Samba 4 Domain Controller on Ubuntu 14.04 LTS

1. Configure network with a static ip address

$sudo nano /etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.0.35
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
dns-nameservers 192.168.0.1 114.114.114.114 8.8.8.8
dns-search szhnbc.com

2. Name your domain controller

$sudo hostname rd-server
$sudo echo "rd-server" > /etc/hostname
$sudo nano /etc/hosts

127.0.0.1 localhost
127.0.1.1 rd-server.szhnbc.com RD-Server
192.168.0.35 rd-server.szhnbc.com rd-server

$sudo apt-get update && apt-get upgrade
$sudo reboot

3. Install packages ntp, acl, samba + tools

$apt-get install ntp acl samba krb5-user smbclient

在安装Kerberos时，会提示输入相关信息

Your realm: SZHNBC.COM
Kerberos servers for your realm: rd-server.szhnbc.com
Administrative server: rd-server.szhnbc.com

4. Configure samba

Remove automatically created configuration　　

$sudo rm /etc/samba/smb.conf

Configure samba with samba-tool

$sudo samba-tool domain provision --realm szhnbc.com --domain szhnbc --adminpass Password123 --server-role=dc

注意：如果设置安全比较低的密码，会导致命令失败。

安装成功信息：

Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=szhnbc,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=szhnbc,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              rd-server
NetBIOS Domain:        SZHNBC
DNS Domain:            szhnbc.com
DOMAIN SID:            S-1-5-21-1719461813-2380486383-56883530

5. Configure DNS

对于大型，复杂的网络部署，建议你应该使用BIND，但在我的实际环境中，内建的DNS已经足够用了。

$sudo nano /etc/samba/smb.conf

dns forwarder = 8.8.8.8
allow dns updates = nonsecure

$sudo nano /etc/network/interfaces

dns-nameservers 192.168.0.35

$sudo reboot now

6. Test your new domain controller

$ host -t SRV _ldap._tcp.szhnbc.com.
_ldap._tcp.szhnbc.com has SRV record 0 100 389 rd-server.szhnbc.com.
$ host -t SRV _kerberos._udp.szhnbc.com.
_kerberos._udp.szhnbc.com has SRV record 0 100 88 rd-server.szhnbc.com.
$ host -t A rd-server.szhnbc.com.
rd-server.szhnbc.com has address 192.168.0.35$ kinit administrator
Password for administrator@SZHNBC.COM: 
Warning: Your password will expire in 41 days on Fri Jan 23 11:48:22 2015$ klist
Ticket cache: FILE:/tmp/krb5cc_999
Default principal: administrator@SZHNBC.COM

Valid starting     Expires            Service principal
12/12/14 13:04:09  12/12/14 23:04:09  krbtgt/SZHNBC.COM@SZHNBC.COM
        renew until 12/13/14 13:04:01
benny@RD-SERVER:~$ smbclient -L localhost -U%
Domain=[SZHNBC] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

        Sharename       Type      Comment
        ---------       ----      -------
        netlogon        Disk      
        sysvol          Disk      
        IPC$            IPC       IPC Service (Samba 4.1.6-Ubuntu)
Domain=[SZHNBC] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        HAICHUAN             YANGXINFENG
        MSHOME               RD-SERVER
        WORKGROUP            HC-JXS
$ smbclient //localhost/netlogon -U'administrator'
Enter administrator's password: 
Domain=[SZHNBC] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
smb: > quit

7. Manage your new domain controller

Recommended way of managing your server is to use "Remote Server Administration Tools", which you can install on Windows 7 desktop pc as a feature.

You can also manage users & groups with samba-tool 

samba-tool user add john --surname=Smith --given-name=John
samba-tool group add test_group
samba-tool group addmembers test_group john

samba-tool user list
getent passwd john
id john