Requirements:

  • Raspberry PI 2 or greater
  • Clean install of Raspbian on mSD card
  • Static IP address on your PI
  • Hostname configured on your PI to what you want your DC to be
  • Updated PI (via 'sudo apt-get install && sudo apt-get upgrade -y'


*** NOTE ***
In these steps I use the format CMD/WHEN ASKED/EDIT.
'CMD' is what you type in (copy/paste).
'WHEN ASKED' is your response to a question your system asks you.

'EDIT' is what you enter in the editor.

Steps to complete:

  1. CMD: sudo apt install samba krb5-config winbind smbclient -y
  2. WHEN ASKED: 'Default Kerberos version 5 realm" ANSWER: [YOUR DOMAIN NAME] (example.com or example.local)
  3. WHEN ASKED: 'Kerberos servers for..." ANSWER: your PC name @ your domain name (pdc.example.com or pdc.example.loca)
  4. WHEN ASKED: 'Administrative server..." ANSWER: your PC name @ your domain name (pdc.example.com or pdc.example.loca)
  5. CMD: sudo nano /etc/hosts 
  6. EDIT: add your IP FQDN NAME (1.1.1.1 system.domain.com system)
  7. CMD: cd /etc/samba
  8. CMD: sudo mv smb.conf smb.conf.install
  9. CMD: sudo samba-tool domain provision
  10. WHEN ASKED: 'Realm' hit enter (already setup with Kerberos)
  11. WHEN ASKED: 'Domain' hit enter (already setup with Kerberos)
  12. WHEN ASKED: 'Server Role' hit enter for 'dc'
  13. WHEN ASKED: 'DNS backend' hit enter for 'SAMBA_INTERNAL'
  14. WHEN ASKED: 'DNS forwarder IP address' enter your upstream provider or router address
  15. WHEN ASKED: 'Administrator password' enter a strong password (twice)
  16. CMD: cp /var/lib/samba/private/krb5.conf /etc/
  17. CMD: sudo systemctl disable --now smbd nmbd winbind systemd-resolved
  18. CMD: sudo systemctl unmask samba-ad-dc.service
  19. CMD: sudo systemctl enable --now samba-ad-dc.service
  20. CMD: sudo samba-tool domain level show
  21. CMD: sudo rm /etc/resolv.conf
  22. CMD: sudo nano /etc/resolv.conf
  23. EDIT: add the localhost name server as 'nameserver 127.0.0.1' and save



You can now add your PC to the domain (set your DNS to be your DC first).

You can also add user accounts using the 'samba-tool user create [name]'

You can also use the RSAT tools, from Microsoft, to administer your domain.


*** NOTE ***

This domain is Windows Server 2008R2 compatible.

Samba does not support anything greater than 2008R2 at the time of this writing.