Never Ending Security

It starts all here

How To Setup Sambo on Linux


How to Setup Samba in Linux

Samba is used by sysadmin to overcome the problem of interoperability in a mixed environment where you have both Linux and Windows. It provides a common platform for both Windows and Linux to have a common sharing space.

In this tutorial we will go through setup which will configure Samba (on Linux) as a primary domain controller. A primary domain controller is a service which is used for centralized administration of users, groups or any objects in the network

Host Name

Make sure you’ve setup the appropriate hostname and static ip. If you are using internal ip-address, and if you like to access it from the internet, setup appropriate NAT rules on your firewall.

# vi /etc/sysconfig/network

Make sure it has appropriate static ip-address setup in the ifcfg-eth0 file.

# vi /etc/sysconfig/network-script/ifcfg-eth0

Also, assign the gateway and dns accordingly in your /etc/sysconfig/network and /etc/resolv.conf file.

Verify that your /etc/hosts file has an entry similar to the following.

# vi /etc/hosts   samba

Also, make sure NTP service is setup and running properly on this server.


On CentOS, by default samba packages will not be installed for minimal installation type.

First, install the following dependent packages.

# yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5 git-core openldap-devel 

Next, download the samba source as shown below.

# git clone git:// sambaserver

The files will be downloaded to sambaserver directory. Install the samba server as shown below.

cd sambaserver

./configure  --enable-debug --enable-selftest


make install

Samba will be installed in the default location /usr/local/samba/bin. You’ll see several samba client utilities installed under this directory.

# cd /usr/local/samba/bin/ 

# ls 
cifsdd       ldbsearch   ntdbrestore    regshell    smbcquotas  tdbbackup 
dbwrap_tool  locktest    ntdbtool       regtree     smbget      tdbdump 
eventlogadm  masktest    ntlm_auth      rpcclient   smbpasswd   tdbrestore 
gentest      ndrdump     oLschema2ldif  samba-tool  smbspool    tdbtool 
ldbadd       net         pdbedit        sharesec    smbstatus   testparm 
ldbdel       nmblookup   pidl           smbcacls    smbtar      wbinfo 
ldbedit      nmblookup4  profiles       smbclient   smbta-util 
ldbmodify    ntdbbackup  regdiff        smbclient4  smbtorture 
ldbrename    ntdbdump    regpatch       smbcontrol  smbtree 

Domain Provision

To start the domain provision, execute the samba-tool as shown below. This will pickup the default hostname and domain name from the configuration files.

# /usr/local/samba/bin/samba-tool domain provision 
Realm [N0WHERE.NET]: 
 Domain [N0WHERE]: 
 Server Role (dc, member, standalone) [dc]: 
 DNS forwarder IP address (write 'none' to disable forwarding) []: 
Administrator password: 
Retype password: 
Adding DNS accounts 
Creating CN=MicrosoftDNS,CN=System,DC=n0where,DC=net 
Creating DomainDnsZones and ForestDnsZones partitions 
Populating DomainDnsZones and ForestDnsZones partitions 
Setting up sam.ldb rootDSE marking as synchronized 
Fixing provision GUIDs 
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf 
Once the above files are installed, your Samba4 server will be ready to use 
Server Role:           active directory domain controller 
Hostname:              samba 
NetBIOS Domain:        N0WHERE 
DNS Domain:   
DOMAIN SID:            S-1-5-21-2869186506-3515775153-2841826798 

Start Service

Start the samba service, as shown below.


Add the following entry to rc.local file to make sure samba service starts automatically during system startup.

# echo /usr/local/samba/sbin/samba >> /etc/rc.d/rc.local 

# cat /etc/rc.d/rc.local 
touch /var/lock/subsys/local 

Check Version

You can verify the samba version using samba or smbclient command as shown below.

# /usr/local/samba/sbin/samba -V 
Version 4.2.0pre1-GIT-913b2a1 

# /usr/local/samba/bin/smbclient -V 
Version 4.2.0pre1-GIT-913b2a1 

The following command will display all Samba shares that are currently available.

# /usr/local/samba/bin/smbclient -L localhost -U% 
Domain=[N0WHERE] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-913b2a1] 

    Sharename       Type      Comment 
    ---------       ----      ------- 
    netlogon        Disk      
    sysvol          Disk      
    IPC$            IPC       IPC Service (Samba 4.2.0pre1-GIT-913b2a1) 
Domain=[N0WHERE] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-913b2a1] 

    Server               Comment 
    ---------            ------- 

    Workgroup            Master 
    ---------            ------- 

Verify that you are able to login using the administrator username and password.

# /usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator -c 'ls' 
Enter administrator's password: 
Domain=[N0WHERE] OS=[Windows 6.1] Server=[Samba 4.2.0pre1-GIT-913b2a1] 
  .   D        0  Fri Nov 7 15:06:15 2014 
  ..  D        0  Fri Nov 7 15:06:28 2014 
57901 blocks of size 8388608. 54372 blocks available 

Verify Domains

Now let us check if the domain is functioning as expected. Check the SRV and A record as shown below.

# host -t SRV has SRV record 0 100 389 

# host -t SRV has SRV record 0 100 88 

# host -t A has address

Use the samba-tool command to verify the realm name as shown below.

# /usr/local/samba/bin/samba-tool testparm --suppress-prompt | grep realm 
    realm = N0WHERE.NET 

Configure Kerberos

Copy the sample krb5.conf file to the /etc directory.

cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf 

Set the default_realm to your domain name. In this case, we’ll set it to

# cat /etc/krb5.conf 
    default_realm = N0WHERE.NET 
    dns_lookup_realm = false 
    dns_lookup_kdc = true 

Use kinit command to make sure the Kerberos is setup properly as shown below.

# kinit administrator@N0WHERE.NET 
Password for administrator@N0WHERE.NET: 
Warning: Your password will expire in 41 days on Fri Apr  4 15:06:25 2014 

Finally, you can use Windows remote administrator tool to connect to the Samba server and use it as a domain controller.

If you face any issues during the above process, make sure you bring the system up-to-date by updating all packages. You can also disable SELinux temporarily, and review the audit.log for any SELinux related error messages. Also, make sure your IPTables rules are not blocking the ports that are required by Samba to communicate between the servers.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s