Requirements:
- Raspberry PI 2 or greater
- Clean install of Raspbian on mSD card
- Static IP address on your PI
- Hostname configured on your PI to what you want your DC to be
- Updated PI (via 'sudo apt-get install && sudo apt-get upgrade -y'
*** NOTE ***
In these steps I use the format CMD/WHEN ASKED/EDIT.
'CMD' is what you type in (copy/paste).
'WHEN ASKED' is your response to a question your system asks you.
'EDIT' is what you enter in the editor.
Steps to complete:
- CMD: sudo apt install samba krb5-config winbind smbclient -y
- WHEN ASKED: 'Default Kerberos version 5 realm" ANSWER: [YOUR DOMAIN NAME] (example.com or example.local)
- WHEN ASKED: 'Kerberos servers for..." ANSWER: your PC name @ your domain name (pdc.example.com or pdc.example.loca)
- WHEN ASKED: 'Administrative server..." ANSWER: your PC name @ your domain name (pdc.example.com or pdc.example.loca)
- CMD: sudo nano /etc/hosts
- EDIT: add your IP FQDN NAME (1.1.1.1 system.domain.com system)
- CMD: cd /etc/samba
- CMD: sudo mv smb.conf smb.conf.install
- CMD: sudo samba-tool domain provision
- WHEN ASKED: 'Realm' hit enter (already setup with Kerberos)
- WHEN ASKED: 'Domain' hit enter (already setup with Kerberos)
- WHEN ASKED: 'Server Role' hit enter for 'dc'
- WHEN ASKED: 'DNS backend' hit enter for 'SAMBA_INTERNAL'
- WHEN ASKED: 'DNS forwarder IP address' enter your upstream provider or router address
- WHEN ASKED: 'Administrator password' enter a strong password (twice)
- CMD: cp /var/lib/samba/private/krb5.conf /etc/
- CMD: sudo systemctl disable --now smbd nmbd winbind systemd-resolved
- CMD: sudo systemctl unmask samba-ad-dc.service
- CMD: sudo systemctl enable --now samba-ad-dc.service
- CMD: sudo samba-tool domain level show
- CMD: sudo rm /etc/resolv.conf
- CMD: sudo nano /etc/resolv.conf
- EDIT: add the localhost name server as 'nameserver 127.0.0.1' and save
You can now add your PC to the domain (set your DNS to be your DC first).
You can also add user accounts using the 'samba-tool user create [name]'
You can also use the RSAT tools, from Microsoft, to administer your domain.
*** NOTE ***
This domain is Windows Server 2008R2 compatible.
Samba does not support anything greater than 2008R2 at the time of this writing.