Configure Samba AD DC on Ubuntu

root@samba:~$ apt-get -y install samba krb5-config winbind
# Set Realm
Configuring Kerberos Authentication
When users attempt to use Kerberos and specify a principal or user name
without specifying what administrative Kerberos realm that principal
belongs to, the system appends the default realm.  The default realm may
also be used as the realm of a Kerberos service running on the local
machine.  Often, the default realm is the uppercase version of the local
DNS domain.

Default Kerberos version 5 realm:
FLEMINGCOLLEGE.CA_________________________________________________________________________________________________

<Ok>

# Specify the hostname
Configuring Kerberos Authentication
Enter the hostnames of Kerberos servers in the FLEMINGCOLLEGE.CA Kerberos
realm separated by spaces.

Kerberos servers for your realm:
samba.flemingcollege.ca___________________________________________________________________________________________

<Ok>

 

# Specify the hostname
Configuring Kerberos Authentication
Enter the hostname of the administrative (password changing) server for
the FLEMINGCOLLEGE.CA Kerberos realm.

Administrative server for your Kerberos realm:
samba.flemingcollege.ca___________________________________________________________________________________________

<Ok>

# Rename or remove the default SMB config file
root@samba:~$ mv /etc/samba/smb.conf /etc/samba/smb.conf.org

root@samba:~$ samba-tool domain provision
Realm: FLEMINGCOLLEGE.CA # Specify Realm
Domain [FLEMINGCOLLEGE]: # Enter with default
Server Role (dc, member, standalone) [dc]: # Enter with default because it sets DC
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: # Enter with default because it uses Built-in DNS
DNS forwarder IP address (write 'none' to disable forwarding) [8.8.8.8]: # Confirm DNS setting and Enter if it's OK
Administrator password: # Set admin password
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
...
...

A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:          active directory domain controller
Hostname:             samba
NetBIOS Domain:       FLEMINGCOLLEGE
DNS Domain:           flemingcollege.ca
DOMAIN SID:           S-1-5-21-3389486828-2521778182-4128056284

# Copy Kerberos config file to /etc/
root@samba:~$ cp /var/lib/samba/private/krb5.conf /etc/krb5.conf

# Restart samba services
root@samba:~$ systemctl restart smbd samba-ad-dc

# Confirm doman level
root@samba:~$ samba-tool domain level show
Domain and forest function level for domain 'DC=flemingcollege,DC=ca'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

# Add a user in domain
root@samba:~$ samba-tool user add ubuntu
New Password:
Retype Password:
User 'ubuntu' created successfully

# Reboot to apply changes
root@samba:~$ reboot

root@samba:~$ apt-get -y install ntp
root@samba:~$ chkconfig ntp on
root@samba:~$ vi /etc/ntp.conf
# Line 18: comment out
# pool 0.ubuntu.pool.ntp.org iburst
# pool 1.ubuntu.pool.ntp.org iburst
# pool 2.ubuntu.pool.ntp.org iburst
# pool 3.ubuntu.pool.ntp.org iburst
# pool ntp.ubuntu.com

# Add servers of your timezone for time synchronization
server ntp1.jst.mfeed.ad.jp iburst
server ntp2.jst.mfeed.ad.jp iburst
server ntp3.jst.mfeed.ad.jp iburst

# Line 50: add the network range you allow to receive requests
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap

# Restart ntp service
root@samba:~$ systemctl restart ntp

# Show status
root@samba:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ntp1.jst.mfeed. 133.243.236.17   2 u    8   64    3   17.613    3.116   2.670
 ntp2.jst.mfeed. .INIT.          16 u    -   64    0    0.000    0.000   0.000
+ntp3.jst.mfeed. 133.243.236.17   2 u    3   64    3   18.134    2.303   3.591