcli/nbt/tools/nmblookup.c
samba-4.0.0alpha8/libcli/nbt/nbtsocket.c
samba-4.0.0alpha8/libcli/nbt/namequery.c
samba-4.0.0alpha8/libcli/nbt/nbt_proto.h
samba-4.0.0alpha8/libcli/nbt/namerefresh.c
samba-4.0.0alpha8/libcli/nbt/nbtname.c
samba-4.0.0alpha8/libcli/nbt/nameregister.c
samba-4.0.0alpha8/libcli/nbt/namerelease.c
samba-4.0.0alpha8/libcli/nbt/pynbt.c
samba-4.0.0alpha8/libcli/nbt/libnbt.h
samba-4.0.0alpha8/libcli/nbt/man/
samba-4.0.0alpha8/libcli/nbt/man/nmblookup.1.xml
samba-4.0.0alpha8/libcli/nbt/man/nmblookup.1
samba-4.0.0alpha8/libcli/security/
samba-4.0.0alpha8/libcli/security/security_descriptor.h
samba-4.0.0alpha8/libcli/security/secace.c
samba-4.0.0alpha8/libcli/security/dom_sid.h
samba-4.0.0alpha8/libcli/security/secacl.h
samba-4.0.0alpha8/libcli/security/config.mk
samba-4.0.0alpha8/libcli/security/display_sec.c
samba-4.0.0alpha8/libcli/security/dom_sid.c
samba-4.0.0alpha8/libcli/security/secace.h
samba-4.0.0alpha8/libcli/security/secacl.c
samba-4.0.0alpha8/libcli/security/security_descriptor.c
samba-4.0.0alpha8/libcli/named_pipe_auth/
samba-4.0.0alpha8/libcli/named_pipe_auth/npa_tstream.c
samba-4.0.0alpha8/libcli/named_pipe_auth/config.mk
samba-4.0.0alpha8/libcli/named_pipe_auth/npa_tstream.h
samba-4.0.0alpha8/libcli/ndr_netlogon_proto.h
samba-4.0.0alpha8/libcli/netlogon.c
samba-4.0.0alpha8/release-scripts/
samba-4.0.0alpha8/release-scripts/build-docs
samba-4.0.0alpha8/release-scripts/create-tarball
samba-4.0.0alpha8/merged-branches.txt
samba-4.0.0alpha8/COPYING
samba4:/home/gtoms#

samba4:/home/gtoms# cd samba-4.0.0alpha8
samba4:/home/gtoms/samba-4.0.0alpha8# ls
client     howto4.txt  libgpo  merged-branches.txt  pcp       prog_guide4.txt  script    swat2      testprogs  WHATSNEW4.txt
codepages  lib         librpc  nsswitch             PFIF.txt  README.Coding    selftest  swat2.txt  tests
COPYING    libcli      m4      packaging4           pidl      release-scripts  source4   testdata   testsuite

samba4:/home/gtoms/samba-4.0.0alpha8# cd source4

samba4:/home/gtoms/samba-4.0.0alpha8/source4#./configure
SAMBA VERSION: 4.0.0alpha8
LIBREPLACE_LOCATION_CHECKS: START
checking build system type…
……skip…..
checking ns_api.h usability… no
checking ns_api.h presence… no
checking for ns_api.h… no
checking configure summary… yes
configure: creating build/smb_build/config.pm
configure: creating config.mk
configure: creating ./config.status
config.status: creating lib/registry/registry.pc
config.status: creating librpc/dcerpc.pc
config.status: creating ../librpc/ndr.pc
config.status: creating ../lib/torture/torture.pc
config.status: creating auth/gensec/gensec.pc
config.status: creating param/samba-hostconfig.pc
config.status: creating librpc/dcerpc_samr.pc
config.status: creating librpc/dcerpc_atsvc.pc
config.status: creating lib/ldb/ldb.pc
config.status: creating include/config_tmp.h
config.status: executing rm-stdint.h commands
config.status: executing rm-stdbool.h commands
config.status: executing default-1 commands
build/smb_build/makefile.pm: creating data.mk
Summary:

Support for SSL in SWAT and LDAP: yes
Support for threads in server (see –with-pthread): yes
Support for intelligent command line editing: yes
Support for changing process titles (see –with-setproctitle): yes
Support for using extended attributes: yes
Support for using libblkid: yes
Support for using iconv: yes
Support for using pam: yes
Support for python bindings: yes
Using external popt: no
Using external talloc: no
Using external tdb: no
Using external tevent: no
Using external ldb: no
Developer mode: no
Automatic dependencies: no (install GNU make >= 3.81 and see –enable-automatic-dependencies)
Building shared libraries: yes
Using shared libraries internally: no (specify –enable-dso)
configure: creating mkconfig.mk
To build Samba, run /usr/bin/make
samba4:/home/gtoms/samba-4.0.0alpha8/source4#

samba4:/home/gtoms/samba-4.0.0alpha8/source4#make
……….skip….

Linking bin/python/samba/dcerpc/samr.so
Compiling ../librpc/gen_ndr/py_echo.c
Linking bin/python/samba/dcerpc/echo.so
Compiling ../librpc/gen_ndr/py_epmapper.c
Linking bin/python/samba/dcerpc/epmapper.so
Compiling librpc/gen_ndr/py_irpc.c
Compiling librpc/gen_ndr/ndr_irpc_c.c
Partially linking bin/mergedobj/rpc_ndr_irpc.o
Linking bin/python/samba/dcerpc/irpc.so
Linking bin/python/samba/dcerpc/misc.so
Compiling lib/messaging/pymessaging.c
Partially linking bin/mergedobj/python_irpc.o
Linking bin/python/samba/messaging.so
Compiling ../librpc/gen_ndr/py_unixinfo.c
Linking bin/python/samba/dcerpc/unixinfo.so
Compiling ../librpc/gen_ndr/py_drsuapi.c
Linking bin/python/samba/dcerpc/drsuapi.so
Compiling ../librpc/gen_ndr/py_svcctl.c
Linking bin/python/samba/dcerpc/svcctl.so
Compiling ../librpc/gen_ndr/py_initshutdown.c
Linking bin/python/samba/dcerpc/initshutdown.so
Compiling scripting/python/uuidmodule.c
Linking bin/python/uuid.so
Compiling ../librpc/gen_ndr/py_nbt.c
Linking bin/python/samba/dcerpc/nbt.so
Compiling libnet/py_net.c
Linking bin/python/samba/net.so
Linking bin/python/samba/dcerpc/base.so
Compiling ../librpc/gen_ndr/py_lsa.c
Linking bin/python/samba/dcerpc/lsa.so
Compiling lib/registry/pyregistry.c
Linking bin/python/samba/registry.so
Linking bin/python/samba/dcerpc/security.so
Linking bin/shared/libsamba-util.so.0.0.1
Linking bin/shared/libdcerpc_atsvc.so.0.0.1
Linking bin/shared/libdcerpc.so.0.0.1
Linking bin/shared/libdcerpc_samr.so.0.0.1
Linking bin/shared/libtorture.so.0.0.1
Linking bin/shared/libldb.so.0.0.1
Linking bin/shared/libgensec.so.0.0.1
Linking bin/shared/libndr.so.0.0.1
Linking bin/shared/libregistry.so.0.0.1
Compiling ../nsswitch/winbind_nss_linux.c
Linking bin/shared/libnss_winbind.so
Linking bin/shared/libsamba-hostconfig.so.0.0.1
samba4:/home/gtoms/samba-4.0.0alpha8/source4#

samba4:/home/gtoms/samba-4.0.0alpha8/source4#make install
……….skip………………..
bindir:      /usr/local/samba/bin
sbindir:     /usr/local/samba/sbin
libdir:      /usr/local/samba/lib
modulesdir:  /usr/local/samba/modules
includedir:  /usr/local/samba/include
vardir:      /usr/local/samba/var
privatedir:  /usr/local/samba/private
piddir:      /usr/local/samba/var/run
lockdir:     /usr/local/samba/var/locks
logfilebase: /usr/local/samba/var
setupdir:    /usr/local/samba/share/setup
swatdir:     /usr/local/samba/share/swat
mandir:      /usr/local/samba/share/man
torturedir:  ../lib/torture
datadir:     /usr/local/samba/share
winbindd_socket_dir:  /usr/local/samba/var/run/winbindd
ntp_signd_socket_dir:  /usr/local/samba/var/run/ntp_signd
Samba will be compiled with flags:
CPP        = gcc -E
CPPFLAGS   = -I./include -I. -I./lib -I./../lib/replace -I./../lib/talloc -I./.. -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H
CC         = gcc
CFLAGS     =
PICFLAG    = -fPIC
BNLD       = gcc
BNLD_FLAGS =  -Wl,–export-dynamic
STLD       = /usr/bin/ar
STLD_FLAGS = -rcs
SHLD       = gcc
SHLD_FLAGS = -shared -Wl,-Bsymbolic
MDLD       = gcc
MDLD_FLAGS = -shared -Wl,-Bsymbolic -Wl,–allow-shlib-undefined
SHLIBEXT   = so
srcdir     = .
builddir   = .
pwd        = /home/gtoms/samba-4.0.0alpha8/source4
Installing regpatch as /usr/local/samba/bin/regpatch
Installing regdiff as /usr/local/samba/bin/regdiff
Installing tdbtool as /usr/local/samba/bin/tdbtool
Installing regtree as /usr/local/samba/bin/regtree
Installing nmblookup as /usr/local/samba/bin/nmblookup
Installing ldbadd as /usr/local/samba/bin/ldbadd
Installing ldbsearch as /usr/local/samba/bin/ldbsearch
Installing tdbbackup as /usr/local/samba/bin/tdbbackup
Installing ldbrename as /usr/local/samba/bin/ldbrename
Installing smbclient as /usr/local/samba/bin/smbclient
Installing umount.cifs as /usr/local/samba/bin/umount.cifs
Installing setnttoken as /usr/local/samba/bin/setnttoken
Installing ldbdel as /usr/local/samba/bin/ldbdel
Installing masktest as /usr/local/samba/bin/masktest
Installing getntacl as /usr/local/samba/bin/getntacl
Installing nsstest as /usr/local/samba/bin/nsstest
Installing gentest as /usr/local/samba/bin/gentest
Installing regshell as /usr/local/samba/bin/regshell
Installing testparm as /usr/local/samba/bin/testparm
Installing ntlm_auth as /usr/local/samba/bin/ntlm_auth
Installing smbtorture as /usr/local/samba/bin/smbtorture
Installing wbinfo as /usr/local/samba/bin/wbinfo
Installing ndrdump as /usr/local/samba/bin/ndrdump
Installing tdbdump as /usr/local/samba/bin/tdbdump
Installing oLschema2ldif as /usr/local/samba/bin/oLschema2ldif
Installing ldbmodify as /usr/local/samba/bin/ldbmodify
Installing net as /usr/local/samba/bin/net
Installing ldbedit as /usr/local/samba/bin/ldbedit
Installing locktest as /usr/local/samba/bin/locktest
Installing tdbtorture as /usr/local/samba/bin/tdbtorture
Installing mount.cifs as /usr/local/samba/bin/mount.cifs
Installing cifsdd as /usr/local/samba/bin/cifsdd
Installing autoidl as /usr/local/samba/bin/autoidl
Installing samba3dump as /usr/local/samba/bin/samba3dump
Installing rpcclient as /usr/local/samba/bin/rpcclient
Installing smbstatus as /usr/local/samba/bin/smbstatus
Installing epdump as /usr/local/samba/bin/epdump
Installing samba as /usr/local/samba/sbin/samba
Installing dat files in /usr/local/samba/share
/usr/local/samba/share/lowcase.dat
/usr/local/samba/share/upcase.dat
/usr/local/samba/share/valid.dat
=============================================================
The dat files have been installed.
=============================================================
Installing setup templates
Installing ./bin/shared/libsamba-util.so.0.0.1 as /usr/local/samba/lib/libsamba-util.so.0.0.1
Installing ./bin/shared/libdcerpc_atsvc.so.0.0.1 as /usr/local/samba/lib/libdcerpc_atsvc.so.0.0.1
Installing ./bin/shared/libdcerpc.so.0.0.1 as /usr/local/samba/lib/libdcerpc.so.0.0.1
Installing ./bin/shared/libdcerpc_samr.so.0.0.1 as /usr/local/samba/lib/libdcerpc_samr.so.0.0.1
Installing ./bin/shared/libtorture.so.0.0.1 as /usr/local/samba/lib/libtorture.so.0.0.1
Installing ./bin/shared/libldb.so.0.0.1 as /usr/local/samba/lib/libldb.so.0.0.1
Installing ./bin/shared/libgensec.so.0.0.1 as /usr/local/samba/lib/libgensec.so.0.0.1
Installing ./bin/shared/libndr.so.0.0.1 as /usr/local/samba/lib/libndr.so.0.0.1
Installing ./bin/shared/libregistry.so.0.0.1 as /usr/local/samba/lib/libregistry.so.0.0.1
Installing ./bin/shared/libnss_winbind.so as /usr/local/samba/lib/libnss_winbind.so
Installing ./bin/shared/libsamba-hostconfig.so.0.0.1 as /usr/local/samba/lib/libsamba-hostconfig.so.0.0.1
==========================================================
The shared libraries are installed. You may restore the old libraries (if there
were any) using the command “make revert”. You may uninstall the libraries
using the command “make uninstalllib” or “make uninstall” to uninstall
binaries, man pages and shell scripts.
==========================================================
#@/bin/sh ./script/installlib.sh /usr/local/samba/lib “”
Installing lib/ldb/include/ldb.h as /usr/local/samba/include/ldb.h
Installing lib/ldb/include/ldb_errors.h as /usr/local/samba/include/ldb_errors.h
Installing auth/gensec/gensec.h as /usr/local/samba/include/gensec.h
Installing auth/credentials/credentials.h as /usr/local/samba/include/credentials.h
Installing auth/session.h as /usr/local/samba/include/samba/session.h
Installing ../lib/util/charset/charset.h as /usr/local/samba/include/charset.h
Installing lib/registry/registry.h as /usr/local/samba/include/registry.h
Installing lib/cmdline/popt_common.h as /usr/local/samba/include/samba/popt.h
Installing ../lib/util/util.h as /usr/local/samba/include/util.h
Installing ../lib/util/dlinklist.h as /usr/local/samba/include/dlinklist.h
Installing ../lib/util/attr.h as /usr/local/samba/include/util/attr.h
Installing ../lib/util/byteorder.h as /usr/local/samba/include/util/byteorder.h
Installing ../lib/util/data_blob.h as /usr/local/samba/include/util/data_blob.h
Installing ../lib/util/debug.h as /usr/local/samba/include/util/debug.h
Installing ../lib/util/memory.h as /usr/local/samba/include/util/memory.h
Installing ../lib/util/mutex.h as /usr/local/samba/include/util/mutex.h
Installing ../lib/util/safe_string.h as /usr/local/samba/include/util/safe_string.h
Installing ../lib/util/time.h as /usr/local/samba/include/util/time.h
Installing ../lib/util/util_ldb.h as /usr/local/samba/include/util_ldb.h
Installing ../lib/util/talloc_stack.h as /usr/local/samba/include/util/talloc_stack.h
Installing ../lib/util/xfile.h as /usr/local/samba/include/util/xfile.h
Installing ../lib/tdr/tdr.h as /usr/local/samba/include/tdr.h
Installing ../lib/tsocket/tsocket.h as /usr/local/samba/include/tsocket.h
Installing ../lib/tsocket/tsocket_internal.h as /usr/local/samba/include/tsocket_internal.h
Installing ../lib/torture/torture.h as /usr/local/samba/include/torture.h
Installing lib/ldb_wrap.h as /usr/local/samba/include/ldb_wrap.h
Installing lib/tdb_wrap.h as /usr/local/samba/include/tdb_wrap.h
Installing param/param.h as /usr/local/samba/include/param.h
Installing param/share.h as /usr/local/samba/include/share.h
Installing rpc_server/common/common.h as /usr/local/samba/include/dcerpc_server/common.h
Installing rpc_server/dcerpc_server.h as /usr/local/samba/include/dcerpc_server.h
Installing torture/smbtorture.h as /usr/local/samba/include/smbtorture.h
Installing ../librpc/ndr/libndr.h as /usr/local/samba/include/ndr.h
Installing ../librpc/gen_ndr/misc.h as /usr/local/samba/include/gen_ndr/misc.h
Installing ../librpc/gen_ndr/ndr_misc.h as /usr/local/samba/include/gen_ndr/ndr_misc.h
Installing ../librpc/gen_ndr/security.h as /usr/local/samba/include/gen_ndr/security.h
Installing librpc/gen_ndr/server_id.h as /usr/local/samba/include/gen_ndr/server_id.h
Installing ../librpc/gen_ndr/lsa.h as /usr/local/samba/include/gen_ndr/lsa.h
Installing ../librpc/gen_ndr/samr.h as /usr/local/samba/include/gen_ndr/samr.h
Installing ../librpc/gen_ndr/ndr_samr.h as /usr/local/samba/include/gen_ndr/ndr_samr.h
Installing ../librpc/gen_ndr/ndr_samr_c.h as /usr/local/samba/include/gen_ndr/ndr_samr_c.h
Installing ../librpc/gen_ndr/ndr_svcctl.h as /usr/local/samba/include/gen_ndr/ndr_svcctl.h
Installing ../librpc/gen_ndr/svcctl.h as /usr/local/samba/include/gen_ndr/svcctl.h
Installing ../librpc/gen_ndr/atsvc.h as /usr/local/samba/include/gen_ndr/atsvc.h
Installing ../librpc/gen_ndr/ndr_atsvc.h as /usr/local/samba/include/gen_ndr/ndr_atsvc.h
Installing ../librpc/gen_ndr/netlogon.h as /usr/local/samba/include/gen_ndr/netlogon.h
Installing ../librpc/gen_ndr/nbt.h as /usr/local/samba/include/gen_ndr/nbt.h
Installing ../librpc/gen_ndr/ndr_svcctl_c.h as /usr/local/samba/include/gen_ndr/ndr_svcctl_c.h
Installing ../librpc/gen_ndr/ndr_atsvc_c.h as /usr/local/samba/include/gen_ndr/ndr_atsvc_c.h
Installing ../librpc/gen_ndr/dcerpc.h as /usr/local/samba/include/gen_ndr/dcerpc.h
Installing ../librpc/gen_ndr/ndr_dcerpc.h as /usr/local/samba/include/gen_ndr/ndr_dcerpc.h
Installing librpc/rpc/dcerpc.h as /usr/local/samba/include/dcerpc.h
Installing ../librpc/gen_ndr/mgmt.h as /usr/local/samba/include/gen_ndr/mgmt.h
Installing ../librpc/gen_ndr/ndr_mgmt.h as /usr/local/samba/include/gen_ndr/ndr_mgmt.h
Installing ../librpc/gen_ndr/ndr_mgmt_c.h as /usr/local/samba/include/gen_ndr/ndr_mgmt_c.h
Installing ../librpc/gen_ndr/epmapper.h as /usr/local/samba/include/gen_ndr/epmapper.h
Installing ../librpc/gen_ndr/ndr_epmapper.h as /usr/local/samba/include/gen_ndr/ndr_epmapper.h
Installing ../librpc/gen_ndr/ndr_epmapper_c.h as /usr/local/samba/include/gen_ndr/ndr_epmapper_c.h
Installing libcli/ldap/ldap.h as /usr/local/samba/include/ldap-util.h
Installing ../libcli/util/error.h as /usr/local/samba/include/core/error.h
Installing ../libcli/util/ntstatus.h as /usr/local/samba/include/core/ntstatus.h
Installing ../libcli/util/doserr.h as /usr/local/samba/include/core/doserr.h
Installing ../libcli/util/werror.h as /usr/local/samba/include/core/werror.h
Installing ../libcli/ldap/ldap_message.h as /usr/local/samba/include/ldap_message.h
Installing ../libcli/ldap/ldap_errors.h as /usr/local/samba/include/ldap_errors.h
Installing ../libcli/ldap/ldap_ndr.h as /usr/local/samba/include/ldap_ndr.h
Installing ../libcli/auth/credentials.h as /usr/local/samba/include/domain_credentials.h
Installing ./version.h as /usr/local/samba/include/samba/version.h
=================================================================
The headers are installed. You may restore the old headers (if there
were any) using the command “make revert”. You may uninstall the headers
using the command “make uninstallheader” or “make uninstall” to uninstall
binaries, man pages and shell scripts.
==================================================================
Checking if your kit is complete…
Looks good
Writing Makefile for Parse::Pidl
make[1]: Entering directory `/home/gtoms/samba-4.0.0alpha8/pidl’
cp lib/Parse/Pidl/NDR.pm blib/lib/Parse/Pidl/NDR.pm
cp lib/Parse/Pidl/Samba3/ServerNDR.pm blib/lib/Parse/Pidl/Samba3/ServerNDR.pm
cp lib/Parse/Pidl/Expr.pm blib/lib/Parse/Pidl/Expr.pm
cp lib/Parse/Pidl/Compat.pm blib/lib/Parse/Pidl/Compat.pm
cp lib/Parse/Pidl/Samba4/NDR/Client.pm blib/lib/Parse/Pidl/Samba4/NDR/Client.pm
cp lib/Parse/Pidl/Samba4/NDR/Parser.pm blib/lib/Parse/Pidl/Samba4/NDR/Parser.pm
cp lib/Parse/Pidl/Util.pm blib/lib/Parse/Pidl/Util.pm
cp lib/Parse/Pidl/IDL.pm blib/lib/Parse/Pidl/IDL.pm
cp lib/Parse/Pidl.pm blib/lib/Parse/Pidl.pm
cp lib/Parse/Pidl/CUtil.pm blib/lib/Parse/Pidl/CUtil.pm
cp lib/Parse/Pidl/Samba4/TDR.pm blib/lib/Parse/Pidl/Samba4/TDR.pm
cp lib/Parse/Yapp/Driver.pm blib/lib/Parse/Yapp/Driver.pm
cp lib/Parse/Pidl/Samba4/COM/Stub.pm blib/lib/Parse/Pidl/Samba4/COM/Stub.pm
cp lib/Parse/Pidl/Samba4/Template.pm blib/lib/Parse/Pidl/Samba4/Template.pm
cp lib/Parse/Pidl/Samba4/Python.pm blib/lib/Parse/Pidl/Samba4/Python.pm
cp lib/Parse/Pidl/Samba4.pm blib/lib/Parse/Pidl/Samba4.pm
cp lib/Parse/Pidl/Samba3/ClientNDR.pm blib/lib/Parse/Pidl/Samba3/ClientNDR.pm
cp lib/Parse/Pidl/ODL.pm blib/lib/Parse/Pidl/ODL.pm
cp lib/Parse/Pidl/Wireshark/Conformance.pm blib/lib/Parse/Pidl/Wireshark/Conformance.pm
cp lib/Parse/Pidl/Wireshark/NDR.pm blib/lib/Parse/Pidl/Wireshark/NDR.pm
cp lib/Parse/Pidl/Samba4/Header.pm blib/lib/Parse/Pidl/Samba4/Header.pm
cp lib/Parse/Pidl/Samba4/COM/Proxy.pm blib/lib/Parse/Pidl/Samba4/COM/Proxy.pm
cp lib/Parse/Pidl/Samba4/COM/Header.pm blib/lib/Parse/Pidl/Samba4/COM/Header.pm
cp lib/Parse/Pidl/Typelist.pm blib/lib/Parse/Pidl/Typelist.pm
cp lib/Parse/Pidl/Dump.pm blib/lib/Parse/Pidl/Dump.pm
cp lib/Parse/Pidl/Samba4/NDR/Server.pm blib/lib/Parse/Pidl/Samba4/NDR/Server.pm
cp pidl blib/script/pidl
/usr/bin/perl “-MExtUtils::MY” -e “MY->fixin(shift)” blib/script/pidl
Manifying blib/man1/pidl.1p
Manifying blib/man3/Parse::Pidl::Util.3pm
Manifying blib/man3/Parse::Pidl::NDR.3pm
Manifying blib/man3/Parse::Pidl::Wireshark::Conformance.3pm
Manifying blib/man3/Parse::Pidl::Wireshark::NDR.3pm
Manifying blib/man3/Parse::Pidl::Dump.3pm
Installing /usr/local/samba/share/perl5/Parse/Pidl.pm
Installing /usr/local/samba/share/perl5/Parse/Yapp/Driver.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/NDR.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/CUtil.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Dump.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Expr.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/IDL.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Compat.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/ODL.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Typelist.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Util.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba3/ClientNDR.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba3/ServerNDR.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Wireshark/NDR.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Wireshark/Conformance.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/Header.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/Template.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/Python.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/TDR.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/COM/Proxy.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/COM/Stub.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/COM/Header.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/NDR/Server.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/NDR/Client.pm
Installing /usr/local/samba/share/perl5/Parse/Pidl/Samba4/NDR/Parser.pm
Installing /usr/local/samba/share/man/man1/pidl.1p
Installing /usr/local/samba/share/man/man3/Parse::Pidl::Wireshark::Conformance.3pm
Installing /usr/local/samba/share/man/man3/Parse::Pidl::Util.3pm
Installing /usr/local/samba/share/man/man3/Parse::Pidl::Dump.3pm
Installing /usr/local/samba/share/man/man3/Parse::Pidl::NDR.3pm
Installing /usr/local/samba/share/man/man3/Parse::Pidl::Wireshark::NDR.3pm
Installing /usr/local/samba/bin/pidl
make[1]: Leaving directory `/home/gtoms/samba-4.0.0alpha8/pidl’
samba4:/home/gtoms/samba-4.0.0alpha8/source4#

Create Domain Controller :

samba4:/home/gtoms/samba-4.0.0alpha8/source4# ./setup/provision –realm=gultom.lab –domain=gultom –adminpass=aprilia –server-role=’domain controller’
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up templates db
Setting up idmap db
schema_fsmo_init: no schema dn present: (skip schema loading)
naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)
pdc_fsmo_init: no domain dn present: (skip loading of domain details)
Setting up sam.ldb attributes
Setting up sam.ldb rootDSE
Erasing data from partitions
schema_fsmo_init: no schema head present: (skip schema loading)
naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)
pdc_fsmo_init: no domain object present: (skip loading of domain details)
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=gultom,DC=lab (permitted to fail)
Modifying DomainDN: DC=gultom,DC=lab
Adding configuration container (permitted to fail)
Modifying configuration container
Adding schema container (permitted to fail)
Modifying schema container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container (permitted to fail)
Modifying users container
Adding computers container (permitted to fail)
Modifying computers container
Setting up sam.ldb data
Setting up sam.ldb users and groups
Setting up self join
Setting up sam.ldb rootDSE marking as synchronized
See /usr/local/samba/private/named.conf for an example configuration include file for BIND
and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Please install the phpLDAPadmin configuration located at /usr/local/samba/private/phpldapadmin-config.php into /etc/phpldapadmin/config.php
Once the above files are installed, your Samba4 server will be ready to use
Server Role:    domain controller
Hostname:       samba4
NetBIOS Domain: GULTOM
DNS Domain:     gultom.lab
DOMAIN SID:     S-1-5-21-230467100-4281326434-679035080
Admin password: aprilia
samba4:/home/gtoms/samba-4.0.0alpha8/source4#

Lihat isi file smb.conf  harus terdapat :

[globals]
netbios name    = samba4
workgroup       = gultom
realm           = gultom.lab
server role     = domain controller

Menjalankan Samba4 :

samba4:/home/gtoms/samba-4.0.0alpha8/source4# /usr/local/samba/sbin/samba -i -M single -d 12

lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() – Processing configuration file “/usr/local/samba/etc/smb.conf”
Processing section “[globals]”
Processing section “[netlogon]”
Processing section “[sysvol]”
Processing section “[test]”
pm_process() returned Yes
adding hidden service IPC$
adding hidden service ADMIN$
samba version 4.0.0alpha8 started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
fcntl_lock 3 13 0 1 1
fcntl_lock: Lock call successful
GENSEC backend ‘krb5’ registered
GENSEC backend ‘fake_gssapi_krb5’ registered
GENSEC backend ‘schannel’ registered
GENSEC backend ‘spnego’ registered
GENSEC backend ‘gssapi_spnego’ registered
GENSEC backend ‘gssapi_krb5’ registered
GENSEC backend ‘gssapi_krb5_sasl’ registered
GENSEC backend ‘ntlmssp’ registered
NTPTR backend ‘simple_ldb’
NTVFS backend ‘simple’ for type 1 registered
NTVFS backend ‘cifs’ for type 1 registered
NTVFS backend ‘nbench’ for type 1 registered
NTVFS backend ‘unixuid’ for type 1 registered
NTVFS backend ‘unixuid’ for type 3 registered
NTVFS backend ‘unixuid’ for type 2 registered
NTVFS backend ‘cifsposix’ for type 1 registered
NTVFS backend ‘smb2’ for type 1 registered
NTVFS backend ‘default’ for type 2 registered
NTVFS backend ‘default’ for type 3 registered
NTVFS backend ‘default’ for type 1 registered
NTVFS backend ‘posix’ for type 1 registered
PROCESS_MODEL ‘standard’ registered
PROCESS_MODEL ‘prefork’ registered
PROCESS_MODEL ‘single’ registered
AUTH backend ‘winbind_samba3’ registered
AUTH backend ‘winbind’ registered
AUTH backend ‘server’ registered
AUTH backend ‘name_to_ntstatus’ registered
AUTH backend ‘fixed_challenge’ registered
AUTH backend ‘unix’ registered
AUTH backend ‘anonymous’ registered
AUTH backend ‘sam’ registered

——skip—————–

dreplsrv_partition[CN=Schema,CN=Configuration,DC=gultom,DC=lab] loaded
dreplsrv_partition[CN=Configuration,DC=gultom,DC=lab] loaded
dreplsrv_partition[DC=gultom,DC=lab] loaded
dreplsrv_refresh_partition(DC=gultom,DC=lab)
dreplsrv_refresh_partition(CN=Configuration,DC=gultom,DC=lab)
dreplsrv_refresh_partition(CN=Schema,CN=Configuration,DC=gultom,DC=lab)
dreplsrv_periodic_schedule(15) scheduled for: Sat Nov 28 14:30:28 2009 WIT
gendb_search_v: cn=Primary Domains (&(flatname=GULTOM)(objectclass=primaryDomain)) -> 1

– Instalasi dan konfigurasi BIND9 (Instalasi DNS Server )

samba4:/home/gtoms# apt-get install bind9
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
bind9utils
Suggested packages:
bind9-doc resolvconf ufw
The following NEW packages will be installed:
bind9 bind9utils
0 upgraded, 2 newly installed, 0 to remove and 17 not upgraded.
Need to get 335kB of archives.
After this operation, 1028kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://debian.indika.net.id lenny/main bind9utils 1:9.5.1.dfsg.P3-1 [92.9kB]
Get:2 http://debian.indika.net.id lenny/main bind9 1:9.5.1.dfsg.P3-1 [242kB]
Fetched 335kB in 4s (83.7kB/s)
Preconfiguring packages …
Selecting previously deselected package bind9utils.
(Reading database … 83400 files and directories currently installed.)
Unpacking bind9utils (from …/bind9utils_1%3a9.5.1.dfsg.P3-1_i386.deb) …
Selecting previously deselected package bind9.
Unpacking bind9 (from …/bind9_1%3a9.5.1.dfsg.P3-1_i386.deb) …
Processing triggers for man-db …
Setting up bind9utils (1:9.5.1.dfsg.P3-1) …
Setting up bind9 (1:9.5.1.dfsg.P3-1) …
Adding group `bind’ (GID 114) …
Done.
Adding system user `bind’ (UID 111) …
Adding new user `bind’ (UID 111) with group `bind’ …
Not creating home directory `/var/cache/bind’.
wrote key file “/etc/bind/rndc.key”
#
Starting domain name service…: bind9.
samba4:/home/gtoms#

Disini perlu menyamakan konfigurasi Bind Samba4 dengan Bind asli hasil dari instalasi diatas. Untuk named.conf asli perlu ditambahkan konfigurasi named.conf dari Samba4 bisa diambil di /usr/local/samba/private, setelah memindahkan baris named.conf milik Samba4 ke named.conf asli

Selanjutnya menambahkan baris :

tkey-gssapi-credential “DNS/gultom.lab”;
tkey-domain GULTOM.LAB”;

kedalam named.conf.options, kemudian mengcopy file krb5.conf dari /usr/local/samba/private/ ke /etc

Selanjutnya menambahkan baris :

KEYTAB_FILE=”/usr/local/samba/private/dns.keytab”
export KRB5_KTNAME=”/usr/local/samba/private/dns.keytab”

pada /etc/default/bind9, Pasca pengeditan diatas restart Bind9 dengan perintah : /etc/init.d/bind9 restart

samba4:/etc/bind# tail -n 30 /var/log/daemon.log
Nov 28 15:24:35 samba4 named[6345]: exiting
Nov 28 15:24:36 samba4 named[6452]: starting BIND 9.5.1-P3 -u bind
Nov 28 15:24:36 samba4 named[6452]: found 2 CPUs, using 2 worker threads
Nov 28 15:24:36 samba4 named[6452]: using up to 4096 sockets
Nov 28 15:24:36 samba4 named[6452]: loading configuration from ‘/etc/bind/named.conf’
Nov 28 15:24:36 samba4 named[6452]: max open files (1024) is smaller than max sockets (4096)
Nov 28 15:24:36 samba4 named[6452]: using default UDP/IPv4 port range: [1024, 65535]
Nov 28 15:24:36 samba4 named[6452]: using default UDP/IPv6 port range: [1024, 65535]
Nov 28 15:24:36 samba4 named[6452]: listening on IPv6 interfaces, port 53
Nov 28 15:24:36 samba4 named[6452]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 28 15:24:36 samba4 named[6452]: listening on IPv4 interface eth0, 192.168.1.253#53
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: D.F.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: A.E.F.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: automatic empty zone: B.E.F.IP6.ARPA
Nov 28 15:24:36 samba4 named[6452]: command channel listening on 127.0.0.1#953
Nov 28 15:24:36 samba4 named[6452]: command channel listening on ::1#953
Nov 28 15:24:36 samba4 named[6452]: zone 0.in-addr.arpa/IN: loaded serial 1
Nov 28 15:24:36 samba4 named[6452]: zone 127.in-addr.arpa/IN: loaded serial 1
Nov 28 15:24:36 samba4 named[6452]: zone 255.in-addr.arpa/IN: loaded serial 1
Nov 28 15:24:36 samba4 named[6452]: zone gultom.lab/IN: loaded serial 2009112814
Nov 28 15:24:36 samba4 named[6452]: zone localhost/IN: loaded serial 2
Nov 28 15:24:36 samba4 named[6452]: running
Nov 28 15:24:36 samba4 named[6452]: zone gultom.lab/IN: sending notifies (serial 2009112814)
samba4:/etc/bind#

samba4:/etc/bind# dig _ldap._tcp.dc._msdcs.gultom.lab SRV @localhost

; <<>> DiG 9.5.1-P3 <<>> _ldap._tcp.dc._msdcs.gultom.lab SRV @localhost
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38295
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.gultom.lab. IN    SRV

;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.gultom.lab. 604800 IN SRV  0 100 389 samba4.gultom.lab.

;; AUTHORITY SECTION:
gultom.lab.             604800  IN      NS      samba4.gultom.lab.

;; ADDITIONAL SECTION:
samba4.gultom.lab.      604800  IN      A       127.0.1.1
samba4.gultom.lab.      604800  IN      A       192.168.1.253

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 29 12:43:01 2009
;; MSG SIZE  rcvd: 132

samba4:/etc/bind#

Setting Komputer User :

Setting pada sisi client, menggunakan Windows XP Profesional :

samba4AD

samba4ADscreenshot
Untuk administrasi user group policy bisa menggunakan Samba SWAT web browser, tapi kali ini saya ingin menggunakan Windows 2003 Administration Pack dan support tools pada Windows XP Profesional Client,download dan install kedua tools gratis tersebut melalui :

http://www.microsoft.com/downloads/

Dengan tools tersebut kita dapat :

– Joining windows XP Pro ke Domain,Menampilkan Samba 4 Active Directory object dari Windows XP Pro,Menampilkan isi samba 4 active directory,Managing Samba 4 Active Directory dari Windows XP Pro(menambah user dan group ke Samba 4 Active Directory,menambah organization unit (ou) kedalam samba 4 domain)
– Implementasi Group Policy (GPO) ke dalam samba 4 domain.

samba4run

samba4ADscreenshot1

samba4ADscreenshot2

samba4ADscreenshot3

Untuk fitur Group Policy (GPO) menggunakan Samba 4 saya bisa melakukan kontrol penuh ke komputer user seperti mematikan akses ke control panel dan sebagainya. Fitur GPO merupakan bagian dari Microsoft Active Directory disamping fungsi file sharing.

Demikian proses migrasi Windows Server dengan Active Directory menggunakan sistem operasi Linux, yang dalam hal ini implementasi Samba4 Active Directory. Thanks to Samba4 Developer!

Jika ingin melakukan migrasi ke Samba4 Active Directory dengan model diatas dengan banyak Microsoft Active Directory dari kantor pusat sampai ke kantor cabang, bisa kontak saya di henry@gultom.or.id

41 thoughts on “Setup Samba4 Active Directory/Domain Controller

  1. koko

    pak gultom aq dah nyoba berdasar langkah2 di atas tp pas langkah merestart bind nya fail dan di log errornya di

    configuring TKEY: failure

    gimana solusinya. kalo di /etc/bind/named.conf.options baris
    tkey-gssapi-credential “DNS/gultom.lab”;
    tkey-domain GULTOM.LAB”;
    tak non aktifkan dns nya jalan. tp waktu di test dig answer gak ada.saya sudah search di google gak nemu.

  2. koko

    terima kasih pak. ternyata dah jalan smua. stelah trial error. ni persis pake debian lenny. masalahnya solve stelah konfigurasi
    tkey-gssapi-credential “DNS/gultom.lab”;
    tkey-domain GULTOM.LAB”;
    tak pindah ke /etc/bind/named.conf bukan di /etc/bind/named.conf.options

    di xp juga udah konek.

  3. Toni Stiawan

    Bener nih samba4 bisa seperti ini?
    Bisa GPO seperti w2k/w3k ?
    Bagus banget nih.
    Tapi kenapa ga rilis-rilis ya ?
    di website samba.org masih versi 3
    yang dianggap stabil.
    kenapa bisa begitu ?

  4. Fahmi

    Thanks ya pak gultom
    dengan ada artikel ini membuka wawasan saya ttg Linux…
    sebelumnya saya mengimplementasikan active directory di warnet temen dgn WS 2008 yg bajakan..
    ternyata di Linux juga bisa ya…muantapp….
    izin copas dulu artikelnya, segera dicoba dan di share lg….

  5. Fahmi

    O…iya ni pak…
    bisa ga di linux ngatur Group Policy untuk client windows….
    kyk di WS 2003/2008 kan ada Group Policy Object (GPO)-nya…
    mohon pencerahannya pak..

  6. gtoms

    samba4 sudah bisa diadministrasi meenggunakan Group Policy Management Console (GPMC)

    ada yang berminat mengganti microsoft dns,dhcp,active directory,file sharing menggunakan linux dan samba4 ? contact : henry@gultom.or.id

  7. ubuntu user

    Many thanks Mr. Gtoms

    I don’t speak Indonesian, but google helps with the translation (so it really is confusing at times). However, I got stuck at the configuration of the bind9’s named.conf file: Do you mean that one installs a clean bind9 then appends the content of the samba4’s named.conf file to bind9’s named.conf, or do you mean that one should overwrite the bind9’s named.conf with that of samba4?

  8. gtoms

    @ubuntu user :

    default named.conf of bind9 on /etc/bind, after u provision samba4, u should replace default named.conf bind9 with named.conf from samba4 was generated. named.conf samba4 located on /url/local/samba/private

    dont forget read the instruction on /usr/local/samba/private/named.txt

  9. Herlan

    Pak Gultom, kalau proses migrasinya bertahap bisa gak ? Misal pertama file sharing windows diganti dengan linux, dan tetap bisa join ke active directory nya Windows 2003?

    Bisa jelaskan step-stepnya? Terimakasih.

  10. gtoms

    @Herlan
    Bisa..
    Stepnya :
    1. setup samba4 sampai make install saja, tidak usah sampai provison.

    2.edit /etc/krb5.conf
    [libdefaults]
    dns_lookup_realm = true
    dns_lookup_kdc = true
    default_realm = SAMBA4.NAMADOMAIN.COM

    3. Test dengan :
    kinit administrator

    4.Test join domain ke win2k3
    bin/net vampire samba4.namadomain.com -Uadministrator –realm=samba4.namadomain.com

    5. start samba4 nya.

    6. Pindah ke Wind2k3 jalankanKnowledge Consistency Checker (KCC) :
    repadmin /kcc

    7. Pindah ke Samba4 jalankan :
    bin/net drs kcc -Uadministrator windowsdc.samba4.namadomain.com

  11. sugiyanto

    Salam kenal pak. . . saya sudah mencoba mengikuti instruksi yg ada sampai dengan langkah provision, tetapi kok ada error:

    IOError: [Errno 2] No such file or directory: ‘/usr/local/samba/etc/smb.conf’

    kira2 kenapa pak ya permasalahannya???

    terima kasih. . .:D

  12. Henry Gultom

    @Reza,

    btw sy tidak pernah mengalami IOError tersebut pada Debian 5.0

    coba tarik source samba4 nya pakai git :

    git clone git://git.samba.org/samba.git samba-master; cd samba-master

  13. WikArda

    Pak Gultom, saya coba menggunakan CentOS 5.5. Karena saya lihat perbedaan hanya pada cara downloadnya saja (apt-get dan yum).

    Semua proses berjalan smoot hingga perintag make install. Tapi kalau saya jalankan muncul ada pesan faile. Kenapa ya pak?

    [root@smb4 ~]# /usr/local/samba/sbin/samba -i -M single
    samba version 4.0.0alpha14-GIT-UNKNOWN started.
    Copyright Andrew Tridgell and the Samba Team 1992-2010
    samba: using ‘single’ process model
    task_server_terminate: [kdc: hdb_samba4_create_kdc (setup KDC database) failed]
    task_server_terminate: [dreplsrv: Failed to connect to local samdb: WERR_DS_UNAVAILABLE
    ]
    task_server_terminate: [Cannot start Winbind (domain controller): Failed to find record for SMB4 in /usr/local/samba/private/secrets.ldb: No such object: (null): Have you provisioned the SMB4 domain?]
    task_server_terminate: [kccsrv: Failed to connect to local samdb: WERR_DS_UNAVAILABLE
    ]
    /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
    /usr/local/samba/sbin/samba_dnsupdate: File “/usr/local/samba/sbin/samba_dnsupdate”, line 47, in ?
    /usr/local/samba/sbin/samba_dnsupdate: samba.ensure_external_module(“dns”, “dnspython”)
    /usr/local/samba/sbin/samba_dnsupdate: File “/usr/local/samba/lib/python2.4/site-packages/samba/__init__.py”, line 321, in ensure_external_module
    /usr/local/samba/sbin/samba_dnsupdate: sys.modules[modulename] = __import__(
    /usr/local/samba/sbin/samba_dnsupdate: TypeError: __import__() takes no keyword arguments
    ../dsdb/dns/dns_update.c:251: Failed DNS update – NT_STATUS_ACCESS_DENIED
    /usr/local/samba/sbin/samba_spnupdate: Traceback (most recent call last):
    /usr/local/samba/sbin/samba_spnupdate: File “/usr/local/samba/sbin/samba_spnupdate”, line 113, in ?
    /usr/local/samba/sbin/samba_spnupdate: sub_vars = get_subst_vars(samdb)
    /usr/local/samba/sbin/samba_spnupdate: File “/usr/local/samba/sbin/samba_spnupdate”, line 77, in get_subst_vars
    /usr/local/samba/sbin/samba_spnupdate: vars[‘NTDSGUID’] = samdb.get_ntds_GUID()
    /usr/local/samba/sbin/samba_spnupdate: File “/usr/local/samba/lib/python2.4/site-packages/samba/samdb.py”, line 471, in get_ntds_GUID
    /usr/local/samba/sbin/samba_spnupdate: return dsdb._samdb_ntds_objectGUID(self)
    /usr/local/samba/sbin/samba_spnupdate: RuntimeError: Failed to find NTDS GUID
    ../dsdb/dns/dns_update.c:280: Failed SPN update – NT_STATUS_ACCESS_DENIED

    Saat sata test pake client juga belum berhasil:
    [root@smb4 ~]# smbclient -L localhost -U%
    Error connecting to 127.0.0.1 (Connection refused)
    Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

    [root@smb4 /]# /usr/bin/smbclient -L localhost -U%
    Domain=[SMB4] OS=[Unix] Server=[Samba 4.0.0alpha14-GIT-UNKNOWN]

    Sharename Type Comment
    ——— —- ——-
    netlogon Disk
    sysvol Disk
    IPC$ IPC IPC Service (Samba 4.0.0alpha14-GIT-UNKNOWN)
    ADMIN$ Disk DISK Service (Samba 4.0.0alpha14-GIT-UNKNOWN)
    Domain=[SMB4] OS=[Unix] Server=[Samba 4.0.0alpha14-GIT-UNKNOWN]

    Server Comment
    ——— ——-

    Workgroup Master
    ——— ——-

    Apakah ini karena saya belum sampai pada tahap setup bind9 ?

  14. Theis Hoke

    Pak, untuk membangun server Active Directory spesifikasi PC Server untuk 200 user itu seperti apa ya?
    terima kasih.

  15. eko

    Mas,untuk migrasi ini apakah artinya kita buat usernya satu2 lagi atau full pindahin FSMO yang ada windows server 2003 ke samba4?

  16. yudhi

    pak gultom saya mau tanya,, saya pake distro ubuntu 11.04 trs pke samba4, denga client windows 7 ultimate, setelah saya configure. windows saya tidak bisa join ke domain yg saya buat, padahal dr client xp udah bisa,, muncul pesan error “The active directori AD DC cant be contacted ”

    saya msh nuwbie, mohon bantuannya, trims

  17. Henry Gultom

    @Yudhi,

    kalau clientnya windows 7 or win2k8, cek di ubuntu anda apakah bindnya sudah versi bind 9.7.2rc2 atau lebih tinggi…

    jgn pakai apt-get, cari bind versi tarbal dan compile, agak die hard ngerjainnya….

  18. fizh

    pak gultom, untuk sinkronisasi password sm user2nya gmn pak? apakah bisa sikron juga? atau harus didefinisikan lg passwordnya?

  19. gtoms

    @farhan, samba3 untuk file dan print sharing, samba4 development untuk active directory, rencana kedepan keduanya digabungkan, samba4ad juga sdh support filesharing dan domain controller kayak W2k3AD.

  20. deni

    Salam kenal Pak,

    Saya sudah berhasil mencoba samba 4 sebagai domain controler dengan fedora core 14, namun ketika saya ingin menggabungkan komputer lain dengan samba 3 selaku member domain samba4 tadi belum tahu/dapat caranya. Maaf saya newbie bila tidak keberatan saya mohon pencerahan dari Bapak Gultom.

    Atas petunjuknya saya ucapkan terima kasih.

    regards
    deni

  21. roby

    mas, saya dah sukses install samba<
    cuma pas mau masuk domain, ga bisa, access denied / bad user / password
    apa yg salah ya

  22. ewan

    numpang tanya Pak Gultom, kalo saya pakai DC di windows server 2003 sekarang mau pindah ke linux, gimana ya Pak cara transfer DC nya, terima kasih

  23. bodeh

    wah perlu dicoba ini .. bagus sekali.. btw thx udah sharing. saya sih selama ini U/ server di lab Win 2008 sebagai AD, file sharing server pake Ubuntu dengan Samba3 join ke domain window$

  24. ade

    pak gultom mau tanya.. kenapa setelah jalanin
    /usr/local/samba/sbin/samba -i -M single -d 12.
    timbul dreplsrv_periodic_run() : scedule pull replication
    dreplsrv_periodic_run() : run_pendding_ops
    dreplsrv_periodic_scedule (300) scedule for : dd mm yy hh:mm:ss
    saya tungguin kenapa ga selesai2 ya? apakah memang begini prosesnya atau kah ada settingan saya yang salah? mohon pencerahanya ya pak…

    satu lagi pak, saat ini samba4 kan sudah sampai beta. kalau di lihat dari wikinya samba4, cara konfigure berbeda dengan tutorial bapak. nah yang saya mau tanyakan apakah sama menjalankan ./configure dengan ./configure.developer ? di tunggu ya pak pencerahanya

  25. hendra

    Pak Henry numpang tanya,

    Kl saya coba di jaringan yang sama dengan DC dari windows 2003 apakah akan bentrok ( tarik menarik DC ) yang jadi root….terima kasih sebelumnya nya

  26. asep

    sore bang,
    bang saya udah ikutin step2 yg ada waktu jalanin bind9 ada error spt ini :
    root@samba4:/etc# /etc/init.d/bind9 | tail -f /var/log/daemon.log
    Sep 11 08:17:01 samba4 named[1673]: automatic empty zone: 8.E.F.IP6.ARPA
    Sep 11 08:17:01 samba4 named[1673]: automatic empty zone: 9.E.F.IP6.ARPA
    Sep 11 08:17:01 samba4 named[1673]: automatic empty zone: A.E.F.IP6.ARPA
    Sep 11 08:17:01 samba4 named[1673]: automatic empty zone: B.E.F.IP6.ARPA
    Sep 11 08:17:01 samba4 named[1673]: command channel listening on 127.0.0.1#953
    Sep 11 08:17:01 samba4 named[1673]: command channel listening on ::1#953
    Sep 11 08:17:01 samba4 named[1673]: the working directory is not writable
    Sep 11 08:17:01 samba4 named[1673]: zone asep.lab/IN: loading from master file /usr/local/samba/private/asep.lab.zone failed: permission denied
    Sep 11 08:17:01 samba4 named[1673]: zone asep.lab/IN: not loaded due to errors.
    Sep 11 08:17:01 samba4 named[1673]: running

    itu kira2 knapa ya bang, permisionnya udah saya kasih write

  27. qNoy

    Mr. Gultom..
    Mohon supportnya.. saya sudah mencoba tutorialnya.. tapi PC client gagal join domain.. txs b4.

    Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain “gultom.lab”:

    The query was for the SRV record for _ldap._tcp.dc._msdcs.gultom.lab

    The following domain controllers were identified by the query:
    samba4.gultom.lab

    However no domain controllers could be contacted.

    Common causes of this error include:

    – Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    – Domain controllers registered in DNS are not connected to the network or are not running.

  28. trisno

    pak henry, saya mau Tanya dong kalo misalnya server samba 4 dan dns servernya berbeda server gimana yah ? saya gunakan Ubuntu 12.04
    thx

  29. Henry Gultom

    @Trisno : tambahin di smb.conf

    # Don’t allow any updates | allow unsigned updates | only allow signed updates
    allow dns updates = False | nonsecure | signed

    # If recursive queries = yes is set, the following is also needed
    dns forwarder =

  30. tri teguh

    dear pak gultom,

    saya ingin migrasi domain controller dan active directory yg sebelum nya menggunakan windows server 2000 ke samba4, mohon pencerahan untuk langkah-langkah yang musti saya lakukan pak.

    sebelum dan sesudahnya saya ucapkan terima kasih.

  31. deny

    dear pak gultom,

    salam kenal pak, sepertinya bapak org medan ya, marga gultom… hehhe

    nanya dikit pak, sebelumnya saya pernah migrasi ke linux dengan linux server 12.04 dan menginstall samba4, lalu digunakan untuk file sharing, tapi yang jadi kendala koneksi file sharingnya sangat lambat, saat mengcopy data dari client (winxp) ke winserver (2003) kecepatan real bisa mencapai 10MBps, begitu mencoba copy file ke samba4 hanya 1MBps, yang saya tanyakan apakah pengaruh beda OS pada copy data filesharing?

    terima kasih pak

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.