Great job, Sir! That was the only one tutorial about Samba AD that worked for me 100%. I'am glad you covered both sides (server and client). Thank you very much!
You did an excellent job with this video. Your tutorial has been a lifesaver for me as I am currently working on a similar project. I came across quite a few tutorials, but yours stands out without a doubt and most importantly, it works. Thank you so very much.
23:06 " - - now" instead of just " - now" 23:40 In Ubuntu 22.04, the samba-ad-dc.service unit is masked by default. This means that it is not enabled and cannot be started until it is unmasked. The unmask command will remove the symlink to /dev/null that masks the unit and allow you to enable and start the samba-ad-dc.service unit as needed.
seems to me the developers when on unessesary code unmasking and starting a service. Usually, a service it is there, no need to unmask. I never heard that on linux. and I've been messing around with linux for over 20 years. I guess you learn something every day.
Amazing, the cheapest way to install and managing DC and AD, a couple of Windows licenses, free Ubuntu server, free VirtualBox and free static IP address using for example ZeroTier-like solutions, and that's it! Thank you for sharing!!
I follow this tutorial to setup my Ubuntu server with samba/Active Directory but when I am going to setup the Roaming Folder on a user for example on AD the roam not working. I have setup a shared volume to smb.conf such as the "data" example on this video, but when I sign in to user, system creates a TEMP user and inform me that after sign out my user data will be deleted. So when I setup a "User Profile" path on settings of AD not sign me as the specific user but as a TEMP. Any ideas?
You did a fantastic job with this video. I'm glad you followed through from start to finish in a step by step, easy to understand and follow way. I've used and managed windows and Linux for years, but I always stay away from domains, I was also aware that Linux can become an ad, and had even tested Zentyal, but I prefer your approach
Great vid! Being a UNIX/Linux administrator, I've had to contend with living around Windows oddities in the network, but was never a fan of Kerberos. A video that delves into the Kerberos integration and why would be great.
One of the most complete videos I have seen on this subject. Great work. My question is, now that we are using Linux as the AD, how do we manage the Linux systems on the network using the same tool set and the AD you have built?
I tried this but I couldn't login with Administrator account. I followed your video step by step but somehow I can't find out why can't I login. Could you help me? Though I can join the domain.
The challenge will be to get roaming profiles working if you login to the AD from a Windows, Linux or Mac computer and also assigning mapped drives/shares. Im trying to do some centralization at home so it will be a little bit easier with the accounts and stuff. To be able to use a Linux server instead of a resource heavy windows server is a bonus!
to be honest, I was very impressed when I installed AD in Ubuntu. How much I was able to achieve in an AD environment. Group Policy works just like in a Windows Server.
im having this issue now too after having to redo it due to my external website couldnt be accessed from my internal network. and now i wiped it and started over and now my resolv.conf files keeps getting deleted on every reboot/shutdown and i can not for the life of me figure out why . Did you happen to figure this out?
I would like to know how can I set disk quotas for the mapped network drives? It seems like File Server Resource Manager (FSRM) is not working even if I connect it to DC1 using MMC. The problems occurs since it pops out the error "RPC server is unavailable on computer DC1."? Worst case scenario, is there a way to set disk quota for the existing mapped network drives without the use of File Server Resource Manager (FSRM)?
Good video, congratulations, I only have one question, why does the ubuntu server ping not respond to the computer with windows 10 to the server, do you have to modify any parameter in the virtualbox?
This is a great tutorial. I have a question. I run a standard Samba Server on a separate VM, and it is simply too much data to move and access to disrupt. Do you have instructions to point the "AD-Samba-Server1" to the "Standard-Samba-Server2"?
i gave in and just redid it now i my issue is everytime i reboot or shutdown the resolv.conf gets completely deleted and i have not been able to find out how to resolve this
I assume that this disable user account may apply only under the same network what if the user work from home and connect on a diff isp/network does this disable acnt will be applied also?
whne try to connect i am not able to connect its error Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "bighome.com": The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.bighome.com Common causes of this error include the following: - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 192.168.29.5 - One or more of the following zones do not include delegation to its child zone: bighome.com com . (the root zone) using OS ubuntu server 22.04LTS virtualbox with static ip of 192.168.29.10/24 in same network i am trying to connect in 1st time asked me to login whne i enter username and password its shows above error help me to relove
only if you have a medium size domain.... in my opinion if you have 10 to 40 computers in your domain, I don't recommend it. but I mean it is definitely an advantage b/c all your domain info is duplicated and replicated to secondary DC, so if PDC goes down the network it is still functional.
@@Roottech25 I respectfully disagree. If your needs are to supply foundational network services (i.e. domain services), no matter how large the client base is, you need to provide at least 3 DCs and maintain a quorum. This provides resiliency not only for the service, but allows flexibility for maintenance. Otherwise, you really don't justify having the service to exist, but to individually maintain each client.
is there a way to rename without having to redo the hole thing. i made the mistake as to using my Domain and now i cant access my websites from my internal network i wanted to change the AD domain to .local without having to redo everything
Are you on Bridge mode to do this? I'm having some issues mainly regarding network connection... The Network option also doesn't appear to me on Virtualbox Preferences (I'm also using two Network interfaces, cuz I wanna the server to act both as Squid and Samba... Dunno if that's of any relevance) Well, basically, the issue i'm facing is: I'm losing internet connection like u said, if I set a default gateaway on netplan config. file. Thus, I didn't set a gateway, and am using my Testserver (yep, right now I'm just doing tests to see if i can implement Samba AD). So, I didn't set the gateway, and let interface 1 work as NAT/DHCP, and set interface 2 as static and added my IP and Google's IP as DNS servers, like you did. Will I have any issue ahead if I leave things as they're?
I've followed your steps so far, and managed to login into the domain. However, several tools, including all of the active directory ones, are not appearing... I also can't connect to the internet into the Windows machine. What should I do?
This video is perfect. You did fantactic job. Thank you. The only thing I did not find is how to add a group of users that can access the files in data directory. In example the group name is accountancy. Accountancy group has 5 members. And only those accountancy group members has access to the share /data/invoices. If you could please make update even as a reply to this comment, I'd be greatefull.
That would need to be configured in your smb.conf file, when you set up a share, you assign group permissions there. Bit more time consuming than doing it the way Windows Server does it graphically, but should have the same result in the end
I created a test share in my servers home directory but it appears to only be accessible by the domain admin account, not the john smith user. I confirmed the directory permissions, smb.conf looks just like yours, tried changing diretory ownership. The folder is listed when browsing to \\domain-controller from the win10 VM but cannot enter the folder without a windows permission error. Any tips?
found a resolution if anyone has a similar problem. For whatever reason samba didn't like the directory being in a users home directory, seems to work everywhere else. Also be sure to set necessary permission and ownership should be root:3000000
so far so good: a solly question: this message during the install log : "Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs " do that mean trouble for the future? Update: netstat -antp | grep 'smbd|samba' shows nothing . i guess your guide needs an update. :(
I have a problem joining a professional win xp client gives me the following error: No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept. could you help me with a solution?
104 copy.. I will be making a video about when I'm out of danger..... immigration can kill you. like bob marley says "how many rivers do we have to cross to talk to the boss" lol
I tried this but I couldn't login with Administrator account. I followed your video step by step but somehow I can't find out why can't I login. Could you help me? Though I can join the domain.
Great job, Sir! That was the only one tutorial about Samba AD that worked for me 100%. I'am glad you covered both sides (server and client). Thank you very much!
Splendid! I've waited for such clear tutorial for many years!
You did an excellent job with this video. Your tutorial has been a lifesaver for me as I am currently working on a similar project. I came across quite a few tutorials, but yours stands out without a doubt and most importantly, it works. Thank you so very much.
23:06 " - - now" instead of just " - now"
23:40 In Ubuntu 22.04, the samba-ad-dc.service unit is masked by default. This means that it is not enabled and cannot be started until it is unmasked.
The unmask command will remove the symlink to /dev/null that masks the unit and allow you to enable and start the samba-ad-dc.service unit as needed.
seems to me the developers when on unessesary code unmasking and starting a service. Usually, a service it is there, no need to unmask. I never heard that on linux. and I've been messing around with linux for over 20 years. I guess you learn something every day.
Phenomenal how-to! I'm in the middle of converting an office from standalone to AD. This video is very informative and helpful. Thanks for posting!
And the best thing... completely free!
Amazing, the cheapest way to install and managing DC and AD, a couple of Windows licenses, free Ubuntu server, free VirtualBox and free static IP address using for example ZeroTier-like solutions, and that's it! Thank you for sharing!!
I follow this tutorial to setup my Ubuntu server with samba/Active Directory but when I am going to setup the Roaming Folder on a user for example on AD the roam not working. I have setup a shared volume to smb.conf such as the "data" example on this video, but when I sign in to user, system creates a TEMP user and inform me that after sign out my user data will be deleted. So when I setup a "User Profile" path on settings of AD not sign me as the specific user but as a TEMP. Any ideas?
You did a fantastic job with this video.
I'm glad you followed through from start to finish in a step by step, easy to understand and follow way.
I've used and managed windows and Linux for years, but I always stay away from domains, I was also aware that Linux can become an ad, and had even tested Zentyal, but I prefer your approach
Great vid! Being a UNIX/Linux administrator, I've had to contend with living around Windows oddities in the network, but was never a fan of Kerberos. A video that delves into the Kerberos integration and why would be great.
the important thing is not only to follow along but to understand the concepts
@@Roottech25 whole heartedly agree!
@@allanwolfe6071 international markets money..
GREAT explaination, great tutorial, covered slmost everything
One of the most complete videos I have seen on this subject. Great work. My question is, now that we are using Linux as the AD, how do we manage the Linux systems on the network using the same tool set and the AD you have built?
Great ! This video help me to make my Domain Controller as the way I like. Thanks.
You have a new subscriber...
Excellent appreciate your struggle!
I tried this but I couldn't login with Administrator account. I followed your video step by step but somehow I can't find out why can't I login. Could you help me?
Though I can join the domain.
Thank you very much, everything worked perfectly D:
Thank you so much for this. I plan to deploy echange server under this kind of DNS.
The challenge will be to get roaming profiles working if you login to the AD from a Windows, Linux or Mac computer and also assigning mapped drives/shares.
Im trying to do some centralization at home so it will be a little bit easier with the accounts and stuff.
To be able to use a Linux server instead of a resource heavy windows server is a bonus!
to be honest, I was very impressed when I installed AD in Ubuntu. How much I was able to achieve in an AD environment. Group Policy works just like in a Windows Server.
Hello, root tech, is there any issue with windows 11 ? its working fine on windows 10.
Hi, my /etc/resolv.conf keeps getting deleted after every restart of my machine, after i stopped the systemd-resolverd.service how i can fix it?
im having this issue now too after having to redo it due to my external website couldnt be accessed from my internal network. and now i wiped it and started over and now my resolv.conf files keeps getting deleted on every reboot/shutdown and i can not for the life of me figure out why . Did you happen to figure this out?
@@baltimorecustombuiltpcrepair Disavle the systemd-resolved.service service, then it shouldn't delete it `systemctl disable systemd-resolved.service`
@@baltimorecustombuiltpcrepairtype sudo chatt +i /etc/resolv.conf to make sure that the file will never get overridden
very clear! thank you sir!
Hi, setup is done but now I want to connect a real computer with virtual server.
How to do that, kindly help
i have one doubt. Can we add Linux Users to Server 2016 AD? its possible?
I would like to know how can I set disk quotas for the mapped network drives? It seems like File Server Resource Manager (FSRM) is not working even if I connect it to DC1 using MMC. The problems occurs since it pops out the error "RPC server is unavailable on computer DC1."?
Worst case scenario, is there a way to set disk quota for the existing mapped network drives without the use of File Server Resource Manager (FSRM)?
I can't connect to the DNS seems like something went wrong it didn't just auto expand for me like it with yours I manually tried to put it in
how to configure wallpaper to all user in samba ac-dc?
Good video, congratulations, I only have one question, why does the ubuntu server ping not respond to the computer with windows 10 to the server, do you have to modify any parameter in the virtualbox?
This is a great tutorial.
I have a question. I run a standard Samba Server on a separate VM, and it is simply too much data to move and access to disrupt.
Do you have instructions to point the "AD-Samba-Server1" to the "Standard-Samba-Server2"?
i gave in and just redid it now i my issue is everytime i reboot or shutdown the resolv.conf gets completely deleted and i have not been able to find out how to resolve this
I assume that this disable user account may apply only under the same network
what if the user work from home and connect on a diff isp/network does this disable acnt will be applied also?
whne try to connect i am not able to connect its error
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "bighome.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.bighome.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.29.5
- One or more of the following zones do not include delegation to its child zone:
bighome.com
com
. (the root zone)
using OS ubuntu server 22.04LTS
virtualbox with static ip of 192.168.29.10/24
in same network i am trying to connect in 1st time asked me to login whne i enter username and password its shows above error
help me to relove
Hi, I have a question. LDAP and Samba is deprecated?, thank you for you answer..
great tutorial Sir, Thank you so much
What's mean column in keyboard ?
Thank you so much for your support.👌👌
Very good. What are the links to your courses on Udemy?
What about joining a secondary DC? I noticed in the samba wiki it is recommended to have a secondary.
only if you have a medium size domain.... in my opinion if you have 10 to 40 computers in your domain, I don't recommend it. but I mean it is definitely an advantage b/c all your domain info is duplicated and replicated to secondary DC, so if PDC goes down the network it is still functional.
@@Roottech25 I respectfully disagree. If your needs are to supply foundational network services (i.e. domain services), no matter how large the client base is, you need to provide at least 3 DCs and maintain a quorum. This provides resiliency not only for the service, but allows flexibility for maintenance. Otherwise, you really don't justify having the service to exist, but to individually maintain each client.
how to share home folder for AD users?
is there a way to rename without having to redo the hole thing. i made the mistake as to using my Domain and now i cant access my websites from my internal network i wanted to change the AD domain to .local without having to redo everything
Excellent, thank you.
Where data of user is stored in active directory on Ubuntu?
what button did you press for column??
Are you on Bridge mode to do this? I'm having some issues mainly regarding network connection... The Network option also doesn't appear to me on Virtualbox Preferences
(I'm also using two Network interfaces, cuz I wanna the server to act both as Squid and Samba... Dunno if that's of any relevance)
Well, basically, the issue i'm facing is: I'm losing internet connection like u said, if I set a default gateaway on netplan config. file. Thus, I didn't set a gateway, and am using my Testserver (yep, right now I'm just doing tests to see if i can implement Samba AD). So, I didn't set the gateway, and let interface 1 work as NAT/DHCP, and set interface 2 as static and added my IP and Google's IP as DNS servers, like you did.
Will I have any issue ahead if I leave things as they're?
I've followed your steps so far, and managed to login into the domain. However, several tools, including all of the active directory ones, are not appearing... I also can't connect to the internet into the Windows machine. What should I do?
This video is perfect. You did fantactic job. Thank you. The only thing I did not find is how to add a group of users that can access the files in data directory. In example the group name is accountancy. Accountancy group has 5 members. And only those accountancy group members has access to the share /data/invoices. If you could please make update even as a reply to this comment, I'd be greatefull.
That would need to be configured in your smb.conf file, when you set up a share, you assign group permissions there. Bit more time consuming than doing it the way Windows Server does it graphically, but should have the same result in the end
love this content
Excellent info :)
I created a test share in my servers home directory but it appears to only be accessible by the domain admin account, not the john smith user. I confirmed the directory permissions, smb.conf looks just like yours, tried changing diretory ownership. The folder is listed when browsing to \\domain-controller from the win10 VM but cannot enter the folder without a windows permission error. Any tips?
found a resolution if anyone has a similar problem. For whatever reason samba didn't like the directory being in a users home directory, seems to work everywhere else. Also be sure to set necessary permission and ownership should be root:3000000
so far so good: a solly question: this message during the install log : "Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs " do that mean trouble for the future?
Update:
netstat -antp | grep 'smbd|samba'
shows nothing .
i guess your guide needs an update. :(
you need to do that as root
@@tiagofnsousa hey there , thanks. but im using Azure Directory. its all integrated and linx clients are all in a virtualized enviroment :)
i think you should be using "egrep" instead of "grep" I think
your video is super good, but what happened to kerberos you didn't use it? kinit doesn't work
too long of a video... check the samba wiki they show how to use kinit to setup kerberos for each user
one thing I wasn't clear about is whether kerberos is setup automatically for each user you create or you have to create key yourself for each user.
In windows active directory is setup automatically. But Samba AD apparently is different
I have a problem joining a professional win xp client
gives me the following error:
No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.
could you help me with a solution?
sure, do a video and post it on youtube to see what you're doing
Can we add Ubuntu PC's to this
Very nice. :D
hello sir what ubuntu version you use.
how did you get the default domain controllers policy ?
Hello, we have Windows 10 Home Edition, can i join to Samba4 AD? need your confirmation thanks
Home Editions are not able to join domains. You'll need to upgrade the Windows 10 Pro.
Good job 👍
Fantastic video! I hope a lot of sysadmins see this before they invest $$$$$$$$ into software management tools they don't need.
This is a good video
Thanks you
Bless you
samba nerver asked me for an user account only an password
yeah that's right
20:11
104 copy.. I will be making a video about when I'm out of danger..... immigration can kill you. like bob marley says "how many rivers do we have to cross to talk to the boss" lol
No rivers to cross, when U r the boss :-)
it's not called ittsy... it's called E T C.
if you're not familiar with Linux and in case something goes wrong, rip.
dżordż ty nic nie umiesz!!
You should learn not to use vi... all the cool kids use pico!
it was cool 20 years ago when I learned Linux ;0)
root@dc1:~# systemctl enable -now samba-ad-dc.service
Failed to parse lines 'ow'
help me
- -now
I tried this but I couldn't login with Administrator account. I followed your video step by step but somehow I can't find out why can't I login. Could you help me?
Though I can join the domain.