Warning for people setting this up .... never use something.local as your domain name. ".local" is reserved by the ietf and used by multicast DNS. I learned this the hard way so you don't have to.
In case you didn’t know, the ICANN proposes to use .internal… It was published recently - you can check it out here: itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
Thank you very very much. It is the first time, when I've launched AD in my Ubuntu server and this is the video that showed me the right way to do that! By the way, after I've installed RSAT, the icons didn't apper in the control panel. And I cannot create any samba group in WebMin anymore.
I'm using a debian server for samba and a fedora client. everything seems to be working right up until trying to log in with a domain user. The only thing I've come across is `systemctl status sssd` tells me that the backend is offline. But based on everything else that works...it's not. I've tried so many things I'm not sure what else to do to get it to work.
You have explained every step very clearly. Thanks for making such a useful vedeo! Can you maybe create a video where you'll explain how to update sabma to the latest version?
Thank you for creating this amazing tutorial. Do you have any plans to create a domain joined file server via Ubuntu or Debian? Specifically, one that can have its shares managed via ACL? That is something I have not been able to find a good tutorial for.
A nice idea. Currently my VM server is offline, bit the dust about a month after I created this tutorial. But once it is back up I might take a run at this.
I have not tried on Ubuntu. I know Fedora has native joining capability, although I personally have never tried it. Not sure about other distros. I don't have a windows server readily available to test. If I ever manage to get one, I will definitely test this out.
Thank you for this great tutorial. 2 question tho. If I added a user, how to assign a location (on the server?) for the home dir? And how to also have shares? Or should another samba server be built seperate for shares?
Thanks for this video, this helped me a lot to set up my servers. when joining second ubuntu machine to samba server, it is not getting the domain admin privileges, it is keep on coming back with guest user privilege. Is there any setting should be made on the smb.conf file to join the administrator as root?
@@jegant8216 unfortunately I have not looked into permissions further. Do you have a windows machine (or vm)? You might be able to set it with the domain tools.
My current setup is Router>MainSwitch>Ubuntu Server / | / | / v PC PC The when I tried to ping the server in any PC in switch 1 and 2 it says unreachable. How can I fix this?
@@josecabrera5632 short answer, yes. As the login is unique for each os and not purely based on hardware, you should be able to have both attached. As long as the hostnames are different there should be no issue.
Upon searching multiple tutorial in creating ad this is the best and easiest, i hope you can make also tutorial on how to make a file server or activate the file server after creating the ad, i tried but there seems an error.
I follow this tutorial and I have successfully setup the AD DC. One question, I want to use an external DNS server (an another IP on the same Network, rpi - pihole), so all users on the domain uses the rpi IP as DNS Server. So not the AD DC DNS IP. Any solution? I am trying to add a forwarder from DNS RSAT Tools from windows, but thos feature not supported tells me a error message.
@@considerednormal I appreciate the quick response. This video blew my mind how straightforward it was! I would love to be able to setup small Linux boxes as rodc machines in remote offices. Guess I’ll have to wait for someone smarter than I to test it on Linux. Is this an actual Microsoft ADDC or an ldap from another company?
sorry sir... when i unlink resolv.conf and touch resolv.conf .. apt update is failure and when i disable systemd-resolv apt update is failure too why ? please help me
Sadly with most proprietary paid software. The open source replacements are limited compared to the counterpart they replace. You need to compare your needs to what each offers and choose the right solution that suits your needs.
If I follow this, would this also work in Fedora instead of Ubuntu? I already know to use dnf instead of apt EDIT : nvm, you are also showing Fedora at the end ;)
It should. I did not test it personally, but it should work much the same way in regards to joining the domain. But I cannot speak on the part of controlling the policies and such with windows tools as I did not investigate what tools are available for Win11
Warning for people setting this up .... never use something.local as your domain name. ".local" is reserved by the ietf and used by multicast DNS. I learned this the hard way so you don't have to.
.lan is great ?
Yes. .LAN is fine.@@annako5240
I tend to use .internal, .local and bonjour don't play nice.
In case you didn’t know, the ICANN proposes to use .internal… It was published recently - you can check it out here: itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
oof i scrolled down too late RIP
Great tutorial sir. Works 100%.
Just for those who have ufw in their system, you need to open ports 53 for DNS and 135 for the Domain Controller
I found this out the hard way. I had pihole running in my test VM 😃
I have been looking for a video like this for ages. Thank you very much for this.
Thank you very very much. It is the first time, when I've launched AD in my Ubuntu server and this is the video that showed me the right way to do that!
By the way, after I've installed RSAT, the icons didn't apper in the control panel.
And I cannot create any samba group in WebMin anymore.
you made my night!
thank you very much for this great description!
greetings from bavaria
For what it's worth, I just followed this with Ubuntu 24.04 and it worked great.
Totally worth my subscription!!!
I would love to see a video setting up a mail server hosted locally with a VPS serving as a proxy / VPN gateway
Sorry for the late reply. Intriguing idea. Might make it happen
Nathan Fillion doing tech guides, nice!
Wonderful appreciate your hardwork!
I'm using a debian server for samba and a fedora client. everything seems to be working right up until trying to log in with a domain user. The only thing I've come across is `systemctl status sssd` tells me that the backend is offline. But based on everything else that works...it's not. I've tried so many things I'm not sure what else to do to get it to work.
My RSAT tool is responsible very slowly when click any option it is taking so much time to response I have in multiple devices same issue
Please note that RSTAT only installs if system language is ENGLISH
No
You have explained every step very clearly. Thanks for making such a useful vedeo!
Can you maybe create a video where you'll explain how to update sabma to the latest version?
That is a possibility for a future video, for sure.
Thank you for creating this amazing tutorial.
Do you have any plans to create a domain joined file server via Ubuntu or Debian? Specifically, one that can have its shares managed via ACL? That is something I have not been able to find a good tutorial for.
A nice idea. Currently my VM server is offline, bit the dust about a month after I created this tutorial. But once it is back up I might take a run at this.
This is a really awesome tutorial. Thank you so much for adding this. Can you use this, or similar methodology to join an existing Windows domain?
I have not tried on Ubuntu. I know Fedora has native joining capability, although I personally have never tried it. Not sure about other distros. I don't have a windows server readily available to test. If I ever manage to get one, I will definitely test this out.
@@considerednormal You can use windows server evaluation to test that
Hi, does its possible install posfix or other email server using the samba users?
@@Sabs761010 samba and postfix/exim are independent apps from samba, so they should be able to be configured to work.
Thank you for this great tutorial. 2 question tho. If I added a user, how to assign a location (on the server?) for the home dir? And how to also have shares? Or should another samba server be built seperate for shares?
@@O_Jiisan when I have a chance I will look into this and post a video for it
Thanks for this video, this helped me a lot to set up my servers. when joining second ubuntu machine to samba server, it is not getting the domain admin privileges, it is keep on coming back with guest user privilege. Is there any setting should be made on the smb.conf file to join the administrator as root?
@@jegant8216 unfortunately I have not looked into permissions further. Do you have a windows machine (or vm)? You might be able to set it with the domain tools.
I cannot get past the domain provisioning. It keeps telling me invalid DNS backend
You might wanna take a look at the following documentation to help fix it. wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC
@@considerednormal I got past that part now, however I ran into another issue. the DC and kerberos is not being found when host -t is run.
My current setup is
Router>MainSwitch>Ubuntu Server
/ |
/ |
/ v
PC PC
The when I tried to ping the server in any PC in switch 1 and 2 it says unreachable. How can I fix this?
amazing, i have tried. and this works.
Can a dual boot Linux/Windows machine be added into the same AD controller FOR BOTH Windows and Linux?
@@josecabrera5632 short answer, yes. As the login is unique for each os and not purely based on hardware, you should be able to have both attached. As long as the hostnames are different there should be no issue.
Great Tutorial Thank you man
Thank you for your time.
I'm stucked at the administrator login after adding the computer to the dns
Upon searching multiple tutorial in creating ad this is the best and easiest, i hope you can make also tutorial on how to make a file server or activate the file server after creating the ad, i tried but there seems an error.
Thank you for the kind words and thank you for the idea. That might be my next video
I follow this tutorial and I have successfully setup the AD DC. One question, I want to use an external DNS server (an another IP on the same Network, rpi - pihole), so all users on the domain uses the rpi IP as DNS Server. So not the AD DC DNS IP. Any solution? I am trying to add a forwarder from DNS RSAT Tools from windows, but thos feature not supported tells me a error message.
@@annefunclub4100 not sure how to make it automatic. But you could in the interim, manually set the DNS for devices.
Would you be able to configure a read only domain controller similarly?
Sadly I do not have an answer for this.
@@considerednormal I appreciate the quick response. This video blew my mind how straightforward it was! I would love to be able to setup small Linux boxes as rodc machines in remote offices. Guess I’ll have to wait for someone smarter than I to test it on Linux.
Is this an actual Microsoft ADDC or an ldap from another company?
thank you for this video! this video really helped me!
Can i still use samba to share files between my windows computers?
@@marcospaulo-xl3ey the functionality of sharing files vis samba should not be affected, although the setup for this was not part of the tutorial.
AD Users groups working, but Group policy not working.
sorry sir... when i unlink resolv.conf and touch resolv.conf .. apt update is failure
and when i disable systemd-resolv apt update is failure too
why ? please help me
What are the contents of your resolv.conf?
@@considerednormal I have the same issue and follow the tutorial as is . . the only different is I am on a 192.168.1.0/24 subnet
any way to encrypt the DNS with this solution?
so I domain join and it worked but its not resolving names like windows based one was
Sadly with most proprietary paid software. The open source replacements are limited compared to the counterpart they replace. You need to compare your needs to what each offers and choose the right solution that suits your needs.
Thanks you, men! 😀
Excellent Tutorial!! Thank you!
I have pfsense in my LAN acting as a DNS server. Do I still need to set my samba AD as the DNS for Windows LAN clients that will the domain?
Yes you should, because it keeps records of all the machines by name automatically they get added to the DNS when you join the domain.
make your ad domains recursive resolver your pfsense firewall
Hi nice work sir.. i try after failed before, but how to make replicate this AD ?
Roaming profiles will works with this method?
@@annefunclub4100 haven't tested this. When I lost my server I lost my DC. Will revamp it and hopefully do another video on advanced features.
If I follow this, would this also work in Fedora instead of Ubuntu? I already know to use dnf instead of apt EDIT : nvm, you are also showing Fedora at the end ;)
Does anyone know if this works on BSD? :)
The installation procedure might be a bit different but I do not see a reason why the config portion wouldn't work.
Grazie, tutorial eccezionale.
can i use commands of ubuntu on mint?
If I am not mistaken Mint is an Ubuntu based flavour, so the commands should work out of the box.
If you are using the LMDE version, which is Debian based, the commands should still run as well, as Ubuntu is based on Debian.
Thank Work 100%
thank you so much for this :)
Great video. Can't accss the link, it asks for user/password.
Sorry about that, try again, it should be fixed.
Will windows 11 work ?
It should. I did not test it personally, but it should work much the same way in regards to joining the domain. But I cannot speak on the part of controlling the policies and such with windows tools as I did not investigate what tools are available for Win11
Greating
Support ubuntu 24.04