Apr 27

AD Test Network

Tag: Ted @ 10:08 am

I am setting up an Active Directory test network with VirtualBox. It will consist of the following components. Links are provided showing configuration information I referenced.

VirtualBox

Use these Network settings for all machines:

  • Adapter 1: Enabled
  • Attached to: NAT Network
  • Name: NatNetwork  (10.0.2.0/24)
  • Adapter 2: Enabled
  • Attached to: Host-only Adapter
  • Name: VirtualBox Host-Only Ethernet Adapter (10.0.5.0/24)
  • DHCP Server: Enabled
  • DHCP Lower Address Bound: 10.0.5.20

Active Directory Domain Controller

Download Debian installation image and create the server in VirtualBox:

  • Name: DC1.samdom.example.com
  • Type: Linux
  • Version: Debian (64-bit)
  • RAM: 1024 MB
  • Virtual HD: 8.00 GB
  • HD Type: VDI, dynamically allocated

Change the Network settings to the NAT Network.

Attach the installation image to the server’s Optical Drive and start the server.

  • Hostname: DC1.samdom.example.com
  • Leave the root password blank.
  • Enter the desired user name and password for the admin (sudo) account.
  • Make your disk partition selections and write changes to disk.
  • Software selection: Only “SSH server” and “standard system utilities”.
  • Install the GRUB boot loader on /dev/sda
  • Finish the installation and reboot.

Login as the admin user and switch to root. Change to use static IP address. A second adapter will be enabled on Linux machines to enable SSH logins from the host machine. Make these changes to /etc/network/interfaces

# The primary network interface
allow-hotplug enp0s3
iface enp0s3 inet static
address 10.0.2.5
netmask 255.255.255.0
gateway 10.0.2.1
# This is an autoconfigured IPv6 interface
iface enp0s3 inet6 auto
#
# The secondary network interface
allow-hotplug enp0s8
iface enp0s8 inet static
address 10.0.5.5
netmask 255.255.255.0

Make these changes for resolving DNS names to /etc/resolv.conf

domain samdom.example.com
search samdom.example.com
nameserver 8.8.8.8

Make these changes for resolving the local host name to /etc/hosts

127.0.0.1 localhost
10.0.2.5 DC1.samdom.example.com DC1

Reboot the machine to switch to the static IP address.

Install Samba and packages needed for an AD DC. Use the FQDN for the server in the Kerberos setup. Also install some utility programs:

  • apt update
  • apt install samba attr winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user
  • apt install smbclient net-tools dnsutils

Stop and disable all Samba processes,  and remove the default smb.conf file

  • systemctl stop smbd nmbd winbind
  • systemctl disable smbd nmbd winbind
  • rm /etc/samba/smb.conf

Provision the Samba AD:

samba-tool domain provision --use-rfc2307 --interactive
Realm=SAMDOM.EXAMPLE.COM
Domain=SAMDOM
Server Role=dc
DNS backend=SAMBA_INTERNAL
DNS forwarder IP address=8.8.8.8
Administrator password=Passw0rd

Make these changes for resolving DNS names to /etc/resolv.conf

domain samdom.example.com
search samdom.example.com
nameserver 10.0.2.5

Use the Samba created Kerberos configuration file for your DC, enable the correct Samba services, and reboot to make sure everything works:

  • cp /var/lib/samba/private/krb5.conf /etc/
  • systemctl unmask samba-ad-dc
  • systemctl start samba-ad-dc
  • systemctl enable samba-ad-dc
  • reboot

Verify the File Server shares provided by the DC:

smbclient -L localhost -U%

Verify the DNS configuration works correctly:

  • host -t SRV _ldap._tcp.samdom.example.com.
  • host -t SRV _kerberos._udp.samdom.example.com.
  • host -t A dc1.samdom.example.com.

Verify Kerberos:

  • kinit administrator
  • klist

getent passwd
getent group
touch /tmp/testfile
chown Administrator:"Domain Users" /tmp/testfile
ls -l /tmp/testfile